Add actix-identity crate

This commit is contained in:
Pierre HUBERT 2022-03-30 16:58:00 +02:00
parent 6fdac7fbb1
commit eab9bdf7f5
6 changed files with 181 additions and 4 deletions

152
Cargo.lock generated
View File

@ -80,6 +80,21 @@ dependencies = [
"zstd", "zstd",
] ]
[[package]]
name = "actix-identity"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "171fe3ed055b2dd50c61967911d253d47e76e1d4308acfbf99fc7affe5ec42aa"
dependencies = [
"actix-service",
"actix-utils",
"actix-web",
"futures-util",
"serde",
"serde_json",
"time",
]
[[package]] [[package]]
name = "actix-macros" name = "actix-macros"
version = "0.2.3" version = "0.2.3"
@ -222,6 +237,41 @@ version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
[[package]]
name = "aead"
version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0b613b8e1e3cf911a086f53f03bf286f52fd7a7258e4fa606f0ef220d39d8877"
dependencies = [
"generic-array",
]
[[package]]
name = "aes"
version = "0.7.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9e8b47f52ea9bae42228d07ec09eb676433d7c4ed1ebdf0f1d1c29ed446f1ab8"
dependencies = [
"cfg-if",
"cipher 0.3.0",
"cpufeatures",
"opaque-debug",
]
[[package]]
name = "aes-gcm"
version = "0.9.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "df5f85a83a7d8b0442b6aa7b504b8212c1733da07b98aae43d4bc21b2cb3cdf6"
dependencies = [
"aead",
"aes",
"cipher 0.3.0",
"ctr",
"ghash",
"subtle",
]
[[package]] [[package]]
name = "ahash" name = "ahash"
version = "0.7.6" version = "0.7.6"
@ -333,6 +383,7 @@ name = "basic-oidc"
version = "0.1.0" version = "0.1.0"
dependencies = [ dependencies = [
"actix", "actix",
"actix-identity",
"actix-web", "actix-web",
"askama", "askama",
"bcrypt", "bcrypt",
@ -380,7 +431,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7" checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7"
dependencies = [ dependencies = [
"byteorder", "byteorder",
"cipher", "cipher 0.4.3",
] ]
[[package]] [[package]]
@ -440,6 +491,15 @@ version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]]
name = "cipher"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7ee52072ec15386f770805afd189a01c8841be8696bed250fa2f13c4c0d6dfb7"
dependencies = [
"generic-array",
]
[[package]] [[package]]
name = "cipher" name = "cipher"
version = "0.4.3" version = "0.4.3"
@ -492,7 +552,14 @@ version = "0.16.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "94d4706de1b0fa5b132270cddffa8585166037822e260a944fe161acd137ca05" checksum = "94d4706de1b0fa5b132270cddffa8585166037822e260a944fe161acd137ca05"
dependencies = [ dependencies = [
"aes-gcm",
"base64",
"hkdf",
"hmac",
"percent-encoding", "percent-encoding",
"rand",
"sha2",
"subtle",
"time", "time",
"version_check", "version_check",
] ]
@ -545,6 +612,15 @@ dependencies = [
"typenum", "typenum",
] ]
[[package]]
name = "ctr"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "049bb91fb4aaf0e3c7efa6cd5ef877dbbbd15b39dad06d9948de4ec8a75761ea"
dependencies = [
"cipher 0.3.0",
]
[[package]] [[package]]
name = "derive_more" name = "derive_more"
version = "0.99.17" version = "0.99.17"
@ -566,6 +642,7 @@ checksum = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506"
dependencies = [ dependencies = [
"block-buffer", "block-buffer",
"crypto-common", "crypto-common",
"subtle",
] ]
[[package]] [[package]]
@ -675,6 +752,16 @@ dependencies = [
"wasi 0.10.2+wasi-snapshot-preview1", "wasi 0.10.2+wasi-snapshot-preview1",
] ]
[[package]]
name = "ghash"
version = "0.4.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1583cc1656d7839fd3732b80cf4f38850336cdb9b8ded1cd399ca62958de3c99"
dependencies = [
"opaque-debug",
"polyval",
]
[[package]] [[package]]
name = "h2" name = "h2"
version = "0.3.12" version = "0.3.12"
@ -715,6 +802,24 @@ dependencies = [
"libc", "libc",
] ]
[[package]]
name = "hkdf"
version = "0.12.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437"
dependencies = [
"hmac",
]
[[package]]
name = "hmac"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
dependencies = [
"digest",
]
[[package]] [[package]]
name = "http" name = "http"
version = "0.2.6" version = "0.2.6"
@ -988,6 +1093,12 @@ version = "1.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "87f3e037eac156d1775da914196f0f37741a274155e34a0b7e427c35d2a2ecb9" checksum = "87f3e037eac156d1775da914196f0f37741a274155e34a0b7e427c35d2a2ecb9"
[[package]]
name = "opaque-debug"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
[[package]] [[package]]
name = "os_str_bytes" name = "os_str_bytes"
version = "6.0.0" version = "6.0.0"
@ -1044,6 +1155,18 @@ version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
[[package]]
name = "polyval"
version = "0.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8419d2b623c7c0896ff2d5d96e2cb4ede590fed28fcc34934f4c33c036e620a1"
dependencies = [
"cfg-if",
"cpufeatures",
"opaque-debug",
"universal-hash",
]
[[package]] [[package]]
name = "ppv-lite86" name = "ppv-lite86"
version = "0.2.16" version = "0.2.16"
@ -1229,6 +1352,17 @@ dependencies = [
"digest", "digest",
] ]
[[package]]
name = "sha2"
version = "0.10.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "55deaec60f81eefe3cce0dc50bda92d6d8e88f2a27df7c5033b42afeb1ed2676"
dependencies = [
"cfg-if",
"cpufeatures",
"digest",
]
[[package]] [[package]]
name = "signal-hook-registry" name = "signal-hook-registry"
version = "1.4.0" version = "1.4.0"
@ -1266,6 +1400,12 @@ version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
[[package]]
name = "subtle"
version = "2.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
[[package]] [[package]]
name = "syn" name = "syn"
version = "1.0.90" version = "1.0.90"
@ -1449,6 +1589,16 @@ version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3"
[[package]]
name = "universal-hash"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9f214e8f697e925001e66ec2c6e37a4ef93f0f78c2eed7814394e10c62025b05"
dependencies = [
"generic-array",
"subtle",
]
[[package]] [[package]]
name = "url" name = "url"
version = "2.2.2" version = "2.2.2"

View File

@ -7,6 +7,7 @@ edition = "2021"
[dependencies] [dependencies]
actix = "0.13.0" actix = "0.13.0"
actix-identity = "0.4.0"
actix-web = "4" actix-web = "4"
clap = { version = "3.1.6", features = ["derive", "env"] } clap = { version = "3.1.6", features = ["derive", "env"] }
include_dir = "0.7.2" include_dir = "0.7.2"

3
README.md Normal file
View File

@ -0,0 +1,3 @@
TODO list
- [ ] Bruteforce protection
- [ ] CRSF protection

View File

@ -1,4 +1,5 @@
use actix::Addr; use actix::Addr;
use actix_identity::Identity;
use actix_web::{HttpResponse, Responder, web}; use actix_web::{HttpResponse, Responder, web};
use askama::Template; use askama::Template;
@ -30,7 +31,8 @@ pub struct LoginRequest {
/// Authenticate user /// Authenticate user
pub async fn login_route(users: web::Data<Addr<UsersActor>>, pub async fn login_route(users: web::Data<Addr<UsersActor>>,
req: Option<web::Form<LoginRequest>>) -> impl Responder { req: Option<web::Form<LoginRequest>>,
id: Identity) -> impl Responder {
let mut danger = String::new(); let mut danger = String::new();
let mut login = String::new(); let mut login = String::new();
@ -42,6 +44,7 @@ pub async fn login_route(users: web::Data<Addr<UsersActor>>,
password: req.password.clone(), password: req.password.clone(),
}).await.unwrap(); }).await.unwrap();
// TODO : save auth in case of successful authentication
danger = format!("{:?}", response) danger = format!("{:?}", response)
} }

View File

@ -15,6 +15,14 @@ pub struct AppConfig {
/// Storage path /// Storage path
#[clap(short, long, env)] #[clap(short, long, env)]
pub storage_path: String, pub storage_path: String,
/// App token token
#[clap(short, long, env, default_value = "")]
pub token_key: String,
/// Should the auth cookie be secure
#[clap(long, env)]
pub secure_auth_cookie: bool,
} }
impl AppConfig { impl AppConfig {

View File

@ -10,6 +10,7 @@ use basic_oidc::data::entity_manager::EntityManager;
use basic_oidc::data::user::{hash_password, User}; use basic_oidc::data::user::{hash_password, User};
use basic_oidc::actors::users_actor::UsersActor; use basic_oidc::actors::users_actor::UsersActor;
use actix::Actor; use actix::Actor;
use actix_identity::{IdentityService, CookieIdentityPolicy};
#[get("/health")] #[get("/health")]
async fn health() -> &'static str { async fn health() -> &'static str {
@ -20,7 +21,12 @@ async fn health() -> &'static str {
async fn main() -> std::io::Result<()> { async fn main() -> std::io::Result<()> {
env_logger::init_from_env(env_logger::Env::new().default_filter_or("info")); env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));
let config: AppConfig = AppConfig::parse(); let mut config: AppConfig = AppConfig::parse();
// In debug mode only, use dummy token
if cfg!(debug_assertions) && config.token_key.is_empty() {
config.token_key = String::from_utf8_lossy(&[32; 32]).to_string();
}
if !config.storage_path().exists() { if !config.storage_path().exists() {
log::error!( log::error!(
@ -55,10 +61,16 @@ async fn main() -> std::io::Result<()> {
log::info!("Server will listen on {}", config.listen_address); log::info!("Server will listen on {}", config.listen_address);
HttpServer::new(move || { HttpServer::new(move || {
let policy = CookieIdentityPolicy::new(config.token_key.as_bytes())
.name("auth-cookie")
.secure(config.secure_auth_cookie);
App::new() App::new()
.app_data(web::Data::new(users_actor.clone())) .app_data(web::Data::new(users_actor.clone()))
.wrap(Logger::default()) .wrap(Logger::default())
.wrap(IdentityService::new(policy))
// /health route // /health route
.service(health) .service(health)