squid/blog
squid/blog
1
2
Fork 0
Code Issues 10 Pull Requests Actions Projects 1 Releases 7 Wiki Activity

BLOG-86 Checking authentication before uploading image #101

Merged
squid merged 5 commits from BLOG-86_image_can_only_be_uploaded_by_logged_in_user into main 2025-08-01 18:26:39 +08:00
Conversation 3 Commits 5 Files Changed 8 +51 -6
8 changed files with 51 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
backend/Cargo.lock generated
View File

@ -1664,6 +1664,7 @@ dependencies = [
"actix-multipart", "actix-multipart",
"actix-web", "actix-web",
"async-trait", "async-trait",
"auth",
"futures", "futures",
"log", "log",
"serde", "serde",

1
backend/feature/auth/src/framework/web.rs
View File

@ -1,3 +1,4 @@
pub mod auth_middleware;
pub mod auth_web_routes; pub mod auth_web_routes;
mod constants; mod constants;

33
backend/feature/auth/src/framework/web/auth_middleware.rs Normal file
View File

@ -0,0 +1,33 @@
use std::future::{self, Ready};
use actix_session::SessionExt;
use actix_web::{Error, FromRequest, HttpRequest, dev::Payload, error::ErrorUnauthorized};
use crate::framework::web::constants::SESSION_KEY_USER_ID;
pub struct UserId(i32);
impl UserId {
pub fn get(&self) -> i32 {
self.0
}
}
impl FromRequest for UserId {
type Error = Error;
type Future = Ready<Result<Self, Self::Error>>;
fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future {
let user_id_result = req.get_session().get::<i32>(SESSION_KEY_USER_ID);
let user_id = match user_id_result {
Ok(id) => id,
_ => return future::ready(Err(ErrorUnauthorized(""))),
};
match user_id {
Some(id) => future::ready(Ok(UserId(id))),
None => future::ready(Err(ErrorUnauthorized(""))),
}
}
}

15
backend/feature/auth/src/framework/web/auth_web_routes.rs
View File

@ -6,8 +6,9 @@ use crate::{
auth_controller::AuthController, oidc_callback_query_dto::OidcCallbackQueryDto, auth_controller::AuthController, oidc_callback_query_dto::OidcCallbackQueryDto,
}, },
application::error::auth_error::AuthError, application::error::auth_error::AuthError,
framework::web::constants::{ framework::web::{
SESSION_KEY_AUTH_NONCE, SESSION_KEY_AUTH_STATE, SESSION_KEY_USER_ID, auth_middleware::UserId,
constants::{SESSION_KEY_AUTH_NONCE, SESSION_KEY_AUTH_STATE, SESSION_KEY_USER_ID},
}, },
}; };
@ -18,6 +19,8 @@ pub fn configure_auth_routes(cfg: &mut web::ServiceConfig) {
.route("/callback", web::get().to(oidc_callback_handler)) .route("/callback", web::get().to(oidc_callback_handler))
.route("/logout", web::get().to(logout_handler)), .route("/logout", web::get().to(logout_handler)),
); );
cfg.service(web::resource("/me").route(web::get().to(get_logged_in_user_handler)));
} }
async fn oidc_login_handler( async fn oidc_login_handler(
@ -92,10 +95,12 @@ async fn oidc_callback_handler(
} }
async fn logout_handler(session: Session) -> impl Responder { async fn logout_handler(session: Session) -> impl Responder {
session.remove(SESSION_KEY_AUTH_STATE); session.clear();
session.remove(SESSION_KEY_AUTH_NONCE);
session.remove(SESSION_KEY_USER_ID);
HttpResponse::Found() HttpResponse::Found()
.append_header((header::LOCATION, "/")) .append_header((header::LOCATION, "/"))
.finish() .finish()
} }
async fn get_logged_in_user_handler(user_id: UserId) -> impl Responder {
HttpResponse::Ok().body(format!("Logged in user ID: {}", user_id.get()))
}

2
backend/feature/image/Cargo.toml
View File

@ -11,3 +11,5 @@ futures.workspace = true
log.workspace = true log.workspace = true
serde.workspace = true serde.workspace = true
sqlx.workspace = true sqlx.workspace = true
auth.workspace = true

2
backend/feature/image/src/framework/web/image_web_routes.rs
View File

@ -1,5 +1,6 @@
use actix_multipart::Multipart; use actix_multipart::Multipart;
use actix_web::{HttpResponse, Responder, web}; use actix_web::{HttpResponse, Responder, web};
use auth::framework::web::auth_middleware::UserId;
use futures::StreamExt; use futures::StreamExt;
use crate::{ use crate::{
@ -18,6 +19,7 @@ pub fn configure_image_routes(cfg: &mut web::ServiceConfig) {
async fn upload_image_handler( async fn upload_image_handler(
image_controller: web::Data<dyn ImageController>, image_controller: web::Data<dyn ImageController>,
mut payload: Multipart, mut payload: Multipart,
_: UserId,
) -> impl Responder { ) -> impl Responder {
let mut image_request_dto: Option<ImageRequestDto> = None; let mut image_request_dto: Option<ImageRequestDto> = None;

2
backend/server/src/configuration/session.rs
View File

@ -20,7 +20,7 @@ impl SessionConfiguration {
let session_key = Key::from(&session_key_bytes); let session_key = Key::from(&session_key_bytes);
let redis_url = let redis_url =
std::env::var("REDIS_URL").unwrap_or_else(|_| "redis://127.0.1:6379".to_string()); std::env::var("REDIS_URL").unwrap_or_else(|_| "redis://127.0.0.1:6379".to_string());
Self { Self {
session_key, session_key,

1
backend/server/src/main.rs
View File

@ -63,6 +63,7 @@ fn create_app(
let container = Container::new(db_pool, http_client, configuration); let container = Container::new(db_pool, http_client, configuration);
App::new() App::new()
// The middlewares are executed in opposite order as registration.
.wrap(session_middleware_builder.build()) .wrap(session_middleware_builder.build())
.app_data(web::Data::from(container.auth_controller)) .app_data(web::Data::from(container.auth_controller))
.app_data(web::Data::from(container.image_controller)) .app_data(web::Data::from(container.image_controller))