Struct workstreams_api::auth::Authorization

pub struct Authorization {
    resources: Vec<String>,
    issued_at: String,
    expiration_time: Option<String>,
    not_before: Option<String>,
    pub address: H160,
}

An authorization is issued to a particular address based on the fields included in the AuthRequest message. With the Resources vecotr, the API can have even more granular control over the access control of a particular address. All the fields are populated by a AuthRequest.message, from the fields with the same name.

Fields

resources: Vec<String>

issued_at: String

expiration_time: Option<String>

not_before: Option<String>

address: H160

Implementations

impl Authorization

pub async fn parse_request(req: &Request) -> Result<String>

Parses a worker::Request for an authentication token, serialized as a JSON object in the body of the request. The authentication token is used to retrieve the related Authorization and verify that the token-holder can access the particular resource.

pub async fn get<T>(env: &Env, token: T) -> Result<Option<Authorization>> where
    T: Into<String>, 

Get an authorizsation from the Cloudflare KV store, based on a token. The token is retrived from the request with parse_request and used as the key to find the Authorization struct.

pub async fn create(env: &Env, auth: AuthRequest) -> Result<String>

Creates an Authorization in the Cloudflare KC store based on an AuthRequest. After the message is verified against the signature, the authorization is tied to the address that signed the message. The message is converted to bytes and hashed with a pseudorandomly generated salt. The hash is used as the KEY of the Authorization and returned to the user to be used as a token.

For better UX, we return the token in the form of a cookie that can be used by the web application.

The Authorization value is set to expire at the Cloduflare KV store at the same time that it expires as an Authorization, defined in the expiration_time field of the SIWE::Message. That way, we don’t have to deal with stale records, but Cloudflare takes care of it. After it expires, the token will no longer be usable and the user will have to Authorize again and use a new token.

Trait Implementations

impl Debug for Authorization

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for Authorization

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
    __D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.

impl Serialize for Authorization

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error> where
    __S: Serializer, 

Serialize this value into the given Serde serializer.