Finish OIDC login

2025-03-18 19:37:46 +01:00
parent dbe1ec22e0
commit 1a022bd33e
6 changed files with 149 additions and 12 deletions
--- a/moneymgr_backend/src/extractors/money_session.rs
+++ b/moneymgr_backend/src/extractors/money_session.rs
@ -1,9 +1,24 @@
 use crate::constants;
+use crate::models::users::User;
 use crate::utils::rand_utils::rand_string;
 use actix_session::Session;
 use actix_web::dev::Payload;
 use actix_web::{Error, FromRequest, HttpRequest};
 use futures_util::future::{Ready, ready};
+use std::net::IpAddr;
+
+/// Money session errors
+#[derive(thiserror::Error, Debug)]
+enum MoneySessionError {
+    #[error("Missing state!")]
+    OIDCMissingState,
+    #[error("Missing IP address!")]
+    OIDCMissingIP,
+    #[error("Invalid state!")]
+    OIDCInvalidState,
+    #[error("Invalid IP address!")]
+    OIDCInvalidIP,
+}

 /// Money session
 ///
@ -12,12 +27,42 @@ pub struct MoneySession(Session);

 impl MoneySession {
    /// Generate OpenID state for this session
-    pub fn gen_oidc_state(&self) -> anyhow::Result<String> {
+    pub fn gen_oidc_state(&self, ip: IpAddr) -> anyhow::Result<String> {
        let random_string = rand_string(50);
        self.0
            .insert(constants::sessions::OIDC_STATE_KEY, random_string.clone())?;
+        self.0.insert(constants::sessions::OIDC_REMOTE_IP, ip)?;
        Ok(random_string)
    }
+
+    /// Validate OpenID state
+    pub fn validate_state(&self, state: &str, ip: IpAddr) -> anyhow::Result<()> {
+        let session_state: String = self
+            .0
+            .get(constants::sessions::OIDC_STATE_KEY)?
+            .ok_or(MoneySessionError::OIDCMissingState)?;
+
+        let session_ip: IpAddr = self
+            .0
+            .get(constants::sessions::OIDC_REMOTE_IP)?
+            .ok_or(MoneySessionError::OIDCMissingIP)?;
+
+        if session_state != state {
+            return Err(anyhow::anyhow!(MoneySessionError::OIDCInvalidState));
+        }
+
+        if session_ip != ip {
+            return Err(anyhow::anyhow!(MoneySessionError::OIDCInvalidIP));
+        }
+
+        Ok(())
+    }
+
+    /// Set current user
+    pub fn set_user(&self, user: &User) -> anyhow::Result<()> {
+        self.0.insert(constants::sessions::USER_ID, user.id())?;
+        Ok(())
+    }
 }

 impl FromRequest for MoneySession {