Format code
This commit is contained in:
parent
9236b91f12
commit
b965fa6b4f
@ -1,7 +1,7 @@
|
|||||||
use actix::{Actor, Context, Handler, Message, MessageResult};
|
use actix::{Actor, Context, Handler, Message, MessageResult};
|
||||||
|
|
||||||
use crate::data::entity_manager::EntityManager;
|
use crate::data::entity_manager::EntityManager;
|
||||||
use crate::data::user::{User, UserID, verify_password};
|
use crate::data::user::{verify_password, User, UserID};
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub enum LoginResult {
|
pub enum LoginResult {
|
||||||
@ -29,7 +29,6 @@ pub struct ChangePasswordRequest {
|
|||||||
pub temporary: bool,
|
pub temporary: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
pub struct UsersActor {
|
pub struct UsersActor {
|
||||||
manager: EntityManager<User>,
|
manager: EntityManager<User>,
|
||||||
}
|
}
|
||||||
@ -69,7 +68,10 @@ impl Handler<ChangePasswordRequest> for UsersActor {
|
|||||||
type Result = MessageResult<ChangePasswordRequest>;
|
type Result = MessageResult<ChangePasswordRequest>;
|
||||||
|
|
||||||
fn handle(&mut self, msg: ChangePasswordRequest, _ctx: &mut Self::Context) -> Self::Result {
|
fn handle(&mut self, msg: ChangePasswordRequest, _ctx: &mut Self::Context) -> Self::Result {
|
||||||
MessageResult(ChangePasswordResult(
|
MessageResult(ChangePasswordResult(self.manager.change_user_password(
|
||||||
self.manager.change_user_password(&msg.user_id, &msg.new_password, msg.temporary)))
|
&msg.user_id,
|
||||||
|
&msg.new_password,
|
||||||
|
msg.temporary,
|
||||||
|
)))
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,7 +1,7 @@
|
|||||||
use std::path::Path;
|
use std::path::Path;
|
||||||
|
|
||||||
use actix_web::{HttpResponse, web};
|
use actix_web::{web, HttpResponse};
|
||||||
use include_dir::{Dir, include_dir};
|
use include_dir::{include_dir, Dir};
|
||||||
|
|
||||||
/// Assets directory
|
/// Assets directory
|
||||||
static ASSETS_DIR: Dir = include_dir!("$CARGO_MANIFEST_DIR/assets");
|
static ASSETS_DIR: Dir = include_dir!("$CARGO_MANIFEST_DIR/assets");
|
||||||
|
@ -16,7 +16,11 @@ pub fn redirect_user_for_login<P: Display>(redirect_uri: P) -> HttpResponse {
|
|||||||
HttpResponse::Found()
|
HttpResponse::Found()
|
||||||
.append_header((
|
.append_header((
|
||||||
"Location",
|
"Location",
|
||||||
format!("{}?redirect={}", LOGIN_ROUTE, urlencoding::encode(&redirect_uri.to_string()))
|
format!(
|
||||||
|
"{}?redirect={}",
|
||||||
|
LOGIN_ROUTE,
|
||||||
|
urlencoding::encode(&redirect_uri.to_string())
|
||||||
|
),
|
||||||
))
|
))
|
||||||
.finish()
|
.finish()
|
||||||
}
|
}
|
||||||
|
@ -1,10 +1,10 @@
|
|||||||
use actix::Addr;
|
use actix::Addr;
|
||||||
use actix_identity::Identity;
|
use actix_identity::Identity;
|
||||||
use actix_web::{HttpResponse, Responder, web};
|
use actix_web::{web, HttpResponse, Responder};
|
||||||
use askama::Template;
|
use askama::Template;
|
||||||
|
|
||||||
use crate::actors::users_actor::{ChangePasswordResult, LoginResult, UsersActor};
|
|
||||||
use crate::actors::users_actor;
|
use crate::actors::users_actor;
|
||||||
|
use crate::actors::users_actor::{ChangePasswordResult, LoginResult, UsersActor};
|
||||||
use crate::constants::{APP_NAME, MIN_PASS_LEN};
|
use crate::constants::{APP_NAME, MIN_PASS_LEN};
|
||||||
use crate::controllers::base_controller::redirect_user;
|
use crate::controllers::base_controller::redirect_user;
|
||||||
use crate::data::session_identity::{SessionIdentity, SessionStatus};
|
use crate::data::session_identity::{SessionIdentity, SessionStatus};
|
||||||
@ -46,10 +46,12 @@ pub struct LoginRequestQuery {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Authenticate user
|
/// Authenticate user
|
||||||
pub async fn login_route(users: web::Data<Addr<UsersActor>>,
|
pub async fn login_route(
|
||||||
|
users: web::Data<Addr<UsersActor>>,
|
||||||
query: web::Query<LoginRequestQuery>,
|
query: web::Query<LoginRequestQuery>,
|
||||||
req: Option<web::Form<LoginRequestBody>>,
|
req: Option<web::Form<LoginRequestBody>>,
|
||||||
id: Identity) -> impl Responder {
|
id: Identity,
|
||||||
|
) -> impl Responder {
|
||||||
let mut danger = String::new();
|
let mut danger = String::new();
|
||||||
let mut success = String::new();
|
let mut success = String::new();
|
||||||
let mut login = String::new();
|
let mut login = String::new();
|
||||||
@ -59,7 +61,7 @@ pub async fn login_route(users: web::Data<Addr<UsersActor>>,
|
|||||||
Some(s) => match s.starts_with('/') && !s.starts_with("//") {
|
Some(s) => match s.starts_with('/') && !s.starts_with("//") {
|
||||||
true => s,
|
true => s,
|
||||||
false => "/",
|
false => "/",
|
||||||
}
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
// Check if user session must be closed
|
// Check if user session must be closed
|
||||||
@ -78,11 +80,14 @@ pub async fn login_route(users: web::Data<Addr<UsersActor>>,
|
|||||||
if req.password.len() < MIN_PASS_LEN {
|
if req.password.len() < MIN_PASS_LEN {
|
||||||
danger = "Password is too short!".to_string();
|
danger = "Password is too short!".to_string();
|
||||||
} else {
|
} else {
|
||||||
let res: ChangePasswordResult = users.send(users_actor::ChangePasswordRequest {
|
let res: ChangePasswordResult = users
|
||||||
|
.send(users_actor::ChangePasswordRequest {
|
||||||
user_id: SessionIdentity(&id).user_id(),
|
user_id: SessionIdentity(&id).user_id(),
|
||||||
new_password: req.password.clone(),
|
new_password: req.password.clone(),
|
||||||
temporary: false,
|
temporary: false,
|
||||||
}).await.unwrap();
|
})
|
||||||
|
.await
|
||||||
|
.unwrap();
|
||||||
|
|
||||||
if !res.0 {
|
if !res.0 {
|
||||||
danger = "Failed to change password!".to_string();
|
danger = "Failed to change password!".to_string();
|
||||||
@ -92,16 +97,16 @@ pub async fn login_route(users: web::Data<Addr<UsersActor>>,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Try to authenticate user
|
// Try to authenticate user
|
||||||
else if let Some(req) = &req {
|
else if let Some(req) = &req {
|
||||||
// TODO : check request origin (check for valid Referer)
|
|
||||||
|
|
||||||
login = req.login.clone();
|
login = req.login.clone();
|
||||||
let response: LoginResult = users.send(users_actor::LoginRequest {
|
let response: LoginResult = users
|
||||||
|
.send(users_actor::LoginRequest {
|
||||||
login: login.clone(),
|
login: login.clone(),
|
||||||
password: req.password.clone(),
|
password: req.password.clone(),
|
||||||
}).await.unwrap();
|
})
|
||||||
|
.await
|
||||||
|
.unwrap();
|
||||||
|
|
||||||
match response {
|
match response {
|
||||||
LoginResult::Success(user) => {
|
LoginResult::Success(user) => {
|
||||||
@ -120,7 +125,6 @@ pub async fn login_route(users: web::Data<Addr<UsersActor>>,
|
|||||||
}
|
}
|
||||||
|
|
||||||
c => {
|
c => {
|
||||||
// TODO : add bruteforce detection
|
|
||||||
log::warn!("Failed login for username {} : {:?}", login, c);
|
log::warn!("Failed login for username {} : {:?}", login, c);
|
||||||
danger = "Login failed.".to_string();
|
danger = "Login failed.".to_string();
|
||||||
}
|
}
|
||||||
@ -129,9 +133,8 @@ pub async fn login_route(users: web::Data<Addr<UsersActor>>,
|
|||||||
|
|
||||||
// Display password reset form if it is appropriate
|
// Display password reset form if it is appropriate
|
||||||
if SessionIdentity(&id).need_new_password() {
|
if SessionIdentity(&id).need_new_password() {
|
||||||
return HttpResponse::Ok()
|
return HttpResponse::Ok().content_type("text/html").body(
|
||||||
.content_type("text/html")
|
PasswordResetTemplate {
|
||||||
.body(PasswordResetTemplate {
|
|
||||||
_parent: BaseLoginPage {
|
_parent: BaseLoginPage {
|
||||||
page_title: "Password reset",
|
page_title: "Password reset",
|
||||||
danger,
|
danger,
|
||||||
@ -140,13 +143,14 @@ pub async fn login_route(users: web::Data<Addr<UsersActor>>,
|
|||||||
redirect_uri: urlencoding::encode(redirect_uri).to_string(),
|
redirect_uri: urlencoding::encode(redirect_uri).to_string(),
|
||||||
},
|
},
|
||||||
min_pass_len: MIN_PASS_LEN,
|
min_pass_len: MIN_PASS_LEN,
|
||||||
}.render().unwrap());
|
}
|
||||||
|
.render()
|
||||||
|
.unwrap(),
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
HttpResponse::Ok().content_type("text/html").body(
|
||||||
HttpResponse::Ok()
|
LoginTemplate {
|
||||||
.content_type("text/html")
|
|
||||||
.body(LoginTemplate {
|
|
||||||
_parent: BaseLoginPage {
|
_parent: BaseLoginPage {
|
||||||
page_title: "Login",
|
page_title: "Login",
|
||||||
danger,
|
danger,
|
||||||
@ -155,7 +159,10 @@ pub async fn login_route(users: web::Data<Addr<UsersActor>>,
|
|||||||
redirect_uri: urlencoding::encode(redirect_uri).to_string(),
|
redirect_uri: urlencoding::encode(redirect_uri).to_string(),
|
||||||
},
|
},
|
||||||
login,
|
login,
|
||||||
}.render().unwrap())
|
}
|
||||||
|
.render()
|
||||||
|
.unwrap(),
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Sign out user
|
/// Sign out user
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
pub mod assets_controller;
|
pub mod assets_controller;
|
||||||
pub mod login_controller;
|
|
||||||
pub mod base_controller;
|
pub mod base_controller;
|
||||||
|
pub mod login_controller;
|
||||||
|
@ -8,7 +8,10 @@ pub struct EntityManager<E> {
|
|||||||
list: Vec<E>,
|
list: Vec<E>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<E> EntityManager<E> where E: serde::Serialize + serde::de::DeserializeOwned + Eq + Clone {
|
impl<E> EntityManager<E>
|
||||||
|
where
|
||||||
|
E: serde::Serialize + serde::de::DeserializeOwned + Eq + Clone,
|
||||||
|
{
|
||||||
/// Open entity
|
/// Open entity
|
||||||
pub fn open_or_create<A: AsRef<Path>>(path: A) -> Res<Self> {
|
pub fn open_or_create<A: AsRef<Path>>(path: A) -> Res<Self> {
|
||||||
if !path.as_ref().is_file() {
|
if !path.as_ref().is_file() {
|
||||||
@ -37,7 +40,10 @@ impl<E> EntityManager<E> where E: serde::Serialize + serde::de::DeserializeOwned
|
|||||||
|
|
||||||
/// Save the list
|
/// Save the list
|
||||||
fn save(&self) -> Res {
|
fn save(&self) -> Res {
|
||||||
Ok(std::fs::write(&self.file_path, serde_json::to_string(&self.list)?)?)
|
Ok(std::fs::write(
|
||||||
|
&self.file_path,
|
||||||
|
serde_json::to_string(&self.list)?,
|
||||||
|
)?)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Insert a new element in the list
|
/// Insert a new element in the list
|
||||||
@ -47,7 +53,10 @@ impl<E> EntityManager<E> where E: serde::Serialize + serde::de::DeserializeOwned
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Replace entries in the list that matches a criteria
|
/// Replace entries in the list that matches a criteria
|
||||||
pub fn replace_entries<F>(&mut self, filter: F, el: &E) -> Res where F: Fn(&E) -> bool {
|
pub fn replace_entries<F>(&mut self, filter: F, el: &E) -> Res
|
||||||
|
where
|
||||||
|
F: Fn(&E) -> bool,
|
||||||
|
{
|
||||||
for i in 0..self.list.len() {
|
for i in 0..self.list.len() {
|
||||||
if filter(&self.list[i]) {
|
if filter(&self.list[i]) {
|
||||||
self.list[i] = el.clone();
|
self.list[i] = el.clone();
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
pub mod app_config;
|
pub mod app_config;
|
||||||
pub mod user;
|
|
||||||
pub mod service;
|
|
||||||
pub mod entity_manager;
|
pub mod entity_manager;
|
||||||
|
pub mod service;
|
||||||
pub mod session_identity;
|
pub mod session_identity;
|
||||||
|
pub mod user;
|
||||||
|
@ -17,7 +17,6 @@ impl Default for SessionStatus {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#[derive(Debug, Serialize, Deserialize, Default)]
|
#[derive(Debug, Serialize, Deserialize, Default)]
|
||||||
pub struct SessionIdentityData {
|
pub struct SessionIdentityData {
|
||||||
pub id: UserID,
|
pub id: UserID,
|
||||||
@ -33,7 +32,8 @@ impl<'a> SessionIdentity<'a> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
pub fn deserialize_session_data(data: Option<String>) -> Option<SessionIdentityData> {
|
pub fn deserialize_session_data(data: Option<String>) -> Option<SessionIdentityData> {
|
||||||
let res: Option<SessionIdentityData> = data.as_deref()
|
let res: Option<SessionIdentityData> = data
|
||||||
|
.as_deref()
|
||||||
.map(serde_json::from_str)
|
.map(serde_json::from_str)
|
||||||
.map(|f| match f {
|
.map(|f| match f {
|
||||||
Ok(d) => Some(d),
|
Ok(d) => Some(d),
|
||||||
@ -55,8 +55,7 @@ impl<'a> SessionIdentity<'a> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
fn set_session_data(&self, data: &SessionIdentityData) {
|
fn set_session_data(&self, data: &SessionIdentityData) {
|
||||||
let s = serde_json::to_string(data)
|
let s = serde_json::to_string(data).expect("Failed to serialize session data!");
|
||||||
.expect("Failed to serialize session data!");
|
|
||||||
|
|
||||||
self.0.remember(s);
|
self.0.remember(s);
|
||||||
}
|
}
|
||||||
@ -88,8 +87,6 @@ impl<'a> SessionIdentity<'a> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
pub fn user_id(&self) -> UserID {
|
pub fn user_id(&self) -> UserID {
|
||||||
self.get_session_data()
|
self.get_session_data().unwrap_or_default().id
|
||||||
.unwrap_or_default()
|
|
||||||
.id
|
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -80,10 +80,13 @@ impl EntityManager<User> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Update user information
|
/// Update user information
|
||||||
fn update_user<F>(&mut self, id: &UserID, update: F) -> bool where F: FnOnce(User) -> User {
|
fn update_user<F>(&mut self, id: &UserID, update: F) -> bool
|
||||||
|
where
|
||||||
|
F: FnOnce(User) -> User,
|
||||||
|
{
|
||||||
let user = match self.find_by_user_id(id) {
|
let user = match self.find_by_user_id(id) {
|
||||||
None => return false,
|
None => return false,
|
||||||
Some(user) => user
|
Some(user) => user,
|
||||||
};
|
};
|
||||||
|
|
||||||
if let Err(e) = self.replace_entries(|u| u.uid.eq(id), &update(user)) {
|
if let Err(e) = self.replace_entries(|u| u.uid.eq(id), &update(user)) {
|
||||||
@ -96,7 +99,7 @@ impl EntityManager<User> {
|
|||||||
|
|
||||||
pub fn change_user_password(&mut self, id: &UserID, password: &str, temporary: bool) -> bool {
|
pub fn change_user_password(&mut self, id: &UserID, password: &str, temporary: bool) -> bool {
|
||||||
let new_hash = match hash_password(password) {
|
let new_hash = match hash_password(password) {
|
||||||
Ok(h) => { h }
|
Ok(h) => h,
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
log::error!("Failed to hash user password! {}", e);
|
log::error!("Failed to hash user password! {}", e);
|
||||||
return false;
|
return false;
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
pub mod data;
|
pub mod actors;
|
||||||
pub mod utils;
|
|
||||||
pub mod constants;
|
pub mod constants;
|
||||||
pub mod controllers;
|
pub mod controllers;
|
||||||
pub mod actors;
|
pub mod data;
|
||||||
pub mod middlewares;
|
pub mod middlewares;
|
||||||
|
pub mod utils;
|
||||||
|
15
src/main.rs
15
src/main.rs
@ -1,13 +1,16 @@
|
|||||||
use actix::Actor;
|
use actix::Actor;
|
||||||
use actix_identity::{CookieIdentityPolicy, IdentityService};
|
use actix_identity::{CookieIdentityPolicy, IdentityService};
|
||||||
use actix_web::{App, get, HttpServer, web};
|
|
||||||
use actix_web::cookie::SameSite;
|
|
||||||
use actix_web::cookie::time::Duration;
|
use actix_web::cookie::time::Duration;
|
||||||
|
use actix_web::cookie::SameSite;
|
||||||
use actix_web::middleware::Logger;
|
use actix_web::middleware::Logger;
|
||||||
|
use actix_web::{get, web, App, HttpServer};
|
||||||
use clap::Parser;
|
use clap::Parser;
|
||||||
|
|
||||||
use basic_oidc::actors::users_actor::UsersActor;
|
use basic_oidc::actors::users_actor::UsersActor;
|
||||||
use basic_oidc::constants::{DEFAULT_ADMIN_PASSWORD, DEFAULT_ADMIN_USERNAME, MAX_INACTIVITY_DURATION, MAX_SESSION_DURATION, SESSION_COOKIE_NAME};
|
use basic_oidc::constants::{
|
||||||
|
DEFAULT_ADMIN_PASSWORD, DEFAULT_ADMIN_USERNAME, MAX_INACTIVITY_DURATION, MAX_SESSION_DURATION,
|
||||||
|
SESSION_COOKIE_NAME,
|
||||||
|
};
|
||||||
use basic_oidc::controllers::assets_controller::assets_route;
|
use basic_oidc::controllers::assets_controller::assets_route;
|
||||||
use basic_oidc::controllers::login_controller::{login_route, logout_route};
|
use basic_oidc::controllers::login_controller::{login_route, logout_route};
|
||||||
use basic_oidc::data::app_config::AppConfig;
|
use basic_oidc::data::app_config::AppConfig;
|
||||||
@ -72,25 +75,19 @@ async fn main() -> std::io::Result<()> {
|
|||||||
.login_deadline(Duration::seconds(MAX_SESSION_DURATION))
|
.login_deadline(Duration::seconds(MAX_SESSION_DURATION))
|
||||||
.same_site(SameSite::Strict);
|
.same_site(SameSite::Strict);
|
||||||
|
|
||||||
|
|
||||||
App::new()
|
App::new()
|
||||||
.app_data(web::Data::new(users_actor.clone()))
|
.app_data(web::Data::new(users_actor.clone()))
|
||||||
.app_data(web::Data::new(config.clone()))
|
.app_data(web::Data::new(config.clone()))
|
||||||
|
|
||||||
.wrap(Logger::default())
|
.wrap(Logger::default())
|
||||||
.wrap(AuthMiddleware {})
|
.wrap(AuthMiddleware {})
|
||||||
.wrap(IdentityService::new(policy))
|
.wrap(IdentityService::new(policy))
|
||||||
|
|
||||||
// /health route
|
// /health route
|
||||||
.service(health)
|
.service(health)
|
||||||
|
|
||||||
// Assets serving
|
// Assets serving
|
||||||
.route("/assets/{path:.*}", web::get().to(assets_route))
|
.route("/assets/{path:.*}", web::get().to(assets_route))
|
||||||
|
|
||||||
// Login page
|
// Login page
|
||||||
.route("/login", web::get().to(login_route))
|
.route("/login", web::get().to(login_route))
|
||||||
.route("/login", web::post().to(login_route))
|
.route("/login", web::post().to(login_route))
|
||||||
|
|
||||||
// Logout page
|
// Logout page
|
||||||
.route("/logout", web::get().to(logout_route))
|
.route("/logout", web::get().to(logout_route))
|
||||||
})
|
})
|
||||||
|
@ -1,13 +1,16 @@
|
|||||||
//! # Authentication middleware
|
//! # Authentication middleware
|
||||||
|
|
||||||
use std::future::{Future, ready, Ready};
|
use std::future::{ready, Future, Ready};
|
||||||
use std::pin::Pin;
|
use std::pin::Pin;
|
||||||
use std::rc::Rc;
|
use std::rc::Rc;
|
||||||
|
|
||||||
use actix_identity::RequestIdentity;
|
use actix_identity::RequestIdentity;
|
||||||
use actix_web::{dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform}, Error, HttpResponse, web};
|
|
||||||
use actix_web::body::EitherBody;
|
use actix_web::body::EitherBody;
|
||||||
use actix_web::http::{header, Method};
|
use actix_web::http::{header, Method};
|
||||||
|
use actix_web::{
|
||||||
|
dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
|
||||||
|
web, Error, HttpResponse,
|
||||||
|
};
|
||||||
use askama::Template;
|
use askama::Template;
|
||||||
|
|
||||||
use crate::constants::{ADMIN_ROUTES, AUTHENTICATED_ROUTES};
|
use crate::constants::{ADMIN_ROUTES, AUTHENTICATED_ROUTES};
|
||||||
@ -37,7 +40,9 @@ impl<S, B> Transform<S, ServiceRequest> for AuthMiddleware
|
|||||||
type Future = Ready<Result<Self::Transform, Self::InitError>>;
|
type Future = Ready<Result<Self::Transform, Self::InitError>>;
|
||||||
|
|
||||||
fn new_transform(&self, service: S) -> Self::Future {
|
fn new_transform(&self, service: S) -> Self::Future {
|
||||||
ready(Ok(AuthInnerMiddleware { service: Rc::new(service) }))
|
ready(Ok(AuthInnerMiddleware {
|
||||||
|
service: Rc::new(service),
|
||||||
|
}))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -92,11 +97,14 @@ impl<S, B> Service<ServiceRequest> for AuthInnerMiddleware<S>
|
|||||||
if req.method() == Method::POST {
|
if req.method() == Method::POST {
|
||||||
if let Some(o) = origin {
|
if let Some(o) = origin {
|
||||||
if !o.to_str().unwrap_or("bad").eq(&config.website_origin) {
|
if !o.to_str().unwrap_or("bad").eq(&config.website_origin) {
|
||||||
log::warn!("Blocked POST request from invalid origin! Origin given {:?}", o);
|
log::warn!(
|
||||||
|
"Blocked POST request from invalid origin! Origin given {:?}",
|
||||||
|
o
|
||||||
|
);
|
||||||
return Ok(req.into_response(
|
return Ok(req.into_response(
|
||||||
HttpResponse::Unauthorized()
|
HttpResponse::Unauthorized()
|
||||||
.body("POST request from invalid origin!")
|
.body("POST request from invalid origin!")
|
||||||
.map_into_right_body()
|
.map_into_right_body(),
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -106,28 +114,41 @@ impl<S, B> Service<ServiceRequest> for AuthInnerMiddleware<S>
|
|||||||
return Ok(req.into_response(
|
return Ok(req.into_response(
|
||||||
HttpResponse::Unauthorized()
|
HttpResponse::Unauthorized()
|
||||||
.body("Hey don't touch this!")
|
.body("Hey don't touch this!")
|
||||||
.map_into_right_body()
|
.map_into_right_body(),
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
let session = match SessionIdentity::deserialize_session_data(req.get_identity()) {
|
let session = match SessionIdentity::deserialize_session_data(req.get_identity()) {
|
||||||
Some(SessionIdentityData { status: SessionStatus::SignedIn, is_admin: true, .. }) => ConnStatus::Admin,
|
Some(SessionIdentityData {
|
||||||
Some(SessionIdentityData { status: SessionStatus::SignedIn, .. }) => ConnStatus::RegularUser,
|
status: SessionStatus::SignedIn,
|
||||||
|
is_admin: true,
|
||||||
|
..
|
||||||
|
}) => ConnStatus::Admin,
|
||||||
|
Some(SessionIdentityData {
|
||||||
|
status: SessionStatus::SignedIn,
|
||||||
|
..
|
||||||
|
}) => ConnStatus::RegularUser,
|
||||||
_ => ConnStatus::SignedOut,
|
_ => ConnStatus::SignedOut,
|
||||||
};
|
};
|
||||||
|
|
||||||
// Redirect user to login page
|
// Redirect user to login page
|
||||||
if !session.is_auth() && (req.path().starts_with(ADMIN_ROUTES) ||
|
if !session.is_auth()
|
||||||
req.path().starts_with(AUTHENTICATED_ROUTES)) {
|
&& (req.path().starts_with(ADMIN_ROUTES)
|
||||||
|
|| req.path().starts_with(AUTHENTICATED_ROUTES))
|
||||||
|
{
|
||||||
let path = req.path().to_string();
|
let path = req.path().to_string();
|
||||||
return Ok(req.into_response(redirect_user_for_login(path))
|
return Ok(req
|
||||||
|
.into_response(redirect_user_for_login(path))
|
||||||
.map_into_right_body());
|
.map_into_right_body());
|
||||||
}
|
}
|
||||||
|
|
||||||
// Restrict access to admin pages
|
// Restrict access to admin pages
|
||||||
if !session.is_admin() && req.path().starts_with(ADMIN_ROUTES) {
|
if !session.is_admin() && req.path().starts_with(ADMIN_ROUTES) {
|
||||||
return Ok(req.into_response(HttpResponse::Unauthorized()
|
return Ok(req
|
||||||
.body(AccessDeniedTemplate {}.render().unwrap()))
|
.into_response(
|
||||||
|
HttpResponse::Unauthorized()
|
||||||
|
.body(AccessDeniedTemplate {}.render().unwrap()),
|
||||||
|
)
|
||||||
.map_into_right_body());
|
.map_into_right_body());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2,5 +2,8 @@ use std::time::{SystemTime, UNIX_EPOCH};
|
|||||||
|
|
||||||
/// Get the current time since epoch
|
/// Get the current time since epoch
|
||||||
pub fn time() -> u64 {
|
pub fn time() -> u64 {
|
||||||
SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs()
|
SystemTime::now()
|
||||||
|
.duration_since(UNIX_EPOCH)
|
||||||
|
.unwrap()
|
||||||
|
.as_secs()
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user