Pierre Hubert
9b18b787a9
All checks were successful
continuous-integration/drone/push Build is passing
Let BasicOIDC delegate authentication to upstream providers (Google, GitHub, GitLab, Keycloak...) Reviewed-on: #107
86 lines
2.9 KiB
Rust
86 lines
2.9 KiB
Rust
use std::time::Duration;
|
|
|
|
/// File in storage containing users list
|
|
pub const USERS_LIST_FILE: &str = "users.json";
|
|
|
|
/// File in storage containing clients list
|
|
pub const CLIENTS_LIST_FILE: &str = "clients.yaml";
|
|
|
|
/// File in storage containing providers list
|
|
pub const PROVIDERS_LIST_FILE: &str = "providers.yaml";
|
|
|
|
/// Default built-in credentials
|
|
pub const DEFAULT_ADMIN_USERNAME: &str = "admin";
|
|
pub const DEFAULT_ADMIN_PASSWORD: &str = "admin";
|
|
|
|
/// App name
|
|
pub const APP_NAME: &str = "Basic OIDC";
|
|
|
|
/// Maximum session duration after inactivity, in seconds
|
|
pub const MAX_INACTIVITY_DURATION: u64 = 60 * 30;
|
|
|
|
/// Maximum session duration (6 hours)
|
|
pub const MAX_SESSION_DURATION: u64 = 3600 * 6;
|
|
|
|
/// Maximum length of a second factor name
|
|
pub const MAX_SECOND_FACTOR_NAME_LEN: usize = 25;
|
|
|
|
/// When the user successfully authenticate using 2FA, period of time during which the user is
|
|
/// exempted from this IP address to use 2FA
|
|
pub const SECOND_FACTOR_EXEMPTION_AFTER_SUCCESSFUL_LOGIN: u64 = 7 * 24 * 3600;
|
|
|
|
/// Minimum password length
|
|
pub const MIN_PASS_LEN: usize = 4;
|
|
|
|
/// The name of the cookie used to store session information
|
|
pub const SESSION_COOKIE_NAME: &str = "auth-cookie";
|
|
|
|
/// Authenticated routes prefix
|
|
pub const AUTHENTICATED_ROUTES: &str = "/settings";
|
|
|
|
/// Admin routes prefix
|
|
pub const ADMIN_ROUTES: &str = "/admin";
|
|
|
|
/// Auth route
|
|
pub const LOGIN_ROUTE: &str = "/login";
|
|
|
|
/// Bruteforce protection
|
|
pub const KEEP_FAILED_LOGIN_ATTEMPTS_FOR: u64 = 3600;
|
|
pub const MAX_FAILED_LOGIN_ATTEMPTS: usize = 15;
|
|
pub const FAIL_LOGIN_ATTEMPT_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);
|
|
|
|
/// Temporary password length
|
|
pub const TEMPORARY_PASSWORDS_LEN: usize = 20;
|
|
|
|
/// Open ID routes
|
|
pub const AUTHORIZE_URI: &str = "/openid/authorize";
|
|
pub const TOKEN_URI: &str = "/openid/token";
|
|
pub const CERT_URI: &str = "/openid/jwks_uri";
|
|
pub const USERINFO_URI: &str = "/openid/userinfo";
|
|
|
|
/// Open ID constants
|
|
pub const OPEN_ID_SESSION_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);
|
|
pub const OPEN_ID_SESSION_LEN: usize = 40;
|
|
pub const OPEN_ID_AUTHORIZATION_CODE_LEN: usize = 120;
|
|
pub const OPEN_ID_AUTHORIZATION_CODE_TIMEOUT: u64 = 300;
|
|
pub const OPEN_ID_ACCESS_TOKEN_LEN: usize = 50;
|
|
pub const OPEN_ID_ACCESS_TOKEN_TIMEOUT: u64 = 3600;
|
|
pub const OPEN_ID_REFRESH_TOKEN_LEN: usize = 120;
|
|
pub const OPEN_ID_REFRESH_TOKEN_TIMEOUT: u64 = 360000;
|
|
|
|
/// Webauthn constants
|
|
pub const WEBAUTHN_REGISTER_CHALLENGE_EXPIRE: u64 = 3600;
|
|
pub const WEBAUTHN_LOGIN_CHALLENGE_EXPIRE: u64 = 3600;
|
|
|
|
/// OpenID providers login state constants
|
|
pub const OIDC_STATES_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);
|
|
pub const MAX_OIDC_PROVIDERS_STATES: usize = 10;
|
|
pub const OIDC_PROVIDERS_STATE_LEN: usize = 40;
|
|
pub const OIDC_PROVIDERS_STATE_DURATION: u64 = 60 * 15;
|
|
|
|
/// OpenID providers configuration constants
|
|
pub const OIDC_PROVIDERS_LIFETIME: u64 = 3600;
|
|
|
|
/// OpenID provider callback URI
|
|
pub const OIDC_PROVIDER_CB_URI: &str = "/prov_cb";
|