-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp.rs
More file actions
122 lines (114 loc) · 3.82 KB
/
app.rs
File metadata and controls
122 lines (114 loc) · 3.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
use beam_lib::reqwest::{self, Response, StatusCode};
use serde_json::{json, Value};
use shared::OIDCConfig;
use std::i64;
use tracing::{debug, info};
use crate::CLIENT;
use super::{client_type, provider::{compare_provider, get_provider_id}, AuthentikConfig};
pub fn generate_app_values(provider: i64, client_id: &str) -> Value {
json!({
"name": client_id,
"slug": client_id,
"provider": provider,
"group": client_id.split('-').next().expect("group name does not contain - ")
})
}
pub async fn generate_application(
provider: i64,
client_id: &str,
conf: &AuthentikConfig,
) -> reqwest::Result<Response> {
let app_value = generate_app_values(provider, client_id);
debug!("{:#?}", app_value);
CLIENT
.post(
conf.authentik_url
.join("api/v3/core/applications/")
.expect("Error parsing app url"),
)
.bearer_auth(&conf.authentik_service_api_key)
.json(&app_value)
.send()
.await
}
pub async fn check_app_result(
client_id: &str,
provider_pk: i64,
conf: &AuthentikConfig,
) -> anyhow::Result<bool> {
let res = generate_application(provider_pk, client_id, conf).await?;
match res.status() {
StatusCode::CREATED => {
info!("Application for {client_id} created.");
Ok(true)
}
StatusCode::BAD_REQUEST => {
let conflicting_client = get_application(client_id, conf).await?;
if app_configs_match(
&conflicting_client,
&generate_app_values(provider_pk, client_id),
) {
info!("Application {client_id} exists.");
Ok(true)
} else {
info!("Application for {client_id} is updated.");
Ok(CLIENT
.put(
conf.authentik_url.join("api/v3/core/applicaions/")?.join(
conflicting_client
.get("name")
.and_then(Value::as_str)
.expect("No valid client"),
)?,
)
.bearer_auth(&conf.authentik_service_api_key)
.json(&generate_app_values(provider_pk, client_id))
.send()
.await?
.status()
.is_success())
}
}
s => anyhow::bail!("Unexpected statuscode {s} while creating authentik client. {res:?}"),
}
}
pub async fn get_application(
client_id: &str,
conf: &AuthentikConfig,
) -> reqwest::Result<serde_json::Value> {
CLIENT
.get(
conf.authentik_url
.join(&format!("api/v3/core/applications/{client_id}/"))
.expect("Error parsing app url"),
)
.bearer_auth(&conf.authentik_service_api_key)
.send()
.await?
.json()
.await
}
// used only from validate in config
pub async fn compare_app_provider(
name: &str,
oidc_client_config: &OIDCConfig,
secret: &str,
conf: &AuthentikConfig,
) -> anyhow::Result<bool> {
let client_id = client_type(oidc_client_config, name);
let provider_pk = get_provider_id(&client_id, conf).await;
match provider_pk {
Some(pr_id) => {
let app_res = get_application(&client_id, conf).await?;
if app_configs_match(&app_res, &generate_app_values(pr_id, &client_id)) {
compare_provider(&client_id, oidc_client_config, conf, secret).await
} else {
Ok(false)
}
}
None => Ok(false),
}
}
pub fn app_configs_match(a: &Value, b: &Value) -> bool {
a.get("name") == b.get("name") && a["group"] == b["group"] && a["provider"] == b["provider"]
}