mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 20:47:01 +01:00
Using proper axum http headers lib for compatibility (#2348)
This commit is contained in:
James Hodgkinson
GitHub
parent
cbdbaa8fe0
commit
9a464c653c
|
|
@ -1,9 +1,9 @@
|
|||
//! Where we hide the error handling widgets
|
||||
//!
|
||||
|
||||
use axum::http::header::ACCESS_CONTROL_ALLOW_ORIGIN;
|
||||
use axum::http::{HeaderValue, StatusCode};
|
||||
use axum::response::{IntoResponse, Response};
|
||||
use http::header::ACCESS_CONTROL_ALLOW_ORIGIN;
|
||||
use http::{HeaderValue, StatusCode};
|
||||
use kanidm_proto::v1::OperationError;
|
||||
use utoipa::ToSchema;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
use axum::extract::State;
|
||||
use axum::http::header::CONTENT_TYPE;
|
||||
use axum::response::IntoResponse;
|
||||
use axum::routing::get;
|
||||
use axum::{Extension, Router};
|
||||
use http::header::CONTENT_TYPE;
|
||||
use kanidmd_lib::status::StatusRequestEvent;
|
||||
|
||||
use super::middleware::KOpId;
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
//! Builds a Progressive Web App Manifest page.
|
||||
|
||||
use axum::extract::State;
|
||||
use axum::http::header::CONTENT_TYPE;
|
||||
use axum::http::HeaderValue;
|
||||
use axum::response::{IntoResponse, Response};
|
||||
use axum::Extension;
|
||||
use http::header::CONTENT_TYPE;
|
||||
use http::HeaderValue;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use serde_with::skip_serializing_none;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
use axum::{
|
||||
headers::{CacheControl, HeaderMapExt},
|
||||
http::{self, Request},
|
||||
http::{header, HeaderValue, Request},
|
||||
middleware::Next,
|
||||
response::Response,
|
||||
};
|
||||
|
|
@ -9,13 +9,12 @@ use axum::{
|
|||
pub async fn dont_cache_me<B>(request: Request<B>, next: Next<B>) -> Response {
|
||||
let mut response = next.run(request).await;
|
||||
response.headers_mut().insert(
|
||||
http::header::CACHE_CONTROL,
|
||||
http::HeaderValue::from_static("no-store no-cache max-age=0"),
|
||||
);
|
||||
response.headers_mut().insert(
|
||||
http::header::PRAGMA,
|
||||
http::HeaderValue::from_static("no-cache"),
|
||||
header::CACHE_CONTROL,
|
||||
HeaderValue::from_static("no-store no-cache max-age=0"),
|
||||
);
|
||||
response
|
||||
.headers_mut()
|
||||
.insert(header::PRAGMA, HeaderValue::from_static("no-cache"));
|
||||
|
||||
response
|
||||
}
|
||||
|
|
@ -28,10 +27,9 @@ pub async fn cache_me<B>(request: Request<B>, next: Next<B>) -> Response {
|
|||
.with_private();
|
||||
|
||||
response.headers_mut().typed_insert(cache_header);
|
||||
response.headers_mut().insert(
|
||||
http::header::PRAGMA,
|
||||
http::HeaderValue::from_static("no-cache"),
|
||||
);
|
||||
response
|
||||
.headers_mut()
|
||||
.insert(header::PRAGMA, HeaderValue::from_static("no-cache"));
|
||||
|
||||
response
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
use axum::http::Request;
|
||||
use axum::http::{header, HeaderValue, Request};
|
||||
use axum::middleware::Next;
|
||||
use axum::response::Response;
|
||||
use http::HeaderValue;
|
||||
|
||||
const HSTS_HEADER: &str = "max-age=86400";
|
||||
|
||||
|
|
@ -11,7 +10,7 @@ pub async fn strict_transport_security_layer<B>(request: Request<B>, next: Next<
|
|||
|
||||
// add the header
|
||||
response.headers_mut().insert(
|
||||
http::header::STRICT_TRANSPORT_SECURITY,
|
||||
header::STRICT_TRANSPORT_SECURITY,
|
||||
HeaderValue::from_static(HSTS_HEADER),
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,11 +1,10 @@
|
|||
use axum::{
|
||||
headers::{authorization::Bearer, Authorization},
|
||||
http::{self, Request},
|
||||
http::{HeaderValue, Request},
|
||||
middleware::Next,
|
||||
response::Response,
|
||||
TypedHeader,
|
||||
};
|
||||
use http::HeaderValue;
|
||||
use kanidm_proto::constants::{KOPID, KVERSION};
|
||||
use uuid::Uuid;
|
||||
pub(crate) mod caching;
|
||||
|
|
@ -44,9 +43,9 @@ pub async fn are_we_json_yet<B>(request: Request<B>, next: Next<B>) -> Response
|
|||
|
||||
if uri.starts_with("/v1") && response.status().is_success() {
|
||||
let headers = response.headers();
|
||||
assert!(headers.contains_key(http::header::CONTENT_TYPE));
|
||||
assert!(headers.contains_key(axum::http::header::CONTENT_TYPE));
|
||||
assert!(
|
||||
headers.get(http::header::CONTENT_TYPE)
|
||||
headers.get(axum::http::header::CONTENT_TYPE)
|
||||
== Some(&HeaderValue::from_static(
|
||||
kanidm_proto::constants::APPLICATION_JSON
|
||||
))
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
use axum::extract::State;
|
||||
use axum::http::header;
|
||||
use axum::http::HeaderValue;
|
||||
use axum::http::Request;
|
||||
use axum::middleware::Next;
|
||||
use axum::response::Response;
|
||||
use http::header::X_CONTENT_TYPE_OPTIONS;
|
||||
use http::HeaderValue;
|
||||
|
||||
use crate::https::ServerState;
|
||||
|
||||
|
|
@ -20,14 +20,14 @@ pub async fn security_headers_layer<B>(
|
|||
|
||||
// add the Content-Security-Policy header, which defines how contact will be accessed/run based on the source URL
|
||||
let headers = response.headers_mut();
|
||||
headers.insert(http::header::CONTENT_SECURITY_POLICY, state.csp_header);
|
||||
headers.insert(header::CONTENT_SECURITY_POLICY, state.csp_header);
|
||||
|
||||
// X-Content-Type-Options tells the browser if it's OK to "sniff" or guess the content type of a response
|
||||
//
|
||||
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
|
||||
// https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options
|
||||
headers.insert(
|
||||
X_CONTENT_TYPE_OPTIONS,
|
||||
header::X_CONTENT_TYPE_OPTIONS,
|
||||
HeaderValue::from_static(X_CONTENT_TYPE_OPTIONS_VALUE),
|
||||
);
|
||||
|
||||
|
|
@ -44,7 +44,7 @@ pub async fn security_headers_layer<B>(
|
|||
// https://scotthelme.co.uk/a-new-security-header-referrer-policy/
|
||||
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
|
||||
headers.insert(
|
||||
http::header::REFERRER_POLICY,
|
||||
header::REFERRER_POLICY,
|
||||
HeaderValue::from_static("no-referrer-when-downgrade"),
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ use crate::actors::v1_read::QueryServerReadV1;
|
|||
use crate::actors::v1_write::QueryServerWriteV1;
|
||||
use crate::config::{Configuration, ServerRole, TlsConfiguration};
|
||||
use axum::extract::connect_info::{IntoMakeServiceWithConnectInfo, ResponseFuture};
|
||||
use axum::http::{HeaderMap, HeaderValue};
|
||||
use axum::middleware::{from_fn, from_fn_with_state};
|
||||
use axum::response::Redirect;
|
||||
use axum::routing::*;
|
||||
|
|
@ -27,7 +28,6 @@ use axum_csp::{CspDirectiveType, CspValue};
|
|||
use axum_macros::FromRef;
|
||||
use compact_jwt::{JwsCompact, JwsHs256Signer, JwsVerifier};
|
||||
use hashbrown::HashMap;
|
||||
use http::{HeaderMap, HeaderValue};
|
||||
use hyper::server::accept::Accept;
|
||||
use hyper::server::conn::{AddrStream, Http};
|
||||
use kanidm_proto::constants::KSESSIONID;
|
||||
|
|
|
|||
|
|
@ -2,17 +2,17 @@ use super::errors::WebError;
|
|||
use super::middleware::KOpId;
|
||||
use super::ServerState;
|
||||
use axum::extract::{Path, Query, State};
|
||||
use axum::http::header::{
|
||||
ACCESS_CONTROL_ALLOW_HEADERS, ACCESS_CONTROL_ALLOW_ORIGIN, AUTHORIZATION, CONTENT_TYPE,
|
||||
LOCATION, WWW_AUTHENTICATE,
|
||||
};
|
||||
use axum::http::{HeaderMap, HeaderValue, StatusCode};
|
||||
use axum::middleware::from_fn;
|
||||
use axum::response::{IntoResponse, Response};
|
||||
use axum::routing::{get, post};
|
||||
use axum::{Extension, Form, Json, Router};
|
||||
use axum_macros::debug_handler;
|
||||
use compact_jwt::{JwkKeySet, OidcToken};
|
||||
use http::header::{
|
||||
ACCESS_CONTROL_ALLOW_HEADERS, ACCESS_CONTROL_ALLOW_ORIGIN, AUTHORIZATION, CONTENT_TYPE,
|
||||
LOCATION, WWW_AUTHENTICATE,
|
||||
};
|
||||
use http::{HeaderMap, HeaderValue, StatusCode};
|
||||
use hyper::Body;
|
||||
use kanidm_proto::constants::uri::{
|
||||
OAUTH2_AUTHORISE, OAUTH2_AUTHORISE_PERMIT, OAUTH2_AUTHORISE_REJECT,
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
//! Reimplementation of tower-http's DefaultMakeSpan that only runs at "INFO" level for our own needs.
|
||||
|
||||
use http::Request;
|
||||
use axum::http::Request;
|
||||
use kanidm_proto::constants::KOPID;
|
||||
use sketching::event_dynamic_lvl;
|
||||
use tower_http::LatencyUnit;
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
use axum::extract::State;
|
||||
use axum::http::header::CONTENT_TYPE;
|
||||
use axum::http::HeaderValue;
|
||||
use axum::response::Response;
|
||||
use axum::routing::get;
|
||||
use axum::{Extension, Router};
|
||||
use http::header::CONTENT_TYPE;
|
||||
|
||||
use super::middleware::KOpId;
|
||||
use super::ServerState;
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
//! The V1 API things!
|
||||
|
||||
use axum::extract::{Path, Query, State};
|
||||
use axum::http::{HeaderMap, HeaderValue};
|
||||
use axum::middleware::from_fn;
|
||||
use axum::response::{IntoResponse, Response};
|
||||
use axum::routing::{delete, get, post, put};
|
||||
use axum::{Extension, Json, Router};
|
||||
use compact_jwt::{Jws, JwsSigner};
|
||||
use http::{HeaderMap, HeaderValue};
|
||||
use kanidm_proto::constants::uri::V1_AUTH_VALID;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use std::net::IpAddr;
|
||||
|
|
|
|||
|
|
@ -1361,8 +1361,8 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
|
|||
|
||||
let failed_scopes = req_scopes
|
||||
.iter()
|
||||
.filter(|&s| !OAUTHSCOPE_RE.is_match(s))
|
||||
.cloned()
|
||||
.filter(|s| !OAUTHSCOPE_RE.is_match(s))
|
||||
.collect::<Vec<String>>();
|
||||
if !failed_scopes.is_empty() {
|
||||
let requested_scopes_string = req_scopes
|
||||
|
|
|
|||
Loading…
Reference in a new issue