Split CI badges into backend and frontend

myOmikron · Apr 18, 2024 · cb9c1a2 · cb9c1a2
1 parent 2e248cb
commit cb9c1a2
Show file tree

Hide file tree

Showing 9 changed files with 109 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -4,9 +4,10 @@
 
 # :octopus: The kraken-project :octopus:
 
-[![LICENSE](https://img.shields.io/github/license/myOmikron/kraken-project?color=blue)](LICENSE) 
+[![LICENSE](https://img.shields.io/github/license/myOmikron/kraken-project?color=blue)](LICENSE)
 [![dependency status](https://deps.rs/repo/github/myOmikron/kraken-project/status.svg)](https://deps.rs/repo/github/myOmikron/kraken-project)
-[![ci status](https://img.shields.io/github/actions/workflow/status/myOmikron/kraken-project/linux.yml?label=CI)](https://github.com/myOmikron/kraken-project/actions/workflows/linux.yml)
+[![backend ci](https://img.shields.io/github/actions/workflow/status/myOmikron/kraken-project/linux.yml?label=Backend)](https://github.com/myOmikron/kraken-project/actions/workflows/linux.yml)
+[![frontend ci](https://img.shields.io/github/actions/workflow/status/myOmikron/kraken-project/frontend.yml?label=Frontend)](https://github.com/myOmikron/kraken-project/actions/workflows/frontend.yml)
 
 The aim of this project is to create a fast, scalable pentesting platform.
 

diff --git a/kraken/src/api/middleware/token_required.rs b/kraken/src/api/middleware/token_required.rs
@@ -0,0 +1,105 @@
+use std::future::ready;
+use std::future::Ready;
+
+use actix_toolbox::tb_middleware::actix_session::SessionExt;
+use actix_web::dev::forward_ready;
+use actix_web::dev::Service;
+use actix_web::dev::ServiceRequest;
+use actix_web::dev::ServiceResponse;
+use actix_web::dev::Transform;
+use futures::future::LocalBoxFuture;
+use rorm::query;
+use rorm::FieldAccess;
+use rorm::Model;
+use uuid::Uuid;
+
+use crate::api::handler::common::error::ApiError;
+use crate::chan::global::GLOBAL;
+use crate::models::LocalUserKey;
+use crate::models::User;
+use crate::models::UserPermission;
+
+pub(crate) struct TokenRequired;
+
+impl<S, B> Transform<S, ServiceRequest> for TokenRequired
+where
+    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = actix_web::Error>,
+    S::Future: 'static,
+    B: 'static,
+{
+    type Response = ServiceResponse<B>;
+    type Error = actix_web::Error;
+    type Transform = TokenRequiredMiddleware<S>;
+    type InitError = ();
+    type Future = Ready<Result<Self::Transform, Self::InitError>>;
+
+    fn new_transform(&self, service: S) -> Self::Future {
+        ready(Ok(TokenRequiredMiddleware { service }))
+    }
+}
+
+pub(crate) struct TokenRequiredMiddleware<S> {
+    service: S,
+}
+
+impl<S, B> Service<ServiceRequest> for TokenRequiredMiddleware<S>
+where
+    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = actix_web::Error>,
+    S::Future: 'static,
+    B: 'static,
+{
+    type Response = ServiceResponse<B>;
+    type Error = actix_web::Error;
+    type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;
+
+    forward_ready!(service);
+
+    fn call(&self, req: ServiceRequest) -> Self::Future {
+        req.headers().get("Authorization").ok_or()?;
+
+        let session = req.get_session();
+
+        let logged_in = session
+            .get("logged_in")
+            .map(|logged_in_maybe| logged_in_maybe.map_or(false, |v| v));
+
+        let second_factor = session
+            .get("2fa")
+            .map(|sec_fac| sec_fac.map_or(false, |v| v));
+
+        let uuid = session.get("uuid");
+
+        let next = self.service.call(req);
+        Box::pin(async move {
+            if !logged_in.map_err(ApiError::SessionGet)? {
+                return Err(ApiError::Unauthenticated.into());
+            }
+
+            let uuid: Uuid = uuid
+                .map_err(ApiError::SessionGet)?
+                .ok_or(ApiError::SessionCorrupt)?;
+
+            let second_factor_required = query!(&GLOBAL.db, (LocalUserKey::F.uuid,))
+                .condition(LocalUserKey::F.user.equals(uuid))
+                .optional()
+                .await
+                .map_err(ApiError::DatabaseError)?;
+
+            if second_factor_required.is_some() && !second_factor.map_err(ApiError::SessionGet)? {
+                return Err(ApiError::Missing2FA.into());
+            }
+
+            let (permission,) = query!(&GLOBAL.db, (User::F.permission,))
+                .condition(User::F.uuid.equals(uuid))
+                .optional()
+                .await
+                .map_err(ApiError::DatabaseError)?
+                .ok_or(ApiError::SessionCorrupt)?;
+
+            match permission {
+                UserPermission::Admin => next.await,
+                _ => Err(ApiError::MissingPrivileges.into()),
+            }
+        })
+    }
+}
diff --git a/kraken/src/api/service/common/mod.rs b/kraken/src/api/service/common/mod.rs
@@ -0,0 +1 @@
+//! Error rela
diff --git a/kraken/src/api/service/common/schema.rs b/kraken/src/api/service/common/schema.rs
diff --git a/kraken/src/api/service/mod.rs b/kraken/src/api/service/mod.rs
diff --git a/kraken/src/api/service/workspace/handler.rs b/kraken/src/api/service/workspace/handler.rs
diff --git a/kraken/src/api/service/workspace/mod.rs b/kraken/src/api/service/workspace/mod.rs
diff --git a/kraken/src/api/service/workspace/schema.rs b/kraken/src/api/service/workspace/schema.rs
diff --git a/kraken/src/models/bearer/mod.rs b/kraken/src/models/bearer/mod.rs