search

GREsau / okapi

OpenAPI (AKA Swagger) document generation for Rust projects
MIT License
606 stars 110 forks source link

Request guard, impl OpenApiFromRequest with Bearer #147

Closed eltorio closed 5 months ago

eltorio commented 5 months ago

Firstly, this is not an "issue" in the conventional sense.
I followed the example and implemented a somewhat functional OpenApiFromRequest for my request guard.

My required header is in the form "Authorization: Bearer -256-bit token, base64 encoded-".
Now, I need to use Bearer -256-bit token, base64 encoded- as the security key.

  1. Is there a solution to use only -256-bit token, base64 encoded- as the security key?
  2. How can I verify that the supplied key adheres to the 256-bit length and base64 encoding?
eltorio commented 5 months ago

After making some research I'm answering myself to point 1:

impl<'r> rocket_okapi::request::OpenApiFromRequest<'r> for AuthenticatedUser<BearerAuthToken> {
    fn from_request_input(
        _gen: &mut rocket_okapi::gen::OpenApiGenerator,
        _name: String,
        _required: bool,
    ) -> rocket_okapi::Result<rocket_okapi::request::RequestHeaderInput> {
                // Setup global requirement for Security scheme
                let security_scheme = SecurityScheme {
                    description: Some("Requires an API key to access, format the key as a 256 bit base64 encoded string like `Ak4DJ9IDYTpaceqBlAlK5pGJq595ERpq6haBaADg_lA`.".to_owned()),
                    data: SecuritySchemeData::Http {
                        scheme: "bearer".to_owned(),
                        bearer_format: Some("256 bit base64 encoded string".to_owned()),
                    },
                    extensions: Object::default(),
                };
                // Add the requirement for this route/endpoint
                // This can change between routes.
                let mut security_req = SecurityRequirement::new();
                // Each security requirement needs to be met before access is allowed.
                security_req.insert("authorization".to_owned(), Vec::new());
                // These vvvvvvv-----^^^^^^^^^^ values need to match exactly!
                Ok(RequestHeaderInput::Security(
                    "authorization".to_owned(),
                    security_scheme,
                    security_req,
                ))
    }
}
ralpha commented 5 months ago
  1. How can I verify that the supplied key adheres to the 256-bit length and base64 encoding?

This code block can just contain any logic. So just write some code that verifies that the token meets your requirements. You can verify this by using a create that does base64 decoding. If the provided token does not meet the requirement you can return an error (as the function use a rocket_okapi::Result<...>. Which is defined here: https://github.com/GREsau/okapi/blob/1608ff7b92e3daca8cf05aa4594e1cf163e584a9/rocket-okapi/src/error.rs#L6 of if you prefer the docs: https://docs.rs/rocket_okapi/0.8.0-rc.3/rocket_okapi/type.Result.html

I hope this helps. I'll close this issue because this is not an issue in our code base. But I hope my response still helps you figuring this out.