Skip to content

Commit 970b20a

Browse files
slinkydeveloperslinkydeveloper
authored
Add identity verification (#15)
1 parent 74ca5ad commit 970b20a

File tree

2 files changed

+23
-1
lines changed

2 files changed

+23
-1
lines changed

src/endpoint/mod.rs

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,9 @@ use ::futures::future::BoxFuture;
99
use ::futures::{Stream, StreamExt};
1010
use bytes::Bytes;
1111
pub use context::{ContextInternal, InputMetadata};
12-
use restate_sdk_shared_core::{CoreVM, Header, HeaderMap, ResponseHead, VMError, VM};
12+
use restate_sdk_shared_core::{
13+
CoreVM, Header, HeaderMap, IdentityVerifier, KeyError, ResponseHead, VMError, VerifyError, VM,
14+
};
1315
use std::collections::HashMap;
1416
use std::future::poll_fn;
1517
use std::pin::Pin;
@@ -88,6 +90,7 @@ impl Error {
8890
| ErrorInner::HandlerResult { .. } => 500,
8991
ErrorInner::BadDiscovery(_) => 415,
9092
ErrorInner::Header { .. } | ErrorInner::BadPath { .. } => 400,
93+
ErrorInner::IdentityVerification(_) => 401,
9194
}
9295
}
9396
}
@@ -100,6 +103,8 @@ enum ErrorInner {
100103
UnknownServiceHandler(String, String),
101104
#[error("Error when processing the request: {0:?}")]
102105
VM(#[from] VMError),
106+
#[error("Error when verifying identity: {0:?}")]
107+
IdentityVerification(#[from] VerifyError),
103108
#[error("Cannot convert header '{0}', reason: {1}")]
104109
Header(String, #[source] BoxError),
105110
#[error("Cannot reply to discovery, got accept header '{0}' but currently supported discovery is {DISCOVERY_CONTENT_TYPE}")]
@@ -165,6 +170,7 @@ impl Service for BoxedService {
165170
pub struct Builder {
166171
svcs: HashMap<String, BoxedService>,
167172
discovery: crate::discovery::Endpoint,
173+
identity_verifier: IdentityVerifier,
168174
}
169175

170176
impl Default for Builder {
@@ -177,6 +183,7 @@ impl Default for Builder {
177183
protocol_mode: Some(crate::discovery::ProtocolMode::BidiStream),
178184
services: vec![],
179185
},
186+
identity_verifier: Default::default(),
180187
}
181188
}
182189
}
@@ -204,10 +211,16 @@ impl Builder {
204211
self
205212
}
206213

214+
pub fn with_identity_key(mut self, key: &str) -> Result<Self, KeyError> {
215+
self.identity_verifier = self.identity_verifier.with_key(key)?;
216+
Ok(self)
217+
}
218+
207219
pub fn build(self) -> Endpoint {
208220
Endpoint(Arc::new(EndpointInner {
209221
svcs: self.svcs,
210222
discovery: self.discovery,
223+
identity_verifier: self.identity_verifier,
211224
}))
212225
}
213226
}
@@ -224,6 +237,7 @@ impl Endpoint {
224237
pub struct EndpointInner {
225238
svcs: HashMap<String, BoxedService>,
226239
discovery: crate::discovery::Endpoint,
240+
identity_verifier: IdentityVerifier,
227241
}
228242

229243
impl Endpoint {
@@ -232,6 +246,10 @@ impl Endpoint {
232246
H: HeaderMap,
233247
<H as HeaderMap>::Error: std::error::Error + Send + Sync + 'static,
234248
{
249+
if let Err(e) = self.0.identity_verifier.verify_identity(&headers, path) {
250+
return Err(ErrorInner::IdentityVerification(e).into());
251+
}
252+
235253
let parts: Vec<&str> = path.split('/').collect();
236254

237255
if parts.last() == Some(&"discover") {

test-services/src/main.rs

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,10 @@ async fn main() {
7777
))
7878
}
7979

80+
if let Ok(key) = env::var("E2E_REQUEST_SIGNING_ENV") {
81+
builder = builder.with_identity_key(&key).unwrap()
82+
}
83+
8084
HttpServer::new(builder.build())
8185
.listen_and_serve(format!("0.0.0.0:{port}").parse().unwrap())
8286
.await;

0 commit comments

Comments
 (0)