Docker setup #2

+4

.dockerignore

···

··· 1 + target 2 + /target 3 + **/.idea 4 + .idea

+564 -12

Cargo.lock

··· 108 109 110 111 112 113 114 115 116 ··· 210 211 212 213 214 215 216 217 ··· 263 264 265 266 267 268 269 270 ··· 326 327 328 329 330 331 332 333 334 ··· 338 339 340 341 342 343 344 ··· 514 515 516 517 518 519 520 521 ··· 548 549 550 551 552 553 554 ··· 581 582 583 584 - checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad" 585 - dependencies = [ 586 - "libc", 587 - "windows-sys 0.59.0", 588 ] 589 590 [[package]] 591 592 593 594 ··· 702 703 704 705 706 707 708 709 ··· 849 850 851 852 853 854 855 ··· 1112 1113 1114 1115 1116 1117 1118 1119 ··· 1165 1166 1167 1168 1169 1170 1171 1172 ··· 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 ··· 1205 1206 1207 1208 1209 1210 1211 ··· 1260 1261 1262 1263 1264 1265 1266 1267 ··· 1277 1278 1279 1280 1281 1282 1283 1284 ··· 1383 1384 1385 1386 1387 1388 1389 ··· 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 ··· 1592 1593 1594 1595 1596 1597 1598 1599 ··· 1773 1774 1775 1776 1777 1778 ··· 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 ··· 1854 1855 1856 1857 1858 1859 1860 ··· 1881 1882 1883 1884 1885 1886 1887 ··· 1912 1913 1914 1915 1916 1917 1918 ··· 2077 2078 2079 2080 - "errno", 2081 - "libc", 2082 - "linux-raw-sys", 2083 - "windows-sys 0.59.0", 2084 - ] 2085 2086 - [[package]] 2087 2088 2089 ··· 2340 2341 2342 2343 2344 2345 2346 ··· 2440 2441 2442 2443 2444 2445 2446 ··· 2649 2650 2651 2652 - "getrandom 0.3.3", 2653 "once_cell", 2654 "rustix", 2655 - "windows-sys 0.59.0", 2656 ] 2657 2658 [[package]]

··· 108 109 110 111 + source = "registry+https://github.com/rust-lang/crates.io-index" 112 + checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" 113 114 + [[package]] 115 + name = "aws-lc-rs" 116 + version = "1.13.3" 117 + source = "registry+https://github.com/rust-lang/crates.io-index" 118 + checksum = "5c953fe1ba023e6b7730c0d4b031d06f267f23a46167dcbd40316644b10a17ba" 119 + dependencies = [ 120 + "aws-lc-sys", 121 + "untrusted 0.7.1", 122 + "zeroize", 123 + ] 124 125 + [[package]] 126 + name = "aws-lc-sys" 127 + version = "0.30.0" 128 + source = "registry+https://github.com/rust-lang/crates.io-index" 129 + checksum = "dbfd150b5dbdb988bcc8fb1fe787eb6b7ee6180ca24da683b61ea5405f3d43ff" 130 + dependencies = [ 131 + "bindgen", 132 + "cc", 133 + "cmake", 134 + "dunce", 135 + "fs_extra", 136 + ] 137 138 + [[package]] 139 + name = "axum" 140 + version = "0.8.4" 141 142 143 ··· 237 238 239 240 + source = "registry+https://github.com/rust-lang/crates.io-index" 241 + checksum = "55248b47b0caf0546f7988906588779981c43bb1bc9d0c44087278f80cdb44ba" 242 243 + [[package]] 244 + name = "bindgen" 245 + version = "0.69.5" 246 + source = "registry+https://github.com/rust-lang/crates.io-index" 247 + checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" 248 + dependencies = [ 249 + "bitflags", 250 + "cexpr", 251 + "clang-sys", 252 + "itertools", 253 + "lazy_static", 254 + "lazycell", 255 + "log", 256 + "prettyplease", 257 + "proc-macro2", 258 + "quote", 259 + "regex", 260 + "rustc-hash", 261 + "shlex", 262 + "syn", 263 + "which", 264 + ] 265 266 + [[package]] 267 + name = "bitflags" 268 + version = "2.9.1" 269 270 271 ··· 317 318 319 320 + "shlex", 321 + ] 322 323 + [[package]] 324 + name = "cexpr" 325 + version = "0.6.0" 326 + source = "registry+https://github.com/rust-lang/crates.io-index" 327 + checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" 328 + dependencies = [ 329 + "nom 7.1.3", 330 + ] 331 332 + [[package]] 333 + name = "cfg-if" 334 + version = "1.0.1" 335 336 337 ··· 393 394 395 396 + "inout", 397 + ] 398 399 + [[package]] 400 + name = "clang-sys" 401 + version = "1.8.1" 402 + source = "registry+https://github.com/rust-lang/crates.io-index" 403 + checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" 404 + dependencies = [ 405 + "glob", 406 + "libc", 407 + "libloading", 408 + ] 409 410 + [[package]] 411 + name = "cmake" 412 + version = "0.1.54" 413 + source = "registry+https://github.com/rust-lang/crates.io-index" 414 + checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" 415 + dependencies = [ 416 + "cc", 417 + ] 418 419 + [[package]] 420 + name = "concurrent-queue" 421 + version = "2.5.0" 422 423 424 ··· 428 429 430 431 + source = "registry+https://github.com/rust-lang/crates.io-index" 432 + checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" 433 434 + [[package]] 435 + name = "core-foundation-sys" 436 + version = "0.8.7" 437 438 439 ··· 609 610 611 612 + source = "registry+https://github.com/rust-lang/crates.io-index" 613 + checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b" 614 615 + [[package]] 616 + name = "dunce" 617 + version = "1.0.5" 618 + source = "registry+https://github.com/rust-lang/crates.io-index" 619 + checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" 620 621 + [[package]] 622 + name = "either" 623 + version = "1.15.0" 624 625 626 ··· 653 654 655 656 + checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad" 657 + dependencies = [ 658 + "libc", 659 + "windows-sys 0.52.0", 660 + ] 661 662 + [[package]] 663 664 665 ··· 692 693 694 695 + 696 + 697 + 698 + 699 + 700 + 701 + 702 + 703 + 704 + 705 + 706 + 707 + 708 + 709 + 710 + source = "registry+https://github.com/rust-lang/crates.io-index" 711 + checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" 712 + 713 + [[package]] 714 + name = "form_urlencoded" 715 + version = "1.2.1" 716 + 717 + 718 + 719 + 720 + 721 + 722 + 723 + 724 + 725 + 726 + 727 + 728 + 729 + "thiserror 1.0.69", 730 ] 731 732 [[package]] 733 + name = "fs_extra" 734 + version = "1.3.0" 735 + source = "registry+https://github.com/rust-lang/crates.io-index" 736 + checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" 737 738 + [[package]] 739 + name = "futures-channel" 740 + version = "0.3.31" 741 742 743 ··· 851 852 853 854 + source = "registry+https://github.com/rust-lang/crates.io-index" 855 + checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" 856 857 + [[package]] 858 + name = "glob" 859 + version = "0.3.3" 860 + source = "registry+https://github.com/rust-lang/crates.io-index" 861 + checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" 862 863 + [[package]] 864 + name = "globset" 865 + version = "0.4.16" 866 867 868 ··· 1008 1009 1010 1011 + "windows-sys 0.59.0", 1012 + ] 1013 1014 + [[package]] 1015 + name = "http" 1016 + version = "1.3.1" 1017 1018 1019 ··· 1276 1277 1278 1279 + "libc", 1280 + ] 1281 1282 + [[package]] 1283 + name = "itertools" 1284 + version = "0.12.1" 1285 + source = "registry+https://github.com/rust-lang/crates.io-index" 1286 + checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" 1287 + dependencies = [ 1288 + "either", 1289 + ] 1290 1291 + [[package]] 1292 + name = "itoa" 1293 + version = "1.0.15" 1294 1295 1296 ··· 1342 1343 1344 1345 + "spin", 1346 + ] 1347 1348 + [[package]] 1349 + name = "lazycell" 1350 + version = "1.3.0" 1351 + source = "registry+https://github.com/rust-lang/crates.io-index" 1352 + checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" 1353 1354 + [[package]] 1355 + name = "lettre" 1356 + version = "0.11.18" 1357 1358 1359 ··· 1362 1363 1364 1365 + "fastrand", 1366 + "futures-io", 1367 + "futures-util", 1368 + "httpdate", 1369 + "idna", 1370 + "mime", 1371 + "nom 8.0.0", 1372 + "percent-encoding", 1373 + "quoted_printable", 1374 + "rustls", 1375 + "socket2", 1376 + "tokio", 1377 + "tokio-rustls", 1378 + "url", 1379 + "webpki-roots 1.0.2", 1380 + ] 1381 1382 + [[package]] 1383 1384 1385 + source = "registry+https://github.com/rust-lang/crates.io-index" 1386 + checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543" 1387 1388 + [[package]] 1389 + name = "libloading" 1390 + version = "0.8.8" 1391 + source = "registry+https://github.com/rust-lang/crates.io-index" 1392 + checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667" 1393 + dependencies = [ 1394 + "cfg-if", 1395 + "windows-targets 0.48.5", 1396 + ] 1397 1398 + [[package]] 1399 + name = "libm" 1400 + version = "0.2.15" 1401 1402 1403 ··· 1423 1424 1425 1426 + [[package]] 1427 + name = "linux-raw-sys" 1428 + version = "0.4.15" 1429 + source = "registry+https://github.com/rust-lang/crates.io-index" 1430 + checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab" 1431 1432 + [[package]] 1433 + name = "litemap" 1434 1435 1436 ··· 1485 1486 1487 1488 + source = "registry+https://github.com/rust-lang/crates.io-index" 1489 + checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" 1490 1491 + [[package]] 1492 + name = "minimal-lexical" 1493 + version = "0.2.1" 1494 + source = "registry+https://github.com/rust-lang/crates.io-index" 1495 + checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" 1496 1497 + [[package]] 1498 + name = "miniz_oxide" 1499 + version = "0.8.9" 1500 1501 1502 ··· 1512 1513 1514 1515 + ] 1516 1517 + [[package]] 1518 + name = "nom" 1519 + version = "7.1.3" 1520 + source = "registry+https://github.com/rust-lang/crates.io-index" 1521 + checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" 1522 + dependencies = [ 1523 + "memchr", 1524 + "minimal-lexical", 1525 + ] 1526 1527 + [[package]] 1528 1529 1530 ··· 1629 1630 1631 1632 + source = "registry+https://github.com/rust-lang/crates.io-index" 1633 + checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" 1634 1635 + [[package]] 1636 + name = "overload" 1637 + version = "0.1.1" 1638 1639 1640 ··· 1690 1691 1692 1693 + version = "0.1.0" 1694 + dependencies = [ 1695 + "anyhow", 1696 + "aws-lc-rs", 1697 + "axum", 1698 + "axum-template", 1699 + "chrono", 1700 1701 1702 1703 1704 1705 + "lettre", 1706 + "rand 0.9.2", 1707 + "rust-embed", 1708 + "rustls", 1709 + "scrypt", 1710 + "serde", 1711 + "serde_json", 1712 1713 1714 ··· 1857 1858 1859 1860 + "zerocopy", 1861 + ] 1862 1863 + [[package]] 1864 + name = "prettyplease" 1865 + version = "0.2.35" 1866 + source = "registry+https://github.com/rust-lang/crates.io-index" 1867 + checksum = "061c1221631e079b26479d25bbf2275bfe5917ae8419cd7e34f13bfc2aa7539a" 1868 + dependencies = [ 1869 + "proc-macro2", 1870 + "syn", 1871 + ] 1872 1873 + [[package]] 1874 + name = "proc-macro2" 1875 + version = "1.0.97" 1876 1877 1878 ··· 2052 2053 2054 2055 + "cfg-if", 2056 + "getrandom 0.2.16", 2057 + "libc", 2058 + "untrusted 0.9.0", 2059 + "windows-sys 0.52.0", 2060 + ] 2061 2062 2063 ··· 2117 2118 2119 2120 + source = "registry+https://github.com/rust-lang/crates.io-index" 2121 + checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace" 2122 2123 + [[package]] 2124 + name = "rustc-hash" 2125 + version = "1.1.0" 2126 + source = "registry+https://github.com/rust-lang/crates.io-index" 2127 + checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" 2128 2129 + [[package]] 2130 + name = "rustix" 2131 + version = "0.38.44" 2132 + source = "registry+https://github.com/rust-lang/crates.io-index" 2133 + checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154" 2134 + dependencies = [ 2135 + "bitflags", 2136 + "errno", 2137 + "libc", 2138 + "linux-raw-sys", 2139 + "windows-sys 0.52.0", 2140 + ] 2141 2142 + [[package]] 2143 2144 2145 + source = "registry+https://github.com/rust-lang/crates.io-index" 2146 + checksum = "c0ebcbd2f03de0fc1122ad9bb24b127a5a6cd51d72604a3f3c50ac459762b6cc" 2147 + dependencies = [ 2148 + "aws-lc-rs", 2149 + "log", 2150 + "once_cell", 2151 + "ring", 2152 + "rustls-pki-types", 2153 2154 2155 ··· 2167 2168 2169 2170 + source = "registry+https://github.com/rust-lang/crates.io-index" 2171 + checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc" 2172 + dependencies = [ 2173 + "aws-lc-rs", 2174 + "ring", 2175 + "rustls-pki-types", 2176 + "untrusted 0.9.0", 2177 + ] 2178 2179 + [[package]] 2180 2181 2182 ··· 2203 2204 2205 2206 + "winapi-util", 2207 + ] 2208 2209 + [[package]] 2210 + name = "scopeguard" 2211 + version = "1.2.0" 2212 2213 2214 ··· 2239 2240 2241 2242 + "cc", 2243 + ] 2244 2245 + [[package]] 2246 + name = "serde" 2247 + version = "1.0.219" 2248 2249 2250 ··· 2409 2410 2411 2412 2413 2414 2415 ··· 2666 2667 2668 2669 + "syn", 2670 + ] 2671 2672 + [[package]] 2673 + name = "thiserror" 2674 + version = "1.0.69" 2675 2676 2677 ··· 2771 2772 2773 2774 + ] 2775 2776 + [[package]] 2777 + name = "tokio-rustls" 2778 + version = "0.26.2" 2779 + source = "registry+https://github.com/rust-lang/crates.io-index" 2780 + checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b" 2781 + dependencies = [ 2782 + "rustls", 2783 + "tokio", 2784 + ] 2785 2786 2787 ··· 2990 2991 2992 2993 + 2994 + 2995 + 2996 + 2997 + 2998 + 2999 + 3000 + 3001 + 3002 + 3003 + 3004 + 3005 + 3006 + 3007 + 3008 + 3009 + 3010 + source = "registry+https://github.com/rust-lang/crates.io-index" 3011 + checksum = "e70f2a8b45122e719eb623c01822704c4e0907e7e426a05927e1a1cfff5b75d0" 3012 + 3013 + [[package]] 3014 + name = "untrusted" 3015 + version = "0.7.1" 3016 + source = "registry+https://github.com/rust-lang/crates.io-index" 3017 + checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" 3018 + 3019 + [[package]] 3020 + name = "untrusted" 3021 + version = "0.9.0" 3022 + 3023 + 3024 + 3025 + 3026 + 3027 + 3028 + 3029 + 3030 + 3031 + 3032 + 3033 + 3034 + 3035 + 3036 + 3037 + 3038 + 3039 + 3040 + 3041 + 3042 + 3043 + 3044 + 3045 + 3046 + 3047 + 3048 + 3049 + 3050 + 3051 + 3052 + 3053 + 3054 + 3055 + 3056 + 3057 + 3058 + 3059 + 3060 + 3061 + 3062 + 3063 + 3064 + 3065 + 3066 + 3067 + 3068 + 3069 + 3070 + 3071 + 3072 + 3073 + 3074 + 3075 + 3076 + 3077 + 3078 + 3079 + 3080 + 3081 + 3082 + 3083 + 3084 + 3085 + 3086 + 3087 + 3088 + 3089 + 3090 + 3091 + 3092 + 3093 + 3094 + 3095 + 3096 + 3097 + 3098 + 3099 + 3100 + 3101 + 3102 + 3103 + 3104 + 3105 + 3106 + 3107 + 3108 + 3109 + 3110 + 3111 + 3112 + 3113 + 3114 + 3115 + 3116 + 3117 + 3118 + 3119 + 3120 + 3121 + 3122 + 3123 + 3124 + 3125 + 3126 + 3127 + 3128 + 3129 + 3130 + 3131 + 3132 + 3133 + 3134 + 3135 + 3136 + 3137 + 3138 + 3139 + 3140 + 3141 + 3142 + 3143 + 3144 + 3145 + 3146 + 3147 + 3148 + 3149 + 3150 + 3151 + 3152 + 3153 + 3154 + 3155 + 3156 + 3157 + 3158 + 3159 + 3160 + 3161 + 3162 + 3163 + 3164 + 3165 + 3166 + 3167 + 3168 + 3169 + 3170 + 3171 + 3172 + 3173 + 3174 + 3175 + 3176 + 3177 + 3178 + 3179 + 3180 + 3181 + 3182 + 3183 + 3184 + 3185 + 3186 + 3187 + 3188 + 3189 + 3190 + 3191 + 3192 + 3193 + "rustls-pki-types", 3194 + ] 3195 + 3196 + [[package]] 3197 + name = "which" 3198 + version = "4.4.2" 3199 + source = "registry+https://github.com/rust-lang/crates.io-index" 3200 + checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" 3201 + dependencies = [ 3202 + "either", 3203 + "home", 3204 "once_cell", 3205 "rustix", 3206 ] 3207 3208 [[package]] 3209 + name = "whoami" 3210 + version = "1.6.1"

+10

Dockerfile

···

··· 1 + FROM rust:1.89.0-bookworm AS builder 2 + WORKDIR /app 3 + COPY ../ /app 4 + RUN cargo build --release 5 + # 6 + FROM rust:1.89-slim-bookworm AS api 7 + RUN apt-get update 8 + RUN apt-get install -y ca-certificates 9 + COPY --from=builder /app/target/release/pds_gatekeeper /usr/local/bin/pds_gatekeeper 10 + CMD ["pds_gatekeeper"]

+6

justfile

···

··· 1 + release: 2 + docker buildx build \ 3 + --platform linux/arm64,linux/amd64 \ 4 + --tag fatfingers23/pds_gatekeeper:latest \ 5 + --tag fatfingers23/pds_gatekeeper:0.1 \ 6 + --push .

+5 -2

src/main.rs

··· 88 #[tokio::main] 89 async fn main() -> Result<(), Box<dyn std::error::Error>> { 90 setup_tracing(); 91 - //TODO may need to change where this reads from? Like an env variable for it's location? Or arg? 92 - dotenvy::from_path(Path::new("./pds.env"))?; 93 let pds_root = env::var("PDS_DATA_DIRECTORY")?; 94 let account_db_url = format!("{pds_root}/account.sqlite"); 95 ··· 129 env::var("PDS_EMAIL_SMTP_URL").expect("PDS_EMAIL_SMTP_URL is not set in your pds.env file"); 130 let sent_from = env::var("PDS_EMAIL_FROM_ADDRESS") 131 .expect("PDS_EMAIL_FROM_ADDRESS is not set in your pds.env file"); 132 let mailer: AsyncSmtpTransport<Tokio1Executor> = 133 AsyncSmtpTransport::<Tokio1Executor>::from_url(smtp_url.as_str())?.build(); 134 //Email templates setup

··· 88 #[tokio::main] 89 async fn main() -> Result<(), Box<dyn std::error::Error>> { 90 setup_tracing(); 91 + let pds_env_location = 92 + env::var("PDS_ENV_LOCATION").unwrap_or_else(|_| "/pds/pds.env".to_string()); 93 + 94 + dotenvy::from_path(Path::new(&pds_env_location))?; 95 let pds_root = env::var("PDS_DATA_DIRECTORY")?; 96 let account_db_url = format!("{pds_root}/account.sqlite"); 97 ··· 131 env::var("PDS_EMAIL_SMTP_URL").expect("PDS_EMAIL_SMTP_URL is not set in your pds.env file"); 132 let sent_from = env::var("PDS_EMAIL_FROM_ADDRESS") 133 .expect("PDS_EMAIL_FROM_ADDRESS is not set in your pds.env file"); 134 + 135 let mailer: AsyncSmtpTransport<Tokio1Executor> = 136 AsyncSmtpTransport::<Tokio1Executor>::from_url(smtp_url.as_str())?.build(); 137 //Email templates setup

+1 -4

src/oauth_provider.rs

··· 36 "Invalid identifier or password", 37 ), 38 AuthResult::TwoFactorRequired(masked_email) => { 39 - // Email sending step can be handled here if needed in the future. 40 - 41 - // {"error":"second_authentication_factor_required","error_description":"emailOtp authentication factor required (hint: 2***0@p***m)","type":"emailOtp","hint":"2***0@p***m"} 42 let body_str = match serde_json::to_string(&serde_json::json!({ 43 "error": "second_authentication_factor_required", 44 "error_description": format!("emailOtp authentication factor required (hint: {})", masked_email), ··· 97 }, 98 Err(err) => { 99 log::error!( 100 - "Error during pre-auth check. This happens on the create_session endpoint when trying to decide if the user has access:\n {err}" 101 ); 102 oauth_json_error_response( 103 StatusCode::BAD_REQUEST,

··· 36 "Invalid identifier or password", 37 ), 38 AuthResult::TwoFactorRequired(masked_email) => { 39 let body_str = match serde_json::to_string(&serde_json::json!({ 40 "error": "second_authentication_factor_required", 41 "error_description": format!("emailOtp authentication factor required (hint: {})", masked_email), ··· 94 }, 95 Err(err) => { 96 log::error!( 97 + "Error during pre-auth check. This happens on the oauth signin endpoint when trying to decide if the user has access:\n {err}" 98 ); 99 oauth_json_error_response( 100 StatusCode::BAD_REQUEST,

+5 -1

Cargo.toml

··· 18 hex = "0.4" 19 jwt-compact = { version = "0.8.0", features = ["es256k"] } 20 scrypt = "0.11" 21 - lettre = { version = "0.11.18", features = ["tokio1", "pool", "tokio1-native-tls"] } 22 handlebars = { version = "6.3.2", features = ["rust-embed"] } 23 rust-embed = "8.7.2" 24 axum-template = { version = "3.0.0", features = ["handlebars"] }

··· 18 hex = "0.4" 19 jwt-compact = { version = "0.8.0", features = ["es256k"] } 20 scrypt = "0.11" 21 + #lettre = { version = "0.11.18", default-features = false, features = ["pool", "tokio1-rustls", "smtp-transport", "hostname", "builder"] } 22 + #lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] } 23 + aws-lc-rs = "1.13.0" 24 + lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] } 25 + rustls = { version = "0.23", default-features = false, features = ["tls12", "std", "logging", "aws_lc_rs"] } 26 handlebars = { version = "6.3.2", features = ["rust-embed"] } 27 rust-embed = "8.7.2" 28 axum-template = { version = "3.0.0", features = ["handlebars"] }

+79 -15

README.md

··· 21 22 # Setup 23 24 - We are getting close! Testing now 25 - 26 - Nothing here yet! If you are brave enough to try before full release, let me know and I'll help you set it up. 27 - But I want to run it locally on my own PDS first to test run it a bit. 28 - 29 - Example Caddyfile (mostly so I don't lose it for now. Will have a better one in the future) 30 31 ```caddyfile 32 - http://localhost { 33 - 34 @gatekeeper { 35 - path /xrpc/com.atproto.server.getSession 36 - path /xrpc/com.atproto.server.updateEmail 37 - path /xrpc/com.atproto.server.createSession 38 - path /@atproto/oauth-provider/~api/sign-in 39 } 40 41 handle @gatekeeper { 42 - reverse_proxy http://localhost:8080 43 } 44 45 - reverse_proxy /* http://localhost:3000 46 } 47 48 - ```

··· 21 22 # Setup 23 24 + PDS Gatekeeper has 2 parts to its setup, docker compose file and a reverse proxy (Caddy in this case). I will be 25 + assuming you setup the PDS following the directions 26 + found [here](https://atproto.com/guides/self-hosting), but if yours is different, or you have questions, feel free to 27 + let 28 + me know, and we can figure it out. 29 + 30 + ## Docker compose 31 + 32 + The pds gatekeeper container can be found on docker hub under the name `fatfingers23/pds_gatekeeper`. The container does 33 + need access to the `/pds` root folder to access the same db's as your PDS. The part you need to add would look a bit 34 + like below. You can find a full example of what I use for my pds at [./examples/compose.yml](./examples/compose.yml). 35 + This is usually found at `/pds/compose.yaml`on your PDS> 36 + 37 + ```yml 38 + gatekeeper: 39 + container_name: gatekeeper 40 + image: fatfingers23/pds_gatekeeper:arm-latest 41 + network_mode: host 42 + restart: unless-stopped 43 + #This gives the container to the access to the PDS folder. Source is the location on your server of that directory 44 + volumes: 45 + - type: bind 46 + source: /pds 47 + target: /pds 48 + depends_on: 49 + - pds 50 + ``` 51 + 52 + ## Caddy setup 53 + 54 + For the reverse proxy I use caddy. This part is what overwrites the endpoints and proxies them to PDS gatekeeper to add 55 + in extra functionality. The main part is below, for a full example see [./examples/Caddyfile](./examples/Caddyfile). 56 + This is usually found at `/pds/caddy/etc/caddy/Caddyfile` on your PDS. 57 58 ```caddyfile 59 @gatekeeper { 60 + path /xrpc/com.atproto.server.getSession 61 + path /xrpc/com.atproto.server.updateEmail 62 + path /xrpc/com.atproto.server.createSession 63 + path /@atproto/oauth-provider/~api/sign-in 64 } 65 66 handle @gatekeeper { 67 + reverse_proxy http://localhost:8080 68 } 69 70 + reverse_proxy http://localhost:3000 71 + ``` 72 + 73 + If you use a cloudflare tunnel then your caddyfile would look a bit more like below with your tunnel proxying to 74 + `localhost:8081` (or w/e port you want). 75 + 76 + ```caddyfile 77 + http://*.localhost:8082, http://localhost:8082 { 78 + @gatekeeper { 79 + path /xrpc/com.atproto.server.getSession 80 + path /xrpc/com.atproto.server.updateEmail 81 + path /xrpc/com.atproto.server.createSession 82 + path /@atproto/oauth-provider/~api/sign-in 83 + } 84 + 85 + handle @gatekeeper { 86 + reverse_proxy http://localhost:8080 87 + } 88 + 89 + reverse_proxy http://localhost:3000 90 } 91 92 + ``` 93 + 94 + # Environment variables and bonuses 95 + 96 + Every environment variable can be set in the `pds.env` and shared between PDS and gatekeeper and the PDS, with the 97 + exception of `PDS_ENV_LOCATION`. This can be set to load the pds.env, by default it checks `/pds/pds.env` and is 98 + recommended to mount the `/pds` folder on the server to `/pds` in the pds gatekeeper container. 99 + 100 + `PDS_DATA_DIRECTORY` - Root directory of the PDS. Same as the one found in `pds.env` this is how pds gatekeeper knows 101 + knows the rest of the environment variables. 102 + 103 + `GATEKEEPER_EMAIL_TEMPLATES_DIRECTORY` - The folder for templates of the emails PDS gatekeeper sends. You can find them 104 + in [./email_templates](./email_templates). You are free to edit them as you please and set this variable to a location 105 + in the pds gateekeper container and it will use them in place of the default ones. Just make sure ot keep the names the 106 + same. 107 + 108 + `PDS_BASE_URL` - Base url of the PDS. You most likely want `https://localhost:3000` which is also the default 109 + 110 + `GATEKEEPER_HOST` - Host for pds gatekeeper. Defaults to `127.0.0.1` 111 + 112 + `GATEKEEPER_PORT` - Port for pds gatekeeper. Defaults to `8080`

+29

examples/Caddyfile

···

··· 1 + { 2 + email youremail@myemail.com 3 + on_demand_tls { 4 + ask http://localhost:3000/tls-check 5 + } 6 + } 7 + 8 + *.yourpds.com, yourpds.com { 9 + tls { 10 + on_demand 11 + } 12 + # You'll most likely just want from here to.... 13 + @gatekeeper { 14 + path /xrpc/com.atproto.server.getSession 15 + path /xrpc/com.atproto.server.updateEmail 16 + path /xrpc/com.atproto.server.createSession 17 + path /@atproto/oauth-provider/~api/sign-in 18 + } 19 + 20 + handle @gatekeeper { 21 + #This is the address for PDS gatekeeper, default is 8080 22 + reverse_proxy http://localhost:8080 23 + } 24 + 25 + reverse_proxy http://localhost:3000 26 + #..here. Copy and paste this replacing the reverse_proxy http://localhost:3000 line 27 + } 28 + 29 +

+51

examples/compose.yml

···

··· 1 + version: '3.9' 2 + services: 3 + caddy: 4 + container_name: caddy 5 + image: caddy:2 6 + network_mode: host 7 + depends_on: 8 + - pds 9 + restart: unless-stopped 10 + volumes: 11 + - type: bind 12 + source: /pds/caddy/data 13 + target: /data 14 + - type: bind 15 + source: /pds/caddy/etc/caddy 16 + target: /etc/caddy 17 + pds: 18 + container_name: pds 19 + image: ghcr.io/bluesky-social/pds:0.4 20 + network_mode: host 21 + restart: unless-stopped 22 + volumes: 23 + - type: bind 24 + source: /pds 25 + target: /pds 26 + env_file: 27 + - /pds/pds.env 28 + watchtower: 29 + container_name: watchtower 30 + image: containrrr/watchtower:latest 31 + network_mode: host 32 + volumes: 33 + - type: bind 34 + source: /var/run/docker.sock 35 + target: /var/run/docker.sock 36 + restart: unless-stopped 37 + environment: 38 + WATCHTOWER_CLEANUP: true 39 + WATCHTOWER_SCHEDULE: "@midnight" 40 + gatekeeper: 41 + container_name: gatekeeper 42 + image: fatfingers23/pds_gatekeeper:arm-latest 43 + network_mode: host 44 + restart: unless-stopped 45 + #This gives the container to the access to the PDS folder. Source is the location on your server of that directory 46 + volumes: 47 + - type: bind 48 + source: /pds 49 + target: /pds 50 + depends_on: 51 + - pds

History