pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Redirect anonymous user from authenticated pages

Browse Source
This commit is contained in:
Pierre HUBERT 2022-04-02 17:44:10 +02:00
parent 9e72e6a044
commit 91fd763fe1
3 changed files with 51 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/constants.rs
View File

@ -18,4 +18,13 @@ pub const MAX_SESSION_DURATION: i64 = 3600 * 6;
pub const MIN_PASS_LEN: usize = 4;
/// The name of the cookie used to store session information
pub const SESSION_COOKIE_NAME: &str = "auth-cookie";
pub const SESSION_COOKIE_NAME: &str = "auth-cookie";
/// Authenticated routes prefix
pub const AUTHENTICATED_ROUTES: &str = "/settings";
/// Admin routes prefix
pub const ADMIN_ROUTES: &str = "/admin";
/// Auth route
pub const LOGIN_ROUTE: &str = "/login";

23
src/data/session_identity.rs
View File

@ -19,7 +19,7 @@ impl Default for SessionStatus {
#[derive(Debug, Serialize, Deserialize, Default)]
struct SessionIdentityData {
pub struct SessionIdentityData {
pub id: UserID,
pub is_admin: bool,
pub status: SessionStatus,
@ -28,17 +28,12 @@ struct SessionIdentityData {
pub struct SessionIdentity<'a>(pub &'a Identity);
impl<'a> SessionIdentity<'a> {
pub fn set_user(&self, user: &User) {
self.set_session_data(&SessionIdentityData {
id: user.uid.clone(),
is_admin: user.admin,
status: SessionStatus::SignedIn,
});
fn get_session_data(&self) -> Option<SessionIdentityData> {
Self::deserialize_session_data(self.0.identity())
}
fn get_session_data(&self) -> Option<SessionIdentityData> {
let res: Option<SessionIdentityData> = self.0.identity()
.as_deref()
pub fn deserialize_session_data(data: Option<String>) -> Option<SessionIdentityData> {
let res: Option<SessionIdentityData> = data.as_deref()
.map(serde_json::from_str)
.map(|f| match f {
Ok(d) => Some(d),
@ -66,6 +61,14 @@ impl<'a> SessionIdentity<'a> {
self.0.remember(s);
}
pub fn set_user(&self, user: &User) {
self.set_session_data(&SessionIdentityData {
id: user.uid.clone(),
is_admin: user.admin,
status: SessionStatus::SignedIn,
});
}
pub fn set_status(&self, status: SessionStatus) {
let mut sess = self.get_session_data().unwrap_or_default();
sess.status = status;

32
src/middlewares/auth_middleware.rs
View File

@ -8,6 +8,10 @@ use actix_identity::RequestIdentity;
use actix_web::{dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform}, Error, HttpResponse};
use actix_web::body::EitherBody;
use crate::constants::{ADMIN_ROUTES, AUTHENTICATED_ROUTES, LOGIN_ROUTE};
use crate::controllers::base_controller::redirect_user;
use crate::data::session_identity::{SessionIdentity, SessionIdentityData};
// There are two steps in middleware processing.
// 1. Middleware initialization, middleware factory gets called with
// next service in chain as parameter.
@ -41,6 +45,16 @@ enum SessionStatus {
Admin,
}
impl SessionStatus {
pub fn is_auth(&self) -> bool {
!matches!(self, SessionStatus::SignedOut)
}
pub fn is_admin(&self) -> bool {
matches!(self, SessionStatus::Admin)
}
}
pub struct AuthInnerMiddleware<S> {
service: Rc<S>,
}
@ -60,8 +74,6 @@ impl<S, B> Service<ServiceRequest> for AuthInnerMiddleware<S>
forward_ready!(service);
fn call(&self, req: ServiceRequest) -> Self::Future {
println!("Hi from start. You requested: {}", req.path());
let service = Rc::clone(&self.service);
// Forward request
@ -74,8 +86,20 @@ impl<S, B> Service<ServiceRequest> for AuthInnerMiddleware<S>
));
}
let identity = req.get_identity();
println!("identity: {:?}", identity);
let identity = match SessionIdentity::deserialize_session_data(req.get_identity()) {
None => SessionStatus::SignedOut,
Some(SessionIdentityData { is_admin: true, .. }) => SessionStatus::Admin,
_ => SessionStatus::RegularUser,
};
// Redirect user to login page
if !identity.is_auth() && (req.path().starts_with(ADMIN_ROUTES) ||
req.path().starts_with(AUTHENTICATED_ROUTES)) {
return Ok(req.into_response(redirect_user(LOGIN_ROUTE))
.map_into_right_body());
}
// TODO : restrict access to admin pages
service
.call(req)