Enable config option for secure auth cookies
All checks were successful
Push Workflows / rustfmt (push) Successful in 16s
Push Workflows / tailwind-build (push) Successful in 15s
Push Workflows / test (push) Successful in 27s
Push Workflows / docs (push) Successful in 25s
Push Workflows / clippy (push) Successful in 19s
Push Workflows / build (push) Successful in 50s
Push Workflows / nix-build (push) Successful in 5m13s
All checks were successful
Push Workflows / rustfmt (push) Successful in 16s
Push Workflows / tailwind-build (push) Successful in 15s
Push Workflows / test (push) Successful in 27s
Push Workflows / docs (push) Successful in 25s
Push Workflows / clippy (push) Successful in 19s
Push Workflows / build (push) Successful in 50s
Push Workflows / nix-build (push) Successful in 5m13s
Enable by default in release mode
This commit is contained in:
@@ -109,12 +109,12 @@ pub async fn get_user_by_username(
|
||||
}
|
||||
|
||||
/// Create the authentication middleware layer
|
||||
pub fn build_auth_layer(db_pool: DbPool, key_val_pool: KeyValPool) -> AuthLayer {
|
||||
pub fn build_auth_layer(db_pool: DbPool, key_val_pool: KeyValPool, use_secure: bool) -> AuthLayer {
|
||||
use axum_login::{AuthManagerLayerBuilder, tower_sessions::SessionManagerLayer};
|
||||
use tower_sessions_redis_store::RedisStore;
|
||||
|
||||
let auth_session_store = RedisStore::new(key_val_pool);
|
||||
let session_layer = SessionManagerLayer::new(auth_session_store);
|
||||
let session_layer = SessionManagerLayer::new(auth_session_store).with_secure(use_secure);
|
||||
|
||||
let auth_backend = AuthBackend { db_pool };
|
||||
|
||||
|
||||
@@ -1,8 +1,13 @@
|
||||
use serde::Deserialize;
|
||||
|
||||
/// Enable secure cookies by default only in release mode
|
||||
/// (Secure cookies can't be set over HTTP. Rough assumption: development is done over HTTP)
|
||||
const DEFAULT_COOKIES_SECURE: bool = cfg!(not(debug_assertions));
|
||||
|
||||
#[derive(Debug, Clone, Deserialize)]
|
||||
pub struct AuthConfig {
|
||||
pub open_signup: bool,
|
||||
pub cookies_secure: bool,
|
||||
}
|
||||
|
||||
/// Build a connection URI from parts
|
||||
@@ -153,6 +158,7 @@ pub fn load_config() -> Result<Config, config::ConfigError> {
|
||||
config::Config::builder()
|
||||
.set_default("server.port", 8080)?
|
||||
.set_default("auth.open_signup", false)?
|
||||
.set_default("auth.cookies_secure", DEFAULT_COOKIES_SECURE)?
|
||||
.add_source(File::with_name(&format!("/etc/{pkg_name}/config")).required(false))
|
||||
.add_source(File::with_name(&format!("/etc/{pkg_name}")).required(false))
|
||||
.add_source(File::with_name("config").required(false))
|
||||
|
||||
@@ -34,7 +34,7 @@ async fn router_setup() -> Result<Router> {
|
||||
.await
|
||||
.err_context("Failed key-value store setup")?;
|
||||
|
||||
let auth_layer = build_auth_layer(db_pool.clone(), key_val_pool);
|
||||
let auth_layer = build_auth_layer(db_pool.clone(), key_val_pool, config.auth.cookies_secure);
|
||||
|
||||
let router = dioxus::server::router(App)
|
||||
.layer(from_fn(require_auth_middleware))
|
||||
|
||||
Reference in New Issue
Block a user