From 60964c07e6d178ae632d821e5698eee681f3d3c7 Mon Sep 17 00:00:00 2001 From: Daniel GarcĂ­a Date: Mon, 3 Jul 2023 19:58:14 +0200 Subject: Add some extra access checks for attachments and groups --- src/auth.rs | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'src/auth.rs') diff --git a/src/auth.rs b/src/auth.rs index 6b01a4d4..6879bb6e 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -24,6 +24,7 @@ static JWT_VERIFYEMAIL_ISSUER: Lazy = Lazy::new(|| format!("{}|verifyema static JWT_ADMIN_ISSUER: Lazy = Lazy::new(|| format!("{}|admin", CONFIG.domain_origin())); static JWT_SEND_ISSUER: Lazy = Lazy::new(|| format!("{}|send", CONFIG.domain_origin())); static JWT_ORG_API_KEY_ISSUER: Lazy = Lazy::new(|| format!("{}|api.organization", CONFIG.domain_origin())); +static JWT_FILE_DOWNLOAD_ISSUER: Lazy = Lazy::new(|| format!("{}|file_download", CONFIG.domain_origin())); static PRIVATE_RSA_KEY: Lazy = Lazy::new(|| { let key = @@ -98,6 +99,10 @@ pub fn decode_api_org(token: &str) -> Result { decode_jwt(token, JWT_ORG_API_KEY_ISSUER.to_string()) } +pub fn decode_file_download(token: &str) -> Result { + decode_jwt(token, JWT_FILE_DOWNLOAD_ISSUER.to_string()) +} + #[derive(Debug, Serialize, Deserialize)] pub struct LoginJwtClaims { // Not before @@ -234,6 +239,31 @@ pub fn generate_organization_api_key_login_claims(uuid: String, org_id: String) } } +#[derive(Debug, Serialize, Deserialize)] +pub struct FileDownloadClaims { + // Not before + pub nbf: i64, + // Expiration time + pub exp: i64, + // Issuer + pub iss: String, + // Subject + pub sub: String, + + pub file_id: String, +} + +pub fn generate_file_download_claims(uuid: String, file_id: String) -> FileDownloadClaims { + let time_now = Utc::now().naive_utc(); + FileDownloadClaims { + nbf: time_now.timestamp(), + exp: (time_now + Duration::minutes(5)).timestamp(), + iss: JWT_FILE_DOWNLOAD_ISSUER.to_string(), + sub: uuid, + file_id, + } +} + #[derive(Debug, Serialize, Deserialize)] pub struct BasicJwtClaims { // Not before -- cgit v1.2.3