fix missing page body on authentication error

remove duplicated code
add test for http basic auth

Author: lovasoa

src/app_config.rs

@@ -124,18 +124,32 @@ fn cannonicalize_if_possible(path: &std::path::Path) -> PathBuf {
 /// This should be called only once at the start of the program.
 pub fn load() -> anyhow::Result<AppConfig> {
     let configuration_directory = &configuration_directory();
-    log::debug!(
-        "Loading configuration from {:?}",
-        cannonicalize_if_possible(configuration_directory)
-    );
-    let config_file = configuration_directory.join("sqlpage");
-    Config::builder()
+    load_from_directory(configuration_directory)
+}
+
+/// Parses and loads the configuration from the given directory.
+pub fn load_from_directory(directory: &Path) -> anyhow::Result<AppConfig> {
+    let cannonical = cannonicalize_if_possible(directory);
+    log::debug!("Loading configuration from {:?}", cannonical);
+    let config_file = directory.join("sqlpage");
+    let mut app_config = load_from_file(&config_file)?;
+    app_config.configuration_directory = directory.into();
+    Ok(app_config)
+}
+
+/// Parses and loads the configuration from the given file.
+pub fn load_from_file(config_file: &Path) -> anyhow::Result<AppConfig> {
+    let config = Config::builder()
         .add_source(config::File::from(config_file).required(false))
         .add_source(env_config())
         .add_source(env_config().prefix("SQLPAGE"))
-        .build()?
+        .build()?;
+    log::trace!("Configuration sources: {}", config.cache);
+    let app_config = config
         .try_deserialize::<AppConfig>()
-        .with_context(|| "Unable to load configuration")
+        .with_context(|| "Unable to load configuration")?;
+    log::debug!("Loaded configuration: {:?}", app_config);
+    Ok(app_config)
 }
 
 fn env_config() -> config::Environment {

src/filesystem.rs

@@ -76,6 +76,7 @@ impl FileSystem {
         priviledged: bool,
     ) -> anyhow::Result<Vec<u8>> {
         let local_path = self.safe_local_path(app_state, path, priviledged)?;
+        log::debug!("Reading file {path:?} from {local_path:?}");
         let local_result = tokio::fs::read(&local_path).await;
         match (local_result, &self.db_fs_queries) {
             (Ok(f), _) => Ok(f),

src/main.rs

@@ -16,7 +16,6 @@ async fn main() {
 
 async fn start() -> anyhow::Result<()> {
     let app_config = app_config::load()?;
-    log::debug!("Starting with the following configuration: {app_config:#?}");
     let state = AppState::init(&app_config).await?;
     webserver::database::migrations::apply(&app_config, &state.db).await?;
     log::debug!("Starting server...");

src/render.rs

@@ -1,10 +1,11 @@
 use crate::templates::SplitTemplate;
 use crate::webserver::http::LayoutContext;
+use crate::webserver::ErrorWithStatus;
 use crate::AppState;
 use actix_web::cookie::time::format_description::well_known::Rfc3339;
 use actix_web::cookie::time::OffsetDateTime;
 use actix_web::http::{header, StatusCode};
-use actix_web::{HttpResponse, HttpResponseBuilder};
+use actix_web::{HttpResponse, HttpResponseBuilder, ResponseError};
 use anyhow::{bail, format_err, Context as AnyhowContext};
 use async_recursion::async_recursion;
 use handlebars::{BlockContext, Context, JsonValue, RenderError, Renderable};
@@ -202,18 +203,21 @@ impl<'a, W: std::io::Write> HeaderContext<'a, W> {
         }
         log::debug!("Authentication failed");
         // The authentication failed
-        if let Some(link) = get_object_str(&data, "link") {
-            self.response.status(StatusCode::FOUND);
-            self.response.insert_header((header::LOCATION, link));
-            self.has_status = true;
-        } else {
-            self.response.status(StatusCode::UNAUTHORIZED);
+        let http_response: HttpResponse = if let Some(link) = get_object_str(&data, "link") {
             self.response
-                .insert_header((header::WWW_AUTHENTICATE, "Basic realm=\"Auth required\""));
-            self.has_status = true;
-        }
-        // Set an empty response body
-        let http_response = self.response.body(());
+                .status(StatusCode::FOUND)
+                .insert_header((header::LOCATION, link))
+                .body(
+                    "Sorry, but you are not authorized to access this page. \
+                    Redirecting to the login page...",
+                )
+        } else {
+            ErrorWithStatus {
+                status: StatusCode::UNAUTHORIZED,
+            }
+            .error_response()
+        };
+        self.has_status = true;
         Ok(PageContext::Close(http_response))
     }
 

src/webserver/error_with_status.rs

@@ -1,5 +1,8 @@
 use actix_web::{
-    http::{header::ContentType, StatusCode},
+    http::{
+        header::{self, ContentType},
+        StatusCode,
+    },
     ResponseError,
 };
 
@@ -19,8 +22,18 @@ impl ResponseError for ErrorWithStatus {
         self.status
     }
     fn error_response(&self) -> actix_web::HttpResponse {
-        actix_web::HttpResponse::build(self.status)
-            .content_type(ContentType::plaintext())
-            .body(self.status.to_string())
+        let mut resp_builder = actix_web::HttpResponse::build(self.status);
+        resp_builder.content_type(ContentType::plaintext());
+        if self.status == StatusCode::UNAUTHORIZED {
+            resp_builder.insert_header((
+                header::WWW_AUTHENTICATE,
+                header::HeaderValue::from_static(
+                    "Basic realm=\"Authentication required\", charset=\"UTF-8\"",
+                ),
+            ));
+            resp_builder.body("Sorry, but you are not authorized to access this page.")
+        } else {
+            resp_builder.body(self.status.to_string())
+        }
     }
 }

src/webserver/http.rs

@@ -12,10 +12,11 @@ use actix_web::{
     dev::ServiceResponse, middleware, middleware::Logger, web, web::Bytes, App, HttpResponse,
     HttpServer,
 };
+use actix_web::{HttpResponseBuilder, ResponseError};
 
 use super::https::make_auto_rustls_config;
 use super::static_content;
-use actix_web::body::{BoxBody, MessageBody};
+use actix_web::body::MessageBody;
 use anyhow::{bail, Context};
 use chrono::{DateTime, Utc};
 use futures_util::stream::Stream;
@@ -268,42 +269,30 @@ fn send_anyhow_error(
     env: app_config::DevOrProd,
 ) {
     log::error!("An error occurred before starting to send the response body: {e:#}");
-    let mut resp = HttpResponse::new(StatusCode::INTERNAL_SERVER_ERROR);
+    let mut resp = HttpResponseBuilder::new(StatusCode::INTERNAL_SERVER_ERROR);
     let mut body = "Sorry, but we were not able to process your request. \n\n".to_owned();
     if env.is_prod() {
         body.push_str("Contact the administrator for more information. A detailed error message has been logged.");
     } else {
         use std::fmt::Write;
         write!(body, "{e:?}").unwrap();
     }
-    resp = resp.set_body(BoxBody::new(body));
-    resp.headers_mut().insert(
+    resp.insert_header((
         header::CONTENT_TYPE,
         header::HeaderValue::from_static("text/plain"),
-    );
-    if let Some(&ErrorWithStatus { status }) = e.downcast_ref() {
-        *resp.status_mut() = status;
-        if status == StatusCode::UNAUTHORIZED {
-            resp.headers_mut().insert(
-                header::WWW_AUTHENTICATE,
-                header::HeaderValue::from_static(
-                    "Basic realm=\"Authentication required\", charset=\"UTF-8\"",
-                ),
-            );
-            resp = resp.set_body(BoxBody::new(
-                "Sorry, but you are not authorized to access this page.",
-            ));
-        }
-    };
-    if let Some(sqlx::Error::PoolTimedOut) = e.downcast_ref() {
+    ));
+    let resp = if let Some(e @ &ErrorWithStatus { .. }) = e.downcast_ref() {
+        e.error_response()
+    } else if let Some(sqlx::Error::PoolTimedOut) = e.downcast_ref() {
         // People are HTTP connections faster than we can open SQL connections. Ask them to slow down politely.
         use rand::Rng;
-        *resp.status_mut() = StatusCode::SERVICE_UNAVAILABLE;
-        resp.headers_mut().insert(
+        resp.status(StatusCode::SERVICE_UNAVAILABLE).insert_header((
             header::RETRY_AFTER,
             header::HeaderValue::from(rand::thread_rng().gen_range(1..=15)),
-        );
-    }
+        )).body("The database is currently too busy to handle your request. Please try again later.\n\n".to_owned() + &body)
+    } else {
+        resp.body(body)
+    };
     resp_send
         .send(resp)
         .unwrap_or_else(|_| log::error!("could not send headers"));

tests/index.rs

@@ -1,4 +1,4 @@
-use std::collections::HashMap;
+use std::{collections::HashMap, path::PathBuf};
 
 use actix_web::{
     body::MessageBody,
@@ -7,7 +7,11 @@ use actix_web::{
     test::{self, TestRequest},
     HttpResponse,
 };
-use sqlpage::{app_config::AppConfig, webserver::http::main_handler, AppState};
+use sqlpage::{
+    app_config::AppConfig,
+    webserver::{self, http::main_handler},
+    AppState,
+};
 
 #[actix_web::test]
 async fn test_index_ok() {
@@ -408,20 +412,66 @@ async fn test_with_site_prefix() {
     );
 }
 
+async fn make_app_data_for_official_website() -> actix_web::web::Data<AppState> {
+    init_log();
+    let config_path = std::path::Path::new("examples/official-site/sqlpage");
+    let mut app_config = sqlpage::app_config::load_from_directory(config_path).unwrap();
+    app_config.web_root = PathBuf::from("examples/official-site");
+    let app_state = make_app_data_from_config(app_config.clone()).await;
+    webserver::database::migrations::apply(&app_config, &app_state.db)
+        .await
+        .unwrap();
+    app_state
+}
+
+#[actix_web::test]
+async fn test_official_website_documentation() {
+    let app_data = make_app_data_for_official_website().await;
+    let resp = req_path_with_app_data("/documentation.sql?component=button", app_data)
+        .await
+        .unwrap();
+    assert_eq!(resp.status(), http::StatusCode::OK);
+    let body = test::read_body(resp).await;
+    let body_str = String::from_utf8(body.to_vec()).unwrap();
+    assert!(
+        body_str.contains(r#"<button type="submit" form="poem" formaction="?action"#),
+        "{body_str}\nexpected to contain a button with formaction"
+    );
+}
+
+#[actix_web::test]
+async fn test_official_website_basic_auth_example() {
+    let resp = req_path_with_app_data(
+        "/examples/authentication/basic_auth.sql",
+        make_app_data_for_official_website().await,
+    )
+    .await
+    .unwrap();
+    assert_eq!(resp.status(), http::StatusCode::UNAUTHORIZED);
+    let body = test::read_body(resp).await;
+    let body_str = String::from_utf8(body.to_vec()).unwrap();
+    assert!(
+        body_str.contains("not authorized"),
+        "{body_str}\nexpected to contain Unauthorized"
+    );
+}
+
 async fn get_request_to(path: &str) -> actix_web::Result<TestRequest> {
     let data = make_app_data().await;
     Ok(test::TestRequest::get()
         .uri(path)
         .insert_header(ContentType::plaintext())
         .app_data(data))
 }
+async fn make_app_data_from_config(config: AppConfig) -> actix_web::web::Data<AppState> {
+    let state = AppState::init(&config).await.unwrap();
+    actix_web::web::Data::new(state)
+}
 
 async fn make_app_data() -> actix_web::web::Data<AppState> {
     init_log();
     let config = test_config();
-    let state = AppState::init(&config).await.unwrap();
-
-    actix_web::web::Data::new(state)
+    make_app_data_from_config(config).await
 }
 
 async fn req_path(
@@ -431,16 +481,23 @@ async fn req_path(
     main_handler(req).await
 }
 
-async fn req_path_with_app_data(
+async fn srv_req_path_with_app_data(
     path: impl AsRef<str>,
     app_data: actix_web::web::Data<AppState>,
-) -> Result<actix_web::dev::ServiceResponse, actix_web::Error> {
-    let req = test::TestRequest::get()
+) -> actix_web::dev::ServiceRequest {
+    test::TestRequest::get()
         .uri(path.as_ref())
+        .app_data(app_data)
         .insert_header(("cookie", "test_cook=123"))
         .insert_header(("authorization", "Basic dGVzdDp0ZXN0")) // test:test
-        .app_data(app_data)
-        .to_srv_request();
+        .to_srv_request()
+}
+
+async fn req_path_with_app_data(
+    path: impl AsRef<str>,
+    app_data: actix_web::web::Data<AppState>,
+) -> Result<actix_web::dev::ServiceResponse, actix_web::Error> {
+    let req = srv_req_path_with_app_data(path, app_data).await;
     main_handler(req).await
 }
 
@@ -461,5 +518,8 @@ pub fn test_config() -> AppConfig {
 }
 
 fn init_log() {
-    let _ = env_logger::builder().is_test(true).try_init();
+    let _ = env_logger::builder()
+        .is_test(true)
+        .filter(Some("sqlpage"), log::LevelFilter::Trace)
+        .try_init();
 }