libresignin/src/handlers/extauthz.rs

//
/*! libresignin
*/
// Copyright 2022, Jesús Pérez Lorenzo
//
use axum::{
//	response::Html,
//	routing::get,
//	routing::post,
//	Router,
	// extract::{self,Extension,Path,Query},
//	extract::{Extension,Path},
	http::{
		header::{HeaderMap,HeaderName,HeaderValue},
		// Request, StatusCode,
	},
  // body::{Bytes, Body},
	response::{IntoResponse, Headers},
};

// use crate::defs::{DataDBs}; 
// use crate::utils::reqenv::ReqEnv;

const CHECK_HEADER: &'static str = "x-ext-authz";
const	ALLOWED_VALUE: &'static str  = "allow";
const	RESULT_HEADER: &'static str = "x-ext-authz-check-result";
const	RECEIVED_HEADER: &'static str = "x-ext-authz-check-received";
const	OVERRIDE_HEADER: &'static str = "x-ext-authz-additional-header-override";
// const	OVERRIDE_GRPC_VALUE: &'static str = "grpc-additional-header-override-value";
const	RESULT_ALLOWED: &'static str = "allowed"; 
const	RESULT_DENIED: &'static str = "denied";

// pub fn create_headers(is_allowed: bool, str_head: &str, id: &str,token: &str,csrf_token: &str, cookie: &str) -> HeaderMap {
// 	let mut headers = HeaderMap::new();
// 	if is_allowed {
// 		headers.insert(RESULT_HEADER,
// 	    HeaderValue::from_str(RESULT_ALLOWED).unwrap_or(HeaderValue::from_static(""))
// 	  );
// 	} else {
// 		headers.insert(RESULT_HEADER,
// 	    HeaderValue::from_str(RESULT_DENIED).unwrap_or(HeaderValue::from_static(""))
// 	  );
// 	}
// 	headers.insert(OVERRIDE_HEADER,
// 	  HeaderValue::from_str(OVERRIDE_HEADER).unwrap_or(HeaderValue::from_static(""))
// 	);
// 	headers.insert(RECEIVED_HEADER,
// 	  HeaderValue::from_str(str_head).unwrap_or(HeaderValue::from_static(""))
// 	);
  // headers.insert(CONTENT_TYPE, HeaderValue::from_static("application/json"));
  // headers.insert(ACCEPT, HeaderValue::from_static("application/json"));
	// if cookie != "" {
  //   headers.insert(COOKIE, HeaderValue::from_str(cookie)
	// 		.unwrap_or(HeaderValue::from_static(""))
	// 	);
  //   // headers.insert(SET_COOKIE, HeaderValue::from_str(cookie)
	// 	// 	.unwrap_or(HeaderValue::from_static(""))
	// 	// );
	// }
	// if token != "" {
	// 	headers.insert(AUTHORIZATION, HeaderValue::from_str(&format!("Bearer {}",token))
	// 		.unwrap_or(HeaderValue::from_static(""))
	// 	);
	// }
	// if csrf_token != "" {
  //   headers.insert("X-CSRF-Token", 
	//     HeaderValue::from_str(csrf_token).unwrap_or(HeaderValue::from_static(""))
	//   );
	// }
	// if id != "" {
  //   headers.insert("x-kratos-authenticated-identity-id", 
	//     HeaderValue::from_str(id).unwrap_or(HeaderValue::from_static(""))
	//   );
	// }
	// dbg!("{:#?}",&headers);
	// dbg!("{:#?}",&headers);
// 	headers
// }
// pub async fn authz_handler(header: HeaderMap, req: Request<()> ) -> impl IntoResponse {
pub async fn authz_handler(header: HeaderMap) -> impl IntoResponse {
	dbg!("{:#?}",&header);
	let result: &str;
	if let Some(check) = &header.get(CHECK_HEADER) {
	  match check.to_str() {
			Ok(check_val) => 
				if ALLOWED_VALUE == check_val {
					result = RESULT_ALLOWED;
				} else {
					result = RESULT_DENIED;
				},
	    Err(_) => result = RESULT_DENIED,
		}
	} else {
		result = RESULT_DENIED;
	}
	//let headers = create_headers("",token,csrf_token,cookie);
	// body, err := io.ReadAll(request.Body)
	// if err != nil {
	// 	log.Printf("[HTTP] read body failed: %v", err)
	// }
	// format!("%s %s%s, headers: %v, body: [%s]\n", request.Method, request.Host, request.URL, request.Header, body);
	let str_head = format!("head");
	// let headers = create_headers(is_allowed,&str_head,"","","","");
	let res_headers: Vec<(HeaderName, HeaderValue)> = vec![
		(HeaderName::from_static(RESULT_HEADER), HeaderValue::from_static(result)),
		(HeaderName::from_static(OVERRIDE_HEADER), HeaderValue::from_static(OVERRIDE_HEADER)),
		(HeaderName::from_static(RECEIVED_HEADER), HeaderValue::from_str(&str_head).unwrap_or(HeaderValue::from_static(""))),
	];
	// if is_allowed {
	// 	response.WriteHeader(StatusCode::OK)
	// } else {
	// 	response.WriteHeader(http.StatusForbidden)
	// 	response.Write([]byte(denyBody))
	// }
	dbg!("{:#?}",&res_headers);
  Headers(res_headers)
	// let html = format!(
	// 	r#"
	//     <div>Done: {} </div>
	// 	"#,RESULT_ALLOWED);
	// Html(html)
}
// pub async fn alive_handler() -> Html<&'static str> {
//     Html("ok")
// }
// pub async fn ready_handler() -> Html<&'static str> {
//     Html("ok")
// }
// pub fn router_handlers(web_router: Router) -> Router {
// 	web_router
//   .route("/authz", get(authz_handler))
// }
chore: signin authz routes from config 2022-03-05 15:01:30 +00:00			`//`
			`/*! libresignin`
			`*/`
			`// Copyright 2022, Jesús Pérez Lorenzo`
			`//`
			`use axum::{`
			`// response::Html,`
			`// routing::get,`
			`// routing::post,`
			`// Router,`
			`// extract::{self,Extension,Path,Query},`
			`// extract::{Extension,Path},`
			`http::{`
			`header::{HeaderMap,HeaderName,HeaderValue},`
			`// Request, StatusCode,`
			`},`
			`// body::{Bytes, Body},`
			`response::{IntoResponse, Headers},`
			`};`

			`// use crate::defs::{DataDBs};`
			`// use crate::utils::reqenv::ReqEnv;`

			`const CHECK_HEADER: &'static str = "x-ext-authz";`
			`const ALLOWED_VALUE: &'static str = "allow";`
			`const RESULT_HEADER: &'static str = "x-ext-authz-check-result";`
			`const RECEIVED_HEADER: &'static str = "x-ext-authz-check-received";`
			`const OVERRIDE_HEADER: &'static str = "x-ext-authz-additional-header-override";`
			`// const OVERRIDE_GRPC_VALUE: &'static str = "grpc-additional-header-override-value";`
			`const RESULT_ALLOWED: &'static str = "allowed";`
			`const RESULT_DENIED: &'static str = "denied";`

			`// pub fn create_headers(is_allowed: bool, str_head: &str, id: &str,token: &str,csrf_token: &str, cookie: &str) -> HeaderMap {`
			`// let mut headers = HeaderMap::new();`
			`// if is_allowed {`
			`// headers.insert(RESULT_HEADER,`
			`// HeaderValue::from_str(RESULT_ALLOWED).unwrap_or(HeaderValue::from_static(""))`
			`// );`
			`// } else {`
			`// headers.insert(RESULT_HEADER,`
			`// HeaderValue::from_str(RESULT_DENIED).unwrap_or(HeaderValue::from_static(""))`
			`// );`
			`// }`
			`// headers.insert(OVERRIDE_HEADER,`
			`// HeaderValue::from_str(OVERRIDE_HEADER).unwrap_or(HeaderValue::from_static(""))`
			`// );`
			`// headers.insert(RECEIVED_HEADER,`
			`// HeaderValue::from_str(str_head).unwrap_or(HeaderValue::from_static(""))`
			`// );`
			`// headers.insert(CONTENT_TYPE, HeaderValue::from_static("application/json"));`
			`// headers.insert(ACCEPT, HeaderValue::from_static("application/json"));`
			`// if cookie != "" {`
			`// headers.insert(COOKIE, HeaderValue::from_str(cookie)`
			`// .unwrap_or(HeaderValue::from_static(""))`
			`// );`
			`// // headers.insert(SET_COOKIE, HeaderValue::from_str(cookie)`
			`// // .unwrap_or(HeaderValue::from_static(""))`
			`// // );`
			`// }`
			`// if token != "" {`
			`// headers.insert(AUTHORIZATION, HeaderValue::from_str(&format!("Bearer {}",token))`
			`// .unwrap_or(HeaderValue::from_static(""))`
			`// );`
			`// }`
			`// if csrf_token != "" {`
			`// headers.insert("X-CSRF-Token",`
			`// HeaderValue::from_str(csrf_token).unwrap_or(HeaderValue::from_static(""))`
			`// );`
			`// }`
			`// if id != "" {`
			`// headers.insert("x-kratos-authenticated-identity-id",`
			`// HeaderValue::from_str(id).unwrap_or(HeaderValue::from_static(""))`
			`// );`
			`// }`
			`// dbg!("{:#?}",&headers);`
			`// dbg!("{:#?}",&headers);`
			`// headers`
			`// }`
			`// pub async fn authz_handler(header: HeaderMap, req: Request<()> ) -> impl IntoResponse {`
			`pub async fn authz_handler(header: HeaderMap) -> impl IntoResponse {`
			`dbg!("{:#?}",&header);`
			`let result: &str;`
			`if let Some(check) = &header.get(CHECK_HEADER) {`
			`match check.to_str() {`
			`Ok(check_val) =>`
			`if ALLOWED_VALUE == check_val {`
			`result = RESULT_ALLOWED;`
			`} else {`
			`result = RESULT_DENIED;`
			`},`
			`Err(_) => result = RESULT_DENIED,`
			`}`
			`} else {`
			`result = RESULT_DENIED;`
			`}`
			`//let headers = create_headers("",token,csrf_token,cookie);`
			`// body, err := io.ReadAll(request.Body)`
			`// if err != nil {`
			`// log.Printf("[HTTP] read body failed: %v", err)`
			`// }`
			`// format!("%s %s%s, headers: %v, body: [%s]\n", request.Method, request.Host, request.URL, request.Header, body);`
			`let str_head = format!("head");`
			`// let headers = create_headers(is_allowed,&str_head,"","","","");`
			`let res_headers: Vec<(HeaderName, HeaderValue)> = vec![`
			`(HeaderName::from_static(RESULT_HEADER), HeaderValue::from_static(result)),`
			`(HeaderName::from_static(OVERRIDE_HEADER), HeaderValue::from_static(OVERRIDE_HEADER)),`
			`(HeaderName::from_static(RECEIVED_HEADER), HeaderValue::from_str(&str_head).unwrap_or(HeaderValue::from_static(""))),`
			`];`
			`// if is_allowed {`
			`// response.WriteHeader(StatusCode::OK)`
			`// } else {`
			`// response.WriteHeader(http.StatusForbidden)`
			`// response.Write([]byte(denyBody))`
			`// }`
			`dbg!("{:#?}",&res_headers);`
			`Headers(res_headers)`
			`// let html = format!(`
			`// r#"`
			`// <div>Done: {} </div>`
			`// "#,RESULT_ALLOWED);`
			`// Html(html)`
			`}`
			`// pub async fn alive_handler() -> Html<&'static str> {`
			`// Html("ok")`
			`// }`
			`// pub async fn ready_handler() -> Html<&'static str> {`
			`// Html("ok")`
			`// }`
			`// pub fn router_handlers(web_router: Router) -> Router {`
			`// web_router`
			`// .route("/authz", get(authz_handler))`
			`// }`