diff options
author | Vincent Ambo <tazjin@gmail.com> | 2018-04-09T07·10+0200 |
---|---|---|
committer | Vincent Ambo <tazjin@gmail.com> | 2018-04-09T07·11+0200 |
commit | ef5e8ec8bd2cf06cdc48b7d77ec9a85b370b4433 (patch) | |
tree | 877010e87ee3451f588c39b5a61a2b481d3a38f3 /src/handlers.rs | |
parent | d91dec28f8aa1eacbcce697f232902ad09d79523 (diff) |
feat(handlers): Add RequireLogin middleware
Adds a middleware that automatically redirects users to the login page if they don't have an active session (i.e. 'author' set).
Diffstat (limited to 'src/handlers.rs')
-rw-r--r-- | src/handlers.rs | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/src/handlers.rs b/src/handlers.rs index 0531bb1742e7..e709fdd2023c 100644 --- a/src/handlers.rs +++ b/src/handlers.rs @@ -6,8 +6,9 @@ //! project root. use actix::prelude::{Addr, Syn}; +use actix_web; use actix_web::*; -use actix_web::middleware::RequestSession; +use actix_web::middleware::{Started, Middleware, RequestSession}; use db::*; use errors::{Result, ConverseError}; use futures::Future; @@ -120,6 +121,8 @@ pub fn login(state: State<AppState>) -> ConverseResponse { .responder() } +const AUTHOR: &'static str = "author"; + pub fn callback(state: State<AppState>, data: Form<CodeResponse>, mut req: HttpRequest<AppState>) -> ConverseResponse { @@ -128,10 +131,30 @@ pub fn callback(state: State<AppState>, .and_then(move |result| { let author = result?; info!("Setting cookie for {} after callback", author.name); - req.session().set("author_name", author.name)?; - req.session().set("author_email", author.email)?; + req.session().set(AUTHOR, author)?; Ok(HttpResponse::SeeOther() .header("Location", "/") .finish())}) .responder() } + + +/// Middleware used to enforce logins unceremonially. +pub struct RequireLogin; + +impl <S> Middleware<S> for RequireLogin { + fn start(&self, req: &mut HttpRequest<S>) -> actix_web::Result<Started> { + let has_author = req.session().get::<Author>(AUTHOR)?.is_some(); + let is_oidc_req = req.path().starts_with("/oidc"); + + if !is_oidc_req && !has_author { + Ok(Started::Response( + HttpResponse::SeeOther() + .header("Location", "/oidc/login") + .finish() + )) + } else { + Ok(Started::Done) + } + } +} |