From 9b640a555ae4a867e2050247d8c5b0997f87fab6 Mon Sep 17 00:00:00 2001 From: Jett Chen Date: Sat, 2 Nov 2024 11:38:34 +0800 Subject: [PATCH 01/11] WIP: protobuf defs --- .vscode/settings.json | 5 ++++ proto/burrow.proto | 3 +++ proto/burrowweb.proto | 42 ++++++++++++++++++++++++++++++++++ proto/wireguard.proto | 53 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 103 insertions(+) create mode 100644 proto/burrowweb.proto create mode 100644 proto/wireguard.proto diff --git a/.vscode/settings.json b/.vscode/settings.json index eb85504..74f05af 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -22,5 +22,10 @@ "editor.autoIndent": "advanced", "diffEditor.ignoreTrimWhitespace": false, "editor.formatOnSave": false + }, + "protoc": { + "options": [ + "--proto_path=proto/" + ] } } diff --git a/proto/burrow.proto b/proto/burrow.proto index 2355b8d..125cc6d 100644 --- a/proto/burrow.proto +++ b/proto/burrow.proto @@ -3,6 +3,9 @@ package burrow; import "google/protobuf/timestamp.proto"; +// Internal service for managing tunnels and networks +// Used for IPC + service Tunnel { rpc TunnelConfiguration (Empty) returns (stream TunnelConfigurationResponse); rpc TunnelStart (Empty) returns (Empty); diff --git a/proto/burrowweb.proto b/proto/burrowweb.proto new file mode 100644 index 0000000..317d5aa --- /dev/null +++ b/proto/burrowweb.proto @@ -0,0 +1,42 @@ +syntax = "proto3"; + +package burrowweb; + +import "wireguard.proto"; + + +// TODO: Frontend sends slack token → receive JWT +// TODO: create/delete/list routes + +service BurrowWeb { + rpc SlackAuth (SlackAuthRequest) returns (JWTInfo); + // Server assigns a IP address, generates a token, saves a user entry, + // then responds back with WireGuard configuration + rpc CreateDevice (CreateDeviceRequest) returns (CreateDeviceResponse); + rpc DeleteDevice (JWTInfo) returns (Empty); + rpc ListDevices (JWTInfo) returns (ListDevicesResponse); +} + +message Empty {} + +message SlackAuthRequest { + string slack_token = 1; +} + + +message JWTInfo { + string jwt = 1; +} + +message CreateDeviceRequest { + JWTInfo jwt = 1; + string public_key = 2; // User's specified WG Public Key +} + +message CreateDeviceResponse { + wireguard.Config wg_config = 1; +} + +message ListDevicesResponse { + repeated wireguard.Device devices = 1; +} diff --git a/proto/wireguard.proto b/proto/wireguard.proto new file mode 100644 index 0000000..f740f60 --- /dev/null +++ b/proto/wireguard.proto @@ -0,0 +1,53 @@ +syntax = "proto3"; +package wireguard; + +message Peer { + string public_key = 1; + optional string preshared_key = 2; + repeated string allowed_ips = 3; + string endpoint = 4; + optional uint32 persistent_keepalive = 5; + optional string name = 6; +} + +message InterfaceConfig { + // Does not include private key; the client is responsible for generating & persisting that + repeated string address = 1; + optional uint32 listen_port = 2; + repeated string dns = 3; + optional uint32 mtu = 4; +} + +message Device { + int32 id = 1; + optional string name = 2; + string public_key = 3; + optional string apns_token = 4; + int32 user_id = 5; + string created_at = 6; + string ipv4 = 7; + string ipv6 = 8; + string access_token = 9; + string refresh_token = 10; + string expires_at = 11; +} + +message User { + int32 id = 1; + string created_at = 2; +} + +message UserConnection { + int32 user_id = 1; + string openid_provider = 2; + string openid_user_id = 3; + string openid_user_name = 4; + string access_token = 5; + string refresh_token = 6; +} + + +message Config { + InterfaceConfig interface = 1; + repeated Peer peers = 2; +} From 82d6eaa2a8d15985b89ffc18eb364e83a7cdd459 Mon Sep 17 00:00:00 2001 From: Jett Chen Date: Thu, 21 Nov 2024 11:50:26 +0800 Subject: [PATCH 02/11] Update: add protobuf defs --- burrow/Cargo.toml | 4 ++-- burrow/build.rs | 5 ++++- burrow/src/auth/server/grpc_defs.rs | 5 +++++ burrow/src/auth/server/mod.rs | 1 + 4 files changed, 12 insertions(+), 3 deletions(-) create mode 100644 burrow/src/auth/server/grpc_defs.rs diff --git a/burrow/Cargo.toml b/burrow/Cargo.toml index d5e56c1..4e2b33c 100644 --- a/burrow/Cargo.toml +++ b/burrow/Cargo.toml @@ -59,7 +59,7 @@ reqwest = { version = "0.12", default-features = false, features = [ ] } rusqlite = { version = "0.31.0", features = ["blob"] } dotenv = "0.15.0" -tonic = "0.12.0" +tonic = "0.12.3" prost = "0.13.1" prost-types = "0.13.1" tokio-stream = "0.1" @@ -96,4 +96,4 @@ bundled = ["rusqlite/bundled"] [build-dependencies] -tonic-build = "0.12.0" +tonic-build = "0.12.3" diff --git a/burrow/build.rs b/burrow/build.rs index 8eea5dc..f1dfad0 100644 --- a/burrow/build.rs +++ b/burrow/build.rs @@ -1,4 +1,7 @@ fn main() -> Result<(), Box> { - tonic_build::compile_protos("../proto/burrow.proto")?; + tonic_build::configure().compile_protos( + &["../proto/burrow.proto", "../proto/burrowweb.proto"], + &["../proto", "../proto"], + )?; Ok(()) } diff --git a/burrow/src/auth/server/grpc_defs.rs b/burrow/src/auth/server/grpc_defs.rs new file mode 100644 index 0000000..97a5b30 --- /dev/null +++ b/burrow/src/auth/server/grpc_defs.rs @@ -0,0 +1,5 @@ +pub use burrowwebrpc::*; + +mod burrowwebrpc { + tonic::include_proto!("burrowweb"); +} diff --git a/burrow/src/auth/server/mod.rs b/burrow/src/auth/server/mod.rs index 88b3ff3..4071668 100644 --- a/burrow/src/auth/server/mod.rs +++ b/burrow/src/auth/server/mod.rs @@ -1,4 +1,5 @@ pub mod db; +mod grpc_defs; pub mod providers; use anyhow::Result; From 269a23a8b75f4491e5815fbeaec6a10171ca2b9a Mon Sep 17 00:00:00 2001 From: Jett Chen Date: Thu, 21 Nov 2024 15:10:38 +0800 Subject: [PATCH 03/11] Auth endpoint --- burrow/src/auth/server/grpc_defs.rs | 2 +- burrow/src/auth/server/grpc_server.rs | 41 +++++++++++++++++++++++ burrow/src/auth/server/mod.rs | 3 +- burrow/src/auth/server/providers/mod.rs | 2 +- burrow/src/auth/server/providers/slack.rs | 16 +++++---- 5 files changed, 55 insertions(+), 9 deletions(-) create mode 100644 burrow/src/auth/server/grpc_server.rs diff --git a/burrow/src/auth/server/grpc_defs.rs b/burrow/src/auth/server/grpc_defs.rs index 97a5b30..5e8e5f6 100644 --- a/burrow/src/auth/server/grpc_defs.rs +++ b/burrow/src/auth/server/grpc_defs.rs @@ -1,5 +1,5 @@ pub use burrowwebrpc::*; -mod burrowwebrpc { +pub mod burrowwebrpc { tonic::include_proto!("burrowweb"); } diff --git a/burrow/src/auth/server/grpc_server.rs b/burrow/src/auth/server/grpc_server.rs new file mode 100644 index 0000000..23f2f6b --- /dev/null +++ b/burrow/src/auth/server/grpc_server.rs @@ -0,0 +1,41 @@ +use tonic::{Request, Response, Status}; + +use super::{ + grpc_defs::{ + burrowwebrpc::burrow_web_server::{BurrowWeb, BurrowWebServer}, + CreateDeviceRequest, CreateDeviceResponse, Empty, JwtInfo, ListDevicesResponse, + SlackAuthRequest, + }, + providers::slack::auth, +}; + +#[derive(Debug)] +struct BurrowGrpcServer; + +#[tonic::async_trait] +impl BurrowWeb for BurrowGrpcServer { + async fn slack_auth( + &self, + request: Request, + ) -> Result, Status> { + auth(request).await + } + + async fn create_device( + &self, + request: Request, + ) -> Result, Status> { + unimplemented!() + } + + async fn delete_device(&self, request: Request) -> Result, Status> { + unimplemented!() + } + + async fn list_devices( + &self, + request: Request, + ) -> Result, Status> { + unimplemented!() + } +} diff --git a/burrow/src/auth/server/mod.rs b/burrow/src/auth/server/mod.rs index 4071668..c6bf63a 100644 --- a/burrow/src/auth/server/mod.rs +++ b/burrow/src/auth/server/mod.rs @@ -1,5 +1,6 @@ pub mod db; -mod grpc_defs; +pub mod grpc_defs; +mod grpc_server; pub mod providers; use anyhow::Result; diff --git a/burrow/src/auth/server/providers/mod.rs b/burrow/src/auth/server/providers/mod.rs index 36ff0bd..9901c87 100644 --- a/burrow/src/auth/server/providers/mod.rs +++ b/burrow/src/auth/server/providers/mod.rs @@ -1,5 +1,5 @@ pub mod slack; -pub use super::db; +pub use super::{db, grpc_defs}; #[derive(serde::Deserialize, Default, Debug)] pub struct OpenIdUser { diff --git a/burrow/src/auth/server/providers/slack.rs b/burrow/src/auth/server/providers/slack.rs index 581cd1e..2b7d8b3 100644 --- a/burrow/src/auth/server/providers/slack.rs +++ b/burrow/src/auth/server/providers/slack.rs @@ -8,17 +8,20 @@ use reqwest::header::AUTHORIZATION; use serde::Deserialize; use super::db::store_connection; +use super::grpc_defs::{JwtInfo, SlackAuthRequest}; +use tonic::{Request as TRequest, Response as TResponse, Result as TResult, Status as TStatus}; #[derive(Deserialize)] pub struct SlackToken { slack_token: String, } -pub async fn auth(Json(payload): Json) -> (StatusCode, String) { - let slack_user = match fetch_slack_user(&payload.slack_token).await { +pub async fn auth(request: TRequest) -> TResult, TStatus> { + let slack_token = request.into_inner().slack_token; + let slack_user = match fetch_slack_user(&slack_token).await { Ok(user) => user, Err(e) => { log::error!("Failed to fetch Slack user: {:?}", e); - return (StatusCode::UNAUTHORIZED, String::new()); + return Err(TStatus::unauthenticated("Failed to fetch slack user")); } }; @@ -28,15 +31,16 @@ pub async fn auth(Json(payload): Json) -> (StatusCode, String) { slack_user.sub ); - let conn = match store_connection(slack_user, "slack", &payload.slack_token, None) { + let conn = match store_connection(slack_user, "slack", &slack_token, None) { Ok(user) => user, Err(e) => { log::error!("Failed to fetch Slack user: {:?}", e); - return (StatusCode::UNAUTHORIZED, String::new()); + return Err(TStatus::unauthenticated("Failed to store connection")); } }; - (StatusCode::OK, String::new()) + // TODO + Ok(TResponse::new(JwtInfo { jwt: "TODO".into() })) } async fn fetch_slack_user(access_token: &str) -> Result { From e1fa45e39b3df847548c73e029d4a56618ae75fb Mon Sep 17 00:00:00 2001 From: Jett Chen Date: Thu, 21 Nov 2024 17:12:30 +0800 Subject: [PATCH 04/11] Add wrapper methods for grpc server --- Cargo.lock | 11 ++--- burrow/src/auth/server/db.rs | 25 +++++++++++ burrow/src/auth/server/grpc_server.rs | 8 ++++ burrow/src/auth/server/providers/mod.rs | 10 +++++ proto/burrowweb.proto | 60 ++++++++++++++++++++++--- proto/wireguard.proto | 53 ---------------------- 6 files changed, 103 insertions(+), 64 deletions(-) delete mode 100644 proto/wireguard.proto diff --git a/Cargo.lock b/Cargo.lock index a5554fb..375f2e2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -455,7 +455,7 @@ dependencies = [ "tokio", "tokio-stream", "toml", - "tonic 0.12.2", + "tonic 0.12.3", "tonic-build", "tower", "tracing", @@ -3074,9 +3074,9 @@ dependencies = [ [[package]] name = "tonic" -version = "0.12.2" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6f6ba989e4b2c58ae83d862d3a3e27690b6e3ae630d0deb59f3697f32aa88ad" +checksum = "877c5b330756d856ffcc4553ab34a5684481ade925ecc54bcd1bf02b1d0d4d52" dependencies = [ "async-stream 0.3.5", "async-trait", @@ -3104,13 +3104,14 @@ dependencies = [ [[package]] name = "tonic-build" -version = "0.12.2" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe4ee8877250136bd7e3d2331632810a4df4ea5e004656990d8d66d2f5ee8a67" +checksum = "9557ce109ea773b399c9b9e5dca39294110b74f1f342cb347a80d1fce8c26a11" dependencies = [ "prettyplease", "proc-macro2", "prost-build", + "prost-types 0.13.2", "quote", "syn 2.0.77", ] diff --git a/burrow/src/auth/server/db.rs b/burrow/src/auth/server/db.rs index 995e64b..8d3e742 100644 --- a/burrow/src/auth/server/db.rs +++ b/burrow/src/auth/server/db.rs @@ -89,3 +89,28 @@ pub fn store_device( Ok(()) } + +pub fn delete_device(id: i64) -> Result<()> { + let conn = rusqlite::Connection::open(PATH)?; + + conn.execute("DELETE FROM device WHERE id = ?", [id])?; + + Ok(()) +} + +pub fn list_devices(user_id: i64) -> Result> { + let conn = rusqlite::Connection::open(PATH)?; + let mut stmt = conn.prepare("SELECT name FROM device WHERE user_id = ?")?; + + let devices = stmt.query_map([user_id], |row| { + let name: String = row.get(0)?; + Ok(name) + })?; + + let mut result = Vec::new(); + for device in devices { + result.push(device?); + } + + Ok(result) +} diff --git a/burrow/src/auth/server/grpc_server.rs b/burrow/src/auth/server/grpc_server.rs index 23f2f6b..1e076c4 100644 --- a/burrow/src/auth/server/grpc_server.rs +++ b/burrow/src/auth/server/grpc_server.rs @@ -1,5 +1,7 @@ use tonic::{Request, Response, Status}; +use crate::auth::server::providers::OpenIdUser; + use super::{ grpc_defs::{ burrowwebrpc::burrow_web_server::{BurrowWeb, BurrowWebServer}, @@ -25,6 +27,12 @@ impl BurrowWeb for BurrowGrpcServer { &self, request: Request, ) -> Result, Status> { + let req = request.into_inner(); + let jwt = req + .jwt + .ok_or(Status::invalid_argument("JWT Not existent!"))?; + let oid_user = + OpenIdUser::try_from(&jwt).map_err(|e| Status::invalid_argument(e.to_string()))?; unimplemented!() } diff --git a/burrow/src/auth/server/providers/mod.rs b/burrow/src/auth/server/providers/mod.rs index 9901c87..89c3fad 100644 --- a/burrow/src/auth/server/providers/mod.rs +++ b/burrow/src/auth/server/providers/mod.rs @@ -1,8 +1,18 @@ pub mod slack; pub use super::{db, grpc_defs}; +use anyhow::Result; +use grpc_defs::JwtInfo; #[derive(serde::Deserialize, Default, Debug)] pub struct OpenIdUser { pub sub: String, pub name: String, } + +impl TryFrom<&JwtInfo> for OpenIdUser { + type Error = anyhow::Error; + + fn try_from(jwt_info: &JwtInfo) -> Result { + todo!() + } +} diff --git a/proto/burrowweb.proto b/proto/burrowweb.proto index 317d5aa..f9cfe85 100644 --- a/proto/burrowweb.proto +++ b/proto/burrowweb.proto @@ -2,9 +2,6 @@ syntax = "proto3"; package burrowweb; -import "wireguard.proto"; - - // TODO: Frontend sends slack token → receive JWT // TODO: create/delete/list routes @@ -17,13 +14,64 @@ service BurrowWeb { rpc ListDevices (JWTInfo) returns (ListDevicesResponse); } +message Peer { + string public_key = 1; + optional string preshared_key = 2; + repeated string allowed_ips = 3; + string endpoint = 4; + optional uint32 persistent_keepalive = 5; + optional string name = 6; +} + +message InterfaceConfig { + // Does not include private key; the client is responsible for generating & persisting that + repeated string address = 1; + optional uint32 listen_port = 2; + repeated string dns = 3; + optional uint32 mtu = 4; +} + +message Device { + int32 id = 1; + optional string name = 2; + string public_key = 3; + optional string apns_token = 4; + int32 user_id = 5; + string created_at = 6; + string ipv4 = 7; + string ipv6 = 8; + string access_token = 9; + string refresh_token = 10; + string expires_at = 11; +} + +message User { + int32 id = 1; + string created_at = 2; +} + +message UserConnection { + int32 user_id = 1; + string openid_provider = 2; + string openid_user_id = 3; + string openid_user_name = 4; + string access_token = 5; + string refresh_token = 6; +} + + +message Config { + InterfaceConfig interface = 1; + repeated Peer peers = 2; +} + + message Empty {} message SlackAuthRequest { string slack_token = 1; } - message JWTInfo { string jwt = 1; } @@ -34,9 +82,9 @@ message CreateDeviceRequest { } message CreateDeviceResponse { - wireguard.Config wg_config = 1; + Config wg_config = 1; } message ListDevicesResponse { - repeated wireguard.Device devices = 1; + repeated Device devices = 1; } diff --git a/proto/wireguard.proto b/proto/wireguard.proto deleted file mode 100644 index f740f60..0000000 --- a/proto/wireguard.proto +++ /dev/null @@ -1,53 +0,0 @@ -syntax = "proto3"; -package wireguard; - -message Peer { - string public_key = 1; - optional string preshared_key = 2; - repeated string allowed_ips = 3; - string endpoint = 4; - optional uint32 persistent_keepalive = 5; - optional string name = 6; -} - -message InterfaceConfig { - // Does not include private key; the client is responsible for generating & persisting that - repeated string address = 1; - optional uint32 listen_port = 2; - repeated string dns = 3; - optional uint32 mtu = 4; -} - -message Device { - int32 id = 1; - optional string name = 2; - string public_key = 3; - optional string apns_token = 4; - int32 user_id = 5; - string created_at = 6; - string ipv4 = 7; - string ipv6 = 8; - string access_token = 9; - string refresh_token = 10; - string expires_at = 11; -} - -message User { - int32 id = 1; - string created_at = 2; -} - -message UserConnection { - int32 user_id = 1; - string openid_provider = 2; - string openid_user_id = 3; - string openid_user_name = 4; - string access_token = 5; - string refresh_token = 6; -} - - -message Config { - InterfaceConfig interface = 1; - repeated Peer peers = 2; -} From 820f619aebf812b71dab779ec56ea7553798bc71 Mon Sep 17 00:00:00 2001 From: Jett Chen Date: Thu, 21 Nov 2024 19:31:37 +0800 Subject: [PATCH 05/11] Feat: JWT handling --- Cargo.lock | 768 ++++++++++++++++++++++-- burrow/Cargo.toml | 3 + burrow/src/auth/server/db.rs | 8 +- burrow/src/auth/server/grpc_server.rs | 21 +- burrow/src/auth/server/mod.rs | 5 +- burrow/src/auth/server/providers/mod.rs | 63 +- burrow/src/auth/server/settings.rs | 23 + 7 files changed, 832 insertions(+), 59 deletions(-) create mode 100644 burrow/src/auth/server/settings.rs diff --git a/Cargo.lock b/Cargo.lock index 375f2e2..9190d2a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -65,6 +65,12 @@ dependencies = [ "memchr", ] +[[package]] +name = "allocator-api2" +version = "0.2.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "45862d1c77f2228b9e10bc609d5bc203d86ebc9b87ad8d5d5167a6c9abf739d9" + [[package]] name = "anstream" version = "0.6.15" @@ -120,6 +126,24 @@ version = "1.0.87" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "10f00e1f6e58a40e807377c75c6a7f97bf9044fab57816f2414e6f5f4499d7b8" +[[package]] +name = "arraydeque" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d902e3d592a523def97af8f317b08ce16b7ab854c1985a0c671e6f15cebc236" + +[[package]] +name = "arrayref" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76a2e8124351fda1ef8aaaa3bbd7ebbcb486bbcd4225aca0aa0d84bb2db8fecb" + +[[package]] +name = "arrayvec" +version = "0.7.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c02d123df017efcdfbd739ef81735b36c5ba83ec3c59c80a9d7ecc718f92e50" + [[package]] name = "async-channel" version = "2.3.1" @@ -172,7 +196,7 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -183,7 +207,7 @@ checksum = "a27b8a3a6e1a44fa4c8baf1f653e4172e81486d4941f2237e20dc2d0cf4ddff1" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -313,6 +337,12 @@ dependencies = [ "rustc-demangle", ] +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + [[package]] name = "base64" version = "0.21.7" @@ -372,10 +402,34 @@ dependencies = [ "regex", "rustc-hash 1.1.0", "shlex", - "syn 2.0.77", + "syn 2.0.89", "which", ] +[[package]] +name = "bindgen" +version = "0.70.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f49d8fed880d473ea71efb9bf597651e77201bdd4893efe54c9e5d65ae04ce6f" +dependencies = [ + "bitflags 2.6.0", + "cexpr", + "clang-sys", + "itertools 0.13.0", + "proc-macro2", + "quote", + "regex", + "rustc-hash 1.1.0", + "shlex", + "syn 2.0.89", +] + +[[package]] +name = "binstring" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e0d60973d9320722cb1206f412740e162a33b8547ea8d6be75d7cff237c7a85" + [[package]] name = "bitflags" version = "1.3.2" @@ -387,6 +441,9 @@ name = "bitflags" version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" +dependencies = [ + "serde", +] [[package]] name = "blake2" @@ -397,6 +454,17 @@ dependencies = [ "digest", ] +[[package]] +name = "blake2b_simd" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "23285ad32269793932e830392f2fe2f83e26488fd3ec778883a93c8323735780" +dependencies = [ + "arrayref", + "arrayvec", + "constant_time_eq 0.3.1", +] + [[package]] name = "block-buffer" version = "0.10.4" @@ -406,6 +474,33 @@ dependencies = [ "generic-array", ] +[[package]] +name = "boring" +version = "4.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fe7fd4749d7c9c77d022446c0ad212c521e1a413242e2206f407753df94a7607" +dependencies = [ + "bitflags 2.6.0", + "boring-sys", + "foreign-types 0.5.0", + "libc", + "once_cell", + "openssl-macros", +] + +[[package]] +name = "boring-sys" +version = "4.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "777cf31ea10f7eb87d46b30848f8d7acbd65cb4a25cd51bee1808ef601de0416" +dependencies = [ + "autocfg", + "bindgen 0.70.1", + "cmake", + "fs_extra", + "fslock", +] + [[package]] name = "bumpalo" version = "3.16.0" @@ -426,9 +521,11 @@ dependencies = [ "caps", "chacha20poly1305", "clap", + "config", "console", "console-subscriber", "dotenv", + "dotenvy", "fehler", "futures", "hmac", @@ -436,6 +533,7 @@ dependencies = [ "insta", "ip_network", "ip_network_table", + "jwt-simple", "libsystemd", "log", "nix 0.27.1", @@ -448,7 +546,7 @@ dependencies = [ "reqwest 0.12.7", "ring", "rusqlite", - "rust-ini", + "rust-ini 0.21.1", "schemars", "serde", "serde_json", @@ -613,7 +711,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -622,6 +720,26 @@ version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1462739cb27611015575c0c11df5df7601141071f07518d56fcc1be504cbec97" +[[package]] +name = "cmake" +version = "0.1.51" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb1e43aa7fd152b1f968787f7dbcdeb306d1867ff373c69955211876c053f91a" +dependencies = [ + "cc", +] + +[[package]] +name = "coarsetime" +version = "0.1.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13b3839cf01bb7960114be3ccf2340f541b6d0c81f8690b007b2b39f750f7e5d" +dependencies = [ + "libc", + "wasix", + "wasm-bindgen", +] + [[package]] name = "colorchoice" version = "1.0.2" @@ -637,6 +755,25 @@ dependencies = [ "crossbeam-utils", ] +[[package]] +name = "config" +version = "0.14.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68578f196d2a33ff61b27fae256c3164f65e36382648e30666dde05b8cc9dfdf" +dependencies = [ + "async-trait", + "convert_case", + "json5", + "nom", + "pathdiff", + "ron", + "rust-ini 0.20.0", + "serde", + "serde_json", + "toml", + "yaml-rust2", +] + [[package]] name = "console" version = "0.15.8" @@ -687,6 +824,12 @@ dependencies = [ "tracing-subscriber", ] +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + [[package]] name = "const-random" version = "0.1.18" @@ -713,6 +856,21 @@ version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc" +[[package]] +name = "constant_time_eq" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6" + +[[package]] +name = "convert_case" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec182b0ca2f35d8fc196cf3404988fd8b8c739a4d270ff118a398feb0cbec1ca" +dependencies = [ + "unicode-segmentation", +] + [[package]] name = "core-foundation" version = "0.9.4" @@ -768,6 +926,18 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7" +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core", + "subtle", + "zeroize", +] + [[package]] name = "crypto-common" version = "0.1.6" @@ -779,6 +949,12 @@ dependencies = [ "typenum", ] +[[package]] +name = "ct-codecs" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "026ac6ceace6298d2c557ef5ed798894962296469ec7842288ea64674201a2d1" + [[package]] name = "curve25519-dalek" version = "4.1.3" @@ -802,7 +978,18 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", +] + +[[package]] +name = "der" +version = "0.7.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" +dependencies = [ + "const-oid", + "pem-rfc7468", + "zeroize", ] [[package]] @@ -821,6 +1008,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer", + "const-oid", "crypto-common", "subtle", ] @@ -840,18 +1028,69 @@ version = "0.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77c90badedccf4105eca100756a0b1289e191f6fcbdadd3cee1d2f614f97da8f" +[[package]] +name = "dotenvy" +version = "0.15.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b" + [[package]] name = "dyn-clone" version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0d6ef0072f8a535281e4876be788938b528e9a1d43900b82c2569af7da799125" +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest", + "elliptic-curve", + "rfc6979", + "signature", + "spki", +] + +[[package]] +name = "ed25519-compact" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e9b3460f44bea8cd47f45a0c70892f1eff856d97cd55358b2f73f663789f6190" +dependencies = [ + "ct-codecs", + "getrandom", +] + [[package]] name = "either" version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest", + "ff", + "generic-array", + "group", + "hkdf", + "pem-rfc7468", + "pkcs8", + "rand_core", + "sec1", + "subtle", + "zeroize", +] + [[package]] name = "encode_unicode" version = "0.3.6" @@ -942,6 +1181,16 @@ dependencies = [ "syn 1.0.109", ] +[[package]] +name = "ff" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" +dependencies = [ + "rand_core", + "subtle", +] + [[package]] name = "fiat-crypto" version = "0.2.9" @@ -976,7 +1225,28 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" dependencies = [ - "foreign-types-shared", + "foreign-types-shared 0.1.1", +] + +[[package]] +name = "foreign-types" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d737d9aa519fb7b749cbc3b962edcf310a8dd1f4b67c91c4f83975dbdd17d965" +dependencies = [ + "foreign-types-macros", + "foreign-types-shared 0.3.1", +] + +[[package]] +name = "foreign-types-macros" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a5c6c585bc94aaf2c7b51dd4c2ba22680844aba4c687be581871a6f518c5742" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.89", ] [[package]] @@ -985,6 +1255,12 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" +[[package]] +name = "foreign-types-shared" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa9a19cbb55df58761df49b23516a86d432839add4af60fc256da840f66ed35b" + [[package]] name = "form_urlencoded" version = "1.2.1" @@ -994,6 +1270,22 @@ dependencies = [ "percent-encoding", ] +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + +[[package]] +name = "fslock" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "04412b8935272e3a9bae6f48c7bfff74c2911f60525404edfdd28e49884c3bfb" +dependencies = [ + "libc", + "winapi", +] + [[package]] name = "futures" version = "0.3.30" @@ -1050,7 +1342,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -1091,6 +1383,7 @@ checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" dependencies = [ "typenum", "version_check", + "zeroize", ] [[package]] @@ -1100,8 +1393,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", + "js-sys", "libc", "wasi", + "wasm-bindgen", ] [[package]] @@ -1116,6 +1411,17 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core", + "subtle", +] + [[package]] name = "h2" version = "0.3.26" @@ -1167,6 +1473,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" dependencies = [ "ahash", + "allocator-api2", +] + +[[package]] +name = "hashlink" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e8094feaf31ff591f651a2664fb9cfd92bba7a60ce3197265e9482ebe753c8f7" +dependencies = [ + "hashbrown 0.14.5", ] [[package]] @@ -1209,6 +1525,15 @@ version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" +[[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac", +] + [[package]] name = "hmac" version = "0.12.1" @@ -1218,6 +1543,30 @@ dependencies = [ "digest", ] +[[package]] +name = "hmac-sha1-compact" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dff9d405ec732fa3fcde87264e54a32a84956a377b3e3107de96e59b798c84a7" + +[[package]] +name = "hmac-sha256" +version = "1.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3688e69b38018fec1557254f64c8dc2cc8ec502890182f395dbb0aa997aa5735" +dependencies = [ + "digest", +] + +[[package]] +name = "hmac-sha512" +version = "1.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e4ce1f4656bae589a3fab938f9f09bf58645b7ed01a2c5f8a3c238e01a4ef78a" +dependencies = [ + "digest", +] + [[package]] name = "home" version = "0.5.9" @@ -1550,11 +1899,66 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "json5" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96b0db21af676c1ce64250b5f40f3ce2cf27e4e47cb91ed91eb6fe9350b430c1" +dependencies = [ + "pest", + "pest_derive", + "serde", +] + +[[package]] +name = "jwt-simple" +version = "0.12.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50ae7e0018905a795d6f2a60ac32a547490abdd8df509906a8c6171e6d861711" +dependencies = [ + "anyhow", + "binstring", + "blake2b_simd", + "boring", + "coarsetime", + "ct-codecs", + "ed25519-compact", + "hmac-sha1-compact", + "hmac-sha256", + "hmac-sha512", + "k256", + "p256", + "p384", + "rand", + "serde", + "serde_json", + "superboring", + "thiserror", + "zeroize", +] + +[[package]] +name = "k256" +version = "0.13.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6e3919bbaa2945715f0bb6d3934a173d1e9a59ac23767fbaaef277265a7411b" +dependencies = [ + "cfg-if", + "ecdsa", + "elliptic-curve", + "once_cell", + "sha2", + "signature", +] + [[package]] name = "lazy_static" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" +dependencies = [ + "spin", +] [[package]] name = "lazycell" @@ -1588,6 +1992,12 @@ dependencies = [ "windows-targets 0.52.6", ] +[[package]] +name = "libm" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa" + [[package]] name = "libsqlite3-sys" version = "0.28.0" @@ -1704,7 +2114,7 @@ checksum = "49e7bc1560b95a3c4a25d03de42fe76ca718ab92d1a22a55b9b4cf67b3ae635c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -1817,12 +2227,49 @@ dependencies = [ "winapi", ] +[[package]] +name = "num-bigint-dig" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151" +dependencies = [ + "byteorder", + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand", + "smallvec", + "zeroize", +] + [[package]] name = "num-conv" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-iter" +version = "0.1.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + [[package]] name = "num-traits" version = "0.2.19" @@ -1830,6 +2277,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", + "libm", ] [[package]] @@ -1861,7 +2309,7 @@ checksum = "9529f4786b70a3e8c61e11179af17ab6188ad8d0ded78c5529441ed39d4bd9c1" dependencies = [ "bitflags 2.6.0", "cfg-if", - "foreign-types", + "foreign-types 0.3.2", "libc", "once_cell", "openssl-macros", @@ -1876,7 +2324,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -1913,6 +2361,30 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" +[[package]] +name = "p256" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + +[[package]] +name = "p384" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + [[package]] name = "parking" version = "2.2.1" @@ -1953,6 +2425,12 @@ dependencies = [ "subtle", ] +[[package]] +name = "pathdiff" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d61c5ce1153ab5b689d0c074c4e7fc613e942dfb7dd9eea5ab202d2ad91fe361" + [[package]] name = "pbkdf2" version = "0.11.0" @@ -1971,12 +2449,66 @@ version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + [[package]] name = "percent-encoding" version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" +[[package]] +name = "pest" +version = "2.7.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "879952a81a83930934cbf1786752d6dedc3b1f29e8f8fb2ad1d0a36f377cf442" +dependencies = [ + "memchr", + "thiserror", + "ucd-trie", +] + +[[package]] +name = "pest_derive" +version = "2.7.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d214365f632b123a47fd913301e14c946c61d1c183ee245fa76eb752e59a02dd" +dependencies = [ + "pest", + "pest_generator", +] + +[[package]] +name = "pest_generator" +version = "2.7.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eb55586734301717aea2ac313f50b2eb8f60d2fc3dc01d190eefa2e625f60c4e" +dependencies = [ + "pest", + "pest_meta", + "proc-macro2", + "quote", + "syn 2.0.89", +] + +[[package]] +name = "pest_meta" +version = "2.7.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b75da2a70cf4d9cb76833c990ac9cd3923c9a8905a8929789ce347c84564d03d" +dependencies = [ + "once_cell", + "pest", + "sha2", +] + [[package]] name = "petgraph" version = "0.6.5" @@ -2004,7 +2536,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -2019,6 +2551,27 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" +[[package]] +name = "pkcs1" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" +dependencies = [ + "der", + "pkcs8", + "spki", +] + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + [[package]] name = "pkg-config" version = "0.3.30" @@ -2058,14 +2611,23 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "479cf940fbbb3426c32c5d5176f62ad57549a0bb84773423ba8be9d089f5faba" dependencies = [ "proc-macro2", - "syn 2.0.77", + "syn 2.0.89", +] + +[[package]] +name = "primeorder" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" +dependencies = [ + "elliptic-curve", ] [[package]] name = "proc-macro2" -version = "1.0.86" +version = "1.0.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" +checksum = "307e3004becf10f5a6e0d59d20f3cd28231b0e0827a96cd3e0ce6d14bc1e4bb3" dependencies = [ "unicode-ident", ] @@ -2107,7 +2669,7 @@ dependencies = [ "prost 0.13.2", "prost-types 0.13.2", "regex", - "syn 2.0.77", + "syn 2.0.89", "tempfile", ] @@ -2121,7 +2683,7 @@ dependencies = [ "itertools 0.12.1", "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -2134,7 +2696,7 @@ dependencies = [ "itertools 0.13.0", "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -2377,6 +2939,16 @@ dependencies = [ "windows-registry", ] +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", +] + [[package]] name = "ring" version = "0.17.8" @@ -2392,6 +2964,39 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "ron" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b91f7eff05f748767f183df4320a63d6936e9c6107d97c9e6bdd9784f4289c94" +dependencies = [ + "base64 0.21.7", + "bitflags 2.6.0", + "serde", + "serde_derive", +] + +[[package]] +name = "rsa" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc" +dependencies = [ + "const-oid", + "digest", + "num-bigint-dig", + "num-integer", + "num-traits", + "pkcs1", + "pkcs8", + "rand_core", + "sha2", + "signature", + "spki", + "subtle", + "zeroize", +] + [[package]] name = "rusqlite" version = "0.31.0" @@ -2401,11 +3006,21 @@ dependencies = [ "bitflags 2.6.0", "fallible-iterator", "fallible-streaming-iterator", - "hashlink", + "hashlink 0.9.1", "libsqlite3-sys", "smallvec", ] +[[package]] +name = "rust-ini" +version = "0.20.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e0698206bcb8882bf2a9ecb4c1e7785db57ff052297085a6efd4fe42302068a" +dependencies = [ + "cfg-if", + "ordered-multimap", +] + [[package]] name = "rust-ini" version = "0.21.1" @@ -2549,7 +3164,7 @@ dependencies = [ "proc-macro2", "quote", "serde_derive_internals", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -2558,6 +3173,20 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +[[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + [[package]] name = "security-framework" version = "2.11.1" @@ -2589,22 +3218,22 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.210" +version = "1.0.215" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" +checksum = "6513c1ad0b11a9376da888e3e0baa0077f1aed55c17f50e7b2397136129fb88f" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.210" +version = "1.0.215" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" +checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -2615,7 +3244,7 @@ checksum = "18d26a20a969b9e3fdf2fc2d9f21eda6c40e2de84c9408bb5d3b05d499aae711" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -2718,6 +3347,16 @@ dependencies = [ "libc", ] +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest", + "rand_core", +] + [[package]] name = "similar" version = "2.6.0" @@ -2755,6 +3394,16 @@ version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + [[package]] name = "ssri" version = "9.2.0" @@ -2783,6 +3432,19 @@ version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" +[[package]] +name = "superboring" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cee25cd9d145d2c1ef92a52720376eeb510c8870dfa0f84edb371901ec6a12ca" +dependencies = [ + "getrandom", + "hmac-sha256", + "hmac-sha512", + "rand", + "rsa", +] + [[package]] name = "syn" version = "1.0.109" @@ -2796,9 +3458,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.77" +version = "2.0.89" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed" +checksum = "44d46482f1c1c87acd84dea20c1bf5ebff4c757009ed6bf19cfd36fb10e92c4e" dependencies = [ "proc-macro2", "quote", @@ -2871,7 +3533,7 @@ checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -2963,7 +3625,7 @@ checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -3113,7 +3775,7 @@ dependencies = [ "prost-build", "prost-types 0.13.2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -3168,7 +3830,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -3292,6 +3954,12 @@ version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" +[[package]] +name = "ucd-trie" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2896d95c02a80c6d6a5d6e953d479f5ddf2dfdb6a244441010e373ac0fb88971" + [[package]] name = "unicode-bidi" version = "0.3.15" @@ -3313,6 +3981,12 @@ dependencies = [ "tinyvec", ] +[[package]] +name = "unicode-segmentation" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6ccf251212114b54433ec949fd6a7841275f9ada20dddd2f29e9ceea4501493" + [[package]] name = "unicode-width" version = "0.1.13" @@ -3394,6 +4068,15 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +[[package]] +name = "wasix" +version = "0.12.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1fbb4ef9bbca0c1170e0b00dd28abc9e3b68669821600cad1caaed606583c6d" +dependencies = [ + "wasi", +] + [[package]] name = "wasm-bindgen" version = "0.2.93" @@ -3416,7 +4099,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", "wasm-bindgen-shared", ] @@ -3450,7 +4133,7 @@ checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -3744,6 +4427,17 @@ version = "0.8.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a5cbf750400958819fb6178eaa83bee5cd9c29a26a40cc241df8c70fdd46984" +[[package]] +name = "yaml-rust2" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8902160c4e6f2fb145dbe9d6760a75e3c9522d8bf796ed7047c85919ac7115f8" +dependencies = [ + "arraydeque", + "encoding_rs", + "hashlink 0.8.4", +] + [[package]] name = "zerocopy" version = "0.7.35" @@ -3762,7 +4456,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -3782,7 +4476,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.89", ] [[package]] @@ -3794,7 +4488,7 @@ dependencies = [ "aes", "byteorder", "bzip2", - "constant_time_eq", + "constant_time_eq 0.1.5", "crc32fast", "crossbeam-utils", "flate2", diff --git a/burrow/Cargo.toml b/burrow/Cargo.toml index 4e2b33c..14b8620 100644 --- a/burrow/Cargo.toml +++ b/burrow/Cargo.toml @@ -68,6 +68,9 @@ tower = "0.4.13" hyper-util = "0.1.6" toml = "0.8.15" rust-ini = "0.21.0" +jwt-simple = "0.12.10" +config = "0.14.1" +dotenvy = "0.15.7" [target.'cfg(target_os = "linux")'.dependencies] caps = "0.5" diff --git a/burrow/src/auth/server/db.rs b/burrow/src/auth/server/db.rs index 8d3e742..e621424 100644 --- a/burrow/src/auth/server/db.rs +++ b/burrow/src/auth/server/db.rs @@ -84,9 +84,11 @@ pub fn store_device( ) -> Result<()> { log::debug!("Storing openid user {:#?}", openid_user); let conn = rusqlite::Connection::open(PATH)?; - - // TODO - + todo!(); + conn.execute( + "INSERT INTO device (name, public_key, apns_token, user_id, ipv4, ipv6, access_token, refresh_token) + VALUES (?, ?, ?, ?, ?, ?, ?, ?)", + ())?; Ok(()) } diff --git a/burrow/src/auth/server/grpc_server.rs b/burrow/src/auth/server/grpc_server.rs index 1e076c4..56b67fc 100644 --- a/burrow/src/auth/server/grpc_server.rs +++ b/burrow/src/auth/server/grpc_server.rs @@ -1,6 +1,8 @@ +use std::sync::Arc; + use tonic::{Request, Response, Status}; -use crate::auth::server::providers::OpenIdUser; +use crate::auth::server::providers::{KeypairT, OpenIdUser}; use super::{ grpc_defs::{ @@ -9,10 +11,13 @@ use super::{ SlackAuthRequest, }, providers::slack::auth, + settings::BurrowAuthServerConfig, }; -#[derive(Debug)] -struct BurrowGrpcServer; +struct BurrowGrpcServer { + config: Arc, + jwt_keypair: Arc, +} #[tonic::async_trait] impl BurrowWeb for BurrowGrpcServer { @@ -31,19 +36,19 @@ impl BurrowWeb for BurrowGrpcServer { let jwt = req .jwt .ok_or(Status::invalid_argument("JWT Not existent!"))?; - let oid_user = - OpenIdUser::try_from(&jwt).map_err(|e| Status::invalid_argument(e.to_string()))?; - unimplemented!() + let oid_user = OpenIdUser::try_from_jwt(&jwt, &self.jwt_keypair) + .map_err(|e| Status::invalid_argument(e.to_string()))?; + todo!() } async fn delete_device(&self, request: Request) -> Result, Status> { - unimplemented!() + todo!() } async fn list_devices( &self, request: Request, ) -> Result, Status> { - unimplemented!() + todo!() } } diff --git a/burrow/src/auth/server/mod.rs b/burrow/src/auth/server/mod.rs index c6bf63a..4fec23d 100644 --- a/burrow/src/auth/server/mod.rs +++ b/burrow/src/auth/server/mod.rs @@ -2,6 +2,7 @@ pub mod db; pub mod grpc_defs; mod grpc_server; pub mod providers; +pub mod settings; use anyhow::Result; use axum::{http::StatusCode, routing::post, Router}; @@ -11,9 +12,7 @@ use tokio::signal; pub async fn serve() -> Result<()> { db::init_db()?; - let app = Router::new() - .route("/slack-auth", post(auth)) - .route("/device/new", post(device_new)); + let app = Router::new().route("/device/new", post(device_new)); let listener = tokio::net::TcpListener::bind("0.0.0.0:8080").await.unwrap(); log::info!("Starting auth server on port 8080"); diff --git a/burrow/src/auth/server/providers/mod.rs b/burrow/src/auth/server/providers/mod.rs index 89c3fad..9488c8c 100644 --- a/burrow/src/auth/server/providers/mod.rs +++ b/burrow/src/auth/server/providers/mod.rs @@ -1,18 +1,65 @@ pub mod slack; -pub use super::{db, grpc_defs}; -use anyhow::Result; -use grpc_defs::JwtInfo; +use self::grpc_defs::JwtInfo; -#[derive(serde::Deserialize, Default, Debug)] +pub use super::{db, grpc_defs, settings::BurrowAuthServerConfig}; +use anyhow::{anyhow, Result}; +use jwt_simple::{ + claims::{Claims, NoCustomClaims}, + prelude::{Duration, Ed25519KeyPair, EdDSAKeyPairLike, EdDSAPublicKeyLike}, +}; +use serde::{Deserialize, Serialize}; + +pub type KeypairT = Ed25519KeyPair; + +#[derive(Serialize, Deserialize, Default, Debug, PartialEq, Eq, Clone)] pub struct OpenIdUser { pub sub: String, pub name: String, } -impl TryFrom<&JwtInfo> for OpenIdUser { - type Error = anyhow::Error; +#[derive(Serialize, Deserialize, Debug)] +struct OpenIDCustomField { + pub name: String, +} - fn try_from(jwt_info: &JwtInfo) -> Result { - todo!() +impl OpenIdUser { + pub fn try_from_jwt(jwt_info: &JwtInfo, keypair: &KeypairT) -> Result { + let claims = keypair + .public_key() + .verify_token::(&jwt_info.jwt, None)?; + Ok(Self { + sub: claims.subject.ok_or(anyhow!("No Subject!"))?, + name: claims.custom.name, + }) + } +} + +impl JwtInfo { + fn try_from_oid(oid_user: OpenIdUser, keypair: &KeypairT) -> Result { + let claims = Claims::with_custom_claims( + OpenIDCustomField { name: oid_user.name }, + Duration::from_days(10), + ) + .with_subject(oid_user.sub); + let jwt = keypair.sign(claims)?; + Ok(Self { jwt }) + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_jwt() -> Result<()> { + let key_pair = Ed25519KeyPair::generate(); + let sample_usr = OpenIdUser { + sub: "Spanish".into(), + name: "Inquisition".into(), + }; + let encoded = JwtInfo::try_from_oid(sample_usr.clone(), &key_pair)?; + let decoded = OpenIdUser::try_from_jwt(&encoded, &key_pair)?; + assert_eq!(decoded, sample_usr); + Ok(()) } } diff --git a/burrow/src/auth/server/settings.rs b/burrow/src/auth/server/settings.rs new file mode 100644 index 0000000..3baa59b --- /dev/null +++ b/burrow/src/auth/server/settings.rs @@ -0,0 +1,23 @@ +use config::{Config, ConfigError, Environment}; +use serde::Deserialize; + +#[derive(Debug, Deserialize)] +pub struct BurrowAuthServerConfig { + jwt_secret_key: String, + jwt_public_key: String, +} + +impl BurrowAuthServerConfig { + pub fn new() -> Result { + let s = Config::builder() + .add_source(Environment::default()) + .build()?; + s.try_deserialize() + } + + /// Creates a new config that includes the dotenv + pub fn new_dotenv() -> Result { + dotenvy::dotenv().ok(); + Self::new() + } +} From d60b70ffb472d6456705c551d5cba7868243e97e Mon Sep 17 00:00:00 2001 From: Jett Chen Date: Thu, 21 Nov 2024 19:44:44 +0800 Subject: [PATCH 06/11] Support for slack auth --- burrow/src/auth/server/db.rs | 2 +- burrow/src/auth/server/grpc_server.rs | 2 +- burrow/src/auth/server/providers/mod.rs | 1 + burrow/src/auth/server/providers/slack.rs | 14 ++++++++++---- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/burrow/src/auth/server/db.rs b/burrow/src/auth/server/db.rs index e621424..575f39c 100644 --- a/burrow/src/auth/server/db.rs +++ b/burrow/src/auth/server/db.rs @@ -49,7 +49,7 @@ pub fn init_db() -> Result<()> { } pub fn store_connection( - openid_user: super::providers::OpenIdUser, + openid_user: &super::providers::OpenIdUser, openid_provider: &str, access_token: &str, refresh_token: Option<&str>, diff --git a/burrow/src/auth/server/grpc_server.rs b/burrow/src/auth/server/grpc_server.rs index 56b67fc..4bc6ae6 100644 --- a/burrow/src/auth/server/grpc_server.rs +++ b/burrow/src/auth/server/grpc_server.rs @@ -25,7 +25,7 @@ impl BurrowWeb for BurrowGrpcServer { &self, request: Request, ) -> Result, Status> { - auth(request).await + auth(request, &self.jwt_keypair).await } async fn create_device( diff --git a/burrow/src/auth/server/providers/mod.rs b/burrow/src/auth/server/providers/mod.rs index 9488c8c..b9bfe88 100644 --- a/burrow/src/auth/server/providers/mod.rs +++ b/burrow/src/auth/server/providers/mod.rs @@ -58,6 +58,7 @@ mod tests { name: "Inquisition".into(), }; let encoded = JwtInfo::try_from_oid(sample_usr.clone(), &key_pair)?; + println!("{}", encoded.jwt); let decoded = OpenIdUser::try_from_jwt(&encoded, &key_pair)?; assert_eq!(decoded, sample_usr); Ok(()) diff --git a/burrow/src/auth/server/providers/slack.rs b/burrow/src/auth/server/providers/slack.rs index 2b7d8b3..38fbfe1 100644 --- a/burrow/src/auth/server/providers/slack.rs +++ b/burrow/src/auth/server/providers/slack.rs @@ -9,13 +9,17 @@ use serde::Deserialize; use super::db::store_connection; use super::grpc_defs::{JwtInfo, SlackAuthRequest}; +use super::KeypairT; use tonic::{Request as TRequest, Response as TResponse, Result as TResult, Status as TStatus}; #[derive(Deserialize)] pub struct SlackToken { slack_token: String, } -pub async fn auth(request: TRequest) -> TResult, TStatus> { +pub async fn auth( + request: TRequest, + key_pair: &KeypairT, +) -> TResult, TStatus> { let slack_token = request.into_inner().slack_token; let slack_user = match fetch_slack_user(&slack_token).await { Ok(user) => user, @@ -31,7 +35,7 @@ pub async fn auth(request: TRequest) -> TResult user, Err(e) => { log::error!("Failed to fetch Slack user: {:?}", e); @@ -39,8 +43,10 @@ pub async fn auth(request: TRequest) -> TResult Result { From b806b28a6ea8fdb9906fc982d1b37de05d565914 Mon Sep 17 00:00:00 2001 From: Jett Chen Date: Thu, 21 Nov 2024 19:58:15 +0800 Subject: [PATCH 07/11] Change to map --- burrow/src/auth/server/db.rs | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/burrow/src/auth/server/db.rs b/burrow/src/auth/server/db.rs index 575f39c..09664a7 100644 --- a/burrow/src/auth/server/db.rs +++ b/burrow/src/auth/server/db.rs @@ -104,15 +104,12 @@ pub fn list_devices(user_id: i64) -> Result> { let conn = rusqlite::Connection::open(PATH)?; let mut stmt = conn.prepare("SELECT name FROM device WHERE user_id = ?")?; - let devices = stmt.query_map([user_id], |row| { - let name: String = row.get(0)?; - Ok(name) - })?; - - let mut result = Vec::new(); - for device in devices { - result.push(device?); - } + let result: Vec = stmt + .query_map([user_id], |row| { + let name: String = row.get(0)?; + Ok(name) + })? + .collect::, _>>()?; Ok(result) } From 321d36b743554a44962116305c1c87bc102e467f Mon Sep 17 00:00:00 2001 From: Jett Chen Date: Fri, 22 Nov 2024 11:21:02 +0800 Subject: [PATCH 08/11] Migrate server to new crate --- Cargo.lock | 67 ++++++++++++------- Cargo.toml | 2 +- burrow/src/auth/mod.rs | 2 - burrow/src/lib.rs | 9 +-- burrow/src/main.rs | 6 -- server/Cargo.toml | 40 +++++++++++ server/build.rs | 4 ++ .../src/auth/server/providers/mod.rs | 0 server/src/build.rs | 1 + {burrow/src/auth => server/src}/client.rs | 0 server/src/main.rs | 6 ++ {burrow/src/auth => server/src}/server/db.rs | 2 - .../auth => server/src}/server/grpc_defs.rs | 0 .../auth => server/src}/server/grpc_server.rs | 7 +- {burrow/src/auth => server/src}/server/mod.rs | 13 ---- server/src/server/providers/mod.rs | 66 ++++++++++++++++++ .../src}/server/providers/slack.rs | 5 -- .../auth => server/src}/server/settings.rs | 0 18 files changed, 167 insertions(+), 63 deletions(-) delete mode 100644 burrow/src/auth/mod.rs create mode 100644 server/Cargo.toml create mode 100644 server/build.rs rename {burrow => server}/src/auth/server/providers/mod.rs (100%) create mode 100644 server/src/build.rs rename {burrow/src/auth => server/src}/client.rs (100%) create mode 100644 server/src/main.rs rename {burrow/src/auth => server/src}/server/db.rs (98%) rename {burrow/src/auth => server/src}/server/grpc_defs.rs (100%) rename {burrow/src/auth => server/src}/server/grpc_server.rs (83%) rename {burrow/src/auth => server/src}/server/mod.rs (77%) create mode 100644 server/src/server/providers/mod.rs rename {burrow/src/auth => server/src}/server/providers/slack.rs (97%) rename {burrow/src/auth => server/src}/server/settings.rs (100%) diff --git a/Cargo.lock b/Cargo.lock index 9190d2a..ce8c901 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -122,9 +122,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.87" +version = "1.0.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10f00e1f6e58a40e807377c75c6a7f97bf9044fab57816f2414e6f5f4499d7b8" +checksum = "4c95c10ba0b00a02636238b814946408b1322d5ac4760326e6fb8ec956d85775" [[package]] name = "arraydeque" @@ -539,11 +539,11 @@ dependencies = [ "nix 0.27.1", "once_cell", "parking_lot", - "prost 0.13.2", - "prost-types 0.13.2", + "prost 0.13.3", + "prost-types 0.13.3", "rand", "rand_core", - "reqwest 0.12.7", + "reqwest 0.12.9", "ring", "rusqlite", "rust-ini 0.21.1", @@ -2644,12 +2644,12 @@ dependencies = [ [[package]] name = "prost" -version = "0.13.2" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b2ecbe40f08db5c006b5764a2645f7f3f141ce756412ac9e1dd6087e6d32995" +checksum = "7b0487d90e047de87f984913713b85c601c05609aad5b0df4b4573fbf69aa13f" dependencies = [ "bytes", - "prost-derive 0.13.2", + "prost-derive 0.13.3", ] [[package]] @@ -2666,8 +2666,8 @@ dependencies = [ "once_cell", "petgraph", "prettyplease", - "prost 0.13.2", - "prost-types 0.13.2", + "prost 0.13.3", + "prost-types 0.13.3", "regex", "syn 2.0.89", "tempfile", @@ -2688,9 +2688,9 @@ dependencies = [ [[package]] name = "prost-derive" -version = "0.13.2" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "acf0c195eebb4af52c752bec4f52f645da98b6e92077a04110c7f349477ae5ac" +checksum = "e9552f850d5f0964a4e4d0bf306459ac29323ddfbae05e35a7c0d35cb0803cc5" dependencies = [ "anyhow", "itertools 0.13.0", @@ -2710,11 +2710,11 @@ dependencies = [ [[package]] name = "prost-types" -version = "0.13.2" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60caa6738c7369b940c3d49246a8d1749323674c65cb13010134f5c9bad5b519" +checksum = "4759aa0d3a6232fb8dbdb97b61de2c20047c68aca932c7ed76da9d788508d670" dependencies = [ - "prost 0.13.2", + "prost 0.13.3", ] [[package]] @@ -2899,9 +2899,9 @@ dependencies = [ [[package]] name = "reqwest" -version = "0.12.7" +version = "0.12.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8f4955649ef5c38cc7f9e8aa41761d48fb9677197daea9984dc54f56aad5e63" +checksum = "a77c62af46e79de0a562e1a9849205ffcb7fc1238876e9bd743357570e04046f" dependencies = [ "base64 0.22.1", "bytes", @@ -3249,9 +3249,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.128" +version = "1.0.133" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8" +checksum = "c7fceb2473b9166b2294ef05efcb65a3db80803f0b03ef86a5fc88a2b85ee377" dependencies = [ "itoa", "memchr", @@ -3290,6 +3290,27 @@ dependencies = [ "serde", ] +[[package]] +name = "server" +version = "0.1.0" +dependencies = [ + "anyhow", + "clap", + "config", + "dotenvy", + "jwt-simple", + "log", + "prost 0.13.3", + "prost-types 0.13.3", + "reqwest 0.12.9", + "rusqlite", + "serde", + "serde_json", + "tokio", + "tonic 0.12.3", + "tonic-build", +] + [[package]] name = "sha-1" version = "0.10.1" @@ -3591,9 +3612,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.40.0" +version = "1.41.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2b070231665d27ad9ec9b8df639893f46727666c6767db40317fbe920a5d998" +checksum = "22cfb5bee7a6a52939ca9224d6ac897bb669134078daa8735560897f69de4d33" dependencies = [ "backtrace", "bytes", @@ -3754,7 +3775,7 @@ dependencies = [ "hyper-util", "percent-encoding", "pin-project", - "prost 0.13.2", + "prost 0.13.3", "socket2", "tokio", "tokio-stream", @@ -3773,7 +3794,7 @@ dependencies = [ "prettyplease", "proc-macro2", "prost-build", - "prost-types 0.13.2", + "prost-types 0.13.3", "quote", "syn 2.0.89", ] diff --git a/Cargo.toml b/Cargo.toml index 362ba2b..4494416 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,5 +1,5 @@ [workspace] -members = ["burrow", "tun"] +members = ["burrow", "server", "tun"] resolver = "2" exclude = ["burrow-gtk"] diff --git a/burrow/src/auth/mod.rs b/burrow/src/auth/mod.rs deleted file mode 100644 index c07f47e..0000000 --- a/burrow/src/auth/mod.rs +++ /dev/null @@ -1,2 +0,0 @@ -pub mod client; -pub mod server; diff --git a/burrow/src/lib.rs b/burrow/src/lib.rs index 6aae1fb..5bf0be9 100644 --- a/burrow/src/lib.rs +++ b/burrow/src/lib.rs @@ -5,18 +5,13 @@ pub mod wireguard; mod daemon; #[cfg(any(target_os = "linux", target_vendor = "apple"))] pub mod database; -#[cfg(any(target_os = "linux", target_vendor = "apple"))] -mod auth; + pub(crate) mod tracing; #[cfg(target_vendor = "apple")] pub use daemon::apple::spawn_in_process; #[cfg(any(target_os = "linux", target_vendor = "apple"))] pub use daemon::{ - rpc::DaemonResponse, - rpc::ServerInfo, - DaemonClient, - DaemonCommand, - DaemonResponseData, + rpc::DaemonResponse, rpc::ServerInfo, DaemonClient, DaemonCommand, DaemonResponseData, DaemonStartOptions, }; diff --git a/burrow/src/main.rs b/burrow/src/main.rs index e87b4c9..e2cbba5 100644 --- a/burrow/src/main.rs +++ b/burrow/src/main.rs @@ -7,9 +7,6 @@ pub(crate) mod tracing; #[cfg(any(target_os = "linux", target_vendor = "apple"))] mod wireguard; -#[cfg(any(target_os = "linux", target_vendor = "apple"))] -mod auth; - #[cfg(any(target_os = "linux", target_vendor = "apple"))] use daemon::{DaemonClient, DaemonCommand}; @@ -52,8 +49,6 @@ enum Commands { ServerConfig, /// Reload Config ReloadConfig(ReloadConfigArgs), - /// Authentication server - AuthServer, /// Server Status ServerStatus, /// Tunnel Config @@ -276,7 +271,6 @@ async fn main() -> Result<()> { Commands::ServerInfo => try_serverinfo().await?, Commands::ServerConfig => try_serverconfig().await?, Commands::ReloadConfig(args) => try_reloadconfig(args.interface_id.clone()).await?, - Commands::AuthServer => crate::auth::server::serve().await?, Commands::ServerStatus => try_serverstatus().await?, Commands::TunnelConfig => try_tun_config().await?, Commands::NetworkAdd(args) => { diff --git a/server/Cargo.toml b/server/Cargo.toml new file mode 100644 index 0000000..3f1d072 --- /dev/null +++ b/server/Cargo.toml @@ -0,0 +1,40 @@ +[package] +name = "server" +version = "0.1.0" +edition = "2021" + +[dependencies] +anyhow = "1.0.93" +jwt-simple = "0.12.10" +log = "0.4.22" +reqwest = { version = "0.12.9", default-features = false, features = [ + "json", + "rustls-tls", +] } +serde = "1.0.215" +serde_json = "1.0.133" +tokio = { version = "1.41.1", features = [ + "rt", + "macros", + "sync", + "io-util", + "rt-multi-thread", + "signal", + "time", + "tracing", + "fs", +] } +tonic = "0.12.3" +clap = { version = "4.4", features = ["derive"] } +rusqlite = { version = "0.31.0", features = ["blob"] } +dotenvy = "0.15.7" +config = "0.14.1" +prost = "0.13.3" +prost-types = "0.13.3" + + +[features] +bundled = ["rusqlite/bundled"] + +[build-dependencies] +tonic-build = "0.12.3" diff --git a/server/build.rs b/server/build.rs new file mode 100644 index 0000000..22aebed --- /dev/null +++ b/server/build.rs @@ -0,0 +1,4 @@ +fn main() -> Result<(), Box> { + tonic_build::configure().compile_protos(&["../proto/burrowweb.proto"], &["../proto"])?; + Ok(()) +} diff --git a/burrow/src/auth/server/providers/mod.rs b/server/src/auth/server/providers/mod.rs similarity index 100% rename from burrow/src/auth/server/providers/mod.rs rename to server/src/auth/server/providers/mod.rs diff --git a/server/src/build.rs b/server/src/build.rs new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/server/src/build.rs @@ -0,0 +1 @@ + diff --git a/burrow/src/auth/client.rs b/server/src/client.rs similarity index 100% rename from burrow/src/auth/client.rs rename to server/src/client.rs diff --git a/server/src/main.rs b/server/src/main.rs new file mode 100644 index 0000000..60f3081 --- /dev/null +++ b/server/src/main.rs @@ -0,0 +1,6 @@ +pub mod client; +pub mod server; + +fn main() { + println!("Hello, world!"); +} diff --git a/burrow/src/auth/server/db.rs b/server/src/server/db.rs similarity index 98% rename from burrow/src/auth/server/db.rs rename to server/src/server/db.rs index 09664a7..50516b6 100644 --- a/burrow/src/auth/server/db.rs +++ b/server/src/server/db.rs @@ -1,7 +1,5 @@ use anyhow::Result; -use crate::daemon::rpc::grpc_defs::{Network, NetworkType}; - pub static PATH: &str = "./server.sqlite3"; pub fn init_db() -> Result<()> { diff --git a/burrow/src/auth/server/grpc_defs.rs b/server/src/server/grpc_defs.rs similarity index 100% rename from burrow/src/auth/server/grpc_defs.rs rename to server/src/server/grpc_defs.rs diff --git a/burrow/src/auth/server/grpc_server.rs b/server/src/server/grpc_server.rs similarity index 83% rename from burrow/src/auth/server/grpc_server.rs rename to server/src/server/grpc_server.rs index 4bc6ae6..3061e7a 100644 --- a/burrow/src/auth/server/grpc_server.rs +++ b/server/src/server/grpc_server.rs @@ -2,13 +2,12 @@ use std::sync::Arc; use tonic::{Request, Response, Status}; -use crate::auth::server::providers::{KeypairT, OpenIdUser}; +use super::providers::{KeypairT, OpenIdUser}; use super::{ grpc_defs::{ - burrowwebrpc::burrow_web_server::{BurrowWeb, BurrowWebServer}, - CreateDeviceRequest, CreateDeviceResponse, Empty, JwtInfo, ListDevicesResponse, - SlackAuthRequest, + burrowwebrpc::burrow_web_server::BurrowWeb, CreateDeviceRequest, CreateDeviceResponse, + Empty, JwtInfo, ListDevicesResponse, SlackAuthRequest, }, providers::slack::auth, settings::BurrowAuthServerConfig, diff --git a/burrow/src/auth/server/mod.rs b/server/src/server/mod.rs similarity index 77% rename from burrow/src/auth/server/mod.rs rename to server/src/server/mod.rs index 4fec23d..7c8cdd8 100644 --- a/burrow/src/auth/server/mod.rs +++ b/server/src/server/mod.rs @@ -5,29 +5,16 @@ pub mod providers; pub mod settings; use anyhow::Result; -use axum::{http::StatusCode, routing::post, Router}; use providers::slack::auth; use tokio::signal; pub async fn serve() -> Result<()> { db::init_db()?; - - let app = Router::new().route("/device/new", post(device_new)); - let listener = tokio::net::TcpListener::bind("0.0.0.0:8080").await.unwrap(); log::info!("Starting auth server on port 8080"); - axum::serve(listener, app) - .with_graceful_shutdown(shutdown_signal()) - .await - .unwrap(); - Ok(()) } -async fn device_new() -> StatusCode { - StatusCode::OK -} - async fn shutdown_signal() { let ctrl_c = async { signal::ctrl_c() diff --git a/server/src/server/providers/mod.rs b/server/src/server/providers/mod.rs new file mode 100644 index 0000000..b9bfe88 --- /dev/null +++ b/server/src/server/providers/mod.rs @@ -0,0 +1,66 @@ +pub mod slack; +use self::grpc_defs::JwtInfo; + +pub use super::{db, grpc_defs, settings::BurrowAuthServerConfig}; +use anyhow::{anyhow, Result}; +use jwt_simple::{ + claims::{Claims, NoCustomClaims}, + prelude::{Duration, Ed25519KeyPair, EdDSAKeyPairLike, EdDSAPublicKeyLike}, +}; +use serde::{Deserialize, Serialize}; + +pub type KeypairT = Ed25519KeyPair; + +#[derive(Serialize, Deserialize, Default, Debug, PartialEq, Eq, Clone)] +pub struct OpenIdUser { + pub sub: String, + pub name: String, +} + +#[derive(Serialize, Deserialize, Debug)] +struct OpenIDCustomField { + pub name: String, +} + +impl OpenIdUser { + pub fn try_from_jwt(jwt_info: &JwtInfo, keypair: &KeypairT) -> Result { + let claims = keypair + .public_key() + .verify_token::(&jwt_info.jwt, None)?; + Ok(Self { + sub: claims.subject.ok_or(anyhow!("No Subject!"))?, + name: claims.custom.name, + }) + } +} + +impl JwtInfo { + fn try_from_oid(oid_user: OpenIdUser, keypair: &KeypairT) -> Result { + let claims = Claims::with_custom_claims( + OpenIDCustomField { name: oid_user.name }, + Duration::from_days(10), + ) + .with_subject(oid_user.sub); + let jwt = keypair.sign(claims)?; + Ok(Self { jwt }) + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_jwt() -> Result<()> { + let key_pair = Ed25519KeyPair::generate(); + let sample_usr = OpenIdUser { + sub: "Spanish".into(), + name: "Inquisition".into(), + }; + let encoded = JwtInfo::try_from_oid(sample_usr.clone(), &key_pair)?; + println!("{}", encoded.jwt); + let decoded = OpenIdUser::try_from_jwt(&encoded, &key_pair)?; + assert_eq!(decoded, sample_usr); + Ok(()) + } +} diff --git a/burrow/src/auth/server/providers/slack.rs b/server/src/server/providers/slack.rs similarity index 97% rename from burrow/src/auth/server/providers/slack.rs rename to server/src/server/providers/slack.rs index 38fbfe1..e6a4694 100644 --- a/burrow/src/auth/server/providers/slack.rs +++ b/server/src/server/providers/slack.rs @@ -1,9 +1,4 @@ use anyhow::Result; -use axum::{ - extract::Json, - http::StatusCode, - routing::{get, post}, -}; use reqwest::header::AUTHORIZATION; use serde::Deserialize; diff --git a/burrow/src/auth/server/settings.rs b/server/src/server/settings.rs similarity index 100% rename from burrow/src/auth/server/settings.rs rename to server/src/server/settings.rs From d1a223fac9bb4a75955ddf20e61d9464bd0f7a45 Mon Sep 17 00:00:00 2001 From: Jett Chen Date: Fri, 22 Nov 2024 11:49:50 +0800 Subject: [PATCH 09/11] Feat: JWT key generation --- server/src/auth/server/providers/mod.rs | 66 ------------------------- server/src/build.rs | 1 - server/src/main.rs | 48 +++++++++++++++++- server/src/server/grpc_server.rs | 12 +++++ server/src/server/providers/mod.rs | 10 ++++ server/src/server/settings.rs | 3 +- 6 files changed, 69 insertions(+), 71 deletions(-) delete mode 100644 server/src/auth/server/providers/mod.rs delete mode 100644 server/src/build.rs diff --git a/server/src/auth/server/providers/mod.rs b/server/src/auth/server/providers/mod.rs deleted file mode 100644 index b9bfe88..0000000 --- a/server/src/auth/server/providers/mod.rs +++ /dev/null @@ -1,66 +0,0 @@ -pub mod slack; -use self::grpc_defs::JwtInfo; - -pub use super::{db, grpc_defs, settings::BurrowAuthServerConfig}; -use anyhow::{anyhow, Result}; -use jwt_simple::{ - claims::{Claims, NoCustomClaims}, - prelude::{Duration, Ed25519KeyPair, EdDSAKeyPairLike, EdDSAPublicKeyLike}, -}; -use serde::{Deserialize, Serialize}; - -pub type KeypairT = Ed25519KeyPair; - -#[derive(Serialize, Deserialize, Default, Debug, PartialEq, Eq, Clone)] -pub struct OpenIdUser { - pub sub: String, - pub name: String, -} - -#[derive(Serialize, Deserialize, Debug)] -struct OpenIDCustomField { - pub name: String, -} - -impl OpenIdUser { - pub fn try_from_jwt(jwt_info: &JwtInfo, keypair: &KeypairT) -> Result { - let claims = keypair - .public_key() - .verify_token::(&jwt_info.jwt, None)?; - Ok(Self { - sub: claims.subject.ok_or(anyhow!("No Subject!"))?, - name: claims.custom.name, - }) - } -} - -impl JwtInfo { - fn try_from_oid(oid_user: OpenIdUser, keypair: &KeypairT) -> Result { - let claims = Claims::with_custom_claims( - OpenIDCustomField { name: oid_user.name }, - Duration::from_days(10), - ) - .with_subject(oid_user.sub); - let jwt = keypair.sign(claims)?; - Ok(Self { jwt }) - } -} - -#[cfg(test)] -mod tests { - use super::*; - - #[test] - fn test_jwt() -> Result<()> { - let key_pair = Ed25519KeyPair::generate(); - let sample_usr = OpenIdUser { - sub: "Spanish".into(), - name: "Inquisition".into(), - }; - let encoded = JwtInfo::try_from_oid(sample_usr.clone(), &key_pair)?; - println!("{}", encoded.jwt); - let decoded = OpenIdUser::try_from_jwt(&encoded, &key_pair)?; - assert_eq!(decoded, sample_usr); - Ok(()) - } -} diff --git a/server/src/build.rs b/server/src/build.rs deleted file mode 100644 index 8b13789..0000000 --- a/server/src/build.rs +++ /dev/null @@ -1 +0,0 @@ - diff --git a/server/src/main.rs b/server/src/main.rs index 60f3081..49d2b8d 100644 --- a/server/src/main.rs +++ b/server/src/main.rs @@ -1,6 +1,50 @@ pub mod client; pub mod server; +use anyhow::Result; +use clap::{Args, Parser, Subcommand}; +use server::providers::gen_keypem; -fn main() { - println!("Hello, world!"); +#[derive(Parser)] +#[command(name = "Burrow Server")] +#[command(author = "Hack Club ")] +#[command(version = "0.1")] +#[command( + about = "Server for hosting auth logic of Burrow", + long_about = "Burrow is a 🚀 blazingly fast 🚀 tool designed to penetrate unnecessarily restrictive firewalls, providing teenagers worldwide with secure, less-filtered, and safe access to the internet! +It's being built by teenagers from Hack Club, in public! Check it out: https://github.com/hackclub/burrow +Spotted a bug? Please open an issue! https://github.com/hackclub/burrow/issues/new" +)] +struct Cli { + #[command(subcommand)] + command: Commands, +} + +#[derive(Subcommand)] +enum Commands { + StartServer, + #[command(name = "genkeys")] + GenKeys(GenKeyArgs), +} + +#[derive(Args)] +pub struct GenKeyArgs { + #[arg(short, long, default_value = "false")] + pub raw: bool, +} + +#[tokio::main] +async fn main() -> Result<()> { + let cli = Cli::parse(); + match &cli.command { + Commands::GenKeys(args) => { + let pem = gen_keypem(); + if args.raw { + println!(r"{pem:?}"); + } else { + println!("Generated PEM:\n{pem}") + } + } + Commands::StartServer => todo!(), + }; + Ok(()) } diff --git a/server/src/server/grpc_server.rs b/server/src/server/grpc_server.rs index 3061e7a..d710529 100644 --- a/server/src/server/grpc_server.rs +++ b/server/src/server/grpc_server.rs @@ -1,5 +1,6 @@ use std::sync::Arc; +use jwt_simple::prelude::Ed25519KeyPair; use tonic::{Request, Response, Status}; use super::providers::{KeypairT, OpenIdUser}; @@ -18,6 +19,17 @@ struct BurrowGrpcServer { jwt_keypair: Arc, } +impl BurrowGrpcServer { + pub fn new() -> anyhow::Result { + let config = BurrowAuthServerConfig::new_dotenv()?; + let jwt_keypair = Ed25519KeyPair::from_pem(&config.jwt_pem)?; + Ok(Self { + config: Arc::new(config), + jwt_keypair: Arc::new(jwt_keypair), + }) + } +} + #[tonic::async_trait] impl BurrowWeb for BurrowGrpcServer { async fn slack_auth( diff --git a/server/src/server/providers/mod.rs b/server/src/server/providers/mod.rs index b9bfe88..2bf7098 100644 --- a/server/src/server/providers/mod.rs +++ b/server/src/server/providers/mod.rs @@ -46,6 +46,16 @@ impl JwtInfo { } } +pub fn gen_keypem() -> String { + let keypair = KeypairT::generate(); + keypair.to_pem() +} + +pub fn parse_keypem(pem: &String) -> Result { + let keypair = KeypairT::from_pem(&pem)?; + Ok(keypair) +} + #[cfg(test)] mod tests { use super::*; diff --git a/server/src/server/settings.rs b/server/src/server/settings.rs index 3baa59b..9275518 100644 --- a/server/src/server/settings.rs +++ b/server/src/server/settings.rs @@ -3,8 +3,7 @@ use serde::Deserialize; #[derive(Debug, Deserialize)] pub struct BurrowAuthServerConfig { - jwt_secret_key: String, - jwt_public_key: String, + pub jwt_pem: String, } impl BurrowAuthServerConfig { From 6c32ae8b688a8a938c90b36a35fd4596f3dadeb9 Mon Sep 17 00:00:00 2001 From: Jett Chen Date: Fri, 22 Nov 2024 15:25:16 +0800 Subject: [PATCH 10/11] Add server command --- Cargo.lock | 37 +++++++++++++++++++++++++++++++ proto/burrowweb.proto | 5 +++++ server/Cargo.toml | 1 + server/server.sqlite3 | Bin 0 -> 49152 bytes server/src/main.rs | 6 +++-- server/src/server/grpc_server.rs | 21 ++++++++++++++++-- server/src/server/mod.rs | 13 +++++++++-- 7 files changed, 77 insertions(+), 6 deletions(-) create mode 100644 server/server.sqlite3 diff --git a/Cargo.lock b/Cargo.lock index ce8c901..3249f6a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3309,6 +3309,7 @@ dependencies = [ "tokio", "tonic 0.12.3", "tonic-build", + "tonic-web", ] [[package]] @@ -3799,6 +3800,26 @@ dependencies = [ "syn 2.0.89", ] +[[package]] +name = "tonic-web" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5299dd20801ad736dccb4a5ea0da7376e59cd98f213bf1c3d478cf53f4834b58" +dependencies = [ + "base64 0.22.1", + "bytes", + "http 1.1.0", + "http-body 1.0.1", + "http-body-util", + "pin-project", + "tokio-stream", + "tonic 0.12.3", + "tower-http", + "tower-layer", + "tower-service", + "tracing", +] + [[package]] name = "tower" version = "0.4.13" @@ -3819,6 +3840,22 @@ dependencies = [ "tracing", ] +[[package]] +name = "tower-http" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e9cd434a998747dd2c4276bc96ee2e0c7a2eadf3cae88e52be55a05fa9053f5" +dependencies = [ + "bitflags 2.6.0", + "bytes", + "http 1.1.0", + "http-body 1.0.1", + "http-body-util", + "pin-project-lite", + "tower-layer", + "tower-service", +] + [[package]] name = "tower-layer" version = "0.3.3" diff --git a/proto/burrowweb.proto b/proto/burrowweb.proto index f9cfe85..2dd1250 100644 --- a/proto/burrowweb.proto +++ b/proto/burrowweb.proto @@ -12,6 +12,7 @@ service BurrowWeb { rpc CreateDevice (CreateDeviceRequest) returns (CreateDeviceResponse); rpc DeleteDevice (JWTInfo) returns (Empty); rpc ListDevices (JWTInfo) returns (ListDevicesResponse); + rpc Status(Empty) returns (ServerStatus); } message Peer { @@ -88,3 +89,7 @@ message CreateDeviceResponse { message ListDevicesResponse { repeated Device devices = 1; } + +message ServerStatus { + string status = 1; +} diff --git a/server/Cargo.toml b/server/Cargo.toml index 3f1d072..fbeaa57 100644 --- a/server/Cargo.toml +++ b/server/Cargo.toml @@ -31,6 +31,7 @@ dotenvy = "0.15.7" config = "0.14.1" prost = "0.13.3" prost-types = "0.13.3" +tonic-web = "0.12.3" [features] diff --git a/server/server.sqlite3 b/server/server.sqlite3 new file mode 100644 index 0000000000000000000000000000000000000000..cf93d673444a59dc7fc4ea7141ecbcd4cf28e978 GIT binary patch literal 49152 zcmWFz^vNtqRY=P(%1ta$FlG>7U}R))P*7lCU|?ooVBldu01%%A!DV1XV&h^mGw9{* zK z$kW#`C{n@OHB!MbG{oQ2&pF7|*VQjX2So?SVucXb2sGh>(xjZsD>D}aPGGE+1a z{QVSMTzyXRrcX5kgo~6V;)a1!X2^c3|^QW&;GjPa%rnp>Nb2*oB4#a!APL?||fDCX2=Cql6iL@|dp z8xe{PA&S|XqL|r1dATJUobf>EGd?*#FE2H@Br`t`jmv_P711OWG`Ki9Il+REbPvvt zM5cXCPR{&-)V$1;_=2MRvdom!BGkmD12P+`0%ip$`y%B~gb`o`@Ene+1a|@jTY;G% z!NSO;iU!mfFo)_WKn1|oW~Lye9$OYR@jz`{sRyhc5!UgBXacO!jO^l~qKu7_@TdW) zV8Vz5NXTcVAQygMXCrbwYG`tCa%!qGv58xY;&mI?L7=`o2dF;b1rY)uVib>tz-S1J zhQMeDjE2By2#kinXb6mkz-S1JhQMeDjE2By2n^Q{-~xGUwEqtZg;6{j0;3@?8Umvs zFd71*Aut*OqaiRF0;3@?8UmvsFd72GHUviJ|A%eVj(Th~1V%$(Gz3ONU^E0qLtr!n zMnhmU1V%$(Gz3ONU^E2aAuu}s4-bk_#%KtPhQMeDjE2By2#kinXb6mkz-S1JhQMeD zjE2By2n^d07@hwgwoyCkvC$A14S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5P*lk z==?uCC`K8hAut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?Y(rqQ|37S_cGP2| zAut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@S4}sDCKRhT#8KWUE8UmvsFd71* zAut*OqaiRF0;3@?8UmvsFd71*Auw!1V6^`~Y@>G6W1}H38UmvsFd71*Aut*OqaiRF z0;3@?8UmvsFd71*Apj47(f&U?C`K8hAut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF z0;3@?Y(rr5{QqGawWA&z4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu;scnAOh DX1UZy literal 0 HcmV?d00001 diff --git a/server/src/main.rs b/server/src/main.rs index 49d2b8d..3d3060c 100644 --- a/server/src/main.rs +++ b/server/src/main.rs @@ -2,7 +2,7 @@ pub mod client; pub mod server; use anyhow::Result; use clap::{Args, Parser, Subcommand}; -use server::providers::gen_keypem; +use server::{providers::gen_keypem, serve}; #[derive(Parser)] #[command(name = "Burrow Server")] @@ -44,7 +44,9 @@ async fn main() -> Result<()> { println!("Generated PEM:\n{pem}") } } - Commands::StartServer => todo!(), + Commands::StartServer => { + serve().await?; + } }; Ok(()) } diff --git a/server/src/server/grpc_server.rs b/server/src/server/grpc_server.rs index d710529..3aec7dc 100644 --- a/server/src/server/grpc_server.rs +++ b/server/src/server/grpc_server.rs @@ -4,21 +4,32 @@ use jwt_simple::prelude::Ed25519KeyPair; use tonic::{Request, Response, Status}; use super::providers::{KeypairT, OpenIdUser}; +use std::fmt::Debug; use super::{ grpc_defs::{ burrowwebrpc::burrow_web_server::BurrowWeb, CreateDeviceRequest, CreateDeviceResponse, - Empty, JwtInfo, ListDevicesResponse, SlackAuthRequest, + Empty, JwtInfo, ListDevicesResponse, ServerStatus, SlackAuthRequest, }, providers::slack::auth, settings::BurrowAuthServerConfig, }; -struct BurrowGrpcServer { +#[derive(Clone)] +pub struct BurrowGrpcServer { config: Arc, jwt_keypair: Arc, } +impl Debug for BurrowGrpcServer { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + f.debug_struct("BurrowGrpcServer") + .field("config", &self.config) + .field("jwt_keypair", &"") + .finish() + } +} + impl BurrowGrpcServer { pub fn new() -> anyhow::Result { let config = BurrowAuthServerConfig::new_dotenv()?; @@ -62,4 +73,10 @@ impl BurrowWeb for BurrowGrpcServer { ) -> Result, Status> { todo!() } + + async fn status(&self, _req: Request) -> Result, Status> { + Ok(Response::new(ServerStatus { + status: "Nobody expects the Spanish Inquisition".into(), + })) + } } diff --git a/server/src/server/mod.rs b/server/src/server/mod.rs index 7c8cdd8..1d6c1d9 100644 --- a/server/src/server/mod.rs +++ b/server/src/server/mod.rs @@ -5,13 +5,22 @@ pub mod providers; pub mod settings; use anyhow::Result; -use providers::slack::auth; +use grpc_defs::burrow_web_server::BurrowWebServer; +use grpc_server::BurrowGrpcServer; use tokio::signal; +use tonic::transport::Server; pub async fn serve() -> Result<()> { db::init_db()?; - let listener = tokio::net::TcpListener::bind("0.0.0.0:8080").await.unwrap(); + let addr = "[::1]:8080".parse()?; log::info!("Starting auth server on port 8080"); + let burrow_grpc_server = BurrowGrpcServer::new()?; + let svc = BurrowWebServer::new(burrow_grpc_server); + Server::builder() + .accept_http1(true) + .add_service(tonic_web::enable(svc)) + .serve(addr) + .await?; Ok(()) } From c34578786eff176bb4a6bef9c0c907b8549f2ef2 Mon Sep 17 00:00:00 2001 From: Jett Chen Date: Fri, 22 Nov 2024 15:26:07 +0800 Subject: [PATCH 11/11] Update --- .gitignore | 3 ++- server/server.sqlite3 | Bin 49152 -> 0 bytes 2 files changed, 2 insertions(+), 1 deletion(-) delete mode 100644 server/server.sqlite3 diff --git a/.gitignore b/.gitignore index 1b300b4..bbc465b 100644 --- a/.gitignore +++ b/.gitignore @@ -14,4 +14,5 @@ target/ tmp/ *.db -*.sock \ No newline at end of file +*.sock +*.sqlite3 diff --git a/server/server.sqlite3 b/server/server.sqlite3 deleted file mode 100644 index cf93d673444a59dc7fc4ea7141ecbcd4cf28e978..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 49152 zcmWFz^vNtqRY=P(%1ta$FlG>7U}R))P*7lCU|?ooVBldu01%%A!DV1XV&h^mGw9{* zK z$kW#`C{n@OHB!MbG{oQ2&pF7|*VQjX2So?SVucXb2sGh>(xjZsD>D}aPGGE+1a z{QVSMTzyXRrcX5kgo~6V;)a1!X2^c3|^QW&;GjPa%rnp>Nb2*oB4#a!APL?||fDCX2=Cql6iL@|dp z8xe{PA&S|XqL|r1dATJUobf>EGd?*#FE2H@Br`t`jmv_P711OWG`Ki9Il+REbPvvt zM5cXCPR{&-)V$1;_=2MRvdom!BGkmD12P+`0%ip$`y%B~gb`o`@Ene+1a|@jTY;G% z!NSO;iU!mfFo)_WKn1|oW~Lye9$OYR@jz`{sRyhc5!UgBXacO!jO^l~qKu7_@TdW) zV8Vz5NXTcVAQygMXCrbwYG`tCa%!qGv58xY;&mI?L7=`o2dF;b1rY)uVib>tz-S1J zhQMeDjE2By2#kinXb6mkz-S1JhQMeDjE2By2n^Q{-~xGUwEqtZg;6{j0;3@?8Umvs zFd71*Aut*OqaiRF0;3@?8UmvsFd72GHUviJ|A%eVj(Th~1V%$(Gz3ONU^E0qLtr!n zMnhmU1V%$(Gz3ONU^E2aAuu}s4-bk_#%KtPhQMeDjE2By2#kinXb6mkz-S1JhQMeD zjE2By2n^d07@hwgwoyCkvC$A14S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5P*lk z==?uCC`K8hAut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?Y(rqQ|37S_cGP2| zAut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@S4}sDCKRhT#8KWUE8UmvsFd71* zAut*OqaiRF0;3@?8UmvsFd71*Auw!1V6^`~Y@>G6W1}H38UmvsFd71*Aut*OqaiRF z0;3@?8UmvsFd71*Apj47(f&U?C`K8hAut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF z0;3@?Y(rr5{QqGawWA&z4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu;scnAOh DX1UZy