submit token should be enough. no full user authentication needed

This commit is contained in:
mtrx 2024-12-28 02:12:46 +01:00
parent 7ba1605456
commit 917e7d824d
3 changed files with 5 additions and 0 deletions

View file

@ -39,6 +39,7 @@ where crablog is run. An example configuration is provided:
CL_USERNAME=yourusername
CL_EMAIL=me@mydomain.tld # optional
CL_BIND_PORT=8000 # optional
CL_SUBMIT_TOKEN=Submit!123 # required, token needed for submitting / "login password"
CL_SESSION_SECRET=<some long generated secret> # required, session key encryption secret
CL_GITHUB_ACCOUNT=yourusername # optional
CL_TWITTER_ACCOUNT=yourusername # optional

View file

@ -4,6 +4,7 @@ use once_cell::sync::Lazy;
pub const ENV_PREFIX: &str = "CL_";
pub struct Config {
pub submit_token: String,
pub session_secret: String,
pub root_path: String,
pub username: String,
@ -65,6 +66,7 @@ fn load_config() -> Config {
}
Config {
submit_token: eval_conf_var("SUBMIT_TOKEN", true, None).unwrap(),
session_secret: eval_conf_var("SESSION_SECRET", true, None).unwrap(),
root_path: eval_conf_var("ROOT_PATH", false, Some("./content")).unwrap(),
username: eval_conf_var("USERNAME", true, None).unwrap(),

View file

@ -10,6 +10,7 @@ extern crate serde_derive;
extern crate tera;
use actix_files as fs;
use actix_identity::IdentityMiddleware;
use actix_session::{storage::CookieSessionStore, SessionMiddleware};
use actix_web::cookie::Key;
use actix_web::{middleware::Logger, web::Data, App, HttpServer};
@ -30,6 +31,7 @@ async fn main() -> std::io::Result<()> {
env_logger::Builder::from_env(Env::default().default_filter_or("debug"));
App::new()
.wrap(IdentityMiddleware::default())
.wrap(SessionMiddleware::new(
CookieSessionStore::default(),
SESSION_COOKIE_SECRET_KEY.clone(),