Merge pull request #111 from aerys/feature/add-sas-auth

Add support for SAS token based authentication (#110).

Author: MindFlavor

src/azure/storage/client.rs

@@ -46,6 +46,7 @@ pub trait Container {
 pub struct Client {
     account: String,
     key: String,
+    sas_token: Option<Vec<(String, String)>>,
     hc: hyper::Client<hyper_tls::HttpsConnector<hyper::client::HttpConnector>>,
     blob_uri: String,
     table_uri: String,
@@ -176,12 +177,34 @@ impl Client {
         Client::azure(account, key)
     }
 
+    pub fn azure_sas(account: &str, sas_token: &str) -> Result<Client, AzureError> {
+        let client = hyper::Client::builder().build(hyper_tls::HttpsConnector::new(4)?);
+        let params: Vec<(String, String)> = Url::options()
+            // Any base url will do: we just need to parse the SAS token
+            // to get its query pairs.
+            .base_url(Some(&Url::parse("https://blob.core.windows.net").unwrap()))
+            .parse(sas_token).unwrap()
+            .query_pairs()
+            .map(|p| (String::from(p.0), String::from(p.1)))
+            .collect();
+
+        Ok(Client {
+            account: account.to_owned(),
+            key: String::new(),
+            sas_token: Some(params),
+            hc: client,
+            blob_uri: format!("https://{}.blob.core.windows.net", account),
+            table_uri: format!("https://{}.table.core.windows.net", account),
+        })
+    }
+
     pub fn azure(account: &str, key: &str) -> Result<Client, AzureError> {
         let client = hyper::Client::builder().build(hyper_tls::HttpsConnector::new(4)?);
 
         Ok(Client {
             account: account.to_owned(),
             key: key.to_owned(),
+            sas_token: None,
             hc: client,
             blob_uri: format!("https://{}.blob.core.windows.net", account),
             table_uri: format!("https://{}.table.core.windows.net", account),
@@ -199,6 +222,7 @@ impl Client {
         Ok(Client {
             account: "devstoreaccount1".to_owned(),
             key: "Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==".to_owned(),
+            sas_token: None,
             hc: client,
             blob_uri,
             table_uri,
@@ -223,6 +247,13 @@ impl Client {
         &self.table_uri
     }
 
+    fn add_sas_token_to_uri(&self, uri: &str) -> String {
+        match &self.sas_token {
+            Some(token) => Url::parse_with_params(uri, token).unwrap().to_string(),
+            None => String::from(uri),
+        }
+    }
+
     pub(crate) fn perform_request<F>(
         &self,
         uri: &str,
@@ -233,7 +264,9 @@ impl Client {
     where
         F: FnOnce(&mut ::http::request::Builder),
     {
-        perform_request(&self.hc, uri, method, &self.key, headers_func, request_body, ServiceType::Blob)
+        let uri = self.add_sas_token_to_uri(uri);
+
+        perform_request(&self.hc, &uri, method, &self.key, headers_func, request_body, ServiceType::Blob)
     }
 
     pub(crate) fn perform_table_request<F>(
@@ -247,9 +280,14 @@ impl Client {
         F: FnOnce(&mut ::http::request::Builder),
     {
         debug!("segment: {}, method: {:?}", segment, method,);
+
+        let uri = self.add_sas_token_to_uri(
+            (self.get_uri_prefix(ServiceType::Table) + segment).as_str()
+        );
+
         perform_request(
             &self.hc,
-            (self.get_uri_prefix(ServiceType::Table) + segment).as_str(),
+            &uri,
             method,
             &self.key,
             headers_func,

src/azure/storage/rest_client.rs

@@ -274,8 +274,12 @@ where
     let b = request_body.map(|v| Vec::from(v).into()).unwrap_or_else(hyper::Body::empty);
     let mut request = request.body(b)?;
 
-    let auth = generate_authorization(request.headers(), &url, http_method, azure_key, service_type);
-    request.headers_mut().insert(header::AUTHORIZATION, format_header_value(auth)?);
+    // We sign the request only if it is not already signed (with the signature of an
+    // SAS token for example)
+    if url.query_pairs().find(|p| p.0 == "sig").is_none() {
+        let auth = generate_authorization(request.headers(), &url, http_method, azure_key, service_type);
+        request.headers_mut().insert(header::AUTHORIZATION, format_header_value(auth)?);
+    }
 
     Ok(client.request(request))
 }