Ling0925
/
buster
mirror of https://github.com/buster-so/buster.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

middleware cache env variables

This commit is contained in:
dal 2025-03-17 13:26:09 -06:00
parent 84e13dc58c
commit d6539e8078
No known key found for this signature in database
GPG Key ID: 16F4B0E1E9F61122
2 changed files with 9 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
api/libs/middleware/Cargo.toml
View File

@ -14,6 +14,7 @@ tracing = { workspace = true }
uuid = { workspace = true } uuid = { workspace = true }
diesel = { workspace = true } diesel = { workspace = true }
diesel-async = { workspace = true } diesel-async = { workspace = true }
lazy_static = { workspace = true }
# Auth-specific dependencies # Auth-specific dependencies
jsonwebtoken = { workspace = true } jsonwebtoken = { workspace = true }

21
api/libs/middleware/src/auth.rs
View File

@ -12,9 +12,15 @@ use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::{collections::HashMap, env}; use std::{collections::HashMap, env};
use uuid::Uuid; use uuid::Uuid;
use lazy_static::lazy_static;
use crate::types::{AuthenticatedUser, OrganizationMembership, TeamMembership}; use crate::types::{AuthenticatedUser, OrganizationMembership, TeamMembership};
lazy_static! {
static ref JWT_SECRET: String = env::var("JWT_SECRET").expect("JWT_SECRET is not set");
static ref WEBHOOK_TOKEN: String = env::var("BUSTER_WH_TOKEN").expect("BUSTER_WH_TOKEN is not set");
}
#[derive(Serialize, Deserialize, Debug, Clone)] #[derive(Serialize, Deserialize, Debug, Clone)]
pub struct JwtClaims { pub struct JwtClaims {
pub aud: String, pub aud: String,
@ -44,8 +50,6 @@ pub async fn auth(mut req: Request, next: Next) -> Result<Response, StatusCode>
} }
}; };
let buster_wh_token = env::var("BUSTER_WH_TOKEN").expect("BUSTER_WH_TOKEN is not set");
let bearer_token = req.headers().get("Authorization").and_then(|value| { let bearer_token = req.headers().get("Authorization").and_then(|value| {
value.to_str().ok().and_then(|v| { value.to_str().ok().and_then(|v| {
if v.starts_with("Bearer ") { if v.starts_with("Bearer ") {
@ -57,7 +61,7 @@ pub async fn auth(mut req: Request, next: Next) -> Result<Response, StatusCode>
}); });
if let Some(token) = bearer_token { if let Some(token) = bearer_token {
if token == buster_wh_token { if token == *WEBHOOK_TOKEN {
return Ok(next.run(req).await); return Ok(next.run(req).await);
} }
} }
@ -95,20 +99,11 @@ pub async fn auth(mut req: Request, next: Next) -> Result<Response, StatusCode>
} }
async fn authorize_current_user(token: &str) -> Result<Option<AuthenticatedUser>> { async fn authorize_current_user(token: &str) -> Result<Option<AuthenticatedUser>> {
let pg_pool = get_pg_pool();
let _conn = pg_pool.get().await.map_err(|e| {
tracing::error!("Pool connection error in auth: {:?}", e);
anyhow!("Database connection error in auth")
})?;
let key = env::var("JWT_SECRET").expect("JWT_SECRET is not set");
let mut validation = Validation::new(Algorithm::HS256); let mut validation = Validation::new(Algorithm::HS256);
validation.set_audience(&["authenticated", "api"]); validation.set_audience(&["authenticated", "api"]);
let token_data = let token_data =
match decode::<JwtClaims>(token, &DecodingKey::from_secret(key.as_ref()), &validation) { match decode::<JwtClaims>(token, &DecodingKey::from_secret(JWT_SECRET.as_ref()), &validation) {
Ok(jwt_claims) => jwt_claims.claims, Ok(jwt_claims) => jwt_claims.claims,
Err(e) => { Err(e) => {
return Err(anyhow!("Error while decoding the token: {}", e)); return Err(anyhow!("Error while decoding the token: {}", e));