forked from jmug/stoatchat
refactor: move authifier config to database package
This commit is contained in:
@@ -1,6 +1,14 @@
|
|||||||
mod mongodb;
|
mod mongodb;
|
||||||
mod reference;
|
mod reference;
|
||||||
|
|
||||||
|
use authifier::config::Captcha;
|
||||||
|
use authifier::config::EmailVerificationConfig;
|
||||||
|
use authifier::config::ResolveIp;
|
||||||
|
use authifier::config::SMTPSettings;
|
||||||
|
use authifier::config::Shield;
|
||||||
|
use authifier::config::Template;
|
||||||
|
use authifier::config::Templates;
|
||||||
|
use authifier::Authifier;
|
||||||
use rand::Rng;
|
use rand::Rng;
|
||||||
use revolt_config::config;
|
use revolt_config::config;
|
||||||
|
|
||||||
@@ -87,3 +95,87 @@ impl DatabaseInfo {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl Database {
|
||||||
|
/// Create an Authifier reference
|
||||||
|
pub async fn to_authifier(self) -> Authifier {
|
||||||
|
let config = config().await;
|
||||||
|
|
||||||
|
let mut auth_config = authifier::Config {
|
||||||
|
email_verification: if !config.api.smtp.host.is_empty() {
|
||||||
|
EmailVerificationConfig::Enabled {
|
||||||
|
smtp: SMTPSettings {
|
||||||
|
from: config.api.smtp.from_address,
|
||||||
|
host: config.api.smtp.host,
|
||||||
|
username: config.api.smtp.username,
|
||||||
|
password: config.api.smtp.password,
|
||||||
|
reply_to: Some(
|
||||||
|
config
|
||||||
|
.api
|
||||||
|
.smtp
|
||||||
|
.reply_to
|
||||||
|
.unwrap_or("support@revolt.chat".into()),
|
||||||
|
),
|
||||||
|
port: config.api.smtp.port,
|
||||||
|
use_tls: config.api.smtp.use_tls,
|
||||||
|
},
|
||||||
|
expiry: Default::default(),
|
||||||
|
templates: Templates {
|
||||||
|
verify: Template {
|
||||||
|
title: "Verify your Revolt account.".into(),
|
||||||
|
text: include_str!("../../templates/verify.txt").into(),
|
||||||
|
url: format!("{}/login/verify/", config.hosts.app),
|
||||||
|
html: Some(include_str!("../../templates/verify.html").into()),
|
||||||
|
},
|
||||||
|
reset: Template {
|
||||||
|
title: "Reset your Revolt password.".into(),
|
||||||
|
text: include_str!("../../templates/reset.txt").into(),
|
||||||
|
url: format!("{}/login/reset/", config.hosts.app),
|
||||||
|
html: Some(include_str!("../../templates/reset.html").into()),
|
||||||
|
},
|
||||||
|
deletion: Template {
|
||||||
|
title: "Confirm account deletion.".into(),
|
||||||
|
text: include_str!("../../templates/deletion.txt").into(),
|
||||||
|
url: format!("{}/delete/", config.hosts.app),
|
||||||
|
html: Some(include_str!("../../templates/deletion.html").into()),
|
||||||
|
},
|
||||||
|
welcome: None,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
EmailVerificationConfig::Disabled
|
||||||
|
},
|
||||||
|
..Default::default()
|
||||||
|
};
|
||||||
|
|
||||||
|
auth_config.invite_only = config.api.registration.invite_only;
|
||||||
|
|
||||||
|
if !config.api.security.captcha.hcaptcha_key.is_empty() {
|
||||||
|
auth_config.captcha = Captcha::HCaptcha {
|
||||||
|
secret: config.api.security.captcha.hcaptcha_key,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
if !config.api.security.authifier_shield_key.is_empty() {
|
||||||
|
auth_config.shield = Shield::Enabled {
|
||||||
|
api_key: config.api.security.authifier_shield_key,
|
||||||
|
strict: false,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
if config.api.security.trust_cloudflare {
|
||||||
|
auth_config.resolve_ip = ResolveIp::Cloudflare;
|
||||||
|
}
|
||||||
|
|
||||||
|
Authifier {
|
||||||
|
database: match self {
|
||||||
|
Database::Reference(_) => Default::default(),
|
||||||
|
Database::MongoDb(MongoDb(client, _)) => authifier::Database::MongoDb(
|
||||||
|
authifier::database::MongoDb(client.database("revolt")),
|
||||||
|
),
|
||||||
|
},
|
||||||
|
config: auth_config,
|
||||||
|
event_channel: Some(crate::tasks::authifier_relay::sender()),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
29
crates/core/database/src/tasks/authifier_relay.rs
Normal file
29
crates/core/database/src/tasks/authifier_relay.rs
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
use async_std::channel::{unbounded, Receiver, Sender};
|
||||||
|
use authifier::AuthifierEvent;
|
||||||
|
use once_cell::sync::Lazy;
|
||||||
|
|
||||||
|
use crate::events::client::EventV1;
|
||||||
|
|
||||||
|
static Q: Lazy<(Sender<AuthifierEvent>, Receiver<AuthifierEvent>)> = Lazy::new(|| unbounded());
|
||||||
|
|
||||||
|
/// Get sender
|
||||||
|
pub fn sender() -> Sender<AuthifierEvent> {
|
||||||
|
Q.0
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Start a new worker
|
||||||
|
pub async fn worker() {
|
||||||
|
loop {
|
||||||
|
let event = Q.1.recv().await.unwrap();
|
||||||
|
match &event {
|
||||||
|
AuthifierEvent::CreateSession { .. } | AuthifierEvent::CreateAccount { .. } => {
|
||||||
|
EventV1::Auth(event).global().await
|
||||||
|
}
|
||||||
|
AuthifierEvent::DeleteSession { user_id, .. }
|
||||||
|
| AuthifierEvent::DeleteAllSessions { user_id, .. } => {
|
||||||
|
let id = user_id.to_string();
|
||||||
|
EventV1::Auth(event).private(id).await
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -9,12 +9,14 @@ const WORKER_COUNT: usize = 5;
|
|||||||
|
|
||||||
pub mod ack;
|
pub mod ack;
|
||||||
pub mod apple_notifications;
|
pub mod apple_notifications;
|
||||||
|
pub mod authifier_relay;
|
||||||
pub mod last_message_id;
|
pub mod last_message_id;
|
||||||
pub mod process_embeds;
|
pub mod process_embeds;
|
||||||
pub mod web_push;
|
pub mod web_push;
|
||||||
|
|
||||||
/// Spawn background workers
|
/// Spawn background workers
|
||||||
pub async fn start_workers(db: Database, authifier_db: authifier::Database) {
|
pub async fn start_workers(db: Database, authifier_db: authifier::Database) {
|
||||||
|
task::spawn(authifier_relay::worker());
|
||||||
task::spawn(apple_notifications::worker(db.clone()));
|
task::spawn(apple_notifications::worker(db.clone()));
|
||||||
|
|
||||||
for _ in 0..WORKER_COUNT {
|
for _ in 0..WORKER_COUNT {
|
||||||
|
|||||||
@@ -40,16 +40,7 @@ pub async fn web() -> Rocket<Build> {
|
|||||||
let (sender, receiver) = unbounded();
|
let (sender, receiver) = unbounded();
|
||||||
|
|
||||||
// Setup Authifier
|
// Setup Authifier
|
||||||
let authifier = Authifier {
|
let authifier = db.clone().to_authifier().await;
|
||||||
database: match db.clone() {
|
|
||||||
Database::Reference(_) => Default::default(),
|
|
||||||
Database::MongoDb(MongoDb(client, _)) => authifier::Database::MongoDb(
|
|
||||||
authifier::database::MongoDb(client.database("revolt")),
|
|
||||||
),
|
|
||||||
},
|
|
||||||
config: authifier_config().await,
|
|
||||||
event_channel: Some(sender),
|
|
||||||
};
|
|
||||||
|
|
||||||
// Launch a listener for Authifier events
|
// Launch a listener for Authifier events
|
||||||
async_std::task::spawn(async move {
|
async_std::task::spawn(async move {
|
||||||
@@ -118,78 +109,6 @@ pub async fn web() -> Rocket<Build> {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn authifier_config() -> AuthifierConfig {
|
|
||||||
let config = config().await;
|
|
||||||
|
|
||||||
let mut auth_config = AuthifierConfig {
|
|
||||||
email_verification: if !config.api.smtp.host.is_empty() {
|
|
||||||
EmailVerificationConfig::Enabled {
|
|
||||||
smtp: SMTPSettings {
|
|
||||||
from: config.api.smtp.from_address,
|
|
||||||
host: config.api.smtp.host,
|
|
||||||
username: config.api.smtp.username,
|
|
||||||
password: config.api.smtp.password,
|
|
||||||
reply_to: Some(
|
|
||||||
config
|
|
||||||
.api
|
|
||||||
.smtp
|
|
||||||
.reply_to
|
|
||||||
.unwrap_or("support@revolt.chat".into()),
|
|
||||||
),
|
|
||||||
port: config.api.smtp.port,
|
|
||||||
use_tls: config.api.smtp.use_tls,
|
|
||||||
},
|
|
||||||
expiry: Default::default(),
|
|
||||||
templates: Templates {
|
|
||||||
verify: Template {
|
|
||||||
title: "Verify your Revolt account.".into(),
|
|
||||||
text: include_str!("templates/verify.txt").into(),
|
|
||||||
url: format!("{}/login/verify/", config.hosts.app),
|
|
||||||
html: Some(include_str!("templates/verify.html").into()),
|
|
||||||
},
|
|
||||||
reset: Template {
|
|
||||||
title: "Reset your Revolt password.".into(),
|
|
||||||
text: include_str!("templates/reset.txt").into(),
|
|
||||||
url: format!("{}/login/reset/", config.hosts.app),
|
|
||||||
html: Some(include_str!("templates/reset.html").into()),
|
|
||||||
},
|
|
||||||
deletion: Template {
|
|
||||||
title: "Confirm account deletion.".into(),
|
|
||||||
text: include_str!("templates/deletion.txt").into(),
|
|
||||||
url: format!("{}/delete/", config.hosts.app),
|
|
||||||
html: Some(include_str!("templates/deletion.html").into()),
|
|
||||||
},
|
|
||||||
welcome: None,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
EmailVerificationConfig::Disabled
|
|
||||||
},
|
|
||||||
..Default::default()
|
|
||||||
};
|
|
||||||
|
|
||||||
auth_config.invite_only = config.api.registration.invite_only;
|
|
||||||
|
|
||||||
if !config.api.security.captcha.hcaptcha_key.is_empty() {
|
|
||||||
auth_config.captcha = Captcha::HCaptcha {
|
|
||||||
secret: config.api.security.captcha.hcaptcha_key,
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
if !config.api.security.authifier_shield_key.is_empty() {
|
|
||||||
auth_config.shield = Shield::Enabled {
|
|
||||||
api_key: config.api.security.authifier_shield_key,
|
|
||||||
strict: false,
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
if config.api.security.trust_cloudflare {
|
|
||||||
auth_config.resolve_ip = ResolveIp::Cloudflare;
|
|
||||||
}
|
|
||||||
|
|
||||||
auth_config
|
|
||||||
}
|
|
||||||
|
|
||||||
#[launch]
|
#[launch]
|
||||||
async fn rocket() -> _ {
|
async fn rocket() -> _ {
|
||||||
// Configure logging and environment
|
// Configure logging and environment
|
||||||
|
|||||||
Reference in New Issue
Block a user