Make authentication works

2024-04-25 19:34:33 +02:00
parent d8946eb462
commit f6e391e52c
4 changed files with 42 additions and 1 deletions
--- a/remote_backend/src/constants.rs
+++ b/remote_backend/src/constants.rs
@@ -1,3 +1,13 @@
+/// Name of the cookie that contains session information
+pub const SESSION_COOKIE_NAME: &str = "X-auth-token";
+
+/// Maximum session duration after inactivity, in seconds
+pub const MAX_INACTIVITY_DURATION: u64 = 60 * 30;
+
+/// Maximum session duration (6 hours)
+pub const MAX_SESSION_DURATION: u64 = 3600 * 6;
+
+/// The routes that can be accessed without authentication
 pub const ROUTES_WITHOUT_AUTH: [&str; 3] = [
    "/api/server/config",
    "/api/auth/start_oidc",
--- a/remote_backend/src/main.rs
+++ b/remote_backend/src/main.rs
@@ -1,11 +1,18 @@
+use actix_identity::config::LogoutBehaviour;
+use actix_identity::IdentityMiddleware;
 use actix_remote_ip::RemoteIPConfig;
+use actix_session::storage::CookieSessionStore;
+use actix_session::SessionMiddleware;
+use actix_web::cookie::{Key, SameSite};
 use actix_web::middleware::Logger;
 use actix_web::web::Data;
 use actix_web::{web, App, HttpServer};
 use light_openid::basic_state_manager::BasicStateManager;
 use remote_backend::app_config::AppConfig;
 use remote_backend::controllers::auth_controller;
-use remote_backend::virtweb_client;
+use remote_backend::middlewares::auth_middleware::AuthChecker;
+use remote_backend::{constants, virtweb_client};
+use std::time::Duration;

 #[actix_web::main]
 async fn main() -> std::io::Result<()> {
@@ -16,8 +23,30 @@ async fn main() -> std::io::Result<()> {
    println!("{:#?}", virtweb_client::get_token_rights().await.unwrap());

    HttpServer::new(move || {
+        let session_mw = SessionMiddleware::builder(
+            CookieSessionStore::default(),
+            Key::from(AppConfig::get().secret().as_bytes()),
+        )
+        .cookie_name(constants::SESSION_COOKIE_NAME.to_string())
+        .cookie_secure(AppConfig::get().cookie_secure)
+        .cookie_same_site(SameSite::Strict)
+        .cookie_domain(AppConfig::get().cookie_domain())
+        .cookie_http_only(true)
+        .build();
+
+        let identity_middleware = IdentityMiddleware::builder()
+            .logout_behaviour(LogoutBehaviour::PurgeSession)
+            .visit_deadline(Some(Duration::from_secs(
+                constants::MAX_INACTIVITY_DURATION,
+            )))
+            .login_deadline(Some(Duration::from_secs(constants::MAX_SESSION_DURATION)))
+            .build();
+
        App::new()
            .wrap(Logger::default())
+            .wrap(AuthChecker)
+            .wrap(identity_middleware)
+            .wrap(session_mw)
            .app_data(state_manager.clone())
            .app_data(Data::new(RemoteIPConfig {
                proxy: AppConfig::get().proxy_ip.clone(),