diff --git a/Cargo.lock b/Cargo.lock index 87b537173..0828aaa6b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -314,6 +314,21 @@ dependencies = [ "syn 1.0.103", ] +[[package]] +name = "actix-web-httpauth" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d613edf08a42ccc6864c941d30fe14e1b676a77d16f1dbadc1174d065a0a775" +dependencies = [ + "actix-utils", + "actix-web", + "base64 0.21.2", + "futures-core", + "futures-util", + "log", + "pin-project-lite", +] + [[package]] name = "actix-web-prom" version = "0.6.0" @@ -2867,6 +2882,7 @@ dependencies = [ "activitypub_federation", "actix-cors", "actix-web", + "actix-web-httpauth", "actix-web-prom", "chrono", "clap", diff --git a/Cargo.toml b/Cargo.toml index f0c987121..af7ceb407 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -168,4 +168,5 @@ prometheus = { version = "0.13.3", features = ["process"], optional = true } actix-web-prom = { version = "0.6.0", optional = true } serial_test = { workspace = true } clap = { version = "4.3.19", features = ["derive"] } +actix-web-httpauth = "0.8.1" lemmy_federate = { version = "0.18.4", path = "crates/federate" } diff --git a/api_tests/src/comment.spec.ts b/api_tests/src/comment.spec.ts index 6ced2bf33..871545971 100644 --- a/api_tests/src/comment.spec.ts +++ b/api_tests/src/comment.spec.ts @@ -229,7 +229,7 @@ test.skip("Remove a comment from admin and community on the same instance", asyn test("Remove a comment from admin and community on different instance", async () => { let alpha_user = await registerUser(alpha); let newAlphaApi = new LemmyHttp(alphaUrl, { - headers: { auth: alpha_user.jwt ?? "" }, + headers: { Authorization: `Bearer ${alpha_user.jwt ?? ""}` }, }); // New alpha user creates a community, post, and comment. diff --git a/api_tests/src/community.spec.ts b/api_tests/src/community.spec.ts index b81dd900c..18b56c152 100644 --- a/api_tests/src/community.spec.ts +++ b/api_tests/src/community.spec.ts @@ -252,7 +252,7 @@ test("moderator view", async () => { // register a new user with their own community on alpha and post to it let registerUserRes = await registerUser(alpha); let otherUser = new LemmyHttp(alphaUrl, { - headers: { auth: registerUserRes.jwt ?? "" }, + headers: { Authorization: `Bearer ${registerUserRes.jwt ?? ""}` }, }); let otherCommunity = (await createCommunity(otherUser)).community_view; diff --git a/api_tests/src/post.spec.ts b/api_tests/src/post.spec.ts index 51a10293b..ff792bb26 100644 --- a/api_tests/src/post.spec.ts +++ b/api_tests/src/post.spec.ts @@ -382,7 +382,7 @@ test("Enforce site ban for federated user", async () => { let alphaUserJwt = await registerUser(alpha); expect(alphaUserJwt).toBeDefined(); let alpha_user = new LemmyHttp(alphaUrl, { - headers: { auth: alphaUserJwt.jwt ?? "" }, + headers: { Authorization: `Bearer ${alphaUserJwt.jwt ?? ""}` }, }); let alphaUserActorId = (await getSite(alpha_user)).my_user?.local_user_view .person.actor_id; diff --git a/api_tests/src/shared.ts b/api_tests/src/shared.ts index a1868f8f2..f145e4c6f 100644 --- a/api_tests/src/shared.ts +++ b/api_tests/src/shared.ts @@ -124,11 +124,11 @@ export async function setupLogins() { resDelta, resEpsilon, ]); - alpha.setHeaders({ auth: res[0].jwt ?? "" }); - beta.setHeaders({ auth: res[1].jwt ?? "" }); - gamma.setHeaders({ auth: res[2].jwt ?? "" }); - delta.setHeaders({ auth: res[3].jwt ?? "" }); - epsilon.setHeaders({ auth: res[4].jwt ?? "" }); + alpha.setHeaders({ Authorization: `Bearer ${res[0].jwt ?? ""}` }); + beta.setHeaders({ Authorization: `Bearer ${res[1].jwt ?? ""}` }); + gamma.setHeaders({ Authorization: `Bearer ${res[2].jwt ?? ""}` }); + delta.setHeaders({ Authorization: `Bearer ${res[3].jwt ?? ""}` }); + epsilon.setHeaders({ Authorization: `Bearer ${res[4].jwt ?? ""}` }); // Registration applications are now enabled by default, need to disable them let editSiteForm: EditSite = { diff --git a/api_tests/src/user.spec.ts b/api_tests/src/user.spec.ts index e679e8053..db36494d7 100644 --- a/api_tests/src/user.spec.ts +++ b/api_tests/src/user.spec.ts @@ -41,7 +41,7 @@ test("Create user", async () => { let userRes = await registerUser(alpha); expect(userRes.jwt).toBeDefined(); let user = new LemmyHttp(alphaUrl, { - headers: { auth: userRes.jwt ?? "" }, + headers: { Authorization: `Bearer ${userRes.jwt ?? ""}` }, }); let site = await getSite(user); @@ -63,7 +63,7 @@ test("Delete user", async () => { let userRes = await registerUser(alpha); expect(userRes.jwt).toBeDefined(); let user = new LemmyHttp(alphaUrl, { - headers: { auth: userRes.jwt ?? "" }, + headers: { Authorization: `Bearer ${userRes.jwt ?? ""}` }, }); // make a local post and comment @@ -109,7 +109,7 @@ test("Delete user", async () => { test("Requests with invalid auth should be treated as unauthenticated", async () => { let invalid_auth = new LemmyHttp(alphaUrl, { - headers: { auth: "" }, + headers: { Authorization: "Bearer foobar" }, }); let site = await getSite(invalid_auth); expect(site.my_user).toBeUndefined(); diff --git a/crates/utils/translations b/crates/utils/translations index 839f1097d..de9de2c53 160000 --- a/crates/utils/translations +++ b/crates/utils/translations @@ -1 +1 @@ -Subproject commit 839f1097d07ba9d730e31f58c892de491442e490 +Subproject commit de9de2c53bee034d3824ecaa9a2104f8f341332e diff --git a/src/session_middleware.rs b/src/session_middleware.rs index c48f6f1c7..218ed863e 100644 --- a/src/session_middleware.rs +++ b/src/session_middleware.rs @@ -2,10 +2,11 @@ use actix_web::{ body::MessageBody, cookie::SameSite, dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform}, - http::header::CACHE_CONTROL, + http::header::{Header, CACHE_CONTROL}, Error, HttpMessage, }; +use actix_web_httpauth::headers::authorization::{Authorization, Bearer}; use chrono::{DateTime, Utc}; use core::future::Ready; use futures_util::future::LocalBoxFuture; @@ -76,13 +77,9 @@ where let context = self.context.clone(); Box::pin(async move { - // Try reading jwt from auth header - let auth_header = req - .headers() - .get(AUTH_COOKIE_NAME) - .and_then(|h| h.to_str().ok()); + let auth_header = Authorization::::parse(&req).ok(); let jwt = if let Some(a) = auth_header { - Some(a.to_string()) + Some(a.as_ref().token().to_string()) } // If that fails, try auth cookie. Dont use the `jwt` cookie from lemmy-ui because // its not http-only.