From 0ecc852f3761f7d956e62d98e4f7be6afda967db Mon Sep 17 00:00:00 2001 From: Quentin Boyer Date: Mon, 30 Dec 2024 22:39:02 +0100 Subject: [PATCH] Remove the dependency on boringssl --- Cargo.lock | 299 ---------------------------------------------- Cargo.toml | 2 - nixos/default.nix | 10 -- src/main.rs | 60 +--------- src/routes/mod.rs | 81 ++----------- 5 files changed, 10 insertions(+), 442 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5b20691..96ce226 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -152,12 +152,6 @@ dependencies = [ "uuid", ] -[[package]] -name = "arrayref" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76a2e8124351fda1ef8aaaa3bbd7ebbcb486bbcd4225aca0aa0d84bb2db8fecb" - [[package]] name = "arrayvec" version = "0.7.6" @@ -493,30 +487,6 @@ dependencies = [ "serde", ] -[[package]] -name = "bindgen" -version = "0.70.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f49d8fed880d473ea71efb9bf597651e77201bdd4893efe54c9e5d65ae04ce6f" -dependencies = [ - "bitflags 2.6.0", - "cexpr", - "clang-sys", - "itertools 0.13.0", - "proc-macro2", - "quote", - "regex", - "rustc-hash", - "shlex", - "syn 2.0.93", -] - -[[package]] -name = "binstring" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed79c2a8151273c70956b5e3cdfdc1ff6c1a8b9779ba59c6807d281b32ee2f86" - [[package]] name = "bitflags" version = "1.3.2" @@ -544,17 +514,6 @@ dependencies = [ "wyz", ] -[[package]] -name = "blake2b_simd" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23285ad32269793932e830392f2fe2f83e26488fd3ec778883a93c8323735780" -dependencies = [ - "arrayref", - "arrayvec", - "constant_time_eq", -] - [[package]] name = "block-buffer" version = "0.10.4" @@ -577,33 +536,6 @@ dependencies = [ "piper", ] -[[package]] -name = "boring" -version = "4.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f5aac023c3ba13725de1604aff621a9dbf9a4f3af1ea6fb712bca91ad729a8e" -dependencies = [ - "bitflags 2.6.0", - "boring-sys", - "foreign-types", - "libc", - "once_cell", - "openssl-macros", -] - -[[package]] -name = "boring-sys" -version = "4.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebabcc15924f3244f244cfb1dfe43c0b28236ea8c1f71dc8e5a146eae0342d79" -dependencies = [ - "autocfg", - "bindgen", - "cmake", - "fs_extra", - "fslock", -] - [[package]] name = "borsh" version = "1.5.3" @@ -676,15 +608,6 @@ dependencies = [ "shlex", ] -[[package]] -name = "cexpr" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" -dependencies = [ - "nom", -] - [[package]] name = "cfg-if" version = "1.0.0" @@ -712,17 +635,6 @@ dependencies = [ "windows-targets 0.52.6", ] -[[package]] -name = "clang-sys" -version = "1.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" -dependencies = [ - "glob", - "libc", - "libloading", -] - [[package]] name = "clap" version = "4.5.23" @@ -763,26 +675,6 @@ version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6" -[[package]] -name = "cmake" -version = "0.1.52" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c682c223677e0e5b6b7f63a64b9351844c3f1b1678a68b7ee617e30fb082620e" -dependencies = [ - "cc", -] - -[[package]] -name = "coarsetime" -version = "0.1.35" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4252bf230cb600c19826a575b31c8c9c84c6f11acfab6dfcad2e941b10b6f8e2" -dependencies = [ - "libc", - "wasix", - "wasm-bindgen", -] - [[package]] name = "colorchoice" version = "1.0.3" @@ -804,12 +696,6 @@ version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" -[[package]] -name = "constant_time_eq" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6" - [[package]] name = "cookie" version = "0.18.1" @@ -898,12 +784,6 @@ dependencies = [ "typenum", ] -[[package]] -name = "ct-codecs" -version = "1.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b916ba8ce9e4182696896f015e8a5ae6081b305f74690baa8465e35f5a142ea4" - [[package]] name = "curve25519-dalek" version = "4.1.3" @@ -1046,16 +926,6 @@ dependencies = [ "signature", ] -[[package]] -name = "ed25519-compact" -version = "2.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e9b3460f44bea8cd47f45a0c70892f1eff856d97cd55358b2f73f663789f6190" -dependencies = [ - "ct-codecs", - "getrandom", -] - [[package]] name = "ed25519-dalek" version = "2.1.1" @@ -1212,33 +1082,6 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" -[[package]] -name = "foreign-types" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d737d9aa519fb7b749cbc3b962edcf310a8dd1f4b67c91c4f83975dbdd17d965" -dependencies = [ - "foreign-types-macros", - "foreign-types-shared", -] - -[[package]] -name = "foreign-types-macros" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a5c6c585bc94aaf2c7b51dd4c2ba22680844aba4c687be581871a6f518c5742" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.93", -] - -[[package]] -name = "foreign-types-shared" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa9a19cbb55df58761df49b23516a86d432839add4af60fc256da840f66ed35b" - [[package]] name = "form_urlencoded" version = "1.2.1" @@ -1248,22 +1091,6 @@ dependencies = [ "percent-encoding", ] -[[package]] -name = "fs_extra" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" - -[[package]] -name = "fslock" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04412b8935272e3a9bae6f48c7bfff74c2911f60525404edfdd28e49884c3bfb" -dependencies = [ - "libc", - "winapi", -] - [[package]] name = "funty" version = "2.0.0" @@ -1555,30 +1382,6 @@ dependencies = [ "digest", ] -[[package]] -name = "hmac-sha1-compact" -version = "1.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18492c9f6f9a560e0d346369b665ad2bdbc89fa9bceca75796584e79042694c3" - -[[package]] -name = "hmac-sha256" -version = "1.1.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4a8575493d277c9092b988c780c94737fb9fd8651a1001e16bee3eccfc1baedb" -dependencies = [ - "digest", -] - -[[package]] -name = "hmac-sha512" -version = "1.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0b3a0f572aa8389d325f5852b9e0a333a15b0f86ecccbb3fdb6e97cd86dc67c" -dependencies = [ - "digest", -] - [[package]] name = "home" version = "0.5.11" @@ -1980,15 +1783,6 @@ dependencies = [ "either", ] -[[package]] -name = "itertools" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" -dependencies = [ - "either", -] - [[package]] name = "itoa" version = "1.0.14" @@ -2005,47 +1799,6 @@ dependencies = [ "wasm-bindgen", ] -[[package]] -name = "jwt-simple" -version = "0.12.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b00e03c08ce71da10a3ad9267b963c03fc4234a56713d87648547b3fdda872a6" -dependencies = [ - "anyhow", - "binstring", - "blake2b_simd", - "boring", - "coarsetime", - "ct-codecs", - "ed25519-compact", - "hmac-sha1-compact", - "hmac-sha256", - "hmac-sha512", - "k256", - "p256", - "p384", - "rand", - "serde", - "serde_json", - "superboring", - "thiserror 2.0.9", - "zeroize", -] - -[[package]] -name = "k256" -version = "0.13.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6e3919bbaa2945715f0bb6d3934a173d1e9a59ac23767fbaaef277265a7411b" -dependencies = [ - "cfg-if", - "ecdsa", - "elliptic-curve", - "once_cell", - "sha2", - "signature", -] - [[package]] name = "kv-log-macro" version = "1.0.7" @@ -2070,16 +1823,6 @@ version = "0.2.169" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a" -[[package]] -name = "libloading" -version = "0.8.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34" -dependencies = [ - "cfg-if", - "windows-targets 0.52.6", -] - [[package]] name = "libm" version = "0.2.11" @@ -2433,17 +2176,6 @@ dependencies = [ "url", ] -[[package]] -name = "openssl-macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.93", -] - [[package]] name = "ordered-float" version = "2.10.1" @@ -2897,9 +2629,7 @@ dependencies = [ "api", "axum", "axum-extra", - "base64 0.22.1", "envious", - "jwt-simple", "maud", "migration", "openidconnect", @@ -3106,7 +2836,6 @@ dependencies = [ "pkcs1", "pkcs8", "rand_core", - "sha2", "signature", "spki", "subtle", @@ -3135,12 +2864,6 @@ version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" -[[package]] -name = "rustc-hash" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" - [[package]] name = "rustc_version" version = "0.4.1" @@ -3949,19 +3672,6 @@ version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" -[[package]] -name = "superboring" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "515cce34a781d7250b8a65706e0f2a5b99236ea605cb235d4baed6685820478f" -dependencies = [ - "getrandom", - "hmac-sha256", - "hmac-sha512", - "rand", - "rsa", -] - [[package]] name = "syn" version = "1.0.109" @@ -4599,15 +4309,6 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b" -[[package]] -name = "wasix" -version = "0.12.21" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1fbb4ef9bbca0c1170e0b00dd28abc9e3b68669821600cad1caaed606583c6d" -dependencies = [ - "wasi", -] - [[package]] name = "wasm-bindgen" version = "0.2.99" diff --git a/Cargo.toml b/Cargo.toml index b450b38..bbf60d7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,8 +11,6 @@ members = [".", "api", "migration"] anyhow = "1.0.95" axum = { version = "0.7.9", features = ["macros"] } axum-extra = { version = "0.9", features = ["cookie"] } -base64 = "0.22.1" -jwt-simple = "0.12.11" serde = { version = "1.0.217", features = ["derive"] } tokio = { version = "1", features = ["macros", "rt", "rt-multi-thread"] } tracing = "0.1.41" diff --git a/nixos/default.nix b/nixos/default.nix index 5e2f200..7fbd57a 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -15,15 +15,6 @@ with lib; { }; settings = { - jwtSecret = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - The JWT secret to be used by the application. Should be passed through environmentFile, - with REGALADE_JWT_SECRET. - ''; - }; - host = mkOption { type = types.str; default = "0.0.0.0"; @@ -129,7 +120,6 @@ with lib; { environment = { REGALADE_DATABASE_URL = cfg.settings.databaseUrl; - REGALADE_JWT_SECRET = cfg.settings.jwtSecret; REGALADE_HOST = cfg.settings.host; REGALADE_PORT = toString cfg.settings.port; REGALADE_API_ALLOWED = cfg.settings.apiAllowed; diff --git a/src/main.rs b/src/main.rs index f24eaa5..d259938 100644 --- a/src/main.rs +++ b/src/main.rs @@ -7,8 +7,6 @@ use std::{ use anyhow::anyhow; use axum::Router; -use base64::{engine::general_purpose, Engine}; -use jwt_simple::prelude::HS256Key; use migration::{Migrator, MigratorTrait}; use openidconnect::{ core::{CoreAuthenticationFlow, CoreClient, CoreProviderMetadata}, @@ -17,7 +15,7 @@ use openidconnect::{ OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, TokenResponse, }; use sea_orm::{ConnectOptions, Database, DatabaseConnection}; -use serde::{Deserialize, Deserializer, Serialize, Serializer}; +use serde::{Deserialize, Deserializer}; use time::OffsetDateTime; use tower_http::services::{ServeDir, ServeFile}; use tower_sessions::{session_store::ExpiredDeletion, SessionManagerLayer}; @@ -32,59 +30,6 @@ mod routes; const SESSION_DURATION: time::Duration = time::Duration::weeks(26); -#[derive(Clone)] -pub(crate) struct Base64(pub(crate) HS256Key); - -impl std::fmt::Debug for Base64 { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - write!( - f, - r#"b64"{}""#, - &general_purpose::STANDARD.encode(self.0.to_bytes()) - ) - } -} - -impl Serialize for Base64 { - fn serialize(&self, ser: S) -> Result - where - S: Serializer, - { - ser.serialize_str(&general_purpose::STANDARD.encode(self.0.to_bytes())) - } -} - -impl<'de> Deserialize<'de> for Base64 { - fn deserialize(de: D) -> Result - where - D: Deserializer<'de>, - { - use serde::de::Visitor; - - struct DecodingVisitor; - impl<'de> Visitor<'de> for DecodingVisitor { - type Value = Base64; - - fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result { - formatter.write_str("must be a base 64 string") - } - - fn visit_str(self, v: &str) -> Result - where - E: serde::de::Error, - { - general_purpose::STANDARD - .decode(v) - .map_err(E::custom) - .map(|b| HS256Key::from_bytes(&b)) - .map(Base64) - } - } - - de.deserialize_str(DecodingVisitor) - } -} - fn deserialize_comma<'de, D>(de: D) -> Result, D::Error> where D: Deserializer<'de>, @@ -134,7 +79,6 @@ fn default_port() -> u16 { #[derive(Deserialize, Debug)] #[serde(rename_all = "UPPERCASE")] struct Settings { - jwt_secret: Base64, #[serde(default = "default_host")] host: String, #[serde(default = "default_port")] @@ -160,7 +104,6 @@ impl Settings { } struct AppState { - jwt_secret: Base64, db: DatabaseConnection, oidc: Option, sessions: Arc, @@ -396,7 +339,6 @@ async fn main() -> anyhow::Result<()> { )); let state = Arc::new(AppState { - jwt_secret: config.jwt_secret, db: Database::connect(opt).await?, sessions: sessions.into(), oidc, diff --git a/src/routes/mod.rs b/src/routes/mod.rs index 09bad15..2d543fd 100644 --- a/src/routes/mod.rs +++ b/src/routes/mod.rs @@ -4,7 +4,6 @@ use api::{LoginRequest, LoginResponse, UserInfo}; use axum::{ async_trait, extract::{FromRef, FromRequestParts, Path, Query, State}, - //headers::{authorization::Bearer, Authorization}, http::{ header::{AUTHORIZATION, CONTENT_TYPE}, request::Parts, @@ -12,13 +11,11 @@ use axum::{ }, response::{IntoResponse, Redirect}, routing::{delete, get, patch, post, put}, - Json, - Router, + Json, Router, }; use axum_extra::extract::cookie::{Cookie, CookieJar, SameSite}; -use jwt_simple::prelude::*; use sea_orm::{prelude::*, ActiveValue, TransactionError}; -use sha2::{Digest, Sha512}; +use serde::Deserialize; use tower_http::cors::{self, AllowOrigin, CorsLayer}; use crate::entity::{prelude::*, user}; @@ -33,10 +30,6 @@ enum RouteError { UnknownAccount, #[error("Database encountered an error")] Db(#[from] DbErr), - #[error("JWT error encountered")] - Jwt(#[from] jwt_simple::Error), - #[error("User provided JWT token is invalid")] - UserJwt(jwt_simple::Error), #[error("Request is missing the bearer token")] MissingAuthorization, #[error("User tried to edit an unauthorized ressource")] @@ -69,10 +62,6 @@ impl IntoResponse for RouteError { RouteError::MissingAuthorization => { (StatusCode::BAD_REQUEST, "Missing authorization header").into_response() } - RouteError::UserJwt(e) => { - tracing::debug!("Invalid user JWT: {e:?}"); - (StatusCode::BAD_REQUEST, "Invalid authorization header").into_response() - } RouteError::PathRejection(p) => p.into_response(), RouteError::Unauthorized => ( StatusCode::UNAUTHORIZED, @@ -109,63 +98,16 @@ where { type Rejection = RouteError; - async fn from_request_parts(parts: &mut Parts, state: &S) -> Result { - // let State(app_state): State = State::from_request_parts(parts, state) - // .await - // .expect("Could not get state"); - // - // let TypedHeader(Authorization(bearer)) = - // TypedHeader::>::from_request_parts(parts, state) - // .await - // .map_err(|_| RouteError::MissingAuthorization)?; - // - // let claims = app_state - // .jwt_secret - // .0 - // .verify_token::(bearer.token(), None) - // .map_err(RouteError::UserJwt)?; - // - // let model = User::find_by_id(claims.subject.unwrap().parse::().unwrap()) - // .one(&app_state.db) - // .await? - // .unwrap(); - // - // Ok(AuthenticatedUser { model }) - todo!() + async fn from_request_parts(_parts: &mut Parts, _state: &S) -> Result { + Err(RouteError::Unauthorized) } } async fn login( - State(state): State, - Json(req): Json, + State(_state): State, + Json(_req): Json, ) -> JsonResult { - let Some(user) = User::find() - .filter(user::Column::Name.eq(&req.username)) - .one(&state.db) - .await? - else { - return Err(RouteError::UnknownAccount); - }; - - let Some(password) = user.password.as_ref() else { - return Err(RouteError::UnknownAccount); - }; - - let mut hasher = Sha512::new(); - hasher.update(user.id.as_bytes()); - hasher.update(req.password.as_bytes()); - let hash = hasher.finalize(); - - if &hash[..] != password { - return Err(RouteError::UnknownAccount); - } - - let mut claims = Claims::create(Duration::from_secs(3600 * 24 * 31 * 6)); - claims.subject = Some(user.id.to_string()); - - let token = state.jwt_secret.0.authenticate(claims)?; - - Ok(Json(LoginResponse { token })) + return Err(RouteError::Unauthorized); } #[derive(Deserialize)] @@ -227,7 +169,7 @@ async fn oidc_login_finish( .one(&state.db) .await?; - let user = match user { + match user { None => { let model = user::ActiveModel { id: ActiveValue::Set(Uuid::new_v4()), @@ -247,12 +189,7 @@ async fn oidc_login_finish( } }; - let mut claims = Claims::create(Duration::from_secs(3600 * 24 * 31 * 6)); - claims.subject = Some(user.id.to_string()); - - let _token = state.jwt_secret.0.authenticate(claims)?; - - panic!("Oidc login app only"); + return Err(RouteError::Unauthorized); } } }