Add authentication layer
This commit is contained in:
central_backend
central_frontend
@ -23,6 +23,32 @@ pub enum ConsumptionBackend {
|
||||
#[derive(Parser, Debug)]
|
||||
#[command(version, about, long_about = None)]
|
||||
pub struct AppConfig {
|
||||
/// Proxy IP, might end with a star "*"
|
||||
#[clap(short, long, env)]
|
||||
pub proxy_ip: Option<String>,
|
||||
|
||||
/// Secret key, used to sign some resources. Must be randomly generated
|
||||
#[clap(short = 'S', long, env, default_value = "")]
|
||||
secret: String,
|
||||
|
||||
/// Specify whether the cookie should be transmitted only over secure connections
|
||||
///
|
||||
/// This should be always true when running in production mode
|
||||
#[clap(long, env)]
|
||||
pub cookie_secure: bool,
|
||||
|
||||
/// Unsecure : for development, bypass authentication
|
||||
#[clap(long, env)]
|
||||
pub unsecure_disable_login: bool,
|
||||
|
||||
/// Admin username
|
||||
#[clap(long, env, default_value = "admin")]
|
||||
pub admin_username: String,
|
||||
|
||||
/// Admin password
|
||||
#[clap(long, env, default_value = "admin")]
|
||||
pub admin_password: String,
|
||||
|
||||
/// The port the server will listen to (using HTTPS)
|
||||
#[arg(short, long, env, default_value = "0.0.0.0:8443")]
|
||||
pub listen_address: String,
|
||||
@ -56,6 +82,21 @@ impl AppConfig {
|
||||
&ARGS
|
||||
}
|
||||
|
||||
/// Get app secret
|
||||
pub fn secret(&self) -> &str {
|
||||
let mut secret = self.secret.as_str();
|
||||
|
||||
if cfg!(debug_assertions) && secret.is_empty() {
|
||||
secret = "DEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEY";
|
||||
}
|
||||
|
||||
if secret.is_empty() {
|
||||
panic!("SECRET is undefined or too short (min 64 chars)!")
|
||||
}
|
||||
|
||||
secret
|
||||
}
|
||||
|
||||
/// URL for unsecure connections
|
||||
pub fn unsecure_origin(&self) -> String {
|
||||
format!(
|
||||
@ -74,6 +115,23 @@ impl AppConfig {
|
||||
)
|
||||
}
|
||||
|
||||
/// Get auth cookie domain
|
||||
pub fn cookie_domain(&self) -> Option<String> {
|
||||
if cfg!(debug_assertions) {
|
||||
let domain = self.secure_origin().split_once("://")?.1.to_string();
|
||||
Some(
|
||||
domain
|
||||
.split_once(':')
|
||||
.map(|s| s.0)
|
||||
.unwrap_or(&domain)
|
||||
.to_string(),
|
||||
)
|
||||
} else {
|
||||
// In release mode, the web app is hosted on the same origin as the API
|
||||
None
|
||||
}
|
||||
}
|
||||
|
||||
/// Get storage path
|
||||
pub fn storage_path(&self) -> PathBuf {
|
||||
Path::new(&self.storage).to_path_buf()
|
||||
|
Reference in New Issue
Block a user