ab/furumi-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed UI
All checks were successful
Build and Publish Deb Package / build-deb (push) Successful in 47s
Details
Publish Server Image / build-and-push-image (push) Successful in 2m19s
Details

Browse Source
This commit is contained in:
Ultradesu
2026-03-17 15:17:30 +00:00
parent 754097f894
commit cbc5639f99
9 changed files with 90 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
furumi-server/src/web/auth.rs
View File

@@ -31,14 +31,14 @@ pub fn token_hash(token: &str) -> String {
format!("{:x}", h.finalize())
}
/// axum middleware: if token is configured, requires a valid session cookie.
pub async fn require_auth(
State(state): State<WebState>,
req: Request,
mut req: Request,
next: Next,
) -> Response {
// Auth disabled when token is empty
if state.token.is_empty() {
req.extensions_mut().insert(super::AuthUserInfo("Unauthenticated".to_string()));
return next.run(req).await;
}
@@ -49,23 +49,24 @@ pub async fn require_auth(
.unwrap_or("");
let expected = token_hash(&state.token);
let mut authed = false;
let mut authed_user = None;
for c in cookies.split(';') {
let c = c.trim();
if let Some(val) = c.strip_prefix(&format!("{}=", SESSION_COOKIE)) {
if val == expected {
authed = true;
authed_user = Some("Master Token".to_string());
break;
} else if let Some(oidc) = &state.oidc {
if verify_sso_cookie(&oidc.session_secret, val) {
authed = true;
if let Some(user) = verify_sso_cookie(&oidc.session_secret, val) {
authed_user = Some(user);
break;
}
}
}
}
if authed {
if let Some(user) = authed_user {
req.extensions_mut().insert(super::AuthUserInfo(user));
next.run(req).await
} else {
let uri = req.uri().path();
@@ -86,10 +87,10 @@ pub fn generate_sso_cookie(secret: &[u8], user_id: &str) -> String {
format!("sso:{}:{}", user_id, sig)
}
pub fn verify_sso_cookie(secret: &[u8], cookie_val: &str) -> bool {
pub fn verify_sso_cookie(secret: &[u8], cookie_val: &str) -> Option<String> {
let parts: Vec<&str> = cookie_val.split(':').collect();
if parts.len() != 3 || parts[0] != "sso" {
return false;
return None;
}
let user_id = parts[1];
let sig = parts[2];
@@ -98,7 +99,11 @@ pub fn verify_sso_cookie(secret: &[u8], cookie_val: &str) -> bool {
mac.update(user_id.as_bytes());
let expected_sig = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(mac.finalize().into_bytes());
sig == expected_sig
if sig == expected_sig {
Some(user_id.to_string())
} else {
None
}
}
/// GET /login — show login form.