README.md

@@ -64,5 +64,7 @@ Corresponding client configuration:
 
 > Note: We do need to use real domain name instead of IP address due to the `webauthn-rs` crate limitations. We therefore use the `nip.io` domain helper.
 
+OAuth proxy can then be access on this URL: http://192.168.2.103:4180/
+
 ## Contributing
 If you wish to contribute to this software, feel free to send an email to contact@communiquons.org to get an account on my system, managed by BasicOIDC :)

src/controllers/admin_controller.rs

@@ -1,4 +1,5 @@
 use std::ops::Deref;
+use std::sync::Arc;
 
 use actix::Addr;
 use actix_web::{web, HttpResponse, Responder};
@@ -36,7 +37,10 @@ struct EditUserTemplate {
     clients: Vec<Client>,
 }
 
-pub async fn clients_route(user: CurrentUser, clients: web::Data<ClientManager>) -> impl Responder {
+pub async fn clients_route(
+    user: CurrentUser,
+    clients: web::Data<Arc<ClientManager>>,
+) -> impl Responder {
     HttpResponse::Ok().body(
         ClientsListTemplate {
             _p: BaseSettingsPage::get("Clients list", &user, None, None),
@@ -233,7 +237,10 @@ pub async fn users_route(
     )
 }
 
-pub async fn create_user(admin: CurrentUser, clients: web::Data<ClientManager>) -> impl Responder {
+pub async fn create_user(
+    admin: CurrentUser,
+    clients: web::Data<Arc<ClientManager>>,
+) -> impl Responder {
     let user = User {
         authorized_clients: Some(
             clients
@@ -263,7 +270,7 @@ pub struct EditUserQuery {
 
 pub async fn edit_user(
     admin: CurrentUser,
-    clients: web::Data<ClientManager>,
+    clients: web::Data<Arc<ClientManager>>,
     users: web::Data<Addr<UsersActor>>,
     query: web::Query<EditUserQuery>,
 ) -> impl Responder {

src/controllers/openid_controller.rs

@@ -1,4 +1,5 @@
 use std::fmt::Debug;
+use std::sync::Arc;
 
 use actix::Addr;
 use actix_identity::Identity;
@@ -113,7 +114,7 @@ pub async fn authorize(
     user: CurrentUser,
     id: Identity,
     query: web::Query<AuthorizeQuery>,
-    clients: web::Data<ClientManager>,
+    clients: web::Data<Arc<ClientManager>>,
     sessions: web::Data<Addr<OpenIDSessionsActor>>,
     logger: ActionLogger,
 ) -> impl Responder {
@@ -267,7 +268,7 @@ pub struct TokenResponse {
 pub async fn token(
     req: HttpRequest,
     query: web::Form<TokenQuery>,
-    clients: web::Data<ClientManager>,
+    clients: web::Data<Arc<ClientManager>>,
     sessions: web::Data<Addr<OpenIDSessionsActor>>,
     users: web::Data<Addr<UsersActor>>,
     jwt_signer: web::Data<JWTSigner>,

src/main.rs

@@ -72,14 +72,15 @@ async fn main() -> std::io::Result<()> {
     let jwt_signer = JWTSigner::gen_from_memory().expect("Failed to generate JWKS key");
     let webauthn_manager = Arc::new(WebAuthManager::init(config));
 
+    let mut clients =
+        ClientManager::open_or_create(config.clients_file()).expect("Failed to load clients list!");
+    clients.apply_environment_variables();
+    let clients = Arc::new(clients);
+
     log::info!("Server will listen on {}", config.listen_address);
     let listen_address = config.listen_address.to_string();
 
     HttpServer::new(move || {
-        let mut clients = ClientManager::open_or_create(config.clients_file())
-            .expect("Failed to load clients list!");
-        clients.apply_environment_variables();
-
         let session_mw = SessionMiddleware::builder(
             CookieSessionStore::default(),
             Key::from(config.token_key.as_bytes()),
@@ -99,7 +100,7 @@ async fn main() -> std::io::Result<()> {
             .app_data(web::Data::new(users_actor.clone()))
             .app_data(web::Data::new(bruteforce_actor.clone()))
             .app_data(web::Data::new(openid_sessions_actor.clone()))
-            .app_data(web::Data::new(clients))
+            .app_data(web::Data::new(clients.clone()))
             .app_data(web::Data::new(jwt_signer.clone()))
             .app_data(web::Data::new(webauthn_manager.clone()))
             .wrap(