Only trust the X-Identity header when it is specified on the command line
This commit is contained in:
Magnus Hoff
parent
c85715c969
commit
d22ac6ef84
3 changed files with 23 additions and 8 deletions
|
|
@ -25,11 +25,14 @@ is built like other Rust projects, with `cargo build`.
|
|||
Command line arguments
|
||||
----------------------
|
||||
USAGE:
|
||||
sausagewiki [OPTIONS] <DATABASE>
|
||||
sausagewiki [FLAGS] [OPTIONS] <DATABASE>
|
||||
|
||||
FLAGS:
|
||||
-h, --help Prints help information
|
||||
-V, --version Prints version information
|
||||
-h, --help Prints help information
|
||||
--trust_identity Trust the value in the X-Identity header to be an authenticated username.
|
||||
This only makes sense when Sausagewiki runs behind a reverse proxy which
|
||||
sets this header.
|
||||
-V, --version Prints version information
|
||||
|
||||
OPTIONS:
|
||||
-p, --port <port> Sets the listening port
|
||||
|
|
|
|||
|
|
@ -52,6 +52,11 @@ fn args<'a>() -> clap::ArgMatches<'a> {
|
|||
Err(_) => Err("Must be an integer in the range [0, 65535]".to_owned())
|
||||
})
|
||||
.takes_value(true))
|
||||
.arg(Arg::with_name("trust_identity")
|
||||
.help("Trust the value in the X-Identity header to be an \
|
||||
authenticated username. This only makes sense when Sausagewiki \
|
||||
runs behind a reverse proxy which sets this header.")
|
||||
.long("trust_identity"))
|
||||
.get_matches()
|
||||
}
|
||||
|
||||
|
|
@ -64,6 +69,8 @@ fn core_main() -> Result<(), Box<std::error::Error>> {
|
|||
.map(|p| p.parse().expect("Guaranteed by validator"))
|
||||
.unwrap_or(8080);
|
||||
|
||||
let trust_identity = args.is_present("trust_identity");
|
||||
|
||||
let db_pool = db::create_pool(db_file)?;
|
||||
let cpu_pool = futures_cpupool::CpuPool::new_num_cpus();
|
||||
|
||||
|
|
@ -74,7 +81,7 @@ fn core_main() -> Result<(), Box<std::error::Error>> {
|
|||
hyper::server::Http::new()
|
||||
.bind(
|
||||
&SocketAddr::new(bind_host, bind_port),
|
||||
move || Ok(site::Site::new(lookup.clone()))
|
||||
move || Ok(site::Site::new(lookup.clone(), trust_identity))
|
||||
)?;
|
||||
|
||||
println!("Listening on http://{}", server.local_addr().unwrap());
|
||||
|
|
|
|||
13
src/site.rs
13
src/site.rs
|
|
@ -17,6 +17,8 @@ lazy_static! {
|
|||
static ref TEXT_HTML: mime::Mime = "text/html;charset=utf-8".parse().unwrap();
|
||||
}
|
||||
|
||||
header! { (XIdentity, "X-Identity") => [String] }
|
||||
|
||||
#[derive(BartDisplay)]
|
||||
#[template = "templates/layout.html"]
|
||||
pub struct Layout<'a, T: 'a + fmt::Display> {
|
||||
|
|
@ -36,11 +38,12 @@ struct InternalServerError;
|
|||
|
||||
pub struct Site {
|
||||
root: WikiLookup,
|
||||
trust_identity: bool,
|
||||
}
|
||||
|
||||
impl Site {
|
||||
pub fn new(root: WikiLookup) -> Site {
|
||||
Site { root }
|
||||
pub fn new(root: WikiLookup, trust_identity: bool) -> Site {
|
||||
Site { root, trust_identity }
|
||||
}
|
||||
|
||||
fn not_found(base: Option<&str>) -> Response {
|
||||
|
|
@ -91,8 +94,10 @@ impl Service for Site {
|
|||
|
||||
println!("{} {}", method, uri);
|
||||
|
||||
header! { (XIdentity, "X-Identity") => [String] }
|
||||
let identity: Option<String> = headers.get().map(|x: &XIdentity| x.to_string());
|
||||
let identity: Option<String> = match self.trust_identity {
|
||||
true => headers.get().map(|x: &XIdentity| x.to_string()),
|
||||
false => None,
|
||||
};
|
||||
|
||||
let base = root_base_from_request_uri(uri.path());
|
||||
let base2 = base.clone(); // Bah, stupid clone
|
||||
|
|
|
|||
Loading…
Reference in a new issue