From 8a3fef096d720666dc8a54789aee02250642d8a1 Mon Sep 17 00:00:00 2001 From: Greg Burri Date: Sun, 27 Nov 2022 02:01:23 +0100 Subject: [PATCH] Read the http header from the proxy to get the client IP --- Cargo.lock | 1 + TODO.md | 1 + backend/Cargo.toml | 3 ++- backend/src/consts.rs | 3 ++- backend/src/email.rs | 5 ++--- backend/src/main.rs | 41 +++++++++++++++++++++-------------------- 6 files changed, 29 insertions(+), 25 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 313d08d..96baf91 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1567,6 +1567,7 @@ dependencies = [ "futures", "itertools", "lettre", + "log", "r2d2", "r2d2_sqlite", "rand", diff --git a/TODO.md b/TODO.md index 2120205..8e6de0a 100644 --- a/TODO.md +++ b/TODO.md @@ -5,6 +5,7 @@ * Two CSS: one for desktop and one for mobile * Define the logic behind each page and action. +[ok] How to log error to journalctl? [ok] Sign out [ok] Read all the askama doc and see if the current approach is good [ok] Handle 404 diff --git a/backend/Cargo.toml b/backend/Cargo.toml index 1cb217c..dfff361 100644 --- a/backend/Cargo.toml +++ b/backend/Cargo.toml @@ -17,6 +17,7 @@ ron = "0.8" # Rust object notation, to load configuration files. itertools = "0.10" clap = {version = "4", features = ["derive"]} +log = "0.4" env_logger = "0.9" r2d2_sqlite = "0.21" # Connection pool with rusqlite (SQLite access). @@ -33,4 +34,4 @@ rand_core = {version = "0.6", features = ["std"]} rand = "0.8" -lettre = {version = "0.10", default-features = false, features = ["smtp-transport", "pool", "hostname", "builder", "rustls-tls"]} \ No newline at end of file +lettre = {version = "0.10", default-features = false, features = ["smtp-transport", "pool", "hostname", "builder", "rustls-tls"]} diff --git a/backend/src/consts.rs b/backend/src/consts.rs index 896fbdd..02b844d 100644 --- a/backend/src/consts.rs +++ b/backend/src/consts.rs @@ -3,4 +3,5 @@ pub const FILE_CONF: &str = "conf.ron"; pub const DB_DIRECTORY: &str = "data"; pub const DB_FILENAME: &str = "recipes.sqlite"; pub const SQL_FILENAME: &str = "sql/version_{VERSION}.sql"; -pub const VALIDATION_TOKEN_DURATION: i64 = 1 * 60 * 60; // 1 hour. [s]. \ No newline at end of file +pub const VALIDATION_TOKEN_DURATION: i64 = 1 * 60 * 60; // 1 hour. [s]. +pub const REVERSE_PROXY_IP_HTTP_FIELD: &str = "x-real-ip"; \ No newline at end of file diff --git a/backend/src/email.rs b/backend/src/email.rs index a0043f7..9b095d5 100644 --- a/backend/src/email.rs +++ b/backend/src/email.rs @@ -1,8 +1,7 @@ -use lettre::{transport::smtp::{authentication::Credentials}, Message, SmtpTransport, Transport}; +use lettre::{transport::smtp::authentication::Credentials, Message, SmtpTransport, Transport}; /// pub fn send_validation(site_url: &str, email: &str, token: &str, smtp_login: &str, smtp_password: &str) -> Result<(), Box> { - let email = Message::builder() .message_id(None) .from("recipes@gburri.org".parse()?) @@ -15,7 +14,7 @@ pub fn send_validation(site_url: &str, email: &str, token: &str, smtp_login: &st let mailer = SmtpTransport::relay("mail.gandi.net")?.credentials(credentials).build(); if let Err(error) = mailer.send(&email) { - println!("Error when sending E-mail:\n{:?}", &error); + eprintln!("Error when sending E-mail:\n{:?}", &error); } Ok(()) diff --git a/backend/src/main.rs b/backend/src/main.rs index 91b8d32..4e68de1 100644 --- a/backend/src/main.rs +++ b/backend/src/main.rs @@ -6,6 +6,7 @@ use askama_actix::{Template, TemplateToResponse}; use chrono::{prelude::*, Duration}; use clap::Parser; use serde::Deserialize; +use log::{debug, error, log_enabled, info, Level}; use config::Config; use user::User; @@ -23,8 +24,14 @@ const COOKIE_AUTH_TOKEN_NAME: &str = "auth_token"; ///// UTILS ///// fn get_ip_and_user_agent(req: &HttpRequest) -> (String, String) { + let ip = + match req.headers().get(consts::REVERSE_PROXY_IP_HTTP_FIELD) { + Some(v) => v.to_str().unwrap_or_default().to_string(), + None => req.peer_addr().map(|addr| addr.ip().to_string()).unwrap_or_default() + }; + let user_agent = req.headers().get(header::USER_AGENT).map(|v| v.to_str().unwrap_or_default()).unwrap_or_default().to_string(); - let ip = req.peer_addr().map(|addr| addr.ip().to_string()).unwrap_or_default(); + (ip, user_agent) } @@ -42,12 +49,12 @@ fn get_current_user(req: &HttpRequest, connection: &web::Data) - Ok(user) => Some(user), Err(error) => { - eprintln!("Error during authentication: {:?}", error); + error!("Error during authentication: {}", error); None } }, Err(error) => { - eprintln!("Error during authentication: {:?}", error); + error!("Error during authentication: {}", error); None }, }, @@ -146,8 +153,6 @@ enum SignUpError { #[post("/signup")] async fn sign_up_post(req: HttpRequest, form: web::Form, connection: web::Data, config: web::Data) -> impl Responder { - println!("Sign up, email: {}, passwords: {}/{}", form.email, form.password_1, form.password_2); - fn error_response(error: SignUpError, form: &web::Form, user: Option) -> HttpResponse { SignUpFormTemplate { user, @@ -212,13 +217,13 @@ async fn sign_up_post(req: HttpRequest, form: web::Form, connect .insert_header((header::LOCATION, "/signup_check_email")) .finish(), Err(error) => { - eprintln!("Email validation error: {:?}", error); + error!("Email validation error: {}", error); error_response(SignUpError::UnableSendEmail, &form, user) }, } }, Err(error) => { - eprintln!("Signup database error: {:?}", error); + error!("Signup database error: {}", error); error_response(SignUpError::DatabaseError, &form, user) }, } @@ -250,7 +255,7 @@ async fn sign_up_validation(req: HttpRequest, query: web::Query Some(user), Err(error) => { - eprintln!("Error retrieving user by id: {}", error); + error!("Error retrieving user by id: {}", error); None } }; @@ -263,7 +268,7 @@ async fn sign_up_validation(req: HttpRequest, query: web::Query, connection: web::Data) -> impl Responder { - println!("Sign in, email: {}, password: {}", form.email, form.password); - fn error_response(error: SignInError, form: &web::Form, user: Option) -> HttpResponse { SignInFormTemplate { user, @@ -354,12 +357,12 @@ async fn sign_in_post(req: HttpRequest, form: web::Form, connect .insert_header((header::LOCATION, "/")) .finish(); if let Err(error) = response.add_cookie(&cookie) { - eprintln!("Unable to set cookie after sign in: {:?}", error); + error!("Unable to set cookie after sign in: {}", error); }; response }, Err(error) => { - eprintln!("Signin error: {:?}", error); + error!("Signin error: {}", error); error_response(SignInError::AuthenticationFailed, &form, user) }, } @@ -377,11 +380,11 @@ async fn sign_out(req: HttpRequest, connection: web::Data) -> im if let Some(token_cookie) = req.cookie(COOKIE_AUTH_TOKEN_NAME) { if let Err(error) = connection.sign_out(token_cookie.value()) { - eprintln!("Unable to sign out: {:?}", error); + error!("Unable to sign out: {}", error); }; if let Err(error) = response.add_removal_cookie(&Cookie::new(COOKIE_AUTH_TOKEN_NAME, "")) { - eprintln!("Unable to set a removal cookie after sign out: {:?}", error); + error!("Unable to set a removal cookie after sign out: {}", error); }; }; response @@ -400,7 +403,7 @@ async fn not_found(req: HttpRequest, connection: web::Data) -> i async fn main() -> std::io::Result<()> { if process_args() { return Ok(()) } - std::env::set_var("RUST_LOG", "actix_web=debug"); + std::env::set_var("RUST_LOG", "info,actix_web=info"); env_logger::init(); println!("Starting Recipes as web server..."); @@ -412,8 +415,6 @@ async fn main() -> std::io::Result<()> { let db_connection = web::Data::new(db::Connection::new().unwrap()); - std::env::set_var("RUST_LOG", "actix_web=info"); - let server = HttpServer::new(move || { App::new() @@ -450,13 +451,13 @@ fn process_args() -> bool { match db::Connection::new() { Ok(con) => { if let Err(error) = con.execute_file("sql/data_test.sql") { - println!("Error: {:?}", error); + error!("{}", error); } // Set the creation datetime to 'now'. con.execute_sql("UPDATE [User] SET [creation_datetime] = ?1 WHERE [email] = 'paul@test.org'", [Utc::now()]).unwrap(); }, Err(error) => { - println!("Error: {:?}", error) + error!("Error: {}", error) }, } -- 2.45.2