Make authentication works

2024-04-25 19:34:33 +02:00 · 2024-04-25 19:34:33 +02:00 · f6e391e52c
commit f6e391e52c
parent d8946eb462
4 changed files with 42 additions and 1 deletions
--- a/remote_backend/Cargo.lock
+++ b/remote_backend/Cargo.lock
@ -1693,6 +1693,7 @@ version = "0.1.0"
 dependencies = [
 "actix-identity",
 "actix-remote-ip",
+ "actix-session",
 "actix-web",
 "anyhow",
 "basic-jwt",
--- a/remote_backend/Cargo.toml
+++ b/remote_backend/Cargo.toml
@ -14,6 +14,7 @@ light-openid = { version = "1.0.2", features = ["crypto-wrapper"] }
 basic-jwt = "0.2.0"
 actix-web = "4.5.1"
 actix-remote-ip = "0.1.0"
+actix-session = { version = "0.9.0", features = ["cookie-session"] }
 actix-identity = "0.7.1"
 lazy_static = "1.4.0"
 anyhow = "1.0.82"
--- a/remote_backend/src/constants.rs
+++ b/remote_backend/src/constants.rs
@ -1,3 +1,13 @@
+/// Name of the cookie that contains session information
+pub const SESSION_COOKIE_NAME: &str = "X-auth-token";
+
+/// Maximum session duration after inactivity, in seconds
+pub const MAX_INACTIVITY_DURATION: u64 = 60 * 30;
+
+/// Maximum session duration (6 hours)
+pub const MAX_SESSION_DURATION: u64 = 3600 * 6;
+
+/// The routes that can be accessed without authentication
 pub const ROUTES_WITHOUT_AUTH: [&str; 3] = [
    "/api/server/config",
    "/api/auth/start_oidc",
--- a/remote_backend/src/main.rs
+++ b/remote_backend/src/main.rs
@ -1,11 +1,18 @@
+use actix_identity::config::LogoutBehaviour;
+use actix_identity::IdentityMiddleware;
 use actix_remote_ip::RemoteIPConfig;
+use actix_session::storage::CookieSessionStore;
+use actix_session::SessionMiddleware;
+use actix_web::cookie::{Key, SameSite};
 use actix_web::middleware::Logger;
 use actix_web::web::Data;
 use actix_web::{web, App, HttpServer};
 use light_openid::basic_state_manager::BasicStateManager;
 use remote_backend::app_config::AppConfig;
 use remote_backend::controllers::auth_controller;
-use remote_backend::virtweb_client;
+use remote_backend::middlewares::auth_middleware::AuthChecker;
+use remote_backend::{constants, virtweb_client};
+use std::time::Duration;

 #[actix_web::main]
 async fn main() -> std::io::Result<()> {
@ -16,8 +23,30 @@ async fn main() -> std::io::Result<()> {
    println!("{:#?}", virtweb_client::get_token_rights().await.unwrap());

    HttpServer::new(move || {
+        let session_mw = SessionMiddleware::builder(
+            CookieSessionStore::default(),
+            Key::from(AppConfig::get().secret().as_bytes()),
+        )
+        .cookie_name(constants::SESSION_COOKIE_NAME.to_string())
+        .cookie_secure(AppConfig::get().cookie_secure)
+        .cookie_same_site(SameSite::Strict)
+        .cookie_domain(AppConfig::get().cookie_domain())
+        .cookie_http_only(true)
+        .build();
+
+        let identity_middleware = IdentityMiddleware::builder()
+            .logout_behaviour(LogoutBehaviour::PurgeSession)
+            .visit_deadline(Some(Duration::from_secs(
+                constants::MAX_INACTIVITY_DURATION,
+            )))
+            .login_deadline(Some(Duration::from_secs(constants::MAX_SESSION_DURATION)))
+            .build();
+
        App::new()
            .wrap(Logger::default())
+            .wrap(AuthChecker)
+            .wrap(identity_middleware)
+            .wrap(session_mw)
            .app_data(state_manager.clone())
            .app_data(Data::new(RemoteIPConfig {
                proxy: AppConfig::get().proxy_ip.clone(),