mirror of
https://github.com/zhaofengli/attic.git
synced 2024-12-15 17:50:57 +00:00
Migrate to jsonwebtoken
This commit is contained in:
parent
9001fa5418
commit
3e0b65a4c3
7 changed files with 149 additions and 426 deletions
465
Cargo.lock
generated
465
Cargo.lock
generated
|
@ -325,7 +325,7 @@ dependencies = [
|
||||||
"base64 0.21.2",
|
"base64 0.21.2",
|
||||||
"chrono",
|
"chrono",
|
||||||
"displaydoc",
|
"displaydoc",
|
||||||
"jwt-simple",
|
"jsonwebtoken",
|
||||||
"lazy_static",
|
"lazy_static",
|
||||||
"regex",
|
"regex",
|
||||||
"serde",
|
"serde",
|
||||||
|
@ -361,7 +361,7 @@ dependencies = [
|
||||||
"hex",
|
"hex",
|
||||||
"http",
|
"http",
|
||||||
"hyper",
|
"hyper",
|
||||||
"ring",
|
"ring 0.16.20",
|
||||||
"time 0.3.21",
|
"time 0.3.21",
|
||||||
"tokio",
|
"tokio",
|
||||||
"tower",
|
"tower",
|
||||||
|
@ -774,12 +774,6 @@ dependencies = [
|
||||||
"syn 1.0.109",
|
"syn 1.0.109",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "base16ct"
|
|
||||||
version = "0.2.0"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "base64"
|
name = "base64"
|
||||||
version = "0.13.1"
|
version = "0.13.1"
|
||||||
|
@ -802,12 +796,6 @@ dependencies = [
|
||||||
"vsimd",
|
"vsimd",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "base64ct"
|
|
||||||
version = "1.6.0"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "bigdecimal"
|
name = "bigdecimal"
|
||||||
version = "0.3.1"
|
version = "0.3.1"
|
||||||
|
@ -819,12 +807,6 @@ dependencies = [
|
||||||
"num-traits",
|
"num-traits",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "binstring"
|
|
||||||
version = "0.1.1"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "7e0d60973d9320722cb1206f412740e162a33b8547ea8d6be75d7cff237c7a85"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "bitflags"
|
name = "bitflags"
|
||||||
version = "1.3.2"
|
version = "1.3.2"
|
||||||
|
@ -970,11 +952,12 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "cc"
|
name = "cc"
|
||||||
version = "1.0.79"
|
version = "1.0.83"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
|
checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"jobserver",
|
"jobserver",
|
||||||
|
"libc",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
|
@ -1086,18 +1069,6 @@ version = "0.5.0"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "2da6da31387c7e4ef160ffab6d5e7f00c42626fe39aea70a7b0f1773f7dd6c1b"
|
checksum = "2da6da31387c7e4ef160ffab6d5e7f00c42626fe39aea70a7b0f1773f7dd6c1b"
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "coarsetime"
|
|
||||||
version = "0.1.23"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "a90d114103adbc625300f346d4d09dfb4ab1c4a8df6868435dd903392ecf4354"
|
|
||||||
dependencies = [
|
|
||||||
"libc",
|
|
||||||
"once_cell",
|
|
||||||
"wasi 0.11.0+wasi-snapshot-preview1",
|
|
||||||
"wasm-bindgen",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "codespan-reporting"
|
name = "codespan-reporting"
|
||||||
version = "0.11.1"
|
version = "0.11.1"
|
||||||
|
@ -1172,12 +1143,6 @@ dependencies = [
|
||||||
"tracing-subscriber",
|
"tracing-subscriber",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "const-oid"
|
|
||||||
version = "0.9.2"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "520fbf3c07483f94e3e3ca9d0cfd913d7718ef2483d2cfd91c0d9e91474ab913"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "const_format"
|
name = "const_format"
|
||||||
version = "0.2.30"
|
version = "0.2.30"
|
||||||
|
@ -1270,18 +1235,6 @@ dependencies = [
|
||||||
"cfg-if",
|
"cfg-if",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "crypto-bigint"
|
|
||||||
version = "0.5.2"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "cf4c2f4e1afd912bc40bfd6fed5d9dc1f288e0ba01bfcc835cc5bc3eb13efe15"
|
|
||||||
dependencies = [
|
|
||||||
"generic-array",
|
|
||||||
"rand_core",
|
|
||||||
"subtle",
|
|
||||||
"zeroize",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "crypto-common"
|
name = "crypto-common"
|
||||||
version = "0.1.6"
|
version = "0.1.6"
|
||||||
|
@ -1377,28 +1330,6 @@ dependencies = [
|
||||||
"syn 2.0.18",
|
"syn 2.0.18",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "der"
|
|
||||||
version = "0.6.1"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de"
|
|
||||||
dependencies = [
|
|
||||||
"const-oid",
|
|
||||||
"pem-rfc7468 0.6.0",
|
|
||||||
"zeroize",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "der"
|
|
||||||
version = "0.7.6"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "56acb310e15652100da43d130af8d97b509e95af61aab1c5a7939ef24337ee17"
|
|
||||||
dependencies = [
|
|
||||||
"const-oid",
|
|
||||||
"pem-rfc7468 0.7.0",
|
|
||||||
"zeroize",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "derivative"
|
name = "derivative"
|
||||||
version = "2.2.0"
|
version = "2.2.0"
|
||||||
|
@ -1429,7 +1360,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
|
checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"block-buffer",
|
"block-buffer",
|
||||||
"const-oid",
|
|
||||||
"crypto-common",
|
"crypto-common",
|
||||||
"subtle",
|
"subtle",
|
||||||
]
|
]
|
||||||
|
@ -1471,20 +1401,6 @@ version = "0.15.7"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b"
|
checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b"
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "ecdsa"
|
|
||||||
version = "0.16.7"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "0997c976637b606099b9985693efa3581e84e41f5c11ba5255f88711058ad428"
|
|
||||||
dependencies = [
|
|
||||||
"der 0.7.6",
|
|
||||||
"digest",
|
|
||||||
"elliptic-curve",
|
|
||||||
"rfc6979",
|
|
||||||
"signature 2.1.0",
|
|
||||||
"spki 0.7.2",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "ed25519-compact"
|
name = "ed25519-compact"
|
||||||
version = "2.0.4"
|
version = "2.0.4"
|
||||||
|
@ -1501,27 +1417,6 @@ version = "1.8.1"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91"
|
checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91"
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "elliptic-curve"
|
|
||||||
version = "0.13.5"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "968405c8fdc9b3bf4df0a6638858cc0b52462836ab6b1c87377785dd09cf1c0b"
|
|
||||||
dependencies = [
|
|
||||||
"base16ct",
|
|
||||||
"crypto-bigint",
|
|
||||||
"digest",
|
|
||||||
"ff",
|
|
||||||
"generic-array",
|
|
||||||
"group",
|
|
||||||
"hkdf",
|
|
||||||
"pem-rfc7468 0.7.0",
|
|
||||||
"pkcs8 0.10.2",
|
|
||||||
"rand_core",
|
|
||||||
"sec1",
|
|
||||||
"subtle",
|
|
||||||
"zeroize",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "encode_unicode"
|
name = "encode_unicode"
|
||||||
version = "0.3.6"
|
version = "0.3.6"
|
||||||
|
@ -1591,16 +1486,6 @@ dependencies = [
|
||||||
"instant",
|
"instant",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "ff"
|
|
||||||
version = "0.13.0"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449"
|
|
||||||
dependencies = [
|
|
||||||
"rand_core",
|
|
||||||
"subtle",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "filetime"
|
name = "filetime"
|
||||||
version = "0.2.21"
|
version = "0.2.21"
|
||||||
|
@ -1764,31 +1649,19 @@ checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"typenum",
|
"typenum",
|
||||||
"version_check",
|
"version_check",
|
||||||
"zeroize",
|
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "getrandom"
|
name = "getrandom"
|
||||||
version = "0.2.9"
|
version = "0.2.10"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4"
|
checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"cfg-if",
|
"cfg-if",
|
||||||
"libc",
|
"libc",
|
||||||
"wasi 0.11.0+wasi-snapshot-preview1",
|
"wasi 0.11.0+wasi-snapshot-preview1",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "group"
|
|
||||||
version = "0.13.0"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
|
|
||||||
dependencies = [
|
|
||||||
"ff",
|
|
||||||
"rand_core",
|
|
||||||
"subtle",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "h2"
|
name = "h2"
|
||||||
version = "0.3.19"
|
version = "0.3.19"
|
||||||
|
@ -1905,30 +1778,6 @@ dependencies = [
|
||||||
"digest",
|
"digest",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "hmac-sha1-compact"
|
|
||||||
version = "1.1.3"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "05e2440a0078e20c3b68ca01234cea4219f23e64b0c0bdb1200c5550d54239bb"
|
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "hmac-sha256"
|
|
||||||
version = "1.1.6"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "fc736091aacb31ddaa4cd5f6988b3c21e99913ac846b41f32538c5fae5d71bfe"
|
|
||||||
dependencies = [
|
|
||||||
"digest",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "hmac-sha512"
|
|
||||||
version = "1.1.4"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "520c9c3f6040661669bc5c91e551b605a520c8e0a63a766a91a65adef734d151"
|
|
||||||
dependencies = [
|
|
||||||
"digest",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "home"
|
name = "home"
|
||||||
version = "0.5.5"
|
version = "0.5.5"
|
||||||
|
@ -2212,43 +2061,17 @@ dependencies = [
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "jwt-simple"
|
name = "jsonwebtoken"
|
||||||
version = "0.11.5"
|
version = "9.1.0"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "0537086995d782ba2fb6c120a88f0d66c5ee5f1208a3559826d4cf2264b170da"
|
checksum = "155c4d7e39ad04c172c5e3a99c434ea3b4a7ba7960b38ecd562b270b097cce09"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"anyhow",
|
"base64 0.21.2",
|
||||||
"binstring",
|
"pem",
|
||||||
"coarsetime",
|
"ring 0.17.5",
|
||||||
"ct-codecs",
|
|
||||||
"ed25519-compact",
|
|
||||||
"hmac-sha1-compact",
|
|
||||||
"hmac-sha256",
|
|
||||||
"hmac-sha512",
|
|
||||||
"k256",
|
|
||||||
"p256",
|
|
||||||
"p384",
|
|
||||||
"rand",
|
|
||||||
"rsa",
|
|
||||||
"serde",
|
"serde",
|
||||||
"serde_json",
|
"serde_json",
|
||||||
"spki 0.6.0",
|
"simple_asn1",
|
||||||
"thiserror",
|
|
||||||
"zeroize",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "k256"
|
|
||||||
version = "0.13.1"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "cadb76004ed8e97623117f3df85b17aaa6626ab0b0831e6573f104df16cd1bcc"
|
|
||||||
dependencies = [
|
|
||||||
"cfg-if",
|
|
||||||
"ecdsa",
|
|
||||||
"elliptic-curve",
|
|
||||||
"once_cell",
|
|
||||||
"sha2",
|
|
||||||
"signature 2.1.0",
|
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
|
@ -2276,21 +2099,12 @@ name = "lazy_static"
|
||||||
version = "1.4.0"
|
version = "1.4.0"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
|
checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
|
||||||
dependencies = [
|
|
||||||
"spin 0.5.2",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "libc"
|
name = "libc"
|
||||||
version = "0.2.144"
|
version = "0.2.150"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1"
|
checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c"
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "libm"
|
|
||||||
version = "0.2.7"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "f7012b1bbb0719e1097c47611d3898568c546d597c2e74d66f6087edd5233ff4"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "libsqlite3-sys"
|
name = "libsqlite3-sys"
|
||||||
|
@ -2466,23 +2280,6 @@ dependencies = [
|
||||||
"num-traits",
|
"num-traits",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "num-bigint-dig"
|
|
||||||
version = "0.8.2"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "2399c9463abc5f909349d8aa9ba080e0b88b3ce2885389b60b993f39b1a56905"
|
|
||||||
dependencies = [
|
|
||||||
"byteorder",
|
|
||||||
"lazy_static",
|
|
||||||
"libm",
|
|
||||||
"num-integer",
|
|
||||||
"num-iter",
|
|
||||||
"num-traits",
|
|
||||||
"rand",
|
|
||||||
"smallvec",
|
|
||||||
"zeroize",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "num-integer"
|
name = "num-integer"
|
||||||
version = "0.1.45"
|
version = "0.1.45"
|
||||||
|
@ -2493,17 +2290,6 @@ dependencies = [
|
||||||
"num-traits",
|
"num-traits",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "num-iter"
|
|
||||||
version = "0.1.43"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252"
|
|
||||||
dependencies = [
|
|
||||||
"autocfg",
|
|
||||||
"num-integer",
|
|
||||||
"num-traits",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "num-traits"
|
name = "num-traits"
|
||||||
version = "0.2.15"
|
version = "0.2.15"
|
||||||
|
@ -2511,7 +2297,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
|
checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"autocfg",
|
"autocfg",
|
||||||
"libm",
|
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
|
@ -2583,30 +2368,6 @@ version = "0.1.1"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
|
checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "p256"
|
|
||||||
version = "0.13.2"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
|
|
||||||
dependencies = [
|
|
||||||
"ecdsa",
|
|
||||||
"elliptic-curve",
|
|
||||||
"primeorder",
|
|
||||||
"sha2",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "p384"
|
|
||||||
version = "0.13.0"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209"
|
|
||||||
dependencies = [
|
|
||||||
"ecdsa",
|
|
||||||
"elliptic-curve",
|
|
||||||
"primeorder",
|
|
||||||
"sha2",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "parking_lot"
|
name = "parking_lot"
|
||||||
version = "0.11.2"
|
version = "0.11.2"
|
||||||
|
@ -2639,21 +2400,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "9f746c4065a8fa3fe23974dd82f15431cc8d40779821001404d10d2e79ca7d79"
|
checksum = "9f746c4065a8fa3fe23974dd82f15431cc8d40779821001404d10d2e79ca7d79"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "pem-rfc7468"
|
name = "pem"
|
||||||
version = "0.6.0"
|
version = "3.0.2"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "24d159833a9105500e0398934e205e0773f0b27529557134ecfc51c27646adac"
|
checksum = "3163d2912b7c3b52d651a055f2c7eec9ba5cd22d26ef75b8dd3a59980b185923"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"base64ct",
|
"base64 0.21.2",
|
||||||
]
|
"serde",
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "pem-rfc7468"
|
|
||||||
version = "0.7.0"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412"
|
|
||||||
dependencies = [
|
|
||||||
"base64ct",
|
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
|
@ -2694,38 +2447,6 @@ version = "0.1.0"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
|
checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "pkcs1"
|
|
||||||
version = "0.4.1"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "eff33bdbdfc54cc98a2eca766ebdec3e1b8fb7387523d5c9c9a2891da856f719"
|
|
||||||
dependencies = [
|
|
||||||
"der 0.6.1",
|
|
||||||
"pkcs8 0.9.0",
|
|
||||||
"spki 0.6.0",
|
|
||||||
"zeroize",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "pkcs8"
|
|
||||||
version = "0.9.0"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba"
|
|
||||||
dependencies = [
|
|
||||||
"der 0.6.1",
|
|
||||||
"spki 0.6.0",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "pkcs8"
|
|
||||||
version = "0.10.2"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
|
|
||||||
dependencies = [
|
|
||||||
"der 0.7.6",
|
|
||||||
"spki 0.7.2",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "pkg-config"
|
name = "pkg-config"
|
||||||
version = "0.3.27"
|
version = "0.3.27"
|
||||||
|
@ -2753,15 +2474,6 @@ version = "0.2.17"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
|
checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "primeorder"
|
|
||||||
version = "0.13.1"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "cf8d3875361e28f7753baefef104386e7aa47642c93023356d97fdef4003bfb5"
|
|
||||||
dependencies = [
|
|
||||||
"elliptic-curve",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "proc-macro-crate"
|
name = "proc-macro-crate"
|
||||||
version = "0.1.5"
|
version = "0.1.5"
|
||||||
|
@ -3013,16 +2725,6 @@ dependencies = [
|
||||||
"winreg",
|
"winreg",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "rfc6979"
|
|
||||||
version = "0.4.0"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
|
|
||||||
dependencies = [
|
|
||||||
"hmac",
|
|
||||||
"subtle",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "ring"
|
name = "ring"
|
||||||
version = "0.16.20"
|
version = "0.16.20"
|
||||||
|
@ -3033,11 +2735,25 @@ dependencies = [
|
||||||
"libc",
|
"libc",
|
||||||
"once_cell",
|
"once_cell",
|
||||||
"spin 0.5.2",
|
"spin 0.5.2",
|
||||||
"untrusted",
|
"untrusted 0.7.1",
|
||||||
"web-sys",
|
"web-sys",
|
||||||
"winapi",
|
"winapi",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "ring"
|
||||||
|
version = "0.17.5"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b"
|
||||||
|
dependencies = [
|
||||||
|
"cc",
|
||||||
|
"getrandom",
|
||||||
|
"libc",
|
||||||
|
"spin 0.9.8",
|
||||||
|
"untrusted 0.9.0",
|
||||||
|
"windows-sys 0.48.0",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "rkyv"
|
name = "rkyv"
|
||||||
version = "0.7.42"
|
version = "0.7.42"
|
||||||
|
@ -3066,27 +2782,6 @@ dependencies = [
|
||||||
"syn 1.0.109",
|
"syn 1.0.109",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "rsa"
|
|
||||||
version = "0.7.2"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "094052d5470cbcef561cb848a7209968c9f12dfa6d668f4bca048ac5de51099c"
|
|
||||||
dependencies = [
|
|
||||||
"byteorder",
|
|
||||||
"digest",
|
|
||||||
"num-bigint-dig",
|
|
||||||
"num-integer",
|
|
||||||
"num-iter",
|
|
||||||
"num-traits",
|
|
||||||
"pkcs1",
|
|
||||||
"pkcs8 0.9.0",
|
|
||||||
"rand_core",
|
|
||||||
"signature 1.6.4",
|
|
||||||
"smallvec",
|
|
||||||
"subtle",
|
|
||||||
"zeroize",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "rust_decimal"
|
name = "rust_decimal"
|
||||||
version = "1.29.1"
|
version = "1.29.1"
|
||||||
|
@ -3135,7 +2830,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "fff78fc74d175294f4e83b28343315ffcfb114b156f0185e9741cb5570f50e2f"
|
checksum = "fff78fc74d175294f4e83b28343315ffcfb114b156f0185e9741cb5570f50e2f"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"log",
|
"log",
|
||||||
"ring",
|
"ring 0.16.20",
|
||||||
"sct",
|
"sct",
|
||||||
"webpki",
|
"webpki",
|
||||||
]
|
]
|
||||||
|
@ -3147,7 +2842,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "c911ba11bc8433e811ce56fde130ccf32f5127cab0e0194e9c68c5a5b671791e"
|
checksum = "c911ba11bc8433e811ce56fde130ccf32f5127cab0e0194e9c68c5a5b671791e"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"log",
|
"log",
|
||||||
"ring",
|
"ring 0.16.20",
|
||||||
"rustls-webpki",
|
"rustls-webpki",
|
||||||
"sct",
|
"sct",
|
||||||
]
|
]
|
||||||
|
@ -3179,8 +2874,8 @@ version = "0.100.1"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "d6207cd5ed3d8dca7816f8f3725513a34609c0c765bf652b8c3cb4cfd87db46b"
|
checksum = "d6207cd5ed3d8dca7816f8f3725513a34609c0c765bf652b8c3cb4cfd87db46b"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"ring",
|
"ring 0.16.20",
|
||||||
"untrusted",
|
"untrusted 0.7.1",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
|
@ -3231,8 +2926,8 @@ version = "0.7.0"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
|
checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"ring",
|
"ring 0.16.20",
|
||||||
"untrusted",
|
"untrusted 0.7.1",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
|
@ -3404,20 +3099,6 @@ version = "4.1.0"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "1c107b6f4780854c8b126e228ea8869f4d7b71260f962fefb57b996b8959ba6b"
|
checksum = "1c107b6f4780854c8b126e228ea8869f4d7b71260f962fefb57b996b8959ba6b"
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "sec1"
|
|
||||||
version = "0.7.2"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "f0aec48e813d6b90b15f0b8948af3c63483992dee44c03e9930b3eebdabe046e"
|
|
||||||
dependencies = [
|
|
||||||
"base16ct",
|
|
||||||
"der 0.7.6",
|
|
||||||
"generic-array",
|
|
||||||
"pkcs8 0.10.2",
|
|
||||||
"subtle",
|
|
||||||
"zeroize",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "security-framework"
|
name = "security-framework"
|
||||||
version = "2.9.1"
|
version = "2.9.1"
|
||||||
|
@ -3605,32 +3286,24 @@ dependencies = [
|
||||||
"libc",
|
"libc",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "signature"
|
|
||||||
version = "1.6.4"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
|
|
||||||
dependencies = [
|
|
||||||
"digest",
|
|
||||||
"rand_core",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "signature"
|
|
||||||
version = "2.1.0"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "5e1788eed21689f9cf370582dfc467ef36ed9c707f073528ddafa8d83e3b8500"
|
|
||||||
dependencies = [
|
|
||||||
"digest",
|
|
||||||
"rand_core",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "simdutf8"
|
name = "simdutf8"
|
||||||
version = "0.1.4"
|
version = "0.1.4"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "f27f6278552951f1f2b8cf9da965d10969b2efdea95a6ec47987ab46edfe263a"
|
checksum = "f27f6278552951f1f2b8cf9da965d10969b2efdea95a6ec47987ab46edfe263a"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "simple_asn1"
|
||||||
|
version = "0.6.2"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "adc4e5204eb1910f40f9cfa375f6f05b68c3abac4b6fd879c8ff5e7ae8a0a085"
|
||||||
|
dependencies = [
|
||||||
|
"num-bigint",
|
||||||
|
"num-traits",
|
||||||
|
"thiserror",
|
||||||
|
"time 0.3.21",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "slab"
|
name = "slab"
|
||||||
version = "0.4.8"
|
version = "0.4.8"
|
||||||
|
@ -3671,26 +3344,6 @@ dependencies = [
|
||||||
"lock_api",
|
"lock_api",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "spki"
|
|
||||||
version = "0.6.0"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b"
|
|
||||||
dependencies = [
|
|
||||||
"base64ct",
|
|
||||||
"der 0.6.1",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "spki"
|
|
||||||
version = "0.7.2"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "9d1e996ef02c474957d681f1b05213dfb0abab947b446a62d37770b23500184a"
|
|
||||||
dependencies = [
|
|
||||||
"base64ct",
|
|
||||||
"der 0.7.6",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "sqlformat"
|
name = "sqlformat"
|
||||||
version = "0.2.1"
|
version = "0.2.1"
|
||||||
|
@ -4346,6 +3999,12 @@ version = "0.7.1"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
|
checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "untrusted"
|
||||||
|
version = "0.9.0"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "url"
|
name = "url"
|
||||||
version = "2.3.1"
|
version = "2.3.1"
|
||||||
|
@ -4530,8 +4189,8 @@ version = "0.22.0"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
|
checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"ring",
|
"ring 0.16.20",
|
||||||
"untrusted",
|
"untrusted 0.7.1",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
|
|
|
@ -101,7 +101,7 @@ pub async fn apply_auth<B>(req: Request<B>, next: Next<B>) -> Response {
|
||||||
.and_then(parse_authorization_header)
|
.and_then(parse_authorization_header)
|
||||||
.and_then(|jwt| {
|
.and_then(|jwt| {
|
||||||
let state = req.extensions().get::<State>().unwrap();
|
let state = req.extensions().get::<State>().unwrap();
|
||||||
let res_token = Token::from_jwt(&jwt, &state.config.token_hs256_secret);
|
let res_token = Token::from_jwt(&jwt, &state.config.token_hs256_secret.1);
|
||||||
if let Err(e) = &res_token {
|
if let Err(e) = &res_token {
|
||||||
tracing::debug!("Ignoring bad JWT token: {}", e);
|
tracing::debug!("Ignoring bad JWT token: {}", e);
|
||||||
}
|
}
|
||||||
|
|
|
@ -115,7 +115,7 @@ pub async fn run(config: Config, opts: Opts) -> Result<()> {
|
||||||
if sub.dump_claims {
|
if sub.dump_claims {
|
||||||
println!("{}", serde_json::to_string(token.opaque_claims())?);
|
println!("{}", serde_json::to_string(token.opaque_claims())?);
|
||||||
} else {
|
} else {
|
||||||
let encoded_token = token.encode(&config.token_hs256_secret)?;
|
let encoded_token = token.encode(&config.token_hs256_secret.0)?;
|
||||||
println!("{}", encoded_token);
|
println!("{}", encoded_token);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ use derivative::Derivative;
|
||||||
use serde::{de, Deserialize};
|
use serde::{de, Deserialize};
|
||||||
use xdg::BaseDirectories;
|
use xdg::BaseDirectories;
|
||||||
|
|
||||||
use crate::access::{decode_token_hs256_secret_base64, HS256Key};
|
use crate::access::{decode_token_hs256_secret_base64, DecodingKey, EncodingKey};
|
||||||
use crate::narinfo::Compression as NixCompression;
|
use crate::narinfo::Compression as NixCompression;
|
||||||
use crate::storage::{LocalStorageConfig, S3StorageConfig};
|
use crate::storage::{LocalStorageConfig, S3StorageConfig};
|
||||||
|
|
||||||
|
@ -115,7 +115,7 @@ pub struct Config {
|
||||||
#[serde(deserialize_with = "deserialize_token_hs256_secret_base64")]
|
#[serde(deserialize_with = "deserialize_token_hs256_secret_base64")]
|
||||||
#[serde(default = "load_token_hs256_secret_from_env")]
|
#[serde(default = "load_token_hs256_secret_from_env")]
|
||||||
#[derivative(Debug = "ignore")]
|
#[derivative(Debug = "ignore")]
|
||||||
pub token_hs256_secret: HS256Key,
|
pub token_hs256_secret: (EncodingKey, DecodingKey),
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Database connection configuration.
|
/// Database connection configuration.
|
||||||
|
@ -240,7 +240,7 @@ pub struct GarbageCollectionConfig {
|
||||||
pub default_retention_period: Duration,
|
pub default_retention_period: Duration,
|
||||||
}
|
}
|
||||||
|
|
||||||
fn load_token_hs256_secret_from_env() -> HS256Key {
|
fn load_token_hs256_secret_from_env() -> (EncodingKey, DecodingKey) {
|
||||||
let s = env::var(ENV_TOKEN_HS256_SECRET_BASE64)
|
let s = env::var(ENV_TOKEN_HS256_SECRET_BASE64)
|
||||||
.expect("The HS256 secret must be specified in either token_hs256_secret or the ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64 environment.");
|
.expect("The HS256 secret must be specified in either token_hs256_secret or the ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64 environment.");
|
||||||
|
|
||||||
|
@ -296,7 +296,9 @@ impl Default for GarbageCollectionConfig {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn deserialize_token_hs256_secret_base64<'de, D>(deserializer: D) -> Result<HS256Key, D::Error>
|
fn deserialize_token_hs256_secret_base64<'de, D>(
|
||||||
|
deserializer: D,
|
||||||
|
) -> Result<(EncodingKey, DecodingKey), D::Error>
|
||||||
where
|
where
|
||||||
D: de::Deserializer<'de>,
|
D: de::Deserializer<'de>,
|
||||||
{
|
{
|
||||||
|
|
|
@ -77,7 +77,7 @@ pub async fn run_oobe() -> Result<()> {
|
||||||
perm.destroy_cache = true;
|
perm.destroy_cache = true;
|
||||||
|
|
||||||
let key = decode_token_hs256_secret_base64(&hs256_secret_base64).unwrap();
|
let key = decode_token_hs256_secret_base64(&hs256_secret_base64).unwrap();
|
||||||
token.encode(&key)?
|
token.encode(&key.0)?
|
||||||
};
|
};
|
||||||
|
|
||||||
eprintln!();
|
eprintln!();
|
||||||
|
|
|
@ -11,7 +11,7 @@ attic = { path = "../attic", default-features = false }
|
||||||
base64 = "0.21.2"
|
base64 = "0.21.2"
|
||||||
chrono = "0.4.24"
|
chrono = "0.4.24"
|
||||||
displaydoc = "0.2.4"
|
displaydoc = "0.2.4"
|
||||||
jwt-simple = "0.11.5"
|
jsonwebtoken = "9.1.0"
|
||||||
lazy_static = "1.4.0"
|
lazy_static = "1.4.0"
|
||||||
regex = "1.8.3"
|
regex = "1.8.3"
|
||||||
serde = "1.0.163"
|
serde = "1.0.163"
|
||||||
|
|
|
@ -89,11 +89,8 @@ use std::error::Error as StdError;
|
||||||
use base64::{engine::general_purpose::STANDARD as BASE64_STANDARD, Engine};
|
use base64::{engine::general_purpose::STANDARD as BASE64_STANDARD, Engine};
|
||||||
use chrono::{DateTime, Utc};
|
use chrono::{DateTime, Utc};
|
||||||
use displaydoc::Display;
|
use displaydoc::Display;
|
||||||
pub use jwt_simple::{
|
use jsonwebtoken::{Algorithm, Validation};
|
||||||
algorithms::{HS256Key, MACLike},
|
pub use jsonwebtoken::{DecodingKey, EncodingKey};
|
||||||
claims::{Claims, JWTClaims},
|
|
||||||
prelude::UnixTimeStamp,
|
|
||||||
};
|
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use serde_with::{serde_as, BoolFromInt};
|
use serde_with::{serde_as, BoolFromInt};
|
||||||
|
|
||||||
|
@ -126,6 +123,60 @@ macro_rules! require_permission_function {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// A set of JWT claims.
|
||||||
|
///
|
||||||
|
/// The `CustomClaims` parameter can be set to `NoCustomClaims` if only standard
|
||||||
|
/// claims are used, or to a user-defined type that must be `serde`-serializable
|
||||||
|
/// if custom claims are required.
|
||||||
|
///
|
||||||
|
/// NOTE: This has been lifted from jwt_simple, but UnixTimeStamp has been
|
||||||
|
/// changed to i64, and Audiences is now a string.
|
||||||
|
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||||
|
pub struct JWTClaims<CustomClaims> {
|
||||||
|
/// Time the claims were created at
|
||||||
|
#[serde(rename = "iat", default, skip_serializing_if = "Option::is_none")]
|
||||||
|
pub issued_at: Option<i64>,
|
||||||
|
|
||||||
|
/// Time the claims expire at
|
||||||
|
#[serde(rename = "exp", default, skip_serializing_if = "Option::is_none")]
|
||||||
|
pub expires_at: Option<i64>,
|
||||||
|
|
||||||
|
/// Time the claims will be invalid until
|
||||||
|
#[serde(rename = "nbf", default, skip_serializing_if = "Option::is_none")]
|
||||||
|
pub invalid_before: Option<i64>,
|
||||||
|
|
||||||
|
/// Issuer - This can be set to anything application-specific
|
||||||
|
#[serde(rename = "iss", default, skip_serializing_if = "Option::is_none")]
|
||||||
|
pub issuer: Option<String>,
|
||||||
|
|
||||||
|
/// Subject - This can be set to anything application-specific
|
||||||
|
#[serde(rename = "sub", default, skip_serializing_if = "Option::is_none")]
|
||||||
|
pub subject: Option<String>,
|
||||||
|
|
||||||
|
/// Audience
|
||||||
|
#[serde(rename = "aud", default, skip_serializing_if = "Option::is_none")]
|
||||||
|
pub audiences: Option<String>,
|
||||||
|
|
||||||
|
/// JWT identifier
|
||||||
|
///
|
||||||
|
/// That property was originally designed to avoid replay attacks, but
|
||||||
|
/// keeping all previously sent JWT token IDs is unrealistic.
|
||||||
|
///
|
||||||
|
/// Replay attacks are better addressed by keeping only the timestamp of the
|
||||||
|
/// last valid token for a user, and rejecting anything older in future
|
||||||
|
/// tokens.
|
||||||
|
#[serde(rename = "jti", default, skip_serializing_if = "Option::is_none")]
|
||||||
|
pub jwt_id: Option<String>,
|
||||||
|
|
||||||
|
/// Nonce
|
||||||
|
#[serde(rename = "nonce", default, skip_serializing_if = "Option::is_none")]
|
||||||
|
pub nonce: Option<String>,
|
||||||
|
|
||||||
|
/// Custom (application-defined) claims
|
||||||
|
#[serde(flatten)]
|
||||||
|
pub custom: CustomClaims,
|
||||||
|
}
|
||||||
|
|
||||||
/// A validated JSON Web Token.
|
/// A validated JSON Web Token.
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct Token(JWTClaims<TokenClaims>);
|
pub struct Token(JWTClaims<TokenClaims>);
|
||||||
|
@ -219,7 +270,7 @@ pub enum Error {
|
||||||
PermissionDenied,
|
PermissionDenied,
|
||||||
|
|
||||||
/// JWT error: {0}
|
/// JWT error: {0}
|
||||||
TokenError(jwt_simple::Error),
|
TokenError(jsonwebtoken::errors::Error),
|
||||||
|
|
||||||
/// Base64 decode error: {0}
|
/// Base64 decode error: {0}
|
||||||
Base64Error(base64::DecodeError),
|
Base64Error(base64::DecodeError),
|
||||||
|
@ -227,9 +278,18 @@ pub enum Error {
|
||||||
|
|
||||||
impl Token {
|
impl Token {
|
||||||
/// Verifies and decodes a token.
|
/// Verifies and decodes a token.
|
||||||
pub fn from_jwt(token: &str, key: &HS256Key) -> Result<Self> {
|
pub fn from_jwt(token: &str, key: &jsonwebtoken::DecodingKey) -> Result<Self> {
|
||||||
key.verify_token(token, None)
|
// TODO: create a static validator for us so we don't have to construct a new one every time?
|
||||||
|
|
||||||
|
let mut validation = Validation::new(Algorithm::HS256);
|
||||||
|
validation.validate_nbf = true;
|
||||||
|
// validation.set_issuer(&[ctx.config.flakehub_jwt_bound_issuer.clone()]);
|
||||||
|
// validation.set_audience(&[ctx.config.jwt_bound_audience.clone()]);
|
||||||
|
validation.set_required_spec_claims(&["exp", "nbf", "aud", "iss", "sub"]);
|
||||||
|
|
||||||
|
jsonwebtoken::decode::<JWTClaims<TokenClaims>>(token, &key, &validation)
|
||||||
.map_err(Error::TokenError)
|
.map_err(Error::TokenError)
|
||||||
|
.map(|tokendata| tokendata.claims)
|
||||||
.map(Token)
|
.map(Token)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -241,9 +301,7 @@ impl Token {
|
||||||
|
|
||||||
Self(JWTClaims {
|
Self(JWTClaims {
|
||||||
issued_at: None,
|
issued_at: None,
|
||||||
expires_at: Some(UnixTimeStamp::from_secs(
|
expires_at: Some(exp.timestamp()),
|
||||||
exp.timestamp().try_into().unwrap(),
|
|
||||||
)),
|
|
||||||
invalid_before: None,
|
invalid_before: None,
|
||||||
issuer: None,
|
issuer: None,
|
||||||
subject: Some(sub),
|
subject: Some(sub),
|
||||||
|
@ -255,8 +313,9 @@ impl Token {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Encodes the token.
|
/// Encodes the token.
|
||||||
pub fn encode(&self, key: &HS256Key) -> Result<String> {
|
pub fn encode(&self, key: &jsonwebtoken::EncodingKey) -> Result<String> {
|
||||||
key.authenticate(self.0.clone()).map_err(Error::TokenError)
|
let header = jsonwebtoken::Header::default();
|
||||||
|
jsonwebtoken::encode(&header, &self.0, key).map_err(Error::TokenError)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Returns the subject of the token.
|
/// Returns the subject of the token.
|
||||||
|
@ -361,9 +420,12 @@ impl CachePermission {
|
||||||
|
|
||||||
impl StdError for Error {}
|
impl StdError for Error {}
|
||||||
|
|
||||||
pub fn decode_token_hs256_secret_base64(s: &str) -> Result<HS256Key> {
|
pub fn decode_token_hs256_secret_base64(s: &str) -> Result<(EncodingKey, DecodingKey)> {
|
||||||
let secret = BASE64_STANDARD.decode(s).map_err(Error::Base64Error)?;
|
let secret = BASE64_STANDARD.decode(s).map_err(Error::Base64Error)?;
|
||||||
Ok(HS256Key::from_bytes(&secret))
|
Ok((
|
||||||
|
EncodingKey::from_secret(&secret),
|
||||||
|
DecodingKey::from_secret(&secret),
|
||||||
|
))
|
||||||
}
|
}
|
||||||
|
|
||||||
// bruh
|
// bruh
|
||||||
|
|
Loading…
Reference in a new issue