Enable bruteforce protection on login endpoint
This commit is contained in:
@ -1,20 +1,20 @@
|
||||
//! # Authentication middleware
|
||||
|
||||
use std::future::{ready, Future, Ready};
|
||||
use std::future::{Future, ready, Ready};
|
||||
use std::pin::Pin;
|
||||
use std::rc::Rc;
|
||||
|
||||
use actix_identity::RequestIdentity;
|
||||
use actix_web::body::EitherBody;
|
||||
use actix_web::http::{header, Method};
|
||||
use actix_web::{
|
||||
dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
|
||||
web, Error, HttpResponse,
|
||||
Error, HttpResponse, web,
|
||||
};
|
||||
use actix_web::body::EitherBody;
|
||||
use actix_web::http::{header, Method};
|
||||
use askama::Template;
|
||||
|
||||
use crate::constants::{ADMIN_ROUTES, AUTHENTICATED_ROUTES};
|
||||
use crate::controllers::base_controller::redirect_user_for_login;
|
||||
use crate::controllers::base_controller::{FatalErrorPage, redirect_user_for_login};
|
||||
use crate::data::app_config::AppConfig;
|
||||
use crate::data::session_identity::{SessionIdentity, SessionIdentityData, SessionStatus};
|
||||
|
||||
@ -28,10 +28,10 @@ pub struct AuthMiddleware;
|
||||
// `S` - type of the next service
|
||||
// `B` - type of response's body
|
||||
impl<S, B> Transform<S, ServiceRequest> for AuthMiddleware
|
||||
where
|
||||
S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
|
||||
S::Future: 'static,
|
||||
B: 'static,
|
||||
where
|
||||
S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error> + 'static,
|
||||
S::Future: 'static,
|
||||
B: 'static,
|
||||
{
|
||||
type Response = ServiceResponse<EitherBody<B>>;
|
||||
type Error = Error;
|
||||
@ -63,25 +63,22 @@ impl ConnStatus {
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[template(path = "access_denied.html")]
|
||||
struct AccessDeniedTemplate {}
|
||||
|
||||
pub struct AuthInnerMiddleware<S> {
|
||||
service: Rc<S>,
|
||||
}
|
||||
|
||||
impl<S, B> Service<ServiceRequest> for AuthInnerMiddleware<S>
|
||||
where
|
||||
S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
|
||||
S::Future: 'static,
|
||||
B: 'static,
|
||||
where
|
||||
S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error> + 'static,
|
||||
S::Future: 'static,
|
||||
B: 'static,
|
||||
{
|
||||
type Response = ServiceResponse<EitherBody<B>>;
|
||||
type Error = Error;
|
||||
|
||||
#[allow(clippy::type_complexity)]
|
||||
type Future = Pin<Box<dyn Future<Output = Result<Self::Response, Self::Error>>>>;
|
||||
type Future = Pin<Box<dyn Future<Output=Result<Self::Response, Self::Error>>>>;
|
||||
|
||||
forward_ready!(service);
|
||||
|
||||
@ -120,21 +117,21 @@ where
|
||||
|
||||
let session = match SessionIdentity::deserialize_session_data(req.get_identity()) {
|
||||
Some(SessionIdentityData {
|
||||
status: SessionStatus::SignedIn,
|
||||
is_admin: true,
|
||||
..
|
||||
}) => ConnStatus::Admin,
|
||||
status: SessionStatus::SignedIn,
|
||||
is_admin: true,
|
||||
..
|
||||
}) => ConnStatus::Admin,
|
||||
Some(SessionIdentityData {
|
||||
status: SessionStatus::SignedIn,
|
||||
..
|
||||
}) => ConnStatus::RegularUser,
|
||||
status: SessionStatus::SignedIn,
|
||||
..
|
||||
}) => ConnStatus::RegularUser,
|
||||
_ => ConnStatus::SignedOut,
|
||||
};
|
||||
|
||||
// Redirect user to login page
|
||||
if !session.is_auth()
|
||||
&& (req.path().starts_with(ADMIN_ROUTES)
|
||||
|| req.path().starts_with(AUTHENTICATED_ROUTES))
|
||||
|| req.path().starts_with(AUTHENTICATED_ROUTES))
|
||||
{
|
||||
let path = req.path().to_string();
|
||||
return Ok(req
|
||||
@ -147,7 +144,9 @@ where
|
||||
return Ok(req
|
||||
.into_response(
|
||||
HttpResponse::Unauthorized()
|
||||
.body(AccessDeniedTemplate {}.render().unwrap()),
|
||||
.body(FatalErrorPage {
|
||||
message: "You are not allowed to access this resource."
|
||||
}.render().unwrap()),
|
||||
)
|
||||
.map_into_right_body());
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user