From b87d7e02689644fb17aff450fadad66759a6976e Mon Sep 17 00:00:00 2001 From: Dennis Nemec Date: Thu, 2 Oct 2025 20:22:11 +0200 Subject: [PATCH] Implemented authentication with Keycloak --- .env.example | 4 + Cargo.lock | 874 ++++++++++++++++++++++++- Cargo.toml | 5 +- config.toml.example | 9 + docker-compose.yaml | 38 +- src/api.rs | 97 ++- src/auth.rs | 431 ++++++++++++ src/config.rs | 28 + src/gsd.rs | 2 + src/gsd/dto.rs | 27 + src/{service_gsd.rs => gsd/service.rs} | 70 +- src/main.rs | 46 +- src/middleware.rs | 120 +++- src/repository.rs | 22 +- src/util.rs | 18 +- 15 files changed, 1697 insertions(+), 94 deletions(-) create mode 100644 .env.example create mode 100644 src/auth.rs create mode 100644 src/gsd.rs create mode 100644 src/gsd/dto.rs rename src/{service_gsd.rs => gsd/service.rs} (60%) diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..67fec7e --- /dev/null +++ b/.env.example @@ -0,0 +1,4 @@ +POSTGRES_USER="admin" +POSTGRES_PASSWORD="admin" +KEYCLOAK_ADMIN_PASSWORD="admin" +KC_HOSTNAME="localhost" \ No newline at end of file diff --git a/Cargo.lock b/Cargo.lock index 26db589..a0bfb57 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -32,6 +32,16 @@ version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457" +[[package]] +name = "atomic-time" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9622f5c6fb50377516c70f65159e70b25465409760c6bd6d4e581318bf704e83" +dependencies = [ + "once_cell", + "portable-atomic", +] + [[package]] name = "atomic-waker" version = "1.1.2" @@ -96,6 +106,58 @@ dependencies = [ "tracing", ] +[[package]] +name = "axum-extra" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9963ff19f40c6102c76756ef0a46004c0d58957d87259fc9208ff8441c12ab96" +dependencies = [ + "axum", + "axum-core", + "bytes", + "cookie", + "futures-util", + "http", + "http-body", + "http-body-util", + "mime", + "pin-project-lite", + "rustversion", + "serde_core", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "axum-keycloak-auth" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0e418f474ee6cd0ba9c4ab6158f8369e29311f92ecc79cb88194b7b47de4c4ad" +dependencies = [ + "atomic-time", + "axum", + "educe", + "futures", + "http", + "jsonwebtoken", + "nonempty", + "reqwest", + "serde", + "serde-querystring", + "serde_json", + "serde_with", + "snafu", + "time", + "tokio", + "tower", + "tracing", + "try-again", + "typed-builder", + "url", + "uuid", +] + [[package]] name = "backon" version = "1.5.2" @@ -132,6 +194,15 @@ version = "2.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2261d10cca569e4643e526d8dc2e62e433cc8aba21ab764233731f8d369bf394" +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + [[package]] name = "bumpalo" version = "3.19.0" @@ -160,6 +231,12 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9" +[[package]] +name = "cfg_aliases" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" + [[package]] name = "chrono" version = "0.4.42" @@ -169,6 +246,7 @@ dependencies = [ "iana-time-zone", "js-sys", "num-traits", + "serde", "wasm-bindgen", "windows-link 0.2.0", ] @@ -187,6 +265,17 @@ dependencies = [ "tokio-util", ] +[[package]] +name = "cookie" +version = "0.18.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747" +dependencies = [ + "percent-encoding", + "time", + "version_check", +] + [[package]] name = "core-foundation" version = "0.9.4" @@ -203,14 +292,70 @@ version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "darling" +version = "0.21.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9cdf337090841a411e2a7f3deb9187445851f91b309c0c0a29e05f74a00a48c0" +dependencies = [ + "darling_core", + "darling_macro", +] + +[[package]] +name = "darling_core" +version = "0.21.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1247195ecd7e3c85f83c8d2a366e4210d588e802133e1e355180a9870b517ea4" +dependencies = [ + "fnv", + "ident_case", + "proc-macro2", + "quote", + "strsim", + "syn", +] + +[[package]] +name = "darling_macro" +version = "0.21.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d38308df82d1080de0afee5d069fa14b0326a88c14f15c5ccda35b4a6c414c81" +dependencies = [ + "darling_core", + "quote", + "syn", +] + [[package]] name = "delivery-backend" version = "0.1.0" dependencies = [ "axum", + "axum-extra", + "axum-keycloak-auth", "chrono", - "http", "log", + "oauth2", "redis", "reqwest", "serde", @@ -218,6 +363,7 @@ dependencies = [ "simplelog", "tokio", "toml", + "uuid", ] [[package]] @@ -227,6 +373,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a41953f86f8a05768a6cda24def994fd2f424b04ec5c719cf89989779f199071" dependencies = [ "powerfmt", + "serde_core", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "crypto-common", ] [[package]] @@ -240,6 +397,24 @@ dependencies = [ "syn", ] +[[package]] +name = "dyn-clone" +version = "1.0.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555" + +[[package]] +name = "educe" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d7bc049e1bd8cdeb31b68bbd586a9464ecf9f3944af3958a7a9d0f8b9799417" +dependencies = [ + "enum-ordinalize", + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "encoding_rs" version = "0.8.35" @@ -249,6 +424,26 @@ dependencies = [ "cfg-if", ] +[[package]] +name = "enum-ordinalize" +version = "4.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fea0dcfa4e54eeb516fe454635a95753ddd39acda650ce703031c6973e315dd5" +dependencies = [ + "enum-ordinalize-derive", +] + +[[package]] +name = "enum-ordinalize-derive" +version = "4.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d28318a75d4aead5c4db25382e8ef717932d0346600cacae6357eb5941bc5ff" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "equivalent" version = "1.0.2" @@ -262,7 +457,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.59.0", + "windows-sys 0.61.1", ] [[package]] @@ -307,6 +502,21 @@ dependencies = [ "percent-encoding", ] +[[package]] +name = "futures" +version = "0.3.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "65bc07b1a8bc7c85c5f2e110c476c7389b4554ba72af57d8445ea63a576b0876" +dependencies = [ + "futures-channel", + "futures-core", + "futures-executor", + "futures-io", + "futures-sink", + "futures-task", + "futures-util", +] + [[package]] name = "futures-channel" version = "0.3.31" @@ -314,6 +524,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10" dependencies = [ "futures-core", + "futures-sink", ] [[package]] @@ -322,6 +533,34 @@ version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e" +[[package]] +name = "futures-executor" +version = "0.3.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f" +dependencies = [ + "futures-core", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-io" +version = "0.3.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6" + +[[package]] +name = "futures-macro" +version = "0.3.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "futures-sink" version = "0.3.31" @@ -340,14 +579,28 @@ version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81" dependencies = [ + "futures-channel", "futures-core", + "futures-io", + "futures-macro", "futures-sink", "futures-task", + "memchr", "pin-project-lite", "pin-utils", "slab", ] +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", +] + [[package]] name = "getrandom" version = "0.2.16" @@ -355,8 +608,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "335ff9f135e4384c8150d6f27c6daed433577f86b4750418338c01a1a2528592" dependencies = [ "cfg-if", + "js-sys", "libc", "wasi 0.11.1+wasi-snapshot-preview1", + "wasm-bindgen", ] [[package]] @@ -366,9 +621,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4" dependencies = [ "cfg-if", + "js-sys", "libc", "r-efi", "wasi 0.14.7+wasi-0.2.4", + "wasm-bindgen", ] [[package]] @@ -389,19 +646,37 @@ dependencies = [ "futures-core", "futures-sink", "http", - "indexmap", + "indexmap 2.11.4", "slab", "tokio", "tokio-util", "tracing", ] +[[package]] +name = "hashbrown" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" + [[package]] name = "hashbrown" version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5419bdc4f6a9207fbeba6d11b604d481addf78ecd10c11ad51e76c2f6482748d" +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" + [[package]] name = "http" version = "1.3.1" @@ -485,6 +760,7 @@ dependencies = [ "tokio", "tokio-rustls", "tower-service", + "webpki-roots", ] [[package]] @@ -639,6 +915,12 @@ dependencies = [ "zerovec", ] +[[package]] +name = "ident_case" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" + [[package]] name = "idna" version = "1.1.0" @@ -660,6 +942,17 @@ dependencies = [ "icu_properties", ] +[[package]] +name = "indexmap" +version = "1.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" +dependencies = [ + "autocfg", + "hashbrown 0.12.3", + "serde", +] + [[package]] name = "indexmap" version = "2.11.4" @@ -667,7 +960,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4b0f83760fb341a774ed326568e19f5a863af4a952def8c39f9ab92fd95b88e5" dependencies = [ "equivalent", - "hashbrown", + "hashbrown 0.16.0", + "serde", + "serde_core", ] [[package]] @@ -713,6 +1008,87 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "jsonwebtoken" +version = "9.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a87cc7a48537badeae96744432de36f4be2b4a34a05a5ef32e9dd8a1c169dde" +dependencies = [ + "base64", + "js-sys", + "pem", + "ring", + "serde", + "serde_json", + "simple_asn1", +] + +[[package]] +name = "lexical" +version = "7.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bc8a009b2ff1f419ccc62706f04fe0ca6e67b37460513964a3dfdb919bb37d6" +dependencies = [ + "lexical-core", +] + +[[package]] +name = "lexical-core" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d8d125a277f807e55a77304455eb7b1cb52f2b18c143b60e766c120bd64a594" +dependencies = [ + "lexical-parse-float", + "lexical-parse-integer", + "lexical-util", + "lexical-write-float", + "lexical-write-integer", +] + +[[package]] +name = "lexical-parse-float" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52a9f232fbd6f550bc0137dcb5f99ab674071ac2d690ac69704593cb4abbea56" +dependencies = [ + "lexical-parse-integer", + "lexical-util", +] + +[[package]] +name = "lexical-parse-integer" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a7a039f8fb9c19c996cd7b2fcce303c1b2874fe1aca544edc85c4a5f8489b34" +dependencies = [ + "lexical-util", +] + +[[package]] +name = "lexical-util" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2604dd126bb14f13fb5d1bd6a66155079cb9fa655b37f875b3a742c705dbed17" + +[[package]] +name = "lexical-write-float" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50c438c87c013188d415fbabbb1dceb44249ab81664efbd31b14ae55dabb6361" +dependencies = [ + "lexical-util", + "lexical-write-integer", +] + +[[package]] +name = "lexical-write-integer" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "409851a618475d2d5796377cad353802345cba92c867d9fbcde9cf4eac4e14df" +dependencies = [ + "lexical-util", +] + [[package]] name = "libc" version = "0.2.176" @@ -747,6 +1123,12 @@ version = "0.4.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432" +[[package]] +name = "lru-slab" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154" + [[package]] name = "matchit" version = "0.8.4" @@ -802,6 +1184,12 @@ dependencies = [ "tempfile", ] +[[package]] +name = "nonempty" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "549e471b99ccaf2f89101bec68f4d244457d5a95a9c3d0672e9564124397741d" + [[package]] name = "num-bigint" version = "0.4.6" @@ -845,6 +1233,26 @@ dependencies = [ "libc", ] +[[package]] +name = "oauth2" +version = "5.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51e219e79014df21a225b1860a479e2dcd7cbd9130f4defd4bd0e191ea31d67d" +dependencies = [ + "base64", + "chrono", + "getrandom 0.2.16", + "http", + "rand 0.8.5", + "reqwest", + "serde", + "serde_json", + "serde_path_to_error", + "sha2", + "thiserror 1.0.69", + "url", +] + [[package]] name = "object" version = "0.37.3" @@ -927,6 +1335,16 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "pem" +version = "3.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38af38e8470ac9dee3ce1bae1af9c1671fffc44ddfd8bd1d0a3445bf349a8ef3" +dependencies = [ + "base64", + "serde", +] + [[package]] name = "percent-encoding" version = "2.3.2" @@ -951,6 +1369,12 @@ version = "0.3.32" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" +[[package]] +name = "portable-atomic" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f84267b20a16ea918e43c6a88433c2d54fa145c92a811b5b047ccbe153674483" + [[package]] name = "potential_utf" version = "0.1.3" @@ -966,6 +1390,15 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", +] + [[package]] name = "proc-macro2" version = "1.0.101" @@ -975,6 +1408,61 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "quinn" +version = "0.11.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20" +dependencies = [ + "bytes", + "cfg_aliases", + "pin-project-lite", + "quinn-proto", + "quinn-udp", + "rustc-hash", + "rustls", + "socket2", + "thiserror 2.0.17", + "tokio", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-proto" +version = "0.11.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1906b49b0c3bc04b5fe5d86a77925ae6524a19b816ae38ce1e426255f1d8a31" +dependencies = [ + "bytes", + "getrandom 0.3.3", + "lru-slab", + "rand 0.9.2", + "ring", + "rustc-hash", + "rustls", + "rustls-pki-types", + "slab", + "thiserror 2.0.17", + "tinyvec", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-udp" +version = "0.5.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "addec6a0dcad8a8d96a771f815f0eaf55f9d1805756410b39f5fa81332574cbd" +dependencies = [ + "cfg_aliases", + "libc", + "once_cell", + "socket2", + "tracing", + "windows-sys 0.59.0", +] + [[package]] name = "quote" version = "1.0.41" @@ -990,6 +1478,65 @@ version = "5.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha 0.3.1", + "rand_core 0.6.4", +] + +[[package]] +name = "rand" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" +dependencies = [ + "rand_chacha 0.9.0", + "rand_core 0.9.3", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core 0.6.4", +] + +[[package]] +name = "rand_chacha" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" +dependencies = [ + "ppv-lite86", + "rand_core 0.9.3", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom 0.2.16", +] + +[[package]] +name = "rand_core" +version = "0.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" +dependencies = [ + "getrandom 0.3.3", +] + [[package]] name = "redis" version = "0.32.6" @@ -1024,6 +1571,26 @@ dependencies = [ "bitflags", ] +[[package]] +name = "ref-cast" +version = "1.0.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f354300ae66f76f1c85c5f84693f0ce81d747e2c3f21a45fef496d89c960bf7d" +dependencies = [ + "ref-cast-impl", +] + +[[package]] +name = "ref-cast-impl" +version = "1.0.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7186006dcb21920990093f30e3dea63b7d6e977bf1256be20c3563a5db070da" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "reqwest" version = "0.12.23" @@ -1048,6 +1615,8 @@ dependencies = [ "native-tls", "percent-encoding", "pin-project-lite", + "quinn", + "rustls", "rustls-pki-types", "serde", "serde_json", @@ -1055,6 +1624,7 @@ dependencies = [ "sync_wrapper", "tokio", "tokio-native-tls", + "tokio-rustls", "tower", "tower-http", "tower-service", @@ -1062,6 +1632,7 @@ dependencies = [ "wasm-bindgen", "wasm-bindgen-futures", "web-sys", + "webpki-roots", ] [[package]] @@ -1084,6 +1655,12 @@ version = "0.1.26" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace" +[[package]] +name = "rustc-hash" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" + [[package]] name = "rustix" version = "1.1.2" @@ -1094,7 +1671,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys 0.59.0", + "windows-sys 0.61.1", ] [[package]] @@ -1104,6 +1681,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cd3c25631629d034ce7cd9940adc9d45762d46de2b0f57193c4443b92c6d4d40" dependencies = [ "once_cell", + "ring", "rustls-pki-types", "rustls-webpki", "subtle", @@ -1116,14 +1694,15 @@ version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "229a4a4c221013e7e1f1a043678c5cc39fe5171437c88fb47151a21e6f5b5c79" dependencies = [ + "web-time", "zeroize", ] [[package]] name = "rustls-webpki" -version = "0.103.6" +version = "0.103.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8572f3c2cb9934231157b45499fc41e1f58c589fdfb81a844ba873265e80f8eb" +checksum = "e10b3f4191e8a80e6b43eebabfac91e5dcecebb27a71f04e820c47ec41d314bf" dependencies = [ "ring", "rustls-pki-types", @@ -1151,6 +1730,30 @@ dependencies = [ "windows-sys 0.61.1", ] +[[package]] +name = "schemars" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cd191f9397d57d581cddd31014772520aa448f65ef991055d7f61582c65165f" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + +[[package]] +name = "schemars" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "82d20c4491bc164fa2f6c5d44565947a52ad80b9505d8e36f8d54c27c739fcd0" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + [[package]] name = "scopeguard" version = "1.2.0" @@ -1190,6 +1793,16 @@ dependencies = [ "serde_derive", ] +[[package]] +name = "serde-querystring" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ae1940bc2612f641456fc715125e4002cbd235d040188a1994e64b734054c2e" +dependencies = [ + "lexical", + "serde", +] + [[package]] name = "serde_core" version = "1.0.228" @@ -1255,12 +1868,55 @@ dependencies = [ "serde", ] +[[package]] +name = "serde_with" +version = "3.14.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c522100790450cf78eeac1507263d0a350d4d5b30df0c8e1fe051a10c22b376e" +dependencies = [ + "base64", + "chrono", + "hex", + "indexmap 1.9.3", + "indexmap 2.11.4", + "schemars 0.9.0", + "schemars 1.0.4", + "serde", + "serde_derive", + "serde_json", + "serde_with_macros", + "time", +] + +[[package]] +name = "serde_with_macros" +version = "3.14.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "327ada00f7d64abaac1e55a6911e90cf665aa051b9a561c7006c157f4633135e" +dependencies = [ + "darling", + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "sha1_smol" version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbfa15b3dddfee50a0fff136974b3e1bde555604ba463834a7eb7deb6417705d" +[[package]] +name = "sha2" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + [[package]] name = "shlex" version = "1.3.0" @@ -1276,6 +1932,18 @@ dependencies = [ "libc", ] +[[package]] +name = "simple_asn1" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "297f631f50729c8c99b84667867963997ec0b50f32b2a7dbcab828ef0541e8bb" +dependencies = [ + "num-bigint", + "num-traits", + "thiserror 2.0.17", + "time", +] + [[package]] name = "simplelog" version = "0.12.2" @@ -1299,6 +1967,27 @@ version = "1.15.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" +[[package]] +name = "snafu" +version = "0.8.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e84b3f4eacbf3a1ce05eac6763b4d629d60cbc94d632e4092c54ade71f1e1a2" +dependencies = [ + "snafu-derive", +] + +[[package]] +name = "snafu-derive" +version = "0.8.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1c97747dbf44bb1ca44a561ece23508e99cb592e862f22222dcf42f51d1e451" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "socket2" version = "0.6.0" @@ -1315,6 +2004,12 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + [[package]] name = "subtle" version = "2.6.1" @@ -1383,7 +2078,7 @@ dependencies = [ "getrandom 0.3.3", "once_cell", "rustix", - "windows-sys 0.59.0", + "windows-sys 0.61.1", ] [[package]] @@ -1395,6 +2090,46 @@ dependencies = [ "winapi-util", ] +[[package]] +name = "thiserror" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52" +dependencies = [ + "thiserror-impl 1.0.69", +] + +[[package]] +name = "thiserror" +version = "2.0.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f63587ca0f12b72a0600bcba1d40081f830876000bb46dd2337a3051618f4fc8" +dependencies = [ + "thiserror-impl 2.0.17", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thiserror-impl" +version = "2.0.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3ff15c8ecd7de3849db632e14d18d2571fa09dfc5ed93479bc4485c7a517c913" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "time" version = "0.3.44" @@ -1438,6 +2173,21 @@ dependencies = [ "zerovec", ] +[[package]] +name = "tinyvec" +version = "1.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa5fdc3bce6191a1dbc8c02d5c8bffcf557bafa17c124c5264a458f1b0613fa" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + [[package]] name = "tokio" version = "1.47.1" @@ -1508,7 +2258,7 @@ version = "0.9.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "00e5e5d9bf2475ac9d4f0d9edab68cc573dc2fd644b0dba36b0c30a92dd9eaa0" dependencies = [ - "indexmap", + "indexmap 2.11.4", "serde_core", "serde_spanned", "toml_datetime", @@ -1595,9 +2345,21 @@ checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0" dependencies = [ "log", "pin-project-lite", + "tracing-attributes", "tracing-core", ] +[[package]] +name = "tracing-attributes" +version = "0.1.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81383ab64e72a7a8b8e13130c49e3dab29def6d0c7d76a03087b3cf71c5c6903" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "tracing-core" version = "0.1.34" @@ -1607,12 +2369,48 @@ dependencies = [ "once_cell", ] +[[package]] +name = "try-again" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7840f01e68d609b64f3d6954d52846fa42b5dad9403eaecd00d2658d85f0cbff" +dependencies = [ + "tokio", + "tracing", +] + [[package]] name = "try-lock" version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" +[[package]] +name = "typed-builder" +version = "0.21.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fef81aec2ca29576f9f6ae8755108640d0a86dd3161b2e8bca6cfa554e98f77d" +dependencies = [ + "typed-builder-macro", +] + +[[package]] +name = "typed-builder-macro" +version = "0.21.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ecb9ecf7799210407c14a8cfdfe0173365780968dc57973ed082211958e0b18" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "typenum" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb" + [[package]] name = "unicode-ident" version = "1.0.19" @@ -1643,12 +2441,29 @@ version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" +[[package]] +name = "uuid" +version = "1.18.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f87b8aa10b915a06587d0dec516c282ff295b475d94abf425d62b57710070a2" +dependencies = [ + "getrandom 0.3.3", + "js-sys", + "wasm-bindgen", +] + [[package]] name = "vcpkg" version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + [[package]] name = "want" version = "0.3.1" @@ -1764,13 +2579,32 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "web-time" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "webpki-roots" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e8983c3ab33d6fb807cfcdad2491c4ea8cbc8ed839181c7dfd9c67c83e261b2" +dependencies = [ + "rustls-pki-types", +] + [[package]] name = "winapi-util" version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22" dependencies = [ - "windows-sys 0.59.0", + "windows-sys 0.61.1", ] [[package]] @@ -2000,6 +2834,26 @@ dependencies = [ "synstructure", ] +[[package]] +name = "zerocopy" +version = "0.8.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0894878a5fa3edfd6da3f88c4805f4c8558e2b996227a3d864f47fe11e38282c" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88d2b8d9c68ad2b9e4340d7832716a4d21a22a1154777ad56ea55c51a9cf3831" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "zerofrom" version = "0.1.6" diff --git a/Cargo.toml b/Cargo.toml index d14bb25..1c1a4e8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -5,8 +5,8 @@ edition = "2024" [dependencies] axum = "0.8.6" +axum-keycloak-auth = "0.8.3" chrono = "0.4.42" -http = "1.3.1" log = "0.4.28" redis = { version = "0.32.6", features = ["connection-manager", "tokio-comp"] } reqwest = { version = "0.12.23", features = ["json"] } @@ -15,3 +15,6 @@ serde_json = "1.0.145" simplelog = "0.12.2" tokio = { version = "1.47.1", features = ["full"] } toml = "0.9.7" +oauth2 = "5.0.0" +uuid = "1.18.1" +axum-extra = { version = "0.10.3", features = ["cookie"] } diff --git a/config.toml.example b/config.toml.example index 27465a3..5839c3e 100644 --- a/config.toml.example +++ b/config.toml.example @@ -3,7 +3,16 @@ host_ip = "127.0.0.1" host_port = 3000 redis_url = "redis://127.0.0.1:6379" gsd_app_key = "GSD-RestApi" +frontend_url = "http://127.0.0.1:3000" gsd_rest_url = "http://192.168.1.9:8334" gsd_user = "GSDWebServiceTmp" gsd_password = "" gsd_app_names = ["GSD-RestApi"] + +[keycloak] +realm_url = "http://localhost:8080/realms/master" +client_id = "delivery-app" +client_secret = "" +auth_url = "http://localhost:8080/realms/master/protocol/openid-connect/auth" +token_url = "http://localhost:8080/realms/master/protocol/openid-connect/token" +redirect_url = "http://127.0.0.1:3000/callback" \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml index 2605234..f4dbf5c 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -23,7 +23,7 @@ services: dockerfile: Dockerfile container_name: rust-microservice ports: - - "8080:8080" + - "3000:8080" environment: - REDIS_URL=redis://redis:6379 - RUST_LOG=info @@ -34,10 +34,46 @@ services: - app-network restart: unless-stopped + keycloak_web: + image: quay.io/keycloak/keycloak:23.0.7 + container_name: keycloak_web + environment: + KC_DB: postgres + KC_DB_URL: jdbc:postgresql://keycloakdb:5432/keycloak + KC_DB_USERNAME: ${POSTGRES_USER} + KC_DB_PASSWORD: ${POSTGRES_PASSWORD} + + KC_HOSTNAME: localhost + KC_HOSTNAME_PORT: 8080 + KC_HOSTNAME_STRICT: false + KC_HOSTNAME_STRICT_HTTPS: false + + KC_LOG_LEVEL: info + KC_METRICS_ENABLED: true + KC_HEALTH_ENABLED: true + KEYCLOAK_ADMIN: admin + KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD} + command: start-dev + depends_on: + - keycloakdb + ports: + - 8080:8080 + + keycloakdb: + image: postgres:15 + volumes: + - postgres_data:/var/lib/postgresql/data + environment: + POSTGRES_DB: keycloak + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + networks: app-network: driver: bridge volumes: redis-data: + driver: local + postgres_data: driver: local \ No newline at end of file diff --git a/src/api.rs b/src/api.rs index ceb4ba4..27c8c1b 100644 --- a/src/api.rs +++ b/src/api.rs @@ -1,26 +1,97 @@ +use crate::gsd::dto::GSDResponseDTO; use crate::middleware::AppState; +use crate::util::set_and_log_session; use axum::Extension; -use axum::extract::Request; -use axum::response::IntoResponse; -use http::StatusCode; -use log::error; -use std::sync::Arc; use axum::body::Body; +use axum::extract::Request; +use axum::http::{HeaderValue, StatusCode}; +use axum::response::IntoResponse; +use log::{error, info}; +use std::sync::Arc; pub async fn handle_post( Extension(state): Extension>, request: Request, ) -> impl IntoResponse { - match state.clone().gsd_service.forward_post_request(request).await { - Ok(e) => e.text().await.unwrap().into_response(), + let cloned_state = state.clone(); + let (mut parts, body) = request.into_parts(); + let body_bytes = axum::body::to_bytes(body, usize::MAX).await.unwrap(); - Err(e) => { - error!("Failed to forward post: {:?}", e); - StatusCode::INTERNAL_SERVER_ERROR.into_response() + let mut forwarded_request = cloned_state + .gsd_service + .forward_post_request(Request::from_parts( + parts.clone(), + Body::from(body_bytes.clone()), + )) + .await; + + if forwarded_request.is_err() { + error!( + "Failed to forward post: {:?}", + forwarded_request.err().unwrap() + ); + return StatusCode::INTERNAL_SERVER_ERROR.into_response(); + } + + let content_text = forwarded_request.unwrap().text().await; + if content_text.is_err() { + error!("Failed to read content text: {:?}", content_text.err()); + return StatusCode::INTERNAL_SERVER_ERROR.into_response(); + } + + let content = serde_json::from_str::(content_text.as_ref().unwrap().as_str()); + + if content.is_err() { + error!("Failed to read content json: {:?}", content.err()); + error!("Content: {:?}", content_text); + return StatusCode::INTERNAL_SERVER_ERROR.into_response(); + } + + let content_unwrapped = content.unwrap(); + // Invalid session + if content_unwrapped.status.is_some() + && content_unwrapped.status.unwrap().internal_status == "201" + { + info!("Session invalid. Re-negotiate new session"); + + match cloned_state.gsd_service.get_session().await { + Ok(session) => { + set_and_log_session(&cloned_state, session.clone()).await; + + parts.headers.remove("sessionId"); + parts.headers.insert( + "sessionId", + HeaderValue::from_str(session.clone().as_str()).unwrap(), + ); + + forwarded_request = cloned_state + .gsd_service + .forward_post_request(Request::from_parts( + parts.clone(), + Body::from(body_bytes.clone()), + )) + .await; + + if let Err(e) = &forwarded_request { + error!("Redis: failed to forward post: {:?}", e); + return StatusCode::INTERNAL_SERVER_ERROR.into_response(); + } + + forwarded_request + .unwrap() + .text() + .await + .unwrap() + .into_response() + } + Err(error) => { + error!("Error getting session: {:?}", error); + StatusCode::UNAUTHORIZED.into_response() + } } + } else { + content_text.unwrap().into_response() } } -pub async fn handle_login() -> impl IntoResponse { - -} +pub async fn handle_login() -> impl IntoResponse {} diff --git a/src/auth.rs b/src/auth.rs new file mode 100644 index 0000000..5d4277e --- /dev/null +++ b/src/auth.rs @@ -0,0 +1,431 @@ +use crate::config::Config; +use crate::middleware::AppState; +use crate::repository::RedisRepository; +use axum::http::{StatusCode, header}; +use axum::response::Response; +use axum::{ + Router, + extract::{Query, State}, + response::{IntoResponse, Redirect}, + routing::get, +}; +use axum_extra::extract::CookieJar; +use oauth2::basic::{ + BasicErrorResponse, BasicRevocationErrorResponse, BasicTokenIntrospectionResponse, + BasicTokenResponse, +}; +use oauth2::{ + AuthUrl, AuthorizationCode, Client, ClientId, ClientSecret, CsrfToken, EndpointNotSet, + EndpointSet, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, Scope, StandardRevocableToken, + TokenResponse, TokenUrl, basic::BasicClient, +}; +use serde::{Deserialize, Serialize}; +use std::sync::Arc; +use axum::routing::post; + +pub type OAuthClient = Client< + BasicErrorResponse, + BasicTokenResponse, + BasicTokenIntrospectionResponse, + StandardRevocableToken, + BasicRevocationErrorResponse, + EndpointSet, + EndpointNotSet, + EndpointNotSet, + EndpointNotSet, + EndpointSet, +>; + +pub fn router(state: Arc) -> Router { + Router::new() + .route("/login", get(login)) + .route("/callback", get(callback)) + .route("/logout", post(logout)) + .with_state(state) +} + +async fn login(State(client): State>) -> impl IntoResponse { + let cloned_client = client.clone(); + let (pkce_challenge, pkce_verifier) = PkceCodeChallenge::new_random_sha256(); + let csrf_token = CsrfToken::new_random(); + + // Store the PKCE verifier in Redis with CSRF token as key + let redis_key = format!("pkce_verifier:{}", csrf_token.secret()); + let verifier_secret = pkce_verifier.secret().to_string(); + + match cloned_client + .repository + .set_with_expiry(&redis_key, &verifier_secret, 600) // 10 minutes expiry + .await + { + Ok(_) => { + let (auth_url, _) = cloned_client + .oauth_client + .authorize_url(|| csrf_token) + .add_scope(Scope::new("openid".to_string())) + .add_scope(Scope::new("profile".to_string())) + .add_scope(Scope::new("email".to_string())) + .set_pkce_challenge(pkce_challenge) + .url(); + + Redirect::to(auth_url.as_str()).into_response() + } + Err(e) => { + log::error!("Failed to store PKCE verifier in Redis: {:?}", e); + ( + StatusCode::INTERNAL_SERVER_ERROR, + "Failed to initiate login", + ) + .into_response() + } + } +} + +#[derive(Deserialize)] +pub struct Callback { + code: String, + state: String, +} + +#[derive(Serialize, Deserialize, Debug)] +pub struct UserSession { + pub(crate) access_token: String, + pub(crate) refresh_token: String, + pub(crate) expires_at: i64, +} + +async fn callback( + State(client): State>, + Query(query): Query, +) -> impl IntoResponse { + let http_client = reqwest::ClientBuilder::new() + .redirect(reqwest::redirect::Policy::none()) + .build() + .expect("Client should build"); + + let cloned_state = client.clone(); + + // Retrieve the PKCE verifier from Redis using CSRF token + let redis_key = format!("pkce_verifier:{}", query.state); + + let verifier_secret = match cloned_state.repository.get(&redis_key).await { + Ok(Some(secret)) => secret, + Ok(None) => { + log::error!("PKCE verifier not found for state: {}", query.state); + return ( + StatusCode::BAD_REQUEST, + "Invalid or expired login session. Please try again.", + ) + .into_response(); + } + Err(e) => { + log::error!("Failed to retrieve PKCE verifier from Redis: {:?}", e); + return (StatusCode::INTERNAL_SERVER_ERROR, "Login failed").into_response(); + } + }; + + // Delete the verifier from Redis (one-time use) + let _ = cloned_state.repository.delete(&redis_key).await; + let pkce_verifier = PkceCodeVerifier::new(verifier_secret); + + let token_result = cloned_state + .oauth_client + .exchange_code(AuthorizationCode::new(query.code)) + .set_pkce_verifier(pkce_verifier) + .request_async(&http_client) + .await; + + match token_result { + Ok(token) => { + let access_token = token.access_token().secret(); + let refresh_token = token + .refresh_token() + .map(|rt| rt.secret().to_string()) + .unwrap_or_else(|| "No refresh token".to_string()); + + let expires_at = chrono::Utc::now().timestamp() + + token + .expires_in() + .map(|d| d.as_secs() as i64) + .unwrap_or(3600); + + // ============================================ + // 1. GENERATE A UNIQUE SESSION ID + // ============================================ + let session_id = uuid::Uuid::now_v7().to_string(); + + // ============================================ + // 2. CREATE THE USER SESSION STRUCT + // ============================================ + let user_session = UserSession { + access_token: access_token.clone(), + refresh_token: refresh_token.clone(), + expires_at, + }; + + // ============================================ + // 3. SERIALIZE THE SESSION TO JSON + // ============================================ + let session_key = format!("user_session:{}", session_id); + let session_json = match serde_json::to_string(&user_session) { + Ok(json) => json, + Err(e) => { + log::error!("Failed to serialize user session: {:?}", e); + return (StatusCode::INTERNAL_SERVER_ERROR, "Login failed").into_response(); + } + }; + + // ============================================ + // 4. STORE IN REDIS WITH 24 HOUR EXPIRATION + // This is where the tokens are actually stored! + // ============================================ + if let Err(e) = cloned_state + .repository + .set_with_expiry(&session_key, &session_json, 86400) // 86400 = 24 hours + .await + { + log::error!("Failed to store user session in Redis: {:?}", e); + return (StatusCode::INTERNAL_SERVER_ERROR, "Login failed").into_response(); + } + + log::info!("Successfully created session {} for user", session_id); + + let cookie = format!( + "session_id={}; Path=/; HttpOnly; SameSite=Lax; Max-Age=86400", + session_id + ); + + // 4. Redirect to frontend + let redirect_url = format!("{}?login=success", cloned_state.frontend_url); + + Response::builder() + .status(StatusCode::FOUND) + .header(header::SET_COOKIE, cookie) + .header(header::LOCATION, redirect_url.clone()) + .body::(format!("Redirecting to {}", redirect_url).into()) + .unwrap() + .into_response() + } + Err(e) => { + log::error!("Token exchange failed: {:?}", e); + (StatusCode::UNAUTHORIZED, format!("Login failed: {:?}", e)).into_response() + } + } +} + +pub fn create_oauth_client(config: &Config) -> OAuthClient { + BasicClient::new(ClientId::new(config.keycloak.client_id.clone())) + .set_client_secret(ClientSecret::new(config.keycloak.client_secret.clone())) + .set_redirect_uri(RedirectUrl::new(config.keycloak.redirect_url.clone()).unwrap()) + .set_token_uri(TokenUrl::new(config.keycloak.token_url.clone()).unwrap()) + .set_auth_uri(AuthUrl::new(config.keycloak.auth_url.clone()).unwrap()) +} + +/// Internal helper to refresh access token +pub async fn refresh_access_token_internal( + client: &OAuthClient, + repository: &RedisRepository, + session_id: &str, + user_session: &mut UserSession, +) -> Result { + use oauth2::{RefreshToken, TokenResponse}; + + let http_client = reqwest::ClientBuilder::new() + .redirect(reqwest::redirect::Policy::none()) + .build() + .expect("Client should build"); + + let refresh_token = &user_session.refresh_token; + + // Exchange refresh token for new access token + let token_result = client + .exchange_refresh_token(&RefreshToken::new(refresh_token.clone())) + .request_async(&http_client) + .await + .map_err(|e| format!("Token refresh request failed: {:?}", e))?; + + // Update session with new tokens + let new_access_token = token_result.access_token().secret().to_string(); + user_session.access_token = new_access_token.clone(); + + // Update refresh token if a new one was provided + if let Some(new_refresh_token) = token_result.refresh_token() { + user_session.refresh_token = new_refresh_token.secret().to_string(); + } + + // Update expiration time + user_session.expires_at = chrono::Utc::now().timestamp() + + token_result + .expires_in() + .map(|d| d.as_secs() as i64) + .unwrap_or(3600); + + // Save updated session back to Redis + let session_key = format!("user_session:{}", session_id); + let updated_json = serde_json::to_string(&user_session) + .map_err(|e| format!("Failed to serialize session: {:?}", e))?; + + repository + .set_with_expiry(&session_key, &updated_json, 86400) + .await + .map_err(|e| format!("Failed to update session in Redis: {:?}", e))?; + + Ok(new_access_token) +} + +async fn logout(jar: CookieJar, State(oauth_state): State>) -> impl IntoResponse { + // 1. Extract session ID from cookie + let session_id = match jar.get("session_id") { + Some(cookie) => cookie.value().to_string(), + None => { + log::warn!("Logout attempted without session cookie"); + return (StatusCode::BAD_REQUEST, "No active session").into_response(); + } + }; + + // 2. Get session from Redis to retrieve tokens + let session_key = format!("user_session:{}", session_id); + let session_json = match oauth_state.repository.get(&session_key).await { + Ok(Some(json)) => json, + Ok(None) => { + log::warn!("Session not found in Redis: {}", session_id); + // Session already gone, just clear cookie + return clear_session_cookie().into_response(); + } + Err(e) => { + log::error!("Redis error while fetching session for logout: {:?}", e); + return (StatusCode::INTERNAL_SERVER_ERROR, "Logout failed").into_response(); + } + }; + + let user_session: UserSession = match serde_json::from_str(&session_json) { + Ok(session) => session, + Err(e) => { + log::error!("Failed to parse session JSON during logout: {:?}", e); + // Clean up anyway + let _ = oauth_state.repository.delete(&session_key).await; + return clear_session_cookie().into_response(); + } + }; + + // 3. Revoke tokens at Keycloak + let revoke_result = revoke_tokens_at_keycloak( + &oauth_state, + &user_session.access_token, + &user_session.refresh_token, + ) + .await; + + if let Err(e) = revoke_result { + log::error!("Failed to revoke tokens at Keycloak: {}", e); + // Continue anyway - we'll still delete local session + } else { + log::info!( + "Successfully revoked tokens at Keycloak for session {}", + session_id + ); + } + + // 4. Delete session from Redis + match oauth_state.repository.delete(&session_key).await { + Ok(_) => { + log::info!("Successfully deleted session {} from Redis", session_id); + } + Err(e) => { + log::error!("Failed to delete session from Redis: {:?}", e); + } + } + + // 5. Clear session cookie and respond + clear_session_cookie().into_response() +} + +/// Helper function to revoke tokens at Keycloak's revocation endpoint +async fn revoke_tokens_at_keycloak( + oauth_state: &Arc, + access_token: &str, + refresh_token: &str, +) -> Result<(), String> { + // Get client credentials from OAuth client + let client_id = oauth_state.oauth_client.client_id().as_str(); + let client_secret = oauth_state.config.keycloak.client_secret.as_str(); + + // Build revocation endpoint URL + // Keycloak's revocation endpoint is typically at: + // {realm_url}/protocol/openid-connect/revoke + let token_url = oauth_state.config.keycloak.token_url.as_str(); + + // Replace /token with /revoke + let revoke_url = token_url.replace("/token", "/revoke"); + + log::info!("Revoking tokens at: {}", revoke_url); + + let client = reqwest::Client::new(); + + // Revoke refresh token (this also invalidates the access token) + let revoke_refresh_result = client + .post(&revoke_url) + .form(&[ + ("token", refresh_token), + ("token_type_hint", "refresh_token"), + ("client_id", client_id), + ("client_secret", client_secret), + ]) + .send() + .await + .map_err(|e| format!("Failed to send revoke request: {:?}", e))?; + + if !revoke_refresh_result.status().is_success() { + let status = revoke_refresh_result.status(); + let body = revoke_refresh_result + .text() + .await + .unwrap_or_else(|_| "Unable to read response".to_string()); + log::warn!( + "Token revocation returned non-success status {}: {}", + status, + body + ); + // Note: Keycloak returns 200 even if token is already invalid, so this is unusual + } + + // Optionally also revoke access token explicitly + let revoke_access_result = client + .post(&revoke_url) + .form(&[ + ("token", access_token), + ("token_type_hint", "access_token"), + ("client_id", client_id), + ("client_secret", client_secret), + ]) + .send() + .await + .map_err(|e| format!("Failed to send revoke request for access token: {:?}", e))?; + + if !revoke_access_result.status().is_success() { + let status = revoke_access_result.status(); + let body = revoke_access_result + .text() + .await + .unwrap_or_else(|_| "Unable to read response".to_string()); + log::warn!( + "Access token revocation returned non-success status {}: {}", + status, + body + ); + } + + Ok(()) +} + +/// Helper function to create a response that clears the session cookie +fn clear_session_cookie() -> Response { + // Set cookie with Max-Age=0 to delete it + let clear_cookie = "session_id=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0"; + + Response::builder() + .status(StatusCode::OK) + .header(header::SET_COOKIE, clear_cookie) + .body("Logged out successfully".into()) + .unwrap() +} diff --git a/src/config.rs b/src/config.rs index 10d06a9..ca2a888 100644 --- a/src/config.rs +++ b/src/config.rs @@ -11,12 +11,26 @@ pub struct Config { pub host_port: u16, pub redis_url: String, + pub frontend_url: String, + // GSD RestAPI configuration pub gsd_app_key: String, pub gsd_rest_url: String, pub gsd_user: String, pub gsd_password: String, pub gsd_app_names: Vec, + + pub keycloak: Keycloak, +} + +#[derive(serde::Serialize, serde::Deserialize, Clone)] +pub struct Keycloak { + pub realm_url: String, + pub client_id: String, + pub client_secret: String, + pub auth_url: String, + pub token_url: String, + pub redirect_url: String, } impl Config { @@ -58,8 +72,22 @@ pub fn create_standard_config() -> Config { redis_url: String::from("redis://127.0.0.1:6379"), gsd_rest_url: String::from("http://127.0.0.1:8334"), gsd_app_key: String::from("GSD-RestApi"), + frontend_url: String::from("http://127.0.0.1:3000"), gsd_app_names: vec![String::from("GSD-RestApi")], gsd_user: String::from(""), gsd_password: String::from(""), + + keycloak: Keycloak { + realm_url: String::from("http://127.0.0.1:8080/auth/realms/master"), + client_id: String::from("delivery-backend"), + client_secret: String::from(""), + auth_url: String::from( + "http://127.0.0.1:8080/auth/realms/master/protocol/openid-connect/auth", + ), + token_url: String::from( + "http://127.0.0.1:8080/auth/realms/master/protocol/openid-connect/token", + ), + redirect_url: String::from("http://127.0.0.1:3000/callback"), + }, } } diff --git a/src/gsd.rs b/src/gsd.rs new file mode 100644 index 0000000..54fd5fa --- /dev/null +++ b/src/gsd.rs @@ -0,0 +1,2 @@ +pub(crate) mod dto; +pub(crate) mod service; diff --git a/src/gsd/dto.rs b/src/gsd/dto.rs new file mode 100644 index 0000000..bb0e45b --- /dev/null +++ b/src/gsd/dto.rs @@ -0,0 +1,27 @@ +#[derive(serde::Deserialize, serde::Serialize)] +#[serde(rename_all = "camelCase")] +pub struct GSDLoginRequestDTO { + pub user: String, + pub pass: String, + pub app_names: Vec, +} + +#[derive(serde::Deserialize, serde::Serialize, Debug)] +#[serde(rename_all = "camelCase")] +pub struct GSDResponseDTO { + pub status: Option, + pub data: Option, +} + +#[derive(serde::Deserialize, serde::Serialize, Debug)] +#[serde(rename_all = "camelCase")] +pub struct GSDLoginResponseDataDTO { + pub session_id: String, +} + +#[derive(serde::Deserialize, serde::Serialize, Debug)] +#[serde(rename_all = "camelCase")] +pub struct GSDResponseStatusDTO { + pub internal_status: String, + pub status_message: String, +} diff --git a/src/service_gsd.rs b/src/gsd/service.rs similarity index 60% rename from src/service_gsd.rs rename to src/gsd/service.rs index 5ec5317..6db0570 100644 --- a/src/service_gsd.rs +++ b/src/gsd/service.rs @@ -1,37 +1,10 @@ +use crate::config::Config; +use crate::gsd::dto::*; use axum::body::Body; use axum::extract::Request; use log::{error, info}; -use crate::config::Config; use reqwest::Response; -#[derive(serde::Deserialize, serde::Serialize)] -#[serde(rename_all = "camelCase")] -pub struct GSDLoginRequestDTO { - user: String, - pass: String, - app_names: Vec, -} - -#[derive(serde::Deserialize, serde::Serialize, Debug)] -#[serde(rename_all = "camelCase")] -pub struct GSDLoginResponseDTO { - status: GSDLoginResponseStatusDTO, - data: Option, -} - -#[derive(serde::Deserialize, serde::Serialize, Debug)] -#[serde(rename_all = "camelCase")] -pub struct GSDLoginResponseDataDTO { - session_id: String, -} - -#[derive(serde::Deserialize, serde::Serialize, Debug)] -#[serde(rename_all = "camelCase")] -pub struct GSDLoginResponseStatusDTO { - internal_status: String, - status_message: String, -} - #[derive(Clone)] pub struct GSDService { host_url: String, @@ -50,7 +23,10 @@ pub enum GSDServiceError { impl GSDService { pub async fn get_session(&self) -> Result { - info!("Session: No session found. Generate session from GSD server {}", self.host_url); + info!( + "Session: No session found. Generate session from GSD server {}", + self.host_url + ); let dto = GSDLoginRequestDTO { user: self.username.clone(), @@ -70,31 +46,39 @@ impl GSDService { GSDServiceError::LoginFailed })?; - let response_dto: GSDLoginResponseDTO = response - .json() - .await - .map_err(|e| { - error!("Session: error request to GSD: {}", e); - GSDServiceError::LoginResponseParsingFailed - })?; - if response_dto.status.internal_status != "0" { - error!("Session: error message from GSD: {}", response_dto.status.status_message); + let response_dto: GSDResponseDTO = response.json().await.map_err(|e| { + error!("Session: error request to GSD: {}", e); + GSDServiceError::LoginResponseParsingFailed + })?; + let response_dto_unwrapped = response_dto.status.unwrap(); + + if response_dto_unwrapped.internal_status != "0" { + error!( + "Session: error message from GSD: {}", + response_dto_unwrapped.status_message + ); Err(GSDServiceError::LoginFailed) } else { match response_dto.data { Some(data) => { - info!("Session: successfully obtained session with session id {}", &data.session_id); + info!( + "Session: successfully obtained session with session id {}", + &data.session_id + ); Ok(data.session_id.clone()) - }, + } None => { error!("Session: failed to obtain session id. No session id in request found."); Err(GSDServiceError::LoginResponseParsingFailed) - }, + } } } } - pub async fn forward_post_request(&self, request: Request) -> Result { + pub async fn forward_post_request( + &self, + request: Request, + ) -> Result { let (parts, body) = request.into_parts(); reqwest::Client::new() diff --git a/src/main.rs b/src/main.rs index 4c76830..f34199d 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,18 +1,22 @@ -use crate::api::{handle_login, handle_post}; +use crate::api::handle_post; use crate::config::load_config; use crate::middleware::AppState; use crate::repository::RedisRepository; use crate::util::initialize_logging; use axum::routing::post; use axum::{Extension, Router}; +use axum_keycloak_auth::instance::{KeycloakAuthInstance, KeycloakConfig}; +use axum_keycloak_auth::layer::KeycloakAuthLayer; +use axum_keycloak_auth::{PassthroughMode, Url}; use log::info; use std::sync::Arc; mod api; +mod auth; mod config; +mod gsd; mod middleware; mod repository; -mod service_gsd; mod util; #[tokio::main] @@ -26,27 +30,53 @@ async fn main() -> Result<(), Box> { let redis_url = config.redis_url.clone(); let host_url = config.get_host_url().clone(); + info!("Initializing redis server"); let state = Arc::new(AppState { config: config.clone(), repository: RedisRepository::try_new(redis_url).await?, gsd_service: (&config).into(), + oauth_client: auth::create_oauth_client(&config), + frontend_url: config.frontend_url.clone(), }); - let app = Router::new() - .route("/login", post(handle_login)) + info!("Starting axum server"); + + let keycloak_instance: Arc = Arc::new(KeycloakAuthInstance::new( + KeycloakConfig::builder() + .server(Url::parse("http://localhost:8080/").unwrap()) + .realm(String::from("master")) + .build(), + )); + + let auth_router = auth::router(state.clone()); + let proxy_router = Router::new() .route("/{*wildcard}", post(handle_post)) - .layer(Extension(state.clone())) + .route_layer(Extension(state.clone())) .route_layer(axum::middleware::from_fn_with_state( state.clone(), - middleware::gsd_add_header, + middleware::gsd_decorate_header, )) + .route_layer( + KeycloakAuthLayer::::builder() + .instance(keycloak_instance.clone()) + .passthrough_mode(PassthroughMode::Block) + .persist_raw_claims(false) + .expected_audiences(vec![String::from("account")]) + //.required_roles(vec![]) + .build(), + ) .route_layer(axum::middleware::from_fn_with_state( state.clone(), - middleware::auth_middleware, + middleware::session_auth_middleware, )) .with_state(state); - let listener = tokio::net::TcpListener::bind(host_url).await.unwrap(); + let app = Router::new().merge(proxy_router).merge(auth_router); + + info!("Listening on {}", host_url); + let listener = tokio::net::TcpListener::bind(host_url.clone()) + .await + .unwrap(); axum::serve(listener, app).await.unwrap(); diff --git a/src/middleware.rs b/src/middleware.rs index 35732b8..515109a 100644 --- a/src/middleware.rs +++ b/src/middleware.rs @@ -1,11 +1,14 @@ +use crate::auth::{OAuthClient, UserSession, refresh_access_token_internal}; use crate::config::Config; +use crate::gsd::service::GSDService; use crate::repository::RedisRepository; -use crate::service_gsd::GSDService; +use crate::util::set_and_log_session; use axum::extract::{Request, State}; use axum::http::{HeaderValue, StatusCode}; use axum::middleware::Next; use axum::response::{IntoResponse, Response}; -use log::{error, info}; +use axum_extra::extract::CookieJar; +use log::{error, info, warn}; use std::sync::Arc; #[derive(Clone)] @@ -13,6 +16,8 @@ pub struct AppState { pub config: Config, pub repository: RedisRepository, pub gsd_service: GSDService, + pub oauth_client: OAuthClient, + pub frontend_url: String, } pub async fn auth_middleware( @@ -23,12 +28,110 @@ pub async fn auth_middleware( next.run(request).await } -pub async fn gsd_add_header( +/// Middleware to validate session and refresh tokens if needed +pub async fn session_auth_middleware( + jar: CookieJar, + State(state): State>, + mut request: Request, + next: Next, +) -> Response { + // 1. Extract session ID from cookie + let session_id = match jar.get("session_id") { + Some(cookie) => cookie.value().to_string(), + None => { + warn!("No session cookie found"); + return (StatusCode::UNAUTHORIZED, "No session cookie").into_response(); + } + }; + + // 2. Find session in Redis + let session_key = format!("user_session:{}", session_id); + let session_json = match state.repository.get(&session_key).await { + Ok(Some(json)) => json, + Ok(None) => { + warn!("Session not found in Redis: {}", session_id); + return (StatusCode::UNAUTHORIZED, "Session expired or invalid").into_response(); + } + Err(e) => { + error!("Redis error while fetching session: {:?}", e); + return (StatusCode::INTERNAL_SERVER_ERROR, "Internal error").into_response(); + } + }; + + // 3. Parse session data + let mut user_session: UserSession = match serde_json::from_str(&session_json) { + Ok(session) => session, + Err(e) => { + error!("Failed to parse session JSON: {:?}", e); + return (StatusCode::INTERNAL_SERVER_ERROR, "Invalid session data").into_response(); + } + }; + + // 4. Check if access token is expired + let now = chrono::Utc::now().timestamp(); + if user_session.expires_at <= now { + info!( + "Access token expired for session {}, attempting refresh", + session_id + ); + + // 5. Refresh the access token using refresh token + match refresh_access_token_internal( + &state.oauth_client, + &state.repository, + &session_id, + &mut user_session, + ) + .await + { + Ok(new_access_token) => { + info!( + "Successfully refreshed access token for session {}", + session_id + ); + user_session.access_token = new_access_token; + } + Err(e) => { + error!("Failed to refresh access token: {}", e); + // Clean up invalid session + let _ = state.repository.delete(&session_key).await; + return ( + StatusCode::UNAUTHORIZED, + "Session expired, please login again", + ) + .into_response(); + } + } + } else { + info!( + "Access token still valid for session {} (expires in {} seconds)", + session_id, + user_session.expires_at - now + ); + } + + // 6. Attach validated access token to request for downstream handlers + match HeaderValue::from_str(format!("Bearer {}", &user_session.access_token).as_str()) { + Ok(header_value) => { + request.headers_mut().insert("authorization", header_value); + } + Err(e) => { + error!("Failed to create authorization header: {:?}", e); + return (StatusCode::INTERNAL_SERVER_ERROR, "Internal error").into_response(); + } + } + + // 7. Pass the request to the next handler + next.run(request).await +} + +pub async fn gsd_decorate_header( State(state): State>, mut request: Request, next: Next, ) -> Response { let state_cloned = state.clone(); + info!("Gsd decorate header"); let session = state_cloned.repository.get_session().await; match session { @@ -39,16 +142,7 @@ pub async fn gsd_add_header( match state_cloned.gsd_service.get_session().await { Ok(session) => { session_value = session.clone(); - - match state_cloned.repository.set_session(session.clone()).await { - Ok(_) => { - info!("Redis: saved session {}", &session); - } - - Err(err) => { - error!("Redis: failed to save session: {}", err); - } - } + set_and_log_session(&state_cloned, session.clone()).await; } Err(error) => { error!("Error getting session: {:?}", error); diff --git a/src/repository.rs b/src/repository.rs index 0e13b3c..92663eb 100644 --- a/src/repository.rs +++ b/src/repository.rs @@ -1,10 +1,6 @@ use redis::aio::ConnectionManager; use redis::{AsyncTypedCommands, Connection, RedisError, RedisResult}; -pub fn get_redis_connection(redis_url: String) -> RedisResult { - redis::Client::open(redis_url)?.get_connection() -} - #[derive(Clone)] pub struct RedisRepository { connection_manager: ConnectionManager, @@ -34,4 +30,22 @@ impl RedisRepository { Ok(()) } + + pub async fn set_with_expiry(&self, key: &str, value: &str, expiry: u64) -> RedisResult<()> { + self.connection_manager + .clone() + .set_ex(key, value, expiry) + .await + } + + pub async fn get(&self, key: &str) -> RedisResult> { + self.connection_manager + .clone() + .get::(key.to_string()) + .await + } + + pub async fn delete(&self, key: &str) -> RedisResult { + self.connection_manager.clone().del(key.to_string()).await + } } diff --git a/src/util.rs b/src/util.rs index 9eee19d..24a2ed6 100644 --- a/src/util.rs +++ b/src/util.rs @@ -1,7 +1,11 @@ use crate::config::{Config, generate_log_file_name}; -use log::LevelFilter; +use crate::middleware::AppState; +use axum::body::Body; +use axum::extract::Request; +use log::{LevelFilter, error, info}; use simplelog::{ColorChoice, CombinedLogger, TermLogger, TerminalMode, WriteLogger}; use std::fs::File; +use std::sync::Arc; pub fn initialize_logging(config: &Config) { CombinedLogger::init(vec![ @@ -19,3 +23,15 @@ pub fn initialize_logging(config: &Config) { ]) .unwrap(); } + +pub async fn set_and_log_session(state: &Arc, session: String) { + match state.repository.set_session(session.clone()).await { + Ok(_) => { + info!("Redis: saved session {}", &session); + } + + Err(err) => { + error!("Redis: failed to save session: {}", err); + } + } +}