pub struct AuthAwareService { /* private fields */ }Expand description
Wrapper around [StorageService] that ensures each operation is authorized.
Authorization is performed according to the request’s authorization details, see also
AuthContext. When crate::config::AuthZ::enforce is false, authorization failures are
logged but any unauthorized operations are still allowed to proceed.
Objectstore API endpoints can use AuthAwareService simply by adding it to their handler
function’s argument list like so:
use axum::http::StatusCode;
use objectstore_server::auth::AuthAwareService;
async fn my_endpoint(service: AuthAwareService) -> Result<StatusCode, StatusCode> {
service.delete_object(todo!("pass some ID"))
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
Ok(StatusCode::NO_CONTENT)
}Implementations§
Source§impl AuthAwareService
impl AuthAwareService
Sourcepub fn new(service: StorageService, context: AuthContext, enforce: bool) -> Self
pub fn new(service: StorageService, context: AuthContext, enforce: bool) -> Self
Creates a new AuthAwareService using the given [StorageService], AuthContext,
and enforcement setting.
The context is used to check whether each operation is authorized. enforce controls
whether authorization failures will result in an error response or be ignored.
With an AuthContext::Disabled context, all operations are permitted.
Sourcepub fn check_permission(
&self,
perm: Permission,
context: &ObjectContext,
) -> ApiResult<()>
pub fn check_permission( &self, perm: Permission, context: &ObjectContext, ) -> ApiResult<()>
Checks whether the request is authorized for the given permission on the given context.
Returns Ok(()) if authorized, or an error indicating the reason.
Sourcepub async fn insert_object(
&self,
context: ObjectContext,
key: Option<String>,
metadata: Metadata,
stream: ClientStream,
) -> ApiResult<InsertResponse>
pub async fn insert_object( &self, context: ObjectContext, key: Option<String>, metadata: Metadata, stream: ClientStream, ) -> ApiResult<InsertResponse>
Auth-aware wrapper around [StorageService::insert_object].
Sourcepub async fn get_metadata(&self, id: ObjectId) -> ApiResult<MetadataResponse>
pub async fn get_metadata(&self, id: ObjectId) -> ApiResult<MetadataResponse>
Auth-aware wrapper around [StorageService::get_metadata].
Sourcepub async fn get_object(
&self,
id: ObjectId,
range: Option<ByteRange>,
) -> ApiResult<GetResponse>
pub async fn get_object( &self, id: ObjectId, range: Option<ByteRange>, ) -> ApiResult<GetResponse>
Auth-aware wrapper around [StorageService::get_object].
Sourcepub async fn delete_object(&self, id: ObjectId) -> ApiResult<DeleteResponse>
pub async fn delete_object(&self, id: ObjectId) -> ApiResult<DeleteResponse>
Auth-aware wrapper around [StorageService::delete_object].
Sourcepub async fn initiate_multipart(
&self,
id: ObjectId,
metadata: Metadata,
) -> ApiResult<InitiateMultipartResponse>
pub async fn initiate_multipart( &self, id: ObjectId, metadata: Metadata, ) -> ApiResult<InitiateMultipartResponse>
Auth-aware wrapper around [StorageService::initiate_multipart].
Sourcepub async fn upload_part(
&self,
id: ObjectId,
upload_id: UploadId,
part_number: PartNumber,
content_length: u64,
content_md5: Option<String>,
body: ClientStream,
) -> ApiResult<UploadPartResponse>
pub async fn upload_part( &self, id: ObjectId, upload_id: UploadId, part_number: PartNumber, content_length: u64, content_md5: Option<String>, body: ClientStream, ) -> ApiResult<UploadPartResponse>
Auth-aware wrapper around [StorageService::upload_part].
Sourcepub async fn list_parts(
&self,
id: ObjectId,
upload_id: UploadId,
max_parts: Option<u32>,
part_number_marker: Option<PartNumber>,
) -> ApiResult<ListPartsResponse>
pub async fn list_parts( &self, id: ObjectId, upload_id: UploadId, max_parts: Option<u32>, part_number_marker: Option<PartNumber>, ) -> ApiResult<ListPartsResponse>
Auth-aware wrapper around [StorageService::list_parts].
Sourcepub async fn abort_multipart(
&self,
id: ObjectId,
upload_id: UploadId,
) -> ApiResult<AbortMultipartResponse>
pub async fn abort_multipart( &self, id: ObjectId, upload_id: UploadId, ) -> ApiResult<AbortMultipartResponse>
Auth-aware wrapper around [StorageService::abort_multipart].
Sourcepub async fn complete_multipart(
&self,
id: ObjectId,
upload_id: UploadId,
parts: Vec<CompletedPart>,
) -> ApiResult<CompleteMultipartResponse>
pub async fn complete_multipart( &self, id: ObjectId, upload_id: UploadId, parts: Vec<CompletedPart>, ) -> ApiResult<CompleteMultipartResponse>
Auth-aware wrapper around [StorageService::complete_multipart].
Trait Implementations§
Source§impl Debug for AuthAwareService
impl Debug for AuthAwareService
Source§impl FromRequestParts<Arc<Services>> for AuthAwareService
impl FromRequestParts<Arc<Services>> for AuthAwareService
Source§type Rejection = ApiError
type Rejection = ApiError
Source§async fn from_request_parts(
parts: &mut Parts,
state: &ServiceState,
) -> Result<Self, Self::Rejection>
async fn from_request_parts( parts: &mut Parts, state: &ServiceState, ) -> Result<Self, Self::Rejection>
Auto Trait Implementations§
impl Freeze for AuthAwareService
impl !RefUnwindSafe for AuthAwareService
impl Send for AuthAwareService
impl Sync for AuthAwareService
impl Unpin for AuthAwareService
impl UnsafeUnpin for AuthAwareService
impl !UnwindSafe for AuthAwareService
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
§impl<S, T> FromRequest<S, ViaParts> for T
impl<S, T> FromRequest<S, ViaParts> for T
§type Rejection = <T as FromRequestParts<S>>::Rejection
type Rejection = <T as FromRequestParts<S>>::Rejection
§fn from_request(
req: Request<Body>,
state: &S,
) -> impl Future<Output = Result<T, <T as FromRequest<S, ViaParts>>::Rejection>>
fn from_request( req: Request<Body>, state: &S, ) -> impl Future<Output = Result<T, <T as FromRequest<S, ViaParts>>::Rejection>>
§impl<T> Instrument for T
impl<T> Instrument for T
§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left is true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left(&self) returns true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read more§impl<T> IntoRequest<T> for T
impl<T> IntoRequest<T> for T
§fn into_request(self) -> Request<T>
fn into_request(self) -> Request<T>
T in a tonic::Request§impl<L> LayerExt<L> for L
impl<L> LayerExt<L> for L
§fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>where
L: Layer<S>,
fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>where
L: Layer<S>,
Layered].§impl<T> Paint for Twhere
T: ?Sized,
impl<T> Paint for Twhere
T: ?Sized,
§fn fg(&self, value: Color) -> Painted<&T>
fn fg(&self, value: Color) -> Painted<&T>
Returns a styled value derived from self with the foreground set to
value.
This method should be used rarely. Instead, prefer to use color-specific
builder methods like red() and
green(), which have the same functionality but are
pithier.
§Example
Set foreground color to white using fg():
use yansi::{Paint, Color};
painted.fg(Color::White);Set foreground color to white using white().
use yansi::Paint;
painted.white();§fn bright_black(&self) -> Painted<&T>
fn bright_black(&self) -> Painted<&T>
§fn bright_red(&self) -> Painted<&T>
fn bright_red(&self) -> Painted<&T>
§fn bright_green(&self) -> Painted<&T>
fn bright_green(&self) -> Painted<&T>
§fn bright_yellow(&self) -> Painted<&T>
fn bright_yellow(&self) -> Painted<&T>
§fn bright_blue(&self) -> Painted<&T>
fn bright_blue(&self) -> Painted<&T>
§fn bright_magenta(&self) -> Painted<&T>
fn bright_magenta(&self) -> Painted<&T>
§fn bright_cyan(&self) -> Painted<&T>
fn bright_cyan(&self) -> Painted<&T>
§fn bright_white(&self) -> Painted<&T>
fn bright_white(&self) -> Painted<&T>
§fn bg(&self, value: Color) -> Painted<&T>
fn bg(&self, value: Color) -> Painted<&T>
Returns a styled value derived from self with the background set to
value.
This method should be used rarely. Instead, prefer to use color-specific
builder methods like on_red() and
on_green(), which have the same functionality but
are pithier.
§Example
Set background color to red using fg():
use yansi::{Paint, Color};
painted.bg(Color::Red);Set background color to red using on_red().
use yansi::Paint;
painted.on_red();§fn on_primary(&self) -> Painted<&T>
fn on_primary(&self) -> Painted<&T>
§fn on_magenta(&self) -> Painted<&T>
fn on_magenta(&self) -> Painted<&T>
§fn on_bright_black(&self) -> Painted<&T>
fn on_bright_black(&self) -> Painted<&T>
§fn on_bright_red(&self) -> Painted<&T>
fn on_bright_red(&self) -> Painted<&T>
§fn on_bright_green(&self) -> Painted<&T>
fn on_bright_green(&self) -> Painted<&T>
§fn on_bright_yellow(&self) -> Painted<&T>
fn on_bright_yellow(&self) -> Painted<&T>
§fn on_bright_blue(&self) -> Painted<&T>
fn on_bright_blue(&self) -> Painted<&T>
§fn on_bright_magenta(&self) -> Painted<&T>
fn on_bright_magenta(&self) -> Painted<&T>
§fn on_bright_cyan(&self) -> Painted<&T>
fn on_bright_cyan(&self) -> Painted<&T>
§fn on_bright_white(&self) -> Painted<&T>
fn on_bright_white(&self) -> Painted<&T>
§fn attr(&self, value: Attribute) -> Painted<&T>
fn attr(&self, value: Attribute) -> Painted<&T>
Enables the styling [Attribute] value.
This method should be used rarely. Instead, prefer to use
attribute-specific builder methods like bold() and
underline(), which have the same functionality
but are pithier.
§Example
Make text bold using attr():
use yansi::{Paint, Attribute};
painted.attr(Attribute::Bold);Make text bold using using bold().
use yansi::Paint;
painted.bold();§fn rapid_blink(&self) -> Painted<&T>
fn rapid_blink(&self) -> Painted<&T>
§fn quirk(&self, value: Quirk) -> Painted<&T>
fn quirk(&self, value: Quirk) -> Painted<&T>
Enables the yansi [Quirk] value.
This method should be used rarely. Instead, prefer to use quirk-specific
builder methods like mask() and
wrap(), which have the same functionality but are
pithier.
§Example
Enable wrapping using .quirk():
use yansi::{Paint, Quirk};
painted.quirk(Quirk::Wrap);Enable wrapping using wrap().
use yansi::Paint;
painted.wrap();§fn clear(&self) -> Painted<&T>
👎Deprecated since 1.0.1: renamed to resetting() due to conflicts with Vec::clear().
The clear() method will be removed in a future release.
fn clear(&self) -> Painted<&T>
renamed to resetting() due to conflicts with Vec::clear().
The clear() method will be removed in a future release.
§fn whenever(&self, value: Condition) -> Painted<&T>
fn whenever(&self, value: Condition) -> Painted<&T>
Conditionally enable styling based on whether the [Condition] value
applies. Replaces any previous condition.
See the crate level docs for more details.
§Example
Enable styling painted only when both stdout and stderr are TTYs:
use yansi::{Paint, Condition};
painted.red().on_yellow().whenever(Condition::STDOUTERR_ARE_TTY);