Merge branch 'medusa' of code.ita-prog.pl:Tsumanu/bazzar into medusa

This commit is contained in:
Adrian Woźniak 2024-06-26 11:13:20 +02:00
commit a6cb828aee
18 changed files with 103 additions and 421 deletions

417
Cargo.lock generated
View File

@ -8,35 +8,6 @@ version = "0.11.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3"
[[package]]
name = "account_manager"
version = "0.1.0"
dependencies = [
"bincode",
"bytes 1.6.0",
"channels",
"config",
"dotenv",
"fake",
"futures 0.3.30",
"gumdrop",
"json",
"kanidm_client",
"kanidm_proto",
"model",
"rauthy-client",
"rumqttc",
"serde",
"sqlx",
"sqlx-core 0.7.4",
"tarpc",
"testx",
"thiserror",
"tokio",
"tracing",
"uuid 1.9.0",
]
[[package]]
name = "actix-codec"
version = "0.5.2"
@ -401,7 +372,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cd066d0b4ef8ecb03a55319dc13aa6910616d0f44008a045bb1835af830abff5"
dependencies = [
"brotli",
"flate2",
"futures-core",
"memchr",
"pin-project-lite",
@ -756,12 +726,6 @@ version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
[[package]]
name = "base32"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "23ce669cd6c8588f79e15cf450314f9638f967fc5770ff1c7c1deb0925ea7cfa"
[[package]]
name = "base64"
version = "0.13.1"
@ -786,17 +750,6 @@ version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
[[package]]
name = "base64urlsafedata"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a56894edf5cd1efa7068d7454adeb7ce0b3da4ffa5ab08cfc06165bbc62f0c7"
dependencies = [
"base64 0.21.7",
"paste",
"serde",
]
[[package]]
name = "bigdecimal"
version = "0.3.1"
@ -912,7 +865,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c3ef8005764f53cd4dca619f5bf64cafd4664dada50ece25e4d81de54c80cc0b"
dependencies = [
"once_cell",
"proc-macro-crate 3.1.0",
"proc-macro-crate",
"proc-macro2",
"quote",
"syn 2.0.68",
@ -1262,22 +1215,6 @@ version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f3f6d59c71e7dc3af60f0af9db32364d96a16e9310f3f5db2b55ed642162dd35"
[[package]]
name = "compact_jwt"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d1aca09e6a9e9011c2a2fb13f26a0d2440a709ac0e68ccf02d168d54f4801b27"
dependencies = [
"base64 0.21.7",
"base64urlsafedata",
"hex",
"serde",
"serde_json",
"tracing",
"url",
"uuid 1.9.0",
]
[[package]]
name = "concurrent-queue"
version = "2.5.0"
@ -1344,17 +1281,6 @@ dependencies = [
"version_check",
]
[[package]]
name = "cookie"
version = "0.17.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7efb37c3e1ccb1ff97164ad95ac1606e8ccd35b3fa0a7d99a304c7f4a428cc24"
dependencies = [
"percent-encoding",
"time",
"version_check",
]
[[package]]
name = "cookie"
version = "0.18.1"
@ -1370,23 +1296,6 @@ dependencies = [
"version_check",
]
[[package]]
name = "cookie_store"
version = "0.20.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "387461abbc748185c3a6e1673d826918b450b87ff22639429c694619a83b6cf6"
dependencies = [
"cookie 0.17.0",
"idna 0.3.0",
"log",
"publicsuffix",
"serde",
"serde_derive",
"serde_json",
"time",
"url",
]
[[package]]
name = "core-foundation"
version = "0.9.4"
@ -2703,16 +2612,6 @@ version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39"
[[package]]
name = "idna"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e14ddfc70884202db2244c223200c204c2bda1bc6e0998d11b5e024d657209e6"
dependencies = [
"unicode-bidi",
"unicode-normalization",
]
[[package]]
name = "idna"
version = "0.5.0"
@ -2723,6 +2622,33 @@ dependencies = [
"unicode-normalization",
]
[[package]]
name = "idp"
version = "0.1.0"
dependencies = [
"bincode",
"bytes 1.6.0",
"channels",
"config",
"dotenv",
"fake",
"futures 0.1.31",
"gumdrop",
"json",
"model",
"rauthy-client",
"rumqttc",
"serde",
"sqlx",
"sqlx-core 0.6.3",
"tarpc",
"testx",
"thiserror",
"tokio",
"tracing",
"uuid 1.9.0",
]
[[package]]
name = "image"
version = "0.25.1"
@ -2742,7 +2668,6 @@ checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99"
dependencies = [
"autocfg",
"hashbrown 0.12.3",
"serde",
]
[[package]]
@ -2753,7 +2678,6 @@ checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26"
dependencies = [
"equivalent",
"hashbrown 0.14.5",
"serde",
]
[[package]]
@ -2927,69 +2851,6 @@ dependencies = [
"signature",
]
[[package]]
name = "kanidm_client"
version = "1.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "096cddae6b5b1891c58ecf3056f45205be68f995e21278e006d32fed71910e7d"
dependencies = [
"compact_jwt",
"hyper 0.14.29",
"kanidm_lib_file_permissions",
"kanidm_proto",
"reqwest 0.11.27",
"serde",
"serde_json",
"time",
"tokio",
"toml 0.5.11",
"tracing",
"url",
"uuid 1.9.0",
"webauthn-rs-proto",
]
[[package]]
name = "kanidm_lib_file_permissions"
version = "1.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b1bb7525ce9007b0798a8eaf010708ef49da7f1b2516eebd3058f253df6db843"
dependencies = [
"kanidm_utils_users",
"whoami",
]
[[package]]
name = "kanidm_proto"
version = "1.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0ad03a5e96bf8a4fa981b864c3317950dce7d7ea6b0e8accd61329ec72ca1cd6"
dependencies = [
"base32",
"base64urlsafedata",
"num_enum",
"scim_proto",
"serde",
"serde_json",
"serde_with",
"time",
"tracing",
"url",
"urlencoding",
"utoipa",
"uuid 1.9.0",
"webauthn-rs-proto",
]
[[package]]
name = "kanidm_utils_users"
version = "1.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "89aa036a35fe4b2953c7c8ab8ad456db3ab8547aec1f1a762ab524d7480c243b"
dependencies = [
"libc",
]
[[package]]
name = "kv-log-macro"
version = "1.0.7"
@ -3211,16 +3072,6 @@ version = "0.3.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
[[package]]
name = "mime_guess"
version = "2.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4192263c238a5f0d0c6bfd21f336a313a4ce1c450542449ca191bb657b4642ef"
dependencies = [
"mime",
"unicase",
]
[[package]]
name = "minidom"
version = "0.15.2"
@ -3401,36 +3252,6 @@ dependencies = [
"libc",
]
[[package]]
name = "num_enum"
version = "0.5.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1f646caf906c20226733ed5b1374287eb97e3c2a5c227ce668c1f2ce20ae57c9"
dependencies = [
"num_enum_derive",
]
[[package]]
name = "num_enum_derive"
version = "0.5.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dcbff9bc912032c62bf65ef1d5aea88983b420f4f839db1e9b0c281a25c9c799"
dependencies = [
"proc-macro-crate 1.3.1",
"proc-macro2",
"quote",
"syn 1.0.109",
]
[[package]]
name = "num_threads"
version = "0.1.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5c7398b9c8b70908f6371f47ed36737907c87c52af34c268fed0bf0ceb92ead9"
dependencies = [
"libc",
]
[[package]]
name = "object"
version = "0.36.0"
@ -3834,33 +3655,6 @@ dependencies = [
"tracing",
]
[[package]]
name = "peg"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8a625d12ad770914cbf7eff6f9314c3ef803bfe364a1b20bc36ddf56673e71e5"
dependencies = [
"peg-macros",
"peg-runtime",
]
[[package]]
name = "peg-macros"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f241d42067ed3ab6a4fece1db720838e1418f36d868585a27931f95d6bc03582"
dependencies = [
"peg-runtime",
"proc-macro2",
"quote",
]
[[package]]
name = "peg-runtime"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e3aeb8f54c078314c2065ee649a7241f46b9d8e418e1a9581ba0546657d7aa3a"
[[package]]
name = "pem-rfc7468"
version = "0.7.0"
@ -4028,16 +3822,6 @@ dependencies = [
"elliptic-curve",
]
[[package]]
name = "proc-macro-crate"
version = "1.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7f4c021e1093a56626774e81216a4ce732a735e5bad4868a03f3ed65ca0c3919"
dependencies = [
"once_cell",
"toml_edit 0.19.15",
]
[[package]]
name = "proc-macro-crate"
version = "3.1.0"
@ -4103,12 +3887,6 @@ dependencies = [
"syn 1.0.109",
]
[[package]]
name = "psl-types"
version = "2.0.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac"
[[package]]
name = "ptr_meta"
version = "0.1.4"
@ -4129,16 +3907,6 @@ dependencies = [
"syn 1.0.109",
]
[[package]]
name = "publicsuffix"
version = "2.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "96a8c1bda5ae1af7f99a2962e49df150414a43d62404644d98dd5c3a93d07457"
dependencies = [
"idna 0.3.0",
"psl-types",
]
[[package]]
name = "qrcode"
version = "0.14.0"
@ -4513,11 +4281,8 @@ version = "0.11.27"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dd67538700a17451e7cba03ac727fb961abb7607553461627b97de0b89cf4a62"
dependencies = [
"async-compression",
"base64 0.21.7",
"bytes 1.6.0",
"cookie 0.17.0",
"cookie_store",
"encoding_rs",
"futures-core",
"futures-util",
@ -4530,7 +4295,6 @@ dependencies = [
"js-sys",
"log",
"mime",
"mime_guess",
"native-tls",
"once_cell",
"percent-encoding",
@ -4956,23 +4720,6 @@ dependencies = [
"windows-sys 0.52.0",
]
[[package]]
name = "scim_proto"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "55fbcfbcbc11ff46228a2b7b6018e1f6f37499fff47851e20583862ba1d9ef3f"
dependencies = [
"base64 0.22.1",
"peg",
"serde",
"serde_json",
"time",
"tracing",
"tracing-subscriber",
"url",
"uuid 1.9.0",
]
[[package]]
name = "scopeguard"
version = "1.2.0"
@ -5192,17 +4939,6 @@ dependencies = [
"serde_derive",
]
[[package]]
name = "serde-wasm-bindgen"
version = "0.4.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e3b4c031cd0d9014307d82b8abf653c0290fbdaeb4c02d00c63cf52f728628bf"
dependencies = [
"js-sys",
"serde",
"wasm-bindgen",
]
[[package]]
name = "serde_derive"
version = "1.0.203"
@ -5278,36 +5014,6 @@ dependencies = [
"serde",
]
[[package]]
name = "serde_with"
version = "3.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0ad483d2ab0149d5a5ebcd9972a3852711e0153d863bf5a5d0391d28883c4a20"
dependencies = [
"base64 0.22.1",
"chrono",
"hex",
"indexmap 1.9.3",
"indexmap 2.2.6",
"serde",
"serde_derive",
"serde_json",
"serde_with_macros",
"time",
]
[[package]]
name = "serde_with_macros"
version = "3.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "65569b702f41443e8bc8bbb1c5779bd0450bbe723b56198980e80ec45780bce2"
dependencies = [
"darling",
"proc-macro2",
"quote",
"syn 2.0.68",
]
[[package]]
name = "sha1"
version = "0.10.6"
@ -5879,9 +5585,7 @@ checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885"
dependencies = [
"deranged",
"itoa",
"libc",
"num-conv",
"num_threads",
"powerfmt",
"serde",
"time-core",
@ -6054,15 +5758,6 @@ dependencies = [
"tokio",
]
[[package]]
name = "toml"
version = "0.5.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234"
dependencies = [
"serde",
]
[[package]]
name = "toml"
version = "0.7.8"
@ -6376,15 +6071,6 @@ version = "1.17.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
[[package]]
name = "unicase"
version = "2.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f7d2d4dafb69621809a81864c9c1b864479e1235c0dd4e199924b9742439ed89"
dependencies = [
"version_check",
]
[[package]]
name = "unicode-bidi"
version = "0.3.15"
@ -6453,7 +6139,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c"
dependencies = [
"form_urlencoded",
"idna 0.5.0",
"idna",
"percent-encoding",
"serde",
]
@ -6473,30 +6159,6 @@ version = "2.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da"
[[package]]
name = "utoipa"
version = "4.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c5afb1a60e207dca502682537fefcfd9921e71d0b83e9576060f09abc6efab23"
dependencies = [
"indexmap 2.2.6",
"serde",
"serde_json",
"utoipa-gen",
]
[[package]]
name = "utoipa-gen"
version = "4.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7bf0e16c02bc4bf5322ab65f10ab1149bdbcaa782cba66dc7057370a3f8190be"
dependencies = [
"proc-macro-error",
"proc-macro2",
"quote",
"syn 2.0.68",
]
[[package]]
name = "uuid"
version = "0.8.2"
@ -6525,7 +6187,7 @@ version = "0.18.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "db79c75af171630a3148bd3e6d7c4f42b6a9a014c2945bc5ed0020cbb8d9478e"
dependencies = [
"idna 0.5.0",
"idna",
"once_cell",
"regex",
"serde",
@ -6613,8 +6275,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8"
dependencies = [
"cfg-if",
"serde",
"serde_json",
"wasm-bindgen-macro",
]
@ -6697,23 +6357,6 @@ dependencies = [
"wasm-bindgen",
]
[[package]]
name = "webauthn-rs-proto"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1f1c6dc254607f48eec3bdb35b86b377202436859ca1e4c9290afafd7349dcc3"
dependencies = [
"base64 0.21.7",
"base64urlsafedata",
"js-sys",
"serde",
"serde-wasm-bindgen",
"serde_json",
"url",
"wasm-bindgen",
"web-sys",
]
[[package]]
name = "webpki"
version = "0.22.4"

View File

@ -7,7 +7,7 @@ members = [
"crates/testx",
"crates/db-utils",
# actors
"crates/account_manager",
"crates/idp",
# "crates/cart_manager",
# "crates/database_manager",
# "crates/email_manager",

View File

@ -182,7 +182,7 @@ pub mod rpc {
use tarpc::tokio_serde::formats::Bincode;
let l = config.lock();
let addr = l.account_manager().rpc_addr();
let addr = l.idp().rpc_addr();
let transport = tarpc::serde_transport::tcp::connect(addr, Bincode::default);
@ -204,6 +204,6 @@ pub mod mqtt {
use crate::AsyncClient;
pub fn create_client(config: SharedAppConfig) -> (AsyncClient, EventLoop) {
crate::mqtt::create_client(CLIENT_NAME, config.lock().account_manager().mqtt_addr())
crate::mqtt::create_client(CLIENT_NAME, config.lock().idp().mqtt_addr())
}
}

View File

@ -132,10 +132,7 @@ pub mod rpc {
let addr = {
let l = config.lock();
(
l.account_manager().rpc_bind.clone(),
l.account_manager().rpc_port,
)
(l.idp().rpc_bind.clone(), l.idp().rpc_port)
};
let transport = tarpc::serde_transport::tcp::connect(addr, Bincode::default);

View File

@ -348,16 +348,18 @@ impl FilesConfig {
}
#[derive(Debug, Serialize, Deserialize)]
pub struct AccountManagerConfig {
pub struct IdpConfig {
pub rpc_port: u16,
pub rpc_bind: String,
pub mqtt_port: u16,
pub mqtt_bind: String,
pub database_url: String,
pub idm_url: String,
#[serde(default)]
pub secret: Option<String>,
}
impl Default for AccountManagerConfig {
impl Default for IdpConfig {
fn default() -> Self {
Self {
rpc_port: 19329,
@ -366,13 +368,14 @@ impl Default for AccountManagerConfig {
mqtt_bind: "0.0.0.0".into(),
database_url: "postgres://postgres@localhost/myco_accounts".into(),
idm_url: "https://localhost:8443".into(),
secret: Some("CHANGE ME".into()),
}
}
}
impl Example for AccountManagerConfig {}
impl Example for IdpConfig {}
impl AccountManagerConfig {
impl IdpConfig {
pub fn rpc_addr(&self) -> (&str, u16) {
(&self.rpc_bind, self.rpc_port)
}
@ -384,6 +387,10 @@ impl AccountManagerConfig {
pub fn idm_url(&self) -> &str {
&self.idm_url
}
pub fn secret(&self) -> Option<&String> {
self.secret.as_ref()
}
}
#[derive(Debug, Serialize, Deserialize)]
@ -668,7 +675,7 @@ impl TokensConfig {
#[derive(Serialize, Deserialize)]
pub struct AppConfig {
#[serde(default)]
account_manager: AccountManagerConfig,
idp: IdpConfig,
#[serde(default)]
cart_manager: CartManagerConfig,
#[serde(skip)]
@ -705,7 +712,7 @@ impl Example for AppConfig {
database: DatabaseConfig::example(),
search: SearchConfig::example(),
files: FilesConfig::example(),
account_manager: AccountManagerConfig::example(),
idp: IdpConfig::example(),
cart_manager: CartManagerConfig::example(),
email_sender: EmailSenderConfig::example(),
stocks: StocksConfig::example(),
@ -718,8 +725,8 @@ impl Example for AppConfig {
}
impl AppConfig {
pub fn account_manager(&self) -> &AccountManagerConfig {
&self.account_manager
pub fn idp(&self) -> &IdpConfig {
&self.idp
}
pub fn cart_manager(&self) -> &CartManagerConfig {
@ -800,7 +807,7 @@ impl Default for AppConfig {
database: DatabaseConfig::default(),
search: SearchConfig::default(),
files: FilesConfig::default(),
account_manager: AccountManagerConfig::default(),
idp: IdpConfig::default(),
cart_manager: CartManagerConfig::default(),
email_sender: EmailSenderConfig::default(),
stocks: StocksConfig::default(),

View File

@ -1,10 +1,10 @@
[package]
name = "account_manager"
name = "idp"
version = "0.1.0"
edition = "2021"
[[bin]]
name = "account-manager"
name = "idp"
path = "src/main.rs"
[dependencies]
@ -16,8 +16,6 @@ dotenv = { version = "0" }
futures = { version = "0" }
gumdrop = { version = "0" }
json = { version = "0" }
kanidm_client = "1.2.2"
kanidm_proto = "1.2.2"
model = { path = "../model", features = ['db'] }
rauthy-client = { version = "0.4.0", features = ["actix-web", "qrcode"] }
rumqttc = { version = "*" }

View File

@ -14,7 +14,7 @@ pub struct Database {
impl Database {
pub async fn build(config: SharedAppConfig) -> Self {
let url = config.lock().account_manager().database_url.clone();
let url = config.lock().idp().database_url.clone();
let pool = sqlx::PgPool::connect(&url).await.unwrap_or_else(|e| {
tracing::error!("Failed to connect to database. {e:?}");
std::process::exit(1);

View File

@ -1,15 +1,52 @@
use kanidm_client::{ClientError, KanidmClient};
use kanidm_proto::internal::CUStatus;
use kanidm_proto::v1::Entry;
use config::SharedAppConfig;
pub async fn init(config: SharedAppConfig) {
let (secret, web) = {
let c = config.lock();
(c.idp().secret(), c.web().host())
};
rauthy_client::init_with(None, RauthyHttpsOnly::No, DangerAcceptInvalidCerts::Yes).await?;
let config = RauthyConfig {
// Sets the .is_admin field for the principal based on the `ClaimMapping`.
admin_claim: ClaimMapping::Or(vec![JwtClaim {
typ: JwtClaimTyp::Roles,
value: "admin".to_string(),
}]),
// Sets the .is_user field for the principal based on the `ClaimMapping`.
// Without this claim, a user would not have access to this app. This is
// used, because usually you never want to just have all your OIDC users to
// have access to a certain application.
user_claim: ClaimMapping::Or(vec![JwtClaim {
typ: JwtClaimTyp::Groups,
value: "user".to_string(),
}]),
// In almost all cases, this should just match the `client_id`
allowed_audiences: HashSet::from(["idp".to_string()]),
client_id: "idp".to_string(),
// If set to 'false', tokens with a non-verified email address will be rejected.
email_verified: !cfg!(debug_assertions),
// The issuer URL from your Rauthy deployment
iss: format!("{host}/auth/v1"),
// The scopes you want to request. The only mandatory which always needs to exist is
// `openid`, the rest is optional and depending on your needs.
scope: vec![
"openid".to_string(),
"email".to_string(),
"profile".to_string(),
"groups".to_string(),
],
// If set to None, the client will be treated as a public client and not provide any
// secret to the /token endpoint after the callback. Set a secret for confidential clients.
secret: secret.map(String::from),
// secret: Some("secretCopiedFromTheRauthyUiIfIsConfidentialClient".to_string(),),
};
// The redirect_uri here must match the URI of this application, where we accept
// and handle the callback after a successful login.
OidcProvider::setup_from_config(config, format!("{host}/callback")).await?;
}
pub async fn refresh_token(kanidm: &KanidmClient) -> Result<(), ClientError> {
kanidm
.auth_simple_password(
"idm_admin",
&std::env::var("KANIDM_IDM_ADMIN_PASS")
.expect("idm_admin password is requied, please set KANIDM_IDM_ADMIN_PASS"),
)
.await?;
Ok(())
}

View File

@ -40,7 +40,7 @@ async fn main() {
let db = db::Database::build(config.clone()).await;
let kanidm = kanidm_client::KanidmClientBuilder::new()
.address(config.lock().account_manager().idm_url().to_owned())
.address(config.lock().idp().idm_url().to_owned())
.danger_accept_invalid_certs(cfg!(debug_assertions))
.connect_timeout(2)
.build()

View File

@ -72,7 +72,7 @@ impl Accounts for AccountsServer {
}
pub async fn start(config: SharedAppConfig, db: Database, mqtt_client: AsyncClient) {
let port = { config.lock().account_manager().rpc_port };
let port = { config.lock().idp().rpc_port };
channels::rpc::start("accounts", port, || {
AccountsServer {

View File

@ -1,4 +1,4 @@
[account_manager]
[idp]
rpc_port = 19329
rpc_bind = "0.0.0.0"
mqtt_port = 1883