pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: pierre:ad58d2de7eecceb8feeaa26be5e0d4ca384f84d9
Branches Tags
pierre:master
..
compare: pierre:777b8814f566522387fe4f104d2790c7a748f78a
Branches Tags
pierre:master

No commits in common. "ad58d2de7eecceb8feeaa26be5e0d4ca384f84d9" and "777b8814f566522387fe4f104d2790c7a748f78a" have entirely different histories.
ad58d2de7e ... 777b8814f5

8 changed files with 14 additions and 122 deletions
Show Stats Expand all files Collapse all files

14
Cargo.lock generated
View File

@ -389,7 +389,6 @@ dependencies = [
"bcrypt", "bcrypt",
"clap", "clap",
"env_logger", "env_logger",
"futures-util",
"include_dir", "include_dir",
"log", "log",
"mime_guess", "mime_guess",
@ -708,17 +707,6 @@ version = "0.3.21"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0c09fd04b7e4073ac7156a9539b57a484a8ea920f79c7c675d05d289ab6110d3" checksum = "0c09fd04b7e4073ac7156a9539b57a484a8ea920f79c7c675d05d289ab6110d3"
[[package]]
name = "futures-macro"
version = "0.3.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "33c1e13800337f4d4d7a316bf45a567dbcb6ffe087f16424852d97e97a91f512"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]] [[package]]
name = "futures-sink" name = "futures-sink"
version = "0.3.21" version = "0.3.21"
@ -738,11 +726,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d8b7abd5d659d9b90c8cba917f6ec750a74e2dc23902ef9cd4cc8c8b22e6036a" checksum = "d8b7abd5d659d9b90c8cba917f6ec750a74e2dc23902ef9cd4cc8c8b22e6036a"
dependencies = [ dependencies = [
"futures-core", "futures-core",
"futures-macro",
"futures-task", "futures-task",
"pin-project-lite", "pin-project-lite",
"pin-utils", "pin-utils",
"slab",
] ]
[[package]] [[package]]

1
Cargo.toml
View File

@ -19,4 +19,3 @@ bcrypt = "0.12.1"
uuid = { version = "0.8.2", features = ["v4"] } uuid = { version = "0.8.2", features = ["v4"] }
mime_guess = "2.0.4" mime_guess = "2.0.4"
askama = "0.11.1" askama = "0.11.1"
futures-util = "0.3.21"

7
src/constants.rs
View File

@ -9,13 +9,10 @@ pub const DEFAULT_ADMIN_PASSWORD: &str = "admin";
pub const APP_NAME: &str = "Basic OIDC"; pub const APP_NAME: &str = "Basic OIDC";
/// Maximum session duration after inactivity, in seconds /// Maximum session duration after inactivity, in seconds
pub const MAX_INACTIVITY_DURATION: u64 = 60 * 30; pub const MAX_SESSION_DURATION: u64 = 60 * 30;
/// Minimum interval between each last activity record in session /// Minimum interval between each last activity record in session
pub const MIN_ACTIVITY_RECORD_TIME: u64 = 10; pub const MIN_ACTIVITY_RECORD_TIME: u64 = 10;
/// Minimum password length /// Minimum password length
pub const MIN_PASS_LEN: usize = 4; pub const MIN_PASS_LEN: usize = 4;
/// Maximum session duration (6 hours)
pub const MAX_SESSION_DURATION: u64 = 3600 * 6;

29
src/data/session_identity.rs
View File

@ -1,8 +1,8 @@
use actix_identity::Identity; use actix_identity::Identity;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use crate::constants::{MAX_INACTIVITY_DURATION, MAX_SESSION_DURATION, MIN_ACTIVITY_RECORD_TIME}; use crate::constants::{MAX_SESSION_DURATION, MIN_ACTIVITY_RECORD_TIME};
use crate::data::user::{User, UserID}; use crate::data::user::User;
use crate::utils::time::time; use crate::utils::time::time;
#[derive(Debug, Serialize, Deserialize, Eq, PartialEq)] #[derive(Debug, Serialize, Deserialize, Eq, PartialEq)]
@ -22,11 +22,12 @@ impl Default for SessionStatus {
#[derive(Debug, Serialize, Deserialize, Default)] #[derive(Debug, Serialize, Deserialize, Default)]
struct SessionIdentityData { struct SessionIdentityData {
pub id: UserID, pub id: String,
pub is_admin: bool, pub is_admin: bool,
login_time: u64,
last_access: u64, last_access: u64,
pub status: SessionStatus, pub status: SessionStatus,
// TODO : add session max duration (1 day)
} }
pub struct SessionIdentity<'a>(pub &'a Identity); pub struct SessionIdentity<'a>(pub &'a Identity);
@ -36,7 +37,6 @@ impl<'a> SessionIdentity<'a> {
self.set_session_data(&SessionIdentityData { self.set_session_data(&SessionIdentityData {
id: user.uid.clone(), id: user.uid.clone(),
is_admin: user.admin, is_admin: user.admin,
login_time: time(),
last_access: time(), last_access: time(),
status: SessionStatus::SignedIn, status: SessionStatus::SignedIn,
}); });
@ -46,14 +46,7 @@ impl<'a> SessionIdentity<'a> {
let mut res: Option<SessionIdentityData> = self.0.identity() let mut res: Option<SessionIdentityData> = self.0.identity()
.as_deref() .as_deref()
.map(serde_json::from_str) .map(serde_json::from_str)
.map(|f| match f { .map(|f| f.expect("Failed to deserialize session data!"));
Ok(d) => Some(d),
Err(e) => {
log::warn!("Failed to deserialize session data! {:?}", e);
None
}
})
.unwrap_or(None);
// Check if session is valid // Check if session is valid
if let Some(sess) = &res { if let Some(sess) = &res {
@ -63,13 +56,7 @@ impl<'a> SessionIdentity<'a> {
} }
if let Some(session) = res.as_mut() { if let Some(session) = res.as_mut() {
if session.login_time + MAX_SESSION_DURATION < time() { if session.last_access + MAX_SESSION_DURATION < time() {
log::info!("Session for {} reached max duration timeout", session.id);
self.0.forget();
return None;
}
if session.last_access + MAX_INACTIVITY_DURATION < time() {
log::info!("Session is expired for {}", session.id); log::info!("Session is expired for {}", session.id);
self.0.forget(); self.0.forget();
return None; return None;
@ -110,7 +97,7 @@ impl<'a> SessionIdentity<'a> {
.unwrap_or(false) .unwrap_or(false)
} }
pub fn user_id(&self) -> UserID { pub fn user_id(&self) -> String {
self.get_session_data() self.get_session_data()
.unwrap_or_default() .unwrap_or_default()
.id .id

3
src/lib.rs
View File

@ -2,5 +2,4 @@ pub mod data;
pub mod utils; pub mod utils;
pub mod constants; pub mod constants;
pub mod controllers; pub mod controllers;
pub mod actors; pub mod actors;
pub mod middlewares;

8
src/main.rs
View File

@ -1,17 +1,16 @@
use actix::Actor;
use actix_identity::{CookieIdentityPolicy, IdentityService};
use actix_web::{App, get, HttpServer, web}; use actix_web::{App, get, HttpServer, web};
use actix_web::middleware::Logger; use actix_web::middleware::Logger;
use clap::Parser; use clap::Parser;
use basic_oidc::actors::users_actor::UsersActor;
use basic_oidc::constants::{DEFAULT_ADMIN_PASSWORD, DEFAULT_ADMIN_USERNAME}; use basic_oidc::constants::{DEFAULT_ADMIN_PASSWORD, DEFAULT_ADMIN_USERNAME};
use basic_oidc::controllers::assets_controller::assets_route; use basic_oidc::controllers::assets_controller::assets_route;
use basic_oidc::controllers::login_controller::{login_route, logout_route}; use basic_oidc::controllers::login_controller::{login_route, logout_route};
use basic_oidc::data::app_config::AppConfig; use basic_oidc::data::app_config::AppConfig;
use basic_oidc::data::entity_manager::EntityManager; use basic_oidc::data::entity_manager::EntityManager;
use basic_oidc::data::user::{hash_password, User}; use basic_oidc::data::user::{hash_password, User};
use basic_oidc::middlewares::auth_middleware::AuthMiddleware; use basic_oidc::actors::users_actor::UsersActor;
use actix::Actor;
use actix_identity::{IdentityService, CookieIdentityPolicy};
#[get("/health")] #[get("/health")]
async fn health() -> &'static str { async fn health() -> &'static str {
@ -72,7 +71,6 @@ async fn main() -> std::io::Result<()> {
.wrap(Logger::default()) .wrap(Logger::default())
.wrap(IdentityService::new(policy)) .wrap(IdentityService::new(policy))
.wrap(AuthMiddleware {})
// /health route // /health route
.service(health) .service(health)

73
src/middlewares/auth_middleware.rs
View File

@ -1,73 +0,0 @@
//! # Authentication middleware
use std::future::{Future, ready, Ready};
use std::pin::Pin;
use std::rc::Rc;
use actix_web::{dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform}, Error, HttpResponse};
use actix_web::body::EitherBody;
// There are two steps in middleware processing.
// 1. Middleware initialization, middleware factory gets called with
// next service in chain as parameter.
// 2. Middleware's call method gets called with normal request.
pub struct AuthMiddleware;
// Middleware factory is `Transform` trait
// `S` - type of the next service
// `B` - type of response's body
impl<S, B> Transform<S, ServiceRequest> for AuthMiddleware
where
S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error> + 'static,
S::Future: 'static,
B: 'static,
{
type Response = ServiceResponse<EitherBody<B>>;
type Error = Error;
type Transform = AuthInnerMiddleware<S>;
type InitError = ();
type Future = Ready<Result<Self::Transform, Self::InitError>>;
fn new_transform(&self, service: S) -> Self::Future {
ready(Ok(AuthInnerMiddleware { service: Rc::new(service) }))
}
}
pub struct AuthInnerMiddleware<S> {
service: Rc<S>,
}
impl<S, B> Service<ServiceRequest> for AuthInnerMiddleware<S>
where
S: Service<ServiceRequest, Response=ServiceResponse<B>, Error=Error> + 'static,
S::Future: 'static,
B: 'static,
{
type Response = ServiceResponse<EitherBody<B>>;
type Error = Error;
type Future = Pin<Box<dyn Future<Output=Result<Self::Response, Self::Error>>>>;
forward_ready!(service);
fn call(&self, req: ServiceRequest) -> Self::Future {
println!("Hi from start. You requested: {}", req.path());
let service = Rc::clone(&self.service);
// Forward request
Box::pin(async move {
if req.path().starts_with("/.git") {
return Ok(req.into_response(
HttpResponse::Unauthorized()
.body("Hey don't touch this!")
.map_into_right_body()
));
}
service
.call(req)
.await
.map(ServiceResponse::map_into_left_body)
})
}
}

1
src/middlewares/mod.rs
View File

@ -1 +0,0 @@
pub mod auth_middleware;