Restrict access to .git directory

This commit is contained in:
Pierre HUBERT 2022-04-02 15:58:31 +02:00
parent 3fdb775308
commit 1070d80553

View File

@ -1,12 +1,11 @@
//! # Authentication middleware //! # Authentication middleware
use std::future::{ready, Ready}; use std::future::{Future, ready, Ready};
use std::pin::Pin;
use std::rc::Rc;
use actix_web::{ use actix_web::{dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform}, Error, HttpResponse};
dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform}, use actix_web::body::EitherBody;
Error,
};
use futures_util::future::LocalBoxFuture;
// There are two steps in middleware processing. // There are two steps in middleware processing.
// 1. Middleware initialization, middleware factory gets called with // 1. Middleware initialization, middleware factory gets called with
@ -19,43 +18,56 @@ pub struct AuthMiddleware;
// `B` - type of response's body // `B` - type of response's body
impl<S, B> Transform<S, ServiceRequest> for AuthMiddleware impl<S, B> Transform<S, ServiceRequest> for AuthMiddleware
where where
S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error>, S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error> + 'static,
S::Future: 'static, S::Future: 'static,
B: 'static, B: 'static,
{ {
type Response = ServiceResponse<B>; type Response = ServiceResponse<EitherBody<B>>;
type Error = Error; type Error = Error;
type Transform = SayHiMiddleware<S>; type Transform = AuthInnerMiddleware<S>;
type InitError = (); type InitError = ();
type Future = Ready<Result<Self::Transform, Self::InitError>>; type Future = Ready<Result<Self::Transform, Self::InitError>>;
fn new_transform(&self, service: S) -> Self::Future { fn new_transform(&self, service: S) -> Self::Future {
ready(Ok(SayHiMiddleware { service })) ready(Ok(AuthInnerMiddleware { service: Rc::new(service) }))
} }
} }
pub struct SayHiMiddleware<S> { pub struct AuthInnerMiddleware<S> {
service: S, service: Rc<S>,
} }
impl<S, B> Service<ServiceRequest> for SayHiMiddleware<S> impl<S, B> Service<ServiceRequest> for AuthInnerMiddleware<S>
where where
S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error>, S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error> + 'static,
S::Future: 'static, S::Future: 'static,
B: 'static, B: 'static,
{ {
type Response = ServiceResponse<B>; type Response = ServiceResponse<EitherBody<B>>;
type Error = Error; type Error = Error;
type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>; type Future = Pin<Box<dyn Future<Output=Result<Self::Response, Self::Error>>>>;
forward_ready!(service); forward_ready!(service);
fn call(&self, req: ServiceRequest) -> Self::Future { fn call(&self, req: ServiceRequest) -> Self::Future {
println!("Hi from start. You requested: {}", req.path()); println!("Hi from start. You requested: {}", req.path());
let fut = self.service.call(req); let service = Rc::clone(&self.service);
// Forward request // Forward request
Box::pin(async move { fut.await }) Box::pin(async move {
if req.path().starts_with("/.git") {
return Ok(req.into_response(
HttpResponse::Unauthorized()
.body("Hey don't touch this!")
.map_into_right_body()
));
}
service
.call(req)
.await
.map(ServiceResponse::map_into_left_body)
})
} }
} }