mirror of
https://github.com/lennart-k/rustical.git
synced 2025-12-14 10:32:19 +00:00
Move session middleware outside such that we can access webdav endpoints from the frontend
This commit is contained in:
Lennart
@@ -14,10 +14,6 @@ use rustical_store::{
|
|||||||
auth::{AuthenticationProvider, middleware::AuthenticationLayer},
|
auth::{AuthenticationProvider, middleware::AuthenticationLayer},
|
||||||
};
|
};
|
||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
use tower_sessions::{
|
|
||||||
Expiry, SessionManagerLayer, SessionStore,
|
|
||||||
cookie::{SameSite, time::Duration},
|
|
||||||
};
|
|
||||||
use url::Url;
|
use url::Url;
|
||||||
|
|
||||||
mod assets;
|
mod assets;
|
||||||
@@ -45,19 +41,13 @@ use crate::{
|
|||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
pub fn frontend_router<
|
pub fn frontend_router<AP: AuthenticationProvider, CS: CalendarStore, AS: AddressbookStore>(
|
||||||
AP: AuthenticationProvider,
|
|
||||||
CS: CalendarStore,
|
|
||||||
AS: AddressbookStore,
|
|
||||||
S: SessionStore + Clone,
|
|
||||||
>(
|
|
||||||
prefix: &'static str,
|
prefix: &'static str,
|
||||||
auth_provider: Arc<AP>,
|
auth_provider: Arc<AP>,
|
||||||
cal_store: Arc<CS>,
|
cal_store: Arc<CS>,
|
||||||
addr_store: Arc<AS>,
|
addr_store: Arc<AS>,
|
||||||
frontend_config: FrontendConfig,
|
frontend_config: FrontendConfig,
|
||||||
oidc_config: Option<OidcConfig>,
|
oidc_config: Option<OidcConfig>,
|
||||||
session_store: S,
|
|
||||||
) -> Router {
|
) -> Router {
|
||||||
let mut router = Router::new();
|
let mut router = Router::new();
|
||||||
router = router
|
router = router
|
||||||
@@ -123,12 +113,6 @@ pub fn frontend_router<
|
|||||||
|
|
||||||
router = router
|
router = router
|
||||||
.layer(AuthenticationLayer::new(auth_provider.clone()))
|
.layer(AuthenticationLayer::new(auth_provider.clone()))
|
||||||
.layer(
|
|
||||||
SessionManagerLayer::new(session_store)
|
|
||||||
.with_secure(true)
|
|
||||||
.with_same_site(SameSite::Strict)
|
|
||||||
.with_expiry(Expiry::OnInactivity(Duration::hours(2))),
|
|
||||||
)
|
|
||||||
.layer(Extension(auth_provider.clone()))
|
.layer(Extension(auth_provider.clone()))
|
||||||
.layer(Extension(cal_store.clone()))
|
.layer(Extension(cal_store.clone()))
|
||||||
.layer(Extension(addr_store.clone()))
|
.layer(Extension(addr_store.clone()))
|
||||||
|
|||||||
@@ -1,3 +1,4 @@
|
|||||||
|
use crate::unauthorized_handler;
|
||||||
use axum::routing::{get, post};
|
use axum::routing::{get, post};
|
||||||
use axum::{Extension, Router, middleware};
|
use axum::{Extension, Router, middleware};
|
||||||
use chrono::{DateTime, Utc};
|
use chrono::{DateTime, Utc};
|
||||||
@@ -8,11 +9,6 @@ use serde::{Deserialize, Serialize};
|
|||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
use tokio::sync::RwLock;
|
use tokio::sync::RwLock;
|
||||||
use tower_sessions::cookie::SameSite;
|
|
||||||
use tower_sessions::cookie::time::Duration;
|
|
||||||
use tower_sessions::{Expiry, SessionManagerLayer, SessionStore};
|
|
||||||
|
|
||||||
use crate::unauthorized_handler;
|
|
||||||
mod routes;
|
mod routes;
|
||||||
|
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
@@ -50,10 +46,9 @@ pub struct NextcloudFlows {
|
|||||||
flows: RwLock<HashMap<String, NextcloudFlow>>,
|
flows: RwLock<HashMap<String, NextcloudFlow>>,
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn nextcloud_login_router<AP: AuthenticationProvider, S: SessionStore + Clone>(
|
pub fn nextcloud_login_router<AP: AuthenticationProvider>(
|
||||||
nextcloud_flows_state: Arc<NextcloudFlows>,
|
nextcloud_flows_state: Arc<NextcloudFlows>,
|
||||||
auth_provider: Arc<AP>,
|
auth_provider: Arc<AP>,
|
||||||
session_store: S,
|
|
||||||
) -> Router {
|
) -> Router {
|
||||||
Router::new()
|
Router::new()
|
||||||
.route("/poll/{flow}", post(post_nextcloud_poll::<AP>))
|
.route("/poll/{flow}", post(post_nextcloud_poll::<AP>))
|
||||||
@@ -65,11 +60,5 @@ pub fn nextcloud_login_router<AP: AuthenticationProvider, S: SessionStore + Clon
|
|||||||
.layer(Extension(nextcloud_flows_state))
|
.layer(Extension(nextcloud_flows_state))
|
||||||
.layer(Extension(auth_provider.clone()))
|
.layer(Extension(auth_provider.clone()))
|
||||||
.layer(AuthenticationLayer::new(auth_provider.clone()))
|
.layer(AuthenticationLayer::new(auth_provider.clone()))
|
||||||
.layer(
|
|
||||||
SessionManagerLayer::new(session_store)
|
|
||||||
.with_secure(true)
|
|
||||||
.with_same_site(SameSite::Strict)
|
|
||||||
.with_expiry(Expiry::OnInactivity(Duration::hours(2))),
|
|
||||||
)
|
|
||||||
.layer(middleware::from_fn(unauthorized_handler))
|
.layer(middleware::from_fn(unauthorized_handler))
|
||||||
}
|
}
|
||||||
|
|||||||
28
src/app.rs
28
src/app.rs
@@ -12,7 +12,8 @@ use std::sync::Arc;
|
|||||||
use std::time::Duration;
|
use std::time::Duration;
|
||||||
use tower_http::classify::ServerErrorsFailureClass;
|
use tower_http::classify::ServerErrorsFailureClass;
|
||||||
use tower_http::trace::TraceLayer;
|
use tower_http::trace::TraceLayer;
|
||||||
use tower_sessions::MemoryStore;
|
use tower_sessions::cookie::SameSite;
|
||||||
|
use tower_sessions::{Expiry, MemoryStore, SessionManagerLayer};
|
||||||
use tracing::Span;
|
use tracing::Span;
|
||||||
|
|
||||||
use crate::config::NextcloudLoginConfig;
|
use crate::config::NextcloudLoginConfig;
|
||||||
@@ -52,28 +53,35 @@ pub fn make_app<AS: AddressbookStore, CS: CalendarStore, S: SubscriptionStore>(
|
|||||||
addr_store.clone(),
|
addr_store.clone(),
|
||||||
frontend_config,
|
frontend_config,
|
||||||
oidc_config,
|
oidc_config,
|
||||||
session_store.clone(),
|
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
if nextcloud_login_config.enabled {
|
if nextcloud_login_config.enabled {
|
||||||
router = router.nest(
|
router = router.nest(
|
||||||
"/index.php/login/v2",
|
"/index.php/login/v2",
|
||||||
nextcloud_login_router(
|
nextcloud_login_router(nextcloud_flows_state, auth_provider.clone()),
|
||||||
nextcloud_flows_state,
|
|
||||||
auth_provider.clone(),
|
|
||||||
session_store.clone(),
|
|
||||||
),
|
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
router.layer(
|
router
|
||||||
|
.layer(
|
||||||
|
SessionManagerLayer::new(session_store)
|
||||||
|
.with_secure(true)
|
||||||
|
.with_same_site(SameSite::Strict)
|
||||||
|
.with_expiry(Expiry::OnInactivity(
|
||||||
|
tower_sessions::cookie::time::Duration::hours(2),
|
||||||
|
)),
|
||||||
|
)
|
||||||
|
.layer(
|
||||||
TraceLayer::new_for_http()
|
TraceLayer::new_for_http()
|
||||||
.make_span_with(|request: &Request| {
|
.make_span_with(|request: &Request| {
|
||||||
tracing::debug_span!(
|
tracing::debug_span!(
|
||||||
"http-request",
|
"http-request",
|
||||||
status_code = tracing::field::Empty,
|
status_code = tracing::field::Empty,
|
||||||
otel.name =
|
otel.name = tracing::field::display(format!(
|
||||||
tracing::field::display(format!("{} {}", request.method(), request.uri())),
|
"{} {}",
|
||||||
|
request.method(),
|
||||||
|
request.uri()
|
||||||
|
)),
|
||||||
)
|
)
|
||||||
})
|
})
|
||||||
.on_request(|_req: &Request, _span: &Span| {})
|
.on_request(|_req: &Request, _span: &Span| {})
|
||||||
|
|||||||
@@ -10,7 +10,6 @@ use config::{DataStoreConfig, SqliteDataStoreConfig};
|
|||||||
use figment::Figment;
|
use figment::Figment;
|
||||||
use figment::providers::{Env, Format, Toml};
|
use figment::providers::{Env, Format, Toml};
|
||||||
use rustical_dav_push::DavPushController;
|
use rustical_dav_push::DavPushController;
|
||||||
use rustical_dav_push::notifier::push_notifier;
|
|
||||||
use rustical_frontend::nextcloud_login::NextcloudFlows;
|
use rustical_frontend::nextcloud_login::NextcloudFlows;
|
||||||
use rustical_store::auth::AuthenticationProvider;
|
use rustical_store::auth::AuthenticationProvider;
|
||||||
use rustical_store::{AddressbookStore, CalendarStore, CollectionOperation, SubscriptionStore};
|
use rustical_store::{AddressbookStore, CalendarStore, CollectionOperation, SubscriptionStore};
|
||||||
|
|||||||
Reference in New Issue
Block a user