rust/lootalot
1
0
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

adds logic for magic link authentication

Browse Source
This commit is contained in:
Arthur Gerbaud
2019-11-14 12:30:57 +01:00
parent 988cdc97e2
commit 9d84a5ac62
2 changed files with 48 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.toml
View File

@@ -7,6 +7,7 @@ edition = "2018"
[dependencies] [dependencies]
actix-web = "1.0.*" actix-web = "1.0.*"
actix-files = "*" actix-files = "*"
actix-identity = "*"
lootalot-db = { version = "0.1", path = "./lootalot_db" } lootalot-db = { version = "0.1", path = "./lootalot_db" }
dotenv = "*" dotenv = "*"
env_logger = "*" env_logger = "*"

50
src/server.rs
View File

@@ -1,6 +1,10 @@
use actix_cors::Cors; use actix_cors::Cors;
use actix_files as fs; use actix_files as fs;
use actix_web::{middleware, web, App, Either, Error, HttpResponse, HttpServer}; use actix_identity::{CookieIdentityPolicy, Identity, IdentityService};
use actix_web::{
http::{header, StatusCode},
middleware, web, App, Either, Error, HttpResponse, HttpServer,
};
use futures::Future; use futures::Future;
use std::env; use std::env;
@@ -17,7 +21,6 @@ type NewGroupLoot = web::Json<api::NewGroupLoot>;
type MaybeForbidden = type MaybeForbidden =
actix_web::Either<Box<dyn Future<Item = HttpResponse, Error = Error>>, HttpResponse>; actix_web::Either<Box<dyn Future<Item = HttpResponse, Error = Error>>, HttpResponse>;
/// Wraps call to the database query and convert its result as a async HttpResponse /// Wraps call to the database query and convert its result as a async HttpResponse
fn db_call( fn db_call(
pool: AppPool, pool: AppPool,
@@ -136,23 +139,64 @@ fn configure_api(config: &mut web::ServiceConfig) {
); );
} }
#[derive(Deserialize)]
struct AuthRequest {
key: i32,
}
fn login(id: Identity, key: web::Query<AuthRequest>) -> HttpResponse {
id.remember(key.key.to_string());
HttpResponse::build(StatusCode::TEMPORARY_REDIRECT)
.header(header::LOCATION, "/")
.finish()
}
fn logout(id: Identity) -> HttpResponse {
id.forget();
HttpResponse::build(StatusCode::TEMPORARY_REDIRECT)
.header(header::LOCATION, "/")
.finish()
}
/// This endpoint shall be called by client,
/// at initialization, to retrieve the current
/// logging session info.
fn enter_session(id: Identity) -> HttpResponse {
if let Some(user_id) = id.identity() {
HttpResponse::Ok().json(user_id)
} else {
HttpResponse::Forbidden().finish()
}
}
pub fn serve() -> std::io::Result<()> { pub fn serve() -> std::io::Result<()> {
let www_root: String = env::var("WWW_ROOT").expect("WWW_ROOT must be set"); let www_root: String = env::var("WWW_ROOT").expect("WWW_ROOT must be set");
let pool = db::create_pool(); let pool = db::create_pool();
dbg!(&www_root); dbg!(&www_root);
let key = [0; 32];
let domain = "http://localhost:8088";
HttpServer::new(move || { HttpServer::new(move || {
App::new() App::new()
.data(pool.clone()) .data(pool.clone())
.configure(configure_api) .configure(configure_api)
.wrap( .wrap(
Cors::new() Cors::new()
.allowed_origin("http://localhost:8088") .allowed_origin(domain)
.allowed_methods(vec!["GET", "POST", "PUT", "DELETE", "OPTIONS"]) .allowed_methods(vec!["GET", "POST", "PUT", "DELETE", "OPTIONS"])
.max_age(3600), .max_age(3600),
) )
.wrap(IdentityService::new(
CookieIdentityPolicy::new(&key)
.name("logged-in")
.secure(false),
))
//.wrap(middleware::Logger::default()) //.wrap(middleware::Logger::default())
.wrap(middleware::Logger::new("%r -> %s (%{User-Agent}i)")) .wrap(middleware::Logger::new("%r -> %s (%{User-Agent}i)"))
.route("/session", web::get().to(enter_session))
.route("/login", web::get().to(login))
.route("/logout", web::get().to(logout))
.service(fs::Files::new("/", www_root.clone()).index_file("index.html")) .service(fs::Files::new("/", www_root.clone()).index_file("index.html"))
}) })
.bind("127.0.0.1:8088")? .bind("127.0.0.1:8088")?