Skip to content
Snippets Groups Projects
Commit 92137e3c authored by Johannes Barthel's avatar Johannes Barthel
Browse files

initial public version

parents
No related branches found
No related tags found
No related merge requests found
Expand all Show whitespace changes
Inline Side-by-side
Showing
with 576 additions and 0 deletions
.gitignore 0 → 100644
+ 1
0
View file @ 92137e3c
/target
COPYRIGHT 0 → 100644
+ 15
0
View file @ 92137e3c
All files except src/bulma.min.css and the privacy policy document that is in
src/index.html and is enclosed in the HTML tag '<div class="content">':
© by Computerwerk Darmstadt e.V.
This package is licensed under the Apache License, Version 2.0 <LICENSE-APACHE>
or <http://www.apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT>
or <http://opensource.org/licenses/MIT>, at your option.
The privacy policy document that is in src/index.html and is enclosed in the
HTML tag '<div class="content">' has been created by Computerwerk Darmstadt e.V.
and is released under the terms of CC0 <LICENSE-CC0>.
File src/bulma.min.css:
© 2020 Jeremy Thomas
This file is available under the MIT license <LICENSE-MIT> or
<http://opensource.org/licenses/MIT>.
Cargo.lock 0 → 100644
+ 0
0
View file @ 92137e3c
This diff is collapsed.
Cargo.toml 0 → 100644
+ 28
0
View file @ 92137e3c
[package]
name = "gdpr-authenticator"
version = "0.1.4"
authors = ["Johannes <johannes.barthel@student.kit.edu>"]
edition = "2018"
description = "Consent wall for Senfcall privacy policy"
license = "MIT OR Apache-2.0"
[dependencies]
warp = "0.2.2"
tokio = {features = ["macros"], version = "0.2.18"}
[package.metadata.deb]
maintainer = "Johannes <johannes.barthel@student.kit.edu>"
copyright = "2020 Computerwerk Darmstadt e.V. <vorstand@computerwerk.org>"
license-file = ["LICENSE", "3"]
depends = "$auto, systemd, nginx"
extended-description = """\
Consent wall for our Senfcall privacy policy. Implemented to interface with the
nginx_auth plugin"""
section = "httpd"
priority = "optional"
assets = [
["gdpr-check.nginx", "etc/bigbluebutton/nginx/", "644"],
["gdpr-authenticator.service", "/lib/systemd/system/", "644"],
["target/release/gdpr-authenticator", "usr/bin/", "755"]
]
maintainer-scripts = "debian"
LICENSE 0 → 120000
+ 2
0
View file @ 92137e3c
COPYRIGHT
\ No newline at end of file
LICENSE-APACHE 0 → 100644
+ 176
0
View file @ 92137e3c
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
LICENSE-CC0 0 → 100644
+ 119
0
View file @ 92137e3c
CC0 1.0 Universal
CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
HEREUNDER.
Statement of Purpose
The laws of most jurisdictions throughout the world automatically confer
exclusive Copyright and Related Rights (defined below) upon the creator
and subsequent owner(s) (each and all, an "owner") of an original work of
authorship and/or a database (each, a "Work").
Certain owners wish to permanently relinquish those rights to a Work for
the purpose of contributing to a commons of creative, cultural and
scientific works ("Commons") that the public can reliably and without fear
of later claims of infringement build upon, modify, incorporate in other
works, reuse and redistribute as freely as possible in any form whatsoever
and for any purposes, including without limitation commercial purposes.
These owners may contribute to the Commons to promote the ideal of a free
culture and the further production of creative, cultural and scientific
works, or to gain reputation or greater distribution for their Work in
part through the use and efforts of others.
For these and/or other purposes and motivations, and without any
expectation of additional consideration or compensation, the person
associating CC0 with a Work (the "Affirmer"), to the extent that he or she
is an owner of Copyright and Related Rights in the Work, voluntarily
elects to apply CC0 to the Work and publicly distribute the Work under its
terms, with knowledge of his or her Copyright and Related Rights in the
Work and the meaning and intended legal effect of CC0 on those rights.
1. Copyright and Related Rights. A Work made available under CC0 may be
protected by copyright and related or neighboring rights ("Copyright and
Related Rights"). Copyright and Related Rights include, but are not
limited to, the following:
i. the right to reproduce, adapt, distribute, perform, display,
communicate, and translate a Work;
ii. moral rights retained by the original author(s) and/or performer(s);
iii. publicity and privacy rights pertaining to a person's image or
likeness depicted in a Work;
iv. rights protecting against unfair competition in regards to a Work,
subject to the limitations in paragraph 4(a), below;
v. rights protecting the extraction, dissemination, use and reuse of data
in a Work;
vi. database rights (such as those arising under Directive 96/9/EC of the
European Parliament and of the Council of 11 March 1996 on the legal
protection of databases, and under any national implementation
thereof, including any amended or successor version of such
directive); and
vii. other similar, equivalent or corresponding rights throughout the
world based on applicable law or treaty, and any national
implementations thereof.
2. Waiver. To the greatest extent permitted by, but not in contravention
of, applicable law, Affirmer hereby overtly, fully, permanently,
irrevocably and unconditionally waives, abandons, and surrenders all of
Affirmer's Copyright and Related Rights and associated claims and causes
of action, whether now known or unknown (including existing as well as
future claims and causes of action), in the Work (i) in all territories
worldwide, (ii) for the maximum duration provided by applicable law or
treaty (including future time extensions), (iii) in any current or future
medium and for any number of copies, and (iv) for any purpose whatsoever,
including without limitation commercial, advertising or promotional
purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
member of the public at large and to the detriment of Affirmer's heirs and
successors, fully intending that such Waiver shall not be subject to
revocation, rescission, cancellation, termination, or any other legal or
equitable action to disrupt the quiet enjoyment of the Work by the public
as contemplated by Affirmer's express Statement of Purpose.
3. Public License Fallback. Should any part of the Waiver for any reason
be judged legally invalid or ineffective under applicable law, then the
Waiver shall be preserved to the maximum extent permitted taking into
account Affirmer's express Statement of Purpose. In addition, to the
extent the Waiver is so judged Affirmer hereby grants to each affected
person a royalty-free, non transferable, non sublicensable, non exclusive,
irrevocable and unconditional license to exercise Affirmer's Copyright and
Related Rights in the Work (i) in all territories worldwide, (ii) for the
maximum duration provided by applicable law or treaty (including future
time extensions), (iii) in any current or future medium and for any number
of copies, and (iv) for any purpose whatsoever, including without
limitation commercial, advertising or promotional purposes (the
"License"). The License shall be deemed effective as of the date CC0 was
applied by Affirmer to the Work. Should any part of the License for any
reason be judged legally invalid or ineffective under applicable law, such
partial invalidity or ineffectiveness shall not invalidate the remainder
of the License, and in such case Affirmer hereby affirms that he or she
will not (i) exercise any of his or her remaining Copyright and Related
Rights in the Work or (ii) assert any associated claims and causes of
action with respect to the Work, in either case contrary to Affirmer's
express Statement of Purpose.
4. Limitations and Disclaimers.
a. No trademark or patent rights held by Affirmer are waived, abandoned,
surrendered, licensed or otherwise affected by this document.
b. Affirmer offers the Work as-is and makes no representations or
warranties of any kind concerning the Work, express, implied,
statutory or otherwise, including without limitation warranties of
title, merchantability, fitness for a particular purpose, non
infringement, or the absence of latent or other defects, accuracy, or
the present or absence of errors, whether or not discoverable, all to
the greatest extent permissible under applicable law.
c. Affirmer disclaims responsibility for clearing rights of other persons
that may apply to the Work or any use thereof, including without
limitation any person's Copyright and Related Rights in the Work.
Further, Affirmer disclaims responsibility for obtaining any necessary
consents, permissions or other rights required for any use of the
Work.
d. Affirmer understands and acknowledges that Creative Commons is not a
party to this document and has no duty or obligation with respect to
this CC0 or use of the Work.
LICENSE-MIT 0 → 100644
+ 23
0
View file @ 92137e3c
Permission is hereby granted, free of charge, to any
person obtaining a copy of this software and associated
documentation files (the "Software"), to deal in the
Software without restriction, including without
limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software
is furnished to do so, subject to the following
conditions:
The above copyright notice and this permission notice
shall be included in all copies or substantial portions
of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.
README.md 0 → 100644
+ 25
0
View file @ 92137e3c
# gdpr-authenticator
A page that displays the terms of usage/privacy policy of the site before users can enter. This software is to be used with nginx's [auth_request](https://nginx.org/en/docs/http/ngx_http_auth_request_module.html) module.
A minimal nginx configuration example is provided in `nginx.conf` (not needed for running this with BigBlueButton - for that, see the installation instructions below). The consent page that users see is in `src/index.html`.
## working principle
When nginx serves a location that is protected by an `auth_request /gdpr/check;` setting, it forwards the request to the local HTTP server provided by `gdpr-authenticator`. This tool then checks whether the consent cookie is present in the request headers. Nginx then determines based on the HTTP status code returned by `gdpr-authenticator`, whether to fulfill the original request. If the cookie is not present, `gdpr-authenticator` replies with HTTP status code 401, and this triggers nginx's own error 401, which the configuration file specifies should be turned into a "302 redirect" to the privacy policy consent page. When the user clicks the consent button on that page, a piece of JavaScript sets the consent cookie and redirects the user to their original destination.
## customizing
If you intend to use this package on a server that is not part of the Senfcall.de project, edit the file `src/setcookie.js` and change the part `domain=senfcall.de` to your domain. Edit `index.html` so it contains your own privacy policy and contact address.
### privacy policy
Note that default BigBlueButton/Greenlight installations **do not conform** to the privacy policy in `src/index.html`, and are likely not GDPR compliant. Extensive logging and recording is enabled by default. For some guidelines on how to improve BigBlueButton user privacy, see the [privacy guide](https://docs.bigbluebutton.org/admin/privacy.html). While you are welcome to use the privacy policy provided here as a basis for your own (see LICENSE file), make sure you understand both your privacy policy text and your server's configuration, in order to make sure they match.
## compiling and running
* It is recommended that you use the operating system version of your server for building this package, so that it will link to the correct versions of system libraries. So, to use this with a standard BigBlueButton server, **build on Ubuntu 16.04**.
* [Install Rust](https://www.rust-lang.org/learn/get-started)
* If you want to build the `.deb` package, install cargo-deb using `cargo install cargo-deb` (use Ubuntu 16.04 if you intend to do this)
* Compilation (choose that which applies):
* to build for production (Ubuntu 16.04): `cargo deb`
* to build and run when developing: `cargo run`
* The `.deb` file will end up in `target/debian/gdpr-authenticator_0.1.4_amd64.deb`. You can install it using `sudo dpkg -i target/debian/gdpr-authenticator_0.1.0_amd64.deb`, if you built it on the server. Otherwise, copy the deb file to the server and run the `dpkg` command there.
* The service will be enabled and running right after installation. To apply the consent wall to a web service, add `auth_request /gdpr/check;` to its `location` section, and make sure the file `/etc/bigbluebutton/nginx/gdpr-check.nginx` is included in its configuration. For an example on how to configure BigBlueButton's "Greenlight", see the file `greenlight.nginx` in this directory.
* The server listens on `127.0.0.1:7070`.
debian/postinst 0 → 100644
+ 5
0
View file @ 92137e3c
#!/bin/bash -ve
systemctl daemon-reload
systemctl enable gdpr-authenticator
systemctl start gdpr-authenticator
debian/postrm 0 → 100644
+ 3
0
View file @ 92137e3c
#!/bin/bash
systemctl daemon-reload
debian/prerm 0 → 100644
+ 4
0
View file @ 92137e3c
#!/bin/bash
systemctl stop gdpr-authenticator
systemctl disable gdpr-authenticator
gdpr-authenticator.service 0 → 100644
+ 23
0
View file @ 92137e3c
[Unit]
Description=GDPR consent landing page / captive portal
ConditionPathExists=/usr/bin/gdpr-authenticator
After=network.target
[Service]
Type=simple
User=www-data
Group=www-data
Restart=on-failure
RestartSec=10
startLimitIntervalSec=60
WorkingDirectory=/tmp
ExecStart=/usr/bin/gdpr-authenticator
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=gdpr-authenticator
[Install]
WantedBy=multi-user.target
gdpr-check.nginx 0 → 100644
+ 14
0
View file @ 92137e3c
# Add the following line to any services you want to hide:
# auth_request /gdpr/check;
location ~ /(gdpr/.*) {
proxy_pass http://127.0.0.1:7070/$1;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
error_page 401 = @error401;
location @error401 {
return 302 https://$http_host/gdpr/consent?url=https://$http_host$request_uri;
}
greenlight.nginx 0 → 100644
+ 27
0
View file @ 92137e3c
# Routes requests to Greenlight based on the '/b' prefix.
# Use this file to route '/b' paths on your BigBlueButton server
# to the Greenlight application. If you are using a different
# subpath, you should change it here.
location /b {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
auth_request /gdpr/check;
}
location /b/cable {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_http_version 1.1;
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}
nginx.conf 0 → 100644
+ 47
0
View file @ 92137e3c
# This is a minimal configuration example for this service
# running on a clean nginx install.
worker_processes 1;
daemon off;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
server {
listen 8080;
server_name localhost;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# the consent checker and the consent page live under /gdpr
location ~ /(gdpr/.*) {
proxy_pass http://127.0.0.1:9090/$1;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
location / {
root html;
index index.html index.htm;
# this makes nginx check for the consent cookie on each request
auth_request /gdpr/check;
}
# redirect users to consent page on authentication failure
error_page 401 = @error401;
location @error401 {
return 302 /gdpr/consent?url=http://$http_host$request_uri;
}
}
}
src/bulma.min.css 0 → 100644
+ 0
0
View file @ 92137e3c
This diff is collapsed.
src/index.html 0 → 100644
+ 0
0
View file @ 92137e3c
This diff is collapsed.
src/main.rs 0 → 100644
+ 39
0
View file @ 92137e3c
use tokio;
use warp;
use warp::Filter;
#[tokio::main]
async fn main() {
let cookie_filter = warp::filters::cookie::optional("cookie_consented");
let check = warp::path!("gdpr" / "check")
.and(cookie_filter)
.map(|cookie: Option<_>| {
// if the gdprConsent cookie is set, we return 200 to nginx so it will
// serve the page that was originally requested
warp::reply::with_status(
"",
if cookie.is_some() && cookie.unwrap() == "true" {
warp::http::status::StatusCode::from_u16(200).unwrap()
} else {
warp::http::status::StatusCode::from_u16(401).unwrap()
},
)
});
let consent_wall = warp::path!("gdpr" / "consent").map(|| {
// serve index.html
warp::reply::with_header(include_str!("index.html"), "Content-Type", "text/html")
});
let css = warp::path!("gdpr" / "bulma.min.css").map(|| {
// serve stylesheet
warp::reply::with_header(include_str!("bulma.min.css"), "Content-Type", "text/css")
});
let js = warp::path!("gdpr" / "setcookie.js").map(|| {
// serve js that sets the cookie
warp::reply::with_header(include_str!("setcookie.js"), "Content-Type", "application/javascript")
});
let router = check.or(consent_wall).or(css).or(js);
warp::serve(router).run(([127, 0, 0, 1], 7070)).await;
}
src/setcookie.js 0 → 100644
+ 25
0
View file @ 92137e3c
document.addEventListener("DOMContentLoaded", ()=>{
document.getElementById("yes").addEventListener("click", ()=>{
// cookie for one week
document.cookie = "cookie_consented=true;max-age=604800;path=/;domain=senfcall.de;SameSite=Lax;Secure";
let target_url = null;
try {
target_url = window.location.search.split("&").map(window.decodeURIComponent).map(s=>s.match(/\?url=(.*)/)).filter(Array.isArray)[0][1];
console.log("found target url " + target_url);
} catch (e) {
if (e instanceof TypeError) {
console.log("no target url specified")
} else {
throw e;
}
}
if (target_url && target_url.startsWith(window.location.origin)) {
console.log("autorized url, redirecting");
window.location.replace(target_url);
} else {
console.log("redirecting to homepage");
window.location.replace("/");
}
})
})
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum Datenschutzerklärung