From babb3a2e07c4f57267c80aef4782b25ddafdcb72 Mon Sep 17 00:00:00 2001
From: Pierre HUBERT <pierre.git@communiquons.org>
Date: Tue, 4 Feb 2025 21:08:56 +0100
Subject: [PATCH] Can use cookie to authenticate to API

---
 src/extractors/client_auth.rs | 33 ++++++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/src/extractors/client_auth.rs b/src/extractors/client_auth.rs
index 468b1e6..d7e4748 100644
--- a/src/extractors/client_auth.rs
+++ b/src/extractors/client_auth.rs
@@ -1,7 +1,9 @@
+use crate::constants::USER_SESSION_KEY;
 use crate::server::HttpFailure;
-use crate::user::{APIClient, APIClientID, RumaClient, UserConfig, UserID};
+use crate::user::{APIClient, APIClientID, RumaClient, User, UserConfig, UserID};
 use crate::utils::curr_time;
 use actix_remote_ip::RemoteIP;
+use actix_session::Session;
 use actix_web::dev::Payload;
 use actix_web::{FromRequest, HttpRequest};
 use bytes::Bytes;
@@ -14,7 +16,7 @@ use std::str::FromStr;
 
 pub struct APIClientAuth {
     pub user: UserConfig,
-    pub client: APIClient,
+    pub client: Option<APIClient>,
     pub payload: Option<Vec<u8>>,
 }
 
@@ -33,6 +35,24 @@ impl APIClientAuth {
         remote_ip: IpAddr,
         payload_bytes: Option<Bytes>,
     ) -> Result<Self, actix_web::Error> {
+        // Check if user is authenticated using Web UI
+        let session = Session::from_request(req, &mut Payload::None).await?;
+
+        if let Some(user) = session.get::<User>(USER_SESSION_KEY)? {
+            match UserConfig::load(&user.id, false).await {
+                Ok(config) => {
+                    return Ok(Self {
+                        user: config,
+                        client: None,
+                        payload: payload_bytes.map(|bytes| bytes.to_vec()),
+                    })
+                }
+                Err(e) => {
+                    log::error!("Failed to fetch user information for authentication using cookie token! {e}");
+                }
+            };
+        }
+
         let Some(token) = req.headers().get("x-client-auth") else {
             return Err(actix_web::error::ErrorBadRequest(
                 "Missing authentication header!",
@@ -95,8 +115,11 @@ impl APIClientAuth {
 
         // Decode JWT
         let key = HS256Key::from_bytes(client.secret.as_bytes());
-        let mut verif = VerificationOptions::default();
-        verif.max_validity = Some(Duration::from_mins(20));
+        let verif = VerificationOptions {
+            max_validity: Some(Duration::from_mins(15)),
+            ..Default::default()
+        };
+
         let claims = match key.verify_token::<TokenClaims>(jwt_token, Some(verif)) {
             Ok(t) => t,
             Err(e) => {
@@ -175,7 +198,7 @@ impl APIClientAuth {
         }
 
         Ok(Self {
-            client: client.clone(),
+            client: Some(client.clone()),
             payload,
             user,
         })