Introducing proxy timeout (15s) and attempt to remove basic-auth header from all requests

src/account.rs

@@ -5,12 +5,14 @@ use rand::rngs::OsRng;
 use rand::Rng;
 use rand::RngCore;
 use regex::Regex;
+use std::time::Duration;
 
 use crate::templates::get_lang;
 use crate::config::{ADJ_LIST, NAME_LIST};
 use crate::errors::{crash, TrainCrash};
 use crate::debug;
 use crate::CONFIG;
+use crate::config::PROXY_TIMEOUT;
 
 #[derive(Serialize)]
 struct NCLoginForm<'a> {
@@ -56,6 +58,7 @@ pub async fn create_account(
             "{}/{}",
             CONFIG.nextcloud_url, "ocs/v1.php/cloud/users"
         ))
+        .timeout(Duration::new(PROXY_TIMEOUT, 0))
         .basic_auth(&CONFIG.admin_username, Some(&CONFIG.admin_password))
         .header(
             http::header::CONTENT_TYPE,
@@ -134,6 +137,7 @@ pub async fn login(
     // 1. GET /login
     let mut login_get = client
         .get(format!("{}/{}", CONFIG.nextcloud_url, "login"))
+        .timeout(Duration::new(PROXY_TIMEOUT, 0))
         .header("User-Agent", "Actix-web")
         .send()
         .await.map_err(|e| {
@@ -178,6 +182,7 @@ pub async fn login(
     // 2. POST /login
     let mut login_post = client
         .post(format!("{}/{}", CONFIG.nextcloud_url, "login"))
+        .timeout(Duration::new(PROXY_TIMEOUT, 0))
         .header("User-Agent", "Actix-web");
 
     // include all NC cookies in one cookie (cookie pair)

src/config.rs

@@ -5,7 +5,8 @@ use std::path::Path;
 use serde_json::Value;
 
 // payload limit set to 5MiB
-pub const PAYLOAD_LIMIT: usize = 50_000_000;
+pub const PAYLOAD_LIMIT: usize = 10_000_000;
+pub const PROXY_TIMEOUT: u64 = 15;
 
 pub const CONFIG_FILE: &str = "./config.toml";
 pub const CONFIG_VERSION: u8 = 1;

src/forward.rs

@@ -4,9 +4,11 @@ use askama::Template;
 use chrono::Utc;
 use url::Url;
 use regex::Regex;
+use std::time::Duration;
 
 use crate::account::*;
 use crate::config::PAYLOAD_LIMIT;
+use crate::config::PROXY_TIMEOUT;
 use crate::database::methods::InsertableForm;
 use crate::database::structs::Form;
 use crate::debug;
@@ -53,10 +55,11 @@ pub async fn forward(
     let mut client_resp = HttpResponse::build(res.status());
     // remove connection as per the spec
     // and content-encoding since we have to decompress the traffic to edit it
+    // and basic-auth, because this feature is not needed.
     for (header_name, header_value) in res
         .headers()
             .iter()
-            .filter(|(h, _)| *h != "connection" && *h != "content-encoding")
+            .filter(|(h, _)| *h != "connection" && *h != "content-encoding" && *h != "authorization")
     {
         client_resp.header(header_name.clone(), header_value.clone());
     }
@@ -252,7 +255,11 @@ fn forge_from(
     new_url.set_query(req.uri().query());
 
     // insert forwarded header if we can
-    let forwarded_req = client.request_from(new_url.as_str(), req.head());
+    let mut forwarded_req = client.request_from(new_url.as_str(), req.head())
+        .timeout(Duration::new(PROXY_TIMEOUT, 0));
+
+    // attempt to remove basic-auth header
+    forwarded_req.headers_mut().remove("authorization");
     if let Some(addr) = req.head().peer_addr {
         forwarded_req.header("x-forwarded-for", format!("{}", addr.ip()))
     } else {