use std::time::Duration; /// File in storage containing users list pub const USERS_LIST_FILE: &str = "users.json"; /// File in storage containing clients list pub const CLIENTS_LIST_FILE: &str = "clients.yaml"; /// File in storage containing providers list pub const PROVIDERS_LIST_FILE: &str = "providers.yaml"; /// Default built-in credentials pub const DEFAULT_ADMIN_USERNAME: &str = "admin"; pub const DEFAULT_ADMIN_PASSWORD: &str = "admin"; /// App name pub const APP_NAME: &str = "Basic OIDC"; /// Maximum session duration after inactivity, in seconds pub const MAX_INACTIVITY_DURATION: u64 = 60 * 30; /// Maximum session duration (6 hours) pub const MAX_SESSION_DURATION: u64 = 3600 * 6; /// Maximum length of a second factor name pub const MAX_SECOND_FACTOR_NAME_LEN: usize = 25; /// When the user successfully authenticate using 2FA, period of time during which the user is /// exempted from this IP address to use 2FA pub const SECOND_FACTOR_EXEMPTION_AFTER_SUCCESSFUL_LOGIN: u64 = 7 * 24 * 3600; /// The maximum acceptable interval of time between last two factors authentication of a user and /// access to a critical route / a critical client pub const SECOND_FACTOR_EXPIRATION_FOR_CRITICAL_OPERATIONS: u64 = 60 * 10; /// Minimum password length pub const MIN_PASS_LEN: usize = 4; /// The name of the cookie used to store session information pub const SESSION_COOKIE_NAME: &str = "auth-cookie"; /// Authenticated routes prefix pub const AUTHENTICATED_ROUTES: &str = "/settings"; /// Admin routes prefix pub const ADMIN_ROUTES: &str = "/admin"; /// Auth route pub const LOGIN_ROUTE: &str = "/login"; /// Bruteforce protection pub const KEEP_FAILED_LOGIN_ATTEMPTS_FOR: u64 = 3600; pub const MAX_FAILED_LOGIN_ATTEMPTS: usize = 15; pub const FAIL_LOGIN_ATTEMPT_CLEANUP_INTERVAL: Duration = Duration::from_secs(60); /// Temporary password length pub const TEMPORARY_PASSWORDS_LEN: usize = 20; /// Open ID routes pub const AUTHORIZE_URI: &str = "/openid/authorize"; pub const TOKEN_URI: &str = "/openid/token"; pub const CERT_URI: &str = "/openid/jwks_uri"; pub const USERINFO_URI: &str = "/openid/userinfo"; /// Open ID constants pub const OPEN_ID_SESSION_CLEANUP_INTERVAL: Duration = Duration::from_secs(60); pub const OPEN_ID_SESSION_LEN: usize = 40; pub const OPEN_ID_AUTHORIZATION_CODE_LEN: usize = 120; pub const OPEN_ID_AUTHORIZATION_CODE_TIMEOUT: u64 = 300; pub const OPEN_ID_ACCESS_TOKEN_LEN: usize = 50; pub const OPEN_ID_ACCESS_TOKEN_TIMEOUT: u64 = 3600; pub const OPEN_ID_ID_TOKEN_TIMEOUT: u64 = 3600; pub const OPEN_ID_REFRESH_TOKEN_LEN: usize = 120; pub const OPEN_ID_REFRESH_TOKEN_TIMEOUT: u64 = 360000; /// Webauthn constants pub const WEBAUTHN_REGISTER_CHALLENGE_EXPIRE: u64 = 3600; pub const WEBAUTHN_LOGIN_CHALLENGE_EXPIRE: u64 = 3600; /// OpenID providers login state constants pub const OIDC_STATES_CLEANUP_INTERVAL: Duration = Duration::from_secs(60); pub const MAX_OIDC_PROVIDERS_STATES: usize = 10; pub const OIDC_PROVIDERS_STATE_LEN: usize = 40; pub const OIDC_PROVIDERS_STATE_DURATION: u64 = 60 * 15; /// OpenID providers configuration constants pub const OIDC_PROVIDERS_LIFETIME: u64 = 3600; /// OpenID provider callback URI pub const OIDC_PROVIDER_CB_URI: &str = "/prov_cb";