Can use cookie to authenticate to API
This commit is contained in:
parent
e6b347f90f
commit
babb3a2e07
@ -1,7 +1,9 @@
|
|||||||
|
use crate::constants::USER_SESSION_KEY;
|
||||||
use crate::server::HttpFailure;
|
use crate::server::HttpFailure;
|
||||||
use crate::user::{APIClient, APIClientID, RumaClient, UserConfig, UserID};
|
use crate::user::{APIClient, APIClientID, RumaClient, User, UserConfig, UserID};
|
||||||
use crate::utils::curr_time;
|
use crate::utils::curr_time;
|
||||||
use actix_remote_ip::RemoteIP;
|
use actix_remote_ip::RemoteIP;
|
||||||
|
use actix_session::Session;
|
||||||
use actix_web::dev::Payload;
|
use actix_web::dev::Payload;
|
||||||
use actix_web::{FromRequest, HttpRequest};
|
use actix_web::{FromRequest, HttpRequest};
|
||||||
use bytes::Bytes;
|
use bytes::Bytes;
|
||||||
@ -14,7 +16,7 @@ use std::str::FromStr;
|
|||||||
|
|
||||||
pub struct APIClientAuth {
|
pub struct APIClientAuth {
|
||||||
pub user: UserConfig,
|
pub user: UserConfig,
|
||||||
pub client: APIClient,
|
pub client: Option<APIClient>,
|
||||||
pub payload: Option<Vec<u8>>,
|
pub payload: Option<Vec<u8>>,
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -33,6 +35,24 @@ impl APIClientAuth {
|
|||||||
remote_ip: IpAddr,
|
remote_ip: IpAddr,
|
||||||
payload_bytes: Option<Bytes>,
|
payload_bytes: Option<Bytes>,
|
||||||
) -> Result<Self, actix_web::Error> {
|
) -> Result<Self, actix_web::Error> {
|
||||||
|
// Check if user is authenticated using Web UI
|
||||||
|
let session = Session::from_request(req, &mut Payload::None).await?;
|
||||||
|
|
||||||
|
if let Some(user) = session.get::<User>(USER_SESSION_KEY)? {
|
||||||
|
match UserConfig::load(&user.id, false).await {
|
||||||
|
Ok(config) => {
|
||||||
|
return Ok(Self {
|
||||||
|
user: config,
|
||||||
|
client: None,
|
||||||
|
payload: payload_bytes.map(|bytes| bytes.to_vec()),
|
||||||
|
})
|
||||||
|
}
|
||||||
|
Err(e) => {
|
||||||
|
log::error!("Failed to fetch user information for authentication using cookie token! {e}");
|
||||||
|
}
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
let Some(token) = req.headers().get("x-client-auth") else {
|
let Some(token) = req.headers().get("x-client-auth") else {
|
||||||
return Err(actix_web::error::ErrorBadRequest(
|
return Err(actix_web::error::ErrorBadRequest(
|
||||||
"Missing authentication header!",
|
"Missing authentication header!",
|
||||||
@ -95,8 +115,11 @@ impl APIClientAuth {
|
|||||||
|
|
||||||
// Decode JWT
|
// Decode JWT
|
||||||
let key = HS256Key::from_bytes(client.secret.as_bytes());
|
let key = HS256Key::from_bytes(client.secret.as_bytes());
|
||||||
let mut verif = VerificationOptions::default();
|
let verif = VerificationOptions {
|
||||||
verif.max_validity = Some(Duration::from_mins(20));
|
max_validity: Some(Duration::from_mins(15)),
|
||||||
|
..Default::default()
|
||||||
|
};
|
||||||
|
|
||||||
let claims = match key.verify_token::<TokenClaims>(jwt_token, Some(verif)) {
|
let claims = match key.verify_token::<TokenClaims>(jwt_token, Some(verif)) {
|
||||||
Ok(t) => t,
|
Ok(t) => t,
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
@ -175,7 +198,7 @@ impl APIClientAuth {
|
|||||||
}
|
}
|
||||||
|
|
||||||
Ok(Self {
|
Ok(Self {
|
||||||
client: client.clone(),
|
client: Some(client.clone()),
|
||||||
payload,
|
payload,
|
||||||
user,
|
user,
|
||||||
})
|
})
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user