From a36742595294d35a338dd621e30f66b2e7548f76 Mon Sep 17 00:00:00 2001
From: Pierre Hubert <pierre.git@communiquons.org>
Date: Mon, 17 Apr 2023 18:42:15 +0200
Subject: [PATCH 1/2] Unify client data using Arc

---
 src/controllers/admin_controller.rs  | 13 ++++++++++---
 src/controllers/openid_controller.rs |  5 +++--
 src/main.rs                          | 11 ++++++-----
 3 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/src/controllers/admin_controller.rs b/src/controllers/admin_controller.rs
index 1b7e8d3..c6955c2 100644
--- a/src/controllers/admin_controller.rs
+++ b/src/controllers/admin_controller.rs
@@ -1,4 +1,5 @@
 use std::ops::Deref;
+use std::sync::Arc;
 
 use actix::Addr;
 use actix_web::{web, HttpResponse, Responder};
@@ -36,7 +37,10 @@ struct EditUserTemplate {
     clients: Vec<Client>,
 }
 
-pub async fn clients_route(user: CurrentUser, clients: web::Data<ClientManager>) -> impl Responder {
+pub async fn clients_route(
+    user: CurrentUser,
+    clients: web::Data<Arc<ClientManager>>,
+) -> impl Responder {
     HttpResponse::Ok().body(
         ClientsListTemplate {
             _p: BaseSettingsPage::get("Clients list", &user, None, None),
@@ -233,7 +237,10 @@ pub async fn users_route(
     )
 }
 
-pub async fn create_user(admin: CurrentUser, clients: web::Data<ClientManager>) -> impl Responder {
+pub async fn create_user(
+    admin: CurrentUser,
+    clients: web::Data<Arc<ClientManager>>,
+) -> impl Responder {
     let user = User {
         authorized_clients: Some(
             clients
@@ -263,7 +270,7 @@ pub struct EditUserQuery {
 
 pub async fn edit_user(
     admin: CurrentUser,
-    clients: web::Data<ClientManager>,
+    clients: web::Data<Arc<ClientManager>>,
     users: web::Data<Addr<UsersActor>>,
     query: web::Query<EditUserQuery>,
 ) -> impl Responder {
diff --git a/src/controllers/openid_controller.rs b/src/controllers/openid_controller.rs
index 9588e1a..4c6c495 100644
--- a/src/controllers/openid_controller.rs
+++ b/src/controllers/openid_controller.rs
@@ -1,4 +1,5 @@
 use std::fmt::Debug;
+use std::sync::Arc;
 
 use actix::Addr;
 use actix_identity::Identity;
@@ -113,7 +114,7 @@ pub async fn authorize(
     user: CurrentUser,
     id: Identity,
     query: web::Query<AuthorizeQuery>,
-    clients: web::Data<ClientManager>,
+    clients: web::Data<Arc<ClientManager>>,
     sessions: web::Data<Addr<OpenIDSessionsActor>>,
     logger: ActionLogger,
 ) -> impl Responder {
@@ -267,7 +268,7 @@ pub struct TokenResponse {
 pub async fn token(
     req: HttpRequest,
     query: web::Form<TokenQuery>,
-    clients: web::Data<ClientManager>,
+    clients: web::Data<Arc<ClientManager>>,
     sessions: web::Data<Addr<OpenIDSessionsActor>>,
     users: web::Data<Addr<UsersActor>>,
     jwt_signer: web::Data<JWTSigner>,
diff --git a/src/main.rs b/src/main.rs
index 65629c4..975590c 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -72,14 +72,15 @@ async fn main() -> std::io::Result<()> {
     let jwt_signer = JWTSigner::gen_from_memory().expect("Failed to generate JWKS key");
     let webauthn_manager = Arc::new(WebAuthManager::init(config));
 
+    let mut clients =
+        ClientManager::open_or_create(config.clients_file()).expect("Failed to load clients list!");
+    clients.apply_environment_variables();
+    let clients = Arc::new(clients);
+
     log::info!("Server will listen on {}", config.listen_address);
     let listen_address = config.listen_address.to_string();
 
     HttpServer::new(move || {
-        let mut clients = ClientManager::open_or_create(config.clients_file())
-            .expect("Failed to load clients list!");
-        clients.apply_environment_variables();
-
         let session_mw = SessionMiddleware::builder(
             CookieSessionStore::default(),
             Key::from(config.token_key.as_bytes()),
@@ -99,7 +100,7 @@ async fn main() -> std::io::Result<()> {
             .app_data(web::Data::new(users_actor.clone()))
             .app_data(web::Data::new(bruteforce_actor.clone()))
             .app_data(web::Data::new(openid_sessions_actor.clone()))
-            .app_data(web::Data::new(clients))
+            .app_data(web::Data::new(clients.clone()))
             .app_data(web::Data::new(jwt_signer.clone()))
             .app_data(web::Data::new(webauthn_manager.clone()))
             .wrap(
-- 
2.45.1


From 10d55cc8e0b7e340720e30d8d9f635542dca19e2 Mon Sep 17 00:00:00 2001
From: Pierre Hubert <pierre.git@communiquons.org>
Date: Mon, 17 Apr 2023 18:44:00 +0200
Subject: [PATCH 2/2] Add useful link on README

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index b25a083..48a1ab6 100644
--- a/README.md
+++ b/README.md
@@ -64,5 +64,7 @@ Corresponding client configuration:
 
 > Note: We do need to use real domain name instead of IP address due to the `webauthn-rs` crate limitations. We therefore use the `nip.io` domain helper.
 
+OAuth proxy can then be access on this URL: http://192.168.2.103:4180/
+
 ## Contributing
 If you wish to contribute to this software, feel free to send an email to contact@communiquons.org to get an account on my system, managed by BasicOIDC :)
-- 
2.45.1