summaryrefslogtreecommitdiff
path: root/server/src/main.rs
diff options
context:
space:
mode:
authorKjetil Orbekk <kj@orbekk.com>2022-10-07 07:30:20 -0400
committerKjetil Orbekk <kj@orbekk.com>2022-10-07 07:30:20 -0400
commit1d32d2666146bc60f9ebed56f094fbe4cb86edaa (patch)
treed80471d51128e571139d25a41e9cbd626f87c919 /server/src/main.rs
parent438594bb2a1838db7d05ae9fdd37adc3ec2ac492 (diff)
Move rocket based server out of the way
Diffstat (limited to 'server/src/main.rs')
-rw-r--r--server/src/main.rs168
1 files changed, 0 insertions, 168 deletions
diff --git a/server/src/main.rs b/server/src/main.rs
deleted file mode 100644
index 411ea47..0000000
--- a/server/src/main.rs
+++ /dev/null
@@ -1,168 +0,0 @@
-#[macro_use]
-extern crate rocket;
-
-use chrono::{DateTime, Utc};
-use rocket::fs::FileServer;
-use rocket::http::uri::Reference;
-use rocket::http::{Cookie, CookieJar, Status};
-use rocket::outcome::Outcome;
-use rocket::request::{self, FromRequest};
-use rocket::response::{Redirect, content};
-use rocket::Request;
-use serde::{Deserialize, Serialize};
-use std::result::Result;
-use rocket::serde::json::Json;
-
-use openidconnect::core::{
- CoreAuthenticationFlow, CoreClient, CoreProviderMetadata, CoreResponseType, CoreUserInfoClaims,
-};
-use openidconnect::reqwest::async_http_client;
-use openidconnect::url::Url;
-use openidconnect::{
- AccessTokenHash, AuthenticationFlow, AuthorizationCode, ClientId, ClientSecret, CsrfToken,
- IssuerUrl, Nonce, OAuth2TokenResponse, PkceCodeChallenge, RedirectUrl, Scope, TokenResponse,
-};
-
-const USER_COOKIE: &'static str = "user";
-
-#[derive(Serialize, Deserialize)]
-struct UserCookie {
- access_token: openidconnect::AccessToken,
- expiration: DateTime<Utc>,
- refresh_token: openidconnect::RefreshToken,
-}
-
-struct User {}
-
-impl User {
- async fn from_request_helper(req: &Request<'_>) -> Result<User, anyhow::Error> {
- let cookie = req
- .cookies()
- .get_private(USER_COOKIE)
- .ok_or(anyhow::anyhow!("no cookie"))?;
- let user_cookie: UserCookie = serde_json::from_str(cookie.value())?;
- let client = keycloak_client().await;
-
- let token = client
- .exchange_refresh_token(&user_cookie.refresh_token)
- .request_async(async_http_client)
- .await?;
- let user_info: CoreUserInfoClaims = client
- .user_info(token.access_token().clone(), None)?
- .request_async(async_http_client)
- .await?;
- log::info!("Got user_info: {:?}", user_info);
- Ok(User {})
- }
-}
-
-#[rocket::async_trait]
-impl<'r> FromRequest<'r> for User {
- type Error = anyhow::Error;
-
- async fn from_request(req: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
- match User::from_request_helper(req).await {
- Ok(user) => Outcome::Success(User {}),
- Err(error) => Outcome::Failure((Status::Forbidden, error)),
- }
- }
-}
-
-#[get("/")]
-fn index(user: Option<User>) -> String {
- match user {
- None => "Not logged in".to_string(),
- Some(user) => "Logged in".to_string(),
- }
-}
-
-#[get("/test")]
-fn test() -> Json<String> {
- Json(String::from("test"))
-}
-
-async fn keycloak_client() -> CoreClient {
- // // Use OpenID Connect Discovery to fetch the provider metadata.
- let provider_metadata = CoreProviderMetadata::discover_async(
- IssuerUrl::new("https://auth.orbekk.com/realms/test".to_string()).unwrap(),
- async_http_client,
- )
- .await
- .unwrap();
-
- let client = CoreClient::from_provider_metadata(
- provider_metadata,
- ClientId::new("test-client".to_string()),
- Some(ClientSecret::new(
- "EbIMIpGnYPrG1GBl6eZtVM5zIhiuu5p1".to_string(),
- )),
- )
- // Set the URL the user will be redirected to after the authorization process.
- .set_redirect_uri(
- RedirectUrl::new("https://bridge.orbekk.com/keycloak-callback".to_string()).unwrap(),
- );
-
- client
-}
-
-#[get("/login")]
-async fn login() -> Redirect {
- let (auth_url, csrf_token, nonce) = keycloak_client()
- .await
- .authorize_url(
- AuthenticationFlow::<CoreResponseType>::AuthorizationCode,
- CsrfToken::new_random,
- Nonce::new_random,
- )
- .add_scope(Scope::new("email".to_string()))
- .add_scope(Scope::new("profile".to_string()))
- .url();
-
- log::info!("{:?}", auth_url);
- Redirect::to(Reference::parse_owned(auth_url.into()).unwrap())
-}
-
-#[get("/keycloak-callback?<code>&<state>")]
-async fn keycloak_callback(jar: &CookieJar<'_>, code: &str, state: &str) -> Redirect {
- // TODO: Validate state
- let request_time = Utc::now();
- let token = keycloak_client()
- .await
- .exchange_code(AuthorizationCode::new(code.to_string()))
- .request_async(async_http_client)
- .await
- .unwrap();
-
- log::info!("token: {:?}", token);
- log::info!("access token {:?}", token.access_token().secret());
- log::info!(
- "refresh token {:?}",
- token.refresh_token().unwrap().secret()
- );
- let expiration =
- request_time + chrono::Duration::from_std(token.expires_in().unwrap()).unwrap();
- jar.add_private(Cookie::new(
- USER_COOKIE,
- serde_json::to_string(&UserCookie {
- access_token: token.access_token().clone(),
- expiration,
- refresh_token: token.refresh_token().unwrap().clone(),
- })
- .unwrap(),
- ));
-
- Redirect::to(uri!(index))
-}
-
-#[rocket::main]
-async fn main() -> Result<(), anyhow::Error> {
- dotenv::dotenv().ok();
- env_logger::init();
-
- rocket::build()
- .mount("/api", routes![index, test, login, keycloak_callback])
- .mount("/", FileServer::from(std::env::var("WEBAPP_PATH").unwrap()))
- .launch()
- .await?;
- Ok(())
-}