feat: TypeSafeHTTPBasic #49
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,130 @@ | ||
| /** | ||
| * Copyright IBM Corporation 2018 | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| **/ | ||
|
|
||
| import Kitura | ||
| import KituraNet | ||
| import Credentials | ||
|
|
||
| import Foundation | ||
|
|
||
| /** | ||
| A `TypeSafeCredentials` plugin for HTTP basic authentication. | ||
| This protocol will be implemented by a Swift object defined by the user. | ||
| The plugin must implement a `verifyPassword` function which takes a username and password as input | ||
| and returns an instance of `Self` on success or `nil` on failure. | ||
| This instance must contain the authentication `provider` (defaults to "HTTPBasic") and an `id`, uniquely identifying the user. | ||
| The users object can then be used in TypeSafeMiddlware routes to authenticate with HTTP basic. | ||
| ### Usage Example: ### | ||
| ```swift | ||
| public struct MyHTTPBasic: TypeSafeHTTPBasic { | ||
|
|
||
| public var id: String | ||
|
|
||
| public static let users = ["John" : "12345", "Mary" : "qwerasdf"] | ||
|
|
||
| public static let realm = "Login message" | ||
|
|
||
| public static var verifyPassword: ((String, String, @escaping (MyHTTPBasic?) -> Void) -> Void) = | ||
|
There was a problem hiding this comment. Usage example needs updating now that this is a function |
||
| { userId, password, callback in | ||
| if let storedPassword = users[userId], storedPassword == password { | ||
| callback(MyHTTPBasic(id: userId)) | ||
| } else { | ||
| callback(nil) | ||
| } | ||
| } | ||
| } | ||
|
|
||
| struct User: Codable { | ||
| let name: String | ||
| } | ||
|
|
||
| router.get("/authedFruits") { (authedUser: MyHTTPBasic, respondWith: (User?, RequestError?) -> Void) in | ||
| let user = User(name: authedUser.id) | ||
| respondWith(user, nil) | ||
| } | ||
| ``` | ||
| */ | ||
| public protocol TypeSafeHTTPBasic : TypeSafeCredentials { | ||
|
|
||
| /// The realm for which these credentials are valid (defaults to "User") | ||
| static var realm: String { get } | ||
|
|
||
| /// The closure which takes a username and password and returns a TypeSafeHTTPBasic instance on success or nil on failure. | ||
|
There was a problem hiding this comment. Comment needs updating now that this is a function |
||
| static var verifyPassword: ((String, String, @escaping (Self?) -> Void) -> Void) { get } | ||
|
There was a problem hiding this comment. This isn't very type-safe, did you consider replacing these Strings with something protocol-based? There was a problem hiding this comment. I think we should replace with something like static func verifyPassword(username: String, password, String, callback: @escaping (Self?) -> Void) -> VoidXcode will auto-complete this much nicer than the version where we define a closure signature, and apply the labels which indicates how to handle each argument. |
||
|
|
||
| } | ||
|
|
||
| extension TypeSafeHTTPBasic { | ||
|
|
||
| /// The name of the authentication provider (defaults to "HTTPBasic") | ||
| public var provider: String { | ||
| return "HTTPBasic" | ||
| } | ||
|
|
||
| /// The realm for which these credentials are valid (defaults to "User") | ||
| public static var realm: String { | ||
| return "User" | ||
| } | ||
|
|
||
| /// Authenticate incoming request using HTTP Basic authentication. | ||
| /// | ||
| /// - Parameter request: The `RouterRequest` object used to get information | ||
| /// about the request. | ||
| /// - Parameter response: The `RouterResponse` object used to respond to the | ||
| /// request. | ||
| /// - Parameter onSuccess: The closure to invoke in the case of successful authentication. | ||
| /// - Parameter onFailure: The closure to invoke in the case of an authentication failure. | ||
| /// - Parameter onSkip: The closure to invoke when the plugin doesn't recognize the | ||
| /// authentication data in the request. | ||
| public static func authenticate(request: RouterRequest, response: RouterResponse, onSuccess: @escaping (Self) -> Void, onFailure: @escaping (HTTPStatusCode?, [String : String]?) -> Void, onSkip: @escaping (HTTPStatusCode?, [String : String]?) -> Void) { | ||
|
|
||
| let userid: String | ||
| let password: String | ||
| if let requestUser = request.urlURL.user, let requestPassword = request.urlURL.password { | ||
| userid = requestUser | ||
| password = requestPassword | ||
| } | ||
| else { | ||
|
There was a problem hiding this comment. Please put the else on the previous line. |
||
| guard let authorizationHeader = request.headers["Authorization"] else { | ||
| return onSkip(.unauthorized, ["WWW-Authenticate" : "Basic realm=\"" + realm + "\""]) | ||
| } | ||
|
|
||
| let authorizationHeaderComponents = authorizationHeader.components(separatedBy: " ") | ||
| guard authorizationHeaderComponents.count == 2, | ||
| authorizationHeaderComponents[0] == "Basic", | ||
| let decodedData = Data(base64Encoded: authorizationHeaderComponents[1], options: Data.Base64DecodingOptions(rawValue: 0)), | ||
| let userAuthorization = String(data: decodedData, encoding: .utf8) else { | ||
| return onSkip(.unauthorized, ["WWW-Authenticate" : "Basic realm=\"" + realm + "\""]) | ||
| } | ||
| let credentials = userAuthorization.components(separatedBy: ":") | ||
| guard credentials.count >= 2 else { | ||
| onFailure(.badRequest, nil) | ||
|
|
||
| return | ||
| } | ||
| userid = credentials[0] | ||
| password = credentials[1] | ||
| } | ||
|
|
||
| verifyPassword(userid, password) { selfInstance in | ||
| if let selfInstance = selfInstance { | ||
| onSuccess(selfInstance) | ||
| } | ||
| else { | ||
|
|
||
| onFailure(.unauthorized, ["WWW-Authenticate" : "Basic realm=\"" + self.realm + "\""]) | ||
| } | ||
| } | ||
| } | ||
| } | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably make this private!