MindWorkAI/AI-Studio
MindWorkAI/AI-Studio
1
0
Fork 0
mirror of https://github.com/MindWorkAI/AI-Studio.git synced 2025-11-04 03:20:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Refactored api token

Browse Source
This commit is contained in:
Thorsten Sommer 2024-11-05 18:59:11 +01:00
parent 45f0ab234f
commit 565a3edf30
Signed by: tsommer
GPG Key ID: 371BBA77A02C0108
3 changed files with 70 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
runtime/src/api_token.rs Normal file
View File

@ -0,0 +1,68 @@
use once_cell::sync::Lazy;
use rand::{RngCore, SeedableRng};
use rocket::http::Status;
use rocket::Request;
use rocket::request::FromRequest;
pub static API_TOKEN: Lazy<APIToken> = Lazy::new(|| {
let mut token = [0u8; 32];
let mut rng = rand_chacha::ChaChaRng::from_entropy();
rng.fill_bytes(&mut token);
APIToken::from_bytes(token.to_vec())
});
pub struct APIToken{
hex_text: String,
}
impl APIToken {
fn from_bytes(bytes: Vec<u8>) -> Self {
APIToken {
hex_text: bytes.iter().fold(String::new(), |mut result, byte| {
result.push_str(&format!("{:02x}", byte));
result
}),
}
}
fn from_hex_text(hex_text: &str) -> Self {
APIToken {
hex_text: hex_text.to_string(),
}
}
pub(crate) fn to_hex_text(&self) -> &str {
self.hex_text.as_str()
}
fn validate(&self, received_token: &Self) -> bool {
received_token.to_hex_text() == self.to_hex_text()
}
}
#[rocket::async_trait]
impl<'r> FromRequest<'r> for APIToken {
type Error = APITokenError;
async fn from_request(request: &'r Request<'_>) -> RequestOutcome<Self, Self::Error> {
let token = request.headers().get_one("token");
match token {
Some(token) => {
let received_token = APIToken::from_hex_text(token);
if API_TOKEN.validate(&received_token) {
RequestOutcome::Success(received_token)
} else {
RequestOutcome::Error((Status::Unauthorized, APITokenError::Invalid))
}
}
None => RequestOutcome::Error((Status::Unauthorized, APITokenError::Missing)),
}
}
}
#[derive(Debug)]
enum APITokenError {
Missing,
Invalid,
}

1
runtime/src/lib.rs
View File

@ -2,3 +2,4 @@ pub mod encryption;
pub mod log;
pub mod environment;
pub mod network;
pub mod api_token;

61
runtime/src/main.rs
View File

@ -64,13 +64,6 @@ static MAIN_WINDOW: Lazy<Mutex<Option<Window>>> = Lazy::new(|| Mutex::new(None))
// The update response coming from the Tauri updater.
static CHECK_UPDATE_RESPONSE: Lazy<Mutex<Option<UpdateResponse<tauri::Wry>>>> = Lazy::new(|| Mutex::new(None));
static API_TOKEN: Lazy<APIToken> = Lazy::new(|| {
let mut token = [0u8; 32];
let mut rng = rand_chacha::ChaChaRng::from_entropy();
rng.fill_bytes(&mut token);
APIToken::from_bytes(token.to_vec())
});
static DATA_DIRECTORY: OnceLock<String> = OnceLock::new();
static CONFIG_DIRECTORY: OnceLock<String> = OnceLock::new();
@ -382,61 +375,7 @@ async fn main() {
}
}
struct APIToken{
hex_text: String,
}
impl APIToken {
fn from_bytes(bytes: Vec<u8>) -> Self {
APIToken {
hex_text: bytes.iter().fold(String::new(), |mut result, byte| {
result.push_str(&format!("{:02x}", byte));
result
}),
}
}
fn from_hex_text(hex_text: &str) -> Self {
APIToken {
hex_text: hex_text.to_string(),
}
}
fn to_hex_text(&self) -> &str {
self.hex_text.as_str()
}
fn validate(&self, received_token: &Self) -> bool {
received_token.to_hex_text() == self.to_hex_text()
}
}
#[rocket::async_trait]
impl<'r> FromRequest<'r> for APIToken {
type Error = APITokenError;
async fn from_request(request: &'r Request<'_>) -> RequestOutcome<Self, Self::Error> {
let token = request.headers().get_one("token");
match token {
Some(token) => {
let received_token = APIToken::from_hex_text(token);
if API_TOKEN.validate(&received_token) {
RequestOutcome::Success(received_token)
} else {
RequestOutcome::Error((Status::Unauthorized, APITokenError::Invalid))
}
}
None => RequestOutcome::Error((Status::Unauthorized, APITokenError::Missing)),
}
}
}
#[derive(Debug)]
enum APITokenError {
Missing,
Invalid,
}
#[get("/system/dotnet/port")]
fn dotnet_port(_token: APIToken) -> String {