diff --git a/src/trx-client/src/main.rs b/src/trx-client/src/main.rs index f557d15..88cc3f5 100644 --- a/src/trx-client/src/main.rs +++ b/src/trx-client/src/main.rs @@ -159,6 +159,19 @@ async fn async_init() -> DynResult { .cloned() .collect(); + // Set HTTP frontend authentication config + frontend_runtime.http_auth_enabled = cfg.frontends.http.auth.enabled; + frontend_runtime.http_auth_rx_passphrase = cfg.frontends.http.auth.rx_passphrase.clone(); + frontend_runtime.http_auth_control_passphrase = cfg.frontends.http.auth.control_passphrase.clone(); + frontend_runtime.http_auth_tx_access_control_enabled = cfg.frontends.http.auth.tx_access_control_enabled; + frontend_runtime.http_auth_session_ttl_secs = cfg.frontends.http.auth.session_ttl_min * 60; + frontend_runtime.http_auth_cookie_secure = cfg.frontends.http.auth.cookie_secure; + frontend_runtime.http_auth_cookie_same_site = match cfg.frontends.http.auth.cookie_same_site { + config::CookieSameSite::Strict => "Strict".to_string(), + config::CookieSameSite::Lax => "Lax".to_string(), + config::CookieSameSite::None => "None".to_string(), + }; + // Resolve remote URL: CLI > config [remote] section > error let remote_url = cli .url diff --git a/src/trx-client/trx-frontend/src/lib.rs b/src/trx-client/trx-frontend/src/lib.rs index 585a7bc..320cbeb 100644 --- a/src/trx-client/trx-frontend/src/lib.rs +++ b/src/trx-client/trx-frontend/src/lib.rs @@ -126,6 +126,20 @@ pub struct FrontendRuntimeContext { pub rigctl_listen_addr: Arc>>, /// Guard to avoid spawning duplicate decode collectors. pub decode_collector_started: AtomicBool, + /// HTTP frontend authentication configuration (enabled, passphrases, TTL, etc.) + pub http_auth_enabled: bool, + /// HTTP frontend auth rx passphrase + pub http_auth_rx_passphrase: Option, + /// HTTP frontend auth control passphrase + pub http_auth_control_passphrase: Option, + /// HTTP frontend auth tx access control enabled + pub http_auth_tx_access_control_enabled: bool, + /// HTTP frontend auth session TTL in seconds + pub http_auth_session_ttl_secs: u64, + /// HTTP frontend auth cookie secure flag + pub http_auth_cookie_secure: bool, + /// HTTP frontend auth cookie same-site policy + pub http_auth_cookie_same_site: String, } impl FrontendRuntimeContext { @@ -144,6 +158,13 @@ impl FrontendRuntimeContext { rigctl_clients: Arc::new(AtomicUsize::new(0)), rigctl_listen_addr: Arc::new(Mutex::new(None)), decode_collector_started: AtomicBool::new(false), + http_auth_enabled: false, + http_auth_rx_passphrase: None, + http_auth_control_passphrase: None, + http_auth_tx_access_control_enabled: true, + http_auth_session_ttl_secs: 480 * 60, + http_auth_cookie_secure: false, + http_auth_cookie_same_site: "Lax".to_string(), } } } diff --git a/src/trx-client/trx-frontend/trx-frontend-http/src/server.rs b/src/trx-client/trx-frontend/trx-frontend-http/src/server.rs index e92f9b6..d1bb3a5 100644 --- a/src/trx-client/trx-frontend/trx-frontend-http/src/server.rs +++ b/src/trx-client/trx-frontend/trx-frontend-http/src/server.rs @@ -78,18 +78,24 @@ fn build_server( let state_data = web::Data::new(state_rx); let rig_tx = web::Data::new(rig_tx); let clients = web::Data::new(Arc::new(AtomicUsize::new(0))); - let context_data = web::Data::new(context); - // Create authentication state (default: disabled) + // Extract auth config values before moving context + let same_site = match context.http_auth_cookie_same_site.as_str() { + "Strict" => SameSite::Strict, + "None" => SameSite::None, + _ => SameSite::Lax, // default + }; let auth_config = AuthConfig::new( - false, // enabled - disabled by default - None, // rx_passphrase - None, // control_passphrase - true, // tx_access_control_enabled - Duration::from_secs(480 * 60), // session_ttl (480 minutes) - false, // cookie_secure - SameSite::Lax, // cookie_same_site + context.http_auth_enabled, + context.http_auth_rx_passphrase.clone(), + context.http_auth_control_passphrase.clone(), + context.http_auth_tx_access_control_enabled, + Duration::from_secs(context.http_auth_session_ttl_secs), + context.http_auth_cookie_secure, + same_site, ); + + let context_data = web::Data::new(context); let auth_state = web::Data::new(AuthState::new(auth_config.clone())); // Spawn session cleanup task if auth is enabled