From c630a3d95fcba117eeeeb03a0c656ef26bea3072 Mon Sep 17 00:00:00 2001
From: mia <mia@mia.jetzt>
Date: Fri, 3 May 2024 18:25:03 -0700
Subject: refactor scope access endpoints

---
 src/server/falx.rs | 88 ------------------------------------------------------
 1 file changed, 88 deletions(-)
 delete mode 100644 src/server/falx.rs

(limited to 'src/server/falx.rs')

diff --git a/src/server/falx.rs b/src/server/falx.rs
deleted file mode 100644
index 9783cef..0000000
--- a/src/server/falx.rs
+++ /dev/null
@@ -1,88 +0,0 @@
-use std::time::SystemTime;
-
-use axum::{
-    body::Body,
-    extract::{Path, State},
-    http::{HeaderMap, StatusCode, Uri},
-    response::{IntoResponse, Response},
-    routing::get,
-    Router,
-};
-use axum_extra::extract::CookieJar;
-
-use crate::server::store::Store;
-
-use super::{ApiState, Handoffs};
-
-pub fn bind(app: Router<ApiState>) -> Router<ApiState> {
-    app.route("/check/:token/:scope", get(check_))
-        .route("/handoff", get(handoff))
-}
-
-#[axum::debug_handler(state = ApiState)]
-async fn check_(
-    Path((token, scope)): Path<(String, String)>,
-    State(store): State<Store>,
-) -> Response {
-    let Some((name, _)) = store.check_token(&token).await else {
-        return StatusCode::UNAUTHORIZED.into_response();
-    };
-    let Some(account) = store.get_account(&name).await else {
-        return StatusCode::UNAUTHORIZED.into_response();
-    };
-    if account.scopes.contains(&scope) {
-        StatusCode::OK.into_response()
-    } else {
-        StatusCode::FORBIDDEN.into_response()
-    }
-}
-
-#[axum::debug_handler(state = ApiState)]
-async fn handoff(
-    jar: CookieJar,
-    State(Handoffs(handoffs)): State<Handoffs>,
-    State(store): State<Store>,
-    headers: HeaderMap,
-) -> Response {
-    let Some(origin_header) = headers.get("Origin") else {
-        return (StatusCode::BAD_REQUEST, "Missing Origin header").into_response();
-    };
-    let Some(origin) = origin_header
-        .to_str()
-        .ok()
-        .and_then(|origin| origin.parse::<Uri>().ok())
-        .and_then(|origin| origin.host().map(ToString::to_string))
-    else {
-        return (StatusCode::BAD_REQUEST, "Malformed Origin header").into_response();
-    };
-    if !handoffs.contains(&origin) {
-        return (StatusCode::FORBIDDEN, "Origin not registered for handoff").into_response();
-    }
-
-    let builder = Response::builder()
-        .header("Access-Control-Allow-Credentials", "true")
-        .header("Access-Control-Allow-Origin", origin_header);
-
-    if let Some(token) = jar.get("dissociate-token") {
-        if let Some((_, expires)) = store.check_token(token.value()).await {
-            let expires_in = expires
-                .duration_since(SystemTime::now())
-                .unwrap_or_default()
-                .as_secs();
-
-            return builder
-                .status(StatusCode::OK)
-                .body(Body::from(format!(
-                    r#"{{"token":"{}","expiresIn":{}}}"#,
-                    token.value().to_string(),
-                    expires_in,
-                )))
-                .unwrap();
-        }
-    }
-
-    builder
-        .status(StatusCode::UNAUTHORIZED)
-        .body(Body::empty())
-        .unwrap()
-}
-- 
cgit 1.4.1