Enable config option for secure auth cookies
All checks were successful
Push Workflows / rustfmt (push) Successful in 16s
Push Workflows / tailwind-build (push) Successful in 15s
Push Workflows / test (push) Successful in 27s
Push Workflows / docs (push) Successful in 25s
Push Workflows / clippy (push) Successful in 19s
Push Workflows / build (push) Successful in 50s
Push Workflows / nix-build (push) Successful in 5m13s
All checks were successful
Push Workflows / rustfmt (push) Successful in 16s
Push Workflows / tailwind-build (push) Successful in 15s
Push Workflows / test (push) Successful in 27s
Push Workflows / docs (push) Successful in 25s
Push Workflows / clippy (push) Successful in 19s
Push Workflows / build (push) Successful in 50s
Push Workflows / nix-build (push) Successful in 5m13s
Enable by default in release mode
This commit is contained in:
@@ -109,12 +109,12 @@ pub async fn get_user_by_username(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Create the authentication middleware layer
|
/// Create the authentication middleware layer
|
||||||
pub fn build_auth_layer(db_pool: DbPool, key_val_pool: KeyValPool) -> AuthLayer {
|
pub fn build_auth_layer(db_pool: DbPool, key_val_pool: KeyValPool, use_secure: bool) -> AuthLayer {
|
||||||
use axum_login::{AuthManagerLayerBuilder, tower_sessions::SessionManagerLayer};
|
use axum_login::{AuthManagerLayerBuilder, tower_sessions::SessionManagerLayer};
|
||||||
use tower_sessions_redis_store::RedisStore;
|
use tower_sessions_redis_store::RedisStore;
|
||||||
|
|
||||||
let auth_session_store = RedisStore::new(key_val_pool);
|
let auth_session_store = RedisStore::new(key_val_pool);
|
||||||
let session_layer = SessionManagerLayer::new(auth_session_store);
|
let session_layer = SessionManagerLayer::new(auth_session_store).with_secure(use_secure);
|
||||||
|
|
||||||
let auth_backend = AuthBackend { db_pool };
|
let auth_backend = AuthBackend { db_pool };
|
||||||
|
|
||||||
|
|||||||
@@ -1,8 +1,13 @@
|
|||||||
use serde::Deserialize;
|
use serde::Deserialize;
|
||||||
|
|
||||||
|
/// Enable secure cookies by default only in release mode
|
||||||
|
/// (Secure cookies can't be set over HTTP. Rough assumption: development is done over HTTP)
|
||||||
|
const DEFAULT_COOKIES_SECURE: bool = cfg!(not(debug_assertions));
|
||||||
|
|
||||||
#[derive(Debug, Clone, Deserialize)]
|
#[derive(Debug, Clone, Deserialize)]
|
||||||
pub struct AuthConfig {
|
pub struct AuthConfig {
|
||||||
pub open_signup: bool,
|
pub open_signup: bool,
|
||||||
|
pub cookies_secure: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Build a connection URI from parts
|
/// Build a connection URI from parts
|
||||||
@@ -153,6 +158,7 @@ pub fn load_config() -> Result<Config, config::ConfigError> {
|
|||||||
config::Config::builder()
|
config::Config::builder()
|
||||||
.set_default("server.port", 8080)?
|
.set_default("server.port", 8080)?
|
||||||
.set_default("auth.open_signup", false)?
|
.set_default("auth.open_signup", false)?
|
||||||
|
.set_default("auth.cookies_secure", DEFAULT_COOKIES_SECURE)?
|
||||||
.add_source(File::with_name(&format!("/etc/{pkg_name}/config")).required(false))
|
.add_source(File::with_name(&format!("/etc/{pkg_name}/config")).required(false))
|
||||||
.add_source(File::with_name(&format!("/etc/{pkg_name}")).required(false))
|
.add_source(File::with_name(&format!("/etc/{pkg_name}")).required(false))
|
||||||
.add_source(File::with_name("config").required(false))
|
.add_source(File::with_name("config").required(false))
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ async fn router_setup() -> Result<Router> {
|
|||||||
.await
|
.await
|
||||||
.err_context("Failed key-value store setup")?;
|
.err_context("Failed key-value store setup")?;
|
||||||
|
|
||||||
let auth_layer = build_auth_layer(db_pool.clone(), key_val_pool);
|
let auth_layer = build_auth_layer(db_pool.clone(), key_val_pool, config.auth.cookies_secure);
|
||||||
|
|
||||||
let router = dioxus::server::router(App)
|
let router = dioxus::server::router(App)
|
||||||
.layer(from_fn(require_auth_middleware))
|
.layer(from_fn(require_auth_middleware))
|
||||||
|
|||||||
Reference in New Issue
Block a user