http-signature-normalization/http-signature-normalization-actix/src/digest/middleware.rs

//! Types for setting up Digest middleware verification

use super::{DigestPart, DigestVerify};
use actix_web::{
    dev::{MessageBody, Payload, Service, ServiceRequest, ServiceResponse, Transform},
    error::PayloadError,
    http::{header::HeaderValue, StatusCode},
    web, FromRequest, HttpMessage, HttpRequest, HttpResponse, ResponseError,
};
use futures_util::{
    future::LocalBoxFuture,
    stream::{Stream, StreamExt},
};
use std::{
    future::{ready, Ready},
    pin::Pin,
    rc::Rc,
    task::{Context, Poll},
};
use tracing::{debug, Instrument, Span};
use tracing_error::SpanTrace;

#[derive(Copy, Clone, Debug)]
/// A type implementing FromRequest that can be used in route handler to guard for verified
/// digests
///
/// This is only required when the [`VerifyDigest`] middleware is set to optional
pub struct DigestVerified;

#[derive(Clone, Debug)]
/// The VerifyDigest middleware
///
/// ```rust,ignore
/// let middleware = VerifyDigest::new(MyVerify::new())
///     .optional();
///
/// HttpServer::new(move || {
///     App::new()
///         .wrap(middleware.clone())
///         .route("/protected", web::post().to(|_: DigestVerified| "Verified Digest Header"))
///         .route("/unprotected", web::post().to(|| "No verification required"))
/// })
/// ```
pub struct VerifyDigest<T>(bool, T);

#[doc(hidden)]
pub struct VerifyMiddleware<T, S>(Rc<S>, bool, T);

#[derive(Debug, thiserror::Error)]
#[error("Error verifying digest")]
#[doc(hidden)]
pub struct VerifyError {
    context: SpanTrace,
    kind: VerifyErrorKind,
}

impl VerifyError {
    fn new(span: &Span, kind: VerifyErrorKind) -> Self {
        span.in_scope(|| VerifyError {
            context: SpanTrace::capture(),
            kind,
        })
    }
}

#[derive(Debug, thiserror::Error)]
enum VerifyErrorKind {
    #[error("Missing request extension")]
    Extension,

    #[error("Digest header missing")]
    MissingDigest,

    #[error("Digest header is empty")]
    Empty,

    #[error("Failed to verify digest")]
    Verify,
}

impl<T> VerifyDigest<T>
where
    T: DigestVerify + Clone,
{
    /// Produce a new VerifyDigest with a user-provided [`Digestverify`] type
    pub fn new(verify_digest: T) -> Self {
        VerifyDigest(true, verify_digest)
    }

    /// Mark verifying the Digest as optional
    ///
    /// If a digest is present in the request, it will be verified, but it is not required to be
    /// present
    pub fn optional(self) -> Self {
        VerifyDigest(false, self.1)
    }
}

impl FromRequest for DigestVerified {
    type Error = VerifyError;
    type Future = Ready<Result<Self, Self::Error>>;

    fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future {
        let res = req
            .extensions()
            .get::<Self>()
            .copied()
            .ok_or_else(|| VerifyError::new(&Span::current(), VerifyErrorKind::Extension));

        if res.is_err() {
            debug!("Failed to fetch DigestVerified from request");
        }

        ready(res)
    }
}

impl<T, S, B> Transform<S, ServiceRequest> for VerifyDigest<T>
where
    T: DigestVerify + Clone + Send + 'static,
    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = actix_web::Error> + 'static,
    S::Error: 'static,
    B: MessageBody + 'static,
{
    type Response = ServiceResponse<B>;
    type Error = actix_web::Error;
    type Transform = VerifyMiddleware<T, S>;
    type InitError = ();
    type Future = Ready<Result<Self::Transform, Self::InitError>>;

    fn new_transform(&self, service: S) -> Self::Future {
        ready(Ok(VerifyMiddleware(
            Rc::new(service),
            self.0,
            self.1.clone(),
        )))
    }
}

impl<T, S, B> Service<ServiceRequest> for VerifyMiddleware<T, S>
where
    T: DigestVerify + Clone + Send + 'static,
    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = actix_web::Error> + 'static,
    S::Error: 'static,
    B: MessageBody + 'static,
{
    type Response = ServiceResponse<B>;
    type Error = actix_web::Error;
    type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;

    fn poll_ready(&self, cx: &mut Context) -> Poll<Result<(), Self::Error>> {
        self.0.poll_ready(cx)
    }

    fn call(&self, mut req: ServiceRequest) -> Self::Future {
        let span = tracing::info_span!(
            "Verify digest",
            digest.required = tracing::field::display(&self.1),
        );

        let verifier = self.2.clone();
        let svc = Rc::clone(&self.0);
        let required = self.1;

        Box::pin(async move {
            if let Some(digest) = req.headers().get("Digest") {
                let vec = match parse_digest(digest) {
                    Some(vec) => vec,
                    None => {
                        return Err(VerifyError::new(&span, VerifyErrorKind::Empty).into());
                    }
                };

                let payload = req.take_payload();

                let payload = verify_payload(vec, verifier, payload)
                    .instrument(span)
                    .await?;

                req.set_payload(payload);
                req.extensions_mut().insert(DigestVerified);

                svc.call(req).await
            } else if required {
                Err(VerifyError::new(&span, VerifyErrorKind::MissingDigest).into())
            } else {
                svc.call(req).await
            }
        })
    }
}

#[tracing::instrument(name = "Verify Payload", skip(verify_digest, payload))]
async fn verify_payload<T>(
    vec: Vec<DigestPart>,
    mut verify_digest: T,
    mut payload: Payload,
) -> Result<Payload, actix_web::Error>
where
    T: DigestVerify + Clone + Send + 'static,
{
    let mut payload_vec = vec![];
    while let Some(res) = payload.next().await {
        let bytes = res?;
        let bytes2 = bytes.clone();
        verify_digest = web::block(move || {
            verify_digest.update(bytes2.as_ref());
            Ok(verify_digest) as Result<T, VerifyError>
        })
        .await??;

        payload_vec.push(Ok(bytes));
    }

    let verified =
        web::block(move || Ok(verify_digest.verify(&vec)) as Result<_, VerifyError>).await??;

    if verified {
        let stream: Pin<Box<dyn Stream<Item = Result<web::Bytes, PayloadError>>>> =
            Box::pin(futures_util::stream::iter(payload_vec));

        Ok(Payload::Stream(stream))
    } else {
        Err(VerifyError::new(&Span::current(), VerifyErrorKind::Verify).into())
    }
}

fn parse_digest(h: &HeaderValue) -> Option<Vec<DigestPart>> {
    let h = h.to_str().ok()?.split(';').next()?;
    let v: Vec<_> = h
        .split(',')
        .filter_map(|p| {
            let mut iter = p.splitn(2, '=');
            iter.next()
                .and_then(|alg| iter.next().map(|value| (alg, value)))
        })
        .map(|(alg, value)| DigestPart {
            algorithm: alg.to_owned(),
            digest: value.to_owned(),
        })
        .collect();

    if v.is_empty() {
        None
    } else {
        Some(v)
    }
}

impl ResponseError for VerifyError {
    fn status_code(&self) -> StatusCode {
        StatusCode::BAD_REQUEST
    }

    fn error_response(&self) -> HttpResponse {
        HttpResponse::new(self.status_code())
    }
}
Prepare for release 2019-09-21 16:26:11 +00:00			`//! Types for setting up Digest middleware verification`

Add logging in actix crate 2020-03-20 02:36:10 +00:00			`use super::{DigestPart, DigestVerify};`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`use actix_web::{`
Update to latest actix deps 2021-06-24 16:56:36 +00:00			`dev::{MessageBody, Payload, Service, ServiceRequest, ServiceResponse, Transform},`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`error::PayloadError,`
Bump http-signature-normalization version, update actix to 3.0 2020-03-16 00:29:47 +00:00			`http::{header::HeaderValue, StatusCode},`
Update to latest actix deps 2021-06-24 16:56:36 +00:00			`web, FromRequest, HttpMessage, HttpRequest, HttpResponse, ResponseError,`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`};`
Instrument -actix with tracing 2021-09-18 00:34:16 +00:00			`use futures_util::{`
			`future::LocalBoxFuture,`
			`stream::{Stream, StreamExt},`
			`};`
Bump http-signature-normalization version, update actix to 3.0 2020-03-16 00:29:47 +00:00			`use std::{`
Instrument -actix with tracing 2021-09-18 00:34:16 +00:00			`future::{ready, Ready},`
Bump http-signature-normalization version, update actix to 3.0 2020-03-16 00:29:47 +00:00			`pin::Pin,`
Remove tokio by inlining digest hashing 2021-12-08 18:13:15 +00:00			`rc::Rc,`
Bump http-signature-normalization version, update actix to 3.0 2020-03-16 00:29:47 +00:00			`task::{Context, Poll},`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`};`
Remove tokio by inlining digest hashing 2021-12-08 18:13:15 +00:00			`use tracing::{debug, Instrument, Span};`
Instrument -actix with tracing 2021-09-18 00:34:16 +00:00			`use tracing_error::SpanTrace;`
Add digest header as feature 2019-09-13 01:12:35 +00:00
Add Verified FromRequest types for optional middlewares 2019-09-13 23:27:04 +00:00			`#[derive(Copy, Clone, Debug)]`
Prepare for release 2019-09-21 16:26:11 +00:00			`/// A type implementing FromRequest that can be used in route handler to guard for verified`
			`/// digests`
			`///`
			/// This is only required when the [`VerifyDigest`] middleware is set to optional
Add Verified FromRequest types for optional middlewares 2019-09-13 23:27:04 +00:00			`pub struct DigestVerified;`
Prepare for release 2019-09-21 16:26:11 +00:00
Make digest middleware clone 2020-07-06 15:16:41 +00:00			`#[derive(Clone, Debug)]`
Prepare for release 2019-09-21 16:26:11 +00:00			`/// The VerifyDigest middleware`
			`///`
			/// ```rust,ignore
			`/// let middleware = VerifyDigest::new(MyVerify::new())`
			`/// .optional();`
			`///`
			`/// HttpServer::new(move \|\| {`
			`/// App::new()`
			`/// .wrap(middleware.clone())`
			`/// .route("/protected", web::post().to(\|_: DigestVerified\| "Verified Digest Header"))`
			`/// .route("/unprotected", web::post().to(\|\| "No verification required"))`
			`/// })`
			/// ```
Add digest header as feature 2019-09-13 01:12:35 +00:00			`pub struct VerifyDigest<T>(bool, T);`
Prepare for release 2019-09-21 16:26:11 +00:00
			`#[doc(hidden)]`
Remove tokio by inlining digest hashing 2021-12-08 18:13:15 +00:00			`pub struct VerifyMiddleware<T, S>(Rc<S>, bool, T);`
Prepare for release 2019-09-21 16:26:11 +00:00
Bump http-signature-normalization version, update actix to 3.0 2020-03-16 00:29:47 +00:00			`#[derive(Debug, thiserror::Error)]`
			`#[error("Error verifying digest")]`
Prepare for release 2019-09-21 16:26:11 +00:00			`#[doc(hidden)]`
Instrument -actix with tracing 2021-09-18 00:34:16 +00:00			`pub struct VerifyError {`
			`context: SpanTrace,`
			`kind: VerifyErrorKind,`
			`}`

			`impl VerifyError {`
			`fn new(span: &Span, kind: VerifyErrorKind) -> Self {`
			`span.in_scope(\|\| VerifyError {`
			`context: SpanTrace::capture(),`
			`kind,`
			`})`
			`}`
			`}`

			`#[derive(Debug, thiserror::Error)]`
			`enum VerifyErrorKind {`
			`#[error("Missing request extension")]`
			`Extension,`

			`#[error("Digest header missing")]`
			`MissingDigest,`

			`#[error("Digest header is empty")]`
			`Empty,`

			`#[error("Failed to verify digest")]`
			`Verify,`
			`}`
Add digest header as feature 2019-09-13 01:12:35 +00:00
			`impl<T> VerifyDigest<T>`
			`where`
			`T: DigestVerify + Clone,`
			`{`
Prepare for release 2019-09-21 16:26:11 +00:00			/// Produce a new VerifyDigest with a user-provided [`Digestverify`] type
Add digest header as feature 2019-09-13 01:12:35 +00:00			`pub fn new(verify_digest: T) -> Self {`
			`VerifyDigest(true, verify_digest)`
			`}`

Prepare for release 2019-09-21 16:26:11 +00:00			`/// Mark verifying the Digest as optional`
			`///`
			`/// If a digest is present in the request, it will be verified, but it is not required to be`
			`/// present`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`pub fn optional(self) -> Self {`
			`VerifyDigest(false, self.1)`
			`}`
			`}`

Add Verified FromRequest types for optional middlewares 2019-09-13 23:27:04 +00:00			`impl FromRequest for DigestVerified {`
			`type Error = VerifyError;`
Bump http-signature-normalization version, update actix to 3.0 2020-03-16 00:29:47 +00:00			`type Future = Ready<Result<Self, Self::Error>>;`
Add Verified FromRequest types for optional middlewares 2019-09-13 23:27:04 +00:00
			`fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future {`
Instrument -actix with tracing 2021-09-18 00:34:16 +00:00			`let res = req`
			`.extensions()`
			`.get::<Self>()`
			`.copied()`
			`.ok_or_else(\|\| VerifyError::new(&Span::current(), VerifyErrorKind::Extension));`
Add logging in actix crate 2020-03-20 02:36:10 +00:00
			`if res.is_err() {`
			`debug!("Failed to fetch DigestVerified from request");`
			`}`

			`ready(res)`
Add Verified FromRequest types for optional middlewares 2019-09-13 23:27:04 +00:00			`}`
			`}`

Update to actix-web 4.0 beta.1 2021-02-04 01:02:19 +00:00			`impl<T, S, B> Transform<S, ServiceRequest> for VerifyDigest<T>`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`where`
Move to partial updates for verification, put it on the threadpool 2020-07-01 22:27:34 +00:00			`T: DigestVerify + Clone + Send + 'static,`
Update to actix-web 4.0 beta.1 2021-02-04 01:02:19 +00:00			`S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = actix_web::Error> + 'static,`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`S::Error: 'static,`
Don't use Rc<RefCell<>> 2020-03-25 16:00:37 +00:00			`B: MessageBody + 'static,`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`{`
Don't use Rc<RefCell<>> 2020-03-25 16:00:37 +00:00			`type Response = ServiceResponse<B>;`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`type Error = actix_web::Error;`
			`type Transform = VerifyMiddleware<T, S>;`
			`type InitError = ();`
Bump http-signature-normalization version, update actix to 3.0 2020-03-16 00:29:47 +00:00			`type Future = Ready<Result<Self::Transform, Self::InitError>>;`
Add digest header as feature 2019-09-13 01:12:35 +00:00
			`fn new_transform(&self, service: S) -> Self::Future {`
Remove tokio by inlining digest hashing 2021-12-08 18:13:15 +00:00			`ready(Ok(VerifyMiddleware(`
			`Rc::new(service),`
			`self.0,`
			`self.1.clone(),`
			`)))`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`}`
			`}`

Update to actix-web 4.0 beta.1 2021-02-04 01:02:19 +00:00			`impl<T, S, B> Service<ServiceRequest> for VerifyMiddleware<T, S>`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`where`
Move to partial updates for verification, put it on the threadpool 2020-07-01 22:27:34 +00:00			`T: DigestVerify + Clone + Send + 'static,`
Update to actix-web 4.0 beta.1 2021-02-04 01:02:19 +00:00			`S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = actix_web::Error> + 'static,`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`S::Error: 'static,`
Don't use Rc<RefCell<>> 2020-03-25 16:00:37 +00:00			`B: MessageBody + 'static,`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`{`
Don't use Rc<RefCell<>> 2020-03-25 16:00:37 +00:00			`type Response = ServiceResponse<B>;`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`type Error = actix_web::Error;`
Instrument -actix with tracing 2021-09-18 00:34:16 +00:00			`type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;`
Add digest header as feature 2019-09-13 01:12:35 +00:00
Update to actix-web 4.0.0-beta.3 2021-02-10 21:45:51 +00:00			`fn poll_ready(&self, cx: &mut Context) -> Poll<Result<(), Self::Error>> {`
Don't use Rc<RefCell<>> 2020-03-25 16:00:37 +00:00			`self.0.poll_ready(cx)`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`}`

Update to actix-web 4.0.0-beta.3 2021-02-10 21:45:51 +00:00			`fn call(&self, mut req: ServiceRequest) -> Self::Future {`
Instrument -actix with tracing 2021-09-18 00:34:16 +00:00			`let span = tracing::info_span!(`
			`"Verify digest",`
			`digest.required = tracing::field::display(&self.1),`
			`);`

Remove tokio by inlining digest hashing 2021-12-08 18:13:15 +00:00			`let verifier = self.2.clone();`
			`let svc = Rc::clone(&self.0);`
			`let required = self.1;`

			`Box::pin(async move {`
			`if let Some(digest) = req.headers().get("Digest") {`
			`let vec = match parse_digest(digest) {`
			`Some(vec) => vec,`
			`None => {`
			`return Err(VerifyError::new(&span, VerifyErrorKind::Empty).into());`
			`}`
			`};`

			`let payload = req.take_payload();`

			`let payload = verify_payload(vec, verifier, payload)`
			`.instrument(span)`
			`.await?;`

			`req.set_payload(payload);`
			`req.extensions_mut().insert(DigestVerified);`

			`svc.call(req).await`
			`} else if required {`
			`Err(VerifyError::new(&span, VerifyErrorKind::MissingDigest).into())`
			`} else {`
			`svc.call(req).await`
			`}`
			`})`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`}`
			`}`

Remove tokio by inlining digest hashing 2021-12-08 18:13:15 +00:00			`#[tracing::instrument(name = "Verify Payload", skip(verify_digest, payload))]`
Don't use Rc<RefCell<>> 2020-03-25 16:00:37 +00:00			`async fn verify_payload<T>(`
			`vec: Vec<DigestPart>,`
			`mut verify_digest: T,`
			`mut payload: Payload,`
Remove tokio by inlining digest hashing 2021-12-08 18:13:15 +00:00			`) -> Result<Payload, actix_web::Error>`
Don't use Rc<RefCell<>> 2020-03-25 16:00:37 +00:00			`where`
Move to partial updates for verification, put it on the threadpool 2020-07-01 22:27:34 +00:00			`T: DigestVerify + Clone + Send + 'static,`
Don't use Rc<RefCell<>> 2020-03-25 16:00:37 +00:00			`{`
Remove tokio by inlining digest hashing 2021-12-08 18:13:15 +00:00			`let mut payload_vec = vec![];`
Don't use Rc<RefCell<>> 2020-03-25 16:00:37 +00:00			`while let Some(res) = payload.next().await {`
			`let bytes = res?;`
Move to partial updates for verification, put it on the threadpool 2020-07-01 22:27:34 +00:00			`let bytes2 = bytes.clone();`
			`verify_digest = web::block(move \|\| {`
Instrument -actix with tracing 2021-09-18 00:34:16 +00:00			`verify_digest.update(bytes2.as_ref());`
Move to partial updates for verification, put it on the threadpool 2020-07-01 22:27:34 +00:00			`Ok(verify_digest) as Result<T, VerifyError>`
			`})`
Update to actix-web 4.0.0-beta.3 2021-02-10 21:45:51 +00:00			`.await??;`
Don't use Rc<RefCell<>> 2020-03-25 16:00:37 +00:00
Remove tokio by inlining digest hashing 2021-12-08 18:13:15 +00:00			`payload_vec.push(Ok(bytes));`
Don't use Rc<RefCell<>> 2020-03-25 16:00:37 +00:00			`}`

Move to partial updates for verification, put it on the threadpool 2020-07-01 22:27:34 +00:00			`let verified =`
Update to actix-web 4.0.0-beta.3 2021-02-10 21:45:51 +00:00			`web::block(move \|\| Ok(verify_digest.verify(&vec)) as Result<_, VerifyError>).await??;`
Don't use Rc<RefCell<>> 2020-03-25 16:00:37 +00:00
Move to partial updates for verification, put it on the threadpool 2020-07-01 22:27:34 +00:00			`if verified {`
Remove tokio by inlining digest hashing 2021-12-08 18:13:15 +00:00			`let stream: Pin<Box<dyn Stream<Item = Result<web::Bytes, PayloadError>>>> =`
			`Box::pin(futures_util::stream::iter(payload_vec));`

			`Ok(Payload::Stream(stream))`
Don't use Rc<RefCell<>> 2020-03-25 16:00:37 +00:00			`} else {`
Instrument -actix with tracing 2021-09-18 00:34:16 +00:00			`Err(VerifyError::new(&Span::current(), VerifyErrorKind::Verify).into())`
Don't use Rc<RefCell<>> 2020-03-25 16:00:37 +00:00			`}`
			`}`

Add digest header as feature 2019-09-13 01:12:35 +00:00			`fn parse_digest(h: &HeaderValue) -> Option<Vec<DigestPart>> {`
Clippy 2020-04-26 01:41:21 +00:00			`let h = h.to_str().ok()?.split(';').next()?;`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`let v: Vec<_> = h`
Clippy 2020-04-26 01:41:21 +00:00			`.split(',')`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`.filter_map(\|p\| {`
Clippy 2020-04-26 01:41:21 +00:00			`let mut iter = p.splitn(2, '=');`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`iter.next()`
			`.and_then(\|alg\| iter.next().map(\|value\| (alg, value)))`
			`})`
			`.map(\|(alg, value)\| DigestPart {`
			`algorithm: alg.to_owned(),`
			`digest: value.to_owned(),`
			`})`
			`.collect();`

			`if v.is_empty() {`
			`None`
			`} else {`
			`Some(v)`
			`}`
			`}`

			`impl ResponseError for VerifyError {`
Bump http-signature-normalization version, update actix to 3.0 2020-03-16 00:29:47 +00:00			`fn status_code(&self) -> StatusCode {`
			`StatusCode::BAD_REQUEST`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`}`

Update to latest actix deps 2021-06-24 16:56:36 +00:00			`fn error_response(&self) -> HttpResponse {`
			`HttpResponse::new(self.status_code())`
Add digest header as feature 2019-09-13 01:12:35 +00:00			`}`
			`}`