From 5a6f60080682454709822328d142d3b0dbebaff7 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 22 Aug 2020 15:38:42 +0200 Subject: [PATCH] Introducing proxy timeout (15s) and attempt to remove basic-auth header from all requests --- src/account.rs | 5 +++++ src/config.rs | 3 ++- src/forward.rs | 11 +++++++++-- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/src/account.rs b/src/account.rs index a130b60..1d518a2 100644 --- a/src/account.rs +++ b/src/account.rs @@ -5,12 +5,14 @@ use rand::rngs::OsRng; use rand::Rng; use rand::RngCore; use regex::Regex; +use std::time::Duration; use crate::templates::get_lang; use crate::config::{ADJ_LIST, NAME_LIST}; use crate::errors::{crash, TrainCrash}; use crate::debug; use crate::CONFIG; +use crate::config::PROXY_TIMEOUT; #[derive(Serialize)] struct NCLoginForm<'a> { @@ -56,6 +58,7 @@ pub async fn create_account( "{}/{}", CONFIG.nextcloud_url, "ocs/v1.php/cloud/users" )) + .timeout(Duration::new(PROXY_TIMEOUT, 0)) .basic_auth(&CONFIG.admin_username, Some(&CONFIG.admin_password)) .header( http::header::CONTENT_TYPE, @@ -134,6 +137,7 @@ pub async fn login( // 1. GET /login let mut login_get = client .get(format!("{}/{}", CONFIG.nextcloud_url, "login")) + .timeout(Duration::new(PROXY_TIMEOUT, 0)) .header("User-Agent", "Actix-web") .send() .await.map_err(|e| { @@ -178,6 +182,7 @@ pub async fn login( // 2. POST /login let mut login_post = client .post(format!("{}/{}", CONFIG.nextcloud_url, "login")) + .timeout(Duration::new(PROXY_TIMEOUT, 0)) .header("User-Agent", "Actix-web"); // include all NC cookies in one cookie (cookie pair) diff --git a/src/config.rs b/src/config.rs index c1878eb..2525e93 100644 --- a/src/config.rs +++ b/src/config.rs @@ -5,7 +5,8 @@ use std::path::Path; use serde_json::Value; // payload limit set to 5MiB -pub const PAYLOAD_LIMIT: usize = 50_000_000; +pub const PAYLOAD_LIMIT: usize = 10_000_000; +pub const PROXY_TIMEOUT: u64 = 15; pub const CONFIG_FILE: &str = "./config.toml"; pub const CONFIG_VERSION: u8 = 1; diff --git a/src/forward.rs b/src/forward.rs index 9bc7816..2000d8c 100644 --- a/src/forward.rs +++ b/src/forward.rs @@ -4,9 +4,11 @@ use askama::Template; use chrono::Utc; use url::Url; use regex::Regex; +use std::time::Duration; use crate::account::*; use crate::config::PAYLOAD_LIMIT; +use crate::config::PROXY_TIMEOUT; use crate::database::methods::InsertableForm; use crate::database::structs::Form; use crate::debug; @@ -53,10 +55,11 @@ pub async fn forward( let mut client_resp = HttpResponse::build(res.status()); // remove connection as per the spec // and content-encoding since we have to decompress the traffic to edit it + // and basic-auth, because this feature is not needed. for (header_name, header_value) in res .headers() .iter() - .filter(|(h, _)| *h != "connection" && *h != "content-encoding") + .filter(|(h, _)| *h != "connection" && *h != "content-encoding" && *h != "authorization") { client_resp.header(header_name.clone(), header_value.clone()); } @@ -252,7 +255,11 @@ fn forge_from( new_url.set_query(req.uri().query()); // insert forwarded header if we can - let forwarded_req = client.request_from(new_url.as_str(), req.head()); + let mut forwarded_req = client.request_from(new_url.as_str(), req.head()) + .timeout(Duration::new(PROXY_TIMEOUT, 0)); + + // attempt to remove basic-auth header + forwarded_req.headers_mut().remove("authorization"); if let Some(addr) = req.head().peer_addr { forwarded_req.header("x-forwarded-for", format!("{}", addr.ip())) } else {