26 lines
952 B
Rust
26 lines
952 B
Rust
//! tower-sessions layer that loco-oauth2 uses to hold the short-lived CSRF /
|
|
//! PKCE state between the authorize redirect and the provider callback. An
|
|
//! in-memory store is sufficient since the state only needs to survive the
|
|
//! round-trip to the provider.
|
|
|
|
use axum::Router as AxumRouter;
|
|
use loco_rs::prelude::*;
|
|
use tower_sessions::{cookie::time::Duration, Expiry, MemoryStore, SessionManagerLayer};
|
|
|
|
pub struct OAuth2SessionInitializer;
|
|
|
|
#[async_trait]
|
|
impl Initializer for OAuth2SessionInitializer {
|
|
fn name(&self) -> String {
|
|
"oauth2-session".to_string()
|
|
}
|
|
|
|
async fn after_routes(&self, router: AxumRouter, _ctx: &AppContext) -> Result<AxumRouter> {
|
|
let session_store = MemoryStore::default();
|
|
let session_layer = SessionManagerLayer::new(session_store)
|
|
.with_secure(false)
|
|
.with_expiry(Expiry::OnInactivity(Duration::minutes(10)));
|
|
Ok(router.layer(session_layer))
|
|
}
|
|
}
|