Start to implement OpenID authentication

remote_backend/src/middlewares/auth_middleware.rs

@@ -0,0 +1,111 @@
+use std::future::{ready, Ready};
+use std::rc::Rc;
+
+use crate::app_config::AppConfig;
+use crate::constants;
+use crate::extractors::auth_extractor::AuthExtractor;
+use actix_web::body::EitherBody;
+use actix_web::dev::Payload;
+use actix_web::{
+    dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
+    Error, FromRequest, HttpResponse,
+};
+use futures_util::future::LocalBoxFuture;
+
+// There are two steps in middleware processing.
+// 1. Middleware initialization, middleware factory gets called with
+//    next service in chain as parameter.
+// 2. Middleware's call method gets called with normal request.
+#[derive(Default)]
+pub struct AuthChecker;
+
+// Middleware factory is `Transform` trait
+// `S` - type of the next service
+// `B` - type of response's body
+impl<S, B> Transform<S, ServiceRequest> for AuthChecker
+where
+    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
+    S::Future: 'static,
+    B: 'static,
+{
+    type Response = ServiceResponse<EitherBody<B>>;
+    type Error = Error;
+    type Transform = AuthMiddleware<S>;
+    type InitError = ();
+    type Future = Ready<Result<Self::Transform, Self::InitError>>;
+
+    fn new_transform(&self, service: S) -> Self::Future {
+        ready(Ok(AuthMiddleware {
+            service: Rc::new(service),
+        }))
+    }
+}
+
+pub struct AuthMiddleware<S> {
+    service: Rc<S>,
+}
+
+impl<S, B> Service<ServiceRequest> for AuthMiddleware<S>
+where
+    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
+    S::Future: 'static,
+    B: 'static,
+{
+    type Response = ServiceResponse<EitherBody<B>>;
+    type Error = Error;
+    type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;
+
+    forward_ready!(service);
+
+    fn call(&self, req: ServiceRequest) -> Self::Future {
+        let service = Rc::clone(&self.service);
+
+        Box::pin(async move {
+            let remote_ip =
+                actix_remote_ip::RemoteIP::from_request(req.request(), &mut Payload::None)
+                    .await
+                    .unwrap();
+
+            // Check if no authentication is required
+            if constants::ROUTES_WITHOUT_AUTH.contains(&req.path())
+                || !req.path().starts_with("/api/")
+            {
+                log::trace!("No authentication is required")
+            }
+            // Check cookie authentication
+            else if !&AppConfig::get().unsecure_disable_login {
+                let auth = match AuthExtractor::from_request(req.request(), &mut Payload::None)
+                    .into_inner()
+                {
+                    Ok(auth) => auth,
+                    Err(e) => {
+                        log::error!(
+                            "Failed to extract authentication information from request! {e}"
+                        );
+                        return Ok(req
+                            .into_response(HttpResponse::PreconditionFailed().finish())
+                            .map_into_right_body());
+                    }
+                };
+
+                if !auth.is_authenticated() {
+                    log::error!(
+                        "User attempted to access privileged route without authentication!"
+                    );
+                    return Ok(req
+                        .into_response(
+                            HttpResponse::PreconditionFailed().json("Please authenticate!"),
+                        )
+                        .map_into_right_body());
+                }
+            }
+
+            log::info!("{} - {}", remote_ip.0, req.path());
+
+            service
+                .call(req)
+                .await
+                .map(ServiceResponse::map_into_left_body)
+        })
+    }
+}

remote_backend/src/middlewares/mod.rs

@@ -0,0 +1 @@
+pub mod auth_middleware;