Remove the dependency on boringssl

2024-12-30 22:39:02 +01:00 · 2024-12-30 22:39:02 +01:00 · 0ecc852f37
commit 0ecc852f37
parent 720b7cef6a
5 changed files with 10 additions and 442 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -152,12 +152,6 @@ dependencies = [
 "uuid",
 ]
 [[package]]
 name = "arrayref"
 version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "76a2e8124351fda1ef8aaaa3bbd7ebbcb486bbcd4225aca0aa0d84bb2db8fecb"
 [[package]]
 name = "arrayvec"
 version = "0.7.6"
@ -493,30 +487,6 @@ dependencies = [
 "serde",
 ]
 [[package]]
 name = "bindgen"
 version = "0.70.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f49d8fed880d473ea71efb9bf597651e77201bdd4893efe54c9e5d65ae04ce6f"
 dependencies = [
 "bitflags 2.6.0",
 "cexpr",
 "clang-sys",
 "itertools 0.13.0",
 "proc-macro2",
 "quote",
 "regex",
 "rustc-hash",
 "shlex",
 "syn 2.0.93",
 ]
 [[package]]
 name = "binstring"
 version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ed79c2a8151273c70956b5e3cdfdc1ff6c1a8b9779ba59c6807d281b32ee2f86"
 [[package]]
 name = "bitflags"
 version = "1.3.2"
@ -544,17 +514,6 @@ dependencies = [
 "wyz",
 ]
 [[package]]
 name = "blake2b_simd"
 version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "23285ad32269793932e830392f2fe2f83e26488fd3ec778883a93c8323735780"
 dependencies = [
 "arrayref",
 "arrayvec",
 "constant_time_eq",
 ]
 [[package]]
 name = "block-buffer"
 version = "0.10.4"
@ -577,33 +536,6 @@ dependencies = [
 "piper",
 ]
 [[package]]
 name = "boring"
 version = "4.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1f5aac023c3ba13725de1604aff621a9dbf9a4f3af1ea6fb712bca91ad729a8e"
 dependencies = [
 "bitflags 2.6.0",
 "boring-sys",
 "foreign-types",
 "libc",
 "once_cell",
 "openssl-macros",
 ]
 [[package]]
 name = "boring-sys"
 version = "4.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ebabcc15924f3244f244cfb1dfe43c0b28236ea8c1f71dc8e5a146eae0342d79"
 dependencies = [
 "autocfg",
 "bindgen",
 "cmake",
 "fs_extra",
 "fslock",
 ]
 [[package]]
 name = "borsh"
 version = "1.5.3"
@ -676,15 +608,6 @@ dependencies = [
 "shlex",
 ]
 [[package]]
 name = "cexpr"
 version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
 dependencies = [
 "nom",
 ]
 [[package]]
 name = "cfg-if"
 version = "1.0.0"
@ -712,17 +635,6 @@ dependencies = [
 "windows-targets 0.52.6",
 ]
 [[package]]
 name = "clang-sys"
 version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
 dependencies = [
 "glob",
 "libc",
 "libloading",
 ]
 [[package]]
 name = "clap"
 version = "4.5.23"
@ -763,26 +675,6 @@ version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6"
 [[package]]
 name = "cmake"
 version = "0.1.52"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c682c223677e0e5b6b7f63a64b9351844c3f1b1678a68b7ee617e30fb082620e"
 dependencies = [
 "cc",
 ]
 [[package]]
 name = "coarsetime"
 version = "0.1.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4252bf230cb600c19826a575b31c8c9c84c6f11acfab6dfcad2e941b10b6f8e2"
 dependencies = [
 "libc",
 "wasix",
 "wasm-bindgen",
 ]
 [[package]]
 name = "colorchoice"
 version = "1.0.3"
@ -804,12 +696,6 @@ version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
 [[package]]
 name = "constant_time_eq"
 version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6"
 [[package]]
 name = "cookie"
 version = "0.18.1"
@ -898,12 +784,6 @@ dependencies = [
 "typenum",
 ]
 [[package]]
 name = "ct-codecs"
 version = "1.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b916ba8ce9e4182696896f015e8a5ae6081b305f74690baa8465e35f5a142ea4"
 [[package]]
 name = "curve25519-dalek"
 version = "4.1.3"
@ -1046,16 +926,6 @@ dependencies = [
 "signature",
 ]
 [[package]]
 name = "ed25519-compact"
 version = "2.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e9b3460f44bea8cd47f45a0c70892f1eff856d97cd55358b2f73f663789f6190"
 dependencies = [
 "ct-codecs",
 "getrandom",
 ]
 [[package]]
 name = "ed25519-dalek"
 version = "2.1.1"
@ -1212,33 +1082,6 @@ version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
 [[package]]
 name = "foreign-types"
 version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d737d9aa519fb7b749cbc3b962edcf310a8dd1f4b67c91c4f83975dbdd17d965"
 dependencies = [
 "foreign-types-macros",
 "foreign-types-shared",
 ]
 [[package]]
 name = "foreign-types-macros"
 version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1a5c6c585bc94aaf2c7b51dd4c2ba22680844aba4c687be581871a6f518c5742"
 dependencies = [
 "proc-macro2",
 "quote",
 "syn 2.0.93",
 ]
 [[package]]
 name = "foreign-types-shared"
 version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "aa9a19cbb55df58761df49b23516a86d432839add4af60fc256da840f66ed35b"
 [[package]]
 name = "form_urlencoded"
 version = "1.2.1"
@ -1248,22 +1091,6 @@ dependencies = [
 "percent-encoding",
 ]
 [[package]]
 name = "fs_extra"
 version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
 [[package]]
 name = "fslock"
 version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "04412b8935272e3a9bae6f48c7bfff74c2911f60525404edfdd28e49884c3bfb"
 dependencies = [
 "libc",
 "winapi",
 ]
 [[package]]
 name = "funty"
 version = "2.0.0"
@ -1555,30 +1382,6 @@ dependencies = [
 "digest",
 ]
 [[package]]
 name = "hmac-sha1-compact"
 version = "1.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "18492c9f6f9a560e0d346369b665ad2bdbc89fa9bceca75796584e79042694c3"
 [[package]]
 name = "hmac-sha256"
 version = "1.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4a8575493d277c9092b988c780c94737fb9fd8651a1001e16bee3eccfc1baedb"
 dependencies = [
 "digest",
 ]
 [[package]]
 name = "hmac-sha512"
 version = "1.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b0b3a0f572aa8389d325f5852b9e0a333a15b0f86ecccbb3fdb6e97cd86dc67c"
 dependencies = [
 "digest",
 ]
 [[package]]
 name = "home"
 version = "0.5.11"
@ -1980,15 +1783,6 @@ dependencies = [
 "either",
 ]
 [[package]]
 name = "itertools"
 version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186"
 dependencies = [
 "either",
 ]
 [[package]]
 name = "itoa"
 version = "1.0.14"
@ -2005,47 +1799,6 @@ dependencies = [
 "wasm-bindgen",
 ]
 [[package]]
 name = "jwt-simple"
 version = "0.12.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b00e03c08ce71da10a3ad9267b963c03fc4234a56713d87648547b3fdda872a6"
 dependencies = [
 "anyhow",
 "binstring",
 "blake2b_simd",
 "boring",
 "coarsetime",
 "ct-codecs",
 "ed25519-compact",
 "hmac-sha1-compact",
 "hmac-sha256",
 "hmac-sha512",
 "k256",
 "p256",
 "p384",
 "rand",
 "serde",
 "serde_json",
 "superboring",
 "thiserror 2.0.9",
 "zeroize",
 ]
 [[package]]
 name = "k256"
 version = "0.13.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f6e3919bbaa2945715f0bb6d3934a173d1e9a59ac23767fbaaef277265a7411b"
 dependencies = [
 "cfg-if",
 "ecdsa",
 "elliptic-curve",
 "once_cell",
 "sha2",
 "signature",
 ]
 [[package]]
 name = "kv-log-macro"
 version = "1.0.7"
@ -2070,16 +1823,6 @@ version = "0.2.169"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a"
 [[package]]
 name = "libloading"
 version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34"
 dependencies = [
 "cfg-if",
 "windows-targets 0.52.6",
 ]
 [[package]]
 name = "libm"
 version = "0.2.11"
@ -2433,17 +2176,6 @@ dependencies = [
 "url",
 ]
 [[package]]
 name = "openssl-macros"
 version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
 "proc-macro2",
 "quote",
 "syn 2.0.93",
 ]
 [[package]]
 name = "ordered-float"
 version = "2.10.1"
@ -2897,9 +2629,7 @@ dependencies = [
 "api",
 "axum",
 "axum-extra",
 "base64 0.22.1",
 "envious",
 "jwt-simple",
 "maud",
 "migration",
 "openidconnect",
@ -3106,7 +2836,6 @@ dependencies = [
 "pkcs1",
 "pkcs8",
 "rand_core",
 "sha2",
 "signature",
 "spki",
 "subtle",
@ -3135,12 +2864,6 @@ version = "0.1.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
 [[package]]
 name = "rustc-hash"
 version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
 [[package]]
 name = "rustc_version"
 version = "0.4.1"
@ -3949,19 +3672,6 @@ version = "2.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
 [[package]]
 name = "superboring"
 version = "0.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "515cce34a781d7250b8a65706e0f2a5b99236ea605cb235d4baed6685820478f"
 dependencies = [
 "getrandom",
 "hmac-sha256",
 "hmac-sha512",
 "rand",
 "rsa",
 ]
 [[package]]
 name = "syn"
 version = "1.0.109"
@ -4599,15 +4309,6 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b"
 [[package]]
 name = "wasix"
 version = "0.12.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c1fbb4ef9bbca0c1170e0b00dd28abc9e3b68669821600cad1caaed606583c6d"
 dependencies = [
 "wasi",
 ]
 [[package]]
 name = "wasm-bindgen"
 version = "0.2.99"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -11,8 +11,6 @@ members = [".", "api", "migration"]
 anyhow = "1.0.95"
 axum = { version = "0.7.9", features = ["macros"] }
 axum-extra = { version = "0.9", features = ["cookie"] }
 base64 = "0.22.1"
 jwt-simple = "0.12.11"
 serde = { version = "1.0.217", features = ["derive"] }
 tokio = { version = "1", features = ["macros", "rt", "rt-multi-thread"] }
 tracing = "0.1.41"
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -15,15 +15,6 @@ with lib; {
    };
    settings = {
      jwtSecret = mkOption {
        type = types.nullOr types.str;
        default = null;
        description = ''
          The JWT secret to be used by the application. Should be passed through environmentFile,
          with REGALADE_JWT_SECRET.
        '';
      };
      host = mkOption {
        type = types.str;
        default = "0.0.0.0";
@ -129,7 +120,6 @@ with lib; {
        environment =
          {
            REGALADE_DATABASE_URL = cfg.settings.databaseUrl;
            REGALADE_JWT_SECRET = cfg.settings.jwtSecret;
            REGALADE_HOST = cfg.settings.host;
            REGALADE_PORT = toString cfg.settings.port;
            REGALADE_API_ALLOWED = cfg.settings.apiAllowed;
--- a/src/main.rs
+++ b/src/main.rs
@ -7,8 +7,6 @@ use std::{
 use anyhow::anyhow;
 use axum::Router;
 use base64::{engine::general_purpose, Engine};
 use jwt_simple::prelude::HS256Key;
 use migration::{Migrator, MigratorTrait};
 use openidconnect::{
    core::{CoreAuthenticationFlow, CoreClient, CoreProviderMetadata},
@ -17,7 +15,7 @@ use openidconnect::{
    OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, TokenResponse,
 };
 use sea_orm::{ConnectOptions, Database, DatabaseConnection};
-use serde::{Deserialize, Deserializer, Serialize, Serializer};
+use serde::{Deserialize, Deserializer};
 use time::OffsetDateTime;
 use tower_http::services::{ServeDir, ServeFile};
 use tower_sessions::{session_store::ExpiredDeletion, SessionManagerLayer};
@ -32,59 +30,6 @@ mod routes;
 const SESSION_DURATION: time::Duration = time::Duration::weeks(26);
 #[derive(Clone)]
 pub(crate) struct Base64(pub(crate) HS256Key);
 impl std::fmt::Debug for Base64 {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(
            f,
            r#"b64"{}""#,
            &general_purpose::STANDARD.encode(self.0.to_bytes())
        )
    }
 }
 impl Serialize for Base64 {
    fn serialize<S>(&self, ser: S) -> Result<S::Ok, S::Error>
    where
        S: Serializer,
    {
        ser.serialize_str(&general_purpose::STANDARD.encode(self.0.to_bytes()))
    }
 }
 impl<'de> Deserialize<'de> for Base64 {
    fn deserialize<D>(de: D) -> Result<Self, D::Error>
    where
        D: Deserializer<'de>,
    {
        use serde::de::Visitor;
        struct DecodingVisitor;
        impl<'de> Visitor<'de> for DecodingVisitor {
            type Value = Base64;
            fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
                formatter.write_str("must be a base 64 string")
            }
            fn visit_str<E>(self, v: &str) -> Result<Self::Value, E>
            where
                E: serde::de::Error,
            {
                general_purpose::STANDARD
                    .decode(v)
                    .map_err(E::custom)
                    .map(|b| HS256Key::from_bytes(&b))
                    .map(Base64)
            }
        }
        de.deserialize_str(DecodingVisitor)
    }
 }
 fn deserialize_comma<'de, D>(de: D) -> Result<Vec<openidconnect::Scope>, D::Error>
 where
    D: Deserializer<'de>,
@ -134,7 +79,6 @@ fn default_port() -> u16 {
 #[derive(Deserialize, Debug)]
 #[serde(rename_all = "UPPERCASE")]
 struct Settings {
    jwt_secret: Base64,
    #[serde(default = "default_host")]
    host: String,
    #[serde(default = "default_port")]
@ -160,7 +104,6 @@ impl Settings {
 }
 struct AppState {
    jwt_secret: Base64,
    db: DatabaseConnection,
    oidc: Option<OpenidConnector>,
    sessions: Arc<PostgresStore>,
@ -396,7 +339,6 @@ async fn main() -> anyhow::Result<()> {
        ));
    let state = Arc::new(AppState {
        jwt_secret: config.jwt_secret,
        db: Database::connect(opt).await?,
        sessions: sessions.into(),
        oidc,
--- a/src/routes/mod.rs
+++ b/src/routes/mod.rs
@ -4,7 +4,6 @@ use api::{LoginRequest, LoginResponse, UserInfo};
 use axum::{
    async_trait,
    extract::{FromRef, FromRequestParts, Path, Query, State},
    //headers::{authorization::Bearer, Authorization},
    http::{
        header::{AUTHORIZATION, CONTENT_TYPE},
        request::Parts,
@ -12,13 +11,11 @@ use axum::{
    },
    response::{IntoResponse, Redirect},
    routing::{delete, get, patch, post, put},
-    Json,
+    Json, Router,
    Router,
 };
 use axum_extra::extract::cookie::{Cookie, CookieJar, SameSite};
 use jwt_simple::prelude::*;
 use sea_orm::{prelude::*, ActiveValue, TransactionError};
-use sha2::{Digest, Sha512};
+use serde::Deserialize;
 use tower_http::cors::{self, AllowOrigin, CorsLayer};
 use crate::entity::{prelude::*, user};
@ -33,10 +30,6 @@ enum RouteError {
    UnknownAccount,
    #[error("Database encountered an error")]
    Db(#[from] DbErr),
    #[error("JWT error encountered")]
    Jwt(#[from] jwt_simple::Error),
    #[error("User provided JWT token is invalid")]
    UserJwt(jwt_simple::Error),
    #[error("Request is missing the bearer token")]
    MissingAuthorization,
    #[error("User tried to edit an unauthorized ressource")]
@ -69,10 +62,6 @@ impl IntoResponse for RouteError {
            RouteError::MissingAuthorization => {
                (StatusCode::BAD_REQUEST, "Missing authorization header").into_response()
            }
            RouteError::UserJwt(e) => {
                tracing::debug!("Invalid user JWT: {e:?}");
                (StatusCode::BAD_REQUEST, "Invalid authorization header").into_response()
            }
            RouteError::PathRejection(p) => p.into_response(),
            RouteError::Unauthorized => (
                StatusCode::UNAUTHORIZED,
@ -109,63 +98,16 @@ where
 {
    type Rejection = RouteError;
-    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
+    async fn from_request_parts(_parts: &mut Parts, _state: &S) -> Result<Self, Self::Rejection> {
-        // let State(app_state): State<AppState> = State::from_request_parts(parts, state)
+        Err(RouteError::Unauthorized)
        //     .await
        //     .expect("Could not get state");
        //
        // let TypedHeader(Authorization(bearer)) =
        //     TypedHeader::<Authorization<Bearer>>::from_request_parts(parts, state)
        //         .await
        //         .map_err(|_| RouteError::MissingAuthorization)?;
        //
        // let claims = app_state
        //     .jwt_secret
        //     .0
        //     .verify_token::<NoCustomClaims>(bearer.token(), None)
        //     .map_err(RouteError::UserJwt)?;
        //
        // let model = User::find_by_id(claims.subject.unwrap().parse::<Uuid>().unwrap())
        //     .one(&app_state.db)
        //     .await?
        //     .unwrap();
        //
        // Ok(AuthenticatedUser { model })
        todo!()
    }
 }
 async fn login(
-    State(state): State<AppState>,
+    State(_state): State<AppState>,
-    Json(req): Json<LoginRequest>,
+    Json(_req): Json<LoginRequest>,
 ) -> JsonResult<LoginResponse> {
-    let Some(user) = User::find()
+    return Err(RouteError::Unauthorized);
        .filter(user::Column::Name.eq(&req.username))
        .one(&state.db)
        .await?
    else {
        return Err(RouteError::UnknownAccount);
    };
    let Some(password) = user.password.as_ref() else {
        return Err(RouteError::UnknownAccount);
    };
    let mut hasher = Sha512::new();
    hasher.update(user.id.as_bytes());
    hasher.update(req.password.as_bytes());
    let hash = hasher.finalize();
    if &hash[..] != password {
        return Err(RouteError::UnknownAccount);
    }
    let mut claims = Claims::create(Duration::from_secs(3600 * 24 * 31 * 6));
    claims.subject = Some(user.id.to_string());
    let token = state.jwt_secret.0.authenticate(claims)?;
    Ok(Json(LoginResponse { token }))
 }
 #[derive(Deserialize)]
@ -227,7 +169,7 @@ async fn oidc_login_finish(
                .one(&state.db)
                .await?;
-            let user = match user {
+            match user {
                None => {
                    let model = user::ActiveModel {
                        id: ActiveValue::Set(Uuid::new_v4()),
@ -247,12 +189,7 @@ async fn oidc_login_finish(
                }
            };
-            let mut claims = Claims::create(Duration::from_secs(3600 * 24 * 31 * 6));
+            return Err(RouteError::Unauthorized);
            claims.subject = Some(user.id.to_string());
            let _token = state.jwt_secret.0.authenticate(claims)?;
            panic!("Oidc login app only");
        }
    }
 }