pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

Compare commits

base: pierre:775198dd3d3285a95117c394a8379c12a56cc4cf
Branches Tags
pierre:master
pierre:20260223 pierre:20251204 pierre:20251028
...
compare: pierre:20260223
Branches Tags
pierre:master
pierre:20260223 pierre:20251204 pierre:20251028

6 Commits
775198dd3d ... 20260223

Author SHA1 Message Date
Pierre HUBERT
cc72ff64d2 Make OpenID sessions expire after one week
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2026-02-23 18:44:34 +01:00
Renovate Bot
3482c53acf Merge pull request 'Update Rust crate clap to 4.5.60' (#477) from renovate/clap-4.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-02-21 00:12:25 +00:00
Renovate Bot
84c3415ad7 Update Rust crate clap to 4.5.60
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-02-20 00:12:08 +00:00
Pierre HUBERT
cc2c3d7626 Updated project dependencies
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-02-19 17:37:03 +01:00
Renovate Bot
965a7dbe8b Merge pull request 'Update Rust crate clap to 4.5.59' (#476) from renovate/clap-4.x into master
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-18 00:23:48 +00:00
Renovate Bot
bc6bdcbc7d Update Rust crate clap to 4.5.59
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2026-02-17 00:24:47 +00:00
9 changed files with 498 additions and 270 deletions
Expand all files Collapse all files

691
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

21
Cargo.toml
View File

@@ -8,38 +8,35 @@ edition = "2024"
[dependencies]
actix = "0.13.5"
actix-identity = "0.9.0"
actix-web = "4.12.1"
actix-web = "4.13.0"
actix-session = { version = "0.11.0", features = ["cookie-session", "redis-session"] }
actix-remote-ip = "0.1.0"
clap = { version = "4.5.58", features = ["derive", "env"] }
clap = { version = "4.5.60", features = ["derive", "env"] }
include_dir = "0.7.4"
log = "0.4.29"
serde_json = "1.0.149"
serde_yaml = "0.9.34"
env_logger = "0.11.8"
serde_yml = "0.0.12"
env_logger = "0.11.9"
serde = { version = "1.0.228", features = ["derive"] }
bcrypt = "0.18.0"
uuid = { version = "1.20.0", features = ["v4"] }
uuid = { version = "1.21.0", features = ["v4"] }
mime_guess = "2.0.5"
askama = "0.15.4"
urlencoding = "2.1.3"
rand = "0.9.0"
rand = "0.10.0"
base64 = "0.22.1"
jwt-simple = { version = "0.12.14", default-features = false, features = ["pure-rust"] }
digest = "0.11.0"
sha2 = "0.11.0-rc.4"
lazy-regex = "3.5.1"
sha2 = "0.11.0-rc.5"
lazy-regex = "3.6.0"
totp_rfc6238 = "0.6.1"
base32 = "0.5.1"
qrcode-generator = "5.0.0"
webauthn-rs = { version = "0.5.4", features = ["danger-allow-state-serialisation"] }
url = "2.5.8"
light-openid = { version = "1.1.0", features = ["crypto-wrapper"] }
rkyv = "0.8.14"
rkyv = "0.8.15"
chrono = "0.4.43"
lazy_static = "1.5.0"
mailchecker = "6.0.19"
httpdate = "1.0.3"
build-time = "0.1.3"
hex = "0.4.3"
anyhow = "1.0.101"

12
src/actors/openid_sessions_actor.rs
View File

@@ -17,17 +17,20 @@ pub struct SessionID(pub String);
#[derive(Clone, Debug)]
pub struct Session {
pub session_id: SessionID,
pub client: ClientID,
pub user: UserID,
pub auth_time: u64,
pub redirect_uri: String,
pub session_id: SessionID,
pub session_expire_at: u64,
pub authorization_code: String,
pub authorization_code_expire_at: u64,
pub access_token: Option<String>,
pub access_token_expire_at: u64,
pub refresh_token: String,
pub refresh_token_expire_at: u64,
@@ -37,9 +40,10 @@ pub struct Session {
impl Session {
pub fn is_expired(&self) -> bool {
self.authorization_code_expire_at < time()
&& self.access_token_expire_at < time()
&& self.refresh_token_expire_at < time()
self.session_expire_at < time()
|| (self.authorization_code_expire_at < time()
&& self.access_token_expire_at < time()
&& self.refresh_token_expire_at < time())
}
pub fn regenerate_access_and_refresh_tokens(

3
src/constants.rs
View File

@@ -64,7 +64,8 @@ pub const USERINFO_URI: &str = "/openid/userinfo";
/// Open ID constants
pub const OPEN_ID_SESSION_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);
pub const OPEN_ID_SESSION_LEN: usize = 40;
pub const OPEN_ID_SESSION_ID_LEN: usize = 40;
pub const OPEN_ID_SESSION_MAX_DURATION: Duration = Duration::from_secs(3600 * 24 * 7);
pub const OPEN_ID_AUTHORIZATION_CODE_LEN: usize = 120;
pub const OPEN_ID_AUTHORIZATION_CODE_TIMEOUT: u64 = 300;
pub const OPEN_ID_ACCESS_TOKEN_LEN: usize = 50;

3
src/controllers/openid_controller.rs
View File

@@ -219,11 +219,12 @@ pub async fn authorize(
(_, "code") => {
// Save all authentication information in memory
let session = Session {
session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)),
client: client.id.clone(),
user: user.uid.clone(),
auth_time: SessionIdentity(Some(&id)).auth_time(),
redirect_uri,
session_id: SessionID(rand_str(OPEN_ID_SESSION_ID_LEN)),
session_expire_at: time() + OPEN_ID_SESSION_MAX_DURATION.as_secs(),
authorization_code: rand_str(OPEN_ID_AUTHORIZATION_CODE_LEN),
authorization_code_expire_at: time() + OPEN_ID_AUTHORIZATION_CODE_TIMEOUT,
access_token: None,

28
src/data/app_config.rs
View File

@@ -1,6 +1,6 @@
use std::path::{Path, PathBuf};
use clap::Parser;
use std::path::{Path, PathBuf};
use std::sync::OnceLock;
use crate::constants::{
APP_NAME, CLIENTS_LIST_FILE, OIDC_PROVIDER_CB_URI, PROVIDERS_LIST_FILE, USERS_LIST_FILE,
@@ -93,23 +93,21 @@ pub struct AppConfig {
redis_password: String,
}
lazy_static::lazy_static! {
static ref ARGS: AppConfig = {
let mut config = AppConfig::parse();
// In debug mode only, use dummy token
if cfg!(debug_assertions) && config.token_key.is_empty() {
config.token_key = String::from_utf8_lossy(&[32; 64]).to_string();
}
config
};
}
static ARGS: OnceLock<AppConfig> = OnceLock::new();
impl AppConfig {
/// Get parsed command line arguments
pub fn get() -> &'static AppConfig {
&ARGS
ARGS.get_or_init(|| {
let mut config = AppConfig::parse();
// In debug mode only, use dummy token
if cfg!(debug_assertions) && config.token_key.is_empty() {
config.token_key = String::from_utf8_lossy(&[32; 64]).to_string();
}
config
})
}
pub fn secure_cookie(&self) -> bool {

4
src/data/entity_manager.rs
View File

@@ -36,7 +36,7 @@ where
file_path: path.as_ref().to_path_buf(),
list: match Self::file_format(path.as_ref()) {
FileFormat::Json => serde_json::from_str(&file_content)?,
FileFormat::Yaml => serde_yaml::from_str(&file_content)?,
FileFormat::Yaml => serde_yml::from_str(&file_content)?,
},
})
}
@@ -47,7 +47,7 @@ where
&self.file_path,
match Self::file_format(self.file_path.as_ref()) {
FileFormat::Json => serde_json::to_string(&self.list)?,
FileFormat::Yaml => serde_yaml::to_string(&self.list)?,
FileFormat::Yaml => serde_yml::to_string(&self.list)?,
},
)?)
}

2
src/data/totp_key.rs
View File

@@ -1,5 +1,5 @@
use base32::Alphabet;
use rand::Rng;
use rand::RngExt;
use totp_rfc6238::{HashAlgorithm, TotpGenerator};
use crate::data::app_config::AppConfig;

2
src/utils/crypt_utils.rs
View File

@@ -1,4 +1,4 @@
use digest::Digest;
use sha2::Digest;
#[inline]
pub fn sha256(input: &[u8]) -> Vec<u8> {