kjuulh/como
1
0
Fork 0
Code Issues 1 Pull Requests 3 Packages Projects Releases Wiki Activity

Compare commits

base: kjuulh:0bb70743347f48d25a7b7fb627942908e48629cf
Branches Tags
kjuulh:main kjuulh:renovate/all kjuulh:renovate/tokio-tracing-monorepo kjuulh:renovate/axum-monorepo kjuulh:feat/v2 kjuulh:feat/with-rhai kjuulh:feat/with-lua kjuulh:v0.1.0
..
compare: kjuulh:feat/with-rhai
Branches Tags
kjuulh:renovate/all kjuulh:renovate/tokio-tracing-monorepo kjuulh:renovate/axum-monorepo kjuulh:main kjuulh:feat/v2 kjuulh:feat/with-rhai kjuulh:feat/with-lua kjuulh:v0.1.0

1 Commits
0bb7074334 ... feat/with-

Author SHA1 Message Date
kjuulh
64019e5fba feat: with rhai
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Signed-off-by: kjuulh <contact@kjuulh.io>
 2023-07-02 17:32:51 +02:00
15 changed files with 721 additions and 1313 deletions
Expand all files Collapse all files

91
.drone.yml
View File

@@ -1,3 +1,88 @@
kind: template
load: drone-template.yaml
name: como
kind: pipeline
name: default
type: docker
steps:
- name: load_secret
image: debian:buster-slim
volumes:
- name: ssh
path: /root/.ssh/
environment:
SSH_KEY:
from_secret: gitea_id_ed25519
commands:
- mkdir -p $HOME/.ssh/
- echo "$SSH_KEY" | base64 -d > $HOME/.ssh/id_ed25519
- name: build
image: kasperhermansen/cuddle:latest
pull: always
volumes:
- name: ssh
path: /root/.ssh/
- name: dockersock
path: /var/run
commands:
- apk add bash git
- git remote set-url origin $DRONE_GIT_SSH_URL
- cuddle_cli x setup_ssh
- cuddle_cli x start_deployment
- cuddle_cli x render_templates
- cuddle_cli x render_como_templates
- cuddle_cli x build_release
- cuddle_cli x push_release
- cuddle_cli x deploy_release
environment:
DOCKER_BUILDKIT: 1
DOCKER_USERNAME:
from_secret: docker_username
DOCKER_PASSWORD:
from_secret: docker_password
SSH_KEY:
from_secret: gitea_id_ed25519
- name: push_tags
image: kasperhermansen/drone-semantic-release:latest
pull: always
volumes:
- name: ssh
path: /root/.ssh/
- name: dockersock
path: /var/run
commands:
- semantic-release --no-ci
environment:
DOCKER_BUILDKIT: 1
SSH_KEY:
from_secret: gitea_id_ed25519
depends_on:
- build
- name: send telegram notification
image: appleboy/drone-telegram
settings:
token:
from_secret: telegram_token
to: 2129601481
format: markdown
depends_on:
- build
- push_tags
when:
status: [failure, success]
services:
- name: docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: ssh
temp: {}
- name: dockersock
temp: {}

1313
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

5
Cargo.toml
View File

@@ -6,7 +6,6 @@ members = [
"como_infrastructure",
"como_gql",
"como_api",
"como_auth",
]
resolver = "2"
@@ -17,7 +16,6 @@ como_domain = { path = "./como_domain/" }
como_infrastructure = { path = "./como_infrastructure/" }
como_gql = { path = "./como_gql/" }
como_api = { path = "./como_api/" }
como_auth = { path = "./como_auth/" }
async-trait = "0.1.68"
async-graphql = { version = "5.0.9", features = ["uuid"] }
@@ -53,6 +51,3 @@ clap = { version = "4.3.0", features = ["derive", "env"] }
argon2 = { version = "0.5.0" }
rand_core = { version = "0.6.4" }
pretty_assertions = "1.4.0"
sealed_test = "1.0.0"

2
como_api/Cargo.toml
View File

@@ -10,9 +10,7 @@ como_gql.workspace = true
como_core.workspace = true
como_domain.workspace = true
como_infrastructure.workspace = true
como_auth.workspace = true
async-trait.workspace = true
async-graphql.workspace = true
async-graphql-axum.workspace = true
axum.workspace = true

2
como_api/src/controllers/auth.rs
View File

@@ -49,6 +49,7 @@ pub struct AuthRequest {
pub async fn login_authorized(
Query(query): Query<AuthRequest>,
State(store): State<PostgresSessionStore>,
State(oauth_client): State<BasicClient>,
State(introspection_state): State<IntrospectionState>,
) -> impl IntoResponse {
let token = oauth_client
@@ -110,6 +111,7 @@ pub struct UserFromSession {
impl<S> FromRequestParts<S> for UserFromSession
where
PostgresSessionStore: FromRef<S>,
BasicClient: FromRef<S>,
IntrospectionState: FromRef<S>,
S: Send + Sync,
{

10
como_api/src/router.rs
View File

@@ -12,6 +12,7 @@ use tower_http::{cors::CorsLayer, trace::TraceLayer};
use crate::controllers::auth::AuthController;
use crate::controllers::graphql::GraphQLController;
use crate::zitadel::client::oauth_client;
use crate::zitadel::{IntrospectionState, IntrospectionStateBuilder};
pub struct Api;
@@ -31,7 +32,9 @@ impl Api {
.build()
.await?;
let oauth_client = oauth_client();
let app_state = AppState {
oauth_client,
store: service_register.session_store.clone(),
introspection_state: is,
};
@@ -76,10 +79,17 @@ impl Api {
#[derive(Clone)]
pub struct AppState {
oauth_client: BasicClient,
introspection_state: IntrospectionState,
store: PostgresSessionStore,
}
impl FromRef<AppState> for BasicClient {
fn from_ref(state: &AppState) -> Self {
state.oauth_client.clone()
}
}
impl FromRef<AppState> for PostgresSessionStore {
fn from_ref(state: &AppState) -> Self {
state.store.clone()

51
como_api/src/zitadel/client.rs
View File

@@ -1,54 +1,7 @@
use async_trait::async_trait;
use oauth2::{basic::BasicClient, AuthUrl, ClientId, ClientSecret, RedirectUrl, TokenUrl};
use std::{env, ops::Deref, sync::Arc};
use std::env;
#[async_trait]
pub trait OAuthClient {
async fn get_token(&self) -> anyhow::Result<()>;
}
pub struct OAuth(Arc<dyn OAuthClient + Send + Sync + 'static>);
impl OAuth {
pub fn new_zitadel() -> Self {
Self(Arc::new(ZitadelOAuthClient {
client: oauth_client(),
}))
}
pub fn new_noop() -> Self {
Self(Arc::new(NoopOAuthClient {}))
}
}
impl Deref for OAuth {
type Target = Arc<dyn OAuthClient + Send + Sync + 'static>;
fn deref(&self) -> &Self::Target {
&self.0
}
}
pub struct NoopOAuthClient;
#[async_trait]
impl OAuthClient for NoopOAuthClient {
async fn get_token(&self) -> anyhow::Result<()> {
Ok(())
}
}
pub struct ZitadelOAuthClient {
client: BasicClient,
}
#[async_trait]
impl OAuthClient for ZitadelOAuthClient {
async fn get_token(&self) -> anyhow::Result<()> {
Ok(())
}
}
fn oauth_client() -> BasicClient {
pub fn oauth_client() -> BasicClient {
let client_id = env::var("CLIENT_ID").expect("Missing CLIENT_ID!");
let client_secret = env::var("CLIENT_SECRET").expect("Missing CLIENT_SECRET!");
let redirect_url = env::var("REDIRECT_URL").expect("missing REDIRECT_URL");

38
como_auth/Cargo.toml
View File

@@ -1,38 +0,0 @@
[package]
name = "como_auth"
version = "0.1.0"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
como_gql.workspace = true
como_core.workspace = true
como_domain.workspace = true
como_infrastructure.workspace = true
clap.workspace = true
async-trait.workspace = true
async-graphql.workspace = true
async-graphql-axum.workspace = true
axum.workspace = true
axum-extra.workspace = true
axum-sessions.workspace = true
serde.workspace = true
serde_json.workspace = true
tokio.workspace = true
uuid.workspace = true
sqlx.workspace = true
anyhow.workspace = true
tracing.workspace = true
async-sqlx-session.workspace = true
zitadel = { version = "3.3.1", features = ["axum"] }
tower = "0.4.13"
tower-http = { version = "0.4.0", features = ["cors", "trace"] }
oauth2 = "4.4.0"
openidconnect = "3.0.0"
[dev-dependencies]
pretty_assertions.workspace = true
sealed_test.workspace = true

120
como_auth/src/introspection.rs
View File

@@ -1,120 +0,0 @@
use anyhow::Context;
use axum::extract::FromRef;
use openidconnect::IntrospectionUrl;
use zitadel::{
axum::introspection::IntrospectionStateBuilderError,
credentials::Application,
oidc::{discovery::discover, introspection::AuthorityAuthentication},
};
#[derive(Clone, Debug)]
pub struct IntrospectionState {
pub(crate) config: IntrospectionConfig,
}
#[derive(clap::Args, Clone, Debug, PartialEq, Eq)]
pub struct IntrospectionConfigClap {
// #[arg(
// env = "ZITADEL_AUTHORITY",
// long = "zitadel-authority",
// group = "zitadel"
// )]
pub authority: Option<String>,
// #[arg(
// env = "ZITADEL_CLIENT_ID",
// long = "zitadel-client-id",
// group = "zitadel"
// )]
pub client_id: Option<String>,
// #[arg(
// env = "ZITADEL_CLIENT_SECRET",
// long = "zitadel-client-secret",
// group = "zitadel"
// )]
pub client_secret: Option<String>,
}
impl IntrospectionConfigClap {
async fn try_into(self) -> anyhow::Result<IntrospectionState> {
IntrospectionStateBuilder::new(&self.authority.unwrap())
.with_basic_auth(&self.client_id.unwrap(), &self.client_secret.unwrap())
.build()
.await
.context("failed to generate an introspection builder")
}
}
/// Configuration that must be inject into the axum application state. Used by the
/// [IntrospectionStateBuilder](super::IntrospectionStateBuilder). This struct is also used to create the [IntrospectionState](IntrospectionState)
#[derive(Debug, Clone)]
pub struct IntrospectionConfig {
pub authority: String,
pub authentication: AuthorityAuthentication,
pub introspection_uri: IntrospectionUrl,
}
impl FromRef<IntrospectionState> for IntrospectionConfig {
fn from_ref(input: &IntrospectionState) -> Self {
input.config.clone()
}
}
pub struct IntrospectionStateBuilder {
authority: String,
authentication: Option<AuthorityAuthentication>,
}
/// Builder for [IntrospectionConfig]
impl IntrospectionStateBuilder {
pub fn new(authority: &str) -> Self {
Self {
authority: authority.to_string(),
authentication: None,
}
}
pub fn with_basic_auth(
&mut self,
client_id: &str,
client_secret: &str,
) -> &mut IntrospectionStateBuilder {
self.authentication = Some(AuthorityAuthentication::Basic {
client_id: client_id.to_string(),
client_secret: client_secret.to_string(),
});
self
}
pub fn with_jwt_profile(&mut self, application: Application) -> &mut IntrospectionStateBuilder {
self.authentication = Some(AuthorityAuthentication::JWTProfile { application });
self
}
pub async fn build(&mut self) -> Result<IntrospectionState, IntrospectionStateBuilderError> {
let authentication = self
.authentication
.clone()
.ok_or(IntrospectionStateBuilderError::NoAuthSchema)?;
let metadata = discover(&self.authority)
.await
.map_err(|source| IntrospectionStateBuilderError::Discovery { source })?;
let introspection_uri = metadata
.additional_metadata()
.introspection_endpoint
.clone()
.ok_or(IntrospectionStateBuilderError::NoIntrospectionUrl)?;
Ok(IntrospectionState {
config: IntrospectionConfig {
authority: self.authority.clone(),
introspection_uri: introspection_uri,
authentication: authentication,
},
})
}
}

149
como_auth/src/lib.rs
View File

@@ -1,149 +0,0 @@
pub use introspection::IntrospectionConfigClap;
mod introspection;
mod oauth;
#[derive(clap::ValueEnum, Clone, PartialEq, Eq, Debug)]
pub enum AuthEngine {
Noop,
Zitadel,
}
#[derive(clap::Args, Clone, PartialEq, Eq, Debug)]
pub struct AuthClap {
#[arg(
env = "AUTH_ENGINE",
long = "auth-engine",
requires_ifs = [
( "zitadel", "ZitadelClap" )
],
default_value = "noop" )
]
pub engine: AuthEngine,
#[clap(flatten)]
pub zitadel: ZitadelClap,
}
#[derive(clap::Args, Clone, Debug, PartialEq, Eq)]
#[group(requires_all = ["auth_url", "client_id", "client_secret", "redirect_url", "token_url", "authority_url"])]
pub struct ZitadelClap {
#[arg(env = "ZITADEL_AUTH_URL", long = "zitadel-auth-url")]
pub auth_url: Option<String>,
#[arg(env = "ZITADEL_CLIENT_ID", long = "zitadel-client-id")]
pub client_id: Option<String>,
#[arg(env = "ZITADEL_CLIENT_SECRET", long = "zitadel-client-secret")]
pub client_secret: Option<String>,
#[arg(env = "ZITADEL_REDIRECT_URL", long = "zitadel-redirect-url")]
pub redirect_url: Option<String>,
#[arg(env = "ZITADEL_AUTHORITY_URL", long = "zitadel-authority-url")]
pub authority_url: Option<String>,
#[arg(env = "ZITADEL_TOKEN_URL", long = "zitadel-token-url")]
pub token_url: Option<String>,
}
impl AuthClap {}
#[cfg(test)]
mod test {
use crate::{AuthClap, AuthEngine, ZitadelClap};
use clap::Parser;
use pretty_assertions::assert_eq;
#[derive(Parser)]
#[command(author, version, about, long_about = None)]
pub struct Cli {
#[command(subcommand)]
command: Commands,
}
#[derive(clap::Subcommand, Clone, Debug, Eq, PartialEq)]
pub enum Commands {
One {
#[clap(flatten)]
options: AuthClap,
},
}
#[test]
fn test_command_parse_as_default_noop() {
let cli: Cli = Cli::parse_from(&["base", "one"]);
assert_eq!(
cli.command,
Commands::One {
options: AuthClap {
engine: AuthEngine::Noop,
zitadel: ZitadelClap {
auth_url: None,
client_id: None,
client_secret: None,
redirect_url: None,
token_url: None,
authority_url: None,
},
}
}
);
}
#[test]
fn test_command_parse_as_noop() {
let cli: Cli = Cli::parse_from(&["base", "one", "--auth-engine", "noop"]);
assert_eq!(
cli.command,
Commands::One {
options: AuthClap {
engine: AuthEngine::Noop,
zitadel: ZitadelClap {
auth_url: None,
client_id: None,
client_secret: None,
redirect_url: None,
token_url: None,
authority_url: None,
},
}
}
);
}
#[test]
fn test_command_parse_as_zitadel() {
let cli: Cli = Cli::parse_from(&[
"base",
"one",
"--auth-engine",
"zitadel",
"--zitadel-client-id=something",
"--zitadel-client-secret=something",
"--zitadel-auth-url=https://something",
"--zitadel-redirect-url=https://something",
"--zitadel-token-url=https://something",
"--zitadel-authority-url=https://something",
]);
assert_eq!(
cli.command,
Commands::One {
options: AuthClap {
engine: AuthEngine::Zitadel,
zitadel: ZitadelClap {
auth_url: Some("https://something".into()),
client_id: Some("something".into()),
client_secret: Some("something".into()),
redirect_url: Some("https://something".into()),
token_url: Some("https://something".into()),
authority_url: Some("https://something".into()),
},
},
}
);
}
}

230
como_auth/src/oauth.rs
View File

@@ -1,230 +0,0 @@
use async_trait::async_trait;
use oauth2::{basic::BasicClient, AuthUrl, ClientId, ClientSecret, RedirectUrl, TokenUrl};
use std::ops::Deref;
use std::sync::Arc;
#[async_trait]
pub trait OAuthClient {
async fn get_token(&self) -> anyhow::Result<()>;
}
pub struct OAuth(Arc<dyn OAuthClient + Send + Sync + 'static>);
impl OAuth {
pub fn new_zitadel(config: ZitadelConfig) -> Self {
Self(Arc::new(ZitadelOAuthClient::from(config)))
}
pub fn new_noop() -> Self {
Self(Arc::new(NoopOAuthClient {}))
}
}
impl Deref for OAuth {
type Target = Arc<dyn OAuthClient + Send + Sync + 'static>;
fn deref(&self) -> &Self::Target {
&self.0
}
}
impl From<ZitadelConfig> for OAuth {
fn from(value: ZitadelConfig) -> Self {
Self::new_zitadel(value)
}
}
// -- Noop
#[derive(clap::Args, Clone)]
pub struct NoopOAuthClient;
#[async_trait]
impl OAuthClient for NoopOAuthClient {
async fn get_token(&self) -> anyhow::Result<()> {
Ok(())
}
}
// -- Zitadel
#[derive(Clone)]
pub struct ZitadelConfig {
auth_url: String,
client_id: String,
client_secret: String,
redirect_url: String,
token_url: String,
authority_url: String,
}
pub struct ZitadelOAuthClient {
client: BasicClient,
}
impl ZitadelOAuthClient {
pub fn new(
client_id: impl Into<String>,
client_secret: impl Into<String>,
redirect_url: impl Into<String>,
auth_url: impl Into<String>,
token_url: impl Into<String>,
authority_url: impl Into<String>,
) -> Self {
Self {
client: Self::oauth_client(ZitadelConfig {
client_id: client_id.into(),
client_secret: client_secret.into(),
redirect_url: redirect_url.into(),
auth_url: auth_url.into(),
token_url: token_url.into(),
authority_url: authority_url.into(),
}),
}
}
fn oauth_client(config: ZitadelConfig) -> BasicClient {
BasicClient::new(
ClientId::new(config.client_id),
Some(ClientSecret::new(config.client_secret)),
AuthUrl::new(config.auth_url).unwrap(),
Some(TokenUrl::new(config.token_url).unwrap()),
)
.set_redirect_uri(RedirectUrl::new(config.redirect_url).unwrap())
}
}
impl From<ZitadelConfig> for ZitadelOAuthClient {
fn from(value: ZitadelConfig) -> Self {
Self::new(
value.client_id,
value.client_secret,
value.redirect_url,
value.auth_url,
value.token_url,
value.authority_url,
)
}
}
#[async_trait]
impl OAuthClient for ZitadelOAuthClient {
async fn get_token(&self) -> anyhow::Result<()> {
Ok(())
}
}
#[cfg(test)]
mod tests {
use crate::{
oauth::{OAuth, ZitadelConfig},
ZitadelClap,
};
use clap::Parser;
use sealed_test::prelude::*;
#[derive(Parser)]
#[command(author, version, about, long_about = None)]
pub struct Cli {
#[clap(flatten)]
options: ZitadelClap,
}
#[derive(Parser, Debug)]
#[command(author, version, about, long_about = None)]
pub struct CliSubCommand {
#[command(subcommand)]
command: Commands,
}
#[derive(clap::Subcommand, Clone, Debug, Eq, PartialEq)]
pub enum Commands {
One {
#[clap(flatten)]
options: ZitadelClap,
},
}
#[tokio::test]
async fn test_parse_clap_zitadel() {
let cli: Cli = Cli::parse_from(&[
"base",
"--zitadel-client-id=something",
"--zitadel-client-secret=something",
"--zitadel-auth-url=https://something",
"--zitadel-redirect-url=https://something",
"--zitadel-token-url=https://something",
"--zitadel-authority-url=https://something",
]);
println!("{:?}", cli.options);
pretty_assertions::assert_eq!(
cli.options,
ZitadelClap {
auth_url: Some("https://something".into()),
client_id: Some("something".into()),
client_secret: Some("something".into()),
redirect_url: Some("https://something".into()),
token_url: Some("https://something".into()),
authority_url: Some("https://something".into()),
}
);
}
#[test]
fn test_parse_clap_zitadel_fails_require_all() {
let cli = CliSubCommand::try_parse_from(&[
"base",
"one",
// "--zitadel-client-id=something", // We want to trigger missing variable
"--zitadel-client-secret=something",
"--zitadel-auth-url=https://something",
"--zitadel-redirect-url=https://something",
"--zitadel-token-url=https://something",
"--zitadel-authority-url=https://something",
]);
pretty_assertions::assert_eq!(cli.is_err(), true);
}
#[sealed_test]
fn test_parse_clap_env_zitadel() {
std::env::set_var("ZITADEL_CLIENT_ID", "something");
std::env::set_var("ZITADEL_CLIENT_SECRET", "something");
std::env::set_var("ZITADEL_AUTH_URL", "https://something");
std::env::set_var("ZITADEL_REDIRECT_URL", "https://something");
std::env::set_var("ZITADEL_TOKEN_URL", "https://something");
std::env::set_var("ZITADEL_AUTHORITY_URL", "https://something");
let cli = CliSubCommand::parse_from(&["base", "one"]);
pretty_assertions::assert_eq!(
cli.command,
Commands::One {
options: ZitadelClap {
auth_url: Some("https://something".into()),
client_id: Some("something".into()),
client_secret: Some("something".into()),
redirect_url: Some("https://something".into()),
token_url: Some("https://something".into()),
authority_url: Some("https://something".into()),
}
}
);
}
#[test]
fn test_parse_clap_defaults_to_noop() {
let cli = CliSubCommand::parse_from(&["base", "one"]);
pretty_assertions::assert_eq!(
cli.command,
Commands::One {
options: ZitadelClap {
auth_url: None,
client_id: None,
client_secret: None,
redirect_url: None,
token_url: None,
authority_url: None,
},
}
);
}
}

6
cuddle.yaml
View File

@@ -8,8 +8,6 @@ vars:
bin_name: como_bin
scripts:
ci:
type: shell
render_como_templates:
type: shell
local_up:
@@ -28,6 +26,8 @@ scripts:
key: "name"
"sqlx:prepare":
type: shell
"deploy":
type: shell
"test":
type: "rhai"
description: "something"

3
renovate.json
View File

@@ -1,3 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
}

13
scripts/ci.sh
View File

@@ -1,13 +0,0 @@
#!/bin/bash
set -e
echo "setting up ssh"
cuddle x setup_ssh
cuddle x start_deployment
cuddle x render_templates
cuddle x render_como_templates
cuddle x build_release
cuddle x push_release
cuddle x deploy_release

1
scripts/test.rhai Normal file
View File

@@ -0,0 +1 @@
print("hello, world!");