diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2022-10-07 21:31:21 -0400 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2022-10-07 21:31:21 -0400 |
| commit | ba57f14611b3a35bc08f01050779f1b4c9fc6090 (patch) | |
| tree | 78fd8eda7686210d58c26054408e94279a5a08a0 | |
| parent | 262471eeed510e36026b17e0ff1b070d88753417 (diff) | |
Add url encoded cookie
| -rw-r--r-- | Cargo.lock | 7 | ||||
| -rw-r--r-- | server/.env | 2 | ||||
| -rw-r--r-- | server/Cargo.toml | 1 | ||||
| -rw-r--r-- | server/src/auth.rs | 10 | ||||
| -rw-r--r-- | server/src/main.rs | 20 | ||||
| -rw-r--r-- | webapp/src/bridge_engine.rs | 4 |
6 files changed, 34 insertions, 10 deletions
@@ -1423,6 +1423,7 @@ dependencies = [ "tower-http", "tracing", "tracing-subscriber", + "urlencoding", "uuid", ] @@ -1853,6 +1854,12 @@ dependencies = [ ] [[package]] +name = "urlencoding" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e8db7427f936968176eaa7cdf81b7f98b980b18495ec28f1b5791ac3bfe3eea9" + +[[package]] name = "uuid" version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" diff --git a/server/.env b/server/.env index a639376..fe7eb8f 100644 --- a/server/.env +++ b/server/.env @@ -1,4 +1,4 @@ -RUST_LOG=info,tower_http=trace +RUST_LOG=info BIND_ADDRESS=[::]:11121 RUST_BACKTRACE=1 OPENID_ISSUER_URL=https://auth.orbekk.com/realms/test diff --git a/server/Cargo.toml b/server/Cargo.toml index 41d3081..92e4730 100644 --- a/server/Cargo.toml +++ b/server/Cargo.toml @@ -20,3 +20,4 @@ lru = "0.8.1" uuid = { version = "1.1.2", features = ["serde", "fast-rng", "v4"] } tower-cookies = "0.7.0" tower = { version = "0.4.13", features = ["full"] } +urlencoding = "2.1.2" diff --git a/server/src/auth.rs b/server/src/auth.rs index ab1ba8b..c5f9e64 100644 --- a/server/src/auth.rs +++ b/server/src/auth.rs @@ -1,7 +1,7 @@ use std::{ env, num::NonZeroUsize, - sync::{Arc, Mutex}, + sync::{Arc, Mutex}, collections::HashMap, }; use lru::LruCache; @@ -12,6 +12,7 @@ use openidconnect::{ AccessTokenHash, AuthenticationFlow, AuthorizationCode, ClientId, ClientSecret, CsrfToken, IssuerUrl, Nonce, OAuth2TokenResponse, PkceCodeChallenge, RedirectUrl, Scope, TokenResponse, }; +use tracing::info; use uuid::Uuid; use serde::{Deserialize, Serialize}; @@ -94,4 +95,11 @@ impl Authenticator { .put(user_id.clone(), LoginState { csrf_token, nonce }); (user_id, auth_url) } + + pub async fn authenticate(&self, user_id: EndUserId, auth_params: HashMap<String, String>) { + let state = self.login_cache.lock().unwrap().pop(&user_id).unwrap(); + info!("state: {:?}, {:?}", state.csrf_token.secret(), state.nonce.secret()); + + // params: {"session_state": "909b9959-041b-4a98-84d0-5f978bc8a679", "code": "2b4e95d1-0000-4b28-b49d-7a9de731e82b.909b9959-041b-4a98-84d0-5f978bc8a679.a382d869-4e34-42f1-a64d-24a224b9d338", "state": "a7Hff_hF_FOCqPCxmA1ZXg + } } diff --git a/server/src/main.rs b/server/src/main.rs index faa895c..d948586 100644 --- a/server/src/main.rs +++ b/server/src/main.rs @@ -1,11 +1,12 @@ -use std::{env, sync::Arc, collections::HashMap}; +use std::{collections::HashMap, env, sync::Arc}; use axum::{ body::Body, extract::{Extension, FromRequest, Query}, http::{request::Parts, Request}, + response::Redirect, routing::get, - Json, Router, response::Redirect, + Json, Router, }; use openidconnect::{ core::{CoreClient, CoreProviderMetadata, CoreResponseType}, @@ -17,10 +18,10 @@ use openidconnect::{ use protocol::UserInfo; use tower_cookies::{Cookie, CookieManagerLayer, Cookies}; use tower_http::trace::TraceLayer; -use tracing::{info, trace}; +use tracing::{debug, info, trace}; use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt}; mod auth; -use crate::auth::Authenticator; +use crate::auth::{Authenticator, EndUserId}; struct ServerContext { pub app_url: String, @@ -89,17 +90,24 @@ async fn user_info() -> Json<Option<UserInfo>> { async fn login_callback( cookies: Cookies, Query(params): Query<HashMap<String, String>>, + extension: ContextExtension, ) -> () { + let cookie = cookies.get("user-id").unwrap(); + let user_id: EndUserId = + serde_json::from_str(&urlencoding::decode(cookie.value()).unwrap()).unwrap(); + info!("cookie: {cookie:?}"); info!("params: {params:?}"); + extension.authenticator.authenticate(user_id, params).await; () } async fn login(cookies: Cookies, extension: ContextExtension) -> Redirect { let (user_id, auth_url) = extension.authenticator.get_login_url().await; - trace!("Creating auth url for {user_id:?}"); + info!("Creating auth url for {user_id:?}"); + let user_id = serde_json::to_string(&user_id).unwrap(); cookies.add(Cookie::new( "user-id", - serde_json::to_string(&user_id).unwrap(), + urlencoding::encode(&user_id).to_string(), )); Redirect::temporary(auth_url.as_str()) } diff --git a/webapp/src/bridge_engine.rs b/webapp/src/bridge_engine.rs index ecd4554..ab5afea 100644 --- a/webapp/src/bridge_engine.rs +++ b/webapp/src/bridge_engine.rs @@ -146,7 +146,7 @@ impl DealInPlay { let player = self.in_progress.next_player(); let player_cards = player.get_cards(&mut self.deal); - debug!( + info!( "Next player is {:?}, playing card {} from {:?}", player, card, player_cards ); @@ -337,7 +337,7 @@ impl FromStr for Raise { static ref RE: Regex = Regex::new(r#"\s*(.[0-9]*)\s*(.*)"#).unwrap(); }; let caps = RE.captures(s).ok_or(anyhow!("invalid raise: {}", s))?; - debug!("caps: {:?}", caps); + info!("caps: {:?}", caps); let level = caps[1].parse()?; let suit = match caps[2].to_ascii_uppercase().as_str() { "NT" => None, |