pierre/VirtWebRemote
1
0
Fork 0
Code Issues Pull Requests 2 Packages Projects Releases Wiki Activity

Make authentication works

Browse Source
This commit is contained in:
Pierre HUBERT 2024-04-25 19:34:33 +02:00
parent d8946eb462
commit f6e391e52c
4 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
remote_backend/Cargo.lock generated
View File

@ -1693,6 +1693,7 @@ version = "0.1.0"
dependencies = [ dependencies = [
"actix-identity", "actix-identity",
"actix-remote-ip", "actix-remote-ip",
"actix-session",
"actix-web", "actix-web",
"anyhow", "anyhow",
"basic-jwt", "basic-jwt",

1
remote_backend/Cargo.toml
View File

@ -14,6 +14,7 @@ light-openid = { version = "1.0.2", features = ["crypto-wrapper"] }
basic-jwt = "0.2.0" basic-jwt = "0.2.0"
actix-web = "4.5.1" actix-web = "4.5.1"
actix-remote-ip = "0.1.0" actix-remote-ip = "0.1.0"
actix-session = { version = "0.9.0", features = ["cookie-session"] }
actix-identity = "0.7.1" actix-identity = "0.7.1"
lazy_static = "1.4.0" lazy_static = "1.4.0"
anyhow = "1.0.82" anyhow = "1.0.82"

10
remote_backend/src/constants.rs
View File

@ -1,3 +1,13 @@
/// Name of the cookie that contains session information
pub const SESSION_COOKIE_NAME: &str = "X-auth-token";
/// Maximum session duration after inactivity, in seconds
pub const MAX_INACTIVITY_DURATION: u64 = 60 * 30;
/// Maximum session duration (6 hours)
pub const MAX_SESSION_DURATION: u64 = 3600 * 6;
/// The routes that can be accessed without authentication
pub const ROUTES_WITHOUT_AUTH: [&str; 3] = [ pub const ROUTES_WITHOUT_AUTH: [&str; 3] = [
"/api/server/config", "/api/server/config",
"/api/auth/start_oidc", "/api/auth/start_oidc",

31
remote_backend/src/main.rs
View File

@ -1,11 +1,18 @@
use actix_identity::config::LogoutBehaviour;
use actix_identity::IdentityMiddleware;
use actix_remote_ip::RemoteIPConfig; use actix_remote_ip::RemoteIPConfig;
use actix_session::storage::CookieSessionStore;
use actix_session::SessionMiddleware;
use actix_web::cookie::{Key, SameSite};
use actix_web::middleware::Logger; use actix_web::middleware::Logger;
use actix_web::web::Data; use actix_web::web::Data;
use actix_web::{web, App, HttpServer}; use actix_web::{web, App, HttpServer};
use light_openid::basic_state_manager::BasicStateManager; use light_openid::basic_state_manager::BasicStateManager;
use remote_backend::app_config::AppConfig; use remote_backend::app_config::AppConfig;
use remote_backend::controllers::auth_controller; use remote_backend::controllers::auth_controller;
use remote_backend::virtweb_client; use remote_backend::middlewares::auth_middleware::AuthChecker;
use remote_backend::{constants, virtweb_client};
use std::time::Duration;
#[actix_web::main] #[actix_web::main]
async fn main() -> std::io::Result<()> { async fn main() -> std::io::Result<()> {
@ -16,8 +23,30 @@ async fn main() -> std::io::Result<()> {
println!("{:#?}", virtweb_client::get_token_rights().await.unwrap()); println!("{:#?}", virtweb_client::get_token_rights().await.unwrap());
HttpServer::new(move || { HttpServer::new(move || {
let session_mw = SessionMiddleware::builder(
CookieSessionStore::default(),
Key::from(AppConfig::get().secret().as_bytes()),
)
.cookie_name(constants::SESSION_COOKIE_NAME.to_string())
.cookie_secure(AppConfig::get().cookie_secure)
.cookie_same_site(SameSite::Strict)
.cookie_domain(AppConfig::get().cookie_domain())
.cookie_http_only(true)
.build();
let identity_middleware = IdentityMiddleware::builder()
.logout_behaviour(LogoutBehaviour::PurgeSession)
.visit_deadline(Some(Duration::from_secs(
constants::MAX_INACTIVITY_DURATION,
)))
.login_deadline(Some(Duration::from_secs(constants::MAX_SESSION_DURATION)))
.build();
App::new() App::new()
.wrap(Logger::default()) .wrap(Logger::default())
.wrap(AuthChecker)
.wrap(identity_middleware)
.wrap(session_mw)
.app_data(state_manager.clone()) .app_data(state_manager.clone())
.app_data(Data::new(RemoteIPConfig { .app_data(Data::new(RemoteIPConfig {
proxy: AppConfig::get().proxy_ip.clone(), proxy: AppConfig::get().proxy_ip.clone(),