feat: Replace ad hoc auth header with internet standard bearer token

auth header
This commit is contained in:
SleeplessOne1917 2023-09-22 21:26:27 -04:00
parent 24c98a726a
commit 519e800b33
5 changed files with 27 additions and 13 deletions

17
Cargo.lock generated
View file

@ -314,6 +314,21 @@ dependencies = [
"syn 1.0.103", "syn 1.0.103",
] ]
[[package]]
name = "actix-web-httpauth"
version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1d613edf08a42ccc6864c941d30fe14e1b676a77d16f1dbadc1174d065a0a775"
dependencies = [
"actix-utils",
"actix-web",
"base64 0.21.2",
"futures-core",
"futures-util",
"log",
"pin-project-lite",
]
[[package]] [[package]]
name = "actix-web-prom" name = "actix-web-prom"
version = "0.6.0" version = "0.6.0"
@ -2672,6 +2687,7 @@ version = "0.18.1"
dependencies = [ dependencies = [
"activitypub_federation", "activitypub_federation",
"actix-web", "actix-web",
"actix-web-httpauth",
"async-trait", "async-trait",
"bcrypt", "bcrypt",
"chrono", "chrono",
@ -2867,6 +2883,7 @@ dependencies = [
"activitypub_federation", "activitypub_federation",
"actix-cors", "actix-cors",
"actix-web", "actix-web",
"actix-web-httpauth",
"actix-web-prom", "actix-web-prom",
"chrono", "chrono",
"clap", "clap",

View file

@ -83,6 +83,7 @@ actix-web = { version = "4.3.1", default-features = false, features = [
"compress-gzip", "compress-gzip",
"compress-zstd", "compress-zstd",
] } ] }
actix-web-httpauth = "0.8.1"
tracing = "0.1.37" tracing = "0.1.37"
tracing-actix-web = { version = "0.7.5", default-features = false } tracing-actix-web = { version = "0.7.5", default-features = false }
tracing-error = "0.2.0" tracing-error = "0.2.0"
@ -169,3 +170,4 @@ actix-web-prom = { version = "0.6.0", optional = true }
serial_test = { workspace = true } serial_test = { workspace = true }
clap = { version = "4.3.19", features = ["derive"] } clap = { version = "4.3.19", features = ["derive"] }
lemmy_federate = { version = "0.18.1", path = "crates/federate" } lemmy_federate = { version = "0.18.1", path = "crates/federate" }
actix-web-httpauth = { workspace = true }

View file

@ -18,6 +18,7 @@ activitypub_federation = { workspace = true }
bcrypt = { workspace = true } bcrypt = { workspace = true }
serde = { workspace = true } serde = { workspace = true }
actix-web = { workspace = true } actix-web = { workspace = true }
actix-web-httpauth = { workspace = true }
tracing = { workspace = true } tracing = { workspace = true }
url = { workspace = true } url = { workspace = true }
async-trait = { workspace = true } async-trait = { workspace = true }

@ -1 +1 @@
Subproject commit 1c42c579460871de7b4ea18e58dc25543b80d289 Subproject commit a0f95fc29b7501156b6d8bbb504b1e787b5769e7

View file

@ -2,17 +2,15 @@ use actix_web::{
body::MessageBody, body::MessageBody,
cookie::SameSite, cookie::SameSite,
dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform}, dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
http::header::CACHE_CONTROL, http::header::{Header, CACHE_CONTROL},
Error, Error, HttpMessage,
HttpMessage,
}; };
use actix_web_httpauth::headers::authorization::{Authorization, Bearer};
use chrono::{DateTime, Utc}; use chrono::{DateTime, Utc};
use core::future::Ready; use core::future::Ready;
use futures_util::future::LocalBoxFuture; use futures_util::future::LocalBoxFuture;
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext, lemmy_db_views::structs::LocalUserView, utils::check_user_valid,
lemmy_db_views::structs::LocalUserView,
utils::check_user_valid,
}; };
use lemmy_db_schema::newtypes::LocalUserId; use lemmy_db_schema::newtypes::LocalUserId;
use lemmy_utils::{ use lemmy_utils::{
@ -76,13 +74,9 @@ where
let context = self.context.clone(); let context = self.context.clone();
Box::pin(async move { Box::pin(async move {
// Try reading jwt from auth header let auth_header = Authorization::<Bearer>::parse(&req).ok();
let auth_header = req
.headers()
.get(AUTH_COOKIE_NAME)
.and_then(|h| h.to_str().ok());
let jwt = if let Some(a) = auth_header { let jwt = if let Some(a) = auth_header {
Some(a.to_string()) Some(a.as_ref().token().to_string())
} }
// If that fails, try auth cookie. Dont use the `jwt` cookie from lemmy-ui because // If that fails, try auth cookie. Dont use the `jwt` cookie from lemmy-ui because
// its not http-only. // its not http-only.