Code cleanup

.dockerignore.yaml

@@ -1,21 +0,0 @@
-# Ignore build artifacts
-target/
-pkg/
-
-# Ignore git directory
-.git/
-
-.gitea/
-
-# Ignore environment files (configure via docker-compose instead)
-.env*
-
-# Ignore IDE/editor specific files
-.idea/
-.vscode/
-
-# Ignore OS specific files
-*.DS_Store
-
-# Add any other files/directories you don't need in the image
-# e.g., logs/, tmp/

.env.docker.sample

@@ -1,6 +0,0 @@
-SECRET_KEY=refero34o8rfhfjn983thf39fhc943rf923n3h
-POSTGRES_AUTH_USER=icarus_op
-POSTGRES_AUTH_PASSWORD=password
-POSTGRES_AUTH_DB=icarus_auth_db
-POSTGRES_AUTH_HOST=auth_db
-DATABASE_URL=postgresql://${POSTGRES_AUTH_USER}:${POSTGRES_AUTH_PASSWORD}@${POSTGRES_AUTH_HOST}:5432/${POSTGRES_AUTH_DB}

.env.sample

@@ -1,6 +1,2 @@
+DATABASE_URL=postgres://username:password@localhost/database_name
 SECRET_KEY=refero34o8rfhfjn983thf39fhc943rf923n3h
-POSTGRES_AUTH_USER=icarus_op_test
-POSTGRES_AUTH_PASSWORD=password
-POSTGRES_AUTH_DB=icarus_auth_test_db
-POSTGRES_AUTH_HOST=localhost
-DATABASE_URL=postgresql://${POSTGRES_AUTH_USER}:${POSTGRES_AUTH_PASSWORD}@${POSTGRES_AUTH_HOST}:5432/${POSTGRES_AUTH_DB}

.gitea/workflows/tag_release.yml

@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - devel
+    tags:
+      - 'v*' # Trigger on tags matching v*
 
 jobs:
   release:
@@ -51,3 +53,5 @@ jobs:
            Release of version ${{ steps.version.outputs.project_tag_release }}
           # draft: false
           # prerelease: ${{ startsWith(github.ref, 'v') == false }} # prerelease if not a valid release tag
+
+

.gitignore

@@ -1,2 +1,3 @@
 /target
+Cargo.lock
 .env

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "icarus_auth"
-version = "0.3.4"
+version = "0.3.0"
 edition = "2024"
 rust-version = "1.86"
 
@@ -13,13 +13,13 @@ tracing-subscriber = { version = "0.3.19" }
 tower = { version = "0.5.2" }
 hyper = { version = "1.6.0" }
 sqlx = { version = "0.8.3", features = ["postgres", "runtime-tokio-native-tls", "time", "uuid"] }
+dotenvy = { version = "0.15.7" }
 uuid = { version = "1.16.0", features = ["v4", "serde"] }
 argon2 = { version = "0.5.3", features = ["std"] } # Use the latest 0.5.x version
 rand = { version = "0.9" }
 time = { version = "0.3.41", features = ["macros", "serde"] }
 josekit = { version = "0.10.1" }
-icarus_models = { git = "ssh://git@git.kundeng.us/phoenix/icarus_models.git", tag = "v0.4.3" }
+icarus_models = { git = "ssh://git@git.kundeng.us/phoenix/icarus_models.git", tag = "v0.4.1" }
-icarus_envy = { git = "ssh://git@git.kundeng.us/phoenix/icarus_envy.git", tag = "v0.2.0-devel-dbe4dc67cb-950" }
 
 [dev-dependencies]
 http-body-util = { version = "0.1.3" }

Dockerfile

@@ -1,71 +0,0 @@
-# Stage 1: Build the application
-# Use a specific Rust version for reproducibility. Choose one that matches your development environment.
-# Using slim variant for smaller base image
-FROM rust:1.86 as builder
-
-# Set the working directory inside the container
-WORKDIR /usr/src/app
-
-# Install build dependencies if needed (e.g., for certain crates like sqlx with native TLS)
-# RUN apt-get update && apt-get install -y pkg-config libssl-dev
-
-# Install build dependencies if needed (e.g., git for cloning)
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    pkg-config libssl3 \
-    ca-certificates \
-    openssh-client git \
-    && rm -rf /var/lib/apt/lists/*
-
-# << --- ADD HOST KEY HERE --- >>
-# Replace 'yourgithost.com' with the actual hostname (e.g., github.com)
-RUN mkdir -p -m 0700 ~/.ssh && \
-    ssh-keyscan git.kundeng.us >> ~/.ssh/known_hosts
-
-# Copy Cargo manifests
-COPY Cargo.toml Cargo.lock ./
-
-# Build *only* dependencies to leverage Docker cache
-# This dummy build caches dependencies as a separate layer
-RUN --mount=type=ssh mkdir src && \
-    echo "fn main() {println!(\"if you see this, the build broke\")}" > src/main.rs && \
-    cargo build --release --quiet && \
-    rm -rf src target/release/deps/icarus_auth* # Clean up dummy build artifacts (replace icarus_auth)
-
-# Copy the actual source code
-COPY src ./src
-# If you have other directories like `templates` or `static`, copy them too
-COPY .env ./.env
-COPY migrations ./migrations
-
-# << --- SSH MOUNT ADDED HERE --- >>
-# Build *only* dependencies to leverage Docker cache
-# This dummy build caches dependencies as a separate layer
-# Mount the SSH agent socket for this command
-RUN --mount=type=ssh \
-    cargo build --release --quiet
-
-# Stage 2: Create the final, smaller runtime image
-# Use a minimal base image like debian-slim or even distroless for security/size
-FROM ubuntu:24.04
-
-# Install runtime dependencies if needed (e.g., SSL certificates)
-RUN apt-get update && apt-get install -y ca-certificates libssl-dev libssl3 && rm -rf /var/lib/apt/lists/*
-
-# Set the working directory
-WORKDIR /usr/local/bin
-
-# Copy the compiled binary from the builder stage
-# Replace 'icarus_auth' with the actual name of your binary (usually the crate name)
-COPY --from=builder /usr/src/app/target/release/icarus_auth .
-
-# Copy other necessary files like .env (if used for runtime config) or static assets
-# It's generally better to configure via environment variables in Docker though
-COPY --from=builder /usr/src/app/.env .
-COPY --from=builder /usr/src/app/migrations ./migrations
-
-# Expose the port your Axum app listens on (e.g., 3000 or 8000)
-EXPOSE 3000
-
-# Set the command to run your application
-# Ensure this matches the binary name copied above
-CMD ["./icarus_auth"]

README.md

@@ -1,26 +0,0 @@
-
-
-# Getting Started
-Copy the `.env.sample` file to `.env` and ensure that the variables are populated. This project
-can be used with regular hosting or with docker. For the sake of getting up to speed quickly,
-Docker will be covered. Make sure docker is running and your ssh identity has been loaded.
-
-Build image
-```
-docker compose build
-```
-
-Start images
-```
-docker compose up -d --force-recreate
-```
-
-Bring it down
-```
-docker compose down -v
-```
-
-Pruning
-```
-docker system prune -a
-```

docker-compose.yaml

@@ -1,45 +0,0 @@
-version: '3.8' # Use a recent version
-
-services:
-  # Your Rust Application Service
-  auth_api:
-    build: # Tells docker-compose to build the Dockerfile in the current directory
-      context: .
-      ssh: ["default"]  # Uses host's SSH agent
-    container_name: icarus_auth # Optional: Give the container a specific name
-    ports:
-      # Map host port 8000 to container port 3000 (adjust as needed)
-      - "8000:3000"
-    env_file:
-      - .env
-    depends_on:
-      auth_db:
-        condition: service_healthy # Wait for the DB to be healthy before starting the app
-    restart: unless-stopped # Optional: Restart policy
-
-  # PostgreSQL Database Service
-  auth_db:
-    image: postgres:17.4-alpine # Use an official Postgres image (Alpine variant is smaller)
-    container_name: icarus_auth_db # Optional: Give the container a specific name
-    environment:
-      # These MUST match the user, password, and database name in the DATABASE_URL above
-      POSTGRES_USER: ${POSTGRES_AUTH_USER:-icarus_op}
-      POSTGRES_PASSWORD: ${POSTGRES_AUTH_PASSWORD:-password}
-      POSTGRES_DB: ${POSTGRES_AUTH_DB:-icarus_auth_db}
-    volumes:
-      # Persist database data using a named volume
-      - postgres_data:/var/lib/postgresql/data
-    ports: []
-    healthcheck:
-        # Checks if Postgres is ready to accept connections
-        test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
-        interval: 10s
-        timeout: 5s
-        retries: 5
-        start_period: 10s
-    restart: always # Optional: Restart policy
-
-# Define the named volume for data persistence
-volumes:
-  postgres_data:
-    driver: local # Use the default local driver

run_migrations.txt

@@ -1,5 +1,3 @@
-TODO: At some point, move this somewhere that is appropriate
-
 # Make sure role has CREATEDB
 ALTER ROLE username_that_needs_permission CREATEDB;
 

src/callers/login.rs

@@ -47,20 +47,17 @@ pub mod endpoint {
             Ok(user) => {
                 if hashing::verify_password(&payload.password, user.password.clone()).unwrap() {
                     // Create token
-                    let key = icarus_envy::environment::get_secret_key().await;
+                    let key = token_stuff::get_key().unwrap();
                     let (token_literal, duration) = token_stuff::create_token(&key).unwrap();
 
                     if token_stuff::verify_token(&key, &token_literal) {
-                        let current_time = time::OffsetDateTime::now_utc();
-                        let _ = repo::user::update_last_login(&pool, &user, &current_time).await;
-
                         (
                             StatusCode::OK,
                             Json(response::Response {
                                 message: String::from("Successful"),
                                 data: vec![icarus_models::login_result::LoginResult {
                                     id: user.id,
-                                    username: user.username.clone(),
+                                    username: user.username,
                                     token: token_literal,
                                     token_type: String::from(token_stuff::TOKENTYPE),
                                     expiration: duration,

src/lib.rs

@@ -4,6 +4,14 @@ pub mod hashing;
 pub mod repo;
 pub mod token_stuff;
 
+pub mod keys {
+    pub const DBURL: &str = "DATABASE_URL";
+
+    pub mod error {
+        pub const ERROR: &str = "DATABASE_URL must be set in .env";
+    }
+}
+
 mod connection_settings {
     pub const MAXCONN: u32 = 5;
 }
@@ -11,11 +19,12 @@ mod connection_settings {
 pub mod db {
 
     use sqlx::postgres::PgPoolOptions;
+    use std::env;
 
-    use crate::connection_settings;
+    use crate::{connection_settings, keys};
 
     pub async fn create_pool() -> Result<sqlx::PgPool, sqlx::Error> {
-        let database_url = icarus_envy::environment::get_db_url().await;
+        let database_url = get_db_url().await;
         println!("Database url: {:?}", database_url);
 
         PgPoolOptions::new()
@@ -24,6 +33,13 @@ pub mod db {
             .await
     }
 
+    async fn get_db_url() -> String {
+        #[cfg(debug_assertions)] // Example: Only load .env in debug builds
+        dotenvy::dotenv().ok();
+
+        env::var(keys::DBURL).expect(keys::error::ERROR)
+    }
+
     pub async fn migrations(pool: &sqlx::PgPool) {
         // Run migrations using the sqlx::migrate! macro
         // Assumes your migrations are in a ./migrations folder relative to Cargo.toml

src/main.rs

@@ -69,23 +69,24 @@ mod tests {
     mod db_mgr {
         use std::str::FromStr;
 
+        use icarus_auth::keys;
+
         pub const LIMIT: usize = 6;
 
         pub async fn get_pool() -> Result<sqlx::PgPool, sqlx::Error> {
-            let tm_db_url = icarus_envy::environment::get_db_url().await;
+            let tm_db_url = std::env::var(keys::DBURL).expect("DATABASE_URL must be present");
             let tm_options = sqlx::postgres::PgConnectOptions::from_str(&tm_db_url).unwrap();
             sqlx::PgPool::connect_with(tm_options).await
         }
 
         pub async fn generate_db_name() -> String {
-            let db_name = get_database_name().await.unwrap()
+            let db_name =
-                + &"_"
+                get_database_name().unwrap() + &"_" + &uuid::Uuid::new_v4().to_string()[..LIMIT];
-                + &uuid::Uuid::new_v4().to_string()[..LIMIT];
             db_name
         }
 
         pub async fn connect_to_db(db_name: &str) -> Result<sqlx::PgPool, sqlx::Error> {
-            let db_url = icarus_envy::environment::get_db_url().await;
+            let db_url = std::env::var(keys::DBURL).expect("DATABASE_URL must be set for tests");
             let options = sqlx::postgres::PgConnectOptions::from_str(&db_url)?.database(db_name);
             sqlx::PgPool::connect_with(options).await
         }
@@ -111,9 +112,11 @@ mod tests {
             Ok(())
         }
 
-        pub async fn get_database_name() -> Result<String, Box<dyn std::error::Error>> {
+        pub fn get_database_name() -> Result<String, Box<dyn std::error::Error>> {
-            let database_url = icarus_envy::environment::get_db_url().await;
+            dotenvy::dotenv().ok(); // Load .env file if it exists
 
+            match std::env::var(keys::DBURL) {
+                Ok(database_url) => {
                     let parsed_url = url::Url::parse(&database_url)?;
                     if parsed_url.scheme() == "postgres" || parsed_url.scheme() == "postgresql" {
                         match parsed_url
@@ -128,6 +131,12 @@ mod tests {
                         Err("Error parsing".into())
                     }
                 }
+                Err(_) => {
+                    // DATABASE_URL environment variable not found
+                    Err("Error parsing".into())
+                }
+            }
+        }
     }
 
     fn get_test_register_request() -> icarus_auth::callers::register::request::Request {

src/repo/mod.rs

@@ -42,39 +42,6 @@ pub mod user {
         }
     }
 
-    pub async fn update_last_login(
-        pool: &sqlx::PgPool,
-        user: &icarus_models::user::User,
-        time: &time::OffsetDateTime,
-    ) -> Result<time::OffsetDateTime, sqlx::Error> {
-        let result = sqlx::query(
-            r#"
-            UPDATE "user" SET last_login = $1 WHERE id = $2 RETURNING last_login
-            "#,
-        )
-        .bind(time)
-        .bind(user.id)
-        .fetch_optional(pool)
-        .await
-        .map_err(|e| {
-            eprintln!("Error updating time: {}", e);
-            e
-        });
-
-        match result {
-            Ok(row) => match row {
-                Some(r) => {
-                    let last_login: time::OffsetDateTime = r
-                        .try_get("last_login")
-                        .map_err(|_e| sqlx::Error::RowNotFound)?;
-                    Ok(last_login)
-                }
-                None => Err(sqlx::Error::RowNotFound),
-            },
-            Err(err) => Err(err),
-        }
-    }
-
     pub async fn exists(pool: &sqlx::PgPool, username: &String) -> Result<bool, sqlx::Error> {
         let result = sqlx::query(
             r#"

src/token_stuff/mod.rs

@@ -12,6 +12,12 @@ pub const MESSAGE: &str = "Something random";
 pub const ISSUER: &str = "icarus_auth";
 pub const AUDIENCE: &str = "icarus";
 
+pub fn get_key() -> Result<String, dotenvy::Error> {
+    dotenvy::dotenv().ok();
+    let key = std::env::var(KEY_ENV).expect("SECRET_KEY_NOT_FOUND");
+    Ok(key)
+}
+
 pub fn get_issued() -> time::Result<time::OffsetDateTime> {
     Ok(time::OffsetDateTime::now_utc())
 }
@@ -45,10 +51,7 @@ pub fn create_token(provided_key: &String) -> Result<(String, i64), josekit::Jos
             payload.set_expires_at(&util::time_to_std_time(&expire).unwrap());
 
             let key: String = if provided_key.is_empty() {
-                let rt = tokio::runtime::Runtime::new().unwrap();
+                get_key().unwrap()
-
-                // Block on the async function to get the result
-                rt.block_on(icarus_envy::environment::get_secret_key())
             } else {
                 provided_key.to_owned()
             };
@@ -79,8 +82,7 @@ mod tests {
 
     #[test]
     fn test_tokenize() {
-        let rt = tokio::runtime::Runtime::new().unwrap();
+        let special_key = get_key().unwrap();
-        let special_key = rt.block_on(icarus_envy::environment::get_secret_key());
         match create_token(&special_key) {
             Ok((token, _duration)) => {
                 let result = verify_token(&special_key, &token);