xiretza/factoriauth
1
0
Fork 0
Code Issues 3 Pull requests Releases Activity

Compare commits

base: xiretza:ead1c7ebad455c4d7f319457c3205d528234dbde
Branches Tags
xiretza:main
xiretza:v1.0.0
..
compare: xiretza:fa7dc5a3f95c1b4706acbfdfc20dd174c1230b54
Branches Tags
xiretza:main
xiretza:v1.0.0

No commits in common. "ead1c7ebad455c4d7f319457c3205d528234dbde" and "fa7dc5a3f95c1b4706acbfdfc20dd174c1230b54" have entirely different histories.
ead1c7ebad ... fa7dc5a3f9

5 changed files with 29 additions and 93 deletions
Show stats Expand all files Collapse all files

5
src/auth/backends.rs
View file

@ -124,10 +124,7 @@ impl ValidateLogin for LdapBackend {
event!(Level::TRACE, ?search_results, "Got raw search results");
let search_entry = match search_results.len() {
1 => {
#[allow(clippy::unwrap_used)] // we just checked the length is 1
SearchEntry::construct(search_results.into_iter().next().unwrap())
}
1 => SearchEntry::construct(search_results.into_iter().next().unwrap()),
0 => {
event!(Level::WARN, "No matching LDAP user found");
return Err(AuthenticationError::InvalidUserOrPassword);

2
src/auth/mod.rs
View file

@ -168,7 +168,6 @@ impl ServerPadlockGenerator {
#[instrument]
pub fn generate_padlock(&self, server_hash: &ServerHash) -> ServerPadlock {
#[allow(clippy::expect_used)]
let mut hmac: Hmac<Sha256> = Hmac::new_from_slice(self.secret.0.expose_secret())
.expect("HMAC should accept key of any length");
@ -208,7 +207,6 @@ impl UserServerKeyGenerator {
let padlock = self.padlock_generator.generate_padlock(server_hash);
#[allow(clippy::expect_used)]
let timestamp = OffsetDateTime::now_utc()
.format(format_description!(
"[year repr:last_two][month][day][hour repr:24][minute][second]"

21
src/db.rs
View file

@ -43,20 +43,24 @@ pub struct SqliteDatabase {
impl SqliteDatabase {
#[instrument]
pub async fn open(connection_string: &str) -> Result<Self, sqlx::Error> {
let options = SqliteConnectOptions::from_str(connection_string)?.create_if_missing(true);
pub async fn open(connection_string: &str) -> Self {
let options = SqliteConnectOptions::from_str(connection_string)
.expect("Invalid database URI")
.create_if_missing(true);
let mut db = Self {
conn: SqliteConnection::connect_with(&options).await?,
conn: SqliteConnection::connect_with(&options)
.await
.expect("Failed to open SQLite database"),
};
db.init().await?;
db.init().await;
Ok(db)
db
}
#[instrument]
async fn init(&mut self) -> Result<(), sqlx::Error> {
pub async fn init(&mut self) {
query!(
"CREATE TABLE IF NOT EXISTS user_tokens (
id INTEGER PRIMARY KEY AUTOINCREMENT,
@ -68,9 +72,8 @@ impl SqliteDatabase {
)"
)
.execute(&mut self.conn)
.await?;
Ok(())
.await
.expect("Failed to initialize table user_tokens");
}
}

62
src/main.rs
View file

@ -16,12 +16,7 @@
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#![warn(
clippy::pedantic,
clippy::as_conversions,
clippy::unwrap_used, // allow case by case, add comment explaining why panic can't happen
clippy::expect_used // allow case by case, expect message should be self-explanatory
)]
#![warn(clippy::pedantic, clippy::as_conversions)]
#![forbid(unsafe_code)]
mod auth;
@ -30,40 +25,27 @@ mod db;
mod secrets;
mod server;
use std::{env, path::PathBuf, sync::Arc};
use std::sync::Arc;
use auth::{
AuthenticationBackend, ServerPadlockGenerator, UserAuthenticator, UserServerKeyGenerator,
};
use clap::Parser;
use color_eyre::{eyre::Context, Result};
use color_eyre::Result;
use config::Config;
use db::{Database, SqliteDatabase};
use tokio::sync::Mutex;
use tracing::{event, instrument, level_filters::LevelFilter, Level};
use tracing::{event, instrument, Level};
use tracing_error::ErrorLayer;
use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt, EnvFilter};
#[instrument]
fn init() -> Result<()> {
const FILTER_ENV_VAR: &str = EnvFilter::DEFAULT_ENV;
color_eyre::install()?;
let mut filter_error = None;
let filter_layer = EnvFilter::builder()
.with_env_var(FILTER_ENV_VAR)
.try_from_env()
.unwrap_or_else(|e| {
// sure would be nice if the error type was useful
if env::var_os(FILTER_ENV_VAR).is_some() {
filter_error = Some(e);
}
EnvFilter::builder()
.with_default_directive(LevelFilter::INFO.into())
.parse_lossy("")
});
let filter_layer = EnvFilter::try_from_default_env()
.or_else(|_| EnvFilter::try_new("info"))
.unwrap();
let fmt_layer = tracing_subscriber::fmt::layer().with_target(true);
tracing_subscriber::registry()
@ -72,14 +54,6 @@ fn init() -> Result<()> {
.with(ErrorLayer::default())
.init();
if let Some(e) = filter_error {
event!(
Level::WARN,
error = %e,
r#"Tracing filter env variable `{FILTER_ENV_VAR}` contained invalid data, falling back to "info""#
);
}
Ok(())
}
@ -104,29 +78,17 @@ struct Args {
async fn main() -> Result<()> {
let args = Args::parse();
init().context("Failed to initialize tracing")?;
init()?;
let config = load_config(&args.config).await.with_context(|| {
if let Ok(path) = PathBuf::from(&args.config).canonicalize() {
format!("Failed to load config from {path:?}")
} else {
format!("Failed to load config from invalid path {}", &args.config)
}
})?;
let config = load_config(&args.config).await?;
let database: Arc<Mutex<Box<dyn Database + Send>>> = Arc::new(Mutex::new(Box::new(
SqliteDatabase::open(&config.database.connection_string)
.await
.context("Failed to open database")?,
SqliteDatabase::open(&config.database.connection_string).await,
)));
let mut auth_backends = vec![];
for (i, c) in config.auth_backends.into_iter().enumerate() {
auth_backends.push(
AuthenticationBackend::new(c)
.await
.with_context(|| format!("Failed to initialize backend {i}"))?,
);
for c in config.auth_backends {
auth_backends.push(AuthenticationBackend::new(c).await?);
}
let user_authenticator = Arc::new(UserAuthenticator::new(database, auth_backends));

32
src/secrets.rs
View file

@ -1,10 +1,8 @@
use std::fmt::Debug;
use std::{convert::Infallible, fmt::Debug};
use hex::FromHex;
use rand::{thread_rng, Rng};
use secrecy::{ExposeSecret, SecretString, SecretVec};
use serde::{Deserialize, Serialize};
use thiserror::Error;
#[derive(Debug, Clone, Deserialize)]
pub struct Password(pub SecretString);
@ -54,18 +52,8 @@ impl From<String> for ServerPadlock {
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ServerHash(pub String);
#[derive(Deserialize)]
pub struct PadlockGenerationSecret(pub SecretVec<u8>);
impl PadlockGenerationSecret {
/// Entirely arbitrary
const MIN_LENGTH_BYTES: usize = 32;
fn get_random_secret() -> Vec<u8> {
let mut rng = thread_rng();
(0..Self::MIN_LENGTH_BYTES).map(|_| rng.gen()).collect()
}
}
impl Debug for PadlockGenerationSecret {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
f.debug_tuple("PadlockGenerationSecret")
@ -79,22 +67,10 @@ impl Clone for PadlockGenerationSecret {
}
}
#[derive(Debug, Clone, Error)]
#[error(
"Padlock secret too short, must be at least {} bytes - here's a fresh secret for you: {}",
PadlockGenerationSecret::MIN_LENGTH_BYTES,
hex::encode(PadlockGenerationSecret::get_random_secret())
)]
pub struct PadlockSecretTooShort;
impl FromHex for PadlockGenerationSecret {
type Error = PadlockSecretTooShort;
type Error = Infallible;
fn from_hex<T: AsRef<[u8]>>(hex: T) -> Result<Self, Self::Error> {
let hex = hex.as_ref();
if hex.len() < Self::MIN_LENGTH_BYTES {
Err(PadlockSecretTooShort)
} else {
Ok(Self(hex.to_vec().into()))
}
Ok(Self(hex.as_ref().to_vec().into()))
}
}