studio/tuwunel
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Reorder auth match cases; add todo for AppserviceTokenOptional.

Browse Source 
Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk
2025-08-02 12:49:41 +00:00
parent 4b84e7c31a
commit 44b60050b3
1 changed files with 38 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
src/api/router/auth.rs
View File

@@ -95,40 +95,6 @@ pub(super) async fn auth(
} }
match (metadata.authentication, token) { match (metadata.authentication, token) {
| (AccessToken, Appservice(info)) => Ok(auth_appservice(services, request, info).await?),
| (AccessToken | AccessTokenOptional | AuthScheme::None, User(user)) => Ok(Auth {
sender_user: Some(user.0),
sender_device: Some(user.1),
_expires_at: user.2,
..Auth::default()
}),
| (AccessToken, Token::None) => match metadata {
| &get_turn_server_info::v3::Request::METADATA
if services.server.config.turn_allow_guests =>
Ok(Auth::default()),
| _ => Err!(Request(MissingToken("Missing access token."))),
},
| (AppserviceToken, User(_)) =>
Err!(Request(Unauthorized("Appservice tokens must be used on this endpoint."))),
| (ServerSignatures, Appservice(_) | User(_)) =>
Err!(Request(Unauthorized("Server signatures must be used on this endpoint."))),
| (ServerSignatures, Token::None) => Ok(auth_server(services, request, json_body).await?),
| (AuthScheme::None | AccessTokenOptional | AppserviceToken, Appservice(info)) =>
Ok(Auth {
appservice_info: Some(*info),
..Auth::default()
}),
| (AuthScheme::None | AccessTokenOptional | AppserviceToken, Token::None) =>
Ok(Auth::default()),
| (AuthScheme::None, Invalid) | (AuthScheme::None, Invalid)
if request.query.access_token.is_some() if request.query.access_token.is_some()
&& metadata == &get_openid_userinfo::v1::Request::METADATA => && metadata == &get_openid_userinfo::v1::Request::METADATA =>
@@ -139,6 +105,9 @@ pub(super) async fn auth(
Ok(Auth::default()) Ok(Auth::default())
}, },
| (_, Invalid) =>
Err(BadRequest(UnknownToken { soft_logout: false }, "Unknown access token.")),
| (_, Expired((user_id, device_id))) => { | (_, Expired((user_id, device_id))) => {
services services
.users .users
@@ -150,8 +119,41 @@ pub(super) async fn auth(
Err(BadRequest(UnknownToken { soft_logout: true }, "Expired access token.")) Err(BadRequest(UnknownToken { soft_logout: true }, "Expired access token."))
}, },
| (_, Invalid) => | (AppserviceToken, User(_)) =>
Err(BadRequest(UnknownToken { soft_logout: false }, "Unknown access token.")), Err!(Request(Unauthorized("Appservice tokens must be used on this endpoint."))),
| (ServerSignatures, Appservice(_) | User(_)) =>
Err!(Request(Unauthorized("Server signatures must be used on this endpoint."))),
| (ServerSignatures, Token::None) => Ok(auth_server(services, request, json_body).await?),
| (AccessToken, Appservice(info)) => Ok(auth_appservice(services, request, info).await?),
| (AccessToken, Token::None) => match metadata {
| &get_turn_server_info::v3::Request::METADATA
if services.server.config.turn_allow_guests =>
Ok(Auth::default()),
| _ => Err!(Request(MissingToken("Missing access token."))),
},
| (AccessToken | AccessTokenOptional | AuthScheme::None, User(user)) => Ok(Auth {
sender_user: Some(user.0),
sender_device: Some(user.1),
_expires_at: user.2,
..Auth::default()
}),
//TODO: add AppserviceTokenOptional
| (AccessTokenOptional | AppserviceToken | AuthScheme::None, Appservice(info)) =>
Ok(Auth {
appservice_info: Some(*info),
..Auth::default()
}),
//TODO: add AppserviceTokenOptional
| (AccessTokenOptional | AppserviceToken | AuthScheme::None, Token::None) =>
Ok(Auth::default()),
} }
} }