implement external authentication

2025-09-26 20:37:09 +03:00 · 2025-09-26 20:37:09 +03:00 · 6e4aed3ce9
commit 6e4aed3ce9
parent fe04530f84
10 changed files with 160 additions and 13 deletions
--- a/http/src/client/users.rs
+++ b/http/src/client/users.rs
@ -2,7 +2,9 @@ use super::*;

 use eva::str::format_compact;

-use viendesu_core::requests::users::{check_auth, confirm_sign_up, get, sign_in, sign_up, update};
+use viendesu_core::requests::users::{
+    begin_auth, check_auth, confirm_sign_up, finish_auth, get, sign_in, sign_up, update,
+};

 use crate::requests::users as requests;

@ -24,6 +26,25 @@ impl UsersRef for Hidden<'_> {
 }

 impl UsersMut for Hidden<'_> {
+    fn begin_auth(
+        &mut self,
+    ) -> impl CallStep<begin_auth::Args, Ok = begin_auth::Ok, Err = begin_auth::Err> {
+        self.do_call(Method::POST, |begin_auth::Args { method }| {
+            ("/users/begin-auth".into(), requests::BeginAuth { method })
+        })
+    }
+
+    fn finish_auth(
+        &mut self,
+    ) -> impl CallStep<finish_auth::Args, Ok = finish_auth::Ok, Err = finish_auth::Err> {
+        self.do_call(Method::POST, |finish_auth::Args { auth_session }| {
+            (
+                format_compact!("/users/finish-auth/{auth_session}"),
+                requests::FinishAuth {},
+            )
+        })
+    }
+
    fn confirm_sign_up(
        &mut self,
    ) -> impl CallStep<confirm_sign_up::Args, Ok = confirm_sign_up::Ok, Err = confirm_sign_up::Err>
--- a/http/src/requests/users.rs
+++ b/http/src/requests/users.rs
@ -8,6 +8,22 @@ use viendesu_core::{

 use super::status_code;

+#[data]
+pub struct BeginAuth {
+    pub method: core::AuthoredAuth,
+}
+
+impl_req!(BeginAuth => [reqs::begin_auth::Ok; reqs::begin_auth::Err]);
+status_code::direct!(reqs::begin_auth::Ok => OK);
+status_code::map!(reqs::begin_auth::Err => []);
+
+#[data]
+pub struct FinishAuth {}
+
+impl_req!(FinishAuth => [reqs::finish_auth::Ok; reqs::finish_auth::Err]);
+status_code::direct!(reqs::finish_auth::Ok => OK);
+status_code::map!(reqs::finish_auth::Err => [NoSuchAuthSession]);
+
 #[data]
 pub struct CheckAuth {}

@ -99,4 +115,5 @@ const _: () = {
    direct!(AlreadyTaken => BAD_REQUEST);
    direct!(NotFoundOrCompleted => BAD_REQUEST);
    direct!(InvalidSignUpToken => BAD_REQUEST);
+    direct!(NoSuchAuthSession => NOT_FOUND);
 };
--- a/http/src/server/mod.rs
+++ b/http/src/server/mod.rs
@ -21,14 +21,13 @@ pub trait Types: Send + Sync + 'static {
    type Service: Service + Clone;
 }

-pub async fn serve(
-    rx: SlaveRx,
-    config: config::Config,
-    router: axum::Router,
-) -> eyre::Result<()> {
+pub async fn serve(rx: SlaveRx, config: config::Config, router: axum::Router) -> eyre::Result<()> {
    // TODO: use it.
    _ = rx;
-    let config::Config { unencrypted, ssl: _ } = config;
+    let config::Config {
+        unencrypted,
+        ssl: _,
+    } = config;
    let unencrypted = unencrypted.expect("SSL-only currently is not supported");

    if !unencrypted.enable {
--- a/http/src/server/routes.rs
+++ b/http/src/server/routes.rs
@ -27,9 +27,11 @@ pub fn make<T: Types>(router: RouterScope<T>) -> RouterScope<T> {
 // == Routes ==

 fn users<T: Types>(router: RouterScope<T>) -> RouterScope<T> {
-    use crate::requests::users::{CheckAuth, ConfirmSignUp, Get, SignIn, SignUp, Update};
+    use crate::requests::users::{
+        BeginAuth, CheckAuth, ConfirmSignUp, FinishAuth, Get, SignIn, SignUp, Update,
+    };
    use viendesu_core::requests::users::{
-        check_auth, confirm_sign_up, get, sign_in, sign_up, update,
+        begin_auth, check_auth, confirm_sign_up, finish_auth, get, sign_in, sign_up, update,
    };

    fn convert_update(u: Update) -> update::Update {
@ -59,7 +61,32 @@ fn users<T: Types>(router: RouterScope<T>) -> RouterScope<T> {
            }),
        )
        .route(
-            "/check_auth",
+            "/begin-auth",
+            post(async |mut session: SessionOf<T>, ctx: Ctx<BeginAuth>| {
+                session
+                    .users_mut()
+                    .begin_auth()
+                    .call(begin_auth::Args {
+                        method: ctx.request.method,
+                    })
+                    .await
+            }),
+        )
+        .route(
+            "/finish-auth/{authsessid}",
+            post(
+                async |mut session: SessionOf<T>, mut ctx: Ctx<FinishAuth>| {
+                    let auth_session: user::AuthSessionId = ctx.path().await?;
+                    session
+                        .users_mut()
+                        .finish_auth()
+                        .call(finish_auth::Args { auth_session })
+                        .await
+                },
+            ),
+        )
+        .route(
+            "/check-auth",
            get(async |mut session: SessionOf<T>, _ctx: Ctx<CheckAuth>| {
                session.users().check_auth().call(check_auth::Args {}).await
            }),