mirror of
https://github.com/meilisearch/meilisearch.git
synced 2024-11-26 12:05:05 +08:00
Merge #1185
1185: fix cors issue r=MarinPostma a=MarinPostma This PR fixes a bug where foreign origin were not accepted. This was due to an update to actix-cors It also fixes the cors bug when authentication failed, with the caveat that request that are denied for permissions reason are not logged. it introduces a bug described in #1186 Co-authored-by: mpostma <postma.marin@protonmail.com>
This commit is contained in:
commit
0bb8b3a68d
@ -6,6 +6,8 @@ use std::task::{Context, Poll};
|
||||
use actix_service::{Service, Transform};
|
||||
use actix_web::{dev::ServiceRequest, dev::ServiceResponse, web};
|
||||
use futures::future::{err, ok, Future, Ready};
|
||||
use actix_web::error::ResponseError as _;
|
||||
use actix_web::dev::Body;
|
||||
|
||||
use crate::error::{Error, ResponseError};
|
||||
use crate::Data;
|
||||
@ -17,14 +19,13 @@ pub enum Authentication {
|
||||
Admin,
|
||||
}
|
||||
|
||||
impl<S: 'static, B> Transform<S> for Authentication
|
||||
impl<S: 'static> Transform<S> for Authentication
|
||||
where
|
||||
S: Service<Request = ServiceRequest, Response = ServiceResponse<B>, Error = actix_web::Error>,
|
||||
S: Service<Request = ServiceRequest, Response = ServiceResponse<Body>, Error = actix_web::Error>,
|
||||
S::Future: 'static,
|
||||
B: 'static,
|
||||
{
|
||||
type Request = ServiceRequest;
|
||||
type Response = ServiceResponse<B>;
|
||||
type Response = ServiceResponse<Body>;
|
||||
type Error = actix_web::Error;
|
||||
type InitError = ();
|
||||
type Transform = LoggingMiddleware<S>;
|
||||
@ -44,14 +45,13 @@ pub struct LoggingMiddleware<S> {
|
||||
}
|
||||
|
||||
#[allow(clippy::type_complexity)]
|
||||
impl<S, B> Service for LoggingMiddleware<S>
|
||||
impl<S> Service for LoggingMiddleware<S>
|
||||
where
|
||||
S: Service<Request = ServiceRequest, Response = ServiceResponse<B>, Error = actix_web::Error> + 'static,
|
||||
S: Service<Request = ServiceRequest, Response = ServiceResponse<Body>, Error = actix_web::Error> + 'static,
|
||||
S::Future: 'static,
|
||||
B: 'static,
|
||||
{
|
||||
type Request = ServiceRequest;
|
||||
type Response = ServiceResponse<B>;
|
||||
type Response = ServiceResponse<Body>;
|
||||
type Error = actix_web::Error;
|
||||
type Future = Pin<Box<dyn Future<Output = Result<Self::Response, Self::Error>>>>;
|
||||
|
||||
@ -72,7 +72,11 @@ where
|
||||
let auth_header = match req.headers().get("X-Meili-API-Key") {
|
||||
Some(auth) => match auth.to_str() {
|
||||
Ok(auth) => auth,
|
||||
Err(_) => return Box::pin(err(ResponseError::from(Error::MissingAuthorizationHeader).into())),
|
||||
Err(_) => {
|
||||
let error = ResponseError::from(Error::MissingAuthorizationHeader).error_response();
|
||||
let (request, _) = req.into_parts();
|
||||
return Box::pin(ok(ServiceResponse::new(request, error)))
|
||||
}
|
||||
},
|
||||
None => {
|
||||
return Box::pin(err(ResponseError::from(Error::MissingAuthorizationHeader).into()));
|
||||
@ -95,9 +99,9 @@ where
|
||||
if authenticated {
|
||||
Box::pin(svc.call(req))
|
||||
} else {
|
||||
Box::pin(err(
|
||||
ResponseError::from(Error::InvalidToken(auth_header.to_string())).into()
|
||||
))
|
||||
let error = ResponseError::from(Error::InvalidToken(auth_header.to_string())).error_response();
|
||||
let (request, _) = req.into_parts();
|
||||
return Box::pin(ok(ServiceResponse::new(request, error)))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -82,13 +82,15 @@ async fn main() -> Result<(), MainError> {
|
||||
|
||||
let enable_frontend = opt.env != "production";
|
||||
let http_server = HttpServer::new(move || {
|
||||
create_app(&data, enable_frontend)
|
||||
.wrap(
|
||||
Cors::default()
|
||||
let cors = Cors::default()
|
||||
.send_wildcard()
|
||||
.allowed_headers(vec!["content-type", "x-meili-api-key"])
|
||||
.max_age(86_400) // 24h
|
||||
)
|
||||
.allow_any_origin()
|
||||
.allow_any_method()
|
||||
.max_age(86_400); // 24h
|
||||
|
||||
create_app(&data, enable_frontend)
|
||||
.wrap(cors)
|
||||
.wrap(middleware::Logger::default())
|
||||
.wrap(middleware::Compress::default())
|
||||
.wrap(NormalizePath)
|
||||
|
Loading…
Reference in New Issue
Block a user