forked from nrabulinski/attic
Migrate to jwt-simple
This commit is contained in:
parent
1c2173caac
commit
6c4d04da74
352
Cargo.lock
generated
352
Cargo.lock
generated
|
@ -218,7 +218,6 @@ dependencies = [
|
|||
"humantime",
|
||||
"humantime-serde",
|
||||
"itoa",
|
||||
"jsonwebtoken",
|
||||
"maybe-owned",
|
||||
"rand",
|
||||
"regex",
|
||||
|
@ -248,7 +247,7 @@ dependencies = [
|
|||
"base64 0.20.0",
|
||||
"chrono",
|
||||
"displaydoc",
|
||||
"jsonwebtoken",
|
||||
"jwt-simple",
|
||||
"lazy_static",
|
||||
"regex",
|
||||
"serde",
|
||||
|
@ -680,6 +679,12 @@ dependencies = [
|
|||
"syn",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "base16ct"
|
||||
version = "0.1.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce"
|
||||
|
||||
[[package]]
|
||||
name = "base64"
|
||||
version = "0.13.1"
|
||||
|
@ -701,6 +706,12 @@ dependencies = [
|
|||
"simd-abstraction",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "base64ct"
|
||||
version = "1.5.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b645a089122eccb6111b4f81cbc1a49f5900ac4666bb93ac027feaecf15607bf"
|
||||
|
||||
[[package]]
|
||||
name = "bindgen"
|
||||
version = "0.63.0"
|
||||
|
@ -723,6 +734,12 @@ dependencies = [
|
|||
"which",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "binstring"
|
||||
version = "0.1.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7e0d60973d9320722cb1206f412740e162a33b8547ea8d6be75d7cff237c7a85"
|
||||
|
||||
[[package]]
|
||||
name = "bitflags"
|
||||
version = "1.3.2"
|
||||
|
@ -989,6 +1006,18 @@ dependencies = [
|
|||
"os_str_bytes",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "coarsetime"
|
||||
version = "0.1.22"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "454038500439e141804c655b4cd1bc6a70bcb95cd2bc9463af5661b6956f0e46"
|
||||
dependencies = [
|
||||
"libc",
|
||||
"once_cell",
|
||||
"wasi 0.11.0+wasi-snapshot-preview1",
|
||||
"wasm-bindgen",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "codespan-reporting"
|
||||
version = "0.11.1"
|
||||
|
@ -1048,6 +1077,12 @@ dependencies = [
|
|||
"tracing-subscriber",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "const-oid"
|
||||
version = "0.9.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cec318a675afcb6a1ea1d4340e2d377e56e47c266f28043ceccbf4412ddfdd3b"
|
||||
|
||||
[[package]]
|
||||
name = "const_format"
|
||||
version = "0.2.30"
|
||||
|
@ -1155,6 +1190,18 @@ dependencies = [
|
|||
"cfg-if",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "crypto-bigint"
|
||||
version = "0.4.9"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef"
|
||||
dependencies = [
|
||||
"generic-array",
|
||||
"rand_core",
|
||||
"subtle",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "crypto-common"
|
||||
version = "0.1.6"
|
||||
|
@ -1250,6 +1297,17 @@ dependencies = [
|
|||
"syn",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "der"
|
||||
version = "0.6.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de"
|
||||
dependencies = [
|
||||
"const-oid",
|
||||
"pem-rfc7468",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "derivative"
|
||||
version = "2.2.0"
|
||||
|
@ -1279,6 +1337,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
|||
checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f"
|
||||
dependencies = [
|
||||
"block-buffer",
|
||||
"const-oid",
|
||||
"crypto-common",
|
||||
"subtle",
|
||||
]
|
||||
|
@ -1320,6 +1379,18 @@ version = "0.15.6"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "03d8c417d7a8cb362e0c37e5d815f5eb7c37f79ff93707329d5a194e42e54ca0"
|
||||
|
||||
[[package]]
|
||||
name = "ecdsa"
|
||||
version = "0.14.8"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c"
|
||||
dependencies = [
|
||||
"der",
|
||||
"elliptic-curve",
|
||||
"rfc6979",
|
||||
"signature",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ed25519-compact"
|
||||
version = "2.0.4"
|
||||
|
@ -1336,6 +1407,28 @@ version = "1.8.0"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797"
|
||||
|
||||
[[package]]
|
||||
name = "elliptic-curve"
|
||||
version = "0.12.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3"
|
||||
dependencies = [
|
||||
"base16ct",
|
||||
"crypto-bigint",
|
||||
"der",
|
||||
"digest",
|
||||
"ff",
|
||||
"generic-array",
|
||||
"group",
|
||||
"hkdf",
|
||||
"pem-rfc7468",
|
||||
"pkcs8",
|
||||
"rand_core",
|
||||
"sec1",
|
||||
"subtle",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "encode_unicode"
|
||||
version = "0.3.6"
|
||||
|
@ -1399,6 +1492,16 @@ dependencies = [
|
|||
"instant",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ff"
|
||||
version = "0.12.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160"
|
||||
dependencies = [
|
||||
"rand_core",
|
||||
"subtle",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "flate2"
|
||||
version = "1.0.25"
|
||||
|
@ -1563,6 +1666,17 @@ version = "0.3.0"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574"
|
||||
|
||||
[[package]]
|
||||
name = "group"
|
||||
version = "0.12.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7"
|
||||
dependencies = [
|
||||
"ff",
|
||||
"rand_core",
|
||||
"subtle",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "h2"
|
||||
version = "0.3.15"
|
||||
|
@ -1682,6 +1796,30 @@ dependencies = [
|
|||
"digest",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hmac-sha1-compact"
|
||||
version = "1.1.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "05e2440a0078e20c3b68ca01234cea4219f23e64b0c0bdb1200c5550d54239bb"
|
||||
|
||||
[[package]]
|
||||
name = "hmac-sha256"
|
||||
version = "1.1.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "fc736091aacb31ddaa4cd5f6988b3c21e99913ac846b41f32538c5fae5d71bfe"
|
||||
dependencies = [
|
||||
"digest",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hmac-sha512"
|
||||
version = "1.1.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "520c9c3f6040661669bc5c91e551b605a520c8e0a63a766a91a65adef734d151"
|
||||
dependencies = [
|
||||
"digest",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "http"
|
||||
version = "0.2.8"
|
||||
|
@ -1924,17 +2062,41 @@ dependencies = [
|
|||
]
|
||||
|
||||
[[package]]
|
||||
name = "jsonwebtoken"
|
||||
version = "8.2.0"
|
||||
name = "jwt-simple"
|
||||
version = "0.11.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "09f4f04699947111ec1733e71778d763555737579e44b85844cae8e1940a1828"
|
||||
checksum = "529a00f2d42d7dc349c994e65917c81bf53225831a65361f6c0454124c550f63"
|
||||
dependencies = [
|
||||
"base64 0.13.1",
|
||||
"pem",
|
||||
"ring",
|
||||
"anyhow",
|
||||
"binstring",
|
||||
"coarsetime",
|
||||
"ct-codecs",
|
||||
"ed25519-compact",
|
||||
"hmac-sha1-compact",
|
||||
"hmac-sha256",
|
||||
"hmac-sha512",
|
||||
"k256",
|
||||
"p256",
|
||||
"p384",
|
||||
"rand",
|
||||
"rsa",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"simple_asn1",
|
||||
"spki",
|
||||
"thiserror",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "k256"
|
||||
version = "0.11.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "72c1e0b51e7ec0a97369623508396067a486bd0cbed95a2659a4b863d28cfc8b"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"ecdsa",
|
||||
"elliptic-curve",
|
||||
"sha2",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -1942,6 +2104,9 @@ name = "lazy_static"
|
|||
version = "1.4.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
|
||||
dependencies = [
|
||||
"spin 0.5.2",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "lazycell"
|
||||
|
@ -1965,6 +2130,12 @@ dependencies = [
|
|||
"winapi",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "libm"
|
||||
version = "0.2.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "348108ab3fba42ec82ff6e9564fc4ca0247bdccdc68dd8af9764bbc79c3c8ffb"
|
||||
|
||||
[[package]]
|
||||
name = "libsqlite3-sys"
|
||||
version = "0.24.2"
|
||||
|
@ -2126,6 +2297,23 @@ dependencies = [
|
|||
"num-traits",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "num-bigint-dig"
|
||||
version = "0.8.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2399c9463abc5f909349d8aa9ba080e0b88b3ce2885389b60b993f39b1a56905"
|
||||
dependencies = [
|
||||
"byteorder",
|
||||
"lazy_static",
|
||||
"libm",
|
||||
"num-integer",
|
||||
"num-iter",
|
||||
"num-traits",
|
||||
"rand",
|
||||
"smallvec",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "num-integer"
|
||||
version = "0.1.45"
|
||||
|
@ -2136,6 +2324,17 @@ dependencies = [
|
|||
"num-traits",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "num-iter"
|
||||
version = "0.1.43"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252"
|
||||
dependencies = [
|
||||
"autocfg",
|
||||
"num-integer",
|
||||
"num-traits",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "num-traits"
|
||||
version = "0.2.15"
|
||||
|
@ -2143,6 +2342,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
|||
checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
|
||||
dependencies = [
|
||||
"autocfg",
|
||||
"libm",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -2163,9 +2363,9 @@ checksum = "830b246a0e5f20af87141b25c173cd1b609bd7779a4617d6ec582abaf90870f3"
|
|||
|
||||
[[package]]
|
||||
name = "once_cell"
|
||||
version = "1.16.0"
|
||||
version = "1.17.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "86f0b0d4bf799edbc74508c1e8bf170ff5f41238e5f8225603ca7caaae2b7860"
|
||||
checksum = "6f61fba1741ea2b3d6a1e3178721804bb716a68a6aeba1149b5d52e3d464ea66"
|
||||
|
||||
[[package]]
|
||||
name = "openssl-probe"
|
||||
|
@ -2214,6 +2414,28 @@ version = "0.1.1"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
|
||||
|
||||
[[package]]
|
||||
name = "p256"
|
||||
version = "0.11.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "51f44edd08f51e2ade572f141051021c5af22677e42b7dd28a88155151c33594"
|
||||
dependencies = [
|
||||
"ecdsa",
|
||||
"elliptic-curve",
|
||||
"sha2",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "p384"
|
||||
version = "0.11.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "dfc8c5bf642dde52bb9e87c0ecd8ca5a76faac2eeed98dedb7c717997e1080aa"
|
||||
dependencies = [
|
||||
"ecdsa",
|
||||
"elliptic-curve",
|
||||
"sha2",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "parking_lot"
|
||||
version = "0.11.2"
|
||||
|
@ -2252,12 +2474,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
|||
checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
|
||||
|
||||
[[package]]
|
||||
name = "pem"
|
||||
version = "1.1.0"
|
||||
name = "pem-rfc7468"
|
||||
version = "0.6.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "03c64931a1a212348ec4f3b4362585eca7159d0d09cbdf4a7f74f02173596fd4"
|
||||
checksum = "24d159833a9105500e0398934e205e0773f0b27529557134ecfc51c27646adac"
|
||||
dependencies = [
|
||||
"base64 0.13.1",
|
||||
"base64ct",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -2298,6 +2520,28 @@ version = "0.1.0"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
|
||||
|
||||
[[package]]
|
||||
name = "pkcs1"
|
||||
version = "0.4.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "eff33bdbdfc54cc98a2eca766ebdec3e1b8fb7387523d5c9c9a2891da856f719"
|
||||
dependencies = [
|
||||
"der",
|
||||
"pkcs8",
|
||||
"spki",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "pkcs8"
|
||||
version = "0.9.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba"
|
||||
dependencies = [
|
||||
"der",
|
||||
"spki",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "pkg-config"
|
||||
version = "0.3.26"
|
||||
|
@ -2554,6 +2798,17 @@ dependencies = [
|
|||
"winreg",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rfc6979"
|
||||
version = "0.3.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb"
|
||||
dependencies = [
|
||||
"crypto-bigint",
|
||||
"hmac",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ring"
|
||||
version = "0.16.20"
|
||||
|
@ -2594,6 +2849,27 @@ dependencies = [
|
|||
"syn",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rsa"
|
||||
version = "0.7.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "094052d5470cbcef561cb848a7209968c9f12dfa6d668f4bca048ac5de51099c"
|
||||
dependencies = [
|
||||
"byteorder",
|
||||
"digest",
|
||||
"num-bigint-dig",
|
||||
"num-integer",
|
||||
"num-iter",
|
||||
"num-traits",
|
||||
"pkcs1",
|
||||
"pkcs8",
|
||||
"rand_core",
|
||||
"signature",
|
||||
"smallvec",
|
||||
"subtle",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rust_decimal"
|
||||
version = "1.27.0"
|
||||
|
@ -2884,6 +3160,20 @@ version = "4.1.0"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1c107b6f4780854c8b126e228ea8869f4d7b71260f962fefb57b996b8959ba6b"
|
||||
|
||||
[[package]]
|
||||
name = "sec1"
|
||||
version = "0.3.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928"
|
||||
dependencies = [
|
||||
"base16ct",
|
||||
"der",
|
||||
"generic-array",
|
||||
"pkcs8",
|
||||
"subtle",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "security-framework"
|
||||
version = "2.7.0"
|
||||
|
@ -3062,6 +3352,16 @@ dependencies = [
|
|||
"libc",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "signature"
|
||||
version = "1.6.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
|
||||
dependencies = [
|
||||
"digest",
|
||||
"rand_core",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "simd-abstraction"
|
||||
version = "0.7.1"
|
||||
|
@ -3071,18 +3371,6 @@ dependencies = [
|
|||
"outref",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "simple_asn1"
|
||||
version = "0.6.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "adc4e5204eb1910f40f9cfa375f6f05b68c3abac4b6fd879c8ff5e7ae8a0a085"
|
||||
dependencies = [
|
||||
"num-bigint",
|
||||
"num-traits",
|
||||
"thiserror",
|
||||
"time 0.3.17",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "slab"
|
||||
version = "0.4.7"
|
||||
|
@ -3123,6 +3411,16 @@ dependencies = [
|
|||
"lock_api",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "spki"
|
||||
version = "0.6.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b"
|
||||
dependencies = [
|
||||
"base64ct",
|
||||
"der",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "sqlformat"
|
||||
version = "0.2.0"
|
||||
|
|
|
@ -41,7 +41,6 @@ hex = "0.4.3"
|
|||
humantime = "2.1.0"
|
||||
humantime-serde = "1.1.1"
|
||||
itoa = "1.0.5"
|
||||
jsonwebtoken = "8.2.0"
|
||||
maybe-owned = "0.3.4"
|
||||
rand = "0.8.5"
|
||||
regex = "1.7.0"
|
||||
|
|
|
@ -30,7 +30,7 @@ impl AuthState {
|
|||
///
|
||||
/// Currently it's the `sub` claim of the JWT.
|
||||
pub fn username(&self) -> Option<&str> {
|
||||
self.token.get().map(|token| token.sub())
|
||||
self.token.get().and_then(|token| token.sub())
|
||||
}
|
||||
|
||||
/// Finds and performs authorization for a cache.
|
||||
|
@ -101,7 +101,7 @@ pub async fn apply_auth<B>(req: Request<B>, next: Next<B>) -> Response {
|
|||
.and_then(parse_authorization_header)
|
||||
.and_then(|jwt| {
|
||||
let state = req.extensions().get::<State>().unwrap();
|
||||
let res_token = Token::from_jwt(&jwt, &state.config.token_hs256_secret.decoding);
|
||||
let res_token = Token::from_jwt(&jwt, &state.config.token_hs256_secret);
|
||||
if let Err(e) = &res_token {
|
||||
tracing::debug!("Ignoring bad JWT token: {}", e);
|
||||
}
|
||||
|
|
|
@ -115,7 +115,7 @@ pub async fn run(config: Config, opts: Opts) -> Result<()> {
|
|||
if sub.dump_claims {
|
||||
println!("{}", serde_json::to_string(token.opaque_claims())?);
|
||||
} else {
|
||||
let encoded_token = token.encode(&config.token_hs256_secret.encoding)?;
|
||||
let encoded_token = token.encode(&config.token_hs256_secret)?;
|
||||
println!("{}", encoded_token);
|
||||
}
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ use derivative::Derivative;
|
|||
use serde::{de, Deserialize};
|
||||
use xdg::BaseDirectories;
|
||||
|
||||
use crate::access::{JwtDecodingKey, JwtEncodingKey};
|
||||
use crate::access::{decode_token_hs256_secret_base64, HS256Key};
|
||||
use crate::narinfo::Compression as NixCompression;
|
||||
use crate::storage::{LocalStorageConfig, S3StorageConfig};
|
||||
|
||||
|
@ -28,12 +28,6 @@ const ENV_CONFIG_BASE64: &str = "ATTIC_SERVER_CONFIG_BASE64";
|
|||
/// Environment variable storing the Base64-encoded HS256 JWT secret.
|
||||
const ENV_TOKEN_HS256_SECRET_BASE64: &str = "ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64";
|
||||
|
||||
#[derive(Clone)]
|
||||
pub struct JwtKeys {
|
||||
pub decoding: JwtDecodingKey,
|
||||
pub encoding: JwtEncodingKey,
|
||||
}
|
||||
|
||||
/// Configuration for the Attic Server.
|
||||
#[derive(Clone, Derivative, Deserialize)]
|
||||
#[derivative(Debug)]
|
||||
|
@ -102,10 +96,10 @@ pub struct Config {
|
|||
///
|
||||
/// Set this to the base64 encoding of a randomly generated secret.
|
||||
#[serde(rename = "token-hs256-secret-base64")]
|
||||
#[serde(deserialize_with = "deserialize_base64_jwt_secret")]
|
||||
#[serde(default = "JwtKeys::load_from_env")]
|
||||
#[serde(deserialize_with = "deserialize_token_hs256_secret_base64")]
|
||||
#[serde(default = "load_token_hs256_secret_from_env")]
|
||||
#[derivative(Debug = "ignore")]
|
||||
pub token_hs256_secret: JwtKeys,
|
||||
pub token_hs256_secret: HS256Key,
|
||||
}
|
||||
|
||||
/// Database connection configuration.
|
||||
|
@ -189,18 +183,11 @@ pub struct GarbageCollectionConfig {
|
|||
pub default_retention_period: Duration,
|
||||
}
|
||||
|
||||
impl JwtKeys {
|
||||
fn load_from_env() -> Self {
|
||||
let s = env::var(ENV_TOKEN_HS256_SECRET_BASE64)
|
||||
.expect("The HS256 secret must be specified in either token_hs256_secret or the ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64 environment.");
|
||||
fn load_token_hs256_secret_from_env() -> HS256Key {
|
||||
let s = env::var(ENV_TOKEN_HS256_SECRET_BASE64)
|
||||
.expect("The HS256 secret must be specified in either token_hs256_secret or the ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64 environment.");
|
||||
|
||||
let decoding = JwtDecodingKey::from_base64_secret(&s)
|
||||
.expect("Failed to load as decoding key");
|
||||
let encoding = JwtEncodingKey::from_base64_secret(&s)
|
||||
.expect("Failed to load as decoding key");
|
||||
|
||||
Self { decoding, encoding }
|
||||
}
|
||||
decode_token_hs256_secret_base64(&s).expect("Failed to load as decoding key")
|
||||
}
|
||||
|
||||
impl CompressionConfig {
|
||||
|
@ -247,17 +234,16 @@ impl Default for GarbageCollectionConfig {
|
|||
}
|
||||
}
|
||||
|
||||
fn deserialize_base64_jwt_secret<'de, D>(deserializer: D) -> Result<JwtKeys, D::Error>
|
||||
fn deserialize_token_hs256_secret_base64<'de, D>(deserializer: D) -> Result<HS256Key, D::Error>
|
||||
where
|
||||
D: de::Deserializer<'de>,
|
||||
{
|
||||
use de::Error;
|
||||
|
||||
let s = String::deserialize(deserializer)?;
|
||||
let decoding = JwtDecodingKey::from_base64_secret(&s).map_err(Error::custom)?;
|
||||
let encoding = JwtEncodingKey::from_base64_secret(&s).map_err(Error::custom)?;
|
||||
let key = decode_token_hs256_secret_base64(&s).map_err(Error::custom)?;
|
||||
|
||||
Ok(JwtKeys { decoding, encoding })
|
||||
Ok(key)
|
||||
}
|
||||
|
||||
fn default_listen_address() -> SocketAddr {
|
||||
|
|
|
@ -17,7 +17,7 @@ use rand::distributions::Alphanumeric;
|
|||
use rand::Rng;
|
||||
use tokio::fs::{self, OpenOptions};
|
||||
|
||||
use crate::access::{JwtEncodingKey, Token};
|
||||
use crate::access::{decode_token_hs256_secret_base64, Token};
|
||||
use crate::config;
|
||||
use attic::cache::CacheNamePattern;
|
||||
|
||||
|
@ -75,8 +75,8 @@ pub async fn run_oobe() -> Result<()> {
|
|||
perm.configure_cache_retention = true;
|
||||
perm.destroy_cache = true;
|
||||
|
||||
let encoding_key = JwtEncodingKey::from_base64_secret(&hs256_secret_base64)?;
|
||||
token.encode(&encoding_key)?
|
||||
let key = decode_token_hs256_secret_base64(&hs256_secret_base64).unwrap();
|
||||
token.encode(&key)?
|
||||
};
|
||||
|
||||
eprintln!();
|
||||
|
|
|
@ -11,7 +11,7 @@ attic = { path = "../attic", default-features = false }
|
|||
base64 = "0.20.0"
|
||||
chrono = "0.4.23"
|
||||
displaydoc = "0.2.3"
|
||||
jsonwebtoken = "8.2.0"
|
||||
jwt-simple = "0.11.2"
|
||||
lazy_static = "1.4.0"
|
||||
regex = "1.7.0"
|
||||
serde = "1.0.151"
|
||||
|
|
|
@ -73,9 +73,10 @@ use std::error::Error as StdError;
|
|||
|
||||
use chrono::{DateTime, Utc};
|
||||
use displaydoc::Display;
|
||||
pub use jsonwebtoken::{
|
||||
Algorithm as JwtAlgorithm, DecodingKey as JwtDecodingKey, EncodingKey as JwtEncodingKey,
|
||||
Header as JwtHeader, Validation as JwtValidation,
|
||||
pub use jwt_simple::{
|
||||
algorithms::{HS256Key, MACLike},
|
||||
claims::{Claims, JWTClaims},
|
||||
prelude::UnixTimeStamp,
|
||||
};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use serde_with::{serde_as, BoolFromInt};
|
||||
|
@ -111,17 +112,11 @@ macro_rules! require_permission_function {
|
|||
|
||||
/// A validated JSON Web Token.
|
||||
#[derive(Debug)]
|
||||
pub struct Token(jsonwebtoken::TokenData<TokenClaims>);
|
||||
pub struct Token(JWTClaims<TokenClaims>);
|
||||
|
||||
/// Claims of a JSON Web Token.
|
||||
#[derive(Debug, Serialize, Deserialize)]
|
||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||
struct TokenClaims {
|
||||
/// Subject.
|
||||
sub: String,
|
||||
|
||||
/// Expiration timestamp.
|
||||
exp: usize,
|
||||
|
||||
/// Attic namespace.
|
||||
#[serde(rename = "https://jwt.attic.rs/v1")]
|
||||
attic_ns: AtticAccess,
|
||||
|
@ -208,14 +203,16 @@ pub enum Error {
|
|||
PermissionDenied,
|
||||
|
||||
/// JWT error: {0}
|
||||
TokenError(jsonwebtoken::errors::Error),
|
||||
TokenError(jwt_simple::Error),
|
||||
|
||||
/// Base64 decode error: {0}
|
||||
Base64Error(base64::DecodeError),
|
||||
}
|
||||
|
||||
impl Token {
|
||||
/// Verifies and decodes a token.
|
||||
pub fn from_jwt(token: &str, key: &JwtDecodingKey) -> Result<Self> {
|
||||
let validation = JwtValidation::default();
|
||||
jsonwebtoken::decode::<TokenClaims>(token, key, &validation)
|
||||
pub fn from_jwt(token: &str, key: &HS256Key) -> Result<Self> {
|
||||
key.verify_token(token, None)
|
||||
.map_err(|e| Error::TokenError(e))
|
||||
.map(Token)
|
||||
}
|
||||
|
@ -223,31 +220,38 @@ impl Token {
|
|||
/// Creates a new token with an expiration timestamp.
|
||||
pub fn new(sub: String, exp: &DateTime<Utc>) -> Self {
|
||||
let claims = TokenClaims {
|
||||
sub,
|
||||
exp: exp.timestamp() as usize,
|
||||
attic_ns: Default::default(),
|
||||
};
|
||||
|
||||
Self(jsonwebtoken::TokenData {
|
||||
header: JwtHeader::new(JwtAlgorithm::HS256),
|
||||
claims,
|
||||
Self(JWTClaims {
|
||||
issued_at: None,
|
||||
expires_at: Some(UnixTimeStamp::from_secs(
|
||||
exp.timestamp().try_into().unwrap(),
|
||||
)),
|
||||
invalid_before: None,
|
||||
issuer: None,
|
||||
subject: Some(sub),
|
||||
audiences: None,
|
||||
jwt_id: None,
|
||||
nonce: None,
|
||||
custom: claims,
|
||||
})
|
||||
}
|
||||
|
||||
/// Encodes the token.
|
||||
pub fn encode(&self, key: &JwtEncodingKey) -> Result<String> {
|
||||
jsonwebtoken::encode(&self.0.header, &self.0.claims, key)
|
||||
pub fn encode(&self, key: &HS256Key) -> Result<String> {
|
||||
key.authenticate(self.0.clone())
|
||||
.map_err(|e| Error::TokenError(e))
|
||||
}
|
||||
|
||||
/// Returns the subject of the token.
|
||||
pub fn sub(&self) -> &str {
|
||||
self.0.claims.sub.as_str()
|
||||
pub fn sub(&self) -> Option<&str> {
|
||||
self.0.subject.as_deref()
|
||||
}
|
||||
|
||||
/// Returns the claims as a serializable value.
|
||||
pub fn opaque_claims(&self) -> &impl Serialize {
|
||||
&self.0.claims
|
||||
&self.0
|
||||
}
|
||||
|
||||
/// Returns a mutable reference to a permission entry.
|
||||
|
@ -283,11 +287,11 @@ impl Token {
|
|||
}
|
||||
|
||||
fn attic_access(&self) -> &AtticAccess {
|
||||
&self.0.claims.attic_ns
|
||||
&self.0.custom.attic_ns
|
||||
}
|
||||
|
||||
fn attic_access_mut(&mut self) -> &mut AtticAccess {
|
||||
&mut self.0.claims.attic_ns
|
||||
&mut self.0.custom.attic_ns
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -356,6 +360,11 @@ impl Default for CachePermission {
|
|||
|
||||
impl StdError for Error {}
|
||||
|
||||
pub fn decode_token_hs256_secret_base64(s: &str) -> Result<HS256Key> {
|
||||
let secret = base64::decode(s).map_err(Error::Base64Error)?;
|
||||
Ok(HS256Key::from_bytes(&secret))
|
||||
}
|
||||
|
||||
// bruh
|
||||
fn is_false(b: &bool) -> bool {
|
||||
!b
|
||||
|
|
|
@ -13,8 +13,7 @@ fn test_basic() {
|
|||
// "very secure secret"
|
||||
let base64_secret = "dmVyeSBzZWN1cmUgc2VjcmV0";
|
||||
|
||||
let dec_key =
|
||||
JwtDecodingKey::from_base64_secret(base64_secret).expect("Could not import decoding key");
|
||||
let dec_key = decode_token_hs256_secret_base64(base64_secret).unwrap();
|
||||
|
||||
/*
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue