Update dependencies (#43)

Reviewed-on: #43
Co-authored-by: phoenix <kundeng00@pm.me>
Co-committed-by: phoenix <kundeng00@pm.me>

.dockerignore.yaml

@@ -0,0 +1,21 @@
+# Ignore build artifacts
+target/
+pkg/
+
+# Ignore git directory
+.git/
+
+.gitea/
+
+# Ignore environment files (configure via docker-compose instead)
+.env*
+
+# Ignore IDE/editor specific files
+.idea/
+.vscode/
+
+# Ignore OS specific files
+*.DS_Store
+
+# Add any other files/directories you don't need in the image
+# e.g., logs/, tmp/

.env.docker.sample

@@ -0,0 +1,6 @@
+SECRET_KEY=refero34o8rfhfjn983thf39fhc943rf923n3h
+POSTGRES_AUTH_USER=icarus_op
+POSTGRES_AUTH_PASSWORD=password
+POSTGRES_AUTH_DB=icarus_auth_db
+POSTGRES_AUTH_HOST=auth_db
+DATABASE_URL=postgresql://${POSTGRES_AUTH_USER}:${POSTGRES_AUTH_PASSWORD}@${POSTGRES_AUTH_HOST}:5432/${POSTGRES_AUTH_DB}

.env.sample

@@ -1,2 +1,6 @@
-DATABASE_URL=postgres://username:password@localhost/database_name
+SECRET_KEY=refero34o8rfhfjn983thf39fhc943rf923n3h
-SECRET_KEY=refero34o8rfhfjn983thf39fhc943rf923n3h
+POSTGRES_AUTH_USER=icarus_op_test
+POSTGRES_AUTH_PASSWORD=password
+POSTGRES_AUTH_DB=icarus_auth_test_db
+POSTGRES_AUTH_HOST=localhost
+DATABASE_URL=postgresql://${POSTGRES_AUTH_USER}:${POSTGRES_AUTH_PASSWORD}@${POSTGRES_AUTH_HOST}:5432/${POSTGRES_AUTH_DB}

.gitea/workflows/tag_release.yml

@@ -4,8 +4,6 @@ on:
   push:
     branches:
       - devel
-    tags:
-      - 'v*' # Trigger on tags matching v*
 
 jobs:
   release:
@@ -19,7 +17,7 @@ jobs:
       - name: Install Rust
         uses: actions-rs/toolchain@v1
         with:
-          toolchain: 1.86.0
+          toolchain: 1.88.0
           components: cargo
 
       - name: Extract Version from Cargo.toml
@@ -53,5 +51,3 @@ jobs:
            Release of version ${{ steps.version.outputs.project_tag_release }}
           # draft: false
           # prerelease: ${{ startsWith(github.ref, 'v') == false }} # prerelease if not a valid release tag
-
-

.gitea/workflows/workflow.yml

@@ -18,7 +18,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: 1.86.0
+          toolchain: 1.88.0
       - run: |
           mkdir -p ~/.ssh
           echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/icarus_models_deploy_key
@@ -53,7 +53,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: 1.86.0
+          toolchain: 1.88.0
       # --- Add this step for explicit verification ---
       - name: Verify Docker Environment
         run: |
@@ -94,7 +94,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: 1.86.0
+          toolchain: 1.88.0
       - run: rustup component add rustfmt
       - run: |
           mkdir -p ~/.ssh
@@ -113,7 +113,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: 1.86.0
+          toolchain: 1.88.0
       - run: rustup component add clippy
       - run: |
           mkdir -p ~/.ssh
@@ -132,7 +132,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: 1.86.0
+          toolchain: 1.88.0
       - run: |
           mkdir -p ~/.ssh
           echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/icarus_models_deploy_key

.gitignore

@@ -1,3 +1,2 @@
 /target
-Cargo.lock
 .env

Cargo.toml

@@ -1,27 +1,27 @@
 [package]
 name = "icarus_auth"
-version = "0.3.2"
+version = "0.3.10"
 edition = "2024"
-rust-version = "1.86"
+rust-version = "1.88"
 
 [dependencies]
-axum = { version = "0.8.3" }
+axum = { version = "0.8.4" }
-serde = { version = "1.0.218", features = ["derive"] }
+serde = { version = "1.0.219", features = ["derive"] }
-serde_json = { version = "1.0.139" }
+serde_json = { version = "1.0.140" }
-tokio = { version = "1.44.1", features = ["rt-multi-thread"] }
+tokio = { version = "1.45.1", features = ["rt-multi-thread"] }
 tracing-subscriber = { version = "0.3.19" }
 tower = { version = "0.5.2" }
 hyper = { version = "1.6.0" }
-sqlx = { version = "0.8.3", features = ["postgres", "runtime-tokio-native-tls", "time", "uuid"] }
+sqlx = { version = "0.8.6", features = ["postgres", "runtime-tokio-native-tls", "time", "uuid"] }
-dotenvy = { version = "0.15.7" }
+uuid = { version = "1.17.0", features = ["v4", "serde"] }
-uuid = { version = "1.16.0", features = ["v4", "serde"] }
 argon2 = { version = "0.5.3", features = ["std"] } # Use the latest 0.5.x version
-rand = { version = "0.9" }
+rand = { version = "0.9.1" }
 time = { version = "0.3.41", features = ["macros", "serde"] }
-josekit = { version = "0.10.1" }
+josekit = { version = "0.10.3" }
-icarus_models = { git = "ssh://git@git.kundeng.us/phoenix/icarus_models.git", tag = "v0.4.1" }
+icarus_models = { git = "ssh://git@git.kundeng.us/phoenix/icarus_models.git", tag = "v0.5.0-devel-7958b89abc-111" }
+icarus_envy = { git = "ssh://git@git.kundeng.us/phoenix/icarus_envy.git", tag = "v0.3.0-devel-d73fba9899-006" }
 
 [dev-dependencies]
 http-body-util = { version = "0.1.3" }
-url = { version = "2.5" }
+url = { version = "2.5.4" }
-once_cell = { version = "1.19" } # Useful for lazy initialization in tests/app setup
+once_cell = { version = "1.21.3" } # Useful for lazy initialization in tests/app setup

Dockerfile

@@ -0,0 +1,71 @@
+# Stage 1: Build the application
+# Use a specific Rust version for reproducibility. Choose one that matches your development environment.
+# Using slim variant for smaller base image
+FROM rust:1.86 as builder
+
+# Set the working directory inside the container
+WORKDIR /usr/src/app
+
+# Install build dependencies if needed (e.g., for certain crates like sqlx with native TLS)
+# RUN apt-get update && apt-get install -y pkg-config libssl-dev
+
+# Install build dependencies if needed (e.g., git for cloning)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    pkg-config libssl3 \
+    ca-certificates \
+    openssh-client git \
+    && rm -rf /var/lib/apt/lists/*
+
+# << --- ADD HOST KEY HERE --- >>
+# Replace 'yourgithost.com' with the actual hostname (e.g., github.com)
+RUN mkdir -p -m 0700 ~/.ssh && \
+    ssh-keyscan git.kundeng.us >> ~/.ssh/known_hosts
+
+# Copy Cargo manifests
+COPY Cargo.toml Cargo.lock ./
+
+# Build *only* dependencies to leverage Docker cache
+# This dummy build caches dependencies as a separate layer
+RUN --mount=type=ssh mkdir src && \
+    echo "fn main() {println!(\"if you see this, the build broke\")}" > src/main.rs && \
+    cargo build --release --quiet && \
+    rm -rf src target/release/deps/icarus_auth* # Clean up dummy build artifacts (replace icarus_auth)
+
+# Copy the actual source code
+COPY src ./src
+# If you have other directories like `templates` or `static`, copy them too
+COPY .env ./.env
+COPY migrations ./migrations
+
+# << --- SSH MOUNT ADDED HERE --- >>
+# Build *only* dependencies to leverage Docker cache
+# This dummy build caches dependencies as a separate layer
+# Mount the SSH agent socket for this command
+RUN --mount=type=ssh \
+    cargo build --release --quiet
+
+# Stage 2: Create the final, smaller runtime image
+# Use a minimal base image like debian-slim or even distroless for security/size
+FROM ubuntu:24.04
+
+# Install runtime dependencies if needed (e.g., SSL certificates)
+RUN apt-get update && apt-get install -y ca-certificates libssl-dev libssl3 && rm -rf /var/lib/apt/lists/*
+
+# Set the working directory
+WORKDIR /usr/local/bin
+
+# Copy the compiled binary from the builder stage
+# Replace 'icarus_auth' with the actual name of your binary (usually the crate name)
+COPY --from=builder /usr/src/app/target/release/icarus_auth .
+
+# Copy other necessary files like .env (if used for runtime config) or static assets
+# It's generally better to configure via environment variables in Docker though
+COPY --from=builder /usr/src/app/.env .
+COPY --from=builder /usr/src/app/migrations ./migrations
+
+# Expose the port your Axum app listens on (e.g., 3000 or 8000)
+EXPOSE 3000
+
+# Set the command to run your application
+# Ensure this matches the binary name copied above
+CMD ["./icarus_auth"]

README.md

@@ -0,0 +1,26 @@
+
+
+# Getting Started
+Copy the `.env.sample` file to `.env` and ensure that the variables are populated. This project
+can be used with regular hosting or with docker. For the sake of getting up to speed quickly,
+Docker will be covered. Make sure docker is running and your ssh identity has been loaded.
+
+Build image
+```
+docker compose build
+```
+
+Start images
+```
+docker compose up -d --force-recreate
+```
+
+Bring it down
+```
+docker compose down -v
+```
+
+Pruning
+```
+docker system prune -a
+```

docker-compose.yaml

@@ -0,0 +1,45 @@
+version: '3.8' # Use a recent version
+
+services:
+  # Your Rust Application Service
+  auth_api:
+    build: # Tells docker-compose to build the Dockerfile in the current directory
+      context: .
+      ssh: ["default"]  # Uses host's SSH agent
+    container_name: icarus_auth # Optional: Give the container a specific name
+    ports:
+      # Map host port 8000 to container port 3000 (adjust as needed)
+      - "8000:3000"
+    env_file:
+      - .env
+    depends_on:
+      auth_db:
+        condition: service_healthy # Wait for the DB to be healthy before starting the app
+    restart: unless-stopped # Optional: Restart policy
+
+  # PostgreSQL Database Service
+  auth_db:
+    image: postgres:17.4-alpine # Use an official Postgres image (Alpine variant is smaller)
+    container_name: icarus_auth_db # Optional: Give the container a specific name
+    environment:
+      # These MUST match the user, password, and database name in the DATABASE_URL above
+      POSTGRES_USER: ${POSTGRES_AUTH_USER:-icarus_op}
+      POSTGRES_PASSWORD: ${POSTGRES_AUTH_PASSWORD:-password}
+      POSTGRES_DB: ${POSTGRES_AUTH_DB:-icarus_auth_db}
+    volumes:
+      # Persist database data using a named volume
+      - postgres_data:/var/lib/postgresql/data
+    ports: []
+    healthcheck:
+        # Checks if Postgres is ready to accept connections
+        test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
+        interval: 10s
+        timeout: 5s
+        retries: 5
+        start_period: 10s
+    restart: always # Optional: Restart policy
+
+# Define the named volume for data persistence
+volumes:
+  postgres_data:
+    driver: local # Use the default local driver

run_migrations.txt

@@ -1,3 +1,5 @@
+TODO: At some point, move this somewhere that is appropriate
+
 # Make sure role has CREATEDB
 ALTER ROLE username_that_needs_permission CREATEDB;
 

src/callers/login.rs

@@ -47,17 +47,20 @@ pub mod endpoint {
             Ok(user) => {
                 if hashing::verify_password(&payload.password, user.password.clone()).unwrap() {
                     // Create token
-                    let key = token_stuff::get_key().unwrap();
+                    let key = icarus_envy::environment::get_secret_key().await;
                     let (token_literal, duration) = token_stuff::create_token(&key).unwrap();
 
                     if token_stuff::verify_token(&key, &token_literal) {
+                        let current_time = time::OffsetDateTime::now_utc();
+                        let _ = repo::user::update_last_login(&pool, &user, &current_time).await;
+
                         (
                             StatusCode::OK,
                             Json(response::Response {
                                 message: String::from("Successful"),
                                 data: vec![icarus_models::login_result::LoginResult {
                                     id: user.id,
-                                    username: user.username,
+                                    username: user.username.clone(),
                                     token: token_literal,
                                     token_type: String::from(token_stuff::TOKENTYPE),
                                     expiration: duration,

src/lib.rs

@@ -4,14 +4,6 @@ pub mod hashing;
 pub mod repo;
 pub mod token_stuff;
 
-pub mod keys {
-    pub const DBURL: &str = "DATABASE_URL";
-
-    pub mod error {
-        pub const ERROR: &str = "DATABASE_URL must be set in .env";
-    }
-}
-
 mod connection_settings {
     pub const MAXCONN: u32 = 5;
 }
@@ -19,12 +11,11 @@ mod connection_settings {
 pub mod db {
 
     use sqlx::postgres::PgPoolOptions;
-    use std::env;
 
-    use crate::{connection_settings, keys};
+    use crate::connection_settings;
 
     pub async fn create_pool() -> Result<sqlx::PgPool, sqlx::Error> {
-        let database_url = get_db_url().await;
+        let database_url = icarus_envy::environment::get_db_url().await;
         println!("Database url: {:?}", database_url);
 
         PgPoolOptions::new()
@@ -33,13 +24,6 @@ pub mod db {
             .await
     }
 
-    async fn get_db_url() -> String {
-        #[cfg(debug_assertions)] // Example: Only load .env in debug builds
-        dotenvy::dotenv().ok();
-
-        env::var(keys::DBURL).expect(keys::error::ERROR)
-    }
-
     pub async fn migrations(pool: &sqlx::PgPool) {
         // Run migrations using the sqlx::migrate! macro
         // Assumes your migrations are in a ./migrations folder relative to Cargo.toml

src/main.rs

@@ -69,24 +69,23 @@ mod tests {
     mod db_mgr {
         use std::str::FromStr;
 
-        use icarus_auth::keys;
-
         pub const LIMIT: usize = 6;
 
         pub async fn get_pool() -> Result<sqlx::PgPool, sqlx::Error> {
-            let tm_db_url = std::env::var(keys::DBURL).expect("DATABASE_URL must be present");
+            let tm_db_url = icarus_envy::environment::get_db_url().await;
             let tm_options = sqlx::postgres::PgConnectOptions::from_str(&tm_db_url).unwrap();
             sqlx::PgPool::connect_with(tm_options).await
         }
 
         pub async fn generate_db_name() -> String {
-            let db_name =
+            let db_name = get_database_name().await.unwrap()
-                get_database_name().unwrap() + &"_" + &uuid::Uuid::new_v4().to_string()[..LIMIT];
+                + &"_"
+                + &uuid::Uuid::new_v4().to_string()[..LIMIT];
             db_name
         }
 
         pub async fn connect_to_db(db_name: &str) -> Result<sqlx::PgPool, sqlx::Error> {
-            let db_url = std::env::var(keys::DBURL).expect("DATABASE_URL must be set for tests");
+            let db_url = icarus_envy::environment::get_db_url().await;
             let options = sqlx::postgres::PgConnectOptions::from_str(&db_url)?.database(db_name);
             sqlx::PgPool::connect_with(options).await
         }
@@ -112,29 +111,21 @@ mod tests {
             Ok(())
         }
 
-        pub fn get_database_name() -> Result<String, Box<dyn std::error::Error>> {
+        pub async fn get_database_name() -> Result<String, Box<dyn std::error::Error>> {
-            dotenvy::dotenv().ok(); // Load .env file if it exists
+            let database_url = icarus_envy::environment::get_db_url().await;
 
-            match std::env::var(keys::DBURL) {
+            let parsed_url = url::Url::parse(&database_url)?;
-                Ok(database_url) => {
+            if parsed_url.scheme() == "postgres" || parsed_url.scheme() == "postgresql" {
-                    let parsed_url = url::Url::parse(&database_url)?;
+                match parsed_url
-                    if parsed_url.scheme() == "postgres" || parsed_url.scheme() == "postgresql" {
+                    .path_segments()
-                        match parsed_url
+                    .and_then(|segments| segments.last().map(|s| s.to_string()))
-                            .path_segments()
+                {
-                            .and_then(|segments| segments.last().map(|s| s.to_string()))
+                    Some(sss) => Ok(sss),
-                        {
+                    None => Err("Error parsing".into()),
-                            Some(sss) => Ok(sss),
-                            None => Err("Error parsing".into()),
-                        }
-                    } else {
-                        // Handle other database types if needed
-                        Err("Error parsing".into())
-                    }
-                }
-                Err(_) => {
-                    // DATABASE_URL environment variable not found
-                    Err("Error parsing".into())
                 }
+            } else {
+                // Handle other database types if needed
+                Err("Error parsing".into())
             }
         }
     }

src/repo/mod.rs

@@ -42,6 +42,39 @@ pub mod user {
         }
     }
 
+    pub async fn update_last_login(
+        pool: &sqlx::PgPool,
+        user: &icarus_models::user::User,
+        time: &time::OffsetDateTime,
+    ) -> Result<time::OffsetDateTime, sqlx::Error> {
+        let result = sqlx::query(
+            r#"
+            UPDATE "user" SET last_login = $1 WHERE id = $2 RETURNING last_login
+            "#,
+        )
+        .bind(time)
+        .bind(user.id)
+        .fetch_optional(pool)
+        .await
+        .map_err(|e| {
+            eprintln!("Error updating time: {}", e);
+            e
+        });
+
+        match result {
+            Ok(row) => match row {
+                Some(r) => {
+                    let last_login: time::OffsetDateTime = r
+                        .try_get("last_login")
+                        .map_err(|_e| sqlx::Error::RowNotFound)?;
+                    Ok(last_login)
+                }
+                None => Err(sqlx::Error::RowNotFound),
+            },
+            Err(err) => Err(err),
+        }
+    }
+
     pub async fn exists(pool: &sqlx::PgPool, username: &String) -> Result<bool, sqlx::Error> {
         let result = sqlx::query(
             r#"

src/token_stuff/mod.rs

@@ -12,12 +12,6 @@ pub const MESSAGE: &str = "Something random";
 pub const ISSUER: &str = "icarus_auth";
 pub const AUDIENCE: &str = "icarus";
 
-pub fn get_key() -> Result<String, dotenvy::Error> {
-    dotenvy::dotenv().ok();
-    let key = std::env::var(KEY_ENV).expect("SECRET_KEY_NOT_FOUND");
-    Ok(key)
-}
-
 pub fn get_issued() -> time::Result<time::OffsetDateTime> {
     Ok(time::OffsetDateTime::now_utc())
 }
@@ -51,7 +45,10 @@ pub fn create_token(provided_key: &String) -> Result<(String, i64), josekit::Jos
             payload.set_expires_at(&util::time_to_std_time(&expire).unwrap());
 
             let key: String = if provided_key.is_empty() {
-                get_key().unwrap()
+                let rt = tokio::runtime::Runtime::new().unwrap();
+
+                // Block on the async function to get the result
+                rt.block_on(icarus_envy::environment::get_secret_key())
             } else {
                 provided_key.to_owned()
             };
@@ -82,7 +79,8 @@ mod tests {
 
     #[test]
     fn test_tokenize() {
-        let special_key = get_key().unwrap();
+        let rt = tokio::runtime::Runtime::new().unwrap();
+        let special_key = rt.block_on(icarus_envy::environment::get_secret_key());
         match create_token(&special_key) {
             Ok((token, _duration)) => {
                 let result = verify_token(&special_key, &token);