Enable config option for secure auth cookies
All checks were successful
Push Workflows / rustfmt (push) Successful in 16s
Push Workflows / tailwind-build (push) Successful in 15s
Push Workflows / test (push) Successful in 27s
Push Workflows / docs (push) Successful in 25s
Push Workflows / clippy (push) Successful in 19s
Push Workflows / build (push) Successful in 50s
Push Workflows / nix-build (push) Successful in 5m13s

Enable by default in release mode
This commit is contained in:
2026-06-28 13:48:31 -04:00
parent 142182af74
commit 4466396259
3 changed files with 9 additions and 3 deletions

View File

@@ -109,12 +109,12 @@ pub async fn get_user_by_username(
}
/// Create the authentication middleware layer
pub fn build_auth_layer(db_pool: DbPool, key_val_pool: KeyValPool) -> AuthLayer {
pub fn build_auth_layer(db_pool: DbPool, key_val_pool: KeyValPool, use_secure: bool) -> AuthLayer {
use axum_login::{AuthManagerLayerBuilder, tower_sessions::SessionManagerLayer};
use tower_sessions_redis_store::RedisStore;
let auth_session_store = RedisStore::new(key_val_pool);
let session_layer = SessionManagerLayer::new(auth_session_store);
let session_layer = SessionManagerLayer::new(auth_session_store).with_secure(use_secure);
let auth_backend = AuthBackend { db_pool };

View File

@@ -1,8 +1,13 @@
use serde::Deserialize;
/// Enable secure cookies by default only in release mode
/// (Secure cookies can't be set over HTTP. Rough assumption: development is done over HTTP)
const DEFAULT_COOKIES_SECURE: bool = cfg!(not(debug_assertions));
#[derive(Debug, Clone, Deserialize)]
pub struct AuthConfig {
pub open_signup: bool,
pub cookies_secure: bool,
}
/// Build a connection URI from parts
@@ -153,6 +158,7 @@ pub fn load_config() -> Result<Config, config::ConfigError> {
config::Config::builder()
.set_default("server.port", 8080)?
.set_default("auth.open_signup", false)?
.set_default("auth.cookies_secure", DEFAULT_COOKIES_SECURE)?
.add_source(File::with_name(&format!("/etc/{pkg_name}/config")).required(false))
.add_source(File::with_name(&format!("/etc/{pkg_name}")).required(false))
.add_source(File::with_name("config").required(false))

View File

@@ -34,7 +34,7 @@ async fn router_setup() -> Result<Router> {
.await
.err_context("Failed key-value store setup")?;
let auth_layer = build_auth_layer(db_pool.clone(), key_val_pool);
let auth_layer = build_auth_layer(db_pool.clone(), key_val_pool, config.auth.cookies_secure);
let router = dioxus::server::router(App)
.layer(from_fn(require_auth_middleware))