[proxmox-backup.git] / src / bin / proxmox_restore_daemon / auth.rs

//! Authentication via a static ticket file
use std::fs::File;
use std::io::prelude::*;

use anyhow::{bail, format_err, Error};

use proxmox_rest_server::{ApiAuth, AuthError};

const TICKET_FILE: &str = "/ticket";

pub struct StaticAuth {
    ticket: String,
}

impl ApiAuth for StaticAuth {
    fn check_auth(
        &self,
        headers: &http::HeaderMap,
        _method: &hyper::Method,
    ) -> Result<String, AuthError> {
        match headers.get(hyper::header::AUTHORIZATION) {
            Some(header) if header.to_str().unwrap_or("") == &self.ticket => {
                Ok(String::from("root@pam"))
            }
            _ => {
                return Err(AuthError::Generic(format_err!(
                    "invalid file restore ticket provided"
                )));
            }
        }
    }
}

pub fn ticket_auth() -> Result<StaticAuth, Error> {
    let mut ticket_file = File::open(TICKET_FILE)?;
    let mut ticket = String::new();
    let len = ticket_file.read_to_string(&mut ticket)?;
    if len <= 0 {
        bail!("invalid ticket: cannot be empty");
    }
    Ok(StaticAuth { ticket })
}
Commit	Line	Data
dd9cef56	1	//! Authentication via a static ticket file
dd9cef56 SR	2	use std::fs::File;
	3	use std::io::prelude::*;
	4
4c1b7761 WB	5	use anyhow::{bail, format_err, Error};
4c1b7761 WB	6
fd6d2438	7	use proxmox_rest_server::{ApiAuth, AuthError};
dd9cef56 SR	8
	9	const TICKET_FILE: &str = "/ticket";
	10
	11	pub struct StaticAuth {
	12	ticket: String,
	13	}
	14
	15	impl ApiAuth for StaticAuth {
	16	fn check_auth(
	17	&self,
	18	headers: &http::HeaderMap,
	19	_method: &hyper::Method,
fd6d2438	20	) -> Result<String, AuthError> {
dd9cef56 SR	21	match headers.get(hyper::header::AUTHORIZATION) {
dd9cef56 SR	22	Some(header) if header.to_str().unwrap_or("") == &self.ticket => {
fd6d2438	23	Ok(String::from("root@pam"))
dd9cef56 SR	24	}
	25	_ => {
	26	return Err(AuthError::Generic(format_err!(
	27	"invalid file restore ticket provided"
	28	)));
	29	}
	30	}
	31	}
	32	}
	33
	34	pub fn ticket_auth() -> Result<StaticAuth, Error> {
	35	let mut ticket_file = File::open(TICKET_FILE)?;
	36	let mut ticket = String::new();
	37	let len = ticket_file.read_to_string(&mut ticket)?;
	38	if len <= 0 {
	39	bail!("invalid ticket: cannot be empty");
	40	}
	41	Ok(StaticAuth { ticket })
	42	}