feat: add auth

2025-12-26 00:19:25 +01:00
parent c07d6072fd
commit 85a02076f6
8 changed files with 73 additions and 5 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -208,6 +208,21 @@ dependencies = [
 "syn",
 ]

+[[package]]
+name = "actix-web-httpauth"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "456348ed9dcd72a13a1f4a660449fafdecee9ac8205552e286809eb5b0b29bd3"
+dependencies = [
+ "actix-utils",
+ "actix-web",
+ "base64",
+ "futures-core",
+ "futures-util",
+ "log",
+ "pin-project-lite",
+]
+
 [[package]]
 name = "adler2"
 version = "2.0.1"
@@ -498,7 +513,10 @@ version = "0.1.0"
 dependencies = [
 "actix-files",
 "actix-web",
+ "actix-web-httpauth",
 "chrono",
+ "dotenv",
+ "futures-util",
 "quartz",
 "reqwest",
 "scp_core",
@@ -575,6 +593,12 @@ dependencies = [
 "syn",
 ]

+[[package]]
+name = "dotenv"
+version = "0.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77c90badedccf4105eca100756a0b1289e191f6fcbdadd3cee1d2f614f97da8f"
+
 [[package]]
 name = "dotenvy"
 version = "0.15.7"
@@ -750,6 +774,17 @@ version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6"

+[[package]]
+name = "futures-macro"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "futures-sink"
 version = "0.3.31"
@@ -770,6 +805,7 @@ checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81"
 dependencies = [
 "futures-core",
 "futures-io",
+ "futures-macro",
 "futures-sink",
 "futures-task",
 "memchr",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -6,7 +6,10 @@ edition = "2024"
 [dependencies]
 actix-files = "0.6.9"
 actix-web = "4.12.1"
+actix-web-httpauth = "0.8.2"
 chrono = "0.4.42"
+dotenv = "0.15.0"
+futures-util = "0.3.31"
 quartz = "0.0.4"
 reqwest = "0.12.28"
 scp_core = { path = "./scp_core" }
--- a/frontend/src/components/app-sidebar.tsx
+++ b/frontend/src/components/app-sidebar.tsx
@@ -4,7 +4,6 @@ import {
  IconDashboard,
  IconFileAi,
  IconFileDescription,
-  IconInnerShadowTop,
  IconServer,
 } from "@tabler/icons-react";

--- a/frontend/src/components/nav-main.tsx
+++ b/frontend/src/components/nav-main.tsx
@@ -1,6 +1,5 @@
-import { IconCirclePlusFilled, IconMail, type Icon } from "@tabler/icons-react";
+import { type Icon } from "@tabler/icons-react";

-import { Button } from "@/components/ui/button";
 import {
  SidebarGroup,
  SidebarGroupContent,
--- a/frontend/src/routes/server_list.tsx
+++ b/frontend/src/routes/server_list.tsx
@@ -2,7 +2,6 @@ import { Card } from "@/components/ui/card";
 import {
  Table,
  TableBody,
-  TableCaption,
  TableCell,
  TableFooter,
  TableHead,
--- a/src/helper.rs
+++ b/src/helper.rs
@@ -21,7 +21,6 @@ pub async fn get_access_token() -> Result<String, Box<dyn Error>> {
        .fetch_one(&pool)
        .await?;

-    dbg!(&tok);
    Ok(tok.token)
 }

--- a/src/main.rs
+++ b/src/main.rs
@@ -2,6 +2,7 @@ use std::env;

 use actix_files::Files;
 use actix_web::{App, HttpResponse, HttpServer, Responder, get, web};
+use actix_web_httpauth::middleware::HttpAuthentication;
 use scp_core::apis::configuration::Configuration;
 use scp_core::apis::default_api;

@@ -11,6 +12,7 @@ mod helper;
 mod jobs;
 mod models;
 mod servers;
+mod validator;

 #[get("/api/hello")]
 async fn hello() -> impl Responder {
@@ -31,6 +33,7 @@ async fn ping_netcup() -> impl Responder {

 #[actix_web::main]
 async fn main() -> std::io::Result<()> {
+    dotenv::dotenv().ok();
    let port = env::var("PORT")
        .unwrap_or_else(|_| "8080".to_string())
        .parse::<u16>()
@@ -43,6 +46,7 @@ async fn main() -> std::io::Result<()> {

    let res = HttpServer::new(|| {
        App::new()
+            .wrap(HttpAuthentication::basic(validator::basic_validator))
            .service(hello)
            .service(ping_netcup)
            .service(auth::is_scp_logged_in)
--- a/src/validator.rs
+++ b/src/validator.rs
@@ -0,0 +1,29 @@
+use std::env;
+
+use actix_web::{Error, dev::ServiceRequest};
+use actix_web_httpauth::extractors::{
+    AuthenticationError,
+    basic::{BasicAuth, Config},
+};
+use futures_util::future::{Ready, ready};
+
+pub fn basic_validator(
+    req: ServiceRequest,
+    creds: BasicAuth,
+) -> Ready<Result<ServiceRequest, (Error, ServiceRequest)>> {
+    let username = env::var("BASIC_USERNAME").expect("BASIC_USERNAME not set");
+    let password = env::var("BASIC_PASSWORD").expect("BASIC_PASSWORD not set");
+
+    let user_ok = creds.user_id() == username;
+    let pass_ok = creds.password().map(|p| p == password).unwrap_or(false);
+
+    if user_ok && pass_ok {
+        ready(Ok(req))
+    } else {
+        let mut config = Config::default();
+        config = config.realm("Restricted");
+
+        let err = AuthenticationError::from(config);
+        ready(Err((err.into(), req)))
+    }
+}