diff options
| author | mia <mia@mia.jetzt> | 2024-04-16 19:05:41 -0700 |
|---|---|---|
| committer | mia <mia@mia.jetzt> | 2024-04-16 19:05:41 -0700 |
| commit | 796b2cafc798a7faa80a007002831a4c40635fe8 (patch) | |
| tree | d8e68590524f4adab7ff8ff6e2cb3dfbb0c64b37 /src/server/nginx_check.rs | |
| download | dissociate-796b2cafc798a7faa80a007002831a4c40635fe8.tar.gz dissociate-796b2cafc798a7faa80a007002831a4c40635fe8.zip | |
initial commit v0.1.0
Diffstat (limited to 'src/server/nginx_check.rs')
| -rw-r--r-- | src/server/nginx_check.rs | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/server/nginx_check.rs b/src/server/nginx_check.rs new file mode 100644 index 0000000..7b67f26 --- /dev/null +++ b/src/server/nginx_check.rs @@ -0,0 +1,41 @@ +// for ngx_http_auth_request_module authentication +// make sure you have cookie_domain set properly +// depends on https://git.mia.jetzt/sysconf/tree/patches/nginx_auth_redirect.patch + +use axum::{ + extract::{Path, State}, + http::StatusCode, + response::{IntoResponse, Redirect, Response}, + routing::get, + Router, +}; +use axum_extra::extract::CookieJar; + +use crate::server::{account_auth, store::Store}; + +use super::{ApiState, WebBase}; + +pub fn bind(app: Router<ApiState>) -> Router<ApiState> { + app.route("/nginx_check/:scope", get(nginx_check)) +} + +#[axum::debug_handler(state = ApiState)] +async fn nginx_check( + jar: CookieJar, + Path(scope): Path<String>, + State(store): State<Store>, + State(WebBase(web_base)): State<WebBase>, +) -> Response { + let nevermind = || Redirect::to(&format!("{web_base}/logout")).into_response(); + let Some(name) = account_auth(&jar, &store).await else { + return nevermind(); + }; + let Some(account) = store.get_account(&name).await else { + return nevermind(); + }; + if account.scopes.contains(&scope) { + StatusCode::OK.into_response() + } else { + StatusCode::FORBIDDEN.into_response() + } +} |