Restrict access to .git directory

src/middlewares/auth_middleware.rs

@@ -1,12 +1,11 @@
 //! # Authentication middleware
 
-use std::future::{ready, Ready};
+use std::future::{Future, ready, Ready};
+use std::pin::Pin;
+use std::rc::Rc;
 
-use actix_web::{
+use actix_web::{dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform}, Error, HttpResponse};
-    dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
+use actix_web::body::EitherBody;
-    Error,
-};
-use futures_util::future::LocalBoxFuture;
 
 // There are two steps in middleware processing.
 // 1. Middleware initialization, middleware factory gets called with
@@ -19,43 +18,56 @@ pub struct AuthMiddleware;
 // `B` - type of response's body
 impl<S, B> Transform<S, ServiceRequest> for AuthMiddleware
     where
-        S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error>,
+        S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error> + 'static,
         S::Future: 'static,
         B: 'static,
 {
-    type Response = ServiceResponse<B>;
+    type Response = ServiceResponse<EitherBody<B>>;
     type Error = Error;
-    type Transform = SayHiMiddleware<S>;
+    type Transform = AuthInnerMiddleware<S>;
     type InitError = ();
     type Future = Ready<Result<Self::Transform, Self::InitError>>;
 
     fn new_transform(&self, service: S) -> Self::Future {
-        ready(Ok(SayHiMiddleware { service }))
+        ready(Ok(AuthInnerMiddleware { service: Rc::new(service) }))
     }
 }
 
-pub struct SayHiMiddleware<S> {
+pub struct AuthInnerMiddleware<S> {
-    service: S,
+    service: Rc<S>,
 }
 
-impl<S, B> Service<ServiceRequest> for SayHiMiddleware<S>
+impl<S, B> Service<ServiceRequest> for AuthInnerMiddleware<S>
     where
-        S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error>,
+        S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error> + 'static,
         S::Future: 'static,
         B: 'static,
 {
-    type Response = ServiceResponse<B>;
+    type Response = ServiceResponse<EitherBody<B>>;
     type Error = Error;
-    type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;
+    type Future = Pin<Box<dyn Future<Output=Result<Self::Response, Self::Error>>>>;
 
     forward_ready!(service);
 
     fn call(&self, req: ServiceRequest) -> Self::Future {
         println!("Hi from start. You requested: {}", req.path());
 
-        let fut = self.service.call(req);
+        let service = Rc::clone(&self.service);
 
         // Forward request
-        Box::pin(async move { fut.await })
+        Box::pin(async move {
+            if req.path().starts_with("/.git") {
+                return Ok(req.into_response(
+                    HttpResponse::Unauthorized()
+                        .body("Hey don't touch this!")
+                        .map_into_right_body()
+                ));
+            }
+
+            service
+                .call(req)
+                .await
+                .map(ServiceResponse::map_into_left_body)
+        })
     }
 }