Move session middleware outside such that we can access webdav endpoints from the frontend

crates/frontend/src/lib.rs

@@ -14,10 +14,6 @@ use rustical_store::{
     auth::{AuthenticationProvider, middleware::AuthenticationLayer},
 };
 use std::sync::Arc;
-use tower_sessions::{
-    Expiry, SessionManagerLayer, SessionStore,
-    cookie::{SameSite, time::Duration},
-};
 use url::Url;
 
 mod assets;
@@ -45,19 +41,13 @@ use crate::{
     },
 };
 
-pub fn frontend_router<
+pub fn frontend_router<AP: AuthenticationProvider, CS: CalendarStore, AS: AddressbookStore>(
-    AP: AuthenticationProvider,
-    CS: CalendarStore,
-    AS: AddressbookStore,
-    S: SessionStore + Clone,
->(
     prefix: &'static str,
     auth_provider: Arc<AP>,
     cal_store: Arc<CS>,
     addr_store: Arc<AS>,
     frontend_config: FrontendConfig,
     oidc_config: Option<OidcConfig>,
-    session_store: S,
 ) -> Router {
     let mut router = Router::new();
     router = router
@@ -123,12 +113,6 @@ pub fn frontend_router<
 
     router = router
         .layer(AuthenticationLayer::new(auth_provider.clone()))
-        .layer(
-            SessionManagerLayer::new(session_store)
-                .with_secure(true)
-                .with_same_site(SameSite::Strict)
-                .with_expiry(Expiry::OnInactivity(Duration::hours(2))),
-        )
         .layer(Extension(auth_provider.clone()))
         .layer(Extension(cal_store.clone()))
         .layer(Extension(addr_store.clone()))

crates/frontend/src/nextcloud_login/mod.rs

@@ -1,3 +1,4 @@
+use crate::unauthorized_handler;
 use axum::routing::{get, post};
 use axum::{Extension, Router, middleware};
 use chrono::{DateTime, Utc};
@@ -8,11 +9,6 @@ use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 use std::sync::Arc;
 use tokio::sync::RwLock;
-use tower_sessions::cookie::SameSite;
-use tower_sessions::cookie::time::Duration;
-use tower_sessions::{Expiry, SessionManagerLayer, SessionStore};
-
-use crate::unauthorized_handler;
 mod routes;
 
 #[derive(Debug, Clone)]
@@ -50,10 +46,9 @@ pub struct NextcloudFlows {
     flows: RwLock<HashMap<String, NextcloudFlow>>,
 }
 
-pub fn nextcloud_login_router<AP: AuthenticationProvider, S: SessionStore + Clone>(
+pub fn nextcloud_login_router<AP: AuthenticationProvider>(
     nextcloud_flows_state: Arc<NextcloudFlows>,
     auth_provider: Arc<AP>,
-    session_store: S,
 ) -> Router {
     Router::new()
         .route("/poll/{flow}", post(post_nextcloud_poll::<AP>))
@@ -65,11 +60,5 @@ pub fn nextcloud_login_router<AP: AuthenticationProvider, S: SessionStore + Clon
         .layer(Extension(nextcloud_flows_state))
         .layer(Extension(auth_provider.clone()))
         .layer(AuthenticationLayer::new(auth_provider.clone()))
-        .layer(
-            SessionManagerLayer::new(session_store)
-                .with_secure(true)
-                .with_same_site(SameSite::Strict)
-                .with_expiry(Expiry::OnInactivity(Duration::hours(2))),
-        )
         .layer(middleware::from_fn(unauthorized_handler))
 }

src/app.rs

@@ -12,7 +12,8 @@ use std::sync::Arc;
 use std::time::Duration;
 use tower_http::classify::ServerErrorsFailureClass;
 use tower_http::trace::TraceLayer;
-use tower_sessions::MemoryStore;
+use tower_sessions::cookie::SameSite;
+use tower_sessions::{Expiry, MemoryStore, SessionManagerLayer};
 use tracing::Span;
 
 use crate::config::NextcloudLoginConfig;
@@ -52,40 +53,47 @@ pub fn make_app<AS: AddressbookStore, CS: CalendarStore, S: SubscriptionStore>(
             addr_store.clone(),
             frontend_config,
             oidc_config,
-            session_store.clone(),
         ));
     }
 
     if nextcloud_login_config.enabled {
         router = router.nest(
             "/index.php/login/v2",
-            nextcloud_login_router(
+            nextcloud_login_router(nextcloud_flows_state, auth_provider.clone()),
-                nextcloud_flows_state,
-                auth_provider.clone(),
-                session_store.clone(),
-            ),
         );
     }
-    router.layer(
+    router
-        TraceLayer::new_for_http()
+        .layer(
-            .make_span_with(|request: &Request| {
+            SessionManagerLayer::new(session_store)
-                tracing::debug_span!(
+                .with_secure(true)
-                    "http-request",
+                .with_same_site(SameSite::Strict)
-                    status_code = tracing::field::Empty,
+                .with_expiry(Expiry::OnInactivity(
-                    otel.name =
+                    tower_sessions::cookie::time::Duration::hours(2),
-                        tracing::field::display(format!("{} {}", request.method(), request.uri())),
+                )),
-                )
+        )
-            })
+        .layer(
-            .on_request(|_req: &Request, _span: &Span| {})
+            TraceLayer::new_for_http()
-            .on_response(|response: &Response, _latency: Duration, span: &Span| {
+                .make_span_with(|request: &Request| {
-                span.record("status_code", tracing::field::display(response.status()));
+                    tracing::debug_span!(
+                        "http-request",
+                        status_code = tracing::field::Empty,
+                        otel.name = tracing::field::display(format!(
+                            "{} {}",
+                            request.method(),
+                            request.uri()
+                        )),
+                    )
+                })
+                .on_request(|_req: &Request, _span: &Span| {})
+                .on_response(|response: &Response, _latency: Duration, span: &Span| {
+                    span.record("status_code", tracing::field::display(response.status()));
 
-                tracing::debug!("response generated")
+                    tracing::debug!("response generated")
-            })
+                })
-            .on_failure(
+                .on_failure(
-                |_error: ServerErrorsFailureClass, _latency: Duration, _span: &Span| {
+                    |_error: ServerErrorsFailureClass, _latency: Duration, _span: &Span| {
-                    tracing::error!("something went wrong")
+                        tracing::error!("something went wrong")
-                },
+                    },
-            ),
+                ),
-    )
+        )
 }

src/main.rs

@@ -10,7 +10,6 @@ use config::{DataStoreConfig, SqliteDataStoreConfig};
 use figment::Figment;
 use figment::providers::{Env, Format, Toml};
 use rustical_dav_push::DavPushController;
-use rustical_dav_push::notifier::push_notifier;
 use rustical_frontend::nextcloud_login::NextcloudFlows;
 use rustical_store::auth::AuthenticationProvider;
 use rustical_store::{AddressbookStore, CalendarStore, CollectionOperation, SubscriptionStore};