mirror of
https://git.42l.fr/neil/sncf.git
synced 2024-05-13 11:16:32 +02:00
Introducing proxy timeout (15s) and attempt to remove basic-auth header from all requests
This commit is contained in:
parent
c61cd417fd
commit
5a6f600806
|
@ -5,12 +5,14 @@ use rand::rngs::OsRng;
|
||||||
use rand::Rng;
|
use rand::Rng;
|
||||||
use rand::RngCore;
|
use rand::RngCore;
|
||||||
use regex::Regex;
|
use regex::Regex;
|
||||||
|
use std::time::Duration;
|
||||||
|
|
||||||
use crate::templates::get_lang;
|
use crate::templates::get_lang;
|
||||||
use crate::config::{ADJ_LIST, NAME_LIST};
|
use crate::config::{ADJ_LIST, NAME_LIST};
|
||||||
use crate::errors::{crash, TrainCrash};
|
use crate::errors::{crash, TrainCrash};
|
||||||
use crate::debug;
|
use crate::debug;
|
||||||
use crate::CONFIG;
|
use crate::CONFIG;
|
||||||
|
use crate::config::PROXY_TIMEOUT;
|
||||||
|
|
||||||
#[derive(Serialize)]
|
#[derive(Serialize)]
|
||||||
struct NCLoginForm<'a> {
|
struct NCLoginForm<'a> {
|
||||||
|
@ -56,6 +58,7 @@ pub async fn create_account(
|
||||||
"{}/{}",
|
"{}/{}",
|
||||||
CONFIG.nextcloud_url, "ocs/v1.php/cloud/users"
|
CONFIG.nextcloud_url, "ocs/v1.php/cloud/users"
|
||||||
))
|
))
|
||||||
|
.timeout(Duration::new(PROXY_TIMEOUT, 0))
|
||||||
.basic_auth(&CONFIG.admin_username, Some(&CONFIG.admin_password))
|
.basic_auth(&CONFIG.admin_username, Some(&CONFIG.admin_password))
|
||||||
.header(
|
.header(
|
||||||
http::header::CONTENT_TYPE,
|
http::header::CONTENT_TYPE,
|
||||||
|
@ -134,6 +137,7 @@ pub async fn login(
|
||||||
// 1. GET /login
|
// 1. GET /login
|
||||||
let mut login_get = client
|
let mut login_get = client
|
||||||
.get(format!("{}/{}", CONFIG.nextcloud_url, "login"))
|
.get(format!("{}/{}", CONFIG.nextcloud_url, "login"))
|
||||||
|
.timeout(Duration::new(PROXY_TIMEOUT, 0))
|
||||||
.header("User-Agent", "Actix-web")
|
.header("User-Agent", "Actix-web")
|
||||||
.send()
|
.send()
|
||||||
.await.map_err(|e| {
|
.await.map_err(|e| {
|
||||||
|
@ -178,6 +182,7 @@ pub async fn login(
|
||||||
// 2. POST /login
|
// 2. POST /login
|
||||||
let mut login_post = client
|
let mut login_post = client
|
||||||
.post(format!("{}/{}", CONFIG.nextcloud_url, "login"))
|
.post(format!("{}/{}", CONFIG.nextcloud_url, "login"))
|
||||||
|
.timeout(Duration::new(PROXY_TIMEOUT, 0))
|
||||||
.header("User-Agent", "Actix-web");
|
.header("User-Agent", "Actix-web");
|
||||||
|
|
||||||
// include all NC cookies in one cookie (cookie pair)
|
// include all NC cookies in one cookie (cookie pair)
|
||||||
|
|
|
@ -5,7 +5,8 @@ use std::path::Path;
|
||||||
use serde_json::Value;
|
use serde_json::Value;
|
||||||
|
|
||||||
// payload limit set to 5MiB
|
// payload limit set to 5MiB
|
||||||
pub const PAYLOAD_LIMIT: usize = 50_000_000;
|
pub const PAYLOAD_LIMIT: usize = 10_000_000;
|
||||||
|
pub const PROXY_TIMEOUT: u64 = 15;
|
||||||
|
|
||||||
pub const CONFIG_FILE: &str = "./config.toml";
|
pub const CONFIG_FILE: &str = "./config.toml";
|
||||||
pub const CONFIG_VERSION: u8 = 1;
|
pub const CONFIG_VERSION: u8 = 1;
|
||||||
|
|
|
@ -4,9 +4,11 @@ use askama::Template;
|
||||||
use chrono::Utc;
|
use chrono::Utc;
|
||||||
use url::Url;
|
use url::Url;
|
||||||
use regex::Regex;
|
use regex::Regex;
|
||||||
|
use std::time::Duration;
|
||||||
|
|
||||||
use crate::account::*;
|
use crate::account::*;
|
||||||
use crate::config::PAYLOAD_LIMIT;
|
use crate::config::PAYLOAD_LIMIT;
|
||||||
|
use crate::config::PROXY_TIMEOUT;
|
||||||
use crate::database::methods::InsertableForm;
|
use crate::database::methods::InsertableForm;
|
||||||
use crate::database::structs::Form;
|
use crate::database::structs::Form;
|
||||||
use crate::debug;
|
use crate::debug;
|
||||||
|
@ -53,10 +55,11 @@ pub async fn forward(
|
||||||
let mut client_resp = HttpResponse::build(res.status());
|
let mut client_resp = HttpResponse::build(res.status());
|
||||||
// remove connection as per the spec
|
// remove connection as per the spec
|
||||||
// and content-encoding since we have to decompress the traffic to edit it
|
// and content-encoding since we have to decompress the traffic to edit it
|
||||||
|
// and basic-auth, because this feature is not needed.
|
||||||
for (header_name, header_value) in res
|
for (header_name, header_value) in res
|
||||||
.headers()
|
.headers()
|
||||||
.iter()
|
.iter()
|
||||||
.filter(|(h, _)| *h != "connection" && *h != "content-encoding")
|
.filter(|(h, _)| *h != "connection" && *h != "content-encoding" && *h != "authorization")
|
||||||
{
|
{
|
||||||
client_resp.header(header_name.clone(), header_value.clone());
|
client_resp.header(header_name.clone(), header_value.clone());
|
||||||
}
|
}
|
||||||
|
@ -252,7 +255,11 @@ fn forge_from(
|
||||||
new_url.set_query(req.uri().query());
|
new_url.set_query(req.uri().query());
|
||||||
|
|
||||||
// insert forwarded header if we can
|
// insert forwarded header if we can
|
||||||
let forwarded_req = client.request_from(new_url.as_str(), req.head());
|
let mut forwarded_req = client.request_from(new_url.as_str(), req.head())
|
||||||
|
.timeout(Duration::new(PROXY_TIMEOUT, 0));
|
||||||
|
|
||||||
|
// attempt to remove basic-auth header
|
||||||
|
forwarded_req.headers_mut().remove("authorization");
|
||||||
if let Some(addr) = req.head().peer_addr {
|
if let Some(addr) = req.head().peer_addr {
|
||||||
forwarded_req.header("x-forwarded-for", format!("{}", addr.ip()))
|
forwarded_req.header("x-forwarded-for", format!("{}", addr.ip()))
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in a new issue