feat: Replace ad hoc auth header with internet standard bearer token
auth header
This commit is contained in:
parent
24c98a726a
commit
519e800b33
5 changed files with 27 additions and 13 deletions
17
Cargo.lock
generated
17
Cargo.lock
generated
|
@ -314,6 +314,21 @@ dependencies = [
|
||||||
"syn 1.0.103",
|
"syn 1.0.103",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "actix-web-httpauth"
|
||||||
|
version = "0.8.1"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "1d613edf08a42ccc6864c941d30fe14e1b676a77d16f1dbadc1174d065a0a775"
|
||||||
|
dependencies = [
|
||||||
|
"actix-utils",
|
||||||
|
"actix-web",
|
||||||
|
"base64 0.21.2",
|
||||||
|
"futures-core",
|
||||||
|
"futures-util",
|
||||||
|
"log",
|
||||||
|
"pin-project-lite",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "actix-web-prom"
|
name = "actix-web-prom"
|
||||||
version = "0.6.0"
|
version = "0.6.0"
|
||||||
|
@ -2672,6 +2687,7 @@ version = "0.18.1"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"activitypub_federation",
|
"activitypub_federation",
|
||||||
"actix-web",
|
"actix-web",
|
||||||
|
"actix-web-httpauth",
|
||||||
"async-trait",
|
"async-trait",
|
||||||
"bcrypt",
|
"bcrypt",
|
||||||
"chrono",
|
"chrono",
|
||||||
|
@ -2867,6 +2883,7 @@ dependencies = [
|
||||||
"activitypub_federation",
|
"activitypub_federation",
|
||||||
"actix-cors",
|
"actix-cors",
|
||||||
"actix-web",
|
"actix-web",
|
||||||
|
"actix-web-httpauth",
|
||||||
"actix-web-prom",
|
"actix-web-prom",
|
||||||
"chrono",
|
"chrono",
|
||||||
"clap",
|
"clap",
|
||||||
|
|
|
@ -83,6 +83,7 @@ actix-web = { version = "4.3.1", default-features = false, features = [
|
||||||
"compress-gzip",
|
"compress-gzip",
|
||||||
"compress-zstd",
|
"compress-zstd",
|
||||||
] }
|
] }
|
||||||
|
actix-web-httpauth = "0.8.1"
|
||||||
tracing = "0.1.37"
|
tracing = "0.1.37"
|
||||||
tracing-actix-web = { version = "0.7.5", default-features = false }
|
tracing-actix-web = { version = "0.7.5", default-features = false }
|
||||||
tracing-error = "0.2.0"
|
tracing-error = "0.2.0"
|
||||||
|
@ -169,3 +170,4 @@ actix-web-prom = { version = "0.6.0", optional = true }
|
||||||
serial_test = { workspace = true }
|
serial_test = { workspace = true }
|
||||||
clap = { version = "4.3.19", features = ["derive"] }
|
clap = { version = "4.3.19", features = ["derive"] }
|
||||||
lemmy_federate = { version = "0.18.1", path = "crates/federate" }
|
lemmy_federate = { version = "0.18.1", path = "crates/federate" }
|
||||||
|
actix-web-httpauth = { workspace = true }
|
||||||
|
|
|
@ -18,6 +18,7 @@ activitypub_federation = { workspace = true }
|
||||||
bcrypt = { workspace = true }
|
bcrypt = { workspace = true }
|
||||||
serde = { workspace = true }
|
serde = { workspace = true }
|
||||||
actix-web = { workspace = true }
|
actix-web = { workspace = true }
|
||||||
|
actix-web-httpauth = { workspace = true }
|
||||||
tracing = { workspace = true }
|
tracing = { workspace = true }
|
||||||
url = { workspace = true }
|
url = { workspace = true }
|
||||||
async-trait = { workspace = true }
|
async-trait = { workspace = true }
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Subproject commit 1c42c579460871de7b4ea18e58dc25543b80d289
|
Subproject commit a0f95fc29b7501156b6d8bbb504b1e787b5769e7
|
|
@ -2,17 +2,15 @@ use actix_web::{
|
||||||
body::MessageBody,
|
body::MessageBody,
|
||||||
cookie::SameSite,
|
cookie::SameSite,
|
||||||
dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
|
dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
|
||||||
http::header::CACHE_CONTROL,
|
http::header::{Header, CACHE_CONTROL},
|
||||||
Error,
|
Error, HttpMessage,
|
||||||
HttpMessage,
|
|
||||||
};
|
};
|
||||||
|
use actix_web_httpauth::headers::authorization::{Authorization, Bearer};
|
||||||
use chrono::{DateTime, Utc};
|
use chrono::{DateTime, Utc};
|
||||||
use core::future::Ready;
|
use core::future::Ready;
|
||||||
use futures_util::future::LocalBoxFuture;
|
use futures_util::future::LocalBoxFuture;
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext, lemmy_db_views::structs::LocalUserView, utils::check_user_valid,
|
||||||
lemmy_db_views::structs::LocalUserView,
|
|
||||||
utils::check_user_valid,
|
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::newtypes::LocalUserId;
|
use lemmy_db_schema::newtypes::LocalUserId;
|
||||||
use lemmy_utils::{
|
use lemmy_utils::{
|
||||||
|
@ -76,13 +74,9 @@ where
|
||||||
let context = self.context.clone();
|
let context = self.context.clone();
|
||||||
|
|
||||||
Box::pin(async move {
|
Box::pin(async move {
|
||||||
// Try reading jwt from auth header
|
let auth_header = Authorization::<Bearer>::parse(&req).ok();
|
||||||
let auth_header = req
|
|
||||||
.headers()
|
|
||||||
.get(AUTH_COOKIE_NAME)
|
|
||||||
.and_then(|h| h.to_str().ok());
|
|
||||||
let jwt = if let Some(a) = auth_header {
|
let jwt = if let Some(a) = auth_header {
|
||||||
Some(a.to_string())
|
Some(a.as_ref().token().to_string())
|
||||||
}
|
}
|
||||||
// If that fails, try auth cookie. Dont use the `jwt` cookie from lemmy-ui because
|
// If that fails, try auth cookie. Dont use the `jwt` cookie from lemmy-ui because
|
||||||
// its not http-only.
|
// its not http-only.
|
||||||
|
|
Loading…
Reference in a new issue