pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

Compare commits

base: pierre:20260223
Branches Tags
pierre:master
pierre:20260223 pierre:20251204 pierre:20251028
..
compare: pierre:2455f3aa568153e2c46912b603a25dc0d2de6704
Branches Tags
pierre:master
pierre:20260223 pierre:20251204 pierre:20251028

1 Commits
20260223 ... 2455f3aa56

Author SHA1 Message Date
Renovate Bot
2455f3aa56 Update Rust crate rand to 0.10.0
Some checks failed
renovate/artifacts Artifact file update failure
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2026-02-19 00:12:45 +00:00
9 changed files with 267 additions and 495 deletions
Expand all files Collapse all files

687
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

19
Cargo.toml
View File

@@ -8,35 +8,38 @@ edition = "2024"
[dependencies]
actix = "0.13.5"
actix-identity = "0.9.0"
actix-web = "4.13.0"
actix-web = "4.12.1"
actix-session = { version = "0.11.0", features = ["cookie-session", "redis-session"] }
actix-remote-ip = "0.1.0"
clap = { version = "4.5.60", features = ["derive", "env"] }
clap = { version = "4.5.59", features = ["derive", "env"] }
include_dir = "0.7.4"
log = "0.4.29"
serde_json = "1.0.149"
serde_yml = "0.0.12"
env_logger = "0.11.9"
serde_yaml = "0.9.34"
env_logger = "0.11.8"
serde = { version = "1.0.228", features = ["derive"] }
bcrypt = "0.18.0"
uuid = { version = "1.21.0", features = ["v4"] }
uuid = { version = "1.20.0", features = ["v4"] }
mime_guess = "2.0.5"
askama = "0.15.4"
urlencoding = "2.1.3"
rand = "0.10.0"
base64 = "0.22.1"
jwt-simple = { version = "0.12.14", default-features = false, features = ["pure-rust"] }
sha2 = "0.11.0-rc.5"
lazy-regex = "3.6.0"
digest = "0.11.0"
sha2 = "0.11.0-rc.4"
lazy-regex = "3.5.1"
totp_rfc6238 = "0.6.1"
base32 = "0.5.1"
qrcode-generator = "5.0.0"
webauthn-rs = { version = "0.5.4", features = ["danger-allow-state-serialisation"] }
url = "2.5.8"
light-openid = { version = "1.1.0", features = ["crypto-wrapper"] }
rkyv = "0.8.15"
rkyv = "0.8.14"
chrono = "0.4.43"
lazy_static = "1.5.0"
mailchecker = "6.0.19"
httpdate = "1.0.3"
build-time = "0.1.3"
hex = "0.4.3"
anyhow = "1.0.101"

10
src/actors/openid_sessions_actor.rs
View File

@@ -17,20 +17,17 @@ pub struct SessionID(pub String);
#[derive(Clone, Debug)]
pub struct Session {
pub session_id: SessionID,
pub client: ClientID,
pub user: UserID,
pub auth_time: u64,
pub redirect_uri: String,
pub session_id: SessionID,
pub session_expire_at: u64,
pub authorization_code: String,
pub authorization_code_expire_at: u64,
pub access_token: Option<String>,
pub access_token_expire_at: u64,
pub refresh_token: String,
pub refresh_token_expire_at: u64,
@@ -40,10 +37,9 @@ pub struct Session {
impl Session {
pub fn is_expired(&self) -> bool {
self.session_expire_at < time()
|| (self.authorization_code_expire_at < time()
self.authorization_code_expire_at < time()
&& self.access_token_expire_at < time()
&& self.refresh_token_expire_at < time())
&& self.refresh_token_expire_at < time()
}
pub fn regenerate_access_and_refresh_tokens(

3
src/constants.rs
View File

@@ -64,8 +64,7 @@ pub const USERINFO_URI: &str = "/openid/userinfo";
/// Open ID constants
pub const OPEN_ID_SESSION_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);
pub const OPEN_ID_SESSION_ID_LEN: usize = 40;
pub const OPEN_ID_SESSION_MAX_DURATION: Duration = Duration::from_secs(3600 * 24 * 7);
pub const OPEN_ID_SESSION_LEN: usize = 40;
pub const OPEN_ID_AUTHORIZATION_CODE_LEN: usize = 120;
pub const OPEN_ID_AUTHORIZATION_CODE_TIMEOUT: u64 = 300;
pub const OPEN_ID_ACCESS_TOKEN_LEN: usize = 50;

3
src/controllers/openid_controller.rs
View File

@@ -219,12 +219,11 @@ pub async fn authorize(
(_, "code") => {
// Save all authentication information in memory
let session = Session {
session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)),
client: client.id.clone(),
user: user.uid.clone(),
auth_time: SessionIdentity(Some(&id)).auth_time(),
redirect_uri,
session_id: SessionID(rand_str(OPEN_ID_SESSION_ID_LEN)),
session_expire_at: time() + OPEN_ID_SESSION_MAX_DURATION.as_secs(),
authorization_code: rand_str(OPEN_ID_AUTHORIZATION_CODE_LEN),
authorization_code_expire_at: time() + OPEN_ID_AUTHORIZATION_CODE_TIMEOUT,
access_token: None,

20
src/data/app_config.rs
View File

@@ -1,6 +1,6 @@
use clap::Parser;
use std::path::{Path, PathBuf};
use std::sync::OnceLock;
use clap::Parser;
use crate::constants::{
APP_NAME, CLIENTS_LIST_FILE, OIDC_PROVIDER_CB_URI, PROVIDERS_LIST_FILE, USERS_LIST_FILE,
@@ -93,12 +93,8 @@ pub struct AppConfig {
redis_password: String,
}
static ARGS: OnceLock<AppConfig> = OnceLock::new();
impl AppConfig {
/// Get parsed command line arguments
pub fn get() -> &'static AppConfig {
ARGS.get_or_init(|| {
lazy_static::lazy_static! {
static ref ARGS: AppConfig = {
let mut config = AppConfig::parse();
// In debug mode only, use dummy token
@@ -107,7 +103,13 @@ impl AppConfig {
}
config
})
};
}
impl AppConfig {
/// Get parsed command line arguments
pub fn get() -> &'static AppConfig {
&ARGS
}
pub fn secure_cookie(&self) -> bool {

4
src/data/entity_manager.rs
View File

@@ -36,7 +36,7 @@ where
file_path: path.as_ref().to_path_buf(),
list: match Self::file_format(path.as_ref()) {
FileFormat::Json => serde_json::from_str(&file_content)?,
FileFormat::Yaml => serde_yml::from_str(&file_content)?,
FileFormat::Yaml => serde_yaml::from_str(&file_content)?,
},
})
}
@@ -47,7 +47,7 @@ where
&self.file_path,
match Self::file_format(self.file_path.as_ref()) {
FileFormat::Json => serde_json::to_string(&self.list)?,
FileFormat::Yaml => serde_yml::to_string(&self.list)?,
FileFormat::Yaml => serde_yaml::to_string(&self.list)?,
},
)?)
}

2
src/data/totp_key.rs
View File

@@ -1,5 +1,5 @@
use base32::Alphabet;
use rand::RngExt;
use rand::Rng;
use totp_rfc6238::{HashAlgorithm, TotpGenerator};
use crate::data::app_config::AppConfig;

2
src/utils/crypt_utils.rs
View File

@@ -1,4 +1,4 @@
use sha2::Digest;
use digest::Digest;
#[inline]
pub fn sha256(input: &[u8]) -> Vec<u8> {