Merge branch 'dev' into 'master'

dockerfile up to bulleye-slim tag && fix secure cookie See merge request kuadrado-software/kuadrado-website!38

Merge branch 'dev' into 'master'
59592b3f · Pierre Jarriges · 59e8442e · bbd29ec7 · 59592b3f · 59592b3f
Commit 59592b3f authored 3 years ago by Pierre Jarriges
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1283,6 +1283,7 @@ dependencies = [
 "rustls 0.18.1",
 "serde",
 "serde_json",
+ "time 0.2.27",
 "tokio",
 "wither",
 ]

--- a/Cargo.toml
+++ b/Cargo.toml
@@ -2,23 +2,24 @@
 name = "kuadrado_server"
 version = "2.0.2"
 authors = ["Pierre Jarriges <pierre.jarriges@tutanota.com>"]
-edition = "2018"
+edition = "2021"
 license-file = "LICENSE"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [dependencies]
-actix-web = { version = "3", features=["rustls"] }
+actix-web = { version = "3", features = ["rustls"] }
 actix-web-middleware-redirect-https = "3.0.1"
-rustls="0.18.1"
+rustls = "0.18.1"
-actix-files="0.5"
+actix-files = "0.5"
-futures="0.3.17"
+futures = "0.3.17"
-serde="1"
+serde = "1"
-serde_json="1"
+serde_json = "1"
-wither="0.9"
+wither = "0.9"
-magic-crypt="3.1.9"
+magic-crypt = "3.1.9"
-env_logger="0.9"
+env_logger = "0.9"
-chrono="0.4"
+chrono = "0.4"
-rand="0.8"
+rand = "0.8"
-dotenv="0.15"
+dotenv = "0.15"
-tokio = { version = "0.2", features = ["full"] }
+time = "0.2.7"
\ No newline at end of file
+tokio = { version = "0.2", features = ["full"] }
--- a/Dockerfile
+++ b/Dockerfile
-FROM kuadsoft/rust-openssl:latest as builder
+FROM kuadsoft/rust-openssl:bullseye-slim as builder
 WORKDIR /usr/src/kuadrado_server
 COPY ./Cargo.toml ./Cargo.toml
@@ -6,6 +6,6 @@ COPY ./Cargo.lock ./Cargo.lock
 COPY ./src ./src
 RUN cargo install --locked --path .
-FROM kuadsoft/debian-openssl:buster-slim
+FROM kuadsoft/debian-openssl:bullseye-slim
 COPY --from=builder /usr/local/cargo/bin/kuadrado_server /usr/local/bin/kuadrado_server
 CMD ["kuadrado_server"]
\ No newline at end of file
--- a/dev.Dockerfile
+++ b/dev.Dockerfile
-FROM kuadsoft/rust-openssl:latest
+FROM kuadsoft/rust-openssl:bullseye-slim
 WORKDIR /usr/src/kuadrado_server
 COPY ./Cargo.toml ./Cargo.toml
 COPY ./Cargo.lock ./Cargo.lock

--- a/src/middleware.rs
+++ b/src/middleware.rs
@@ -8,14 +8,15 @@ use wither::{bson::doc, prelude::Model};
 /// Returns a Secure actix_web::http::Cookie.
 pub fn get_auth_cookie(name: &'static str, value: String) -> Cookie<'static> {
    Cookie::build(name, value)
-        .secure(true)
+        .path("/")
        .http_only(true)
+        .max_age(time::Duration::days(7))
        .same_site(SameSite::Strict)
-        .path("/")
+        .secure(true)
        .finish()
 }
-/// This is not a real middleware as it is meant to be executed only after having processed the request and not before.
+/// This is not an actual middleware as it is meant to be executed in the endpoint service to perform a simple verification.
 /// It must be registered in the actix App instance with app_data.
 /// ```
 /// App::new()

--- a/src/view_resource.rs
+++ b/src/view_resource.rs
@@ -133,7 +133,6 @@ impl ViewResourceManager {
                    } else {
                        return HttpResponse::Ok()
                            .content_type("text/html")
-                            .cookie(auth_cookie.unwrap())
                            .body(&res.string_contents);
                    }
                }