Compare commits

...

5 Commits

Author SHA1 Message Date
phoenix 54b0710298 Update rust (#1)
Rust Build / Check (push) Successful in 31s
Rust Build / Test Suite (push) Successful in 35s
Rust Build / Clippy (push) Successful in 30s
Rust Build / Rustfmt (push) Successful in 58s
Rust Build / build (push) Successful in 48s
Release Tagging / release (push) Successful in 1m34s
Reviewed-on: #1
2026-05-22 11:24:55 -04:00
phoenix 4233876bb0 Update rust (#79)
Reviewed-on: #79
Co-authored-by: phoenix <mail@kundeng.us>
Co-committed-by: phoenix <mail@kundeng.us>
2026-04-05 17:51:13 -04:00
phoenix 907a2dbfc3 tsk-64: Postgresql version bump 18 (#78)
Closes #64

Reviewed-on: #78
Co-authored-by: phoenix <kundeng00@pm.me>
Co-committed-by: phoenix <kundeng00@pm.me>
2025-11-02 21:43:35 +00:00
phoenix cba3e3db79 tsk-68: Remove run_migrations.txt (#77)
Close #68

Reviewed-on: #77
Co-authored-by: phoenix <kundeng00@pm.me>
Co-committed-by: phoenix <kundeng00@pm.me>
2025-10-22 15:48:39 +00:00
phoenix 5407462def tsk-69: Retrieve username from the db (#76)
Closes #69

Reviewed-on: #76
Co-authored-by: phoenix <kundeng00@pm.me>
Co-committed-by: phoenix <kundeng00@pm.me>
2025-10-22 15:35:29 +00:00
13 changed files with 620 additions and 628 deletions
+1 -1
View File
@@ -17,7 +17,7 @@ jobs:
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: 1.90.0
toolchain: 1.95
components: cargo
- name: Extract Version from Cargo.toml
+6 -6
View File
@@ -18,7 +18,7 @@ jobs:
- uses: actions/checkout@v5
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: 1.90.0
toolchain: 1.95
- run: |
mkdir -p ~/.ssh
echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/icarus_models_deploy_key
@@ -36,7 +36,7 @@ jobs:
# --- Add database service definition ---
services:
postgres:
image: postgres:17.5
image: postgres:18.3-alpine
env:
# Use secrets for DB init, with fallbacks for flexibility
POSTGRES_USER: ${{ secrets.DB_TEST_USER || 'testuser' }}
@@ -53,7 +53,7 @@ jobs:
- uses: actions/checkout@v5
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: 1.90.0
toolchain: 1.95
# --- Add this step for explicit verification ---
- name: Verify Docker Environment
run: |
@@ -95,7 +95,7 @@ jobs:
- uses: actions/checkout@v5
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: 1.90.0
toolchain: 1.95
- run: rustup component add rustfmt
- run: |
mkdir -p ~/.ssh
@@ -114,7 +114,7 @@ jobs:
- uses: actions/checkout@v5
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: 1.90.0
toolchain: 1.95
- run: rustup component add clippy
- run: |
mkdir -p ~/.ssh
@@ -133,7 +133,7 @@ jobs:
- uses: actions/checkout@v5
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: 1.90.0
toolchain: 1.95
- run: |
mkdir -p ~/.ssh
echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/icarus_models_deploy_key
Generated
+522 -506
View File
File diff suppressed because it is too large Load Diff
+17 -17
View File
@@ -1,30 +1,30 @@
[package]
name = "icarus_auth"
version = "0.6.4"
version = "0.8.0"
edition = "2024"
rust-version = "1.90"
rust-version = "1.95"
[dependencies]
axum = { version = "0.8.6" }
axum = { version = "0.8.9" }
serde = { version = "1.0.228", features = ["derive"] }
serde_json = { version = "1.0.145" }
tokio = { version = "1.47.1", features = ["rt-multi-thread"] }
tracing-subscriber = { version = "0.3.20" }
tower = { version = "0.5.2", features = ["full"] }
tower-http = { version = "0.6.6", features = ["cors"] }
hyper = { version = "1.7.0" }
serde_json = { version = "1.0.149" }
tokio = { version = "1.52.2", features = ["rt-multi-thread"] }
tracing-subscriber = { version = "0.3.23" }
tower = { version = "0.5.3", features = ["full"] }
tower-http = { version = "0.6.10", features = ["cors"] }
hyper = { version = "1.9.0" }
sqlx = { version = "0.8.6", features = ["postgres", "runtime-tokio-native-tls", "time", "uuid"] }
uuid = { version = "1.18.1", features = ["v4", "serde"] }
uuid = { version = "1.23.1", features = ["v4", "serde"] }
argon2 = { version = "0.5.3", features = ["std"] } # Use the latest 0.5.x version
rand = { version = "0.9.2" }
time = { version = "0.3.41", features = ["macros", "serde"] }
rand = { version = "0.10.1" }
time = { version = "0.3.47", features = ["macros", "serde"] }
josekit = { version = "0.10.3" }
utoipa = { version = "5.4.0", features = ["axum_extras"] }
utoipa = { version = "5.5.0", features = ["axum_extras"] }
utoipa-swagger-ui = { version = "9.0.2", features = ["axum"] }
icarus_models = { git = "ssh://git@git.kundeng.us/phoenix/icarus_models.git", tag = "v0.8.0" }
icarus_envy = { git = "ssh://git@git.kundeng.us/phoenix/icarus_envy.git", tag = "v0.5.0" }
icarus_models = { git = "ssh://git@git.kundeng.us/phoenix/icarus_models.git", tag = "v0.11.1" }
icarus_envy = { git = "ssh://git@git.kundeng.us/phoenix/icarus_envy.git", tag = "v0.7.0" }
[dev-dependencies]
http-body-util = { version = "0.1.3" }
url = { version = "2.5.7" }
once_cell = { version = "1.21.3" } # Useful for lazy initialization in tests/app setup
url = { version = "2.5.8" }
once_cell = { version = "1.21.4" } # Useful for lazy initialization in tests/app setup
+3 -3
View File
@@ -1,7 +1,7 @@
# Stage 1: Build the application
# Use a specific Rust version for reproducibility. Choose one that matches your development environment.
# Using slim variant for smaller base image
FROM rust:1.90 as builder
FROM rust:1.95 as builder
# Set the working directory inside the container
WORKDIR /usr/src/app
@@ -46,7 +46,7 @@ RUN --mount=type=ssh \
# Stage 2: Create the final, smaller runtime image
# Use a minimal base image like debian-slim or even distroless for security/size
FROM ubuntu:24.04
FROM debian:trixie-slim
# Install runtime dependencies if needed (e.g., SSL certificates)
RUN apt-get update && apt-get install -y ca-certificates libssl-dev libssl3 && rm -rf /var/lib/apt/lists/*
@@ -64,7 +64,7 @@ COPY --from=builder /usr/src/app/.env .
COPY --from=builder /usr/src/app/migrations ./migrations
# Expose the port your Axum app listens on (e.g., 3000 or 8000)
EXPOSE 3000
EXPOSE 8001
# Set the command to run your application
# Ensure this matches the binary name copied above
+8 -1
View File
@@ -2,6 +2,13 @@ A auth web API services for the Icarus project.
# Getting Started
Install the `sqlx` tool to use migrations.
```
cargo install sqlx-cli
```
This will be used to scaffold development for local environments.
The easiest way to get started is through docker. This assumes that docker is already installed
on your system. Copy the `.env.docker.sample` as `.env`. Most of the data in the env file doesn't
need to be modified. The `SECRET_KEY` variable should be changed since it will be used for token
@@ -33,4 +40,4 @@ docker system prune -a
```
To view the OpenAPI spec, run the project and access `/swagger-ui`. If running through docker,
the url would be something like `http://localhost:8000/swagger-ui`.
the url would be something like `http://localhost:8001/swagger-ui`.
+2 -2
View File
@@ -19,7 +19,7 @@ services:
# PostgreSQL Database Service
auth_db:
image: postgres:17.5-alpine # Use an official Postgres image (Alpine variant is smaller)
image: postgres:18.3-alpine # Use an official Postgres image (Alpine variant is smaller)
container_name: icarus_auth_db # Optional: Give the container a specific name
environment:
# These MUST match the user, password, and database name in the DATABASE_URL above
@@ -28,7 +28,7 @@ services:
POSTGRES_DB: ${POSTGRES_AUTH_DB:-icarus_auth_db}
volumes:
# Persist database data using a named volume
- postgres_data:/var/lib/postgresql/data
- postgres_data:/var/lib/postgresql
ports: []
healthcheck:
# Checks if Postgres is ready to accept connections
@@ -23,6 +23,7 @@ CREATE TABLE IF NOT EXISTS "salt" (
CREATE TABLE IF NOT EXISTS "passphrase" (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
username TEXT NOT NULL,
passphrase TEXT NOT NULL,
date_created TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
@@ -1,2 +1,2 @@
-- Add migration script here
INSERT INTO "passphrase" (id, passphrase) VALUES('22f9c775-cce9-457a-a147-9dafbb801f61', 'iUOo1fxshf3y1tUGn1yU8l9raPApHCdinW0VdCHdRFEjqhR3Bf02aZzsKbLtaDFH');
INSERT INTO "passphrase" (id, username, passphrase) VALUES('22f9c775-cce9-457a-a147-9dafbb801f61', 'service', 'iUOo1fxshf3y1tUGn1yU8l9raPApHCdinW0VdCHdRFEjqhR3Bf02aZzsKbLtaDFH');
-27
View File
@@ -1,27 +0,0 @@
TODO: At some point, move this somewhere that is appropriate
# Make sure role has CREATEDB
ALTER ROLE username_that_needs_permission CREATEDB;
# Install migrations
cargo install sqlx-cli
# Make sure to populate DATABASE_URL with correct value.
# By default, the DATABASE_URL found in .env file will be used
export DATABASE_URL="postgres://icarus_op_test:password@localhost/icarus_auth_test"
# init
sqlx migrate add init_migration
sqlx migrate run
# Create
sqlx database create
# Drop
sqlx database drop
# setup
sqlx database setup
# Reset
sqlx database reset
+7 -11
View File
@@ -59,10 +59,6 @@ pub mod endpoint {
use super::request;
use super::response;
// TODO: At some point, get the username from the DB
// Name of service username when returning a login result
pub const SERVICE_USERNAME: &str = "service";
async fn not_found(message: &str) -> (StatusCode, Json<response::Response>) {
(
StatusCode::NOT_FOUND,
@@ -118,7 +114,7 @@ pub mod endpoint {
}),
)
} else {
return not_found("Could not verify password").await;
return not_found("Could not verify token").await;
}
} else {
return not_found("Error Hashing").await;
@@ -154,7 +150,7 @@ pub mod endpoint {
let mut response = response::service_login::Response::default();
match repo::service::valid_passphrase(&pool, &payload.passphrase).await {
Ok((id, _passphrase, _date_created)) => {
Ok((id, username, _date_created)) => {
let key = icarus_envy::environment::get_secret_key().await.value;
let (token_literal, duration) =
token_stuff::create_service_token(&key, &id).unwrap();
@@ -162,7 +158,7 @@ pub mod endpoint {
if token_stuff::verify_token(&key, &token_literal) {
let login_result = icarus_models::login_result::LoginResult {
id,
username: String::from(SERVICE_USERNAME),
username,
token: token_literal,
token_type: String::from(icarus_models::token::TOKEN_TYPE),
expiration: duration,
@@ -216,15 +212,15 @@ pub mod endpoint {
// Get passphrase record with id
match token_stuff::extract_id_from_token(&key, &payload.access_token) {
Ok(id) => match repo::service::get_passphrase(&pool, &id).await {
Ok((returned_id, _, _)) => {
match token_stuff::create_service_refresh_token(&key, &returned_id) {
Ok((username, _, _)) => {
match token_stuff::create_service_refresh_token(&key, &id) {
Ok((access_token, exp_dur)) => {
let login_result = icarus_models::login_result::LoginResult {
id: returned_id,
id,
token: access_token,
expiration: exp_dur,
token_type: String::from(icarus_models::token::TOKEN_TYPE),
username: String::from(SERVICE_USERNAME),
username,
};
response.message = String::from("Successful");
response.data.push(login_result);
+2 -53
View File
@@ -1,3 +1,5 @@
pub mod service;
pub mod user {
use sqlx::Row;
@@ -195,56 +197,3 @@ pub mod salt {
}
}
}
pub mod service {
use sqlx::Row;
pub async fn valid_passphrase(
pool: &sqlx::PgPool,
passphrase: &String,
) -> Result<(uuid::Uuid, String, time::OffsetDateTime), sqlx::Error> {
let result = sqlx::query(
r#"
SELECT * FROM "passphrase" WHERE passphrase = $1
"#,
)
.bind(passphrase)
.fetch_one(pool)
.await;
match result {
Ok(row) => {
let id: uuid::Uuid = row.try_get("id")?;
let passphrase: String = row.try_get("passphrase")?;
let date_created: Option<time::OffsetDateTime> = row.try_get("date_created")?;
Ok((id, passphrase, date_created.unwrap()))
}
Err(err) => Err(err),
}
}
pub async fn get_passphrase(
pool: &sqlx::PgPool,
id: &uuid::Uuid,
) -> Result<(uuid::Uuid, String, time::OffsetDateTime), sqlx::Error> {
let result = sqlx::query(
r#"
SELECT * FROM "passphrase" WHERE id = $1;
"#,
)
.bind(id)
.fetch_one(pool)
.await;
match result {
Ok(row) => {
let returned_id: uuid::Uuid = row.try_get("id")?;
let passphrase: String = row.try_get("passphrase")?;
let date_created: time::OffsetDateTime = row.try_get("date_created")?;
Ok((returned_id, passphrase, date_created))
}
Err(err) => Err(err),
}
}
}
+50
View File
@@ -0,0 +1,50 @@
use sqlx::Row;
pub async fn valid_passphrase(
pool: &sqlx::PgPool,
passphrase: &String,
) -> Result<(uuid::Uuid, String, time::OffsetDateTime), sqlx::Error> {
let result = sqlx::query(
r#"
SELECT id, username, date_created FROM "passphrase" WHERE passphrase = $1
"#,
)
.bind(passphrase)
.fetch_one(pool)
.await;
match result {
Ok(row) => {
let id: uuid::Uuid = row.try_get("id")?;
let username: String = row.try_get("username")?;
let date_created: Option<time::OffsetDateTime> = row.try_get("date_created")?;
Ok((id, username, date_created.unwrap()))
}
Err(err) => Err(err),
}
}
pub async fn get_passphrase(
pool: &sqlx::PgPool,
id: &uuid::Uuid,
) -> Result<(String, String, time::OffsetDateTime), sqlx::Error> {
let result = sqlx::query(
r#"
SELECT username, passphrase, date_created FROM "passphrase" WHERE id = $1;
"#,
)
.bind(id)
.fetch_one(pool)
.await;
match result {
Ok(row) => {
let username: String = row.try_get("username")?;
let passphrase: String = row.try_get("passphrase")?;
let date_created: time::OffsetDateTime = row.try_get("date_created")?;
Ok((username, passphrase, date_created))
}
Err(err) => Err(err),
}
}