WIP on feature/2faCodeGeneration · baileytownsend.dev/pds-gatekeeper@0b2a1c9

baileytownsend.dev / pds-gatekeeper

fork atom

Microservice to bring 2FA to self hosted PDSes

fork atom

WIP on feature/2faCodeGeneration

baileytownsend.dev 6 months ago 0b2a1c96 0ca2fe62

+39 -9

6 changed files

expand all

unified split

.dockerignore

Cargo.lock

Dockerfile

justfile

src

main.rs

oauth_provider.rs

.dockerignore

···

··· 1 + target 2 + /target 3 + **/.idea 4 + .idea

+3 -3

Cargo.lock

··· 584 checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad" 585 dependencies = [ 586 "libc", 587 - "windows-sys 0.59.0", 588 ] 589 590 [[package]] ··· 2080 "errno", 2081 "libc", 2082 "linux-raw-sys", 2083 - "windows-sys 0.59.0", 2084 ] 2085 2086 [[package]] ··· 2652 "getrandom 0.3.3", 2653 "once_cell", 2654 "rustix", 2655 - "windows-sys 0.59.0", 2656 ] 2657 2658 [[package]]

··· 584 checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad" 585 dependencies = [ 586 "libc", 587 + "windows-sys 0.52.0", 588 ] 589 590 [[package]] ··· 2080 "errno", 2081 "libc", 2082 "linux-raw-sys", 2083 + "windows-sys 0.52.0", 2084 ] 2085 2086 [[package]] ··· 2652 "getrandom 0.3.3", 2653 "once_cell", 2654 "rustix", 2655 + "windows-sys 0.52.0", 2656 ] 2657 2658 [[package]]

+14

Dockerfile

···

··· 1 + FROM rust:1.89.0-bookworm AS builder 2 + RUN apt-get update 3 + RUN apt-get install -y pkg-config \ 4 + libssl-dev 5 + WORKDIR /app 6 + COPY ../ /app 7 + RUN cargo build --release 8 + # 9 + FROM rust:1.89-bookworm AS api 10 + RUN apt-get update 11 + RUN apt-get install -y libssl3 \ 12 + ca-certificates 13 + COPY --from=builder /app/target/release/pds_gatekeeper /usr/local/bin/pds_gatekeeper 14 + CMD ["pds_gatekeeper"]

justfile

···

··· 1 + release: 2 + docker buildx build \ 3 + --platform linux/arm64 \ 4 + --tag fatfingers23/pds_gatekeeper:arm-latest \ 5 + --push . 6 + # docker buildx build \ 7 + # --platform linux/amd64 \ 8 + # --tag fatfingers23/pds_gatekeeper:latest \ 9 + # --push .

+8 -2

src/main.rs

··· 88 #[tokio::main] 89 async fn main() -> Result<(), Box<dyn std::error::Error>> { 90 setup_tracing(); 91 - //TODO may need to change where this reads from? Like an env variable for it's location? Or arg? 92 - dotenvy::from_path(Path::new("./pds.env"))?; 93 let pds_root = env::var("PDS_DATA_DIRECTORY")?; 94 let account_db_url = format!("{pds_root}/account.sqlite"); 95 ··· 129 env::var("PDS_EMAIL_SMTP_URL").expect("PDS_EMAIL_SMTP_URL is not set in your pds.env file"); 130 let sent_from = env::var("PDS_EMAIL_FROM_ADDRESS") 131 .expect("PDS_EMAIL_FROM_ADDRESS is not set in your pds.env file"); 132 let mailer: AsyncSmtpTransport<Tokio1Executor> = 133 AsyncSmtpTransport::<Tokio1Executor>::from_url(smtp_url.as_str())?.build(); 134 //Email templates setup

··· 88 #[tokio::main] 89 async fn main() -> Result<(), Box<dyn std::error::Error>> { 90 setup_tracing(); 91 + let pds_env_location = 92 + env::var("PDS_ENV_LOCATION").unwrap_or_else(|_| "/pds/pds.env".to_string()); 93 + 94 + dotenvy::from_path(Path::new(&pds_env_location))?; 95 let pds_root = env::var("PDS_DATA_DIRECTORY")?; 96 let account_db_url = format!("{pds_root}/account.sqlite"); 97 ··· 131 env::var("PDS_EMAIL_SMTP_URL").expect("PDS_EMAIL_SMTP_URL is not set in your pds.env file"); 132 let sent_from = env::var("PDS_EMAIL_FROM_ADDRESS") 133 .expect("PDS_EMAIL_FROM_ADDRESS is not set in your pds.env file"); 134 + 135 + //TODO current bug running in docker 136 + // https://github.com/lettre/lettre/issues/349#issuecomment-510155500 137 + 138 let mailer: AsyncSmtpTransport<Tokio1Executor> = 139 AsyncSmtpTransport::<Tokio1Executor>::from_url(smtp_url.as_str())?.build(); 140 //Email templates setup

+1 -4

src/oauth_provider.rs

··· 36 "Invalid identifier or password", 37 ), 38 AuthResult::TwoFactorRequired(masked_email) => { 39 - // Email sending step can be handled here if needed in the future. 40 - 41 - // {"error":"second_authentication_factor_required","error_description":"emailOtp authentication factor required (hint: 2***0@p***m)","type":"emailOtp","hint":"2***0@p***m"} 42 let body_str = match serde_json::to_string(&serde_json::json!({ 43 "error": "second_authentication_factor_required", 44 "error_description": format!("emailOtp authentication factor required (hint: {})", masked_email), ··· 97 }, 98 Err(err) => { 99 log::error!( 100 - "Error during pre-auth check. This happens on the create_session endpoint when trying to decide if the user has access:\n {err}" 101 ); 102 oauth_json_error_response( 103 StatusCode::BAD_REQUEST,

··· 36 "Invalid identifier or password", 37 ), 38 AuthResult::TwoFactorRequired(masked_email) => { 39 let body_str = match serde_json::to_string(&serde_json::json!({ 40 "error": "second_authentication_factor_required", 41 "error_description": format!("emailOtp authentication factor required (hint: {})", masked_email), ··· 94 }, 95 Err(err) => { 96 log::error!( 97 + "Error during pre-auth check. This happens on the oauth signin endpoint when trying to decide if the user has access:\n {err}" 98 ); 99 oauth_json_error_response( 100 StatusCode::BAD_REQUEST,