pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

Compare commits

base: pierre:a2af039759272dd441c4fcbd8b3795c93a331987
Branches Tags
pierre:master
pierre:20260223 pierre:20251204 pierre:20251028
...
compare: pierre:20260223
Branches Tags
pierre:master
pierre:20260223 pierre:20251204 pierre:20251028

65 Commits
a2af039759 ... 20260223

Author SHA1 Message Date
Pierre HUBERT
cc72ff64d2 Make OpenID sessions expire after one week
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2026-02-23 18:44:34 +01:00
Renovate Bot
3482c53acf Merge pull request 'Update Rust crate clap to 4.5.60' (#477) from renovate/clap-4.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-02-21 00:12:25 +00:00
Renovate Bot
84c3415ad7 Update Rust crate clap to 4.5.60
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-02-20 00:12:08 +00:00
Pierre HUBERT
cc2c3d7626 Updated project dependencies
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-02-19 17:37:03 +01:00
Renovate Bot
965a7dbe8b Merge pull request 'Update Rust crate clap to 4.5.59' (#476) from renovate/clap-4.x into master
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-18 00:23:48 +00:00
Renovate Bot
bc6bdcbc7d Update Rust crate clap to 4.5.59
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2026-02-17 00:24:47 +00:00
Renovate Bot
82ea79126a Merge pull request 'Update Rust crate digest to 0.11.0' (#474) from renovate/digest-0.x into master
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-16 00:24:52 +00:00
Renovate Bot
141ec0ab4a Update Rust crate digest to 0.11.0
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2026-02-15 00:24:30 +00:00
Renovate Bot
883120e076 Merge pull request 'Update Rust crate clap to 4.5.58' (#473) from renovate/clap-4.x into master
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-14 00:23:40 +00:00
Renovate Bot
a64a1d8697 Update Rust crate clap to 4.5.58
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2026-02-13 00:24:42 +00:00
Renovate Bot
df9ee10191 Merge pull request 'Update Rust crate anyhow to 1.0.101' (#472) from renovate/anyhow-1.x into master
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-08 00:23:36 +00:00
Renovate Bot
cf482d15c2 Update Rust crate anyhow to 1.0.101
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2026-02-07 00:24:05 +00:00
Renovate Bot
029e229387 Merge pull request 'Update Rust crate clap to 4.5.57' (#471) from renovate/clap-4.x into master
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-06 00:24:12 +00:00
Renovate Bot
4bd238779b Update Rust crate clap to 4.5.57
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2026-02-05 00:24:19 +00:00
Renovate Bot
4fdf1bdc6b Merge pull request 'Update Rust crate digest to 0.11.0-rc.11' (#469) from renovate/digest-0.x into master
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-04 00:24:17 +00:00
Renovate Bot
c5ad96692a Update Rust crate digest to 0.11.0-rc.11
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2026-02-03 00:24:33 +00:00
Renovate Bot
ec72f9350e Merge pull request 'Update Rust crate clap to 4.5.56' (#468) from renovate/clap-4.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-31 00:23:38 +00:00
Renovate Bot
731f85a33a Update Rust crate clap to 4.5.56
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-30 00:24:09 +00:00
Renovate Bot
35967751fe Merge pull request 'Update Rust crate askama to 0.15.4' (#467) from renovate/askama-0.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-30 00:23:35 +00:00
Renovate Bot
651f512408 Update Rust crate askama to 0.15.4
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-29 00:24:35 +00:00
Renovate Bot
8482e7ab1e Merge pull request 'Update Rust crate clap to 4.5.55' (#466) from renovate/clap-4.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-29 00:24:31 +00:00
Renovate Bot
5dfe6d4e85 Update Rust crate clap to 4.5.55
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-28 00:24:12 +00:00
Renovate Bot
0f7a63861d Merge pull request 'Update Rust crate uuid to 1.20.0' (#465) from renovate/uuid-1.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 00:24:06 +00:00
Renovate Bot
7917c90ece Update Rust crate uuid to 1.20.0
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-27 00:23:58 +00:00
Renovate Bot
804faa6497 Merge pull request 'Update Rust crate digest to 0.11.0-rc.9' (#464) from renovate/digest-0.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-27 00:23:29 +00:00
Renovate Bot
fca0e421b5 Update Rust crate digest to 0.11.0-rc.9
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-26 00:24:23 +00:00
Renovate Bot
4636bfe7c1 Merge pull request 'Update Rust crate sha2 to 0.11.0-rc.4' (#463) from renovate/sha2-0.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-26 00:24:19 +00:00
Renovate Bot
cbf13e02e2 Update Rust crate sha2 to 0.11.0-rc.4
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-25 00:24:58 +00:00
Renovate Bot
8804af3b3d Merge pull request 'Update Rust crate jwt-simple to 0.12.14' (#462) from renovate/jwt-simple-0.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-23 00:23:53 +00:00
Renovate Bot
2bcf9a3cce Update Rust crate jwt-simple to 0.12.14
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-22 00:25:02 +00:00
Renovate Bot
ea5b1e6371 Merge pull request 'Update Rust crate digest to 0.11.0-rc.7' (#461) from renovate/digest-0.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-22 00:24:18 +00:00
Renovate Bot
e811976b21 Update Rust crate digest to 0.11.0-rc.7
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-21 00:09:54 +00:00
Renovate Bot
320d65e8ff Merge pull request 'Update Rust crate chrono to 0.4.43' (#460) from renovate/chrono-0.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-16 00:23:32 +00:00
Renovate Bot
1e61b20249 Update Rust crate chrono to 0.4.43
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-15 00:26:45 +00:00
Renovate Bot
630a5271cd Merge pull request 'Update Rust crate rkyv to 0.8.14' (#459) from renovate/rkyv-0.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-15 00:26:33 +00:00
Renovate Bot
588a06ccbb Update Rust crate rkyv to 0.8.14
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-14 00:24:16 +00:00
Renovate Bot
ab1fa624b0 Merge pull request 'Update Rust crate bcrypt to 0.18.0' (#458) from renovate/bcrypt-0.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-13 00:23:17 +00:00
Renovate Bot
c8f7db0bee Update Rust crate bcrypt to 0.18.0
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-12 00:24:15 +00:00
Renovate Bot
294c6a5d3b Merge pull request 'Update Rust crate lazy-regex to 3.5.1' (#457) from renovate/lazy-regex-3.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-10 00:23:20 +00:00
Renovate Bot
4b02e84047 Update Rust crate lazy-regex to 3.5.1
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-09 00:19:54 +00:00
Renovate Bot
e646798996 Merge pull request 'Update Rust crate url to 2.5.8' (#456) from renovate/url-2.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-09 00:19:13 +00:00
Renovate Bot
029bb1140f Update Rust crate url to 2.5.8
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-08 00:20:10 +00:00
Renovate Bot
d4924efa67 Merge pull request 'Update Rust crate serde_json to 1.0.149' (#455) from renovate/serde_json-1.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-08 00:19:14 +00:00
Renovate Bot
20f7e4e706 Update Rust crate serde_json to 1.0.149
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-07 00:19:39 +00:00
Renovate Bot
4fb7b98d8a Merge pull request 'Update Rust crate rkyv to 0.8.13' (#454) from renovate/rkyv-0.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-07 00:19:09 +00:00
Renovate Bot
e9e9dc2a41 Update Rust crate rkyv to 0.8.13
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-06 00:20:00 +00:00
Renovate Bot
62f91a4f34 Merge pull request 'Update Rust crate clap to 4.5.54' (#453) from renovate/clap-4.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-06 00:19:17 +00:00
Renovate Bot
6191eb1682 Update Rust crate clap to 4.5.54
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2026-01-05 00:19:36 +00:00
Pierre HUBERT
2a0b20ad00 Update light-openid to version 1.1.0
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-12-29 16:53:44 +01:00
Renovate Bot
a07c58955e Merge pull request 'Update Rust crate digest to 0.11.0-rc.5' (#450) from renovate/digest-0.x into master
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-12-29 00:27:39 +00:00
Renovate Bot
adc9b6bee6 Update Rust crate digest to 0.11.0-rc.5
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2025-12-28 00:27:15 +00:00
Renovate Bot
487c2febb7 Merge pull request 'Update Rust crate serde_json to 1.0.147' (#449) from renovate/serde_json-1.x into master
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-12-27 00:27:22 +00:00
Renovate Bot
3856529abc Update Rust crate serde_json to 1.0.147
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2025-12-25 00:27:44 +00:00
Renovate Bot
3aaaffd1a8 Merge pull request 'Update Rust crate askama to 0.15.0' (#448) from renovate/askama-0.x into master
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-12-24 00:27:22 +00:00
Renovate Bot
7564702bd5 Update Rust crate askama to 0.15.0
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2025-12-23 00:26:53 +00:00
Renovate Bot
98c63056e6 Merge pull request 'Update Rust crate bincode to v3' (#447) from renovate/bincode-3.x into master
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-12-17 00:27:51 +00:00
Renovate Bot
f490d314e5 Update Rust crate bincode to v3
Some checks failed
renovate/artifacts Artifact file update failure
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
2025-12-17 00:27:46 +00:00
Renovate Bot
6efd6a5abd Merge pull request 'Update Rust crate webauthn-rs to 0.5.4' (#446) from renovate/webauthn-rs-0.x into master
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-12-12 00:27:34 +00:00
Renovate Bot
cc79501f5a Update Rust crate webauthn-rs to 0.5.4
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2025-12-11 00:28:09 +00:00
Pierre HUBERT
9535ab754a Hide real build time of application
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-12-05 10:10:00 +01:00
Pierre HUBERT
b72fa90b67 Fix Hex encoding of assets file digests
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-12-04 19:21:18 +01:00
Pierre HUBERT
054fc0c4cc Use local fonts instead of google's one
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-12-04 18:54:43 +01:00
Pierre HUBERT
3d19a0eba2 Optimize cache management
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-12-04 18:51:46 +01:00
Pierre HUBERT
944e7dd00d Improve health endpoint 2025-12-04 18:20:05 +01:00
Pierre HUBERT
cb739ebe6d Can use Redis to store user sessions 2025-12-04 18:11:27 +01:00
29 changed files with 1122 additions and 469 deletions
Expand all files Collapse all files

1155
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

41
Cargo.toml
View File

@@ -8,34 +8,35 @@ edition = "2024"
[dependencies]
actix = "0.13.5"
actix-identity = "0.9.0"
actix-web = "4.12.1"
actix-session = { version = "0.11.0", features = ["cookie-session"] }
actix-web = "4.13.0"
actix-session = { version = "0.11.0", features = ["cookie-session", "redis-session"] }
actix-remote-ip = "0.1.0"
clap = { version = "4.5.53", features = ["derive", "env"] }
clap = { version = "4.5.60", features = ["derive", "env"] }
include_dir = "0.7.4"
log = "0.4.29"
serde_json = "1.0.145"
serde_yaml = "0.9.34"
env_logger = "0.11.8"
serde_json = "1.0.149"
serde_yml = "0.0.12"
env_logger = "0.11.9"
serde = { version = "1.0.228", features = ["derive"] }
bcrypt = "0.17.1"
uuid = { version = "1.19.0", features = ["v4"] }
bcrypt = "0.18.0"
uuid = { version = "1.21.0", features = ["v4"] }
mime_guess = "2.0.5"
askama = "0.14.0"
askama = "0.15.4"
urlencoding = "2.1.3"
rand = "0.10.0-rc.5"
rand = "0.10.0"
base64 = "0.22.1"
jwt-simple = { version = "0.12.13", default-features = false, features = ["pure-rust"] }
digest = "0.11.0-rc.4"
sha2 = "0.11.0-rc.3"
lazy-regex = "3.4.2"
jwt-simple = { version = "0.12.14", default-features = false, features = ["pure-rust"] }
sha2 = "0.11.0-rc.5"
lazy-regex = "3.6.0"
totp_rfc6238 = "0.6.1"
base32 = "0.5.1"
qrcode-generator = "5.0.0"
webauthn-rs = { version = "0.5.3", features = ["danger-allow-state-serialisation"] }
url = "2.5.7"
light-openid = { version = "1.0.4", features = ["crypto-wrapper"] }
bincode = "2.0.1"
chrono = "0.4.42"
lazy_static = "1.5.0"
webauthn-rs = { version = "0.5.4", features = ["danger-allow-state-serialisation"] }
url = "2.5.8"
light-openid = { version = "1.1.0", features = ["crypto-wrapper"] }
rkyv = "0.8.15"
chrono = "0.4.43"
mailchecker = "6.0.19"
httpdate = "1.0.3"
build-time = "0.1.3"
hex = "0.4.3"

2
assets/css/bootstrap.css vendored
View File

@@ -11,7 +11,7 @@
* Copyright 2011-2024 The Bootstrap Authors
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
*/
@import url("https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap");
@import url("/assets/robotfont/font.css");
:root,
[data-bs-theme=light] {
--bs-blue: #2a9fd6;

16
sample_upstream_provider/docker-compose.yaml
View File

@@ -1,4 +1,15 @@
services:
redis:
image: redis
network_mode: host
volumes:
- ./redis/redis.conf:/redis.conf:ro
command: [ "redis-server", "/redis.conf" ]
healthcheck:
test: [ "CMD", "redis-cli", "ping" ]
interval: 10s
timeout: 30s
retries: 3
upstream:
image: dexidp/dex
user: "1000"
@@ -33,9 +44,14 @@ services:
image: rust
user: "1000"
network_mode: host
depends_on:
redis:
condition: service_healthy
environment:
- STORAGE_PATH=/storage
- DISABLE_LOCAL_LOGIN=true
- USE_REDIS=true
- REDIS_PASSWORD=secretsecret
#- RUST_LOG=debug
volumes:
- ../:/app

3
sample_upstream_provider/redis/redis.conf Normal file
View File

@@ -0,0 +1,3 @@
maxmemory 256mb
maxmemory-policy allkeys-lru
requirepass secretsecret

4
src/actors/bruteforce_actor.rs
View File

@@ -5,7 +5,7 @@ use std::net::IpAddr;
use actix::{Actor, AsyncContext, Context, Handler, Message};
use crate::constants::{FAIL_LOGIN_ATTEMPT_CLEANUP_INTERVAL, KEEP_FAILED_LOGIN_ATTEMPTS_FOR};
use crate::utils::time::time;
use crate::utils::time_utils::time;
#[derive(Message)]
#[rtype(result = "()")]
@@ -87,7 +87,7 @@ mod test {
use std::net::{IpAddr, Ipv4Addr};
use crate::actors::bruteforce_actor::BruteForceActor;
use crate::utils::time::time;
use crate::utils::time_utils::time;
const IP_1: IpAddr = IpAddr::V4(Ipv4Addr::new(192, 168, 1, 1));
const IP_2: IpAddr = IpAddr::V4(Ipv4Addr::new(192, 168, 1, 2));

14
src/actors/openid_sessions_actor.rs
View File

@@ -10,24 +10,27 @@ use crate::data::jwt_signer::JWTSigner;
use crate::data::user::UserID;
use crate::utils::err::Res;
use crate::utils::string_utils::rand_str;
use crate::utils::time::time;
use crate::utils::time_utils::time;
#[derive(Clone, Debug, serde::Serialize, serde::Deserialize, Eq, PartialEq)]
pub struct SessionID(pub String);
#[derive(Clone, Debug)]
pub struct Session {
pub session_id: SessionID,
pub client: ClientID,
pub user: UserID,
pub auth_time: u64,
pub redirect_uri: String,
pub session_id: SessionID,
pub session_expire_at: u64,
pub authorization_code: String,
pub authorization_code_expire_at: u64,
pub access_token: Option<String>,
pub access_token_expire_at: u64,
pub refresh_token: String,
pub refresh_token_expire_at: u64,
@@ -37,9 +40,10 @@ pub struct Session {
impl Session {
pub fn is_expired(&self) -> bool {
self.authorization_code_expire_at < time()
&& self.access_token_expire_at < time()
&& self.refresh_token_expire_at < time()
self.session_expire_at < time()
|| (self.authorization_code_expire_at < time()
&& self.access_token_expire_at < time()
&& self.refresh_token_expire_at < time())
}
pub fn regenerate_access_and_refresh_tokens(

2
src/actors/providers_states_actor.rs
View File

@@ -15,7 +15,7 @@ use std::net::IpAddr;
use crate::data::login_redirect::LoginRedirect;
use crate::data::provider::ProviderID;
use crate::utils::string_utils::rand_str;
use crate::utils::time::time;
use crate::utils::time_utils::time;
#[derive(Debug, Clone, serde::Serialize)]
pub struct ProviderLoginState {

3
src/constants.rs
View File

@@ -64,7 +64,8 @@ pub const USERINFO_URI: &str = "/openid/userinfo";
/// Open ID constants
pub const OPEN_ID_SESSION_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);
pub const OPEN_ID_SESSION_LEN: usize = 40;
pub const OPEN_ID_SESSION_ID_LEN: usize = 40;
pub const OPEN_ID_SESSION_MAX_DURATION: Duration = Duration::from_secs(3600 * 24 * 7);
pub const OPEN_ID_AUTHORIZATION_CODE_LEN: usize = 120;
pub const OPEN_ID_AUTHORIZATION_CODE_TIMEOUT: u64 = 300;
pub const OPEN_ID_ACCESS_TOKEN_LEN: usize = 50;

36
src/controllers/assets_controller.rs
View File

@@ -1,7 +1,12 @@
use std::path::Path;
use actix_web::{HttpResponse, web};
use crate::utils::crypt_utils::sha256;
use crate::utils::time_utils;
use actix_web::http::header;
use actix_web::{HttpRequest, HttpResponse, web};
use include_dir::{Dir, include_dir};
use std::cmp::max;
use std::ops::Add;
use std::path::Path;
use std::time::Duration;
/// Assets directory
static ASSETS_DIR: Dir = include_dir!("$CARGO_MANIFEST_DIR/assets");
@@ -12,14 +17,37 @@ pub async fn robots_txt() -> HttpResponse {
.body(include_str!("../../assets/robots.txt"))
}
pub async fn assets_route(path: web::Path<String>) -> HttpResponse {
pub async fn assets_route(req: HttpRequest, path: web::Path<String>) -> HttpResponse {
let path: &Path = path.as_ref().as_ref();
match ASSETS_DIR.get_file(path) {
None => HttpResponse::NotFound().body("404 Not found"),
Some(file) => {
let res = mime_guess::from_path(path).first_or_octet_stream();
let digest = hex::encode(sha256(file.contents()));
let file_time = max(time_utils::time_start_of_day(), time_utils::build_time());
// Check if the browser already knows the file by date
if let Some(c) = req.headers().get(header::IF_MODIFIED_SINCE) {
let date_str = c.to_str().unwrap_or("");
if let Ok(date) = httpdate::parse_http_date(date_str)
&& date.add(Duration::from_secs(1))
>= time_utils::unix_to_system_time(file_time)
{
return HttpResponse::NotModified().finish();
}
}
// Check if the browser already knows the etag
if let Some(c) = req.headers().get(header::IF_NONE_MATCH)
&& c.to_str().unwrap_or("") == digest
{
return HttpResponse::NotModified().finish();
}
HttpResponse::Ok()
.content_type(res.to_string())
.insert_header(("etag", digest))
.insert_header(("last-modified", time_utils::unix_to_http_date(file_time)))
.body(file.contents())
}
}

5
src/controllers/openid_controller.rs
View File

@@ -26,7 +26,7 @@ use crate::data::login_redirect::{LoginRedirect, get_2fa_url};
use crate::data::session_identity::SessionIdentity;
use crate::data::user::User;
use crate::utils::string_utils::rand_str;
use crate::utils::time::time;
use crate::utils::time_utils::time;
pub async fn get_configuration(req: HttpRequest) -> impl Responder {
let is_secure_request = req
@@ -219,11 +219,12 @@ pub async fn authorize(
(_, "code") => {
// Save all authentication information in memory
let session = Session {
session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)),
client: client.id.clone(),
user: user.uid.clone(),
auth_time: SessionIdentity(Some(&id)).auth_time(),
redirect_uri,
session_id: SessionID(rand_str(OPEN_ID_SESSION_ID_LEN)),
session_expire_at: time() + OPEN_ID_SESSION_MAX_DURATION.as_secs(),
authorization_code: rand_str(OPEN_ID_AUTHORIZATION_CODE_LEN),
authorization_code_expire_at: time() + OPEN_ID_AUTHORIZATION_CODE_TIMEOUT,
access_token: None,

2
src/controllers/two_factors_controller.rs
View File

@@ -14,7 +14,7 @@ use crate::data::current_user::CurrentUser;
use crate::data::totp_key::TotpKey;
use crate::data::user::User;
use crate::data::webauthn_manager::WebAuthManagerReq;
use crate::utils::time::fmt_time;
use crate::utils::time_utils::fmt_time;
#[derive(Template)]
#[template(path = "settings/two_factors_page.html")]

2
src/data/action_logger.rs
View File

@@ -17,7 +17,7 @@ use crate::data::provider::{Provider, ProviderID};
use crate::data::session_identity::SessionIdentity;
use crate::data::user::{FactorID, GrantedClients, TwoFactor, TwoFactorType, User, UserID};
use crate::utils::time::time;
use crate::utils::time_utils::time;
#[derive(serde::Serialize)]
pub struct LoggableUser {

67
src/data/app_config.rs
View File

@@ -1,6 +1,6 @@
use std::path::{Path, PathBuf};
use clap::Parser;
use std::path::{Path, PathBuf};
use std::sync::OnceLock;
use crate::constants::{
APP_NAME, CLIENTS_LIST_FILE, OIDC_PROVIDER_CB_URI, PROVIDERS_LIST_FILE, USERS_LIST_FILE,
@@ -67,25 +67,47 @@ pub struct AppConfig {
/// to authenticate
#[arg(long, env)]
pub disable_local_login: bool,
/// Use Redis to store cookie sessions
#[arg(long, env)]
pub use_redis: bool,
/// Redis connection hostname
#[clap(long, env, default_value = "localhost")]
redis_hostname: String,
/// Redis connection port
#[clap(long, env, default_value_t = 6379)]
redis_port: u16,
/// Redis database number
#[clap(long, env, default_value_t = 0)]
redis_db_number: i64,
/// Redis username
#[clap(long, env)]
redis_username: Option<String>,
/// Redis password
#[clap(long, env, default_value = "secretredis")]
redis_password: String,
}
lazy_static::lazy_static! {
static ref ARGS: AppConfig = {
let mut config = AppConfig::parse();
// In debug mode only, use dummy token
if cfg!(debug_assertions) && config.token_key.is_empty() {
config.token_key = String::from_utf8_lossy(&[32; 64]).to_string();
}
config
};
}
static ARGS: OnceLock<AppConfig> = OnceLock::new();
impl AppConfig {
/// Get parsed command line arguments
pub fn get() -> &'static AppConfig {
&ARGS
ARGS.get_or_init(|| {
let mut config = AppConfig::parse();
// In debug mode only, use dummy token
if cfg!(debug_assertions) && config.token_key.is_empty() {
config.token_key = String::from_utf8_lossy(&[32; 64]).to_string();
}
config
})
}
pub fn secure_cookie(&self) -> bool {
@@ -137,6 +159,21 @@ impl AppConfig {
let domain = self.domain_name();
domain.split_once(':').map(|i| i.0).unwrap_or(domain)
}
/// Get Redis connection configuration
pub fn redis_connection_string(&self) -> Option<String> {
match self.use_redis {
true => Some(format!(
"redis://{}:{}@{}:{}/{}",
self.redis_username.as_deref().unwrap_or(""),
self.redis_password,
self.redis_hostname,
self.redis_port,
self.redis_db_number
)),
false => None,
}
}
}
#[cfg(test)]

2
src/data/current_user.rs
View File

@@ -13,7 +13,7 @@ use crate::actors::users_actor::UsersActor;
use crate::constants::SECOND_FACTOR_EXPIRATION_FOR_CRITICAL_OPERATIONS;
use crate::data::session_identity::SessionIdentity;
use crate::data::user::User;
use crate::utils::time::time;
use crate::utils::time_utils::time;
pub struct CurrentUser {
user: User,

4
src/data/entity_manager.rs
View File

@@ -36,7 +36,7 @@ where
file_path: path.as_ref().to_path_buf(),
list: match Self::file_format(path.as_ref()) {
FileFormat::Json => serde_json::from_str(&file_content)?,
FileFormat::Yaml => serde_yaml::from_str(&file_content)?,
FileFormat::Yaml => serde_yml::from_str(&file_content)?,
},
})
}
@@ -47,7 +47,7 @@ where
&self.file_path,
match Self::file_format(self.file_path.as_ref()) {
FileFormat::Json => serde_json::to_string(&self.list)?,
FileFormat::Yaml => serde_yaml::to_string(&self.list)?,
FileFormat::Yaml => serde_yml::to_string(&self.list)?,
},
)?)
}

2
src/data/provider_configuration.rs
View File

@@ -9,7 +9,7 @@ use crate::data::app_config::AppConfig;
use crate::data::provider::Provider;
use crate::utils::err::Res;
use crate::utils::time::time;
use crate::utils::time_utils::time;
/// Provider configuration
#[derive(Debug, Clone)]

2
src/data/session_identity.rs
View File

@@ -3,7 +3,7 @@ use actix_web::{HttpMessage, HttpRequest};
use serde::{Deserialize, Serialize};
use crate::data::user::{User, UserID};
use crate::utils::time::time;
use crate::utils::time_utils::time;
#[derive(Debug, Serialize, Deserialize, Eq, PartialEq, Default)]
pub enum SessionStatus {

4
src/data/totp_key.rs
View File

@@ -1,11 +1,11 @@
use base32::Alphabet;
use rand::Rng;
use rand::RngExt;
use totp_rfc6238::{HashAlgorithm, TotpGenerator};
use crate::data::app_config::AppConfig;
use crate::data::user::User;
use crate::utils::err::Res;
use crate::utils::time::time;
use crate::utils::time_utils::time;
const BASE32_ALPHABET: Alphabet = Alphabet::Rfc4648 { padding: true };
const NUM_DIGITS: usize = 6;

15
src/data/user.rs
View File

@@ -1,4 +1,3 @@
use bincode::{Decode, Encode};
use std::collections::HashMap;
use std::net::IpAddr;
@@ -9,9 +8,19 @@ use crate::data::login_redirect::LoginRedirect;
use crate::data::provider::{Provider, ProviderID};
use crate::data::totp_key::TotpKey;
use crate::data::webauthn_manager::WebauthnPubKey;
use crate::utils::time::{fmt_time, time};
use crate::utils::time_utils::{fmt_time, time};
#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize, serde::Deserialize, Encode, Decode)]
#[derive(
Clone,
Debug,
Eq,
PartialEq,
serde::Serialize,
serde::Deserialize,
rkyv::Archive,
rkyv::Serialize,
rkyv::Deserialize,
)]
pub struct UserID(pub String);
impl UserID {

2
src/data/users_file_entity.rs
View File

@@ -4,7 +4,7 @@ use crate::actors::users_actor::{AuthorizedAuthenticationSources, UsersSyncBacke
use crate::data::entity_manager::EntityManager;
use crate::data::user::{FactorID, GeneralSettings, GrantedClients, TwoFactor, User, UserID};
use crate::utils::err::{Res, new_error};
use crate::utils::time::time;
use crate::utils::time_utils::time;
impl EntityManager<User> {
/// Update user information

9
src/data/webauthn_manager.rs
View File

@@ -1,7 +1,6 @@
use std::sync::Arc;
use actix_web::web;
use bincode::{Decode, Encode};
use light_openid::crypto_wrapper::CryptoWrapper;
use uuid::Uuid;
use webauthn_rs::prelude::{
@@ -16,7 +15,7 @@ use crate::constants::{
use crate::data::app_config::AppConfig;
use crate::data::user::{User, UserID};
use crate::utils::err::Res;
use crate::utils::time::time;
use crate::utils::time_utils::time;
#[derive(Clone, Debug, serde::Serialize, serde::Deserialize)]
pub struct WebauthnPubKey {
@@ -28,7 +27,9 @@ pub struct RegisterKeyRequest {
pub creation_challenge: CreationChallengeResponse,
}
#[derive(Debug, serde::Serialize, serde::Deserialize, Encode, Decode)]
#[derive(
Debug, serde::Serialize, serde::Deserialize, rkyv::Archive, rkyv::Serialize, rkyv::Deserialize,
)]
struct RegisterKeyOpaqueData {
registration_state: String,
user_id: UserID,
@@ -40,7 +41,7 @@ pub struct AuthRequest {
pub login_challenge: RequestChallengeResponse,
}
#[derive(Debug, Encode, Decode)]
#[derive(Debug, rkyv::Archive, rkyv::Serialize, rkyv::Deserialize)]
struct AuthStateOpaqueData {
authentication_state: String,
user_id: UserID,

35
src/main.rs
View File

@@ -1,12 +1,12 @@
use core::time::Duration;
use std::sync::Arc;
use actix::Actor;
use actix::{Actor, Addr};
use actix_identity::IdentityMiddleware;
use actix_identity::config::LogoutBehavior;
use actix_remote_ip::RemoteIPConfig;
use actix_session::SessionMiddleware;
use actix_session::storage::CookieSessionStore;
use actix_session::storage::{CookieSessionStore, RedisSessionStore};
use actix_web::cookie::{Key, SameSite};
use actix_web::middleware::Logger;
use actix_web::{App, HttpResponse, HttpServer, get, middleware, web};
@@ -14,6 +14,7 @@ use actix_web::{App, HttpResponse, HttpServer, get, middleware, web};
use basic_oidc::actors::bruteforce_actor::BruteForceActor;
use basic_oidc::actors::openid_sessions_actor::OpenIDSessionsActor;
use basic_oidc::actors::providers_states_actor::ProvidersStatesActor;
use basic_oidc::actors::users_actor;
use basic_oidc::actors::users_actor::{UsersActor, UsersSyncBackend};
use basic_oidc::constants::*;
use basic_oidc::controllers::assets_controller::assets_route;
@@ -26,9 +27,20 @@ use basic_oidc::data::provider::ProvidersManager;
use basic_oidc::data::user::User;
use basic_oidc::data::webauthn_manager::WebAuthManager;
use basic_oidc::middlewares::auth_middleware::AuthMiddleware;
use basic_oidc::middlewares::multi_session_store::MultiSessionStore;
#[get("/health")]
async fn health() -> &'static str {
async fn health(users: web::Data<Addr<UsersActor>>) -> &'static str {
// Check users list is working
let users = users
.send(users_actor::GetAllUsers)
.await
.expect("Could not retrieve users list!");
if users.is_empty() {
log::error!("Got empty list of users!");
panic!("Got empty list of users!");
}
"Running"
}
@@ -69,6 +81,18 @@ async fn main() -> std::io::Result<()> {
.expect("Failed to change default admin password!");
}
let redis_store = match AppConfig::get().redis_connection_string() {
Some(s) => {
log::info!("Connect to Redis session store...");
Some(
RedisSessionStore::new(s)
.await
.expect("Failed to connect to Redis!"),
)
}
None => None,
};
let users_actor = UsersActor::new(users).start();
let bruteforce_actor = BruteForceActor::default().start();
let providers_states_actor = ProvidersStatesActor::default().start();
@@ -91,7 +115,10 @@ async fn main() -> std::io::Result<()> {
HttpServer::new(move || {
let session_mw = SessionMiddleware::builder(
CookieSessionStore::default(),
match redis_store.clone() {
None => MultiSessionStore::Cookie(CookieSessionStore::default()),
Some(s) => MultiSessionStore::Redis(s),
},
Key::from(config.token_key.as_bytes()),
)
.cookie_name(SESSION_COOKIE_NAME.to_string())

1
src/middlewares/mod.rs
View File

@@ -1 +1,2 @@
pub mod auth_middleware;
pub mod multi_session_store;

63
src/middlewares/multi_session_store.rs Normal file
View File

@@ -0,0 +1,63 @@
use actix_session::storage::{
CookieSessionStore, LoadError, RedisSessionStore, SaveError, SessionKey, SessionStore,
UpdateError,
};
use actix_web::cookie::time::Duration;
use jwt_simple::Error;
use std::collections::HashMap;
type SessionState = HashMap<String, String>;
/// Session store multiplexer.
///
/// Allows to easily support different store without having a lot of duplicate code
pub enum MultiSessionStore {
Cookie(CookieSessionStore),
Redis(RedisSessionStore),
}
impl SessionStore for MultiSessionStore {
async fn load(&self, session_key: &SessionKey) -> Result<Option<SessionState>, LoadError> {
match self {
MultiSessionStore::Cookie(c) => c.load(session_key).await,
MultiSessionStore::Redis(r) => r.load(session_key).await,
}
}
async fn save(
&self,
session_state: SessionState,
ttl: &Duration,
) -> Result<SessionKey, SaveError> {
match self {
MultiSessionStore::Cookie(c) => c.save(session_state, ttl).await,
MultiSessionStore::Redis(r) => r.save(session_state, ttl).await,
}
}
async fn update(
&self,
session_key: SessionKey,
session_state: SessionState,
ttl: &Duration,
) -> Result<SessionKey, UpdateError> {
match self {
MultiSessionStore::Cookie(c) => c.update(session_key, session_state, ttl).await,
MultiSessionStore::Redis(r) => r.update(session_key, session_state, ttl).await,
}
}
async fn update_ttl(&self, session_key: &SessionKey, ttl: &Duration) -> Result<(), Error> {
match self {
MultiSessionStore::Cookie(c) => c.update_ttl(session_key, ttl).await,
MultiSessionStore::Redis(r) => r.update_ttl(session_key, ttl).await,
}
}
async fn delete(&self, session_key: &SessionKey) -> Result<(), Error> {
match self {
MultiSessionStore::Cookie(c) => c.delete(session_key).await,
MultiSessionStore::Redis(r) => r.delete(session_key).await,
}
}
}

2
src/utils/crypt_utils.rs
View File

@@ -1,4 +1,4 @@
use digest::Digest;
use sha2::Digest;
#[inline]
pub fn sha256(input: &[u8]) -> Vec<u8> {

2
src/utils/mod.rs
View File

@@ -1,4 +1,4 @@
pub mod crypt_utils;
pub mod err;
pub mod string_utils;
pub mod time;
pub mod time_utils;

35
src/utils/time.rs
View File

@@ -1,35 +0,0 @@
use chrono::DateTime;
use std::time::{SystemTime, UNIX_EPOCH};
/// Get the current time since epoch
pub fn time() -> u64 {
SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_secs()
}
/// Format unix timestamp to a human-readable string
pub fn fmt_time(timestamp: u64) -> String {
// Create a DateTime from the timestamp
let datetime =
DateTime::from_timestamp(timestamp as i64, 0).expect("Failed to parse timestamp!");
// Format the datetime how you want
datetime.format("%Y-%m-%d %H:%M:%S").to_string()
}
#[cfg(test)]
mod test {
use crate::utils::time::{fmt_time, time};
#[test]
fn test_time() {
assert!(time() > 10);
}
#[test]
fn test_fmt_time() {
assert_eq!(fmt_time(1693475465), "2023-08-31 09:51:05");
}
}

61
src/utils/time_utils.rs Normal file
View File

@@ -0,0 +1,61 @@
use chrono::{DateTime, Local, NaiveTime};
use std::time::{Duration, SystemTime, UNIX_EPOCH};
/// Get the current time since epoch
pub fn time() -> u64 {
SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_secs()
}
/// Format unix timestamp to a human-readable string
pub fn fmt_time(timestamp: u64) -> String {
// Create a DateTime from the timestamp
let datetime =
DateTime::from_timestamp(timestamp as i64, 0).expect("Failed to parse timestamp!");
// Format the datetime how you want
datetime.format("%Y-%m-%d %H:%M:%S").to_string()
}
/// Convert UNIX time to system time
pub fn unix_to_system_time(time: u64) -> SystemTime {
UNIX_EPOCH + Duration::from_secs(time)
}
/// Format UNIX time to HTTP date
pub fn unix_to_http_date(time: u64) -> String {
httpdate::fmt_http_date(unix_to_system_time(time))
}
/// Get build time in UNIX format
pub fn build_time() -> u64 {
let build_time = build_time::build_time_local!();
let date =
chrono::DateTime::parse_from_rfc3339(build_time).expect("Failed to parse compile date");
date.timestamp() as u64
}
/// Get the first second of the day (local time)
pub fn time_start_of_day() -> u64 {
let local: DateTime<Local> = Local::now()
.with_time(NaiveTime::from_hms_opt(0, 0, 0).unwrap())
.unwrap();
local.timestamp() as u64
}
#[cfg(test)]
mod test {
use crate::utils::time_utils::{fmt_time, time};
#[test]
fn test_time() {
assert!(time() > 10);
}
#[test]
fn test_fmt_time() {
assert_eq!(fmt_time(1693475465), "2023-08-31 09:51:05");
}
}