Make authentication works
This commit is contained in:
parent
d8946eb462
commit
f6e391e52c
1
remote_backend/Cargo.lock
generated
1
remote_backend/Cargo.lock
generated
@ -1693,6 +1693,7 @@ version = "0.1.0"
|
|||||||
dependencies = [
|
dependencies = [
|
||||||
"actix-identity",
|
"actix-identity",
|
||||||
"actix-remote-ip",
|
"actix-remote-ip",
|
||||||
|
"actix-session",
|
||||||
"actix-web",
|
"actix-web",
|
||||||
"anyhow",
|
"anyhow",
|
||||||
"basic-jwt",
|
"basic-jwt",
|
||||||
|
@ -14,6 +14,7 @@ light-openid = { version = "1.0.2", features = ["crypto-wrapper"] }
|
|||||||
basic-jwt = "0.2.0"
|
basic-jwt = "0.2.0"
|
||||||
actix-web = "4.5.1"
|
actix-web = "4.5.1"
|
||||||
actix-remote-ip = "0.1.0"
|
actix-remote-ip = "0.1.0"
|
||||||
|
actix-session = { version = "0.9.0", features = ["cookie-session"] }
|
||||||
actix-identity = "0.7.1"
|
actix-identity = "0.7.1"
|
||||||
lazy_static = "1.4.0"
|
lazy_static = "1.4.0"
|
||||||
anyhow = "1.0.82"
|
anyhow = "1.0.82"
|
||||||
|
@ -1,3 +1,13 @@
|
|||||||
|
/// Name of the cookie that contains session information
|
||||||
|
pub const SESSION_COOKIE_NAME: &str = "X-auth-token";
|
||||||
|
|
||||||
|
/// Maximum session duration after inactivity, in seconds
|
||||||
|
pub const MAX_INACTIVITY_DURATION: u64 = 60 * 30;
|
||||||
|
|
||||||
|
/// Maximum session duration (6 hours)
|
||||||
|
pub const MAX_SESSION_DURATION: u64 = 3600 * 6;
|
||||||
|
|
||||||
|
/// The routes that can be accessed without authentication
|
||||||
pub const ROUTES_WITHOUT_AUTH: [&str; 3] = [
|
pub const ROUTES_WITHOUT_AUTH: [&str; 3] = [
|
||||||
"/api/server/config",
|
"/api/server/config",
|
||||||
"/api/auth/start_oidc",
|
"/api/auth/start_oidc",
|
||||||
|
@ -1,11 +1,18 @@
|
|||||||
|
use actix_identity::config::LogoutBehaviour;
|
||||||
|
use actix_identity::IdentityMiddleware;
|
||||||
use actix_remote_ip::RemoteIPConfig;
|
use actix_remote_ip::RemoteIPConfig;
|
||||||
|
use actix_session::storage::CookieSessionStore;
|
||||||
|
use actix_session::SessionMiddleware;
|
||||||
|
use actix_web::cookie::{Key, SameSite};
|
||||||
use actix_web::middleware::Logger;
|
use actix_web::middleware::Logger;
|
||||||
use actix_web::web::Data;
|
use actix_web::web::Data;
|
||||||
use actix_web::{web, App, HttpServer};
|
use actix_web::{web, App, HttpServer};
|
||||||
use light_openid::basic_state_manager::BasicStateManager;
|
use light_openid::basic_state_manager::BasicStateManager;
|
||||||
use remote_backend::app_config::AppConfig;
|
use remote_backend::app_config::AppConfig;
|
||||||
use remote_backend::controllers::auth_controller;
|
use remote_backend::controllers::auth_controller;
|
||||||
use remote_backend::virtweb_client;
|
use remote_backend::middlewares::auth_middleware::AuthChecker;
|
||||||
|
use remote_backend::{constants, virtweb_client};
|
||||||
|
use std::time::Duration;
|
||||||
|
|
||||||
#[actix_web::main]
|
#[actix_web::main]
|
||||||
async fn main() -> std::io::Result<()> {
|
async fn main() -> std::io::Result<()> {
|
||||||
@ -16,8 +23,30 @@ async fn main() -> std::io::Result<()> {
|
|||||||
println!("{:#?}", virtweb_client::get_token_rights().await.unwrap());
|
println!("{:#?}", virtweb_client::get_token_rights().await.unwrap());
|
||||||
|
|
||||||
HttpServer::new(move || {
|
HttpServer::new(move || {
|
||||||
|
let session_mw = SessionMiddleware::builder(
|
||||||
|
CookieSessionStore::default(),
|
||||||
|
Key::from(AppConfig::get().secret().as_bytes()),
|
||||||
|
)
|
||||||
|
.cookie_name(constants::SESSION_COOKIE_NAME.to_string())
|
||||||
|
.cookie_secure(AppConfig::get().cookie_secure)
|
||||||
|
.cookie_same_site(SameSite::Strict)
|
||||||
|
.cookie_domain(AppConfig::get().cookie_domain())
|
||||||
|
.cookie_http_only(true)
|
||||||
|
.build();
|
||||||
|
|
||||||
|
let identity_middleware = IdentityMiddleware::builder()
|
||||||
|
.logout_behaviour(LogoutBehaviour::PurgeSession)
|
||||||
|
.visit_deadline(Some(Duration::from_secs(
|
||||||
|
constants::MAX_INACTIVITY_DURATION,
|
||||||
|
)))
|
||||||
|
.login_deadline(Some(Duration::from_secs(constants::MAX_SESSION_DURATION)))
|
||||||
|
.build();
|
||||||
|
|
||||||
App::new()
|
App::new()
|
||||||
.wrap(Logger::default())
|
.wrap(Logger::default())
|
||||||
|
.wrap(AuthChecker)
|
||||||
|
.wrap(identity_middleware)
|
||||||
|
.wrap(session_mw)
|
||||||
.app_data(state_manager.clone())
|
.app_data(state_manager.clone())
|
||||||
.app_data(Data::new(RemoteIPConfig {
|
.app_data(Data::new(RemoteIPConfig {
|
||||||
proxy: AppConfig::get().proxy_ip.clone(),
|
proxy: AppConfig::get().proxy_ip.clone(),
|
||||||
|
Loading…
Reference in New Issue
Block a user