wip: add auth header parser

erikbdev · erikbdev · commit 65b8256aab65 · 2025-01-31T02:03:42.000-08:00
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -61,4 +61,4 @@ jobs:
 
       - name: Push To Production
         run: |
-          curl --request GET '${{ secrets.DEPLOYMENT_WEBHOOK_URL }}' --header 'Authorization: Bearer ${{ secrets.DEPLOYMENT_TOKEN }}'
+          curl --request POST '${{ secrets.DEPLOYMENT_WEBHOOK_URL }}' --header 'Authorization: Bearer ${{ secrets.DEPLOYMENT_TOKEN }}'
diff --git a/Package.resolved b/Package.resolved
diff --git a/Package.swift b/Package.swift
@@ -23,7 +23,7 @@ let package = Package(
     .package(url: "https://github.com/pointfreeco/swift-url-routing.git", exact: "0.6.2"),
     .package(url: "https://github.com/pointfreeco/swift-dependencies.git", exact: "1.6.2"),
     .package(url: "https://github.com/swiftlang/swift-syntax.git", from: "600.0.1"),
-    .package(url: "https://github.com/errorerrorerror/swift-cascadia", revision: "7ecd4f55648087446d194aa07ba0cfbc5e7461a6")
+    .package(url: "https://github.com/errorerrorerror/swift-cascadia", revision: "a13dfd0a3818c8f9368bbd4aeb3c6607f68838bd")
   ],
   targets: [
     .target(
diff --git a/Sources/App/Middlewares/SiteMiddleware.swift b/Sources/App/Middlewares/SiteMiddleware.swift
@@ -29,13 +29,17 @@ struct SiteMiddleware<Context: RequestContext>: RouterController {
         case .api(.activity(.all)):
           return try JSONEncoder().encode(self.activityClient.activity(), from: req, context: ctx)
         case let .api(.activity(.location(location))):
-          guard let authorization = req.headers[.authorization] else {
+          guard let auth = req.headers[.authorization].flatMap({ try? Auth.parser.parse($0) }) else {
             throw HTTPError(.notFound)
           }
-
+          try auth.validate()
           self.activityClient.updateLocation(location)
           return Response(status: .ok)
         case let .api(.activity(.nowPlaying(nowPlaying))):
+          guard let auth = req.headers[.authorization].flatMap({ try? Auth.parser.parse($0) }) else {
+            throw HTTPError(.notFound)
+          }
+          try auth.validate()
           self.activityClient.updateNowPlaying(nowPlaying)
           return Response(status: .ok)
         }
diff --git a/Sources/App/Utils/Auth.swift b/Sources/App/Utils/Auth.swift
@@ -0,0 +1,68 @@
+import Hummingbird
+import Foundation
+import Dependencies
+import Parsing
+
+enum Auth: Sendable, Equatable {
+  /// Token
+  case bearer(String)
+
+  /// base64-encoded credentials
+  case basic(String, String)
+
+  /// sha256-algorithm
+  case digest(String)
+
+  static var parser: some Parser<Substring, Auth> {
+    OneOf {
+      Parse(.case(Auth.bearer)) {
+        "Bearer "
+        Rest().map(.string)
+      }
+
+      Parse(.case(Auth.basic)) {
+        "Basic "
+
+        Rest().map(Base64SubstringToSubstring()).pipe {
+          Prefix { $0 != ":" }.map(.string)
+          ":"
+          Rest().map(.string)
+        }
+      }
+
+      Parse(.case(Auth.digest)) {
+        "Digest "
+        Rest().map(.string)
+      }
+    }
+  }
+
+  func validate() throws {
+    @Dependency(\.envVar) var env
+    switch self {
+    case let .basic(username, pass):
+      if username != env.basicAuth.0 || pass != env.basicAuth.1 {
+        throw HTTPError(.notFound)
+      }
+    default: throw HTTPError(.notFound)
+    }
+  }
+}
+
+struct Base64SubstringToSubstring: Conversion {
+  @usableFromInline
+  init() {}
+
+  @inlinable
+  func apply(_ input: Substring) -> Substring {
+    Data(base64Encoded: String(input)).flatMap {
+      String(data: $0, encoding: .utf8)?[...]
+    } ?? ""
+  }
+
+  @inlinable
+  func unapply(_ output: Substring) -> Substring {
+    output.data(using: .utf8)?
+      .base64EncodedString()[...] ?? ""
+  }
+}
diff --git a/Sources/App/Utils/Environment+.swift b/Sources/App/Utils/Environment+.swift
@@ -9,11 +9,17 @@ public enum AppEnv: String, Codable, ExpressibleByArgument {
 
 private enum EnvKeys {
   static let appSecret = "APP_SECRET"
+  static let basicAuthUsername = "BASIC_AUTH_USER"
+  static let basicAuthPassword = "BASIC_AUTH_PASSWD"
 }
 
 extension Environment {
   var appSecret: String {
-    self.get(EnvKeys.appSecret, as: String.self) ?? "deadbeefdeadbeefdeadbeefdeadbeef"
+    self.get(EnvKeys.appSecret) ?? "deadbeefdeadbeefdeadbeefdeadbeef"
+  }
+
+  var basicAuth: (String, String) {
+    (self.get(EnvKeys.basicAuthUsername) ?? "dead", self.get(EnvKeys.basicAuthPassword) ?? "beef")
   }
 }
 
diff --git a/Sources/Routes/Utils/URLRequestData+Hummingbird.swift b/Sources/Routes/Utils/URLRequestData+Hummingbird.swift
@@ -44,8 +44,8 @@ public extension URLRequestData {
   }
 }
 
-private extension HTTPFields {
-  var basicAuthorization: (String, String)? {
+extension HTTPFields {
+  public var basicAuthorization: (String, String)? {
     if let string = self[.authorization] {
       let headerParts = string
         .split(separator: " ", maxSplits: 1, omittingEmptySubsequences: false)

Original file line number	Diff line number	Diff line change
`@@ -9,11 +9,17 @@ public enum AppEnv: String, Codable, ExpressibleByArgument {`
`9`	`9`
`10`	`10`	`private enum EnvKeys {`
`11`	`11`	`static let appSecret = "APP_SECRET"`
	`12`	`+ static let basicAuthUsername = "BASIC_AUTH_USER"`
	`13`	`+ static let basicAuthPassword = "BASIC_AUTH_PASSWD"`
`12`	`14`	`}`
`13`	`15`
`14`	`16`	`extension Environment {`
`15`	`17`	`var appSecret: String {`
`16`		`- self.get(EnvKeys.appSecret, as: String.self) ?? "deadbeefdeadbeefdeadbeefdeadbeef"`
	`18`	`+ self.get(EnvKeys.appSecret) ?? "deadbeefdeadbeefdeadbeefdeadbeef"`
	`19`	`+ }`
	`20`	`+`
	`21`	`+ var basicAuth: (String, String) {`
	`22`	`+ (self.get(EnvKeys.basicAuthUsername) ?? "dead", self.get(EnvKeys.basicAuthPassword) ?? "beef")`
`17`	`23`	`}`
`18`	`24`	`}`
`19`	`25`
Original file line number	Diff line number	Diff line change
`@@ -44,8 +44,8 @@ public extension URLRequestData {`
`44`	`44`	`}`
`45`	`45`	`}`
`46`	`46`
`47`		`-private extension HTTPFields {`
`48`		`- var basicAuthorization: (String, String)? {`
	`47`	`+extension HTTPFields {`
	`48`	`+ public var basicAuthorization: (String, String)? {`
`49`	`49`	`if let string = self[.authorization] {`
`50`	`50`	`let headerParts = string`
`51`	`51`	`.split(separator: " ", maxSplits: 1, omittingEmptySubsequences: false)`