mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2024-11-25 04:13:32 +01:00
Merge pull request #3806 from BlackDex/fix-3776
Allow Authorization header for Web Sockets
This commit is contained in:
commit
f579a4154c
@ -20,7 +20,7 @@ use tokio_tungstenite::{
|
||||
};
|
||||
|
||||
use crate::{
|
||||
auth::ClientIp,
|
||||
auth::{ClientIp, WsAccessTokenHeader},
|
||||
db::{
|
||||
models::{Cipher, Folder, Send as DbSend, User},
|
||||
DbConn,
|
||||
@ -111,11 +111,19 @@ fn websockets_hub<'r>(
|
||||
ws: rocket_ws::WebSocket,
|
||||
data: WsAccessToken,
|
||||
ip: ClientIp,
|
||||
header_token: WsAccessTokenHeader,
|
||||
) -> Result<rocket_ws::Stream!['r], Error> {
|
||||
let addr = ip.ip;
|
||||
info!("Accepting Rocket WS connection from {addr}");
|
||||
|
||||
let Some(token) = data.access_token else { err_code!("Invalid claim", 401) };
|
||||
let token = if let Some(token) = data.access_token {
|
||||
token
|
||||
} else if let Some(token) = header_token.access_token {
|
||||
token
|
||||
} else {
|
||||
err_code!("Invalid claim", 401)
|
||||
};
|
||||
|
||||
let Ok(claims) = crate::auth::decode_login(&token) else { err_code!("Invalid token", 401) };
|
||||
|
||||
let (mut rx, guard) = {
|
||||
|
23
src/auth.rs
23
src/auth.rs
@ -825,3 +825,26 @@ impl<'r> FromRequest<'r> for ClientIp {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
pub struct WsAccessTokenHeader {
|
||||
pub access_token: Option<String>,
|
||||
}
|
||||
|
||||
#[rocket::async_trait]
|
||||
impl<'r> FromRequest<'r> for WsAccessTokenHeader {
|
||||
type Error = ();
|
||||
|
||||
async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
|
||||
let headers = request.headers();
|
||||
|
||||
// Get access_token
|
||||
let access_token = match headers.get_one("Authorization") {
|
||||
Some(a) => a.rsplit("Bearer ").next().map(String::from),
|
||||
None => None,
|
||||
};
|
||||
|
||||
Outcome::Success(Self {
|
||||
access_token,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user