Restrict access to .git directory
This commit is contained in:
parent
3fdb775308
commit
1070d80553
@ -1,12 +1,11 @@
|
|||||||
//! # Authentication middleware
|
//! # Authentication middleware
|
||||||
|
|
||||||
use std::future::{ready, Ready};
|
use std::future::{Future, ready, Ready};
|
||||||
|
use std::pin::Pin;
|
||||||
|
use std::rc::Rc;
|
||||||
|
|
||||||
use actix_web::{
|
use actix_web::{dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform}, Error, HttpResponse};
|
||||||
dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
|
use actix_web::body::EitherBody;
|
||||||
Error,
|
|
||||||
};
|
|
||||||
use futures_util::future::LocalBoxFuture;
|
|
||||||
|
|
||||||
// There are two steps in middleware processing.
|
// There are two steps in middleware processing.
|
||||||
// 1. Middleware initialization, middleware factory gets called with
|
// 1. Middleware initialization, middleware factory gets called with
|
||||||
@ -19,43 +18,56 @@ pub struct AuthMiddleware;
|
|||||||
// `B` - type of response's body
|
// `B` - type of response's body
|
||||||
impl<S, B> Transform<S, ServiceRequest> for AuthMiddleware
|
impl<S, B> Transform<S, ServiceRequest> for AuthMiddleware
|
||||||
where
|
where
|
||||||
S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error>,
|
S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error> + 'static,
|
||||||
S::Future: 'static,
|
S::Future: 'static,
|
||||||
B: 'static,
|
B: 'static,
|
||||||
{
|
{
|
||||||
type Response = ServiceResponse<B>;
|
type Response = ServiceResponse<EitherBody<B>>;
|
||||||
type Error = Error;
|
type Error = Error;
|
||||||
type Transform = SayHiMiddleware<S>;
|
type Transform = AuthInnerMiddleware<S>;
|
||||||
type InitError = ();
|
type InitError = ();
|
||||||
type Future = Ready<Result<Self::Transform, Self::InitError>>;
|
type Future = Ready<Result<Self::Transform, Self::InitError>>;
|
||||||
|
|
||||||
fn new_transform(&self, service: S) -> Self::Future {
|
fn new_transform(&self, service: S) -> Self::Future {
|
||||||
ready(Ok(SayHiMiddleware { service }))
|
ready(Ok(AuthInnerMiddleware { service: Rc::new(service) }))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub struct SayHiMiddleware<S> {
|
pub struct AuthInnerMiddleware<S> {
|
||||||
service: S,
|
service: Rc<S>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<S, B> Service<ServiceRequest> for SayHiMiddleware<S>
|
impl<S, B> Service<ServiceRequest> for AuthInnerMiddleware<S>
|
||||||
where
|
where
|
||||||
S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error>,
|
S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error> + 'static,
|
||||||
S::Future: 'static,
|
S::Future: 'static,
|
||||||
B: 'static,
|
B: 'static,
|
||||||
{
|
{
|
||||||
type Response = ServiceResponse<B>;
|
type Response = ServiceResponse<EitherBody<B>>;
|
||||||
type Error = Error;
|
type Error = Error;
|
||||||
type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;
|
type Future = Pin<Box<dyn Future<Output=Result<Self::Response, Self::Error>>>>;
|
||||||
|
|
||||||
forward_ready!(service);
|
forward_ready!(service);
|
||||||
|
|
||||||
fn call(&self, req: ServiceRequest) -> Self::Future {
|
fn call(&self, req: ServiceRequest) -> Self::Future {
|
||||||
println!("Hi from start. You requested: {}", req.path());
|
println!("Hi from start. You requested: {}", req.path());
|
||||||
|
|
||||||
let fut = self.service.call(req);
|
let service = Rc::clone(&self.service);
|
||||||
|
|
||||||
// Forward request
|
// Forward request
|
||||||
Box::pin(async move { fut.await })
|
Box::pin(async move {
|
||||||
|
if req.path().starts_with("/.git") {
|
||||||
|
return Ok(req.into_response(
|
||||||
|
HttpResponse::Unauthorized()
|
||||||
|
.body("Hey don't touch this!")
|
||||||
|
.map_into_right_body()
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
service
|
||||||
|
.call(req)
|
||||||
|
.await
|
||||||
|
.map(ServiceResponse::map_into_left_body)
|
||||||
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user