From c03fcda85bab3a7d084e525a67c90a5f826b903f Mon Sep 17 00:00:00 2001 From: Paul Makles Date: Sun, 29 Jan 2023 14:14:35 +0000 Subject: [PATCH] refactor: switch from "rauth" to Authifier crate --- Cargo.lock | 104 +++++++++--------- crates/delta/Cargo.toml | 4 +- crates/delta/src/main.rs | 20 ++-- crates/delta/src/routes/mod.rs | 6 +- crates/delta/src/routes/onboard/complete.rs | 4 +- crates/delta/src/routes/onboard/hello.rs | 2 +- crates/delta/src/routes/push/subscribe.rs | 8 +- crates/delta/src/routes/push/unsubscribe.rs | 6 +- .../delta/src/routes/users/change_username.rs | 2 +- crates/quark/Cargo.toml | 10 +- crates/quark/src/database.rs | 10 +- crates/quark/src/events/client.rs | 4 +- .../impl/mongo/admin/migrations/scripts.rs | 16 +-- crates/quark/src/impl/rocket.rs | 6 +- crates/quark/src/lib.rs | 2 +- crates/quark/src/tasks/web_push.rs | 2 +- .../quark/src/util/{rauth.rs => authifier.rs} | 22 +++- crates/quark/src/util/mod.rs | 2 +- crates/quark/src/util/variables/delta.rs | 2 + crates/quark/src/web/ratelimiter.rs | 2 +- 20 files changed, 128 insertions(+), 106 deletions(-) rename crates/quark/src/util/{rauth.rs => authifier.rs} (80%) diff --git a/Cargo.lock b/Cargo.lock index 78e2f244..f501da5a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -330,6 +330,40 @@ dependencies = [ "winapi 0.3.9", ] +[[package]] +name = "authifier" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a84411393a4326726ead660991ce8047f1865fa89900fb6c18e1e6c513cf1f9b" +dependencies = [ + "async-std", + "async-trait", + "base32", + "bson", + "chrono", + "futures", + "handlebars", + "iso8601-timestamp", + "lazy_static", + "lettre", + "log", + "mongodb", + "nanoid", + "rand 0.8.5", + "regex", + "reqwest", + "revolt_okapi", + "revolt_rocket_okapi", + "rocket", + "rust-argon2", + "schemars", + "serde", + "serde_json", + "totp-lite", + "ulid 0.5.0", + "validator 0.15.0", +] + [[package]] name = "autocfg" version = "0.1.8" @@ -2579,39 +2613,6 @@ dependencies = [ "rand_core 0.3.1", ] -[[package]] -name = "rauth" -version = "1.0.4" -source = "git+https://github.com/insertish/rauth?tag=1.0.4#2d3bc59623672e3ff57c49a90c4d3cd20780dbba" -dependencies = [ - "async-std", - "async-trait", - "base32", - "bson", - "chrono", - "futures", - "handlebars", - "iso8601-timestamp", - "lazy_static", - "lettre", - "log", - "mongodb", - "nanoid", - "rand 0.8.5", - "regex", - "reqwest", - "revolt_okapi", - "revolt_rocket_okapi", - "rocket", - "rust-argon2", - "schemars", - "serde", - "serde_json", - "totp-lite", - "ulid 0.5.0", - "validator 0.15.0", -] - [[package]] name = "rdrand" version = "0.4.0" @@ -2807,7 +2808,7 @@ dependencies = [ [[package]] name = "revolt-delta" -version = "0.5.6" +version = "0.5.5" dependencies = [ "async-channel", "async-std", @@ -2834,8 +2835,8 @@ dependencies = [ "revolt-quark", "revolt_rocket_okapi", "rocket", + "rocket_authifier", "rocket_empty", - "rocket_rauth", "schemars", "serde", "serde_json", @@ -2853,6 +2854,7 @@ dependencies = [ "async-recursion", "async-std", "async-trait", + "authifier", "base64 0.13.0", "bincode", "bitfield", @@ -2874,7 +2876,6 @@ dependencies = [ "once_cell", "optional_struct", "pretty_env_logger", - "rauth", "redis-kiss", "regex", "reqwest", @@ -3010,6 +3011,22 @@ dependencies = [ "yansi", ] +[[package]] +name = "rocket_authifier" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d4554a81937341d8c3cd3e43431ac2d23624444dc3a88e7ffd3ff66593779293" +dependencies = [ + "authifier", + "iso8601-timestamp", + "revolt_okapi", + "revolt_rocket_okapi", + "rocket", + "rocket_empty", + "schemars", + "serde", +] + [[package]] name = "rocket_codegen" version = "0.5.0-rc.2" @@ -3080,21 +3097,6 @@ dependencies = [ "uncased", ] -[[package]] -name = "rocket_rauth" -version = "1.0.4" -source = "git+https://github.com/insertish/rauth?tag=1.0.4#2d3bc59623672e3ff57c49a90c4d3cd20780dbba" -dependencies = [ - "iso8601-timestamp", - "rauth", - "revolt_okapi", - "revolt_rocket_okapi", - "rocket", - "rocket_empty", - "schemars", - "serde", -] - [[package]] name = "rust-argon2" version = "1.0.0" diff --git a/crates/delta/Cargo.toml b/crates/delta/Cargo.toml index f3d3ffa3..0e0bfdbd 100644 --- a/crates/delta/Cargo.toml +++ b/crates/delta/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "revolt-delta" -version = "0.5.6" +version = "0.5.5" license = "AGPL-3.0-or-later" authors = ["Paul Makles "] edition = "2018" @@ -52,7 +52,7 @@ mobc-redis = { version = "0.7.0", default-features = false, features = ["async-s # web rocket = { version = "0.5.0-rc.2", default-features = false, features = ["json"] } rocket_empty = { version = "0.1.1", features = ["schema"] } -rocket_rauth = { git = "https://github.com/insertish/rauth", tag = "1.0.4" } +rocket_authifier = { version = "1.0.7" } # spec generation schemars = "0.8.8" diff --git a/crates/delta/src/main.rs b/crates/delta/src/main.rs index 4a7ab96d..4e9bba0a 100644 --- a/crates/delta/src/main.rs +++ b/crates/delta/src/main.rs @@ -11,8 +11,8 @@ pub mod routes; pub mod util; use async_std::channel::unbounded; +use revolt_quark::authifier::{Authifier, AuthifierEvent}; use revolt_quark::events::client::EventV1; -use revolt_quark::rauth::{RAuth, RAuthEvent}; use revolt_quark::DatabaseInfo; #[launch] @@ -27,25 +27,25 @@ async fn rocket() -> _ { let db = DatabaseInfo::Auto.connect().await.unwrap(); db.migrate_database().await.unwrap(); - // Setup rAuth event channel + // Setup Authifier event channel let (sender, receiver) = unbounded(); - // Setup rAuth - let rauth = RAuth { + // Setup Authifier + let authifier = Authifier { database: db.clone().into(), - config: revolt_quark::util::rauth::config(), + config: revolt_quark::util::authifier::config(), event_channel: Some(sender), }; - // Launch a listener for rAuth events + // Launch a listener for Authifier events async_std::task::spawn(async move { while let Ok(event) = receiver.recv().await { match &event { - RAuthEvent::CreateSession { .. } | RAuthEvent::CreateAccount { .. } => { + AuthifierEvent::CreateSession { .. } | AuthifierEvent::CreateAccount { .. } => { EventV1::Auth(event).global().await } - RAuthEvent::DeleteSession { user_id, .. } - | RAuthEvent::DeleteAllSessions { user_id, .. } => { + AuthifierEvent::DeleteSession { user_id, .. } + | AuthifierEvent::DeleteAllSessions { user_id, .. } => { let id = user_id.to_string(); EventV1::Auth(event).private(id).await } @@ -65,7 +65,7 @@ async fn rocket() -> _ { .mount("/", revolt_quark::web::cors::catch_all_options_routes()) .mount("/", revolt_quark::web::ratelimiter::routes()) .mount("/swagger/", revolt_quark::web::swagger::routes()) - .manage(rauth) + .manage(authifier) .manage(db) .manage(cors.clone()) .attach(revolt_quark::web::ratelimiter::RatelimitFairing) diff --git a/crates/delta/src/routes/mod.rs b/crates/delta/src/routes/mod.rs index b1af7ecf..dcde9768 100644 --- a/crates/delta/src/routes/mod.rs +++ b/crates/delta/src/routes/mod.rs @@ -27,9 +27,9 @@ pub fn mount(mut rocket: Rocket) -> Rocket { "/servers" => servers::routes(), "/invites" => invites::routes(), "/custom" => customisation::routes(), - "/auth/account" => rocket_rauth::routes::account::routes(), - "/auth/session" => rocket_rauth::routes::session::routes(), - "/auth/mfa" => rocket_rauth::routes::mfa::routes(), + "/auth/account" => rocket_authifier::routes::account::routes(), + "/auth/session" => rocket_authifier::routes::session::routes(), + "/auth/mfa" => rocket_authifier::routes::mfa::routes(), "/onboard" => onboard::routes(), "/push" => push::routes(), "/sync" => sync::routes(), diff --git a/crates/delta/src/routes/onboard/complete.rs b/crates/delta/src/routes/onboard/complete.rs index 1098091b..a96444f7 100644 --- a/crates/delta/src/routes/onboard/complete.rs +++ b/crates/delta/src/routes/onboard/complete.rs @@ -1,5 +1,7 @@ use crate::util::regex::RE_USERNAME; -use revolt_quark::{models::User, rauth::models::Session, Database, EmptyResponse, Error, Result}; +use revolt_quark::{ + authifier::models::Session, models::User, Database, EmptyResponse, Error, Result, +}; use rocket::{serde::json::Json, State}; use serde::{Deserialize, Serialize}; diff --git a/crates/delta/src/routes/onboard/hello.rs b/crates/delta/src/routes/onboard/hello.rs index 55bf5cf2..e8caa430 100644 --- a/crates/delta/src/routes/onboard/hello.rs +++ b/crates/delta/src/routes/onboard/hello.rs @@ -1,4 +1,4 @@ -use revolt_quark::{models::User, rauth::models::Session}; +use revolt_quark::{authifier::models::Session, models::User}; use rocket::serde::json::Json; use serde::Serialize; diff --git a/crates/delta/src/routes/push/subscribe.rs b/crates/delta/src/routes/push/subscribe.rs index 30740449..dea9f412 100644 --- a/crates/delta/src/routes/push/subscribe.rs +++ b/crates/delta/src/routes/push/subscribe.rs @@ -1,7 +1,7 @@ use revolt_quark::{ - rauth::{ + authifier::{ models::{Session, WebPushSubscription}, - RAuth, + Authifier, }, EmptyResponse, Error, Result, }; @@ -16,13 +16,13 @@ use rocket::{serde::json::Json, State}; #[openapi(tag = "Web Push")] #[post("/subscribe", data = "")] pub async fn req( - rauth: &State, + authifier: &State, mut session: Session, data: Json, ) -> Result { session.subscription = Some(data.into_inner()); session - .save(rauth) + .save(authifier) .await .map(|_| EmptyResponse) .map_err(|_| Error::DatabaseError { diff --git a/crates/delta/src/routes/push/unsubscribe.rs b/crates/delta/src/routes/push/unsubscribe.rs index 440ace0f..cbbe70de 100644 --- a/crates/delta/src/routes/push/unsubscribe.rs +++ b/crates/delta/src/routes/push/unsubscribe.rs @@ -1,5 +1,5 @@ use revolt_quark::{ - rauth::{models::Session, RAuth}, + authifier::{models::Session, Authifier}, EmptyResponse, Error, Result, }; @@ -10,10 +10,10 @@ use rocket::State; /// Remove the Web Push subscription associated with the current session. #[openapi(tag = "Web Push")] #[post("/unsubscribe")] -pub async fn req(rauth: &State, mut session: Session) -> Result { +pub async fn req(authifier: &State, mut session: Session) -> Result { session.subscription = None; session - .save(rauth) + .save(authifier) .await .map(|_| EmptyResponse) .map_err(|_| Error::DatabaseError { diff --git a/crates/delta/src/routes/users/change_username.rs b/crates/delta/src/routes/users/change_username.rs index 512e00cf..2941a2eb 100644 --- a/crates/delta/src/routes/users/change_username.rs +++ b/crates/delta/src/routes/users/change_username.rs @@ -1,5 +1,5 @@ use crate::util::regex::RE_USERNAME; -use revolt_quark::{models::User, rauth::models::Account, Database, Error, Result}; +use revolt_quark::{authifier::models::Account, models::User, Database, Error, Result}; use rocket::{serde::json::Json, State}; use serde::{Deserialize, Serialize}; use validator::Validate; diff --git a/crates/quark/Cargo.toml b/crates/quark/Cargo.toml index 1f08b715..b9c2fb83 100644 --- a/crates/quark/Cargo.toml +++ b/crates/quark/Cargo.toml @@ -16,9 +16,9 @@ rocket_impl = [ "lru", "dashmap", - "rauth/database-mongodb", - "rauth/rocket_impl", - "rauth/okapi_impl" + "authifier/database-mongodb", + "authifier/rocket_impl", + "authifier/okapi_impl" ] test = [ "async-std", "mongo", "mongodb/async-std-runtime", "rocket_impl" ] @@ -84,8 +84,8 @@ rocket = { optional = true, version = "0.5.0-rc.2", default-features = false, fe rocket_empty = { version = "0.1.1", optional = true, features = [ "schema" ] } rocket_cors = { optional = true, git = "https://github.com/lawliet89/rocket_cors", rev = "c17e8145baa4790319fdb6a473e465b960f55e7c" } -# rAuth -rauth = { git = "https://github.com/insertish/rauth", tag = "1.0.4", features = [ "async-std-runtime" ] } +# Authifier +authifier = { version = "1.0.7", features = [ "async-std-runtime" ] } # Sentry sentry = "0.25.0" diff --git a/crates/quark/src/database.rs b/crates/quark/src/database.rs index 1a0b382a..1388c850 100644 --- a/crates/quark/src/database.rs +++ b/crates/quark/src/database.rs @@ -61,13 +61,13 @@ impl Deref for Database { } } -impl From for rauth::Database { +impl From for authifier::Database { fn from(val: Database) -> Self { match val { - Database::Dummy(_) => rauth::Database::default(), - Database::MongoDb(MongoDb(client)) => { - rauth::Database::MongoDb(rauth::database::MongoDb(client.database("revolt"))) - } + Database::Dummy(_) => authifier::Database::default(), + Database::MongoDb(MongoDb(client)) => authifier::Database::MongoDb( + authifier::database::MongoDb(client.database("revolt")), + ), } } } diff --git a/crates/quark/src/events/client.rs b/crates/quark/src/events/client.rs index f9275e9d..ee91fab1 100644 --- a/crates/quark/src/events/client.rs +++ b/crates/quark/src/events/client.rs @@ -1,4 +1,4 @@ -use rauth::RAuthEvent; +use authifier::AuthifierEvent; use serde::{Deserialize, Serialize}; use crate::models::channel::{FieldsChannel, PartialChannel}; @@ -214,5 +214,5 @@ pub enum EventV1 { EmojiDelete { id: String }, /// Auth events - Auth(RAuthEvent), + Auth(AuthifierEvent), } diff --git a/crates/quark/src/impl/mongo/admin/migrations/scripts.rs b/crates/quark/src/impl/mongo/admin/migrations/scripts.rs index e986ac02..5fbd4b9c 100644 --- a/crates/quark/src/impl/mongo/admin/migrations/scripts.rs +++ b/crates/quark/src/impl/mongo/admin/migrations/scripts.rs @@ -215,7 +215,7 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 { } if revision <= 8 { - info!("Running migration [revision 8 / 2021-09-10]: Update to rAuth version 1."); + info!("Running migration [revision 8 / 2021-09-10]: Update to Authifier version 1."); db.db() .run_command( @@ -603,20 +603,20 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 { } if revision <= 15 { - info!("Running migration [revision 15 / 04-06-2022]: Migrate rAuth to latest version."); + info!("Running migration [revision 15 / 04-06-2022]: Migrate Authifier to latest version."); - let db = rauth::Database::MongoDb(rauth::database::MongoDb(db.db())); - db.run_migration(rauth::Migration::M2022_06_03EnsureUpToSpec) + let db = authifier::Database::MongoDb(authifier::database::MongoDb(db.db())); + db.run_migration(authifier::Migration::M2022_06_03EnsureUpToSpec) .await .unwrap(); } if revision <= 16 { - info!("Running migration [revision 16 / 07-07-2022]: Add `emojis` collection and rAuth migration."); + info!("Running migration [revision 16 / 07-07-2022]: Add `emojis` collection and Authifier migration."); - let rauth_db = rauth::Database::MongoDb(rauth::database::MongoDb(db.db())); - rauth_db - .run_migration(rauth::Migration::M2022_06_09AddIndexForDeletion) + let authifier_db = authifier::Database::MongoDb(authifier::database::MongoDb(db.db())); + authifier_db + .run_migration(authifier::Migration::M2022_06_09AddIndexForDeletion) .await .unwrap(); diff --git a/crates/quark/src/impl/rocket.rs b/crates/quark/src/impl/rocket.rs index 0756bd38..22c1466c 100644 --- a/crates/quark/src/impl/rocket.rs +++ b/crates/quark/src/impl/rocket.rs @@ -1,4 +1,4 @@ -use rauth::models::Session; +use authifier::models::Session; use revolt_okapi::openapi3::{SecurityScheme, SecuritySchemeData}; use revolt_rocket_okapi::gen::OpenApiGenerator; use revolt_rocket_okapi::request::{OpenApiFromRequest, RequestHeaderInput}; @@ -12,7 +12,7 @@ use crate::Database; #[rocket::async_trait] impl<'r> FromRequest<'r> for User { - type Error = rauth::Error; + type Error = authifier::Error; async fn from_request(request: &'r Request<'_>) -> request::Outcome { let user: &Option = request @@ -43,7 +43,7 @@ impl<'r> FromRequest<'r> for User { if let Some(user) = user { Outcome::Success(user.clone()) } else { - Outcome::Failure((Status::Unauthorized, rauth::Error::InvalidSession)) + Outcome::Failure((Status::Unauthorized, authifier::Error::InvalidSession)) } } } diff --git a/crates/quark/src/lib.rs b/crates/quark/src/lib.rs index f3a77166..2d063639 100644 --- a/crates/quark/src/lib.rs +++ b/crates/quark/src/lib.rs @@ -17,8 +17,8 @@ extern crate bitfield; #[macro_use] extern crate bson; +pub use authifier; pub use iso8601_timestamp::Timestamp; -pub use rauth; pub use redis_kiss; pub mod events; diff --git a/crates/quark/src/tasks/web_push.rs b/crates/quark/src/tasks/web_push.rs index 08a6d851..c9428f6f 100644 --- a/crates/quark/src/tasks/web_push.rs +++ b/crates/quark/src/tasks/web_push.rs @@ -1,8 +1,8 @@ use crate::bson::doc; use crate::util::variables::delta::VAPID_PRIVATE_KEY; +use authifier::Database; use deadqueue::limited::Queue; -use rauth::Database; use web_push::{ ContentEncoding, SubscriptionInfo, SubscriptionKeys, VapidSignatureBuilder, WebPushClient, WebPushMessageBuilder, diff --git a/crates/quark/src/util/rauth.rs b/crates/quark/src/util/authifier.rs similarity index 80% rename from crates/quark/src/util/rauth.rs rename to crates/quark/src/util/authifier.rs index 02d8b26b..e87803d5 100644 --- a/crates/quark/src/util/rauth.rs +++ b/crates/quark/src/util/authifier.rs @@ -1,9 +1,11 @@ +use authifier::config::{ResolveIp, Shield}; + use super::variables::delta::{ - APP_URL, HCAPTCHA_KEY, INVITE_ONLY, SMTP_FROM, SMTP_HOST, SMTP_PASSWORD, SMTP_USERNAME, - USE_EMAIL, USE_HCAPTCHA, + APP_URL, AUTHIFIER_SHIELD_KEY, HCAPTCHA_KEY, INVITE_ONLY, SMTP_FROM, SMTP_HOST, SMTP_PASSWORD, + SMTP_USERNAME, USE_EMAIL, USE_HCAPTCHA, }; -use crate::rauth::config::{ +use crate::authifier::config::{ Captcha, Config, EmailVerificationConfig, SMTPSettings, Template, Templates, }; @@ -59,5 +61,19 @@ pub fn config() -> Config { }; } + if let Some(api_key) = &*AUTHIFIER_SHIELD_KEY { + config.shield = Shield::Enabled { + api_key: api_key.to_string(), + strict: false, + }; + } + + if std::env::var("TRUST_CLOUDFLARE") + .map(|x| x == "1") + .unwrap_or_default() + { + config.resolve_ip = ResolveIp::Cloudflare; + } + config } diff --git a/crates/quark/src/util/mod.rs b/crates/quark/src/util/mod.rs index bb83ded1..a4aa2814 100644 --- a/crates/quark/src/util/mod.rs +++ b/crates/quark/src/util/mod.rs @@ -1,7 +1,7 @@ +pub mod authifier; pub mod log; pub mod manipulation; pub mod pfp; -pub mod rauth; pub mod r#ref; pub mod regex; pub mod result; diff --git a/crates/quark/src/util/variables/delta.rs b/crates/quark/src/util/variables/delta.rs index f81ff087..bb789987 100644 --- a/crates/quark/src/util/variables/delta.rs +++ b/crates/quark/src/util/variables/delta.rs @@ -30,6 +30,8 @@ lazy_static! { env::var("REVOLT_VAPID_PRIVATE_KEY").expect("Missing REVOLT_VAPID_PRIVATE_KEY environment variable."); pub static ref VAPID_PUBLIC_KEY: String = env::var("REVOLT_VAPID_PUBLIC_KEY").expect("Missing REVOLT_VAPID_PUBLIC_KEY environment variable."); + pub static ref AUTHIFIER_SHIELD_KEY: Option = + env::var("REVOLT_AUTHIFIER_SHIELD_KEY").ok(); // Application Flags pub static ref INVITE_ONLY: bool = env::var("REVOLT_INVITE_ONLY").map_or(false, |v| v == "1"); diff --git a/crates/quark/src/web/ratelimiter.rs b/crates/quark/src/web/ratelimiter.rs index 853d9aa8..5a4ec96a 100644 --- a/crates/quark/src/web/ratelimiter.rs +++ b/crates/quark/src/web/ratelimiter.rs @@ -8,7 +8,7 @@ use std::hash::Hasher; use std::ops::Add; use std::time::{Duration, SystemTime, UNIX_EPOCH}; -use crate::rauth::models::Session; +use crate::authifier::models::Session; use rocket::fairing::{Fairing, Info, Kind}; use rocket::http::uri::Origin; use rocket::http::{Method, Status};