BasicOIDC/src/main.rs

use actix::Actor;
use actix_identity::{CookieIdentityPolicy, IdentityService};
use actix_web::{App, get, HttpResponse, HttpServer, web};
use actix_web::cookie::SameSite;
use actix_web::cookie::time::Duration;
use actix_web::middleware::Logger;
use clap::Parser;

use basic_oidc::actors::bruteforce_actor::BruteForceActor;
use basic_oidc::actors::openid_sessions_actor::OpenIDSessionsActor;
use basic_oidc::actors::users_actor::UsersActor;
use basic_oidc::constants::*;
use basic_oidc::controllers::*;
use basic_oidc::controllers::assets_controller::assets_route;
use basic_oidc::controllers::login_controller::{login_route, logout_route};
use basic_oidc::data::app_config::AppConfig;
use basic_oidc::data::client::ClientManager;
use basic_oidc::data::entity_manager::EntityManager;
use basic_oidc::data::jwt_signer::JWTSigner;
use basic_oidc::data::user::{hash_password, User};
use basic_oidc::middlewares::auth_middleware::AuthMiddleware;

#[get("/health")]
async fn health() -> &'static str {
    "Running"
}

#[actix_web::main]
async fn main() -> std::io::Result<()> {
    env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));

    let mut config: AppConfig = AppConfig::parse();

    // In debug mode only, use dummy token
    if cfg!(debug_assertions) && config.token_key.is_empty() {
        config.token_key = String::from_utf8_lossy(&[32; 32]).to_string();
    }

    if !config.storage_path().exists() {
        log::error!(
            "Specified storage path {:?} does not exists!",
            config.storage_path()
        );
        panic!()
    }

    let mut users = EntityManager::<User>::open_or_create(config.users_file())
        .expect("Failed to load users list!");

    // Create initial user if required
    if users.is_empty() {
        log::info!("Create default {} user", DEFAULT_ADMIN_USERNAME);
        let default_admin = User {
            username: DEFAULT_ADMIN_USERNAME.to_string(),
            password: hash_password(DEFAULT_ADMIN_PASSWORD).unwrap(),
            need_reset_password: true,
            authorized_clients: None,
            admin: true,
            ..Default::default()
        };

        users
            .insert(default_admin)
            .expect("Failed to create initial user!");
    }

    let users_actor = UsersActor::new(users).start();
    let bruteforce_actor = BruteForceActor::default().start();
    let openid_sessions_actor = OpenIDSessionsActor::default().start();
    let jwt_signer = JWTSigner::gen_from_memory()
        .expect("Failed to generate JWKS key");

    log::info!("Server will listen on {}", config.listen_address);
    let listen_address = config.listen_address.to_string();

    HttpServer::new(move || {
        let mut clients = ClientManager::open_or_create(config.clients_file())
            .expect("Failed to load clients list!");
        clients.apply_environment_variables();

        let policy = CookieIdentityPolicy::new(config.token_key.as_bytes())
            .name(SESSION_COOKIE_NAME)
            .secure(config.secure_cookie())
            .visit_deadline(Duration::seconds(MAX_INACTIVITY_DURATION))
            .login_deadline(Duration::seconds(MAX_SESSION_DURATION))
            .same_site(SameSite::Lax);

        App::new()
            .app_data(web::Data::new(users_actor.clone()))
            .app_data(web::Data::new(bruteforce_actor.clone()))
            .app_data(web::Data::new(openid_sessions_actor.clone()))
            .app_data(web::Data::new(config.clone()))
            .app_data(web::Data::new(clients))
            .app_data(web::Data::new(jwt_signer.clone()))

            .wrap(Logger::default())
            .wrap(AuthMiddleware {})
            .wrap(IdentityService::new(policy))

            // main route
            .route("/", web::get()
                .to(|| async { HttpResponse::Found().append_header(("Location", "/settings")).finish() }))

            // health route
            .service(health)

            // Assets serving
            .route("/assets/{path:.*}", web::get().to(assets_route))

            // Login page
            .route("/login", web::get().to(login_route))
            .route("/login", web::post().to(login_route))

            // Logout page
            .route("/logout", web::get().to(logout_route))

            // Settings routes
            .route("/settings", web::get().to(settings_controller::account_settings_details_route))
            .route("/settings/change_password", web::get().to(settings_controller::change_password_route))
            .route("/settings/change_password", web::post().to(settings_controller::change_password_route))
            .route("/settings/two_factors", web::get().to(two_factors_controller::two_factors_route))
            .route("/settings/two_factors/add_totp", web::get().to(two_factors_controller::add_totp_factor_route))

            // User API
            .route("/settings/api/two_factor/save_totp_factor", web::post().to(two_factor_api::save_totp_factor))
            .route("/settings/api/two_factor/delete_factor", web::post().to(two_factor_api::delete_factor))

            // Admin routes
            .route("/admin", web::get()
                .to(|| async { HttpResponse::Found().append_header(("Location", "/settings")).finish() }))
            .route("/admin/clients", web::get().to(admin_controller::clients_route))
            .route("/admin/users", web::get().to(admin_controller::users_route))
            .route("/admin/users", web::post().to(admin_controller::users_route))
            .route("/admin/create_user", web::get().to(admin_controller::create_user))
            .route("/admin/edit_user", web::get().to(admin_controller::edit_user))

            // Admin API
            .route("/admin/api/find_username", web::post().to(admin_api::find_username))
            .route("/admin/api/delete_user", web::post().to(admin_api::delete_user))

            // OpenID routes
            .route("/.well-known/openid-configuration", web::get().to(openid_controller::get_configuration))
            .route(AUTHORIZE_URI, web::get().to(openid_controller::authorize))
            .route(TOKEN_URI, web::post().to(openid_controller::token))
            .route(CERT_URI, web::get().to(openid_controller::cert_uri))
            .route(USERINFO_URI, web::post().to(openid_controller::user_info_post))
            .route(USERINFO_URI, web::get().to(openid_controller::user_info_get))
    })
        .bind(listen_address)?
        .run()
        .await
}
Start to implement auth middleware 2022-04-02 13:44:09 +00:00			`use actix::Actor;`
			`use actix_identity::{CookieIdentityPolicy, IdentityService};`
Add home route 2022-04-04 15:43:53 +00:00			`use actix_web::{App, get, HttpResponse, HttpServer, web};`
Format code 2022-04-03 13:50:49 +00:00			`use actix_web::cookie::SameSite;`
Automatically clean failed login attempts 2022-04-03 14:45:25 +00:00			`use actix_web::cookie::time::Duration;`
Ready to implement login page 2022-03-30 08:29:10 +00:00			`use actix_web::middleware::Logger;`
Migrate to actix 2022-03-30 08:14:39 +00:00			`use clap::Parser;`
Automatically create admin on first start 2022-03-29 17:32:31 +00:00
Automatically clean failed login attempts 2022-04-03 14:45:25 +00:00			`use basic_oidc::actors::bruteforce_actor::BruteForceActor;`
Save open id session 2022-04-09 10:18:59 +00:00			`use basic_oidc::actors::openid_sessions_actor::OpenIDSessionsActor;`
Start to implement auth middleware 2022-04-02 13:44:09 +00:00			`use basic_oidc::actors::users_actor::UsersActor;`
Dynamically check username 2022-04-07 15:57:10 +00:00			`use basic_oidc::constants::*;`
			`use basic_oidc::controllers::*;`
Migrate to actix 2022-03-30 08:14:39 +00:00			`use basic_oidc::controllers::assets_controller::assets_route;`
User can sign out 2022-04-01 17:05:40 +00:00			`use basic_oidc::controllers::login_controller::{login_route, logout_route};`
Automatically create admin on first start 2022-03-29 17:32:31 +00:00			`use basic_oidc::data::app_config::AppConfig;`
Load a list of clients 2022-04-06 15:18:06 +00:00			`use basic_oidc::data::client::ClientManager;`
Automatically create admin on first start 2022-03-29 17:32:31 +00:00			`use basic_oidc::data::entity_manager::EntityManager;`
Emit id_token 2022-04-13 17:07:58 +00:00			`use basic_oidc::data::jwt_signer::JWTSigner;`
Automatically create admin on first start 2022-03-29 17:32:31 +00:00			`use basic_oidc::data::user::{hash_password, User};`
Start to implement auth middleware 2022-04-02 13:44:09 +00:00			`use basic_oidc::middlewares::auth_middleware::AuthMiddleware;`
Automatically create admin on first start 2022-03-29 17:32:31 +00:00
			`#[get("/health")]`
Migrate to actix 2022-03-30 08:14:39 +00:00			`async fn health() -> &'static str {`
Automatically create admin on first start 2022-03-29 17:32:31 +00:00			`"Running"`
Initial commit 2022-03-29 16:19:23 +00:00			`}`
Automatically create admin on first start 2022-03-29 17:32:31 +00:00
Migrate to actix 2022-03-30 08:14:39 +00:00			`#[actix_web::main]`
			`async fn main() -> std::io::Result<()> {`
			`env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));`
Automatically create admin on first start 2022-03-29 17:32:31 +00:00
Add actix-identity crate 2022-03-30 14:58:00 +00:00			`let mut config: AppConfig = AppConfig::parse();`

			`// In debug mode only, use dummy token`
			`if cfg!(debug_assertions) && config.token_key.is_empty() {`
			`config.token_key = String::from_utf8_lossy(&[32; 32]).to_string();`
			`}`
Automatically create admin on first start 2022-03-29 17:32:31 +00:00
			`if !config.storage_path().exists() {`
Fix coding style issue 2022-03-30 06:42:18 +00:00			`log::error!(`
			`"Specified storage path {:?} does not exists!",`
			`config.storage_path()`
			`);`
Automatically create admin on first start 2022-03-29 17:32:31 +00:00			`panic!()`
			`}`

			`let mut users = EntityManager::<User>::open_or_create(config.users_file())`
			`.expect("Failed to load users list!");`

			`// Create initial user if required`
Fix coding style issue 2022-03-30 06:42:18 +00:00			`if users.is_empty() {`
Automatically create admin on first start 2022-03-29 17:32:31 +00:00			`log::info!("Create default {} user", DEFAULT_ADMIN_USERNAME);`
Fix coding style issue 2022-03-30 06:42:18 +00:00			`let default_admin = User {`
			`username: DEFAULT_ADMIN_USERNAME.to_string(),`
			`password: hash_password(DEFAULT_ADMIN_PASSWORD).unwrap(),`
			`need_reset_password: true,`
Start to build edit user form 2022-04-07 15:32:29 +00:00			`authorized_clients: None,`
Fix coding style issue 2022-03-30 06:42:18 +00:00			`admin: true,`
			`..Default::default()`
			`};`

			`users`
			`.insert(default_admin)`
Automatically create admin on first start 2022-03-29 17:32:31 +00:00			`.expect("Failed to create initial user!");`
			`}`

Create users actor 2022-03-30 09:40:03 +00:00			`let users_actor = UsersActor::new(users).start();`
Automatically clean failed login attempts 2022-04-03 14:45:25 +00:00			`let bruteforce_actor = BruteForceActor::default().start();`
Save open id session 2022-04-09 10:18:59 +00:00			`let openid_sessions_actor = OpenIDSessionsActor::default().start();`
Emit id_token 2022-04-13 17:07:58 +00:00			`let jwt_signer = JWTSigner::gen_from_memory()`
			`.expect("Failed to generate JWKS key");`
Create users actor 2022-03-30 09:40:03 +00:00
Migrate to actix 2022-03-30 08:14:39 +00:00			`log::info!("Server will listen on {}", config.listen_address);`
Block POST requests from unknown origins 2022-04-03 13:48:45 +00:00			`let listen_address = config.listen_address.to_string();`
Migrate to actix 2022-03-30 08:14:39 +00:00
Create users actor 2022-03-30 09:40:03 +00:00			`HttpServer::new(move \|\| {`
Can specify environment variables in client configuration 2022-04-15 19:58:07 +00:00			`let mut clients = ClientManager::open_or_create(config.clients_file())`
Load a list of clients 2022-04-06 15:18:06 +00:00			`.expect("Failed to load clients list!");`
Can specify environment variables in client configuration 2022-04-15 19:58:07 +00:00			`clients.apply_environment_variables();`
Load a list of clients 2022-04-06 15:18:06 +00:00
Add actix-identity crate 2022-03-30 14:58:00 +00:00			`let policy = CookieIdentityPolicy::new(config.token_key.as_bytes())`
Get identity from middleware 2022-04-02 15:03:51 +00:00			`.name(SESSION_COOKIE_NAME)`
Block POST requests from unknown origins 2022-04-03 13:48:45 +00:00			`.secure(config.secure_cookie())`
Delegate session lifetime to `actix-identity` crate 2022-04-02 15:17:54 +00:00			`.visit_deadline(Duration::seconds(MAX_INACTIVITY_DURATION))`
			`.login_deadline(Duration::seconds(MAX_SESSION_DURATION))`
Save open id session 2022-04-09 10:18:59 +00:00			`.same_site(SameSite::Lax);`
Add actix-identity crate 2022-03-30 14:58:00 +00:00
Migrate to actix 2022-03-30 08:14:39 +00:00			`App::new()`
Create users actor 2022-03-30 09:40:03 +00:00			`.app_data(web::Data::new(users_actor.clone()))`
Automatically clean failed login attempts 2022-04-03 14:45:25 +00:00			`.app_data(web::Data::new(bruteforce_actor.clone()))`
Save open id session 2022-04-09 10:18:59 +00:00			`.app_data(web::Data::new(openid_sessions_actor.clone()))`
Block POST requests from unknown origins 2022-04-03 13:48:45 +00:00			`.app_data(web::Data::new(config.clone()))`
Load a list of clients 2022-04-06 15:18:06 +00:00			`.app_data(web::Data::new(clients))`
Emit id_token 2022-04-13 17:07:58 +00:00			`.app_data(web::Data::new(jwt_signer.clone()))`
Display account details 2022-04-04 15:39:23 +00:00
Ready to implement login page 2022-03-30 08:29:10 +00:00			`.wrap(Logger::default())`
Start to implement auth middleware 2022-04-02 13:44:09 +00:00			`.wrap(AuthMiddleware {})`
Get identity from middleware 2022-04-02 15:03:51 +00:00			`.wrap(IdentityService::new(policy))`
Display account details 2022-04-04 15:39:23 +00:00
Add home route 2022-04-04 15:43:53 +00:00			`// main route`
			`.route("/", web::get()`
			`.to(\|\| async { HttpResponse::Found().append_header(("Location", "/settings")).finish() }))`

Display account details 2022-04-04 15:39:23 +00:00			`// health route`
Migrate to actix 2022-03-30 08:14:39 +00:00			`.service(health)`
Display account details 2022-04-04 15:39:23 +00:00
Create users actor 2022-03-30 09:40:03 +00:00			`// Assets serving`
Migrate to actix 2022-03-30 08:14:39 +00:00			`.route("/assets/{path:.*}", web::get().to(assets_route))`
Display account details 2022-04-04 15:39:23 +00:00
Create users actor 2022-03-30 09:40:03 +00:00			`// Login page`
Ready to implement login page 2022-03-30 08:29:10 +00:00			`.route("/login", web::get().to(login_route))`
Create users actor 2022-03-30 09:40:03 +00:00			`.route("/login", web::post().to(login_route))`
Display account details 2022-04-04 15:39:23 +00:00
User can sign out 2022-04-01 17:05:40 +00:00			`// Logout page`
			`.route("/logout", web::get().to(logout_route))`
Display account details 2022-04-04 15:39:23 +00:00
			`// Settings routes`
			`.route("/settings", web::get().to(settings_controller::account_settings_details_route))`
Can change user password 2022-04-05 15:17:34 +00:00			`.route("/settings/change_password", web::get().to(settings_controller::change_password_route))`
			`.route("/settings/change_password", web::post().to(settings_controller::change_password_route))`
Start to work on 2FA 2022-04-18 17:23:43 +00:00			`.route("/settings/two_factors", web::get().to(two_factors_controller::two_factors_route))`
Can register Authenticator app 2022-04-19 09:01:31 +00:00			`.route("/settings/two_factors/add_totp", web::get().to(two_factors_controller::add_totp_factor_route))`

			`// User API`
Can remove created factors 2022-04-19 14:17:58 +00:00			`.route("/settings/api/two_factor/save_totp_factor", web::post().to(two_factor_api::save_totp_factor))`
			`.route("/settings/api/two_factor/delete_factor", web::post().to(two_factor_api::delete_factor))`
Load a list of clients 2022-04-06 15:18:06 +00:00
			`// Admin routes`
Display the list of users 2022-04-06 16:03:00 +00:00			`.route("/admin", web::get()`
			`.to(\|\| async { HttpResponse::Found().append_header(("Location", "/settings")).finish() }))`
Load a list of clients 2022-04-06 15:18:06 +00:00			`.route("/admin/clients", web::get().to(admin_controller::clients_route))`
Display the list of users 2022-04-06 16:03:00 +00:00			`.route("/admin/users", web::get().to(admin_controller::users_route))`
Can create user accounts 2022-04-07 16:59:48 +00:00			`.route("/admin/users", web::post().to(admin_controller::users_route))`
Start to build edit user form 2022-04-07 15:04:05 +00:00			`.route("/admin/create_user", web::get().to(admin_controller::create_user))`
Can update user information 2022-04-08 14:28:19 +00:00			`.route("/admin/edit_user", web::get().to(admin_controller::edit_user))`
Dynamically check username 2022-04-07 15:57:10 +00:00
			`// Admin API`
			`.route("/admin/api/find_username", web::post().to(admin_api::find_username))`
Can delete user account 2022-04-08 15:54:51 +00:00			`.route("/admin/api/delete_user", web::post().to(admin_api::delete_user))`
Add openid-connecter discovery route 2022-04-08 16:53:57 +00:00
Check OpenID request parameters 2022-04-09 09:30:23 +00:00			`// OpenID routes`
			`.route("/.well-known/openid-configuration", web::get().to(openid_controller::get_configuration))`
Add `/openid/token` route 2022-04-12 18:40:44 +00:00			`.route(AUTHORIZE_URI, web::get().to(openid_controller::authorize))`
			`.route(TOKEN_URI, web::post().to(openid_controller::token))`
Emit id_token 2022-04-13 17:07:58 +00:00			`.route(CERT_URI, web::get().to(openid_controller::cert_uri))`
Start to build userinfo endpoint 2022-04-14 16:39:18 +00:00			`.route(USERINFO_URI, web::post().to(openid_controller::user_info_post))`
			`.route(USERINFO_URI, web::get().to(openid_controller::user_info_get))`
Migrate to actix 2022-03-30 08:14:39 +00:00			`})`
Automatically clean failed login attempts 2022-04-03 14:45:25 +00:00			`.bind(listen_address)?`
			`.run()`
			`.await`
Fix coding style issue 2022-03-30 06:42:18 +00:00			`}`