From 16ac893e1578ec1fa7601a30f6b86357eb6a7c56 Mon Sep 17 00:00:00 2001
From: Nutomic <me@nutomic.com>
Date: Fri, 1 Dec 2023 15:18:29 +0100
Subject: [PATCH] Some changes to help debug auth problems on lemmy.ml (#4220)
* Some changes to help debug auth problems on lemmy.ml
* fix
* clippy
---
config/defaults.hjson | 2 ++
crates/api/src/lib.rs | 6 ++++++
crates/utils/src/settings/structs.rs | 3 +++
scripts/lint.sh | 2 +-
src/session_middleware.rs | 13 ++++++++++---
5 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/config/defaults.hjson b/config/defaults.hjson
index 880af802c..47d3ed24f 100644
--- a/config/defaults.hjson
+++ b/config/defaults.hjson
@@ -98,4 +98,6 @@
# Sets a response Access-Control-Allow-Origin CORS header
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
cors_origin: "*"
+ # Always send cache-control: private header for api responses, avoid problems with wrong caching.
+ disable_cache_control: true
}
diff --git a/crates/api/src/lib.rs b/crates/api/src/lib.rs
index faa74824e..c41b2315a 100644
--- a/crates/api/src/lib.rs
+++ b/crates/api/src/lib.rs
@@ -15,6 +15,7 @@ use lemmy_utils::{
};
use std::io::Cursor;
use totp_rs::{Secret, TOTP};
+use tracing::log::warn;
pub mod comment;
pub mod comment_report;
@@ -84,6 +85,11 @@ pub fn read_auth_token(req: &HttpRequest) -> Result<Option<String>, LemmyError>
else if let Some(cookie) = &req.cookie(AUTH_COOKIE_NAME) {
Ok(Some(cookie.value().to_string()))
}
+ // Read old auth cookie
+ else if let Some(cookie) = &req.cookie("jwt") {
+ warn!("Falling back to jwt cookie");
+ Ok(Some(cookie.value().to_string()))
+ }
// Otherwise, there's no auth
else {
Ok(None)
diff --git a/crates/utils/src/settings/structs.rs b/crates/utils/src/settings/structs.rs
index 886cd71b6..ba247d7db 100644
--- a/crates/utils/src/settings/structs.rs
+++ b/crates/utils/src/settings/structs.rs
@@ -57,6 +57,9 @@ pub struct Settings {
#[default(None)]
#[doku(example = "*")]
cors_origin: Option<String>,
+ /// Always send cache-control: private header for api responses, avoid problems with wrong caching.
+ #[default(None)]
+ pub disable_cache_control: Option<bool>,
}
impl Settings {
diff --git a/scripts/lint.sh b/scripts/lint.sh
index 924fba390..6a9526dfc 100755
--- a/scripts/lint.sh
+++ b/scripts/lint.sh
@@ -5,7 +5,7 @@ CWD="$(cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)"
cd $CWD/../
-cargo clippy --workspace --fix --allow-staged --allow-dirty --tests --all-targets --all-features -- -D warnings
+cargo clippy --workspace --fix --allow-staged --allow-dirty --tests --all-targets -- -D warnings
# Format rust files
cargo +nightly fmt
diff --git a/src/session_middleware.rs b/src/session_middleware.rs
index f50e0eccd..bdecb9818 100644
--- a/src/session_middleware.rs
+++ b/src/session_middleware.rs
@@ -11,6 +11,7 @@ use lemmy_api::{local_user_view_from_jwt, read_auth_token};
use lemmy_api_common::context::LemmyContext;
use reqwest::header::HeaderValue;
use std::{future::ready, rc::Rc};
+use tracing::log::warn;
#[derive(Clone)]
pub struct SessionMiddleware {
@@ -71,8 +72,11 @@ where
// TODO: this means it will be impossible to get any error message for invalid jwt. Need
// to add a separate endpoint for that.
// https://github.com/LemmyNet/lemmy/issues/3702
- let local_user_view = local_user_view_from_jwt(jwt, &context).await.ok();
- if let Some(local_user_view) = local_user_view {
+ let local_user_view = local_user_view_from_jwt(jwt, &context).await;
+ if let Err(e) = &local_user_view {
+ warn!("Failed to handle user login: {e}");
+ }
+ if let Ok(local_user_view) = local_user_view {
req.extensions_mut().insert(local_user_view);
}
}
@@ -81,11 +85,14 @@ where
// Add cache-control header. If user is authenticated, mark as private. Otherwise cache
// up to one minute.
- let cache_value = if jwt.is_some() {
+
+ let disable_cache = context.settings().disable_cache_control.unwrap_or(false);
+ let cache_value = if jwt.is_some() || disable_cache {
"private"
} else {
"public, max-age=60"
};
+
res
.headers_mut()
.insert(CACHE_CONTROL, HeaderValue::from_static(cache_value));
--
GitLab