Caps-Server/Sources/App/Authenticator.swift

40 lines
1.2 KiB
Swift
Raw Normal View History

import Foundation
import Clairvoyant
import Vapor
final class Authenticator: MetricAccessAuthenticator {
private var writers: Set<String>
init(writers: [String]) {
self.writers = Set(writers)
}
func hasAuthorization(for key: String) -> Bool {
// Note: This is not a constant-time compare, so there may be an opportunity
// for timing attack here. Sets perform hashed lookups, so this may be less of an issue,
// and we're not doing anything critical in this application.
// Worst case, an unauthorized person with a lot of free time and energy to hack this system
// is able to change contents of the database, which are backed up in any case.
writers.contains(key)
}
func metricAccess(isAllowedForToken accessToken: Data) -> Bool {
guard let key = String(data: accessToken, encoding: .utf8) else {
return false
}
return hasAuthorization(for: key)
}
func authorize(_ request: Request) throws {
guard let key = request.headers.first(name: "key") else {
throw Abort(.badRequest) // 400
}
guard hasAuthorization(for: key) else {
throw Abort(.forbidden) // 403
}
}
}