Caps-Server/Sources/App/Authenticator.swift

import Foundation
import Clairvoyant
import Vapor

final class Authenticator: MetricAccessManager {

    private var writers: Set<String>

    init(writers: [String]) {
        self.writers = Set(writers)
    }


    func hasAuthorization(for key: String) -> Bool {
        // Note: This is not a constant-time compare, so there may be an opportunity
        // for timing attack here. Sets perform hashed lookups, so this may be less of an issue,
        // and we're not doing anything critical in this application.
        // Worst case, an unauthorized person with a lot of free time and energy to hack this system
        // is able to change contents of the database, which are backed up in any case.
        writers.contains(key)
    }

    func metricListAccess(isAllowedForToken accessToken: AccessToken) throws {
        guard let key = String(data: accessToken, encoding: .utf8) else {
            return
        }
        guard hasAuthorization(for: key) else {
            throw MetricError.accessDenied
        }
    }

    func metricAccess(to metric: MetricId, isAllowedForToken accessToken: AccessToken) throws {
        try metricListAccess(isAllowedForToken: accessToken)
    }


    func authorize(_ request: Request) throws {
        guard let key = request.headers.first(name: "key") else {
            throw Abort(.badRequest) // 400
        }
        guard hasAuthorization(for: key) else {
            throw Abort(.forbidden) // 403
        }
    }
}
Update authentication and metrics logging 2023-01-17 22:02:27 +01:00			`import Foundation`
			`import Clairvoyant`
			`import Vapor`

Update to new access management 2023-01-30 16:07:04 +01:00			`final class Authenticator: MetricAccessManager {`
Update authentication and metrics logging 2023-01-17 22:02:27 +01:00
			`private var writers: Set<String>`

			`init(writers: [String]) {`
			`self.writers = Set(writers)`
			`}`


			`func hasAuthorization(for key: String) -> Bool {`
			`// Note: This is not a constant-time compare, so there may be an opportunity`
			`// for timing attack here. Sets perform hashed lookups, so this may be less of an issue,`
			`// and we're not doing anything critical in this application.`
			`// Worst case, an unauthorized person with a lot of free time and energy to hack this system`
			`// is able to change contents of the database, which are backed up in any case.`
			`writers.contains(key)`
			`}`

Update to new access management 2023-01-30 16:07:04 +01:00			`func metricListAccess(isAllowedForToken accessToken: AccessToken) throws {`
Update authentication and metrics logging 2023-01-17 22:02:27 +01:00			`guard let key = String(data: accessToken, encoding: .utf8) else {`
Update to new access management 2023-01-30 16:07:04 +01:00			`return`
Update authentication and metrics logging 2023-01-17 22:02:27 +01:00			`}`
Update to new access management 2023-01-30 16:07:04 +01:00			`guard hasAuthorization(for: key) else {`
			`throw MetricError.accessDenied`
			`}`
			`}`

			`func metricAccess(to metric: MetricId, isAllowedForToken accessToken: AccessToken) throws {`
			`try metricListAccess(isAllowedForToken: accessToken)`
Update authentication and metrics logging 2023-01-17 22:02:27 +01:00			`}`


			`func authorize(_ request: Request) throws {`
			`guard let key = request.headers.first(name: "key") else {`
			`throw Abort(.badRequest) // 400`
			`}`
			`guard hasAuthorization(for: key) else {`
			`throw Abort(.forbidden) // 403`
			`}`
			`}`
			`}`