baileytownsend.dev
Microservice to bring 2FA to self hosted PDSes
WIP on feature/2faCodeGeneration
+3
-3
Cargo.lock
+3
-3
Cargo.lock
···
584
584
checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad"
585
585
dependencies = [
586
586
"libc",
587
-
"windows-sys 0.59.0",
587
+
"windows-sys 0.52.0",
588
588
]
589
589
590
590
[[package]]
···
2080
2080
"errno",
2081
2081
"libc",
2082
2082
"linux-raw-sys",
2083
-
"windows-sys 0.59.0",
2083
+
"windows-sys 0.52.0",
2084
2084
]
2085
2085
2086
2086
[[package]]
···
2652
2652
"getrandom 0.3.3",
2653
2653
"once_cell",
2654
2654
"rustix",
2655
-
"windows-sys 0.59.0",
2655
+
"windows-sys 0.52.0",
2656
2656
]
2657
2657
2658
2658
[[package]]
+14
Dockerfile
+14
Dockerfile
···
1
+
FROM rust:1.89.0-bookworm AS builder
2
+
RUN apt-get update
3
+
RUN apt-get install -y pkg-config \
4
+
libssl-dev
5
+
WORKDIR /app
6
+
COPY ../ /app
7
+
RUN cargo build --release
8
+
#
9
+
FROM rust:1.89-bookworm AS api
10
+
RUN apt-get update
11
+
RUN apt-get install -y libssl3 \
12
+
ca-certificates
13
+
COPY --from=builder /app/target/release/pds_gatekeeper /usr/local/bin/pds_gatekeeper
14
+
CMD ["pds_gatekeeper"]
+9
justfile
+9
justfile
+8
-2
src/main.rs
+8
-2
src/main.rs
···
88
88
#[tokio::main]
89
89
async fn main() -> Result<(), Box<dyn std::error::Error>> {
90
90
setup_tracing();
91
-
//TODO may need to change where this reads from? Like an env variable for it's location? Or arg?
92
-
dotenvy::from_path(Path::new("./pds.env"))?;
91
+
let pds_env_location =
92
+
env::var("PDS_ENV_LOCATION").unwrap_or_else(|_| "/pds/pds.env".to_string());
93
+
94
+
dotenvy::from_path(Path::new(&pds_env_location))?;
93
95
let pds_root = env::var("PDS_DATA_DIRECTORY")?;
94
96
let account_db_url = format!("{pds_root}/account.sqlite");
95
97
···
129
131
env::var("PDS_EMAIL_SMTP_URL").expect("PDS_EMAIL_SMTP_URL is not set in your pds.env file");
130
132
let sent_from = env::var("PDS_EMAIL_FROM_ADDRESS")
131
133
.expect("PDS_EMAIL_FROM_ADDRESS is not set in your pds.env file");
134
+
135
+
//TODO current bug running in docker
136
+
// https://github.com/lettre/lettre/issues/349#issuecomment-510155500
137
+
132
138
let mailer: AsyncSmtpTransport<Tokio1Executor> =
133
139
AsyncSmtpTransport::<Tokio1Executor>::from_url(smtp_url.as_str())?.build();
134
140
//Email templates setup
+1
-4
src/oauth_provider.rs
+1
-4
src/oauth_provider.rs
···
36
36
"Invalid identifier or password",
37
37
),
38
38
AuthResult::TwoFactorRequired(masked_email) => {
39
-
// Email sending step can be handled here if needed in the future.
40
-
41
-
// {"error":"second_authentication_factor_required","error_description":"emailOtp authentication factor required (hint: 2***0@p***m)","type":"emailOtp","hint":"2***0@p***m"}
42
39
let body_str = match serde_json::to_string(&serde_json::json!({
43
40
"error": "second_authentication_factor_required",
44
41
"error_description": format!("emailOtp authentication factor required (hint: {})", masked_email),
···
97
94
},
98
95
Err(err) => {
99
96
log::error!(
100
-
"Error during pre-auth check. This happens on the create_session endpoint when trying to decide if the user has access:\n {err}"
97
+
"Error during pre-auth check. This happens on the oauth signin endpoint when trying to decide if the user has access:\n {err}"
101
98
);
102
99
oauth_json_error_response(
103
100
StatusCode::BAD_REQUEST,