rust/lootalot
1
0
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

adds RestrictedAccess middleware for api scope

Browse Source
This commit is contained in:
Arthur Gerbaud
2019-11-14 14:23:50 +01:00
parent 9d84a5ac62
commit 61a03f1781
2 changed files with 60 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.toml
View File

@@ -7,6 +7,7 @@ edition = "2018"
[dependencies] [dependencies]
actix-web = "1.0.*" actix-web = "1.0.*"
actix-files = "*" actix-files = "*"
actix-service = "*"
actix-identity = "*" actix-identity = "*"
lootalot-db = { version = "0.1", path = "./lootalot_db" } lootalot-db = { version = "0.1", path = "./lootalot_db" }
dotenv = "*" dotenv = "*"

64
src/server.rs
View File

@@ -1,11 +1,13 @@
use actix_cors::Cors; use actix_cors::Cors;
use actix_files as fs; use actix_files as fs;
use actix_identity::{CookieIdentityPolicy, Identity, IdentityService}; use actix_identity::{CookieIdentityPolicy, Identity, IdentityService, RequestIdentity};
use actix_web::{ use actix_web::{
dev::{ServiceRequest, ServiceResponse},
http::{header, StatusCode}, http::{header, StatusCode},
middleware, web, App, Either, Error, HttpResponse, HttpServer, middleware, web, App, Error, HttpResponse, HttpServer,
}; };
use futures::Future; use actix_service::{Service, Transform};
use futures::{Future, future::{ok, Either, FutureResult}};
use std::env; use std::env;
use crate::api; use crate::api;
@@ -38,9 +40,60 @@ fn db_call(
fn restricted_to_group(id: i32, params: (AppPool, api::ApiActions)) -> MaybeForbidden { fn restricted_to_group(id: i32, params: (AppPool, api::ApiActions)) -> MaybeForbidden {
if id != 0 { if id != 0 {
Either::B(HttpResponse::Forbidden().finish()) actix_web::Either::B(HttpResponse::Forbidden().finish())
} else { } else {
Either::A(Box::new(db_call(params.0, params.1))) actix_web::Either::A(Box::new(db_call(params.0, params.1)))
}
}
struct RestrictedAccess;
impl<S, B> Transform<S> for RestrictedAccess
where
S: Service<Request = ServiceRequest, Response = ServiceResponse<B>, Error = Error>,
S::Future: 'static,
{
type Request = ServiceRequest;
type Response = ServiceResponse<B>;
type Error = Error;
type InitError = ();
type Transform = RestrictedAccessMiddleware<S>;
type Future = FutureResult<Self::Transform, Self::InitError>;
fn new_transform(&self, service: S) -> Self::Future {
ok(RestrictedAccessMiddleware { service })
}
}
struct RestrictedAccessMiddleware<S> {
service: S
}
impl<S, B> Service for RestrictedAccessMiddleware<S>
where
S: Service<Request = ServiceRequest, Response = ServiceResponse<B>, Error = Error>,
S::Future: 'static,
{
type Request = ServiceRequest;
type Response = ServiceResponse<B>;
type Error = Error;
type Future = Either<S::Future, FutureResult<Self::Response, Self::Error>>;
fn poll_ready(&mut self) -> futures::Poll<(), Self::Error> {
self.service.poll_ready()
}
fn call(&mut self, req: ServiceRequest) -> Self::Future {
let is_logged_in = req.get_identity().is_some();
if is_logged_in {
Either::A(self.service.call(req))
} else {
Either::B(ok(req.into_response(
HttpResponse::Forbidden().finish().into_body()
)))
}
} }
} }
@@ -48,6 +101,7 @@ fn configure_api(config: &mut web::ServiceConfig) {
use api::ApiActions as Q; use api::ApiActions as Q;
config.service( config.service(
web::scope("/api") web::scope("/api")
.wrap(RestrictedAccess)
.service( .service(
web::scope("/players") web::scope("/players")
.service( .service(