From 8865027ec368baf0a36a8c91a4ca9dd9e76e37a7 Mon Sep 17 00:00:00 2001 From: Aydin Mercan Date: Sat, 26 Feb 2022 18:27:16 +0300 Subject: [PATCH] cargo, doc, server: see commit details - cargo/deps: update dependencies - cargo/audit: remove unused advisory ignore - cargo/profile: add now-stable strip to release/smaller builds - cargo/feature: make SQLite bundling a feature - doc: document various design choices and plans - server/config: remove configuration file as 2 flags are enough - server/tracing: initial setup - server/db: initial schema draft design --- .cargo/audit.toml | 5 - Cargo.lock | 384 +++++++++++++++++++++++++++++++----------- Cargo.toml | 21 ++- README.md | 9 + doc/DESIGN.adoc | 7 + doc/OIDC.adoc | 5 + doc/TESTING.adoc | 3 +- example/config.toml | 1 - schema.sql | 41 +++++ src/config.rs | 17 -- src/controller/mod.rs | 9 + src/database.rs | 21 +++ src/main.rs | 41 ++--- 13 files changed, 413 insertions(+), 151 deletions(-) create mode 100644 doc/DESIGN.adoc delete mode 100644 example/config.toml create mode 100644 schema.sql delete mode 100644 src/config.rs create mode 100644 src/database.rs diff --git a/.cargo/audit.toml b/.cargo/audit.toml index ccf89d4..793a71c 100644 --- a/.cargo/audit.toml +++ b/.cargo/audit.toml @@ -1,8 +1,3 @@ -[advisories] -ignore = [ - "RUSTSEC-2020-0159", -] - [output] quiet = false deny = ["warnings"] diff --git a/Cargo.lock b/Cargo.lock index c7e1b83..d918008 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -24,9 +24,20 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.53" +version = "1.0.55" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94a45b455c14666b85fc40a019e8ab9eb75e3a124e05494f5397122bc9eb06e0" +checksum = "159bb86af3a200e19a068f4224eae4c8bb2d0fa054c7e5d1cacd5cef95e684cd" + +[[package]] +name = "argon2" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25df3c03f1040d0069fcd3907e24e36d59f9b6fa07ba49be0eb25a794f036ba7" +dependencies = [ + "base64ct", + "blake2", + "password-hash", +] [[package]] name = "async-trait" @@ -58,9 +69,9 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "axum" -version = "0.4.5" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1dbbc81d15ddf33148615b778836b525dbae4e0731710294b2c484e80c4858f7" +checksum = "157d3c6bef9a248ecf0492f05bb91019ced3c5b0f4cd9ec09b16d06596e1e743" dependencies = [ "async-trait", "axum-core", @@ -80,7 +91,6 @@ dependencies = [ "serde_urlencoded", "sync_wrapper", "tokio", - "tokio-util", "tower", "tower-http", "tower-layer", @@ -89,9 +99,9 @@ dependencies = [ [[package]] name = "axum-core" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ca6c0b218388a7ed6a8d25e94f7dea5498daaa4fd8c711fb3ff166041b06fda" +checksum = "6dbcda393bef9c87572779cb8ef916f12d77750b27535dd6819fa86591627a51" dependencies = [ "async-trait", "bytes", @@ -101,18 +111,48 @@ dependencies = [ "mime", ] +[[package]] +name = "base64ct" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a32fd6af2b5827bce66c29053ba0e7c42b9dcab01835835058558c10851a46b" + [[package]] name = "bitflags" version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +[[package]] +name = "blake2" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9cf849ee05b2ee5fba5e36f97ff8ec2533916700fc0758d40d92136a42f3388" +dependencies = [ + "digest", +] + +[[package]] +name = "block-buffer" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bf7fe51849ea569fd452f37822f606a5cabb684dc918707a0193fd4664ff324" +dependencies = [ + "generic-array", +] + [[package]] name = "bytes" version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8" +[[package]] +name = "cc" +version = "1.0.73" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11" + [[package]] name = "cfg-if" version = "1.0.0" @@ -121,36 +161,29 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chibiauth" -version = "0.0.1-trunk" +version = "0.0.1" dependencies = [ "anyhow", + "argon2", "axum", + "blake2", "clap", + "parking_lot", + "rand", "rusqlite", "serde", + "time", "tokio", - "toml", "tracing", "tracing-subscriber", -] - -[[package]] -name = "chrono" -version = "0.4.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73" -dependencies = [ - "libc", - "num-integer", - "num-traits", - "winapi", + "uuid", ] [[package]] name = "clap" -version = "3.0.14" +version = "3.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b63edc3f163b3c71ec8aa23f9bd6070f77edbf3d1d198b164afa90ff00e4ec62" +checksum = "5177fac1ab67102d8989464efd043c6ff44191b1557ec1ddd489b4f7e1447e77" dependencies = [ "atty", "bitflags", @@ -165,9 +198,9 @@ dependencies = [ [[package]] name = "clap_derive" -version = "3.0.14" +version = "3.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a1132dc3944b31c20dd8b906b3a9f0a5d0243e092d59171414969657ac6aa85" +checksum = "01d42c94ce7c2252681b5fed4d3627cc807b13dfc033246bd05d5b252399000e" dependencies = [ "heck", "proc-macro-error", @@ -176,6 +209,27 @@ dependencies = [ "syn", ] +[[package]] +name = "crypto-common" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57952ca27b5e3606ff4dd79b0020231aaf9d6aa76dc05fd30137538c50bd3ce8" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "digest" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506" +dependencies = [ + "block-buffer", + "crypto-common", + "subtle", +] + [[package]] name = "fallible-iterator" version = "0.2.0" @@ -244,10 +298,20 @@ dependencies = [ ] [[package]] -name = "getrandom" -version = "0.2.4" +name = "generic-array" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "418d37c8b1d42553c93648be529cb70f920d3baf8ef469b74b9638df426e0b4c" +checksum = "fd48d33ec7f05fbfa152300fdad764757cbded343c1aa1cff2fbaf4134851803" +dependencies = [ + "typenum", + "version_check", +] + +[[package]] +name = "getrandom" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d39cd93900197114fa1fcb7ae84ca742095eed9442088988ae74fa744e930e77" dependencies = [ "cfg-if", "libc", @@ -269,7 +333,7 @@ dependencies = [ "indexmap", "slab", "tokio", - "tokio-util", + "tokio-util 0.6.9", "tracing", ] @@ -314,7 +378,7 @@ checksum = "31f4c6746584866f0feabcc69893c5b51beef3831656a968ed7ae254cdc4fd03" dependencies = [ "bytes", "fnv", - "itoa 1.0.1", + "itoa", ] [[package]] @@ -336,9 +400,9 @@ checksum = "0bfe8eed0a9285ef776bb792479ea3834e8b94e13d615c2f66d03dd50a435a29" [[package]] name = "httparse" -version = "1.5.1" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "acd94fdbe1d4ff688b67b04eee2e17bd50995534a61539e45adfefb45e5e5503" +checksum = "9100414882e15fb7feccb4897e5f0ff0ff1ca7d1a86a23208ada4d7a18e6c6c4" [[package]] name = "httpdate" @@ -348,9 +412,9 @@ checksum = "c4a1e36c821dbe04574f602848a19f742f4fb3c98d40449f11bcad18d6b17421" [[package]] name = "hyper" -version = "0.14.16" +version = "0.14.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7ec3e62bdc98a2f0393a5048e4c30ef659440ea6e0e572965103e72bd836f55" +checksum = "043f0e083e9901b6cc658a77d1eb86f4fc650bbb977a4337dd63192826aa85dd" dependencies = [ "bytes", "futures-channel", @@ -361,7 +425,7 @@ dependencies = [ "http-body", "httparse", "httpdate", - "itoa 0.4.8", + "itoa", "pin-project-lite", "socket2", "tokio", @@ -380,21 +444,6 @@ dependencies = [ "hashbrown", ] -[[package]] -name = "instant" -version = "0.1.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" -dependencies = [ - "cfg-if", -] - -[[package]] -name = "itoa" -version = "0.4.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4" - [[package]] name = "itoa" version = "1.0.1" @@ -409,9 +458,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.117" +version = "0.2.119" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e74d72e0f9b65b5b4ca49a346af3976df0f9c61d550727f349ecd559f251a26c" +checksum = "1bf2e165bb3457c8e098ea76f3e3bc9db55f87aa90d52d0e6be741470916aaa4" [[package]] name = "libsqlite3-sys" @@ -419,6 +468,7 @@ version = "0.23.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d2cafc7c74096c336d9d27145f7ebd4f4b6f95ba16aa5a282387267e6925cb58" dependencies = [ + "cc", "pkg-config", "vcpkg", ] @@ -467,9 +517,9 @@ checksum = "2a60c7ce501c71e03a9c9c0d35b861413ae925bd979cc7a4e30d060069aaac8d" [[package]] name = "mio" -version = "0.7.14" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8067b404fe97c70829f082dec8bcf4f71225d7eaea1d8645349cb76fa06205cc" +checksum = "ba272f85fa0b41fc91872be579b3bbe0f56b792aa361a380eb669469f68dafb2" dependencies = [ "libc", "log", @@ -489,32 +539,13 @@ dependencies = [ [[package]] name = "ntapi" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f6bb902e437b6d86e03cce10a7e2af662292c5dfef23b65899ea3ac9354ad44" +checksum = "c28774a7fd2fbb4f0babd8237ce554b73af68021b5f695a3cebd6c59bac0980f" dependencies = [ "winapi", ] -[[package]] -name = "num-integer" -version = "0.1.44" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2cc698a63b549a70bc047073d2949cce27cd1c7b0a4a862d08a8031bc2801db" -dependencies = [ - "autocfg", - "num-traits", -] - -[[package]] -name = "num-traits" -version = "0.2.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290" -dependencies = [ - "autocfg", -] - [[package]] name = "num_cpus" version = "1.13.1" @@ -525,6 +556,15 @@ dependencies = [ "libc", ] +[[package]] +name = "num_threads" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97ba99ba6393e2c3734791401b66902d981cb03bf190af674ca69949b6d5fb15" +dependencies = [ + "libc", +] + [[package]] name = "once_cell" version = "1.9.0" @@ -542,27 +582,36 @@ dependencies = [ [[package]] name = "parking_lot" -version = "0.11.2" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99" +checksum = "87f5ec2493a61ac0506c0f4199f99070cbe83857b0337006a30f3e6719b8ef58" dependencies = [ - "instant", "lock_api", "parking_lot_core", ] [[package]] name = "parking_lot_core" -version = "0.8.5" +version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d76e8e1493bcac0d2766c42737f34458f1c8c50c0d23bcb24ea953affb273216" +checksum = "28141e0cc4143da2443301914478dc976a61ffdb3f043058310c70df2fed8954" dependencies = [ "cfg-if", - "instant", "libc", "redox_syscall", "smallvec", - "winapi", + "windows-sys", +] + +[[package]] +name = "password-hash" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d791538a6dcc1e7cb7fe6f6b58aca40e7f79403c45b2bc274008b5e647af1d8" +dependencies = [ + "base64ct", + "rand_core", + "subtle", ] [[package]] @@ -609,6 +658,12 @@ version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "58893f751c9b0412871a09abd62ecd2a00298c6c83befa223ef98c52aef40cbe" +[[package]] +name = "ppv-lite86" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eb9f9e6e233e5c4a35559a617bf40a4ec447db2e84c20b55a6f83167b7e57872" + [[package]] name = "proc-macro-error" version = "1.0.4" @@ -651,6 +706,36 @@ dependencies = [ "proc-macro2", ] +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" +dependencies = [ + "getrandom", +] + [[package]] name = "redox_syscall" version = "0.2.10" @@ -667,13 +752,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4ba4d3462c8b2e4d7f4fcfcf2b296dc6b65404fbbc7b63daa37fd485c149daf7" dependencies = [ "bitflags", - "chrono", "fallible-iterator", "fallible-streaming-iterator", "hashlink", "libsqlite3-sys", "memchr", + "serde_json", "smallvec", + "time", + "uuid", ] [[package]] @@ -710,11 +797,11 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.78" +version = "1.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d23c1ba4cf0efd44be32017709280b32d1cea5c3f1275c3b6d9e8bc54f758085" +checksum = "8e8d9fa5c3b304765ce1fd9c4c8a3de2c8db365a5b91be52f186efc675681d95" dependencies = [ - "itoa 1.0.1", + "itoa", "ryu", "serde", ] @@ -726,7 +813,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" dependencies = [ "form_urlencoded", - "itoa 1.0.1", + "itoa", "ryu", "serde", ] @@ -777,6 +864,12 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +[[package]] +name = "subtle" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" + [[package]] name = "syn" version = "1.0.86" @@ -819,10 +912,29 @@ dependencies = [ ] [[package]] -name = "tokio" -version = "1.16.1" +name = "time" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c27a64b625de6d309e8c57716ba93021dccf1b3b5c97edd6d3dd2d2135afc0a" +checksum = "004cbc98f30fa233c61a38bc77e96a9106e65c88f2d3bef182ae952027e5753d" +dependencies = [ + "itoa", + "libc", + "num_threads", + "serde", + "time-macros", +] + +[[package]] +name = "time-macros" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25eb0ca3468fc0acc11828786797f6ef9aa1555e4a211a60d64cc8e4d1be47d6" + +[[package]] +name = "tokio" +version = "1.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2af73ac49756f3f7c01172e34a23e5d0216f6c32333757c2c61feb2bbff5a5ee" dependencies = [ "bytes", "libc", @@ -833,6 +945,7 @@ dependencies = [ "parking_lot", "pin-project-lite", "signal-hook-registry", + "socket2", "tokio-macros", "winapi", ] @@ -863,26 +976,31 @@ dependencies = [ ] [[package]] -name = "toml" -version = "0.5.8" +name = "tokio-util" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a31142970826733df8241ef35dc040ef98c679ab14d7c3e54d827099b3acecaa" +checksum = "64910e1b9c1901aaf5375561e35b9c057d95ff41a44ede043a03e09279eabaf1" dependencies = [ - "serde", + "bytes", + "futures-core", + "futures-sink", + "log", + "pin-project-lite", + "tokio", ] [[package]] name = "tower" -version = "0.4.11" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5651b5f6860a99bd1adb59dbfe1db8beb433e73709d9032b413a77e2fb7c066a" +checksum = "9a89fd63ad6adf737582df5db40d286574513c69a11dac5214dc3b5603d6713e" dependencies = [ "futures-core", "futures-util", "pin-project", "pin-project-lite", "tokio", - "tokio-util", + "tokio-util 0.7.0", "tower-layer", "tower-service", "tracing", @@ -890,9 +1008,9 @@ dependencies = [ [[package]] name = "tower-http" -version = "0.2.1" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03650267ad175b51c47d02ed9547fc7d4ba2c7e5cb76df0bed67edd1825ae297" +checksum = "2bb284cac1883d54083a0edbdc9cabf931dfed87455f8c7266c01ece6394a43a" dependencies = [ "bitflags", "bytes", @@ -902,6 +1020,7 @@ dependencies = [ "http-body", "http-range-header", "pin-project-lite", + "tower", "tower-layer", "tower-service", ] @@ -920,9 +1039,9 @@ checksum = "360dfd1d6d30e05fda32ace2c8c70e9c0a9da713275777f5a4dbb8a1893930c6" [[package]] name = "tracing" -version = "0.1.30" +version = "0.1.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d8d93354fe2a8e50d5953f5ae2e47a3fc2ef03292e7ea46e3cc38f549525fb9" +checksum = "f6c650a8ef0cd2dd93736f033d21cbd1224c5a967aa0c258d00fcf7dafef9b9f" dependencies = [ "cfg-if", "log", @@ -965,9 +1084,9 @@ dependencies = [ [[package]] name = "tracing-subscriber" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74786ce43333fcf51efe947aed9718fbe46d5c7328ec3f1029e818083966d9aa" +checksum = "9e0ab7bdc962035a87fba73f3acca9b8a8d0034c2e6f60b84aeaaddddc155dce" dependencies = [ "ansi_term", "parking_lot", @@ -984,12 +1103,28 @@ version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "59547bce71d9c38b83d9c0e92b6066c4253371f15005def0c30d9657f50c7642" +[[package]] +name = "typenum" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987" + [[package]] name = "unicode-xid" version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" +[[package]] +name = "uuid" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7" +dependencies = [ + "getrandom", + "serde", +] + [[package]] name = "valuable" version = "0.1.0" @@ -1054,3 +1189,46 @@ name = "winapi-x86_64-pc-windows-gnu" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "windows-sys" +version = "0.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3df6e476185f92a12c072be4a189a0210dcdcf512a1891d6dff9edb874deadc6" +dependencies = [ + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_msvc" +version = "0.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8e92753b1c443191654ec532f14c199742964a061be25d77d7a96f09db20bf5" + +[[package]] +name = "windows_i686_gnu" +version = "0.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a711c68811799e017b6038e0922cb27a5e2f43a2ddb609fe0b6f3eeda9de615" + +[[package]] +name = "windows_i686_msvc" +version = "0.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "146c11bb1a02615db74680b32a68e2d61f553cc24c4eb5b4ca10311740e44172" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c912b12f7454c6620635bbff3450962753834be2a594819bd5e945af18ec64bc" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "504a2476202769977a040c6364301a3f65d0cc9e3fb08600b2bda150a0488316" diff --git a/Cargo.toml b/Cargo.toml index b653354..b0e7f48 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,26 +1,37 @@ [package] name = "chibiauth" -version = "0.0.1-trunk" +version = "0.0.1" edition = "2021" -rust-version = "1.58.1" +license = "EUPL-1.2" +authors = ["Aydin Mercan "] +rust-version = "1.58" [dependencies] anyhow = "1" +argon2 = "0.3" +blake2 = "0.10" axum = { version = "0.4", features = ["http2"] } clap = { version = "3", features = ["derive"] } -rusqlite = { version = "0.26", features = ["chrono"] } +parking_lot = "0.12" +rand = "0.8" +rusqlite = { version = "0.26", features = ["serde_json", "time", "uuid"] } serde = { version = "1", features = ["derive"] } -tokio = { version = "1.16", features = ["full"] } -toml = "0.5" +time = { version = "0.3", features = ["serde"] } +tokio = { version = "1.17", features = ["full"] } tracing = "0.1" tracing-subscriber = { version = "0.3", features = ["parking_lot"] } +uuid = { version = "0.8", features = ["v4", "serde"] } [profile.release] codegen-units = 1 incremental = false lto = "fat" panic = "abort" +strip = "debuginfo" [profile.smaller] inherits = "release" opt-level = "s" + +[features] +bundled = ["rusqlite/bundled"] diff --git a/README.md b/README.md index 6cf341b..e85f4f0 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,15 @@ Relevant info for development is inside the `doc` folder. For administration and usage, a reference handbook will be provided in the future. +## Usage + +```sh +chibiauth --database=/path/to/database/of/chibiauth.db --port 9909 +``` + +* ChibiAuth will bind to localhost, bring your own TLS terminator. +* The database is just a SQLite file, feel free to use something like litestream. + ## License This repository is licensed under the EUPL-1.2. An English copy of the license text is available under `LICENSE`. diff --git a/doc/DESIGN.adoc b/doc/DESIGN.adoc new file mode 100644 index 0000000..22bdab9 --- /dev/null +++ b/doc/DESIGN.adoc @@ -0,0 +1,7 @@ +== Random Design Choices + +=== Password Reset + +We use the https://paragonie.com/blog/2017/02/split-tokens-token-based-authentication-protocols-without-side-channels[Split Tokens approach]. +A 256-bit random token is split in half and BLAKE2 is used as the hash function. +Argon2 already uses BLAKE2 and is very usable so it makes sense to use it and not stuff the binary. diff --git a/doc/OIDC.adoc b/doc/OIDC.adoc index bd0d3e2..9833cb2 100644 --- a/doc/OIDC.adoc +++ b/doc/OIDC.adoc @@ -4,3 +4,8 @@ === Standards Non-Compliance ChibiAuth chooses to be non-compatible with various sections. + +* In *Section 5.1*, the `gender` standard claim specifies that the strings "male" and "female" must be accepted with accepting other genders being optional. +ChibiAuth gives doesn't recognize this bias and accepts empty and arbitrary limited strings with no special treatment to any cultural bias. +The field is limited in characters to prevent maliciously filling the database. If 256 characters aren't enough please do let me know. +Plus I am not very convinces that filling the database via malicously large fields is a relevant issue. diff --git a/doc/TESTING.adoc b/doc/TESTING.adoc index abf4a2c..3969112 100644 --- a/doc/TESTING.adoc +++ b/doc/TESTING.adoc @@ -2,7 +2,7 @@ === CI -* _Treehouse Woodpecker_: +* _Treehouse Woodpecker_: We should try to avoid wasting resources of the Treehouse servers as they are generously provided to people. ** Building and built-in tests. * _GitHub Actions_: Since the free-tier environments aren't super powerful, only the following tasks are done: @@ -13,3 +13,4 @@ === Fuzzing I will probably setup a continous fuzzing in a private machine some day. +Maybe cargo-fuzz and fuzzowski. diff --git a/example/config.toml b/example/config.toml deleted file mode 100644 index 8f5d24b..0000000 --- a/example/config.toml +++ /dev/null @@ -1 +0,0 @@ -database = "./chibiauth.db" diff --git a/schema.sql b/schema.sql new file mode 100644 index 0000000..c3d3246 --- /dev/null +++ b/schema.sql @@ -0,0 +1,41 @@ +CREATE TABLE IF NOT EXISTS users ( + uuid BLOB PRIMARY KEY NOT NULL, + username TEXT NOT NULL UNIQUE, + secrethash TEXT NOT NULL +) STRICT; + +CREATE TABLE IF NOT EXISTS oidc_claims ( + uuid BLOB REFERENCES users(uuid) ON DELETE CASCADE, + sub TEXT NOT NULL, + name TEXT, + given_name TEXT, + family_name TEXT, + middle_name TEXT, + nickname TEXT, + preferred_username TEXT, + profile TEXT, + picture TEXT, + website TEXT, + email TEXT, + email_verified INTEGER NOT NULL DEFAULT 'FALSE', + gender TEXT, + birthdate TEXT, + zoneinfo TEXT, + locale TEXT, + phone_number TEXT, + phone_number_verified INTEGER NOT NULL DEFAULT 'FALSE', + address TEXT, + updated_at INTEGER +) STRICT; + +CREATE TABLE IF NOT EXISTS sessions ( + cookie BLOB PRIMARY KEY NOT NULL, + uuid BLOB NOT NULL REFERENCES users(uuid) ON DELETE CASCADE +) STRICT; + +CREATE TABLE IF NOT EXISTS reset_token ( + selector TEXT PRIMARY KEY NOT NULL, + uuid BLOB NOT NULL REFERENCES users(uuid) ON DELETE CASCADE, + verifier TEXT NOT NULL + expires_at TEXT NOT NULL, +) STRICT; diff --git a/src/config.rs b/src/config.rs deleted file mode 100644 index c5a3901..0000000 --- a/src/config.rs +++ /dev/null @@ -1,17 +0,0 @@ -use std::fs::read_to_string; - -use anyhow::Result; -use serde::Deserialize; - -#[derive(Deserialize)] -pub struct Config { - pub database: String, -} - -pub fn read_to_config(path: String) -> Result { - let raw = read_to_string(path)?; - - let conf: Config = toml::from_str(&raw)?; - - Ok(conf) -} diff --git a/src/controller/mod.rs b/src/controller/mod.rs index e69de29..f90557b 100644 --- a/src/controller/mod.rs +++ b/src/controller/mod.rs @@ -0,0 +1,9 @@ +use std::sync::Arc; + +use axum::{AddExtensionLayer, Router}; + +use crate::CsrfMap; + +pub fn setup_router(csrf_map: Arc) -> Router { + Router::new().layer(AddExtensionLayer::new(csrf_map)) +} diff --git a/src/database.rs b/src/database.rs new file mode 100644 index 0000000..6641fba --- /dev/null +++ b/src/database.rs @@ -0,0 +1,21 @@ +use anyhow::{bail, Result}; + +use rusqlite::Connection; + +pub fn setup_connection_and_for_replication(path: String) -> Result { + let db = Connection::open(path)?; + + let mode: String = db.pragma_update_and_check(None, "journal_mode", "WAL", |row| row.get(0))?; + + if mode != "wal" { + bail!("couldn't set journaling to WAL"); + } + + db.pragma_update(None, "busy_timeout", "5000")?; + db.pragma_update(None, "synchronous", "NORMAL")?; + db.pragma_update(None, "foreign_keys", "ON")?; + + db.execute_batch(include_str!("../schema.sql"))?; + + Ok(db) +} diff --git a/src/main.rs b/src/main.rs index 85dfb0f..f102c64 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,40 +1,43 @@ -mod config; mod controller; +mod database; -use anyhow::{bail, Result}; +use std::collections::HashMap; +use std::sync::Arc; + +use anyhow::Result; use clap::Parser; -use rusqlite::Connection; +use parking_lot::RwLock; -use crate::config::read_to_config; +use crate::controller::setup_router; + +pub type CsrfMap = RwLock>; #[derive(Parser)] struct Args { #[clap(short, long)] - pub config: String, + pub database: String, + + #[clap(short, long)] + pub port: u16, } -fn setup_db_conn_and_for_replication(path: String) -> Result { - let db = Connection::open(path)?; +fn setup_default_subscriber() -> Result<()> { + tracing_subscriber::fmt::init(); - let mode: String = db.pragma_update_and_check(None, "journal_mode", "WAL", |row| row.get(0))?; - - if mode != "wal" { - bail!("couldn't set journaling to WAL"); - } - - db.pragma_update(None, "busy_timeout", "5000")?; - db.pragma_update(None, "synchronous", "NORMAL")?; - - Ok(db) + Ok(()) } #[tokio::main] async fn main() -> Result<()> { let args = Args::parse(); - let config = read_to_config(args.config)?; + setup_default_subscriber()?; - let db = setup_db_conn_and_for_replication(config.database)?; + let csrf_map = Arc::new(RwLock::new(HashMap::::new())); + + let db = crate::database::setup_connection_and_for_replication(args.database)?; + + let router = setup_router(csrf_map); Ok(()) }