From eab9bdf7f5ce249add62d724eeaeba2f4bbfc95a Mon Sep 17 00:00:00 2001 From: Pierre Hubert Date: Wed, 30 Mar 2022 16:58:00 +0200 Subject: [PATCH] Add actix-identity crate --- Cargo.lock | 152 +++++++++++++++++++++++++++- Cargo.toml | 3 +- README.md | 3 + src/controllers/login_controller.rs | 5 +- src/data/app_config.rs | 8 ++ src/main.rs | 14 ++- 6 files changed, 181 insertions(+), 4 deletions(-) create mode 100644 README.md diff --git a/Cargo.lock b/Cargo.lock index 632b80f..6ef80d8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -80,6 +80,21 @@ dependencies = [ "zstd", ] +[[package]] +name = "actix-identity" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "171fe3ed055b2dd50c61967911d253d47e76e1d4308acfbf99fc7affe5ec42aa" +dependencies = [ + "actix-service", + "actix-utils", + "actix-web", + "futures-util", + "serde", + "serde_json", + "time", +] + [[package]] name = "actix-macros" version = "0.2.3" @@ -222,6 +237,41 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" +[[package]] +name = "aead" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b613b8e1e3cf911a086f53f03bf286f52fd7a7258e4fa606f0ef220d39d8877" +dependencies = [ + "generic-array", +] + +[[package]] +name = "aes" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e8b47f52ea9bae42228d07ec09eb676433d7c4ed1ebdf0f1d1c29ed446f1ab8" +dependencies = [ + "cfg-if", + "cipher 0.3.0", + "cpufeatures", + "opaque-debug", +] + +[[package]] +name = "aes-gcm" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df5f85a83a7d8b0442b6aa7b504b8212c1733da07b98aae43d4bc21b2cb3cdf6" +dependencies = [ + "aead", + "aes", + "cipher 0.3.0", + "ctr", + "ghash", + "subtle", +] + [[package]] name = "ahash" version = "0.7.6" @@ -333,6 +383,7 @@ name = "basic-oidc" version = "0.1.0" dependencies = [ "actix", + "actix-identity", "actix-web", "askama", "bcrypt", @@ -380,7 +431,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7" dependencies = [ "byteorder", - "cipher", + "cipher 0.4.3", ] [[package]] @@ -440,6 +491,15 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "cipher" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ee52072ec15386f770805afd189a01c8841be8696bed250fa2f13c4c0d6dfb7" +dependencies = [ + "generic-array", +] + [[package]] name = "cipher" version = "0.4.3" @@ -492,7 +552,14 @@ version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94d4706de1b0fa5b132270cddffa8585166037822e260a944fe161acd137ca05" dependencies = [ + "aes-gcm", + "base64", + "hkdf", + "hmac", "percent-encoding", + "rand", + "sha2", + "subtle", "time", "version_check", ] @@ -545,6 +612,15 @@ dependencies = [ "typenum", ] +[[package]] +name = "ctr" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "049bb91fb4aaf0e3c7efa6cd5ef877dbbbd15b39dad06d9948de4ec8a75761ea" +dependencies = [ + "cipher 0.3.0", +] + [[package]] name = "derive_more" version = "0.99.17" @@ -566,6 +642,7 @@ checksum = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506" dependencies = [ "block-buffer", "crypto-common", + "subtle", ] [[package]] @@ -675,6 +752,16 @@ dependencies = [ "wasi 0.10.2+wasi-snapshot-preview1", ] +[[package]] +name = "ghash" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1583cc1656d7839fd3732b80cf4f38850336cdb9b8ded1cd399ca62958de3c99" +dependencies = [ + "opaque-debug", + "polyval", +] + [[package]] name = "h2" version = "0.3.12" @@ -715,6 +802,24 @@ dependencies = [ "libc", ] +[[package]] +name = "hkdf" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + [[package]] name = "http" version = "0.2.6" @@ -988,6 +1093,12 @@ version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "87f3e037eac156d1775da914196f0f37741a274155e34a0b7e427c35d2a2ecb9" +[[package]] +name = "opaque-debug" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" + [[package]] name = "os_str_bytes" version = "6.0.0" @@ -1044,6 +1155,18 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" +[[package]] +name = "polyval" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8419d2b623c7c0896ff2d5d96e2cb4ede590fed28fcc34934f4c33c036e620a1" +dependencies = [ + "cfg-if", + "cpufeatures", + "opaque-debug", + "universal-hash", +] + [[package]] name = "ppv-lite86" version = "0.2.16" @@ -1229,6 +1352,17 @@ dependencies = [ "digest", ] +[[package]] +name = "sha2" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55deaec60f81eefe3cce0dc50bda92d6d8e88f2a27df7c5033b42afeb1ed2676" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + [[package]] name = "signal-hook-registry" version = "1.4.0" @@ -1266,6 +1400,12 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +[[package]] +name = "subtle" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" + [[package]] name = "syn" version = "1.0.90" @@ -1449,6 +1589,16 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" +[[package]] +name = "universal-hash" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f214e8f697e925001e66ec2c6e37a4ef93f0f78c2eed7814394e10c62025b05" +dependencies = [ + "generic-array", + "subtle", +] + [[package]] name = "url" version = "2.2.2" diff --git a/Cargo.toml b/Cargo.toml index 10f2078..dd99b6d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -7,6 +7,7 @@ edition = "2021" [dependencies] actix = "0.13.0" +actix-identity = "0.4.0" actix-web = "4" clap = { version = "3.1.6", features = ["derive", "env"] } include_dir = "0.7.2" @@ -17,4 +18,4 @@ serde = { version = "1.0.136", features = ["derive"] } bcrypt = "0.12.1" uuid = { version = "0.8.2", features = ["v4"] } mime_guess = "2.0.4" -askama = "0.11.1" \ No newline at end of file +askama = "0.11.1" diff --git a/README.md b/README.md new file mode 100644 index 0000000..7836af9 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +TODO list +- [ ] Bruteforce protection +- [ ] CRSF protection \ No newline at end of file diff --git a/src/controllers/login_controller.rs b/src/controllers/login_controller.rs index a6c2e23..c9c5d19 100644 --- a/src/controllers/login_controller.rs +++ b/src/controllers/login_controller.rs @@ -1,4 +1,5 @@ use actix::Addr; +use actix_identity::Identity; use actix_web::{HttpResponse, Responder, web}; use askama::Template; @@ -30,7 +31,8 @@ pub struct LoginRequest { /// Authenticate user pub async fn login_route(users: web::Data>, - req: Option>) -> impl Responder { + req: Option>, + id: Identity) -> impl Responder { let mut danger = String::new(); let mut login = String::new(); @@ -42,6 +44,7 @@ pub async fn login_route(users: web::Data>, password: req.password.clone(), }).await.unwrap(); + // TODO : save auth in case of successful authentication danger = format!("{:?}", response) } diff --git a/src/data/app_config.rs b/src/data/app_config.rs index 446627f..7350128 100644 --- a/src/data/app_config.rs +++ b/src/data/app_config.rs @@ -15,6 +15,14 @@ pub struct AppConfig { /// Storage path #[clap(short, long, env)] pub storage_path: String, + + /// App token token + #[clap(short, long, env, default_value = "")] + pub token_key: String, + + /// Should the auth cookie be secure + #[clap(long, env)] + pub secure_auth_cookie: bool, } impl AppConfig { diff --git a/src/main.rs b/src/main.rs index 7c115a4..a7296d0 100644 --- a/src/main.rs +++ b/src/main.rs @@ -10,6 +10,7 @@ use basic_oidc::data::entity_manager::EntityManager; use basic_oidc::data::user::{hash_password, User}; use basic_oidc::actors::users_actor::UsersActor; use actix::Actor; +use actix_identity::{IdentityService, CookieIdentityPolicy}; #[get("/health")] async fn health() -> &'static str { @@ -20,7 +21,12 @@ async fn health() -> &'static str { async fn main() -> std::io::Result<()> { env_logger::init_from_env(env_logger::Env::new().default_filter_or("info")); - let config: AppConfig = AppConfig::parse(); + let mut config: AppConfig = AppConfig::parse(); + + // In debug mode only, use dummy token + if cfg!(debug_assertions) && config.token_key.is_empty() { + config.token_key = String::from_utf8_lossy(&[32; 32]).to_string(); + } if !config.storage_path().exists() { log::error!( @@ -55,10 +61,16 @@ async fn main() -> std::io::Result<()> { log::info!("Server will listen on {}", config.listen_address); HttpServer::new(move || { + let policy = CookieIdentityPolicy::new(config.token_key.as_bytes()) + .name("auth-cookie") + .secure(config.secure_auth_cookie); + + App::new() .app_data(web::Data::new(users_actor.clone())) .wrap(Logger::default()) + .wrap(IdentityService::new(policy)) // /health route .service(health)