zed/crates/collab/src/auth.rs

// use super::{
//     db::{self, UserId},
//     errors::TideResultExt,
// };
// use crate::Request;
// use anyhow::{anyhow, Context};
// use rand::thread_rng;
// use rpc::auth as zed_auth;
// use scrypt::{
//     password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString},
//     Scrypt,
// };
// use std::convert::TryFrom;
// use surf::StatusCode;
// use tide::Error;

// pub async fn process_auth_header(request: &Request) -> tide::Result<UserId> {
//     let mut auth_header = request
//         .header("Authorization")
//         .ok_or_else(|| {
//             Error::new(
//                 StatusCode::BadRequest,
//                 anyhow!("missing authorization header"),
//             )
//         })?
//         .last()
//         .as_str()
//         .split_whitespace();
//     let user_id = UserId(auth_header.next().unwrap_or("").parse().map_err(|_| {
//         Error::new(
//             StatusCode::BadRequest,
//             anyhow!("missing user id in authorization header"),
//         )
//     })?);
//     let access_token = auth_header.next().ok_or_else(|| {
//         Error::new(
//             StatusCode::BadRequest,
//             anyhow!("missing access token in authorization header"),
//         )
//     })?;

//     let state = request.state().clone();
//     let mut credentials_valid = false;
//     for password_hash in state.db.get_access_token_hashes(user_id).await? {
//         if verify_access_token(&access_token, &password_hash)? {
//             credentials_valid = true;
//             break;
//         }
//     }

//     if !credentials_valid {
//         Err(Error::new(
//             StatusCode::Unauthorized,
//             anyhow!("invalid credentials"),
//         ))?;
//     }

//     Ok(user_id)
// }

// const MAX_ACCESS_TOKENS_TO_STORE: usize = 8;

// pub async fn create_access_token(db: &dyn db::Db, user_id: UserId) -> tide::Result<String> {
//     let access_token = zed_auth::random_token();
//     let access_token_hash =
//         hash_access_token(&access_token).context("failed to hash access token")?;
//     db.create_access_token_hash(user_id, &access_token_hash, MAX_ACCESS_TOKENS_TO_STORE)
//         .await?;
//     Ok(access_token)
// }

// fn hash_access_token(token: &str) -> tide::Result<String> {
//     // Avoid slow hashing in debug mode.
//     let params = if cfg!(debug_assertions) {
//         scrypt::Params::new(1, 1, 1).unwrap()
//     } else {
//         scrypt::Params::recommended()
//     };

//     Ok(Scrypt
//         .hash_password(
//             token.as_bytes(),
//             None,
//             params,
//             &SaltString::generate(thread_rng()),
//         )?
//         .to_string())
// }

// pub fn encrypt_access_token(access_token: &str, public_key: String) -> tide::Result<String> {
//     let native_app_public_key =
//         zed_auth::PublicKey::try_from(public_key).context("failed to parse app public key")?;
//     let encrypted_access_token = native_app_public_key
//         .encrypt_string(&access_token)
//         .context("failed to encrypt access token with public key")?;
//     Ok(encrypted_access_token)
// }

// pub fn verify_access_token(token: &str, hash: &str) -> tide::Result<bool> {
//     let hash = PasswordHash::new(hash)?;
//     Ok(Scrypt.verify_password(token.as_bytes(), &hash).is_ok())
// }
WIP: Get compiling with Tokio by commenting almost everything Co-Authored-By: Antonio Scandurra <me@as-cii.com> 2022-04-22 19:33:19 +00:00			`// use super::{`
			`// db::{self, UserId},`
			`// errors::TideResultExt,`
			`// };`
			`// use crate::Request;`
			`// use anyhow::{anyhow, Context};`
			`// use rand::thread_rng;`
			`// use rpc::auth as zed_auth;`
			`// use scrypt::{`
			`// password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString},`
			`// Scrypt,`
			`// };`
			`// use std::convert::TryFrom;`
			`// use surf::StatusCode;`
			`// use tide::Error;`
Include contents of the zed-server repo We're going full monorepo. Co-Authored-By: Max Brunsfeld <maxbrunsfeld@gmail.com> 2021-07-12 20:14:39 +00:00
WIP: Get compiling with Tokio by commenting almost everything Co-Authored-By: Antonio Scandurra <me@as-cii.com> 2022-04-22 19:33:19 +00:00			`// pub async fn process_auth_header(request: &Request) -> tide::Result<UserId> {`
			`// let mut auth_header = request`
			`// .header("Authorization")`
			`// .ok_or_else(\|\| {`
			`// Error::new(`
			`// StatusCode::BadRequest,`
			`// anyhow!("missing authorization header"),`
			`// )`
			`// })?`
			`// .last()`
			`// .as_str()`
			`// .split_whitespace();`
			`// let user_id = UserId(auth_header.next().unwrap_or("").parse().map_err(\|_\| {`
			`// Error::new(`
			`// StatusCode::BadRequest,`
			`// anyhow!("missing user id in authorization header"),`
			`// )`
			`// })?);`
			`// let access_token = auth_header.next().ok_or_else(\|\| {`
			`// Error::new(`
			`// StatusCode::BadRequest,`
			`// anyhow!("missing access token in authorization header"),`
			`// )`
			`// })?;`
Include contents of the zed-server repo We're going full monorepo. Co-Authored-By: Max Brunsfeld <maxbrunsfeld@gmail.com> 2021-07-12 20:14:39 +00:00
WIP: Get compiling with Tokio by commenting almost everything Co-Authored-By: Antonio Scandurra <me@as-cii.com> 2022-04-22 19:33:19 +00:00			`// let state = request.state().clone();`
			`// let mut credentials_valid = false;`
			`// for password_hash in state.db.get_access_token_hashes(user_id).await? {`
			`// if verify_access_token(&access_token, &password_hash)? {`
			`// credentials_valid = true;`
			`// break;`
			`// }`
			`// }`
Include contents of the zed-server repo We're going full monorepo. Co-Authored-By: Max Brunsfeld <maxbrunsfeld@gmail.com> 2021-07-12 20:14:39 +00:00
WIP: Get compiling with Tokio by commenting almost everything Co-Authored-By: Antonio Scandurra <me@as-cii.com> 2022-04-22 19:33:19 +00:00			`// if !credentials_valid {`
			`// Err(Error::new(`
			`// StatusCode::Unauthorized,`
			`// anyhow!("invalid credentials"),`
			`// ))?;`
			`// }`
Avoid verifying access tokens for out-of-date clients Replace the 'VerifyToken' middleware with a 'process_auth_header' function that we call in the '/rpc' handler after checking that the client's protocol version matches. 2021-09-23 22:32:23 +00:00
WIP: Get compiling with Tokio by commenting almost everything Co-Authored-By: Antonio Scandurra <me@as-cii.com> 2022-04-22 19:33:19 +00:00			`// Ok(user_id)`
			`// }`
Include contents of the zed-server repo We're going full monorepo. Co-Authored-By: Max Brunsfeld <maxbrunsfeld@gmail.com> 2021-07-12 20:14:39 +00:00
WIP: Get compiling with Tokio by commenting almost everything Co-Authored-By: Antonio Scandurra <me@as-cii.com> 2022-04-22 19:33:19 +00:00			`// const MAX_ACCESS_TOKENS_TO_STORE: usize = 8;`
Speed up login by avoiding unnecessary access token verification 2021-09-23 20:34:53 +00:00
WIP: Get compiling with Tokio by commenting almost everything Co-Authored-By: Antonio Scandurra <me@as-cii.com> 2022-04-22 19:33:19 +00:00			`// pub async fn create_access_token(db: &dyn db::Db, user_id: UserId) -> tide::Result<String> {`
			`// let access_token = zed_auth::random_token();`
			`// let access_token_hash =`
			`// hash_access_token(&access_token).context("failed to hash access token")?;`
			`// db.create_access_token_hash(user_id, &access_token_hash, MAX_ACCESS_TOKENS_TO_STORE)`
			`// .await?;`
			`// Ok(access_token)`
			`// }`
Include contents of the zed-server repo We're going full monorepo. Co-Authored-By: Max Brunsfeld <maxbrunsfeld@gmail.com> 2021-07-12 20:14:39 +00:00
WIP: Get compiling with Tokio by commenting almost everything Co-Authored-By: Antonio Scandurra <me@as-cii.com> 2022-04-22 19:33:19 +00:00			`// fn hash_access_token(token: &str) -> tide::Result<String> {`
			`// // Avoid slow hashing in debug mode.`
			`// let params = if cfg!(debug_assertions) {`
			`// scrypt::Params::new(1, 1, 1).unwrap()`
			`// } else {`
			`// scrypt::Params::recommended()`
			`// };`
Include contents of the zed-server repo We're going full monorepo. Co-Authored-By: Max Brunsfeld <maxbrunsfeld@gmail.com> 2021-07-12 20:14:39 +00:00
WIP: Get compiling with Tokio by commenting almost everything Co-Authored-By: Antonio Scandurra <me@as-cii.com> 2022-04-22 19:33:19 +00:00			`// Ok(Scrypt`
			`// .hash_password(`
			`// token.as_bytes(),`
			`// None,`
			`// params,`
			`// &SaltString::generate(thread_rng()),`
			`// )?`
			`// .to_string())`
			`// }`
Include contents of the zed-server repo We're going full monorepo. Co-Authored-By: Max Brunsfeld <maxbrunsfeld@gmail.com> 2021-07-12 20:14:39 +00:00
WIP: Get compiling with Tokio by commenting almost everything Co-Authored-By: Antonio Scandurra <me@as-cii.com> 2022-04-22 19:33:19 +00:00			`// pub fn encrypt_access_token(access_token: &str, public_key: String) -> tide::Result<String> {`
			`// let native_app_public_key =`
			`// zed_auth::PublicKey::try_from(public_key).context("failed to parse app public key")?;`
			`// let encrypted_access_token = native_app_public_key`
			`// .encrypt_string(&access_token)`
			`// .context("failed to encrypt access token with public key")?;`
			`// Ok(encrypted_access_token)`
			`// }`
Enable authentication via the NextJS site 2021-12-22 15:19:19 +00:00
WIP: Get compiling with Tokio by commenting almost everything Co-Authored-By: Antonio Scandurra <me@as-cii.com> 2022-04-22 19:33:19 +00:00			`// pub fn verify_access_token(token: &str, hash: &str) -> tide::Result<bool> {`
			`// let hash = PasswordHash::new(hash)?;`
			`// Ok(Scrypt.verify_password(token.as_bytes(), &hash).is_ok())`
			`// }`