From 760dedaadecc5b4af4f0d26f20feee85f3145de5 Mon Sep 17 00:00:00 2001
From: asonix <asonix@asonix.dog>
Date: Tue, 17 Mar 2020 14:47:00 -0500
Subject: [PATCH] Add method to retrieve key_id from request data

---
 http-signature-normalization-actix/Cargo.toml  |  2 +-
 http-signature-normalization-actix/README.md   |  5 +++--
 .../examples/server.rs                         | 10 ++++++++--
 http-signature-normalization-actix/src/lib.rs  |  3 ++-
 .../src/middleware.rs                          | 18 ++++++++++++++----
 5 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/http-signature-normalization-actix/Cargo.toml b/http-signature-normalization-actix/Cargo.toml
index 2f1b253..175856f 100644
--- a/http-signature-normalization-actix/Cargo.toml
+++ b/http-signature-normalization-actix/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "http-signature-normalization-actix"
 description = "An HTTP Signatures library that leaves the signing to you"
-version = "0.3.0-alpha.2"
+version = "0.3.0-alpha.3"
 authors = ["asonix <asonix@asonix.dog>"]
 license-file = "LICENSE"
 readme = "README.md"
diff --git a/http-signature-normalization-actix/README.md b/http-signature-normalization-actix/README.md
index 52ff497..1ee5cc0 100644
--- a/http-signature-normalization-actix/README.md
+++ b/http-signature-normalization-actix/README.md
@@ -16,7 +16,7 @@ This crate provides extensions the ClientRequest type from Actix Web, and provid
 actix = "0.10.0-alpha.1"
 actix-web = "3.0.0-alpha.1"
 thiserror = "0.1"
-http-signature-normalization-actix = { version = "0.3.0-alpha.2", default-features = false, features = ["sha-2"] }
+http-signature-normalization-actix = { version = "0.3.0-alpha.3", default-features = false, features = ["sha-2"] }
 sha2 = "0.8"
 ```
 
@@ -110,7 +110,8 @@ impl SignatureVerify for MyVerify {
     }
 }
 
-async fn index(_: (DigestVerified, SignatureVerified)) -> &'static str {
+async fn index((_, sig_verified): (DigestVerified, SignatureVerified)) -> &'static str {
+    println!("Signature verified for {}", sig_verified.key_id());
     "Eyyyyup"
 }
 
diff --git a/http-signature-normalization-actix/examples/server.rs b/http-signature-normalization-actix/examples/server.rs
index 5ffa804..0507f96 100644
--- a/http-signature-normalization-actix/examples/server.rs
+++ b/http-signature-normalization-actix/examples/server.rs
@@ -1,6 +1,7 @@
-use actix_web::{http::StatusCode, web, App, HttpResponse, HttpServer, ResponseError};
+use actix_web::{http::StatusCode, web, App, HttpRequest, HttpResponse, HttpServer, ResponseError};
 use futures::future::{err, ok, Ready};
 use http_signature_normalization_actix::prelude::*;
+use log::info;
 use sha2::{Digest, Sha256};
 
 #[derive(Clone, Debug)]
@@ -35,7 +36,12 @@ impl SignatureVerify for MyVerify {
     }
 }
 
-async fn index(_: (DigestVerified, SignatureVerified)) -> &'static str {
+async fn index(
+    (_, sig_verified): (DigestVerified, SignatureVerified),
+    req: HttpRequest,
+) -> &'static str {
+    info!("Verified request for {}", sig_verified.key_id());
+    info!("{:?}", req);
     "Eyyyyup"
 }
 
diff --git a/http-signature-normalization-actix/src/lib.rs b/http-signature-normalization-actix/src/lib.rs
index 06315b3..1b54ba5 100644
--- a/http-signature-normalization-actix/src/lib.rs
+++ b/http-signature-normalization-actix/src/lib.rs
@@ -45,7 +45,8 @@
 //!     }
 //! }
 //!
-//! async fn index(_: (DigestVerified, SignatureVerified)) -> &'static str {
+//! async fn index((_, sig_verified): (DigestVerified, SignatureVerified)) -> &'static str {
+//!     println!("Signature verified for {}", sig_verified.key_id());
 //!     "Eyyyyup"
 //! }
 //!
diff --git a/http-signature-normalization-actix/src/middleware.rs b/http-signature-normalization-actix/src/middleware.rs
index e03752f..25d2a42 100644
--- a/http-signature-normalization-actix/src/middleware.rs
+++ b/http-signature-normalization-actix/src/middleware.rs
@@ -16,10 +16,20 @@ use std::{
 
 use crate::{Config, SignatureVerify};
 
-#[derive(Copy, Clone, Debug)]
+#[derive(Clone, Debug)]
 /// A marker type that can be used to guard routes when the signature middleware is set to
 /// 'optional'
-pub struct SignatureVerified;
+pub struct SignatureVerified(String);
+
+impl SignatureVerified {
+    /// Return the Key ID used to verify the request
+    ///
+    /// It might be important for an application to verify that the payload being processed indeed
+    /// belongs to the owner of the key used to sign the request.
+    pub fn key_id(&self) -> &str {
+        &self.0
+    }
+}
 
 #[derive(Clone, Debug)]
 /// The Verify signature middleware
@@ -116,7 +126,7 @@ where
             let verified = fut.await?;
 
             if verified {
-                req.extensions_mut().insert(SignatureVerified);
+                req.extensions_mut().insert(SignatureVerified(key_id));
                 service.borrow_mut().call(req).await
             } else {
                 Err(VerifyError.into())
@@ -144,7 +154,7 @@ impl FromRequest for SignatureVerified {
         ready(
             req.extensions()
                 .get::<Self>()
-                .map(|s| *s)
+                .map(|s| s.clone())
                 .ok_or(VerifyError),
         )
     }