diff options
| author |  Rutger Broekhoff | 2024-03-30 15:19:49 +0100 |
|---|---|---|
| committer | Rutger Broekhoff | 2024-03-30 15:19:49 +0100 |
| commit | 5e5cde1624b1b4ffd00efa73935c48e547a5a8d3 (patch) | |
| tree | 67bceba2d25cf3298cd83b2f4e876752684dd704 /common | |
| parent | f033c6889e0071b29e75c551586e8e5da1b556a3 (diff) | |
| download | gitolfs3-5e5cde1624b1b4ffd00efa73935c48e547a5a8d3.tar.gz gitolfs3-5e5cde1624b1b4ffd00efa73935c48e547a5a8d3.zip | |
Restructure authorization flow
Tried to write verify_claims such that the happy path is to the left as
much as possible.
Diffstat (limited to 'common')
| -rw-r--r-- | common/src/lib.rs | 102 |
1 files changed, 51 insertions, 51 deletions
diff --git a/common/src/lib.rs b/common/src/lib.rs index c26150d..917f566 100644 --- a/common/src/lib.rs +++ b/common/src/lib.rs | |||
| @@ -7,6 +7,27 @@ use std::{ | |||
| 7 | }; | 7 | }; |
| 8 | use subtle::ConstantTimeEq; | 8 | use subtle::ConstantTimeEq; |
| 9 | 9 | ||
| 10 | #[repr(u8)] | ||
| 11 | enum AuthType { | ||
| 12 | BatchApi = 1, | ||
| 13 | Download = 2, | ||
| 14 | } | ||
| 15 | |||
| 16 | #[derive(Debug, Copy, Clone)] | ||
| 17 | pub struct Claims<'a> { | ||
| 18 | pub specific_claims: SpecificClaims, | ||
| 19 | pub repo_path: &'a str, | ||
| 20 | pub expires_at: DateTime<Utc>, | ||
| 21 | } | ||
| 22 | |||
| 23 | #[derive(Debug, Copy, Clone)] | ||
| 24 | pub enum SpecificClaims { | ||
| 25 | BatchApi(Operation), | ||
| 26 | Download(Oid), | ||
| 27 | } | ||
| 28 | |||
| 29 | pub type Oid = Digest<32>; | ||
| 30 | |||
| 10 | #[derive(Debug, Eq, PartialEq, Copy, Clone, Serialize, Deserialize)] | 31 | #[derive(Debug, Eq, PartialEq, Copy, Clone, Serialize, Deserialize)] |
| 11 | #[repr(u8)] | 32 | #[repr(u8)] |
| 12 | pub enum Operation { | 33 | pub enum Operation { |
| @@ -16,6 +37,29 @@ pub enum Operation { | |||
| 16 | Upload = 2, | 37 | Upload = 2, |
| 17 | } | 38 | } |
| 18 | 39 | ||
| 40 | /// Returns None if the claims are invalid. Repo path length may be no more than 100 bytes. | ||
| 41 | pub fn generate_tag(claims: Claims, key: impl AsRef<[u8]>) -> Option<Digest<32>> { | ||
| 42 | if claims.repo_path.len() > 100 { | ||
| 43 | return None; | ||
| 44 | } | ||
| 45 | |||
| 46 | let mut hmac = hmac_sha256::HMAC::new(key); | ||
| 47 | match claims.specific_claims { | ||
| 48 | SpecificClaims::BatchApi(operation) => { | ||
| 49 | hmac.update([AuthType::BatchApi as u8]); | ||
| 50 | hmac.update([operation as u8]); | ||
| 51 | } | ||
| 52 | SpecificClaims::Download(oid) => { | ||
| 53 | hmac.update([AuthType::Download as u8]); | ||
| 54 | hmac.update(oid.as_bytes()); | ||
| 55 | } | ||
| 56 | } | ||
| 57 | hmac.update([claims.repo_path.len() as u8]); | ||
| 58 | hmac.update(claims.repo_path.as_bytes()); | ||
| 59 | hmac.update(claims.expires_at.timestamp().to_be_bytes()); | ||
| 60 | Some(hmac.finalize().into()) | ||
| 61 | } | ||
| 62 | |||
| 19 | #[derive(Debug, PartialEq, Eq, Copy, Clone)] | 63 | #[derive(Debug, PartialEq, Eq, Copy, Clone)] |
| 20 | pub struct ParseOperationError; | 64 | pub struct ParseOperationError; |
| 21 | 65 | ||
| @@ -37,12 +81,6 @@ impl FromStr for Operation { | |||
| 37 | } | 81 | } |
| 38 | } | 82 | } |
| 39 | 83 | ||
| 40 | #[repr(u8)] | ||
| 41 | enum AuthType { | ||
| 42 | BatchApi = 1, | ||
| 43 | Download = 2, | ||
| 44 | } | ||
| 45 | |||
| 46 | /// None means out of range. | 84 | /// None means out of range. |
| 47 | fn decode_nibble(c: u8) -> Option<u8> { | 85 | fn decode_nibble(c: u8) -> Option<u8> { |
| 48 | if c.is_ascii_digit() { | 86 | if c.is_ascii_digit() { |
| @@ -148,6 +186,13 @@ fn parse_hex_exact(value: &str, buf: &mut [u8]) -> Result<(), ParseHexError> { | |||
| 148 | Ok(()) | 186 | Ok(()) |
| 149 | } | 187 | } |
| 150 | 188 | ||
| 189 | pub type Key = SafeByteArray<64>; | ||
| 190 | |||
| 191 | pub fn load_key(path: &str) -> Result<Key, ReadHexError> { | ||
| 192 | let key_str = std::fs::read_to_string(path).map_err(ReadHexError::Io)?; | ||
| 193 | key_str.trim().parse().map_err(ReadHexError::Format) | ||
| 194 | } | ||
| 195 | |||
| 151 | pub struct SafeByteArray<const N: usize> { | 196 | pub struct SafeByteArray<const N: usize> { |
| 152 | inner: [u8; N], | 197 | inner: [u8; N], |
| 153 | } | 198 | } |
| @@ -192,44 +237,6 @@ impl<const N: usize> FromStr for SafeByteArray<N> { | |||
| 192 | } | 237 | } |
| 193 | } | 238 | } |
| 194 | 239 | ||
| 195 | pub type Oid = Digest<32>; | ||
| 196 | |||
| 197 | #[derive(Debug, Copy, Clone)] | ||
| 198 | pub enum SpecificClaims { | ||
| 199 | BatchApi(Operation), | ||
| 200 | Download(Oid), | ||
| 201 | } | ||
| 202 | |||
| 203 | #[derive(Debug, Copy, Clone)] | ||
| 204 | pub struct Claims<'a> { | ||
| 205 | pub specific_claims: SpecificClaims, | ||
| 206 | pub repo_path: &'a str, | ||
| 207 | pub expires_at: DateTime<Utc>, | ||
| 208 | } | ||
| 209 | |||
| 210 | /// Returns None if the claims are invalid. Repo path length may be no more than 100 bytes. | ||
| 211 | pub fn generate_tag(claims: Claims, key: impl AsRef<[u8]>) -> Option<Digest<32>> { | ||
| 212 | if claims.repo_path.len() > 100 { | ||
| 213 | return None; | ||
| 214 | } | ||
| 215 | |||
| 216 | let mut hmac = hmac_sha256::HMAC::new(key); | ||
| 217 | match claims.specific_claims { | ||
| 218 | SpecificClaims::BatchApi(operation) => { | ||
| 219 | hmac.update([AuthType::BatchApi as u8]); | ||
| 220 | hmac.update([operation as u8]); | ||
| 221 | } | ||
| 222 | SpecificClaims::Download(oid) => { | ||
| 223 | hmac.update([AuthType::Download as u8]); | ||
| 224 | hmac.update(oid.as_bytes()); | ||
| 225 | } | ||
| 226 | } | ||
| 227 | hmac.update([claims.repo_path.len() as u8]); | ||
| 228 | hmac.update(claims.repo_path.as_bytes()); | ||
| 229 | hmac.update(claims.expires_at.timestamp().to_be_bytes()); | ||
| 230 | Some(hmac.finalize().into()) | ||
| 231 | } | ||
| 232 | |||
| 233 | pub struct HexFmt<B: AsRef<[u8]>>(pub B); | 240 | pub struct HexFmt<B: AsRef<[u8]>>(pub B); |
| 234 | 241 | ||
| 235 | impl<B: AsRef<[u8]>> fmt::Display for HexFmt<B> { | 242 | impl<B: AsRef<[u8]>> fmt::Display for HexFmt<B> { |
| @@ -339,10 +346,3 @@ impl<const N: usize> Serialize for Digest<N> { | |||
| 339 | serializer.serialize_str(&format!("{self}")) | 346 | serializer.serialize_str(&format!("{self}")) |
| 340 | } | 347 | } |
| 341 | } | 348 | } |
| 342 | |||
| 343 | pub type Key = SafeByteArray<64>; | ||
| 344 | |||
| 345 | pub fn load_key(path: &str) -> Result<Key, ReadHexError> { | ||
| 346 | let key_str = std::fs::read_to_string(path).map_err(ReadHexError::Io)?; | ||
| 347 | key_str.trim().parse().map_err(ReadHexError::Format) | ||
| 348 | } | ||