From fac90957dca9a1fd7a71d5690a4afae69c61c720 Mon Sep 17 00:00:00 2001 From: Owen Salter Date: Mon, 13 Jul 2020 10:31:44 -0400 Subject: [PATCH 1/8] Write HMAC middleware --- Cargo.toml | 2 ++ src/main.rs | 1 + src/middlewares.rs | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 src/middlewares.rs diff --git a/Cargo.toml b/Cargo.toml index 8cb0bbf..d08b242 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,3 +14,5 @@ bson = "1.0" serde = { version = "1.0", features = ["derive"]} uuid = { version = "0.8.1", features = ["v4", "serde"] } mongodb = "1.0" +hmac = "0.8.1" +hcor = { git="https://github.com/hackagotchi/hcor" } diff --git a/src/main.rs b/src/main.rs index 0f75e55..ea9da6d 100644 --- a/src/main.rs +++ b/src/main.rs @@ -3,6 +3,7 @@ use actix_web::{get, web, App, HttpRequest, HttpResponse, HttpServer}; pub mod data; pub mod models; pub mod routes; +pub mod middlewares; #[get("/user/{id}")] async fn get_user(_req: HttpRequest) -> HttpResponse { diff --git a/src/middlewares.rs b/src/middlewares.rs new file mode 100644 index 0000000..acd6ce6 --- /dev/null +++ b/src/middlewares.rs @@ -0,0 +1,37 @@ +use actix_web::HttpRequest; +use actix_web::middleware::{Middleware, Started}; +use hcor::errors::ServiceError; +use actix_web::Result; +use std::env; + +use hmac::{Hmac, Mac, NewMac}; + + +pub struct VerifySignature; + +impl Middleware for VerifySignature { + fn start(&self, req: &mut HttpRequest) -> Result { + use std::io::Read; + + let r = req.clone(); + let s = r.headers() + .get("X-Signature") + .ok_or(ServiceError::Unauthorized)? + .to_str() + .map_err(ServiceError::Unauthorized)?; + + let (_, sig) = s.split_at(5); + + let mut mac = Hmac::::new_varkey(String::as_bytes(std::env("SECERT_KEY").unwrap_or("changemepls"))); + + + let mut body = String::new(); + req.read_to_string(&mut body) + .map_err(ServiceError::InternalServerError)?; + + mac.update(String::as_bytes(sig)); + + mac.verify(String::as_bytes(body)); + + } +} From 128381dd7a794efd0535322c119a1a8bc5a76b42 Mon Sep 17 00:00:00 2001 From: Owen Salter Date: Mon, 13 Jul 2020 10:53:25 -0400 Subject: [PATCH 2/8] Add Sha2 library --- Cargo.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/Cargo.toml b/Cargo.toml index d08b242..1ccd0da 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -16,3 +16,4 @@ uuid = { version = "0.8.1", features = ["v4", "serde"] } mongodb = "1.0" hmac = "0.8.1" hcor = { git="https://github.com/hackagotchi/hcor" } +sha2 = "0.9.1" From c0059cdeb77d44613fbb75223c22cf57f4ad3a9a Mon Sep 17 00:00:00 2001 From: Owen Salter Date: Mon, 13 Jul 2020 10:51:51 -0400 Subject: [PATCH 3/8] Import Sha256 --- src/middlewares.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/middlewares.rs b/src/middlewares.rs index acd6ce6..4b7bb80 100644 --- a/src/middlewares.rs +++ b/src/middlewares.rs @@ -5,6 +5,8 @@ use actix_web::Result; use std::env; use hmac::{Hmac, Mac, NewMac}; +use sha2::Sha256; + pub struct VerifySignature; @@ -22,7 +24,8 @@ impl Middleware for VerifySignature { let (_, sig) = s.split_at(5); - let mut mac = Hmac::::new_varkey(String::as_bytes(std::env("SECERT_KEY").unwrap_or("changemepls"))); + let mut mac = Hmac::::new_varkey(String::as_bytes(env::var("SECERT_KEY").unwrap_or("changemepls"))); + let mut body = String::new(); From 222fdf12f8c0ba5bb403225c3bcf4a0846b6cfbd Mon Sep 17 00:00:00 2001 From: Owen Salter Date: Mon, 13 Jul 2020 15:48:56 -0400 Subject: [PATCH 4/8] Apply suggestions from code review Co-authored-by: Cedric Hutchings --- src/middlewares.rs | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/middlewares.rs b/src/middlewares.rs index 4b7bb80..c2cbace 100644 --- a/src/middlewares.rs +++ b/src/middlewares.rs @@ -24,7 +24,11 @@ impl Middleware for VerifySignature { let (_, sig) = s.split_at(5); - let mut mac = Hmac::::new_varkey(String::as_bytes(env::var("SECERT_KEY").unwrap_or("changemepls"))); + let mut mac = Hmac::::new_varkey( + env::var("SECERT_KEY") + .expect("set SECRET_KEY environment variable") + .as_bytes() + ); @@ -32,9 +36,9 @@ impl Middleware for VerifySignature { req.read_to_string(&mut body) .map_err(ServiceError::InternalServerError)?; - mac.update(String::as_bytes(sig)); + mac.update(sig.as_bytes()); - mac.verify(String::as_bytes(body)); + mac.verify(body.as_bytes()); } } From 1726b03025bbdb4d430413143c7d6e6e02a2ca24 Mon Sep 17 00:00:00 2001 From: Owen Salter Date: Mon, 13 Jul 2020 15:51:04 -0400 Subject: [PATCH 5/8] Remove whitespace --- src/middlewares.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/middlewares.rs b/src/middlewares.rs index c2cbace..3e91de2 100644 --- a/src/middlewares.rs +++ b/src/middlewares.rs @@ -30,8 +30,6 @@ impl Middleware for VerifySignature { .as_bytes() ); - - let mut body = String::new(); req.read_to_string(&mut body) .map_err(ServiceError::InternalServerError)?; From 961d83e6188c0d5606f1d8aaf7c91ec94e3f1f2d Mon Sep 17 00:00:00 2001 From: Owen Salter Date: Mon, 13 Jul 2020 15:51:18 -0400 Subject: [PATCH 6/8] fmt --- src/main.rs | 2 +- src/middlewares.rs | 14 ++++++-------- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/src/main.rs b/src/main.rs index ea9da6d..e04d591 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,9 +1,9 @@ use actix_web::{get, web, App, HttpRequest, HttpResponse, HttpServer}; pub mod data; +pub mod middlewares; pub mod models; pub mod routes; -pub mod middlewares; #[get("/user/{id}")] async fn get_user(_req: HttpRequest) -> HttpResponse { diff --git a/src/middlewares.rs b/src/middlewares.rs index 3e91de2..5865cd2 100644 --- a/src/middlewares.rs +++ b/src/middlewares.rs @@ -1,22 +1,21 @@ -use actix_web::HttpRequest; use actix_web::middleware::{Middleware, Started}; -use hcor::errors::ServiceError; +use actix_web::HttpRequest; use actix_web::Result; +use hcor::errors::ServiceError; use std::env; use hmac::{Hmac, Mac, NewMac}; use sha2::Sha256; - - pub struct VerifySignature; -impl Middleware for VerifySignature { +impl Middleware for VerifySignature { fn start(&self, req: &mut HttpRequest) -> Result { use std::io::Read; let r = req.clone(); - let s = r.headers() + let s = r + .headers() .get("X-Signature") .ok_or(ServiceError::Unauthorized)? .to_str() @@ -27,7 +26,7 @@ impl Middleware for VerifySignature { let mut mac = Hmac::::new_varkey( env::var("SECERT_KEY") .expect("set SECRET_KEY environment variable") - .as_bytes() + .as_bytes(), ); let mut body = String::new(); @@ -37,6 +36,5 @@ impl Middleware for VerifySignature { mac.update(sig.as_bytes()); mac.verify(body.as_bytes()); - } } From e42d71d8e13d5a77ef85170b62e5bcefd8d70f1f Mon Sep 17 00:00:00 2001 From: Owen Salter Date: Mon, 13 Jul 2020 17:44:55 -0400 Subject: [PATCH 7/8] Apply suggestions from code review Co-authored-by: Cedric Hutchings --- src/middlewares.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/middlewares.rs b/src/middlewares.rs index 5865cd2..20efca9 100644 --- a/src/middlewares.rs +++ b/src/middlewares.rs @@ -1,6 +1,6 @@ use actix_web::middleware::{Middleware, Started}; use actix_web::HttpRequest; -use actix_web::Result; +use actix_web::{middleware::{Middleware, Started}, HttpRequest, Result}; use hcor::errors::ServiceError; use std::env; From d5b63f94af6c2d1770d497e91cdbaeb8a9926391 Mon Sep 17 00:00:00 2001 From: Cedric Hutchings Date: Tue, 14 Jul 2020 16:42:02 -0400 Subject: [PATCH 8/8] Remove redundant imports from a bad suggestion In my suggestion, I failed to specify that a line was taking the place of three separate lines, not just the one highlighted. --- src/middlewares.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/middlewares.rs b/src/middlewares.rs index 20efca9..31d6e9c 100644 --- a/src/middlewares.rs +++ b/src/middlewares.rs @@ -1,5 +1,3 @@ -use actix_web::middleware::{Middleware, Started}; -use actix_web::HttpRequest; use actix_web::{middleware::{Middleware, Started}, HttpRequest, Result}; use hcor::errors::ServiceError; use std::env;