Can use cookie to authenticate to API

2025-02-04 21:08:56 +01:00 · 2025-02-04 21:08:56 +01:00 · babb3a2e07
commit babb3a2e07
parent e6b347f90f
1 changed files with 28 additions and 5 deletions
--- a/src/extractors/client_auth.rs
+++ b/src/extractors/client_auth.rs
@ -1,7 +1,9 @@
+use crate::constants::USER_SESSION_KEY;
 use crate::server::HttpFailure;
-use crate::user::{APIClient, APIClientID, RumaClient, UserConfig, UserID};
+use crate::user::{APIClient, APIClientID, RumaClient, User, UserConfig, UserID};
 use crate::utils::curr_time;
 use actix_remote_ip::RemoteIP;
+use actix_session::Session;
 use actix_web::dev::Payload;
 use actix_web::{FromRequest, HttpRequest};
 use bytes::Bytes;
@ -14,7 +16,7 @@ use std::str::FromStr;

 pub struct APIClientAuth {
    pub user: UserConfig,
-    pub client: APIClient,
+    pub client: Option<APIClient>,
    pub payload: Option<Vec<u8>>,
 }

@ -33,6 +35,24 @@ impl APIClientAuth {
        remote_ip: IpAddr,
        payload_bytes: Option<Bytes>,
    ) -> Result<Self, actix_web::Error> {
+        // Check if user is authenticated using Web UI
+        let session = Session::from_request(req, &mut Payload::None).await?;
+
+        if let Some(user) = session.get::<User>(USER_SESSION_KEY)? {
+            match UserConfig::load(&user.id, false).await {
+                Ok(config) => {
+                    return Ok(Self {
+                        user: config,
+                        client: None,
+                        payload: payload_bytes.map(|bytes| bytes.to_vec()),
+                    })
+                }
+                Err(e) => {
+                    log::error!("Failed to fetch user information for authentication using cookie token! {e}");
+                }
+            };
+        }
+
        let Some(token) = req.headers().get("x-client-auth") else {
            return Err(actix_web::error::ErrorBadRequest(
                "Missing authentication header!",
@ -95,8 +115,11 @@ impl APIClientAuth {

        // Decode JWT
        let key = HS256Key::from_bytes(client.secret.as_bytes());
-        let mut verif = VerificationOptions::default();
-        verif.max_validity = Some(Duration::from_mins(20));
+        let verif = VerificationOptions {
+            max_validity: Some(Duration::from_mins(15)),
+            ..Default::default()
+        };
+
        let claims = match key.verify_token::<TokenClaims>(jwt_token, Some(verif)) {
            Ok(t) => t,
            Err(e) => {
@ -175,7 +198,7 @@ impl APIClientAuth {
        }

        Ok(Self {
-            client: client.clone(),
+            client: Some(client.clone()),
            payload,
            user,
        })