jackz/storage
1
0
Fork 0
mirror of https://github.com/Jackzmc/storage.git synced 2025-05-05 17:03:21 +00:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

Minor changes

Browse source
This commit is contained in:
Jackzie 2025-04-20 21:03:29 -05:00
parent e13f080d91
commit 8f69de989b
2 changed files with 18 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

20
src/managers/sso.rs
View file

@ -3,7 +3,7 @@ use std::net::IpAddr;
use std::sync::{Arc, LazyLock};
use std::time::Duration;
use anyhow::anyhow;
use log::warn;
use log::{info, warn};
use moka::future::Cache;
use openidconnect::core::{CoreAuthDisplay, CoreAuthPrompt, CoreClaimName, CoreClient, CoreErrorResponseType, CoreGenderClaim, CoreJsonWebKey, CoreJweContentEncryptionAlgorithm, CoreProviderMetadata, CoreRevocableToken, CoreRevocationErrorResponse, CoreTokenIntrospectionResponse, CoreTokenResponse};
use openidconnect::http::{HeaderMap, HeaderValue};
@ -40,7 +40,8 @@ impl SSO {
pub async fn create(config: &AppConfig) -> Self {
let oidc_config = config.auth.oidc.as_ref().expect("OIDC config not provided");
let referer = config.general.get_public_url().domain().map(|s| s.to_string());
let http_client = SSO::setup_http_client(referer, None);
let proxy_settings = SSO::setup_proxy();
let http_client = SSO::setup_http_client(referer, proxy_settings);
let issuer_url = IssuerUrl::new(oidc_config.issuer_url.to_string()).expect("bad issuer url");
let client_id = ClientId::new(oidc_config.client_id.to_string());
let client_secret = Some(ClientSecret::new(oidc_config.client_secret.to_string()));
@ -63,6 +64,16 @@ impl SSO {
.build()
}
fn setup_proxy() -> Option<HttpProxySettings> {
if let Ok(proxy_url) = var("DEV_PROXY_URL") {
return Some(HttpProxySettings {
url: proxy_url,
disable_cert_check: var("DEV_PROXY_DANGER_DISABLE_CERT_CHECK").is_ok()
})
}
None
}
fn setup_http_client(referer: Option<String>, proxy_settings: Option<HttpProxySettings>) -> reqwest::Client {
let mut headers = HeaderMap::new();
// TODO: pull from config.
@ -75,7 +86,10 @@ impl SSO {
.redirect(reqwest::redirect::Policy::none())
.default_headers(headers);
if let Some(proxy) = proxy_settings {
warn!("DANGER_DEV_PROXY set, requests are being proxied & ignoring certificates");
info!("Using proxy url: {}", proxy.url);
if proxy.disable_cert_check {
warn!("!! DEV_PROXY_DANGER_DISABLE_CERT_CHECK is set: requests are proxied, ignoring certificates");
}
builder = builder
.proxy(reqwest::Proxy::https(proxy.url).unwrap())
.danger_accept_invalid_certs(proxy.disable_cert_check);

1
src/routes/ui/auth/sso.rs
View file

@ -105,6 +105,7 @@ pub async fn callback(session: Session<'_, SessionData>, ip: IpAddr, sso: &State
error: e.to_string()
})))?;
debug!("user={:?}\nemail={:?}\nname={:?}", userinfo.subject(), userinfo.email(), userinfo.name());
// TODO: rest of user login, map to existing user / create user, etc blah blah
let return_to = return_to.unwrap_or("/".to_string());
Ok(HackyRedirectBecauseRocketBug {
inner: "Login successful, redirecting...".to_string(),