Merge factors type for authentication
This commit is contained in:
181
src/main.rs
181
src/main.rs
@ -4,19 +4,19 @@ use std::sync::Arc;
|
||||
use actix::Actor;
|
||||
use actix_identity::config::LogoutBehaviour;
|
||||
use actix_identity::IdentityMiddleware;
|
||||
use actix_session::SessionMiddleware;
|
||||
use actix_session::storage::CookieSessionStore;
|
||||
use actix_web::{App, get, HttpResponse, HttpServer, middleware, web};
|
||||
use actix_session::SessionMiddleware;
|
||||
use actix_web::cookie::{Key, SameSite};
|
||||
use actix_web::middleware::Logger;
|
||||
use actix_web::{get, middleware, web, App, HttpResponse, HttpServer};
|
||||
use clap::Parser;
|
||||
|
||||
use basic_oidc::actors::bruteforce_actor::BruteForceActor;
|
||||
use basic_oidc::actors::openid_sessions_actor::OpenIDSessionsActor;
|
||||
use basic_oidc::actors::users_actor::UsersActor;
|
||||
use basic_oidc::constants::*;
|
||||
use basic_oidc::controllers::*;
|
||||
use basic_oidc::controllers::assets_controller::assets_route;
|
||||
use basic_oidc::controllers::*;
|
||||
use basic_oidc::data::app_config::AppConfig;
|
||||
use basic_oidc::data::client::ClientManager;
|
||||
use basic_oidc::data::entity_manager::EntityManager;
|
||||
@ -72,8 +72,7 @@ async fn main() -> std::io::Result<()> {
|
||||
let users_actor = UsersActor::new(users).start();
|
||||
let bruteforce_actor = BruteForceActor::default().start();
|
||||
let openid_sessions_actor = OpenIDSessionsActor::default().start();
|
||||
let jwt_signer = JWTSigner::gen_from_memory()
|
||||
.expect("Failed to generate JWKS key");
|
||||
let jwt_signer = JWTSigner::gen_from_memory().expect("Failed to generate JWKS key");
|
||||
let webauthn_manager = Arc::new(WebAuthManager::init(&config));
|
||||
|
||||
log::info!("Server will listen on {}", config.listen_address);
|
||||
@ -84,13 +83,14 @@ async fn main() -> std::io::Result<()> {
|
||||
.expect("Failed to load clients list!");
|
||||
clients.apply_environment_variables();
|
||||
|
||||
let session_mw =
|
||||
SessionMiddleware::builder(CookieSessionStore::default(),
|
||||
Key::from(config.token_key.as_bytes()))
|
||||
.cookie_name(SESSION_COOKIE_NAME.to_string())
|
||||
.cookie_secure(config.secure_cookie())
|
||||
.cookie_same_site(SameSite::Lax)
|
||||
.build();
|
||||
let session_mw = SessionMiddleware::builder(
|
||||
CookieSessionStore::default(),
|
||||
Key::from(config.token_key.as_bytes()),
|
||||
)
|
||||
.cookie_name(SESSION_COOKIE_NAME.to_string())
|
||||
.cookie_secure(config.secure_cookie())
|
||||
.cookie_same_site(SameSite::Lax)
|
||||
.build();
|
||||
|
||||
let identity_middleware = IdentityMiddleware::builder()
|
||||
.logout_behaviour(LogoutBehaviour::PurgeSession)
|
||||
@ -106,74 +106,145 @@ async fn main() -> std::io::Result<()> {
|
||||
.app_data(web::Data::new(clients))
|
||||
.app_data(web::Data::new(jwt_signer.clone()))
|
||||
.app_data(web::Data::new(webauthn_manager.clone()))
|
||||
|
||||
.wrap(middleware::DefaultHeaders::new()
|
||||
.add(("Permissions-Policy", "interest-cohort=()")))
|
||||
.wrap(
|
||||
middleware::DefaultHeaders::new().add(("Permissions-Policy", "interest-cohort=()")),
|
||||
)
|
||||
.wrap(Logger::default())
|
||||
.wrap(AuthMiddleware {})
|
||||
.wrap(identity_middleware)
|
||||
.wrap(session_mw)
|
||||
|
||||
// main route
|
||||
.route("/", web::get()
|
||||
.to(|| async { HttpResponse::Found().append_header(("Location", "/settings")).finish() }))
|
||||
.route(
|
||||
"/",
|
||||
web::get().to(|| async {
|
||||
HttpResponse::Found()
|
||||
.append_header(("Location", "/settings"))
|
||||
.finish()
|
||||
}),
|
||||
)
|
||||
.route("/robots.txt", web::get().to(assets_controller::robots_txt))
|
||||
|
||||
// health route
|
||||
.service(health)
|
||||
|
||||
// Assets serving
|
||||
.route("/assets/{path:.*}", web::get().to(assets_route))
|
||||
|
||||
// Login pages
|
||||
.route("/logout", web::get().to(login_controller::logout_route))
|
||||
.route("/login", web::get().to(login_controller::login_route))
|
||||
.route("/login", web::post().to(login_controller::login_route))
|
||||
.route("/reset_password", web::get().to(login_controller::reset_password_route))
|
||||
.route("/reset_password", web::post().to(login_controller::reset_password_route))
|
||||
.route("/2fa_auth", web::get().to(login_controller::choose_2fa_method))
|
||||
.route(
|
||||
"/reset_password",
|
||||
web::get().to(login_controller::reset_password_route),
|
||||
)
|
||||
.route(
|
||||
"/reset_password",
|
||||
web::post().to(login_controller::reset_password_route),
|
||||
)
|
||||
.route(
|
||||
"/2fa_auth",
|
||||
web::get().to(login_controller::choose_2fa_method),
|
||||
)
|
||||
.route("/2fa_otp", web::get().to(login_controller::login_with_otp))
|
||||
.route("/2fa_otp", web::post().to(login_controller::login_with_otp))
|
||||
.route("/2fa_webauthn", web::get().to(login_controller::login_with_webauthn))
|
||||
|
||||
.route(
|
||||
"/2fa_webauthn",
|
||||
web::get().to(login_controller::login_with_webauthn),
|
||||
)
|
||||
// Login api
|
||||
.route("/login/api/auth_webauthn", web::post().to(login_api::auth_webauthn))
|
||||
|
||||
.route(
|
||||
"/login/api/auth_webauthn",
|
||||
web::post().to(login_api::auth_webauthn),
|
||||
)
|
||||
// Settings routes
|
||||
.route("/settings", web::get().to(settings_controller::account_settings_details_route))
|
||||
.route("/settings/change_password", web::get().to(settings_controller::change_password_route))
|
||||
.route("/settings/change_password", web::post().to(settings_controller::change_password_route))
|
||||
.route("/settings/two_factors", web::get().to(two_factors_controller::two_factors_route))
|
||||
.route("/settings/two_factors/add_totp", web::get().to(two_factors_controller::add_totp_factor_route))
|
||||
.route("/settings/two_factors/add_webauthn", web::get().to(two_factors_controller::add_webauthn_factor_route))
|
||||
|
||||
.route(
|
||||
"/settings",
|
||||
web::get().to(settings_controller::account_settings_details_route),
|
||||
)
|
||||
.route(
|
||||
"/settings/change_password",
|
||||
web::get().to(settings_controller::change_password_route),
|
||||
)
|
||||
.route(
|
||||
"/settings/change_password",
|
||||
web::post().to(settings_controller::change_password_route),
|
||||
)
|
||||
.route(
|
||||
"/settings/two_factors",
|
||||
web::get().to(two_factors_controller::two_factors_route),
|
||||
)
|
||||
.route(
|
||||
"/settings/two_factors/add_totp",
|
||||
web::get().to(two_factors_controller::add_totp_factor_route),
|
||||
)
|
||||
.route(
|
||||
"/settings/two_factors/add_webauthn",
|
||||
web::get().to(two_factors_controller::add_webauthn_factor_route),
|
||||
)
|
||||
// User API
|
||||
.route("/settings/api/two_factor/save_totp_factor", web::post().to(two_factor_api::save_totp_factor))
|
||||
.route("/settings/api/two_factor/save_webauthn_factor", web::post().to(two_factor_api::save_webauthn_factor))
|
||||
.route("/settings/api/two_factor/delete_factor", web::post().to(two_factor_api::delete_factor))
|
||||
|
||||
.route(
|
||||
"/settings/api/two_factor/save_totp_factor",
|
||||
web::post().to(two_factor_api::save_totp_factor),
|
||||
)
|
||||
.route(
|
||||
"/settings/api/two_factor/save_webauthn_factor",
|
||||
web::post().to(two_factor_api::save_webauthn_factor),
|
||||
)
|
||||
.route(
|
||||
"/settings/api/two_factor/delete_factor",
|
||||
web::post().to(two_factor_api::delete_factor),
|
||||
)
|
||||
// Admin routes
|
||||
.route("/admin", web::get()
|
||||
.to(|| async { HttpResponse::Found().append_header(("Location", "/settings")).finish() }))
|
||||
.route("/admin/clients", web::get().to(admin_controller::clients_route))
|
||||
.route(
|
||||
"/admin",
|
||||
web::get().to(|| async {
|
||||
HttpResponse::Found()
|
||||
.append_header(("Location", "/settings"))
|
||||
.finish()
|
||||
}),
|
||||
)
|
||||
.route(
|
||||
"/admin/clients",
|
||||
web::get().to(admin_controller::clients_route),
|
||||
)
|
||||
.route("/admin/users", web::get().to(admin_controller::users_route))
|
||||
.route("/admin/users", web::post().to(admin_controller::users_route))
|
||||
.route("/admin/create_user", web::get().to(admin_controller::create_user))
|
||||
.route("/admin/edit_user", web::get().to(admin_controller::edit_user))
|
||||
|
||||
.route(
|
||||
"/admin/users",
|
||||
web::post().to(admin_controller::users_route),
|
||||
)
|
||||
.route(
|
||||
"/admin/create_user",
|
||||
web::get().to(admin_controller::create_user),
|
||||
)
|
||||
.route(
|
||||
"/admin/edit_user",
|
||||
web::get().to(admin_controller::edit_user),
|
||||
)
|
||||
// Admin API
|
||||
.route("/admin/api/find_username", web::post().to(admin_api::find_username))
|
||||
.route("/admin/api/delete_user", web::post().to(admin_api::delete_user))
|
||||
|
||||
.route(
|
||||
"/admin/api/find_username",
|
||||
web::post().to(admin_api::find_username),
|
||||
)
|
||||
.route(
|
||||
"/admin/api/delete_user",
|
||||
web::post().to(admin_api::delete_user),
|
||||
)
|
||||
// OpenID routes
|
||||
.route("/.well-known/openid-configuration", web::get().to(openid_controller::get_configuration))
|
||||
.route(
|
||||
"/.well-known/openid-configuration",
|
||||
web::get().to(openid_controller::get_configuration),
|
||||
)
|
||||
.route(AUTHORIZE_URI, web::get().to(openid_controller::authorize))
|
||||
.route(TOKEN_URI, web::post().to(openid_controller::token))
|
||||
.route(CERT_URI, web::get().to(openid_controller::cert_uri))
|
||||
.route(USERINFO_URI, web::post().to(openid_controller::user_info_post))
|
||||
.route(USERINFO_URI, web::get().to(openid_controller::user_info_get))
|
||||
.route(
|
||||
USERINFO_URI,
|
||||
web::post().to(openid_controller::user_info_post),
|
||||
)
|
||||
.route(
|
||||
USERINFO_URI,
|
||||
web::get().to(openid_controller::user_info_get),
|
||||
)
|
||||
})
|
||||
.bind(listen_address)?
|
||||
.run()
|
||||
.await
|
||||
.bind(listen_address)?
|
||||
.run()
|
||||
.await
|
||||
}
|
||||
|
Reference in New Issue
Block a user