From f6e391e52ca93686496599bce5e47136460e5baf Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Thu, 25 Apr 2024 19:34:33 +0200 Subject: [PATCH] Make authentication works --- remote_backend/Cargo.lock | 1 + remote_backend/Cargo.toml | 1 + remote_backend/src/constants.rs | 10 ++++++++++ remote_backend/src/main.rs | 31 ++++++++++++++++++++++++++++++- 4 files changed, 42 insertions(+), 1 deletion(-) diff --git a/remote_backend/Cargo.lock b/remote_backend/Cargo.lock index 30a79ef..01fcf6b 100644 --- a/remote_backend/Cargo.lock +++ b/remote_backend/Cargo.lock @@ -1693,6 +1693,7 @@ version = "0.1.0" dependencies = [ "actix-identity", "actix-remote-ip", + "actix-session", "actix-web", "anyhow", "basic-jwt", diff --git a/remote_backend/Cargo.toml b/remote_backend/Cargo.toml index 7903df4..6c19633 100644 --- a/remote_backend/Cargo.toml +++ b/remote_backend/Cargo.toml @@ -14,6 +14,7 @@ light-openid = { version = "1.0.2", features = ["crypto-wrapper"] } basic-jwt = "0.2.0" actix-web = "4.5.1" actix-remote-ip = "0.1.0" +actix-session = { version = "0.9.0", features = ["cookie-session"] } actix-identity = "0.7.1" lazy_static = "1.4.0" anyhow = "1.0.82" diff --git a/remote_backend/src/constants.rs b/remote_backend/src/constants.rs index 2ca4b8c..ae86229 100644 --- a/remote_backend/src/constants.rs +++ b/remote_backend/src/constants.rs @@ -1,3 +1,13 @@ +/// Name of the cookie that contains session information +pub const SESSION_COOKIE_NAME: &str = "X-auth-token"; + +/// Maximum session duration after inactivity, in seconds +pub const MAX_INACTIVITY_DURATION: u64 = 60 * 30; + +/// Maximum session duration (6 hours) +pub const MAX_SESSION_DURATION: u64 = 3600 * 6; + +/// The routes that can be accessed without authentication pub const ROUTES_WITHOUT_AUTH: [&str; 3] = [ "/api/server/config", "/api/auth/start_oidc", diff --git a/remote_backend/src/main.rs b/remote_backend/src/main.rs index 7c45a6d..893974c 100644 --- a/remote_backend/src/main.rs +++ b/remote_backend/src/main.rs @@ -1,11 +1,18 @@ +use actix_identity::config::LogoutBehaviour; +use actix_identity::IdentityMiddleware; use actix_remote_ip::RemoteIPConfig; +use actix_session::storage::CookieSessionStore; +use actix_session::SessionMiddleware; +use actix_web::cookie::{Key, SameSite}; use actix_web::middleware::Logger; use actix_web::web::Data; use actix_web::{web, App, HttpServer}; use light_openid::basic_state_manager::BasicStateManager; use remote_backend::app_config::AppConfig; use remote_backend::controllers::auth_controller; -use remote_backend::virtweb_client; +use remote_backend::middlewares::auth_middleware::AuthChecker; +use remote_backend::{constants, virtweb_client}; +use std::time::Duration; #[actix_web::main] async fn main() -> std::io::Result<()> { @@ -16,8 +23,30 @@ async fn main() -> std::io::Result<()> { println!("{:#?}", virtweb_client::get_token_rights().await.unwrap()); HttpServer::new(move || { + let session_mw = SessionMiddleware::builder( + CookieSessionStore::default(), + Key::from(AppConfig::get().secret().as_bytes()), + ) + .cookie_name(constants::SESSION_COOKIE_NAME.to_string()) + .cookie_secure(AppConfig::get().cookie_secure) + .cookie_same_site(SameSite::Strict) + .cookie_domain(AppConfig::get().cookie_domain()) + .cookie_http_only(true) + .build(); + + let identity_middleware = IdentityMiddleware::builder() + .logout_behaviour(LogoutBehaviour::PurgeSession) + .visit_deadline(Some(Duration::from_secs( + constants::MAX_INACTIVITY_DURATION, + ))) + .login_deadline(Some(Duration::from_secs(constants::MAX_SESSION_DURATION))) + .build(); + App::new() .wrap(Logger::default()) + .wrap(AuthChecker) + .wrap(identity_middleware) + .wrap(session_mw) .app_data(state_manager.clone()) .app_data(Data::new(RemoteIPConfig { proxy: AppConfig::get().proxy_ip.clone(),