feat: add reverse proxy capability

cerberauth · Mar 28, 2024 · a03c058 · a03c058
1 parent 63c6165
commit a03c058
Show file tree

Hide file tree

Showing 15 changed files with 318 additions and 216 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/baffao-core/Cargo.toml b/baffao-core/Cargo.toml
@@ -7,12 +7,13 @@ edition = "2021"
 
 [dependencies]
 anyhow = "1.0.80"
-axum-extra = { version = "0.9.2", features = ["cookie-private"] }
+axum-extra = { version = "0.9.2", features = ["cookie"] }
 base64 = "0.22.0"
 chrono = "0.4.35"
 config = "0.14.0"
 cookie = "0.18.0"
 hex = "0.4.3"
+http = "1.1.0"
 jsonwebtoken = "9.2.0"
 oauth2 = "4.4.2"
 reqwest = "0.11.24"

diff --git a/baffao-core/src/handlers/authorize.rs b/baffao-core/src/handlers/authorize.rs
@@ -2,48 +2,22 @@ use axum_extra::extract::CookieJar;
 use reqwest::StatusCode;
 use serde::Deserialize;
 
-use crate::{
-    cookies::new_cookie,
-    oauth::OAuthClient,
-    settings::{CookiesConfig, ServerConfig},
-};
+use crate::oauth::OAuthHttpHandler;
 
 #[derive(Deserialize)]
 pub struct AuthorizationQuery {
     pub scope: Option<String>,
 }
 
 pub fn oauth2_authorize(
-    client: OAuthClient,
-    config: ServerConfig,
+    handler: OAuthHttpHandler,
     jar: CookieJar,
     query: Option<AuthorizationQuery>,
 ) -> (CookieJar, StatusCode, String) {
-    let ServerConfig {
-        cookies:
-            CookiesConfig {
-                oauth_csrf: oauth_csrf_cookie,
-                oauth_pkce: oauth_pkce_cookie,
-                ..
-            },
-        ..
-    } = config;
-
     let scope = query
         .and_then(|q| q.scope)
         .map(|scope| scope.split(' ').map(String::from).collect());
-    let (url, csrf_token, pkce_code_verifier) = client.build_authorization_endpoint(scope);
+    let (updated_jar, url) = handler.authorize(jar, scope);
 
-    (
-        jar.add(new_cookie(
-            oauth_csrf_cookie,
-            csrf_token.secret().to_string(),
-        ))
-        .add(new_cookie(
-            oauth_pkce_cookie,
-            pkce_code_verifier.secret().to_string(),
-        )),
-        StatusCode::TEMPORARY_REDIRECT,
-        url.to_string(),
-    )
+    (updated_jar, StatusCode::TEMPORARY_REDIRECT, url.to_string())
 }
diff --git a/baffao-core/src/handlers/callback.rs b/baffao-core/src/handlers/callback.rs
@@ -1,14 +1,10 @@
 use axum_extra::extract::cookie::{Cookie, CookieJar};
-use chrono::{Duration, Utc};
-use oauth2::TokenResponse;
 use reqwest::StatusCode;
 use serde::Deserialize;
 
 use crate::{
-    cookies::new_cookie,
     error::build_error_redirect_url,
-    oauth::OAuthClient,
-    session::{update_session, Session},
+    oauth::OAuthHttpHandler,
     settings::{CookiesConfig, ServerConfig},
 };
 
@@ -19,7 +15,7 @@ pub struct AuthorizationCallbackQuery {
 }
 
 pub async fn oauth2_callback(
-    client: OAuthClient,
+    handler: OAuthHttpHandler,
     config: ServerConfig,
     jar: CookieJar,
     query: AuthorizationCallbackQuery,
@@ -30,9 +26,6 @@ pub async fn oauth2_callback(
             CookiesConfig {
                 oauth_csrf: oauth_csrf_cookie,
                 oauth_pkce: oauth_pkce_cookie,
-                access_token: access_token_cookie,
-                refresh_token: refresh_token_cookie,
-                session: session_cookie,
                 ..
             },
         ..
@@ -78,8 +71,8 @@ pub async fn oauth2_callback(
         .remove(Cookie::from(oauth_csrf_cookie.name))
         .remove(Cookie::from(oauth_pkce_cookie.name));
 
-    let token_result = match client
-        .exchange_code(query.code, pkce_verifier.unwrap())
+    updated_jar = match handler
+        .exchange_code(updated_jar.to_owned(), query.code, pkce_verifier.unwrap())
         .await
     {
         Ok(response) => response,
@@ -92,26 +85,5 @@ pub async fn oauth2_callback(
         }
     };
 
-    updated_jar = updated_jar.add(new_cookie(
-        access_token_cookie,
-        token_result.access_token().secret().to_string(),
-    ));
-    updated_jar = if token_result.refresh_token().is_some() {
-        updated_jar.add(new_cookie(
-            refresh_token_cookie,
-            token_result.refresh_token().unwrap().secret().to_string(),
-        ))
-    } else {
-        updated_jar.remove(Cookie::from(refresh_token_cookie.name))
-    };
-
-    let now = Utc::now();
-    let expires_in = token_result.expires_in().map(|duration| {
-        now.checked_add_signed(Duration::from_std(duration).unwrap())
-            .unwrap()
-    });
-    let session = Session::new(None, Some(now), expires_in);
-    updated_jar = update_session(updated_jar, session_cookie, Some(session));
-
     (updated_jar, StatusCode::TEMPORARY_REDIRECT, "/".to_string())
 }
diff --git a/baffao-core/src/handlers/mod.rs b/baffao-core/src/handlers/mod.rs
@@ -1,7 +1,9 @@
 pub use authorize::{oauth2_authorize, AuthorizationQuery};
 pub use callback::{oauth2_callback, AuthorizationCallbackQuery};
 pub use get_session::get_session_from_cookie;
+pub use proxy::proxy;
 
 mod authorize;
 mod callback;
 mod get_session;
+mod proxy;