FFS: Did everything to finally test the api w/o CORS/blocked cookies

2 years ago · e535e868e3
parent 8189cc0ef2
commit e535e868e3
5 changed files with 163 additions and 13 deletions
--- a/rust_solid_cassandra/backend/Cargo.lock
+++ b/rust_solid_cassandra/backend/Cargo.lock
@ -19,6 +19,21 @@ dependencies = [
 "tokio-util",
 ]

+[[package]]
+name = "actix-cors"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b340e9cfa5b08690aae90fb61beb44e9b06f44fe3d0f93781aaa58cfba86245e"
+dependencies = [
+ "actix-utils",
+ "actix-web",
+ "derive_more",
+ "futures-util",
+ "log",
+ "once_cell",
+ "smallvec",
+]
+
 [[package]]
 name = "actix-http"
 version = "3.2.2"
@ -28,6 +43,7 @@ dependencies = [
 "actix-codec",
 "actix-rt",
 "actix-service",
+ "actix-tls",
 "actix-utils",
 "ahash",
 "base64",
@ -151,6 +167,24 @@ dependencies = [
 "tracing",
 ]

+[[package]]
+name = "actix-tls"
+version = "3.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9fde0cf292f7cdc7f070803cb9a0d45c018441321a78b1042ffbbb81ec333297"
+dependencies = [
+ "actix-codec",
+ "actix-rt",
+ "actix-service",
+ "actix-utils",
+ "futures-core",
+ "log",
+ "openssl",
+ "pin-project-lite",
+ "tokio-openssl",
+ "tokio-util",
+]
+
 [[package]]
 name = "actix-utils"
 version = "3.0.1"
@ -174,6 +208,7 @@ dependencies = [
 "actix-rt",
 "actix-server",
 "actix-service",
+ "actix-tls",
 "actix-utils",
 "actix-web-codegen",
 "ahash",
@ -337,12 +372,14 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
 name = "backend"
 version = "0.1.0"
 dependencies = [
+ "actix-cors",
 "actix-identity",
 "actix-session",
 "actix-web",
 "cassandra-cpp",
 "env_logger",
 "log",
+ "openssl",
 "serde",
 "serde_json",
 "uuid",
@ -600,6 +637,21 @@ version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"

+[[package]]
+name = "foreign-types"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
+dependencies = [
+ "foreign-types-shared",
+]
+
+[[package]]
+name = "foreign-types-shared"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
+
 [[package]]
 name = "form_urlencoded"
 version = "1.1.0"
@ -914,6 +966,45 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"

+[[package]]
+name = "openssl"
+version = "0.10.42"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "12fc0523e3bd51a692c8850d075d74dc062ccf251c0110668cbd921917118a13"
+dependencies = [
+ "bitflags",
+ "cfg-if",
+ "foreign-types",
+ "libc",
+ "once_cell",
+ "openssl-macros",
+ "openssl-sys",
+]
+
+[[package]]
+name = "openssl-macros"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "openssl-sys"
+version = "0.9.77"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b03b84c3b2d099b81f0953422b4d4ad58761589d0229b5506356afca05a3670a"
+dependencies = [
+ "autocfg",
+ "cc",
+ "libc",
+ "pkg-config",
+ "vcpkg",
+]
+
 [[package]]
 name = "parking_lot"
 version = "0.12.1"
@ -961,6 +1052,12 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"

+[[package]]
+name = "pkg-config"
+version = "0.3.26"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160"
+
 [[package]]
 name = "polyval"
 version = "0.6.0"
@ -1277,6 +1374,18 @@ dependencies = [
 "winapi",
 ]

+[[package]]
+name = "tokio-openssl"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c08f9ffb7809f1b20c1b398d92acf4cc719874b3b2b2d9ea2f09b4a80350878a"
+dependencies = [
+ "futures-util",
+ "openssl",
+ "openssl-sys",
+ "tokio",
+]
+
 [[package]]
 name = "tokio-util"
 version = "0.7.4"
@ -1383,6 +1492,12 @@ dependencies = [
 "syn",
 ]

+[[package]]
+name = "vcpkg"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
+
 [[package]]
 name = "version_check"
 version = "0.9.4"
--- a/rust_solid_cassandra/backend/Cargo.toml
+++ b/rust_solid_cassandra/backend/Cargo.toml
@ -6,12 +6,14 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

 [dependencies]
-actix-web = "4" # Webserver itself
+actix-web = { version = "4", features = ["openssl"] } # Webserver itself
 actix-session = { version = "0.7", features = ["cookie-session"] } # Session middleware
 actix-identity = "0.5.2"
+actix-cors = "0.6.4"
 env_logger = "0.9" # Logger itself
 log = "0.4" # Lightweight logging facade (Logging API)
 uuid = { version = "1.2.2", features = ["v4", "fast-rng", "macro-diagnostics", "serde"]}
 cassandra-cpp = "1.2"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
+openssl = { version = "0.10.42", features = ["v110"] }
--- a/rust_solid_cassandra/backend/shell.nix
+++ b/rust_solid_cassandra/backend/shell.nix
@ -3,6 +3,6 @@
 pkgs.mkShell {
  buildInputs = with pkgs; [
    cassandra-cpp-driver
-    zlib libuv openssl.dev
+    zlib libuv openssl.dev pkg-config
  ];
 }
--- a/rust_solid_cassandra/backend/src/main.rs
+++ b/rust_solid_cassandra/backend/src/main.rs
@ -1,9 +1,6 @@
-use std::{
-    env, io,
-    net::{SocketAddrV4},
-    sync::Arc,
-};
+use std::{env, io, net::SocketAddrV4, sync::Arc};

+use actix_cors::Cors;
 use actix_identity::IdentityMiddleware;
 use actix_session::{config::PersistentSession, storage::CookieSessionStore, SessionMiddleware};
 use actix_web::{
@ -18,6 +15,7 @@ mod model;
 use model::user::User;
 // Define our repo module
 mod repo;
+use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
 use repo::todo_repository::TodoRepository;
 use repo::user_repository::UserRepository;
 // Define our routes module
@ -60,9 +58,24 @@ async fn main() -> io::Result<()> {
        "{}:{}",
        env::var("WEBSERVER_ADDRESS").unwrap_or(DEFAULT_WEBSERVER_ADDRESS.to_string()),
        env::var("WEBSERVER_PORT").unwrap_or(DEFAULT_WEBSERVER_PORT.to_string())
-    ).parse().expect("A valid socket address. Check your ENV variables!");
+    )
+    .parse()
+    .expect("A valid socket address. Check your ENV variables!");
+
+    // HOLY: Ich werde jetzt dann wirklich gleich verrückt mit CORS & Cookies...
+    // ICH WILL DOCH NUR DAS FRONTEND LOKAL TESTEN... IST DASS DENN ZU VIEL VERLANGT?
+    // TODO: Remove after local dev
+    // openssl req -x509 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem -days 365 -subj '/CN=localhost'
+    // Move to /cert/... in container
+    let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls())?;
+    builder.set_private_key_file("/cert/key.pem", SslFiletype::PEM)?;
+    builder.set_certificate_chain_file("/cert/cert.pem")?;

-    log::info!("Starting HTTP server: http://{}:{}", socket_addr.ip(), socket_addr.port());
+    log::info!(
+        "Starting HTTP server: http://{}:{}",
+        socket_addr.ip(),
+        socket_addr.port()
+    );

    HttpServer::new(move || {
        App::new()
@ -70,11 +83,21 @@ async fn main() -> io::Result<()> {
            .wrap(IdentityMiddleware::default())
            .wrap(
                SessionMiddleware::builder(CookieSessionStore::default(), key.clone())
-                    .cookie_secure(false)
+                    .cookie_secure(true)
+                    // TODO: Remove after development with local solidjs app
+                    .cookie_same_site(actix_web::cookie::SameSite::None)
                    // Session lifetime
                    .session_lifecycle(PersistentSession::default().session_ttl(Duration::days(7)))
                    .build(),
            )
+            .wrap(
+                // TODO: Remove after development with local solidjs app
+                Cors::default()
+                    .allowed_origin("http://localhost:3000")
+                    .supports_credentials()
+                    .allow_any_method()
+                    .allow_any_header(),
+            )
            .wrap(middleware::Logger::default())
            .app_data(user_repo.clone())
            .app_data(todo_repo.clone())
@ -88,7 +111,7 @@ async fn main() -> io::Result<()> {
            .service(routes::delete_logout)
            .default_service(web::to(routes::index))
    })
-    .bind(socket_addr)?
+    .bind_openssl(socket_addr, builder)?
    .workers(2) // number of workers per bind default ist #cpus
    .run()
    .await
--- a/rust_solid_cassandra/deploy/docker-compose.yml
+++ b/rust_solid_cassandra/deploy/docker-compose.yml
@ -12,6 +12,8 @@ services:
      WEBSERVER_PORT: '6969'
      CASSANDRA_SERVER_ADDRESS: 'cassandra'
      CASSANDRA_KEYSPACE_NAME: 'rust_solidjs_cassandra'
+    volumes:
+      - ../data/app/cert:/cert
    ports:
      - '6969:6969'
    depends_on:
@ -26,3 +28,11 @@ services:
    # DEVEL
    ports:
      - '9042:9042'
+  # proxy:
+  #   image: caddy/caddy:latest
+  #   container_name: caddy
+  #   restart: 'no'
+  #   volumes:
+  #     - ../data/caddy/Caddyfile:/etc/caddy/Caddyfile
+  #   ports:
+  #     - '6969:443'