Merge pull request #336 from umccr/feat/generalized-auth

feat: generalized auth

Author: mmalenic

Cargo.lock

@@ -1,11 +1,13 @@
 use std::collections::HashMap;
 
+use actix_web::web::ReqData;
 use actix_web::{
   HttpRequest, Responder,
   web::{Data, Path, Query},
 };
 use htsget_http::{Endpoint, get};
 use htsget_search::HtsGet;
+use serde_json::Value;
 use tracing::info;
 use tracing::instrument;
 
@@ -19,6 +21,7 @@ pub async fn reads<H: HtsGet + Clone + Send + Sync + 'static>(
   request: Query<HashMap<String, String>>,
   path: Path<String>,
   http_request: HttpRequest,
+  extension: Option<ReqData<Value>>,
   app_state: Data<AppState<H>>,
 ) -> impl Responder {
   let request = extract_request(request, path, http_request);
@@ -31,6 +34,7 @@ pub async fn reads<H: HtsGet + Clone + Send + Sync + 'static>(
       request,
       Endpoint::Reads,
       app_state.auth.clone(),
+      extension.map(|extension| extension.into_inner()),
     )
     .await,
   )
@@ -42,6 +46,7 @@ pub async fn variants<H: HtsGet + Clone + Send + Sync + 'static>(
   request: Query<HashMap<String, String>>,
   path: Path<String>,
   http_request: HttpRequest,
+  extension: Option<ReqData<Value>>,
   app_state: Data<AppState<H>>,
 ) -> impl Responder {
   let request = extract_request(request, path, http_request);
@@ -54,6 +59,7 @@ pub async fn variants<H: HtsGet + Clone + Send + Sync + 'static>(
       request,
       Endpoint::Variants,
       app_state.auth.clone(),
+      extension.map(|extension| extension.into_inner()),
     )
     .await,
   )

htsget-actix/src/handlers/get.rs

@@ -1,12 +1,13 @@
 use std::collections::HashMap;
 
-use actix_web::web::Query;
+use actix_web::web::{Query, ReqData};
 use actix_web::{
   HttpRequest, Responder,
   web::{Data, Json, Path},
 };
 use htsget_http::{Endpoint, PostRequest, post};
 use htsget_search::HtsGet;
+use serde_json::Value;
 use tracing::info;
 use tracing::instrument;
 
@@ -19,6 +20,7 @@ pub async fn reads<H: HtsGet + Clone + Send + Sync + 'static>(
   request: Query<HashMap<String, String>>,
   path: Path<String>,
   http_request: HttpRequest,
+  extension: Option<ReqData<Value>>,
   body: Json<PostRequest>,
   app_state: Data<AppState<H>>,
 ) -> impl Responder {
@@ -33,6 +35,7 @@ pub async fn reads<H: HtsGet + Clone + Send + Sync + 'static>(
       request,
       Endpoint::Reads,
       app_state.auth.clone(),
+      extension.map(|extension| extension.into_inner()),
     )
     .await,
   )
@@ -44,6 +47,7 @@ pub async fn variants<H: HtsGet + Clone + Send + Sync + 'static>(
   request: Query<HashMap<String, String>>,
   path: Path<String>,
   http_request: HttpRequest,
+  extension: Option<ReqData<Value>>,
   body: Json<PostRequest>,
   app_state: Data<AppState<H>>,
 ) -> impl Responder {
@@ -58,6 +62,7 @@ pub async fn variants<H: HtsGet + Clone + Send + Sync + 'static>(
       request,
       Endpoint::Variants,
       app_state.auth.clone(),
+      extension.map(|extension| extension.into_inner()),
     )
     .await,
   )

htsget-actix/src/handlers/post.rs

@@ -186,8 +186,11 @@ mod tests {
   use actix_web::dev::ServiceResponse;
   use actix_web::{App, test, web};
   use async_trait::async_trait;
-  use htsget_test::http::auth::create_test_auth_config;
+  use htsget_test::http::auth::{
+    create_test_auth_config, mock_id_test, mock_prefix_test, mock_regex_test,
+  };
   use rustls::crypto::aws_lc_rs;
+  use serde_json::Value;
   use tempfile::TempDir;
 
   use crate::Config;
@@ -321,8 +324,8 @@ mod tests {
       }
     }
 
-    async fn new_with_auth(public_key: Vec<u8>, suppressed: bool) -> Self {
-      let mock_server = MockAuthServer::new().await;
+    async fn new_with_auth(public_key: Vec<u8>, suppressed: bool, mock_location: Value) -> Self {
+      let mock_server = MockAuthServer::new(mock_location).await;
       let auth_config = create_test_auth_config(&mock_server, public_key, suppressed);
       let auth = AuthBuilder::default()
         .with_config(auth_config.clone())
@@ -437,16 +440,38 @@ mod tests {
   async fn test_auth_insufficient_permissions() {
     let (private_key, public_key) = generate_key_pair();
 
-    let server = ActixTestServer::new_with_auth(public_key, false).await;
+    let server = ActixTestServer::new_with_auth(public_key, false, mock_id_test()).await;
     auth::test_auth_insufficient_permissions::<JsonResponse, _>(&server, private_key).await;
   }
 
   #[actix_web::test]
-  async fn test_auth_succeeds() {
+  async fn test_auth_succeeds_id() {
+    let (private_key, public_key) = generate_key_pair();
+
+    auth::test_auth_succeeds::<JsonResponse, _>(
+      &ActixTestServer::new_with_auth(public_key, false, mock_id_test()).await,
+      private_key,
+    )
+    .await;
+  }
+
+  #[actix_web::test]
+  async fn test_auth_succeeds_prefix() {
+    let (private_key, public_key) = generate_key_pair();
+
+    auth::test_auth_succeeds::<JsonResponse, _>(
+      &ActixTestServer::new_with_auth(public_key, false, mock_prefix_test()).await,
+      private_key,
+    )
+    .await;
+  }
+
+  #[actix_web::test]
+  async fn test_auth_succeeds_regex() {
     let (private_key, public_key) = generate_key_pair();
 
     auth::test_auth_succeeds::<JsonResponse, _>(
-      &ActixTestServer::new_with_auth(public_key, false).await,
+      &ActixTestServer::new_with_auth(public_key, false, mock_regex_test()).await,
       private_key,
     )
     .await;
@@ -457,7 +482,7 @@ mod tests {
   async fn test_auth_insufficient_permissions_suppressed() {
     let (private_key, public_key) = generate_key_pair();
 
-    let server = ActixTestServer::new_with_auth(public_key, true).await;
+    let server = ActixTestServer::new_with_auth(public_key, true, mock_id_test()).await;
     auth::test_auth_insufficient_permissions::<JsonResponse, _>(&server, private_key).await;
   }
 
@@ -467,7 +492,7 @@ mod tests {
     let (private_key, public_key) = generate_key_pair();
 
     auth::test_auth_succeeds::<JsonResponse, _>(
-      &ActixTestServer::new_with_auth(public_key, true).await,
+      &ActixTestServer::new_with_auth(public_key, true, mock_id_test()).await,
       private_key,
     )
     .await;

htsget-actix/src/lib.rs

@@ -34,6 +34,7 @@ default = []
 
 [dependencies]
 # Axum server
+serde_json = "1"
 hyper = { version = "1", features = ["http1", "http2", "server"] }
 rustls = "0.23"
 hyper-util = "0.1"

htsget-axum/Cargo.toml

@@ -1,19 +1,21 @@
+use crate::server::AppState;
+use axum::Extension;
 use axum::extract::{Path, Query, State};
 use axum::response::IntoResponse;
 use htsget_http::{Endpoint, get};
 use htsget_search::HtsGet;
 use http::HeaderMap;
+use serde_json::Value;
 use std::collections::HashMap;
 
-use crate::server::AppState;
-
 use super::{extract_request, handle_response};
 
 /// GET request reads endpoint.
 pub async fn reads<H: HtsGet + Send + Sync + 'static>(
   query: Query<HashMap<String, String>>,
   path: Path<String>,
   headers: HeaderMap,
+  extension: Option<Extension<Value>>,
   State(app_state): State<AppState<H>>,
 ) -> impl IntoResponse {
   let request = extract_request(query, path, headers);
@@ -24,6 +26,7 @@ pub async fn reads<H: HtsGet + Send + Sync + 'static>(
       request,
       Endpoint::Reads,
       app_state.auth_middleware,
+      extension.map(|extension| extension.0),
     )
     .await,
   )
@@ -34,6 +37,7 @@ pub async fn variants<H: HtsGet + Send + Sync + 'static>(
   request: Query<HashMap<String, String>>,
   path: Path<String>,
   headers: HeaderMap,
+  extension: Option<Extension<Value>>,
   State(app_state): State<AppState<H>>,
 ) -> impl IntoResponse {
   let request = extract_request(request, path, headers);
@@ -44,6 +48,7 @@ pub async fn variants<H: HtsGet + Send + Sync + 'static>(
       request,
       Endpoint::Variants,
       app_state.auth_middleware,
+      extension.map(|extension| extension.0),
     )
     .await,
   )

htsget-axum/src/handlers/get.rs

@@ -1,20 +1,21 @@
-use axum::Json;
+use crate::server::AppState;
 use axum::extract::{Path, Query, State};
 use axum::response::IntoResponse;
+use axum::{Extension, Json};
 use htsget_http::{Endpoint, PostRequest, post};
 use htsget_search::HtsGet;
 use http::HeaderMap;
+use serde_json::Value;
 use std::collections::HashMap;
 
-use crate::server::AppState;
-
 use super::{extract_request, handle_response};
 
 /// POST request reads endpoint.
 pub async fn reads<H: HtsGet + Clone + Send + Sync + 'static>(
   request: Query<HashMap<String, String>>,
   path: Path<String>,
   headers: HeaderMap,
+  extension: Option<Extension<Value>>,
   State(app_state): State<AppState<H>>,
   Json(body): Json<PostRequest>,
 ) -> impl IntoResponse {
@@ -27,6 +28,7 @@ pub async fn reads<H: HtsGet + Clone + Send + Sync + 'static>(
       request,
       Endpoint::Reads,
       app_state.auth_middleware,
+      extension.map(|extension| extension.0),
     )
     .await,
   )
@@ -37,6 +39,7 @@ pub async fn variants<H: HtsGet + Clone + Send + Sync + 'static>(
   request: Query<HashMap<String, String>>,
   path: Path<String>,
   headers: HeaderMap,
+  extension: Option<Extension<Value>>,
   State(app_state): State<AppState<H>>,
   Json(body): Json<PostRequest>,
 ) -> impl IntoResponse {
@@ -49,6 +52,7 @@ pub async fn variants<H: HtsGet + Clone + Send + Sync + 'static>(
       request,
       Endpoint::Variants,
       app_state.auth_middleware,
+      extension.map(|extension| extension.0),
     )
     .await,
   )

htsget-axum/src/handlers/post.rs

@@ -1,3 +1,5 @@
+pub use axum::Router;
+
 pub mod error;
 pub mod handlers;
 pub mod middleware;

htsget-axum/src/lib.rs

@@ -50,9 +50,13 @@ impl DataServer {
     // The auth layer needs to be added first so that layers like the CorsLayer
     // can respond to `Options` requests first and without auth.
     router = if let Some(auth) = auth {
-      router.layer(AuthenticationLayer::from(
-        AuthBuilder::default().with_config(auth).build()?,
-      ))
+      if auth.auth_mode().is_some() {
+        router.layer(AuthenticationLayer::from(
+          AuthBuilder::default().with_config(auth).build()?,
+        ))
+      } else {
+        router
+      }
     } else {
       router
     };

htsget-axum/src/server/data.rs

@@ -151,7 +151,9 @@ mod tests {
   use htsget_config::config::Config;
   use htsget_config::storage::file::default_path;
   use htsget_config::types::JsonResponse;
-  use htsget_test::http::auth::{MockAuthServer, create_test_auth_config};
+  use htsget_test::http::auth::{
+    MockAuthServer, create_test_auth_config, mock_id_test, mock_prefix_test, mock_regex_test,
+  };
   use htsget_test::http::server::expected_url_path;
   use htsget_test::http::{
     Header, Response as TestResponse, TestRequest, TestServer, auth, config_with_tls, cors,
@@ -161,6 +163,7 @@ mod tests {
   use http::header::HeaderName;
   use http::{Method, Request};
   use rustls::crypto::aws_lc_rs;
+  use serde_json::Value;
   use tempfile::TempDir;
   use tower::ServiceExt;
 
@@ -264,8 +267,8 @@ mod tests {
       }
     }
 
-    async fn new_with_auth(public_key: Vec<u8>, suppressed: bool) -> Self {
-      let mock_server = MockAuthServer::new().await;
+    async fn new_with_auth(public_key: Vec<u8>, suppressed: bool, mock_location: Value) -> Self {
+      let mock_server = MockAuthServer::new(mock_location).await;
       let auth_config = create_test_auth_config(&mock_server, public_key, suppressed);
       let config = default_test_config(Some(auth_config));
 
@@ -374,16 +377,38 @@ mod tests {
   async fn test_auth_insufficient_permissions() {
     let (private_key, public_key) = generate_key_pair();
 
-    let server = AxumTestServer::new_with_auth(public_key, false).await;
+    let server = AxumTestServer::new_with_auth(public_key, false, mock_id_test()).await;
     auth::test_auth_insufficient_permissions::<JsonResponse, _>(&server, private_key).await;
   }
 
   #[tokio::test]
-  async fn test_auth_succeeds() {
+  async fn test_auth_succeeds_id() {
+    let (private_key, public_key) = generate_key_pair();
+
+    auth::test_auth_succeeds::<JsonResponse, _>(
+      &AxumTestServer::new_with_auth(public_key, false, mock_id_test()).await,
+      private_key,
+    )
+    .await;
+  }
+
+  #[tokio::test]
+  async fn test_auth_succeeds_prefix() {
+    let (private_key, public_key) = generate_key_pair();
+
+    auth::test_auth_succeeds::<JsonResponse, _>(
+      &AxumTestServer::new_with_auth(public_key, false, mock_prefix_test()).await,
+      private_key,
+    )
+    .await;
+  }
+
+  #[tokio::test]
+  async fn test_auth_succeeds_regex() {
     let (private_key, public_key) = generate_key_pair();
 
     auth::test_auth_succeeds::<JsonResponse, _>(
-      &AxumTestServer::new_with_auth(public_key, false).await,
+      &AxumTestServer::new_with_auth(public_key, false, mock_regex_test()).await,
       private_key,
     )
     .await;
@@ -394,7 +419,7 @@ mod tests {
   async fn test_auth_insufficient_permissions_suppressed() {
     let (private_key, public_key) = generate_key_pair();
 
-    let server = AxumTestServer::new_with_auth(public_key, true).await;
+    let server = AxumTestServer::new_with_auth(public_key, true, mock_id_test()).await;
     auth::test_auth_insufficient_permissions::<JsonResponse, _>(&server, private_key).await;
   }
 
@@ -404,7 +429,7 @@ mod tests {
     let (private_key, public_key) = generate_key_pair();
 
     auth::test_auth_succeeds::<JsonResponse, _>(
-      &AxumTestServer::new_with_auth(public_key, true).await,
+      &AxumTestServer::new_with_auth(public_key, true, mock_id_test()).await,
       private_key,
     )
     .await;