feat: [#615] authorization layer implemented for the proxy service

torrust · Aug 3, 2024 · 173f43d · 173f43d
1 parent 4f6ea18
commit 173f43d
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 7 deletions.
diff --git a/src/app.rs b/src/app.rs
@@ -101,7 +101,10 @@ pub async fn run(configuration: Configuration, api_version: &Version) -> Running
         authorization_service.clone(),
     ));
     let tag_service = Arc::new(tag::Service::new(tag_repository.clone(), authorization_service.clone()));
-    let proxy_service = Arc::new(proxy::Service::new(image_cache_service.clone(), user_repository.clone()));
+    let proxy_service = Arc::new(proxy::Service::new(
+        image_cache_service.clone(),
+        authorization_service.clone(),
+    ));
     let settings_service = Arc::new(settings::Service::new(configuration.clone(), authorization_service.clone()));
     let torrent_index = Arc::new(torrent::Index::new(
         configuration.clone(),

diff --git a/src/services/proxy.rs b/src/services/proxy.rs
@@ -10,21 +10,21 @@ use std::sync::Arc;
 
 use bytes::Bytes;
 
+use super::authorization::{self, ACTION};
 use crate::cache::image::manager::{Error, ImageCacheService};
 use crate::models::user::UserId;
-use crate::services::user::Repository;
 
 pub struct Service {
     image_cache_service: Arc<ImageCacheService>,
-    user_repository: Arc<Box<dyn Repository>>,
+    authorization_service: Arc<authorization::Service>,
 }
 
 impl Service {
     #[must_use]
-    pub fn new(image_cache_service: Arc<ImageCacheService>, user_repository: Arc<Box<dyn Repository>>) -> Self {
+    pub fn new(image_cache_service: Arc<ImageCacheService>, authorization_service: Arc<authorization::Service>) -> Self {
         Self {
             image_cache_service,
-            user_repository,
+            authorization_service,
         }
     }
 
@@ -39,8 +39,11 @@ impl Service {
     /// * The image is too big.
     /// * The user quota is met.
     pub async fn get_image_by_url(&self, url: &str, user_id: &UserId) -> Result<Bytes, Error> {
-        let user = self.user_repository.get_compact(user_id).await.ok();
+        self.authorization_service
+            .authorize(ACTION::GetImageByUrl, Some(*user_id))
+            .await
+            .map_err(|_| Error::Unauthenticated)?;
 
-        self.image_cache_service.get_image_by_url(url, user).await
+        self.image_cache_service.get_image_by_url(url, *user_id).await
     }
 }