Ruderverein-Donau-Linz/rowt
1
1
Fork 1
Code Issues 45 Pull Requests Actions Packages Projects Wiki Activity

nx-auth #906

Merged
philipp merged 2 commits from nx-auth into staging 2025-04-16 10:57:36 +02:00
Conversation 0 Commits 2 Files Changed 3 +54 -4
3 changed files with 54 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 2b79df8e42 - Show all commits

1
Cargo.lock generated
View File

@ -2544,6 +2544,7 @@ name = "rot"
version = "0.1.0" version = "0.1.0"
dependencies = [ dependencies = [
"argon2", "argon2",
"base64",
"chrono", "chrono",
"chrono-tz 0.10.3", "chrono-tz 0.10.3",
"csv", "csv",

1
Cargo.toml
View File

@ -29,6 +29,7 @@ job_scheduler_ng = "2.0"
ureq = { version = "3.0", features = ["json"] } ureq = { version = "3.0", features = ["json"] }
regex = "1.10" regex = "1.10"
urlencoding = "2.1" urlencoding = "2.1"
base64 = "0.22"
[target.'cfg(not(windows))'.dependencies] [target.'cfg(not(windows))'.dependencies]
openssl = { version = "0.10", features = [ "vendored" ] } openssl = { version = "0.10", features = [ "vendored" ] }

56
src/tera/mod.rs
View File

@ -9,7 +9,7 @@ use rocket::{
get, get,
http::{Cookie, Status}, http::{Cookie, Status},
post, post,
request::FlashMessage, request::{FlashMessage, FromRequest, Outcome},
response::{Flash, Redirect}, response::{Flash, Redirect},
routes, routes,
time::{Duration, OffsetDateTime}, time::{Duration, OffsetDateTime},
@ -123,9 +123,57 @@ async fn wikiauth(db: &State<SqlitePool>, login: Form<LoginForm<'_>>) -> String
"FAIL".into() "FAIL".into()
} }
#[get("/?<username>&<password>")] struct BasicAuth {
async fn nextcloud_auth(db: &State<SqlitePool>, username: String, password: String) -> Status { username: String,
if let Ok(user) = User::login(db, &username, &password).await { password: String,
}
#[rocket::async_trait]
impl<'r> FromRequest<'r> for BasicAuth {
type Error = ();
async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
// Get the Authorization header
let auth_header = match request.headers().get_one("Authorization") {
Some(h) => h,
None => return Outcome::Failure((Status::Unauthorized, ())),
};
// Check if it's a Basic auth header
if !auth_header.starts_with("Basic ") {
return Outcome::Failure((Status::Unauthorized, ()));
}
// Decode the base64 credentials
let credentials = match BASE64.decode(auth_header[6..].as_bytes()) {
Ok(c) => c,
Err(_) => return Outcome::Failure((Status::Unauthorized, ())),
};
// Convert to UTF-8 string
let credentials_str = match str::from_utf8(&credentials) {
Ok(s) => s,
Err(_) => return Outcome::Failure((Status::Unauthorized, ())),
};
// Split into username and password
let mut parts = credentials_str.splitn(2, ':');
let username = match parts.next() {
Some(u) => u.to_string(),
None => return Outcome::Failure((Status::Unauthorized, ())),
};
let password = match parts.next() {
Some(p) => p.to_string(),
None => return Outcome::Failure((Status::Unauthorized, ())),
};
Outcome::Success(BasicAuth { username, password })
}
}
#[get("/")]
async fn nextcloud_auth(db: &State<SqlitePool>, auth: BasicAuth) -> Status {
if let Ok(user) = User::login(db, &auth.username, &auth.password).await {
if user.has_role(db, "admin").await { if user.has_role(db, "admin").await {
return Status::Ok; return Status::Ok;
} }