From 578e37324cde85af09d0b946f576bc49054d7e8f Mon Sep 17 00:00:00 2001 From: ad hoc Date: Tue, 26 Sep 2023 19:00:21 +0200 Subject: [PATCH] auth dump route (#707) --- sqld/src/auth.rs | 10 +++++++++- sqld/src/http/user/dump.rs | 8 +++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/sqld/src/auth.rs b/sqld/src/auth.rs index 4eaff962..e190c17b 100644 --- a/sqld/src/auth.rs +++ b/sqld/src/auth.rs @@ -219,7 +219,7 @@ impl Authenticated { pub fn is_namespace_authorized(&self, namespace: &NamespaceName) -> bool { match self { - Authenticated::Anonymous => true, + Authenticated::Anonymous => false, Authenticated::Authorized(Authorized { namespace: Some(ns), .. @@ -230,6 +230,14 @@ impl Authenticated { }) => true, } } + + /// Returns `true` if the authenticated is [`Anonymous`]. + /// + /// [`Anonymous`]: Authenticated::Anonymous + #[must_use] + pub fn is_anonymous(&self) -> bool { + matches!(self, Self::Anonymous) + } } #[derive(Debug)] diff --git a/sqld/src/http/user/dump.rs b/sqld/src/http/user/dump.rs index 50d4e1f7..be58ee9c 100644 --- a/sqld/src/http/user/dump.rs +++ b/sqld/src/http/user/dump.rs @@ -7,6 +7,7 @@ use futures::StreamExt; use hyper::HeaderMap; use pin_project_lite::pin_project; +use crate::auth::Authenticated; use crate::connection::dump::exporter::export_dump; use crate::error::Error; use crate::namespace::MakeNamespace; @@ -72,9 +73,10 @@ where } pub(super) async fn handle_dump( + auth: Authenticated, AxumState(state): AxumState>, headers: HeaderMap, -) -> Result>>, Error> +) -> crate::Result>>> { let namespace = namespace_from_headers( &headers, @@ -82,6 +84,10 @@ pub(super) async fn handle_dump( state.disable_namespaces, )?; + if !auth.is_namespace_authorized(&namespace) | auth.is_anonymous() { + return Err(Error::NamespaceDoesntExist(namespace.to_string())); + } + let db_path = state.path.join("dbs").join(namespace.as_str()).join("data"); let connection = rusqlite::Connection::open(db_path)?;