check that the user did in the request is the same as the configured user did
+35
-5
Diff
round #0
+10
-3
src/server.rs
+10
-3
src/server.rs
···
29
29
pub struct ServerConfig {
30
30
pub appview_did: String,
31
31
pub appview_endpoint: String,
32
+
pub user_did: String,
32
33
}
33
34
34
35
pub async fn run_server() {
···
41
42
let appview_did: String = std::env::var("APPVIEW_DID").expect("APPVIEW_DID missing");
42
43
let appview_endpoint = std::env::var("APPVIEW_HOSTNAME").expect("APPVIEW_HOSTNAME missing");
43
44
45
+
let users_did = std::env::var("USERS_DID").expect("USERS_DID missing");
46
+
44
47
let server_config = ServerConfig {
45
48
appview_did: appview_did.clone(),
46
49
appview_endpoint: appview_endpoint.clone(),
50
+
user_did: users_did,
47
51
};
48
52
49
53
let service_did = Did::new_owned(appview_did).expect("APPVIEW_DID produced an invalid did:web");
50
54
51
55
let resolver = JacquardResolver::new(reqwest::Client::new(), ResolverOptions::default());
52
-
let auth_config = ServiceAuthConfig::new(service_did, resolver);
56
+
let auth_config = ServiceAuthConfig::new(service_did, resolver.clone());
53
57
54
-
let app_state = AppState::new(server_config, auth_config);
58
+
let app_state = AppState::new(server_config, auth_config, resolver.clone());
55
59
56
60
let app = Router::<AppState>::new()
57
61
.route("/", get(say_hello_text))
···
169
173
170
174
#[derive(Clone)]
171
175
pub struct AppState {
172
-
server_config: ServerConfig,
176
+
pub server_config: ServerConfig,
173
177
pub service_auth: ServiceAuthConfig<JacquardResolver>,
178
+
pub resolver: JacquardResolver,
174
179
}
175
180
176
181
impl AppState {
177
182
pub fn new(
178
183
server_config: ServerConfig,
179
184
service_auth: ServiceAuthConfig<JacquardResolver>,
185
+
resolver: JacquardResolver,
180
186
) -> Self {
181
187
Self {
182
188
service_auth: service_auth,
183
189
server_config: server_config,
190
+
resolver: resolver,
184
191
}
185
192
}
186
193
}
+25
-2
src/xrpc/routes.rs
+25
-2
src/xrpc/routes.rs
···
1
1
use crate::server::AppState;
2
2
use crate::server::XrpcErrorResponse;
3
3
use axum::{Json, extract::State};
4
+
use jacquard::types::string::AtIdentifier;
4
5
use jacquard::xrpc::atproto::GetRecordOutput;
5
6
use jacquard_api::app_bsky::actor::get_profile::GetProfileOutput;
6
7
use jacquard_api::app_bsky::actor::get_profile::GetProfileRequest;
···
12
13
use jacquard_api::tools_ozone::moderation::get_record::GetRecordRequest;
13
14
use jacquard_axum::ExtractXrpc;
14
15
use jacquard_axum::service_auth::ExtractOptionalServiceAuth;
16
+
use jacquard_common::IntoStatic;
17
+
use jacquard_identity::resolver::IdentityResolver;
15
18
use serde_json::Value;
16
19
use serde_json::json;
17
20
18
21
pub async fn app_bsky_actor_get_profile(
19
-
State(_): State<AppState>,
22
+
State(state): State<AppState>,
20
23
ExtractOptionalServiceAuth(_auth): ExtractOptionalServiceAuth,
21
-
ExtractXrpc(_): ExtractXrpc<GetProfileRequest>,
24
+
ExtractXrpc(req): ExtractXrpc<GetProfileRequest>,
22
25
) -> Result<Json<GetProfileOutput<'static>>, XrpcErrorResponse> {
26
+
let did = match req.actor {
27
+
AtIdentifier::Did(did) => did.into_static(),
28
+
AtIdentifier::Handle(handle) => {
29
+
state
30
+
.resolver
31
+
.resolve_handle(&handle)
32
+
.await
33
+
.map_err(|err| {
34
+
println!("error resolving handle: {err}");
35
+
XrpcErrorResponse::internal_server_error()
36
+
})?
37
+
}
38
+
};
39
+
40
+
if did.to_string() != state.server_config.user_did.to_string() {
41
+
println!("configured user did does not match request user did {did}");
42
+
return Err(XrpcErrorResponse::internal_server_error());
43
+
}
44
+
45
+
println!("did is {did}");
23
46
return Err(XrpcErrorResponse::not_implemented());
24
47
}
25
48
History
1 round
0 comments
willdot.net
submitted
#0
1 commit
expand
collapse
print out the did from the request by resolving it
check that the user did in the request is the same as the configured user did
merge conflicts detected
expand
collapse
expand
collapse
- src/server.rs:13
- src/xrpc/routes.rs:2