Added API token handling

+ Tokens can be added by the add_token command or via the CLI + Tokens are checked for authorization before a command is run + Added an error message field to the GeoffreyApiResponse + Made tokens strings instead of u64s + Tokens are randomly generated 64 char long alphanumeric strings + Clippy + Fmt
2021-10-31 11:00:07 -06:00 · 2021-10-31 11:00:07 -06:00 · 22ffe75422
parent b79db6029e
commit 22ffe75422
15 changed files with 225 additions and 41 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -311,6 +311,7 @@ dependencies = [
 "geoffrey_db",
 "geoffrey_models",
 "log",
 "rand 0.8.4",
 "serde 1.0.124",
 "serde_json",
 "simple_logger",
@ -863,9 +864,9 @@ dependencies = [
 [[package]]
 name = "rand"
-version = "0.8.3"
+version = "0.8.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ef9e7e66b4468674bfcb0c81af8b7fa0bb154fa9f28eb840da5c447baeb8d7e"
+checksum = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8"
 dependencies = [
 "libc",
 "rand_chacha 0.3.0",
@ -1184,7 +1185,7 @@ checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22"
 dependencies = [
 "cfg-if",
 "libc",
- "rand 0.8.3",
+ "rand 0.8.4",
 "redox_syscall",
 "remove_dir_all",
 "winapi",
@ -1359,7 +1360,7 @@ dependencies = [
 "httparse",
 "input_buffer",
 "log",
- "rand 0.8.3",
+ "rand 0.8.4",
 "sha-1",
 "url",
 "utf-8",
--- a/geoffrey_api/Cargo.toml
+++ b/geoffrey_api/Cargo.toml
@ -17,3 +17,4 @@ config = "0.11.0"
 structopt = "0.3.21"
 log = "0.4.14"
 simple_logger = "1.13.0"
 rand = "0.8.4"
--- a/geoffrey_api/src/commands/add_token.rs
+++ b/geoffrey_api/src/commands/add_token.rs
@ -0,0 +1,48 @@
 use crate::commands::{Command, RequestType};
 use crate::context::Context;
 use crate::Result;
 use geoffrey_models::models::parameters::add_token_params::AddTokenParams;
 use geoffrey_models::models::player::Player;
 use geoffrey_models::models::response::api_error::GeoffreyAPIError;
 use geoffrey_models::models::token::Token;
 use geoffrey_models::models::CommandLevel;
 use rand::distributions::Alphanumeric;
 use rand::Rng;
 use std::sync::Arc;
 pub struct AddToken {}
 impl Command for AddToken {
    type Req = AddTokenParams;
    type Resp = Token;
    fn command_name() -> String {
        "add_token".to_string()
    }
    fn request_type() -> RequestType {
        RequestType::POST
    }
    fn command_level() -> CommandLevel {
        CommandLevel::ADMIN
    }
    fn run_command(ctx: Arc<Context>, req: Self::Req, _: Option<Player>) -> Result<Self::Resp> {
        let mut token = Token::default();
        let secret: String = rand::thread_rng()
            .sample_iter(&Alphanumeric)
            .take(64)
            .map(char::from)
            .collect();
        token.secret = secret;
        for permission in req.permissions {
            token.set_permission(permission);
        }
        ctx.db.insert(token).map_err(GeoffreyAPIError::from)
    }
 }
--- a/geoffrey_api/src/commands/mod.rs
+++ b/geoffrey_api/src/commands/mod.rs
@ -2,12 +2,13 @@ use crate::commands::add_location::AddLocation;
 use crate::commands::find::FindCommand;
 use crate::commands::register::Register;
 use crate::context::Context;
-use crate::helper::get_player_from_req;
+use crate::helper::{get_player_from_req, get_token_from_req};
 use crate::Result;
 use geoffrey_models::models::parameters::CommandRequest;
 use geoffrey_models::models::player::Player;
 use geoffrey_models::models::response::api_error::GeoffreyAPIError;
 use geoffrey_models::models::response::APIResponse;
 use geoffrey_models::models::token::{Permissions, Token};
 use geoffrey_models::models::CommandLevel;
 use serde::de::DeserializeOwned;
 use serde::Serialize;
@ -17,6 +18,7 @@ use warp::filters::BoxedFilter;
 use warp::Filter;
 pub mod add_location;
 pub mod add_token;
 pub mod find;
 pub mod register;
@ -36,17 +38,29 @@ pub trait Command {
    fn command_level() -> CommandLevel;
    fn run_command(ctx: Arc<Context>, req: Self::Req, user: Option<Player>) -> Result<Self::Resp>;
-    fn user_is_authorized(user: &Option<Player>) -> Result<()> {
+    fn user_is_authorized(token: &Option<Token>, user: &Option<Player>) -> Result<()> {
-        if Self::command_level() == CommandLevel::ALL {
+        if let Some(token) = token {
-            Ok(())
+            if !match Self::command_level() {
-        } else if let Some(user) = user {
+                CommandLevel::MOD => token.check_permission(Permissions::ModCommand),
-            if user.auth_level >= Self::command_level() {
+                CommandLevel::ADMIN => token.check_permission(Permissions::Admin),
                _ => token.check_permission(Permissions::Command),
            } {
                return Err(GeoffreyAPIError::TokenNotAuthorized);
            }
            if Self::command_level() == CommandLevel::ALL {
                Ok(())
            } else if let Some(user) = user {
                if user.auth_level >= Self::command_level() {
                    Ok(())
                } else {
                    Err(GeoffreyAPIError::PermissionInsufficient)
                }
            } else {
-                Err(GeoffreyAPIError::PermissionInsufficient)
+                Err(GeoffreyAPIError::PlayerNotRegistered)
            }
        } else {
-            Err(GeoffreyAPIError::PlayerNotRegistered)
+            Err(GeoffreyAPIError::TokenNotAuthorized)
        }
    }
 }
@ -56,8 +70,9 @@ pub fn handle_command<T: Command>(ctx: Arc<Context>, req: T::Req) -> Result<T::R
    log::debug!("Request: {:?}", req);
    let user = get_player_from_req(&ctx.db, &req)?;
    let token = get_token_from_req(&ctx.db, &req)?;
-    match T::user_is_authorized(&user) {
+    match T::user_is_authorized(&token, &user) {
        Ok(_) => T::run_command(ctx, req, user),
        Err(e) => Err(e),
    }
@ -75,8 +90,9 @@ pub fn create_command_filter<T: Command>(ctx: Arc<Context>) -> BoxedFilter<(impl
                warp::reply::json(&APIResponse::Response::<T::Resp>(reply))
            } else {
                let e = reply.err().unwrap();
-                log::warn!("Got error when processing command: {:?}", e);
+                let msg = e.to_string();
-                warp::reply::json(&APIResponse::<T::Resp>::Error(e))
+                log::warn!("Got error when processing command '{:?}': {}", e, msg);
                warp::reply::json(&APIResponse::<T::Resp>::Error { error: e, msg })
            }
        });
--- a/geoffrey_api/src/helper/mod.rs
+++ b/geoffrey_api/src/helper/mod.rs
@ -2,6 +2,7 @@ use crate::Result;
 use geoffrey_db::database::Database;
 use geoffrey_models::models::parameters::CommandRequest;
 use geoffrey_models::models::player::Player;
 use geoffrey_models::models::token::Token;
 pub fn get_player_from_req<T: CommandRequest>(db: &Database, req: &T) -> Result<Option<Player>> {
    if let Some(user_id) = req.user_id() {
@ -12,3 +13,9 @@ pub fn get_player_from_req<T: CommandRequest>(db: &Database, req: &T) -> Result<
        Ok(None)
    }
 }
 pub fn get_token_from_req<T: CommandRequest>(db: &Database, req: &T) -> Result<Option<Token>> {
    Ok(db
        .filter(|_, token: &Token| token.secret == req.token())?
        .next())
 }
--- a/geoffrey_api/src/main.rs
+++ b/geoffrey_api/src/main.rs
@ -4,14 +4,19 @@ mod context;
 mod helper;
 mod logging;
-use crate::commands::command_filter;
+use crate::commands::add_token::AddToken;
 use crate::commands::{command_filter, Command};
 use crate::config::GeoffreyAPIConfig;
 use crate::context::Context;
 use crate::logging::{init_logging, LogLevel};
 use geoffrey_models::models::parameters::add_token_params::AddTokenParams;
 use geoffrey_models::models::response::api_error::GeoffreyAPIError;
 use geoffrey_models::models::token::Permissions;
 use std::convert::TryFrom;
 use std::net::SocketAddr;
 use std::path::PathBuf;
 use std::str::FromStr;
 use std::sync::Arc;
 use structopt::StructOpt;
 pub type Result<T> = std::result::Result<T, GeoffreyAPIError>;
@ -29,6 +34,54 @@ struct Args {
        default_value = "Info"
    )]
    log_level: LogLevel,
    #[structopt(subcommand)]
    command: GeoffreyApiCommand,
 }
 #[derive(Debug, PartialEq, StructOpt, Clone)]
 enum GeoffreyApiCommand {
    Run,
    CreateAdminToken(CreateTokenCommand),
 }
 #[derive(Debug, StructOpt, PartialEq, Clone)]
 struct CreateTokenCommand {
    #[structopt(parse(try_from_str = Permissions::try_from))]
    pub permissions: Vec<Permissions>,
 }
 async fn run_server(ctx: Arc<Context>) {
    let socket_addr = match SocketAddr::from_str(ctx.cfg.host.as_str()) {
        Ok(socket_addr) => socket_addr,
        Err(e) => {
            log::warn!("Error parsing {} as address: {}", ctx.cfg.host, e);
            return;
        }
    };
    let api = command_filter(ctx.clone());
    warp::serve(api).run(socket_addr).await;
 }
 fn create_token(ctx: Arc<Context>, perms: Vec<Permissions>) {
    match AddToken::run_command(
        ctx,
        AddTokenParams {
            token: "".to_string(),
            permissions: perms,
        },
        None,
    ) {
        Ok(token) => {
            // Don't log this to keep tokens out of the log
            println!("Added admin token with secret: {}", token.secret)
        }
        Err(e) => {
            log::warn!("Unable to create admin token: {}", e)
        }
    }
 }
 #[tokio::main]
@ -48,17 +101,10 @@ async fn main() {
        }
    };
    let socket_addr = match SocketAddr::from_str(cfg.host.as_str()) {
        Ok(socket_addr) => socket_addr,
        Err(e) => {
            log::warn!("Error parsing {} as address: {}", cfg.host, e);
            return;
        }
    };
    let ctx = Context::new(cfg).unwrap();
-    let api = command_filter(ctx.clone());
+    match args.command {
-
+        GeoffreyApiCommand::Run => run_server(ctx).await,
-    warp::serve(api).run(socket_addr).await;
+        GeoffreyApiCommand::CreateAdminToken(perms) => create_token(ctx, perms.permissions),
    };
 }
--- a/geoffrey_models/src/models/mod.rs
+++ b/geoffrey_models/src/models/mod.rs
@ -52,5 +52,6 @@ pub struct Tunnel {
 pub enum CommandLevel {
    ALL = 0,
    REGISTERED = 1,
-    ADMIN = 2,
+    MOD = 2,
    ADMIN = 3,
 }
--- a/geoffrey_models/src/models/parameters/add_location_params.rs
+++ b/geoffrey_models/src/models/parameters/add_location_params.rs
@ -6,8 +6,8 @@ use serde::{Deserialize, Serialize};
 #[derive(Debug, Serialize, Deserialize, Clone)]
 pub struct AddLocationParams {
-    token: u64,
+    pub token: String,
-    user_id: UserID,
+    pub user_id: UserID,
    pub name: String,
    pub position: Position,
    pub loc_type: LocationType,
@ -15,8 +15,8 @@ pub struct AddLocationParams {
 }
 impl CommandRequest for AddLocationParams {
-    fn token(&self) -> u64 {
+    fn token(&self) -> String {
-        self.token
+        self.token.clone()
    }
    fn user_id(&self) -> Option<UserID> {
--- a/geoffrey_models/src/models/parameters/add_token_params.rs
+++ b/geoffrey_models/src/models/parameters/add_token_params.rs
@ -0,0 +1,20 @@
 use crate::models::parameters::CommandRequest;
 use crate::models::player::UserID;
 use crate::models::token::Permissions;
 use serde::{Deserialize, Serialize};
 #[derive(Debug, Serialize, Deserialize, Clone)]
 pub struct AddTokenParams {
    pub token: String,
    pub permissions: Vec<Permissions>,
 }
 impl CommandRequest for AddTokenParams {
    fn token(&self) -> String {
        self.token.clone()
    }
    fn user_id(&self) -> Option<UserID> {
        None
    }
 }
--- a/geoffrey_models/src/models/parameters/find_params.rs
+++ b/geoffrey_models/src/models/parameters/find_params.rs
@ -3,12 +3,12 @@ use serde::{Deserialize, Serialize};
 #[derive(Debug, Serialize, Deserialize, Clone)]
 pub struct FindParams {
-    pub token: u64,
+    pub token: String,
    pub query: String,
 }
 impl CommandRequest for FindParams {
-    fn token(&self) -> u64 {
+    fn token(&self) -> String {
-        self.token
+        self.token.clone()
    }
 }
--- a/geoffrey_models/src/models/parameters/mod.rs
+++ b/geoffrey_models/src/models/parameters/mod.rs
@ -1,4 +1,5 @@
 pub mod add_location_params;
 pub mod add_token_params;
 pub mod find_params;
 pub mod register_params;
@ -10,7 +11,7 @@ use serde::Serialize;
 use std::fmt::Debug;
 pub trait CommandRequest: Serialize + DeserializeOwned + Debug + Clone + Send + 'static {
-    fn token(&self) -> u64;
+    fn token(&self) -> String;
    fn user_id(&self) -> Option<UserID> {
        None
    }
--- a/geoffrey_models/src/models/parameters/register_params.rs
+++ b/geoffrey_models/src/models/parameters/register_params.rs
@ -4,13 +4,13 @@ use serde::{Deserialize, Serialize};
 #[derive(Debug, Serialize, Deserialize, Clone)]
 pub struct RegisterParameters {
-    pub token: u64,
+    pub token: String,
    pub new_user_id: UserID,
    pub username: String,
 }
 impl CommandRequest for RegisterParameters {
-    fn token(&self) -> u64 {
+    fn token(&self) -> String {
-        self.token
+        self.token.clone()
    }
 }
--- a/geoffrey_models/src/models/response/api_error.rs
+++ b/geoffrey_models/src/models/response/api_error.rs
@ -1,10 +1,32 @@
 use serde::{Deserialize, Serialize};
 use std::fmt::{Display, Formatter};
-#[derive(Debug, Serialize, Deserialize)]
+#[derive(Debug, Serialize, Deserialize, Clone)]
 pub enum GeoffreyAPIError {
    PlayerNotRegistered,
    EntryNotFound,
    PermissionInsufficient,
    EntryNotUnique,
    DatabaseError(String),
    TokenNotAuthorized,
 }
 impl Display for GeoffreyAPIError {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        let string = match self {
            GeoffreyAPIError::PlayerNotRegistered => "Player has not been registered.".to_string(),
            GeoffreyAPIError::EntryNotFound => {
                "An entry that matches that query was not found.".to_string()
            }
            GeoffreyAPIError::PermissionInsufficient => {
                "Insufficient permission to preform that action".to_string()
            }
            GeoffreyAPIError::EntryNotUnique => "Entry not unique in the DB.".to_string(),
            GeoffreyAPIError::DatabaseError(e) => format!("Database Error: {}", e),
            GeoffreyAPIError::TokenNotAuthorized => {
                "Token supplied in request is not authorized".to_string()
            }
        };
        write!(f, "{}", string)
    }
 }
--- a/geoffrey_models/src/models/response/mod.rs
+++ b/geoffrey_models/src/models/response/mod.rs
@ -6,5 +6,8 @@ pub mod api_error;
 #[derive(Debug, Serialize, Deserialize)]
 pub enum APIResponse<T> {
    Response(T),
-    Error(GeoffreyAPIError),
+    Error {
        error: GeoffreyAPIError,
        msg: String,
    },
 }
--- a/geoffrey_models/src/models/token.rs
+++ b/geoffrey_models/src/models/token.rs
@ -1,7 +1,9 @@
 use crate::GeoffreyDatabaseModel;
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
 use std::convert::TryFrom;
 #[derive(Serialize, Deserialize, Debug, Clone, PartialOrd, PartialEq)]
 pub enum Permissions {
    ModelGet = 0,
    ModelPost,
@ -10,12 +12,27 @@ pub enum Permissions {
    Admin,
 }
 impl TryFrom<&str> for Permissions {
    type Error = String;
    fn try_from(s: &str) -> Result<Self, Self::Error> {
        Ok(match s {
            "ModelGet" => Self::ModelGet,
            "ModelPost" => Self::ModelPost,
            "Command" => Self::Command,
            "ModCommand" => Self::ModCommand,
            "Admin" => Self::Admin,
            _ => return Err(format!("Unable to parse '{}' as a permission", s)),
        })
    }
 }
 #[derive(Serialize, Deserialize, Debug, Clone)]
 pub struct Token {
    pub id: Option<u64>,
    permission: u64,
    pub created: DateTime<Utc>,
    pub modified: DateTime<Utc>,
    pub secret: String,
 }
 impl Token {
@ -43,6 +60,7 @@ impl Default for Token {
            permission: 0,
            created: Utc::now(),
            modified: Utc::now(),
            secret: String::new(),
        }
    }
 }