diff options
Diffstat (limited to 'crates/auth/src/server/routes/authorised.rs')
| -rw-r--r-- | crates/auth/src/server/routes/authorised.rs | 95 |
1 files changed, 90 insertions, 5 deletions
diff --git a/crates/auth/src/server/routes/authorised.rs b/crates/auth/src/server/routes/authorised.rs index ddf048d..42bbde2 100644 --- a/crates/auth/src/server/routes/authorised.rs +++ b/crates/auth/src/server/routes/authorised.rs @@ -1,23 +1,108 @@ +use std::{str::FromStr, time::Duration}; + +use anyhow::Context; use axum::{ extract::{Query, State}, - response::IntoResponse, + http::HeaderMap, + response::{IntoResponse, Redirect}, }; use axum_extra::{TypedHeader, headers}; -use serde::Deserialize; +use oauth2::{AuthorizationCode, TokenResponse}; +use reqwest::header::SET_COOKIE; +use serde::{Deserialize, Serialize}; +use sqlx::types::uuid; +use tower_sessions::{ + SessionStore, + session::{Id, Record}, +}; -use crate::{error::AppError, server::routes::Provider, state::AppHandle}; +use crate::{ + error::AppError, + server::{ + OAUTH_CSRF_COOKIE, csrf_token_validation::csrf_token_validation_workflow, routes::Provider, + }, + state::AppHandle, +}; #[derive(Debug, Deserialize)] pub struct AuthRequest { provider: Provider, code: String, - state: String, + pub state: String, } +#[derive(Debug, Deserialize, Serialize)] +struct User { + id: String, + avatar: Option<String>, + username: String, + discriminator: String, +} + +/// The cookie to store the session id for user information. +const SESSION_COOKIE: &str = "info"; +const SESSION_DATA_KEY: &str = "data"; + async fn login_authorized( Query(query): Query<AuthRequest>, State(state): State<AppHandle>, TypedHeader(cookies): TypedHeader<headers::Cookie>, ) -> Result<impl IntoResponse, AppError> { - Ok("") + let oauth_session_id = Id::from_str( + cookies + .get(OAUTH_CSRF_COOKIE) + .context("missing session cookie")?, + ) + .unwrap(); + csrf_token_validation_workflow(&query, &state.session_store, oauth_session_id).await?; + + let client = state.http_client.clone(); + let store = state.session_store.clone(); + + // Get an auth token + let token = state + .discord_client + .exchange_code(AuthorizationCode::new(query.code.clone())) + .request_async(&client) + .await + .context("failed in sending request request to authorization server")?; + + let user_data: User = client + // https://discord.com/developers/docs/resources/user#get-current-user + .get("https://discordapp.com/api/users/@me") + .bearer_auth(token.access_token().secret()) + .send() + .await + .context("failed in sending request to target Url")? + .json::<User>() + .await + .context("failed to deserialize response as JSON")?; + + // Create a new session filled with user data + let session_id = Id(i128::from_le_bytes(uuid::Uuid::new_v4().to_bytes_le())); + store + .create(&mut Record { + id: session_id, + data: [( + SESSION_DATA_KEY.to_string(), + serde_json::to_value(user_data).unwrap(), + )] + .into(), + expiry_date: time::OffsetDateTime::now_utc() + + Duration::from_secs(state.local_config.oauth.session_lifespan), + }) + .await + .context("failed in inserting serialized value into session")?; + + // Store session and get corresponding cookie. + let cookie = format!("{SESSION_COOKIE}={session_id}; SameSite=Lax; HttpOnly; Secure; Path=/"); + + // Set cookie + let mut headers = HeaderMap::new(); + headers.insert( + SET_COOKIE, + cookie.parse().context("failed to parse cookie")?, + ); + + Ok((headers, Redirect::to("/"))) } |