mirror of
https://git.42l.fr/neil/sncf.git
synced 2024-05-23 10:52:14 +02:00
Introducing proxy timeout (15s) and attempt to remove basic-auth header from all requests
This commit is contained in:
parent
c61cd417fd
commit
5a6f600806
|
@ -5,12 +5,14 @@ use rand::rngs::OsRng;
|
|||
use rand::Rng;
|
||||
use rand::RngCore;
|
||||
use regex::Regex;
|
||||
use std::time::Duration;
|
||||
|
||||
use crate::templates::get_lang;
|
||||
use crate::config::{ADJ_LIST, NAME_LIST};
|
||||
use crate::errors::{crash, TrainCrash};
|
||||
use crate::debug;
|
||||
use crate::CONFIG;
|
||||
use crate::config::PROXY_TIMEOUT;
|
||||
|
||||
#[derive(Serialize)]
|
||||
struct NCLoginForm<'a> {
|
||||
|
@ -56,6 +58,7 @@ pub async fn create_account(
|
|||
"{}/{}",
|
||||
CONFIG.nextcloud_url, "ocs/v1.php/cloud/users"
|
||||
))
|
||||
.timeout(Duration::new(PROXY_TIMEOUT, 0))
|
||||
.basic_auth(&CONFIG.admin_username, Some(&CONFIG.admin_password))
|
||||
.header(
|
||||
http::header::CONTENT_TYPE,
|
||||
|
@ -134,6 +137,7 @@ pub async fn login(
|
|||
// 1. GET /login
|
||||
let mut login_get = client
|
||||
.get(format!("{}/{}", CONFIG.nextcloud_url, "login"))
|
||||
.timeout(Duration::new(PROXY_TIMEOUT, 0))
|
||||
.header("User-Agent", "Actix-web")
|
||||
.send()
|
||||
.await.map_err(|e| {
|
||||
|
@ -178,6 +182,7 @@ pub async fn login(
|
|||
// 2. POST /login
|
||||
let mut login_post = client
|
||||
.post(format!("{}/{}", CONFIG.nextcloud_url, "login"))
|
||||
.timeout(Duration::new(PROXY_TIMEOUT, 0))
|
||||
.header("User-Agent", "Actix-web");
|
||||
|
||||
// include all NC cookies in one cookie (cookie pair)
|
||||
|
|
|
@ -5,7 +5,8 @@ use std::path::Path;
|
|||
use serde_json::Value;
|
||||
|
||||
// payload limit set to 5MiB
|
||||
pub const PAYLOAD_LIMIT: usize = 50_000_000;
|
||||
pub const PAYLOAD_LIMIT: usize = 10_000_000;
|
||||
pub const PROXY_TIMEOUT: u64 = 15;
|
||||
|
||||
pub const CONFIG_FILE: &str = "./config.toml";
|
||||
pub const CONFIG_VERSION: u8 = 1;
|
||||
|
|
|
@ -4,9 +4,11 @@ use askama::Template;
|
|||
use chrono::Utc;
|
||||
use url::Url;
|
||||
use regex::Regex;
|
||||
use std::time::Duration;
|
||||
|
||||
use crate::account::*;
|
||||
use crate::config::PAYLOAD_LIMIT;
|
||||
use crate::config::PROXY_TIMEOUT;
|
||||
use crate::database::methods::InsertableForm;
|
||||
use crate::database::structs::Form;
|
||||
use crate::debug;
|
||||
|
@ -53,10 +55,11 @@ pub async fn forward(
|
|||
let mut client_resp = HttpResponse::build(res.status());
|
||||
// remove connection as per the spec
|
||||
// and content-encoding since we have to decompress the traffic to edit it
|
||||
// and basic-auth, because this feature is not needed.
|
||||
for (header_name, header_value) in res
|
||||
.headers()
|
||||
.iter()
|
||||
.filter(|(h, _)| *h != "connection" && *h != "content-encoding")
|
||||
.filter(|(h, _)| *h != "connection" && *h != "content-encoding" && *h != "authorization")
|
||||
{
|
||||
client_resp.header(header_name.clone(), header_value.clone());
|
||||
}
|
||||
|
@ -252,7 +255,11 @@ fn forge_from(
|
|||
new_url.set_query(req.uri().query());
|
||||
|
||||
// insert forwarded header if we can
|
||||
let forwarded_req = client.request_from(new_url.as_str(), req.head());
|
||||
let mut forwarded_req = client.request_from(new_url.as_str(), req.head())
|
||||
.timeout(Duration::new(PROXY_TIMEOUT, 0));
|
||||
|
||||
// attempt to remove basic-auth header
|
||||
forwarded_req.headers_mut().remove("authorization");
|
||||
if let Some(addr) = req.head().peer_addr {
|
||||
forwarded_req.header("x-forwarded-for", format!("{}", addr.ip()))
|
||||
} else {
|
||||
|
|
Loading…
Reference in a new issue