mirror of https://github.com/apibillme/broker
add security
This commit is contained in:
parent
1542daa71e
commit
dc2cd0de49
2
Makefile
2
Makefile
|
@ -1,5 +1,5 @@
|
|||
build:
|
||||
PORT=8080 cargo run
|
||||
PORT=8080 ORIGIN=http://localhost:3000 cargo run
|
||||
rusty:
|
||||
curl -S -v --header "Content-Type: application/json" POST --data '{"event":"user", "data":{"user":"Rusty"}}' http://localhost:8080/insert
|
||||
client:
|
||||
|
|
|
@ -60,11 +60,11 @@ use broker::{broker_run};
|
|||
|
||||
#[actix_rt::main]
|
||||
async fn main() -> std::result::Result<(), std::io::Error> {
|
||||
broker_run("*".to_owned()).await
|
||||
broker_run("http://localhost:3000".to_owned()).await
|
||||
}
|
||||
```
|
||||
|
||||
- the only param is the origin you want to allow - wildcard for all
|
||||
- the only param is the origin you want to allow - wildcard is not supported
|
||||
- the PORT needs to passed in as an environment variable
|
||||
- the file database saves to ``` ./tmp ``` of the project root
|
||||
|
||||
|
|
|
@ -67,7 +67,7 @@ function App() {
|
|||
<CardContent>
|
||||
<Typography className={classes.title} color="textSecondary" gutterBottom component={'span'} variant={'body2'}>
|
||||
What is your name?
|
||||
<SSEProvider endpoint={sseEndpoint} options={{withCredentials: false}}>
|
||||
<SSEProvider endpoint={sseEndpoint} options={{withCredentials: true}}>
|
||||
<Comments />
|
||||
</SSEProvider>
|
||||
</Typography>
|
||||
|
|
83
src/lib.rs
83
src/lib.rs
|
@ -11,8 +11,9 @@ use serde_json::json;
|
|||
use bcrypt::{DEFAULT_COST, hash, verify};
|
||||
|
||||
#[derive(Deserialize, Debug)]
|
||||
struct Config {
|
||||
port: String
|
||||
pub struct Config {
|
||||
port: String,
|
||||
pub origin: String
|
||||
}
|
||||
|
||||
struct MyData {
|
||||
|
@ -95,7 +96,10 @@ async fn new_client(data: web::Data<MyData>, broad: web::Data<Mutex<Broadcaster>
|
|||
|
||||
// create sse endpoint
|
||||
HttpResponse::Ok()
|
||||
.header("content-type", "text/event-stream")
|
||||
.header("Set-Cookie", "SameSite=Strict")
|
||||
.header("Keep-Alive", "true")
|
||||
.header("Access-Control-Allow-Credentials", "true")
|
||||
.header("Content-Type", "text/event-stream")
|
||||
.no_chunking()
|
||||
.streaming(rx)
|
||||
}
|
||||
|
@ -214,54 +218,27 @@ pub async fn broker_run(origin: String) -> std::result::Result<(), std::io::Erro
|
|||
});
|
||||
x.thread();
|
||||
|
||||
// create actix web server with CORS, data, and routes - handle wildcard origins
|
||||
if origin == "*" {
|
||||
HttpServer::new(move || {
|
||||
App::new()
|
||||
.wrap(middleware::Logger::default())
|
||||
.wrap(
|
||||
Cors::new()
|
||||
.send_wildcard()
|
||||
.allowed_methods(vec!["GET", "POST"])
|
||||
.allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT, header::CONTENT_TYPE])
|
||||
.max_age(3600)
|
||||
.finish()
|
||||
)
|
||||
.app_data(events.clone())
|
||||
.app_data(web::JsonConfig::default())
|
||||
.data(MyData{ db: tree.clone() })
|
||||
.route("/insert", web::post().to(insert))
|
||||
.route("/events", web::get().to(new_client))
|
||||
.route("/collection/{record}", web::get().to(collection))
|
||||
.route("/cancel/{record}", web::get().to(cancel))
|
||||
.route("/users/", web::post().to(user_create))
|
||||
})
|
||||
.bind(ip).unwrap()
|
||||
.run()
|
||||
.await
|
||||
} else {
|
||||
HttpServer::new(move || {
|
||||
App::new()
|
||||
.wrap(middleware::Logger::default())
|
||||
.wrap(
|
||||
Cors::new()
|
||||
.allowed_origin(&origin)
|
||||
.allowed_methods(vec!["GET", "POST"])
|
||||
.allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT, header::CONTENT_TYPE])
|
||||
.max_age(3600)
|
||||
.finish()
|
||||
)
|
||||
.app_data(events.clone())
|
||||
.app_data(web::JsonConfig::default())
|
||||
.data(MyData{ db: tree.clone() })
|
||||
.route("/insert", web::post().to(insert))
|
||||
.route("/events", web::get().to(new_client))
|
||||
.route("/collection/{record}", web::get().to(collection))
|
||||
.route("/cancel/{record}", web::get().to(cancel))
|
||||
.route("/users/", web::post().to(user_create))
|
||||
})
|
||||
.bind(ip).unwrap()
|
||||
.run()
|
||||
.await
|
||||
}
|
||||
HttpServer::new(move || {
|
||||
App::new()
|
||||
.wrap(middleware::Logger::default())
|
||||
.wrap(
|
||||
Cors::new()
|
||||
.allowed_origin(&origin)
|
||||
.allowed_methods(vec!["GET", "POST"])
|
||||
.allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT, header::CONTENT_TYPE])
|
||||
.max_age(3600)
|
||||
.finish()
|
||||
)
|
||||
.app_data(events.clone())
|
||||
.app_data(web::JsonConfig::default())
|
||||
.data(MyData{ db: tree.clone() })
|
||||
.route("/insert", web::post().to(insert))
|
||||
.route("/events", web::get().to(new_client))
|
||||
.route("/collection/{record}", web::get().to(collection))
|
||||
.route("/cancel/{record}", web::get().to(cancel))
|
||||
.route("/users/", web::post().to(user_create))
|
||||
})
|
||||
.bind(ip).unwrap()
|
||||
.run()
|
||||
.await
|
||||
}
|
||||
|
|
|
@ -1,7 +1,11 @@
|
|||
mod lib;
|
||||
use lib::{broker_run};
|
||||
use lib::{broker_run, Config};
|
||||
|
||||
#[actix_rt::main]
|
||||
async fn main() -> () {
|
||||
let _ = broker_run("*".to_owned()).await;
|
||||
// get origin env var
|
||||
let config = envy::from_env::<Config>().unwrap();
|
||||
let origin = config.origin;
|
||||
|
||||
let _ = broker_run(origin).await;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue