Block POST requests from unknown origins

This commit is contained in:
2022-04-03 15:48:45 +02:00
parent 9f5fdd65ab
commit 9236b91f12
3 changed files with 35 additions and 10 deletions

View File

@ -62,11 +62,12 @@ async fn main() -> std::io::Result<()> {
let users_actor = UsersActor::new(users).start();
log::info!("Server will listen on {}", config.listen_address);
let listen_address = config.listen_address.to_string();
HttpServer::new(move || {
let policy = CookieIdentityPolicy::new(config.token_key.as_bytes())
.name(SESSION_COOKIE_NAME)
.secure(config.secure_auth_cookie)
.secure(config.secure_cookie())
.visit_deadline(Duration::seconds(MAX_INACTIVITY_DURATION))
.login_deadline(Duration::seconds(MAX_SESSION_DURATION))
.same_site(SameSite::Strict);
@ -74,6 +75,7 @@ async fn main() -> std::io::Result<()> {
App::new()
.app_data(web::Data::new(users_actor.clone()))
.app_data(web::Data::new(config.clone()))
.wrap(Logger::default())
.wrap(AuthMiddleware {})
@ -92,7 +94,7 @@ async fn main() -> std::io::Result<()> {
// Logout page
.route("/logout", web::get().to(logout_route))
})
.bind(config.listen_address)?
.bind(listen_address)?
.run()
.await
}