249 lines
7.4 KiB
Rust
249 lines
7.4 KiB
Rust
use crate::users::{APITokenID, UserEmail};
|
|
use crate::utils::crypt_utils::sha256str;
|
|
use clap::Parser;
|
|
use matrix_sdk::authentication::oauth::registration::{
|
|
ApplicationType, ClientMetadata, Localized, OAuthGrantType,
|
|
};
|
|
use std::path::{Path, PathBuf};
|
|
use url::Url;
|
|
|
|
/// Matrix gateway backend API
|
|
#[derive(Parser, Debug, Clone)]
|
|
#[clap(author, version, about, long_about = None)]
|
|
pub struct AppConfig {
|
|
/// Listen address
|
|
#[clap(short, long, env, default_value = "0.0.0.0:8000")]
|
|
pub listen_address: String,
|
|
|
|
/// Website origin
|
|
#[clap(short, long, env, default_value = "http://localhost:5173")]
|
|
pub website_origin: String,
|
|
|
|
/// Proxy IP, might end with a star "*"
|
|
#[clap(short, long, env)]
|
|
pub proxy_ip: Option<String>,
|
|
|
|
/// Unsecure : for development, bypass authentication, using the account with the given
|
|
/// email address by default
|
|
#[clap(long, env)]
|
|
unsecure_auto_login_email: Option<String>,
|
|
|
|
/// Secret key, used to secure some resources. Must be randomly generated
|
|
#[clap(short = 'S', long, env, default_value = "")]
|
|
secret: String,
|
|
|
|
/// Matrix homeserver origin
|
|
#[clap(short, long, env, default_value = "http://127.0.0.1:8448")]
|
|
pub matrix_homeserver: String,
|
|
|
|
/// Redis connection hostname
|
|
#[clap(long, env, default_value = "localhost")]
|
|
redis_hostname: String,
|
|
|
|
/// Redis connection port
|
|
#[clap(long, env, default_value_t = 6379)]
|
|
redis_port: u16,
|
|
|
|
/// Redis database number
|
|
#[clap(long, env, default_value_t = 0)]
|
|
redis_db_number: i64,
|
|
|
|
/// Redis username
|
|
#[clap(long, env)]
|
|
redis_username: Option<String>,
|
|
|
|
/// Redis password
|
|
#[clap(long, env, default_value = "secretredis")]
|
|
redis_password: String,
|
|
|
|
/// URL where the OpenID configuration can be found
|
|
#[arg(
|
|
long,
|
|
env,
|
|
default_value = "http://localhost:9001/dex/.well-known/openid-configuration"
|
|
)]
|
|
pub oidc_configuration_url: String,
|
|
|
|
/// OpenID provider name
|
|
#[arg(long, env, default_value = "3rd party provider")]
|
|
pub oidc_provider_name: String,
|
|
|
|
/// OpenID client ID
|
|
#[arg(long, env, default_value = "foo")]
|
|
pub oidc_client_id: String,
|
|
|
|
/// OpenID client secret
|
|
#[arg(long, env, default_value = "bar")]
|
|
pub oidc_client_secret: String,
|
|
|
|
/// OpenID login redirect URL
|
|
#[arg(long, env, default_value = "APP_ORIGIN/oidc_cb")]
|
|
oidc_redirect_url: String,
|
|
|
|
/// Matrix oauth redirect URL
|
|
#[arg(long, env, default_value = "APP_ORIGIN/matrix_auth_cb")]
|
|
matrix_oauth_redirect_url: String,
|
|
|
|
/// Application storage path
|
|
#[arg(long, env, default_value = "app_storage")]
|
|
storage_path: String,
|
|
}
|
|
|
|
lazy_static::lazy_static! {
|
|
static ref ARGS: AppConfig = {
|
|
AppConfig::parse()
|
|
};
|
|
}
|
|
|
|
impl AppConfig {
|
|
/// Get parsed command line arguments
|
|
pub fn get() -> &'static AppConfig {
|
|
&ARGS
|
|
}
|
|
|
|
/// Get auto login email (if not empty)
|
|
pub fn unsecure_auto_login_email(&self) -> Option<UserEmail> {
|
|
match self.unsecure_auto_login_email.as_deref() {
|
|
None | Some("") => None,
|
|
Some(s) => Some(UserEmail(s.to_owned())),
|
|
}
|
|
}
|
|
|
|
/// Get app secret
|
|
pub fn secret(&self) -> &str {
|
|
let mut secret = self.secret.as_str();
|
|
|
|
if cfg!(debug_assertions) && secret.is_empty() {
|
|
secret = "DEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEY";
|
|
}
|
|
|
|
if secret.is_empty() {
|
|
panic!("SECRET is undefined or too short (min 64 chars)!")
|
|
}
|
|
|
|
secret
|
|
}
|
|
|
|
/// Check if auth is disabled
|
|
pub fn is_auth_disabled(&self) -> bool {
|
|
self.unsecure_auto_login_email().is_some()
|
|
}
|
|
|
|
/// Get Redis connection configuration
|
|
pub fn redis_connection_string(&self) -> String {
|
|
format!(
|
|
"redis://{}:{}@{}:{}/{}",
|
|
self.redis_username.as_deref().unwrap_or(""),
|
|
self.redis_password,
|
|
self.redis_hostname,
|
|
self.redis_port,
|
|
self.redis_db_number
|
|
)
|
|
}
|
|
|
|
/// Get OpenID providers configuration
|
|
pub fn openid_provider(&self) -> OIDCProvider<'_> {
|
|
OIDCProvider {
|
|
client_id: self.oidc_client_id.as_str(),
|
|
client_secret: self.oidc_client_secret.as_str(),
|
|
configuration_url: self.oidc_configuration_url.as_str(),
|
|
name: self.oidc_provider_name.as_str(),
|
|
redirect_url: self
|
|
.oidc_redirect_url
|
|
.replace("APP_ORIGIN", &self.website_origin),
|
|
}
|
|
}
|
|
|
|
/// Matrix OAuth redirect URL
|
|
pub fn matrix_oauth_redirect_url(&self) -> String {
|
|
self.matrix_oauth_redirect_url
|
|
.replace("APP_ORIGIN", &self.website_origin)
|
|
}
|
|
|
|
/// Get Matrix client metadata information
|
|
pub fn matrix_client_metadata(&self) -> ClientMetadata {
|
|
let client_uri = Localized::new(
|
|
Url::parse(&self.website_origin).expect("Invalid website origin!"),
|
|
[],
|
|
);
|
|
ClientMetadata {
|
|
application_type: ApplicationType::Native,
|
|
grant_types: vec![OAuthGrantType::AuthorizationCode {
|
|
redirect_uris: vec![
|
|
Url::parse(&self.matrix_oauth_redirect_url())
|
|
.expect("Failed to parse matrix auth redirect URI!"),
|
|
],
|
|
}],
|
|
client_name: Some(Localized::new("MatrixGW".to_string(), [])),
|
|
logo_uri: Some(Localized::new(
|
|
Url::parse(&format!("{}/favicon.png", self.website_origin))
|
|
.expect("Invalid website origin!"),
|
|
[],
|
|
)),
|
|
policy_uri: Some(client_uri.clone()),
|
|
tos_uri: Some(client_uri.clone()),
|
|
client_uri,
|
|
}
|
|
}
|
|
|
|
/// Get storage path
|
|
pub fn storage_path(&self) -> &Path {
|
|
Path::new(self.storage_path.as_str())
|
|
}
|
|
|
|
/// User storage directory
|
|
pub fn user_directory(&self, mail: &UserEmail) -> PathBuf {
|
|
self.storage_path().join("users").join(sha256str(&mail.0))
|
|
}
|
|
|
|
/// User metadata file
|
|
pub fn user_metadata_file_path(&self, mail: &UserEmail) -> PathBuf {
|
|
self.user_directory(mail).join("metadata.json")
|
|
}
|
|
|
|
/// User API tokens directory
|
|
pub fn user_api_token_directory(&self, mail: &UserEmail) -> PathBuf {
|
|
self.user_directory(mail).join("api-tokens")
|
|
}
|
|
|
|
/// User API token metadata file
|
|
pub fn user_api_token_metadata_file(&self, mail: &UserEmail, id: &APITokenID) -> PathBuf {
|
|
self.user_api_token_directory(mail).join(id.0.to_string())
|
|
}
|
|
|
|
/// Get user Matrix database path
|
|
pub fn user_matrix_db_path(&self, mail: &UserEmail) -> PathBuf {
|
|
self.user_directory(mail).join("matrix-db")
|
|
}
|
|
|
|
/// Get user Matrix database passphrase path
|
|
pub fn user_matrix_passphrase_path(&self, mail: &UserEmail) -> PathBuf {
|
|
self.user_directory(mail).join("matrix-db-passphrase")
|
|
}
|
|
|
|
/// Get user Matrix session file path
|
|
pub fn user_matrix_session_file_path(&self, mail: &UserEmail) -> PathBuf {
|
|
self.user_directory(mail).join("matrix-session.json")
|
|
}
|
|
}
|
|
|
|
#[derive(Debug, Clone, serde::Serialize)]
|
|
pub struct OIDCProvider<'a> {
|
|
pub name: &'a str,
|
|
pub client_id: &'a str,
|
|
pub client_secret: &'a str,
|
|
pub configuration_url: &'a str,
|
|
pub redirect_url: String,
|
|
}
|
|
|
|
#[cfg(test)]
|
|
mod test {
|
|
use crate::app_config::AppConfig;
|
|
|
|
#[test]
|
|
fn verify_cli() {
|
|
use clap::CommandFactory;
|
|
AppConfig::command().debug_assert()
|
|
}
|
|
}
|