Merge pull request #164 from Hirevo/feat/private-registry

Disallow anonymous crate browsing in the frontend

Author: Hirevo

alexandrie.toml

@@ -11,6 +11,7 @@ links = [
     { name = "Github repository", href = "https://github.com/Hirevo/alexandrie" },
     { name = "User documentation", href = "https://hirevo.github.io/alexandrie" },
 ]
+login_required = false
 
 [frontend.sessions]
 cookie_name = "alexandrie.sid"

crates/alexandrie/src/config/frontend/mod.rs

@@ -60,6 +60,8 @@ pub struct FrontendConfig {
     pub favicon: Option<String>,
     /// Some related links.
     pub links: Option<Vec<Link>>,
+    /// Whether to disallow anonymous browsing of the registry.
+    pub login_required: bool,
     /// Assets configuration options.
     pub assets: AssetsConfig,
     /// Templates configuration options.

crates/alexandrie/src/config/mod.rs

@@ -94,3 +94,11 @@ impl From<Config> for State {
         }
     }
 }
+
+impl State {
+    /// Returns whether we require users to log in to browse crates.
+    #[cfg(feature = "frontend")]
+    pub fn is_login_required(&self) -> bool {
+        self.frontend.config.login_required
+    }
+}

crates/alexandrie/src/frontend/index.rs

@@ -13,6 +13,10 @@ use crate::State;
 
 pub(crate) async fn get(req: Request<State>) -> tide::Result {
     let user = req.get_author();
+    if req.state().is_login_required() && user.is_none() {
+        return Ok(utils::response::redirect("/account/login"));
+    }
+
     let state = req.state().clone();
     let db = &state.db;
 

crates/alexandrie/src/frontend/krate.rs

@@ -27,6 +27,10 @@ pub(crate) async fn get(req: Request<State>) -> tide::Result {
     let canon_name = utils::canonical_name(name);
 
     let user = req.get_author();
+    if req.state().is_login_required() && user.is_none() {
+        return Ok(utils::response::redirect("/account/login"));
+    }
+
     let state = req.state().clone();
     let db = &state.db;
 

crates/alexandrie/src/frontend/last_updated.rs

@@ -27,6 +27,10 @@ pub(crate) async fn get(req: Request<State>) -> tide::Result {
     let page_number = params.page.map_or_else(|| 1, |page| page.get());
 
     let user = req.get_author();
+    if req.state().is_login_required() && user.is_none() {
+        return Ok(utils::response::redirect("/account/login"));
+    }
+
     let state = req.state().clone();
     let db = &state.db;
 

crates/alexandrie/src/frontend/most_downloaded.rs

@@ -27,6 +27,10 @@ pub(crate) async fn get(req: Request<State>) -> tide::Result {
     let page_number = params.page.map_or_else(|| 1, |page| page.get());
 
     let user = req.get_author();
+    if req.state().is_login_required() && user.is_none() {
+        return Ok(utils::response::redirect("/account/login"));
+    }
+
     let state = req.state().clone();
     let db = &state.db;
 

crates/alexandrie/src/frontend/search.rs

@@ -34,6 +34,10 @@ pub(crate) async fn get(req: Request<State>) -> tide::Result {
     let page_number = params.page.map_or_else(|| 1, |page| page.get());
 
     let user = req.get_author();
+    if req.state().is_login_required() && user.is_none() {
+        return Ok(utils::response::redirect("/account/login"));
+    }
+
     let state = req.state().clone();
     let db = &state.db;
 

docker/mysql/alexandrie.toml

@@ -13,6 +13,7 @@ max_crate_size = "50 MB"
 enabled = true
 title = "Alexandrie"
 description = "An alternative crate registry for Cargo, the Rust package manager."
+login_required = false
 
 [frontend.sessions]
 cookie_name = "alexandrie.sid"

docker/postgres/alexandrie.toml

@@ -13,6 +13,7 @@ max_crate_size = "50 MB"
 enabled = true
 title = "Alexandrie"
 description = "An alternative crate registry for Cargo, the Rust package manager."
+login_required = false
 
 [frontend.sessions]
 cookie_name = "alexandrie.sid"