sjg
a4b014d66a
Add optional passphrase-based authentication with two roles (rx/control), session management, auth middleware, and protected routes. Phase 1: Config model with HttpAuthConfig struct, CookieSameSite enum, validation logic for enabled auth requiring at least one passphrase. Phase 2: Auth module with: - AuthRole enum (Rx, Control) - SessionRecord and SessionStore for in-memory session management - AuthConfig at runtime - /auth/login, /auth/logout, /auth/session endpoints - Constant-time passphrase comparison for timing attack mitigation Phase 3: Integration with: - AuthMiddleware for route protection with public/read/control classification - Server-side AuthState setup with cleanup task for expired sessions - Auth endpoints registered in api.rs configure() Sessions use 128-bit random IDs (hex-encoded), HttpOnly cookies, configurable SameSite attribute. Auth is disabled by default to preserve current behavior. All unit and integration tests passing. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Stanislaw Grams <stanislawgrams@gmail.com>
25 lines
654 B
TOML
25 lines
654 B
TOML
# SPDX-FileCopyrightText: 2025 Stanislaw Grams <stanislawgrams@gmail.com>
|
|
#
|
|
# SPDX-License-Identifier: BSD-2-Clause
|
|
|
|
[package]
|
|
name = "trx-frontend-http"
|
|
version = "0.1.0"
|
|
edition = "2021"
|
|
|
|
[dependencies]
|
|
trx-core = { path = "../../../trx-core" }
|
|
trx-frontend = { path = ".." }
|
|
trx-protocol = { path = "../../../../src/trx-protocol" }
|
|
tokio = { workspace = true, features = ["full"] }
|
|
serde = { workspace = true, features = ["derive"] }
|
|
serde_json = { workspace = true }
|
|
tracing = { workspace = true }
|
|
actix-web = "=4.4.1"
|
|
actix-ws = "0.3"
|
|
tokio-stream = { version = "0.1", features = ["sync"] }
|
|
futures-util = "0.3"
|
|
bytes = "1"
|
|
rand = "0.8"
|
|
hex = "0.4"
|