split common into common and core

2024-09-20 06:46:17 +08:00 · 2022-08-14 18:41:30 +02:00 · 2022-08-14 18:41:30 +02:00 · 7ed223c8dd
parent d292cca03e
commit 7ed223c8dd
65 changed files with 279 additions and 181 deletions
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@ -15,6 +15,10 @@ replace = version = "{new_version}"
 search = version = "{current_version}"
 replace = version = "{new_version}"

+[bumpversion:file:warpgate-config/Cargo.toml]
+search = version = "{current_version}"
+replace = version = "{new_version}"
+
 [bumpversion:file:warpgate-database-protocols/Cargo.toml]
 search = version = "{current_version}"
 replace = version = "{new_version}"
--- a/Cargo.lock
+++ b/Cargo.lock
@ -4573,7 +4573,7 @@ dependencies = [

 [[package]]
 name = "warpgate"
-version = "0.4.0"
+version = "0.5.0"
 dependencies = [
 "ansi_term",
 "anyhow",
@ -4600,6 +4600,7 @@ dependencies = [
 "tracing-subscriber",
 "warpgate-admin",
 "warpgate-common",
+ "warpgate-core",
 "warpgate-protocol-http",
 "warpgate-protocol-mysql",
 "warpgate-protocol-ssh",
@ -4607,7 +4608,7 @@ dependencies = [

 [[package]]
 name = "warpgate-admin"
-version = "0.4.0"
+version = "0.5.0"
 dependencies = [
 "anyhow",
 "async-trait",
@ -4629,13 +4630,14 @@ dependencies = [
 "tracing",
 "uuid",
 "warpgate-common",
+ "warpgate-core",
 "warpgate-db-entities",
 "warpgate-protocol-ssh",
 ]

 [[package]]
 name = "warpgate-common"
-version = "0.4.0"
+version = "0.5.0"
 dependencies = [
 "anyhow",
 "argon2",
@ -4667,6 +4669,45 @@ dependencies = [
 "tracing-subscriber",
 "url",
 "uuid",
+ "warpgate-sso",
+ "webpki",
+]
+
+[[package]]
+name = "warpgate-core"
+version = "0.5.0"
+dependencies = [
+ "anyhow",
+ "argon2",
+ "async-trait",
+ "bytes 1.2.1",
+ "chrono",
+ "data-encoding",
+ "futures",
+ "humantime-serde",
+ "lazy_static",
+ "once_cell",
+ "packet",
+ "password-hash 0.4.1",
+ "poem",
+ "poem-openapi",
+ "rand",
+ "rand_chacha",
+ "rand_core",
+ "rustls",
+ "rustls-pemfile",
+ "sea-orm",
+ "serde",
+ "serde_json",
+ "thiserror",
+ "tokio",
+ "totp-rs",
+ "tracing",
+ "tracing-core",
+ "tracing-subscriber",
+ "url",
+ "uuid",
+ "warpgate-common",
 "warpgate-db-entities",
 "warpgate-db-migrations",
 "warpgate-sso",
@ -4675,7 +4716,7 @@ dependencies = [

 [[package]]
 name = "warpgate-database-protocols"
-version = "0.4.0"
+version = "0.5.0"
 dependencies = [
 "bitflags",
 "bytes 1.2.1",
@ -4688,7 +4729,7 @@ dependencies = [

 [[package]]
 name = "warpgate-db-entities"
-version = "0.4.0"
+version = "0.5.0"
 dependencies = [
 "chrono",
 "poem-openapi",
@ -4696,11 +4737,12 @@ dependencies = [
 "serde",
 "serde_json",
 "uuid",
+ "warpgate-common",
 ]

 [[package]]
 name = "warpgate-db-migrations"
-version = "0.4.0"
+version = "0.5.0"
 dependencies = [
 "async-std",
 "chrono",
@ -4711,7 +4753,7 @@ dependencies = [

 [[package]]
 name = "warpgate-protocol-http"
-version = "0.4.0"
+version = "0.5.0"
 dependencies = [
 "anyhow",
 "async-trait",
@ -4735,6 +4777,7 @@ dependencies = [
 "uuid",
 "warpgate-admin",
 "warpgate-common",
+ "warpgate-core",
 "warpgate-db-entities",
 "warpgate-sso",
 "warpgate-web",
@ -4742,7 +4785,7 @@ dependencies = [

 [[package]]
 name = "warpgate-protocol-mysql"
-version = "0.4.0"
+version = "0.5.0"
 dependencies = [
 "anyhow",
 "async-trait",
@ -4761,6 +4804,7 @@ dependencies = [
 "tracing",
 "uuid",
 "warpgate-common",
+ "warpgate-core",
 "warpgate-database-protocols",
 "warpgate-db-entities",
 "webpki",
@ -4768,7 +4812,7 @@ dependencies = [

 [[package]]
 name = "warpgate-protocol-ssh"
-version = "0.4.0"
+version = "0.5.0"
 dependencies = [
 "ansi_term",
 "anyhow",
@ -4786,13 +4830,14 @@ dependencies = [
 "tracing",
 "uuid",
 "warpgate-common",
+ "warpgate-core",
 "warpgate-db-entities",
 "zeroize",
 ]

 [[package]]
 name = "warpgate-sso"
-version = "0.4.0"
+version = "0.5.0"
 dependencies = [
 "async-trait",
 "bytes 1.2.1",
@ -4808,7 +4853,7 @@ dependencies = [

 [[package]]
 name = "warpgate-web"
-version = "0.4.0"
+version = "0.5.0"
 dependencies = [
 "rust-embed",
 "serde",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -5,6 +5,7 @@ members = [
    "warpgate",
    "warpgate-admin",
    "warpgate-common",
+    "warpgate-core",
    "warpgate-db-migrations",
    "warpgate-db-entities",
    "warpgate-database-protocols",
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-projects := "warpgate warpgate-admin warpgate-common warpgate-db-entities warpgate-db-migrations warpgate-database-protocols warpgate-protocol-ssh warpgate-protocol-mysql warpgate-sso"
+projects := "warpgate warpgate-admin warpgate-common warpgate-db-entities warpgate-db-migrations warpgate-database-protocols warpgate-protocol-ssh warpgate-protocol-mysql warpgate-protocol-http warpgate-core warpgate-sso"

 run *ARGS:
    RUST_BACKTRACE=1 RUST_LOG=warpgate cd warpgate && cargo run -- --config ../config.yaml {{ARGS}}
--- a/warpgate-admin/Cargo.toml
+++ b/warpgate-admin/Cargo.toml
@ -38,6 +38,7 @@ tokio = {version = "1.20", features = ["tracing"]}
 tracing = "0.1"
 uuid = { version = "1.0", features = ["v4", "serde"] }
 warpgate-common = { version = "*", path = "../warpgate-common" }
+warpgate-core = { version = "*", path = "../warpgate-core" }
 warpgate-db-entities = { version = "*", path = "../warpgate-db-entities" }
 warpgate-protocol-ssh = { version = "*", path = "../warpgate-protocol-ssh" }
 regex = "1.6"
--- a/warpgate-admin/src/api/recordings_detail.rs
+++ b/warpgate-admin/src/api/recordings_detail.rs
@ -16,7 +16,7 @@ use tokio::io::{AsyncBufReadExt, BufReader};
 use tokio::sync::Mutex;
 use tracing::*;
 use uuid::Uuid;
-use warpgate_common::recordings::{AsciiCast, SessionRecordings, TerminalRecordingItem};
+use warpgate_core::recordings::{AsciiCast, SessionRecordings, TerminalRecordingItem};
 use warpgate_db_entities::Recording::{self, RecordingKind};

 pub struct Api;
--- a/warpgate-admin/src/api/sessions_detail.rs
+++ b/warpgate-admin/src/api/sessions_detail.rs
@ -7,7 +7,7 @@ use poem_openapi::{ApiResponse, OpenApi};
 use sea_orm::{ColumnTrait, DatabaseConnection, EntityTrait, QueryFilter, QueryOrder};
 use tokio::sync::Mutex;
 use uuid::Uuid;
-use warpgate_common::{SessionSnapshot, State};
+use warpgate_core::{SessionSnapshot, State};
 use warpgate_db_entities::{Recording, Session};

 pub struct Api;
--- a/warpgate-admin/src/api/sessions_list.rs
+++ b/warpgate-admin/src/api/sessions_list.rs
@ -10,7 +10,7 @@ use poem_openapi::payload::Json;
 use poem_openapi::{ApiResponse, OpenApi};
 use sea_orm::{ColumnTrait, DatabaseConnection, EntityTrait, QueryFilter, QueryOrder};
 use tokio::sync::Mutex;
-use warpgate_common::{SessionSnapshot, State};
+use warpgate_core::{SessionSnapshot, State};

 use super::pagination::{PaginatedResponse, PaginationParams};

--- a/warpgate-admin/src/api/targets_list.rs
+++ b/warpgate-admin/src/api/targets_list.rs
@ -4,7 +4,8 @@ use poem::web::Data;
 use poem_openapi::payload::Json;
 use poem_openapi::{ApiResponse, OpenApi};
 use tokio::sync::Mutex;
-use warpgate_common::{ConfigProvider, Target};
+use warpgate_common::Target;
+use warpgate_core::ConfigProvider;

 pub struct Api;

--- a/warpgate-admin/src/api/users_list.rs
+++ b/warpgate-admin/src/api/users_list.rs
@ -4,7 +4,7 @@ use poem::web::Data;
 use poem_openapi::payload::Json;
 use poem_openapi::{ApiResponse, OpenApi};
 use tokio::sync::Mutex;
-use warpgate_common::{ConfigProvider, UserSnapshot};
+use warpgate_core::{ConfigProvider, UserSnapshot};

 pub struct Api;

--- a/warpgate-admin/src/lib.rs
+++ b/warpgate-admin/src/lib.rs
@ -2,7 +2,7 @@
 mod api;
 use poem::{EndpointExt, IntoEndpoint, Route};
 use poem_openapi::OpenApiService;
-use warpgate_common::Services;
+use warpgate_core::Services;

 pub fn admin_api_app(services: &Services) -> impl IntoEndpoint {
    let api_service = OpenApiService::new(
--- a/warpgate-common/Cargo.toml
+++ b/warpgate-common/Cargo.toml
@ -42,8 +42,6 @@ tracing-core = "0.1"
 tracing-subscriber = "0.3"
 url = "2.2"
 uuid = { version = "1.0", features = ["v4", "serde"] }
-warpgate-db-entities = { version = "*", path = "../warpgate-db-entities" }
-warpgate-db-migrations = { version = "*", path = "../warpgate-db-migrations" }
 warpgate-sso = { version = "*", path = "../warpgate-sso" }
 rustls = { version = "0.20", features = ["dangerous_configuration"] }
 rustls-pemfile = "1.0"
--- a/warpgate-common/src/auth/mod.rs
+++ b/warpgate-common/src/auth/mod.rs
@ -2,9 +2,7 @@ mod cred;
 mod policy;
 mod selector;
 mod state;
-mod store;
 pub use cred::*;
 pub use policy::*;
 pub use selector::*;
 pub use state::*;
-pub use store::*;
--- a/warpgate-common/src/auth/state.rs
+++ b/warpgate-common/src/auth/state.rs
@ -1,7 +1,15 @@
+use std::collections::HashSet;
+
 use uuid::Uuid;

-use super::{AuthCredential, CredentialPolicy, CredentialPolicyResponse};
-use crate::AuthResult;
+use super::{AuthCredential, CredentialKind, CredentialPolicy, CredentialPolicyResponse};
+
+#[derive(Debug, Clone)]
+pub enum AuthResult {
+    Accepted { username: String },
+    Need(HashSet<CredentialKind>),
+    Rejected,
+}

 pub struct AuthState {
    id: Uuid,
@ -13,7 +21,7 @@ pub struct AuthState {
 }

 impl AuthState {
-    pub(crate) fn new(
+    pub fn new(
        id: Uuid,
        username: String,
        protocol: String,
--- a/warpgate-common/src/lib.rs
+++ b/warpgate-common/src/lib.rs
@ -1,29 +1,16 @@
 #![feature(let_else, drain_filter, duration_constants)]
 pub mod auth;
 mod config;
-mod config_providers;
 pub mod consts;
-mod data;
-pub mod db;
 mod error;
 pub mod eventhub;
 pub mod helpers;
-pub mod logging;
-mod protocols;
-pub mod recordings;
-mod services;
-mod state;
 mod tls;
 mod try_macro;
 mod types;

 pub use config::*;
-pub use config_providers::*;
-pub use data::*;
 pub use error::WarpgateError;
-pub use protocols::*;
-pub use services::*;
-pub use state::{SessionState, SessionStateInit, State};
 pub use tls::*;
 pub use try_macro::*;
 pub use types::*;
--- a/warpgate-core/Cargo.toml
+++ b/warpgate-core/Cargo.toml
@ -0,0 +1,52 @@
+[package]
+edition = "2021"
+license = "Apache-2.0"
+name = "warpgate-core"
+version = "0.5.0"
+
+[dependencies]
+warpgate-common = { version = "*", path = "../warpgate-common" }
+warpgate-db-entities = { version = "*", path = "../warpgate-db-entities" }
+warpgate-db-migrations = { version = "*", path = "../warpgate-db-migrations" }
+
+anyhow = "1.0"
+argon2 = "0.4"
+async-trait = "0.1"
+bytes = "1.2"
+chrono = { version = "0.4", features = ["serde"] }
+data-encoding = "2.3"
+humantime-serde = "1.1"
+lazy_static = "1.4"
+futures = "0.3"
+once_cell = "1.10"
+packet = "0.1"
+password-hash = "0.4"
+poem = { version = "^1.3.37", features = ["rustls"] }
+poem-openapi = { version = "^2.0.6", features = [
+    "swagger-ui",
+    "chrono",
+    "uuid",
+    "static-files",
+] }
+rand = "0.8"
+rand_chacha = "0.3"
+rand_core = { version = "0.6", features = ["std"] }
+sea-orm = { version = "^0.9", features = [
+    "sqlx-sqlite",
+    "runtime-tokio-native-tls",
+    "macros",
+], default-features = false }
+serde = "1.0"
+serde_json = "1.0"
+thiserror = "1.0"
+tokio = { version = "1.20", features = ["tracing"] }
+totp-rs = { version = "3.0", features = ["otpauth"] }
+tracing = "0.1"
+tracing-core = "0.1"
+tracing-subscriber = "0.3"
+url = "2.2"
+uuid = { version = "1.0", features = ["v4", "serde"] }
+warpgate-sso = { version = "*", path = "../warpgate-sso" }
+rustls = { version = "0.20", features = ["dangerous_configuration"] }
+rustls-pemfile = "1.0"
+webpki = "0.22"
--- a/warpgate-core/src/auth_state_store.rs
+++ b/warpgate-core/src/auth_state_store.rs
@ -5,9 +5,10 @@ use std::time::{Duration, Instant};
 use once_cell::sync::Lazy;
 use tokio::sync::{broadcast, Mutex};
 use uuid::Uuid;
+use warpgate_common::auth::{AuthResult, AuthState};
+use warpgate_common::WarpgateError;

-use super::AuthState;
-use crate::{AuthResult, ConfigProvider, WarpgateError};
+use crate::ConfigProvider;

 #[allow(clippy::unwrap_used)]
 pub static TIMEOUT: Lazy<Duration> = Lazy::new(|| Duration::from_secs(60 * 10));
--- a/warpgate-common/src/config_providers/file.rs
+++ b/warpgate-common/src/config_providers/file.rs
@ -3,34 +3,26 @@ use std::sync::Arc;

 use async_trait::async_trait;
 use data_encoding::BASE64;
-use sea_orm::ActiveValue::Set;
-use sea_orm::{ActiveModelTrait, DatabaseConnection, EntityTrait};
 use tokio::sync::Mutex;
 use tracing::*;
-use uuid::Uuid;
-use warpgate_db_entities::Ticket;
-
-use super::ConfigProvider;
-use crate::auth::{
+use warpgate_common::auth::{
    AllCredentialsPolicy, AnySingleCredentialPolicy, AuthCredential, CredentialKind,
    CredentialPolicy, PerProtocolCredentialPolicy,
 };
-use crate::helpers::hash::verify_password_hash;
-use crate::helpers::otp::verify_totp;
-use crate::{Target, User, UserAuthCredential, UserSnapshot, WarpgateConfig, WarpgateError};
+use warpgate_common::helpers::hash::verify_password_hash;
+use warpgate_common::helpers::otp::verify_totp;
+use warpgate_common::{Target, User, UserAuthCredential, WarpgateConfig, WarpgateError};
+
+use super::ConfigProvider;
+use crate::UserSnapshot;

 pub struct FileConfigProvider {
-    db: Arc<Mutex<DatabaseConnection>>,
    config: Arc<Mutex<WarpgateConfig>>,
 }

 impl FileConfigProvider {
-    pub async fn new(
-        db: &Arc<Mutex<DatabaseConnection>>,
-        config: &Arc<Mutex<WarpgateConfig>>,
-    ) -> Self {
+    pub async fn new(config: &Arc<Mutex<WarpgateConfig>>) -> Self {
        Self {
-            db: db.clone(),
            config: config.clone(),
        }
    }
@ -284,20 +276,4 @@ impl ConfigProvider for FileConfigProvider {

        Ok(intersect)
    }
-
-    async fn consume_ticket(&mut self, ticket_id: &Uuid) -> Result<(), WarpgateError> {
-        let db = self.db.lock().await;
-        let ticket = Ticket::Entity::find_by_id(*ticket_id).one(&*db).await?;
-        let Some(ticket) = ticket else {
-            return Err(WarpgateError::InvalidTicket(*ticket_id));
-        };
-
-        if let Some(uses_left) = ticket.uses_left {
-            let mut model: Ticket::ActiveModel = ticket.into();
-            model.uses_left = Set(Some(uses_left - 1));
-            model.update(&*db).await?;
-        }
-
-        Ok(())
-    }
 }
--- a/warpgate-common/src/config_providers/mod.rs
+++ b/warpgate-common/src/config_providers/mod.rs
@ -1,24 +1,18 @@
 mod file;
-use std::collections::HashSet;
 use std::sync::Arc;

 use async_trait::async_trait;
 pub use file::FileConfigProvider;
-use sea_orm::{ColumnTrait, DatabaseConnection, EntityTrait, QueryFilter};
+use sea_orm::ActiveValue::Set;
+use sea_orm::{ActiveModelTrait, ColumnTrait, DatabaseConnection, EntityTrait, QueryFilter};
 use tokio::sync::Mutex;
 use tracing::*;
 use uuid::Uuid;
+use warpgate_common::auth::{AuthCredential, CredentialPolicy};
+use warpgate_common::{Secret, Target, WarpgateError};
 use warpgate_db_entities::Ticket;

-use crate::auth::{AuthCredential, CredentialKind, CredentialPolicy};
-use crate::{Secret, Target, UserSnapshot, WarpgateError};
-
-#[derive(Debug, Clone)]
-pub enum AuthResult {
-    Accepted { username: String },
-    Need(HashSet<CredentialKind>),
-    Rejected,
-}
+use crate::UserSnapshot;

 #[async_trait]
 pub trait ConfigProvider {
@ -47,8 +41,6 @@ pub trait ConfigProvider {
        username: &str,
        target: &str,
    ) -> Result<bool, WarpgateError>;
-
-    async fn consume_ticket(&mut self, ticket_id: &Uuid) -> Result<(), WarpgateError>;
 }

 //TODO: move this somewhere
@ -85,3 +77,22 @@ pub async fn authorize_ticket(
        }
    }
 }
+
+pub async fn consume_ticket(
+    db: &Arc<Mutex<DatabaseConnection>>,
+    ticket_id: &Uuid,
+) -> Result<(), WarpgateError> {
+    let db = db.lock().await;
+    let ticket = Ticket::Entity::find_by_id(*ticket_id).one(&*db).await?;
+    let Some(ticket) = ticket else {
+        return Err(WarpgateError::InvalidTicket(*ticket_id));
+    };
+
+    if let Some(uses_left) = ticket.uses_left {
+        let mut model: Ticket::ActiveModel = ticket.into();
+        model.uses_left = Set(Some(uses_left - 1));
+        model.update(&*db).await?;
+    }
+
+    Ok(())
+}
--- a/warpgate-common/src/data.rs
+++ b/warpgate-common/src/data.rs
@ -2,9 +2,8 @@ use chrono::{DateTime, Utc};
 use poem_openapi::Object;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
-use warpgate_db_entities::Session;
-
-use crate::{SessionId, Target, User};
+use warpgate_db_entities::{Session};
+use warpgate_common::{SessionId, Target, User};

 #[derive(Serialize, Deserialize, Object)]
 pub struct SessionSnapshot {
--- a/warpgate-common/src/db/mod.rs
+++ b/warpgate-common/src/db/mod.rs
@ -5,12 +5,11 @@ use sea_orm::sea_query::Expr;
 use sea_orm::{
    ConnectOptions, Database, DatabaseConnection, EntityTrait, QueryFilter, TransactionTrait,
 };
+use warpgate_common::helpers::fs::secure_file;
+use warpgate_common::WarpgateConfig;
 use warpgate_db_entities::LogEntry;
 use warpgate_db_migrations::migrate_database;

-use crate::helpers::fs::secure_file;
-use crate::WarpgateConfig;
-
 pub async fn connect_to_db(config: &WarpgateConfig) -> Result<DatabaseConnection> {
    let mut url = url::Url::parse(&config.store.database_url.expose_secret()[..])?;
    if url.scheme() == "sqlite" {
--- a/warpgate-common/src/db/uuid.rs
+++ b/warpgate-common/src/db/uuid.rs
--- a/warpgate-core/src/lib.rs
+++ b/warpgate-core/src/lib.rs
@ -0,0 +1,16 @@
+#![feature(let_else, drain_filter, duration_constants)]
+mod data;
+mod state;
+pub use data::*;
+pub use state::{SessionState, SessionStateInit, State};
+mod config_providers;
+pub use config_providers::*;
+pub mod db;
+mod protocols;
+pub use protocols::*;
+pub mod recordings;
+mod services;
+pub use services::*;
+mod auth_state_store;
+pub use auth_state_store::*;
+pub mod logging;
--- a/warpgate-common/src/logging/database.rs
+++ b/warpgate-common/src/logging/database.rs
--- a/warpgate-common/src/logging/layer.rs
+++ b/warpgate-common/src/logging/layer.rs
--- a/warpgate-common/src/logging/mod.rs
+++ b/warpgate-common/src/logging/mod.rs
@ -1,7 +1,7 @@
-mod database;
 mod layer;
 mod socket;
 mod values;

-pub use database::{install_database_logger, make_database_logger_layer};
 pub use socket::make_socket_logger_layer;
+mod database;
+pub use database::{install_database_logger, make_database_logger_layer};
--- a/warpgate-common/src/logging/socket.rs
+++ b/warpgate-common/src/logging/socket.rs
@ -6,7 +6,7 @@ use tracing_subscriber::registry::LookupSpan;
 use tracing_subscriber::Layer;

 use super::layer::ValuesLogLayer;
-use crate::WarpgateConfig;
+use warpgate_common::WarpgateConfig;

 static SKIP_KEY: &str = "is_socket_logging_error";

--- a/warpgate-common/src/logging/values.rs
+++ b/warpgate-common/src/logging/values.rs
--- a/warpgate-common/src/protocols/handle.rs
+++ b/warpgate-common/src/protocols/handle.rs
@ -2,9 +2,10 @@ use std::sync::Arc;

 use sea_orm::{ColumnTrait, DatabaseConnection, EntityTrait, QueryFilter};
 use tokio::sync::Mutex;
+use warpgate_common::{SessionId, Target, WarpgateError};
 use warpgate_db_entities::Session;

-use crate::{SessionId, SessionState, State, Target, WarpgateError};
+use crate::{SessionState, State};

 pub trait SessionHandle {
    fn close(&mut self);
--- a/warpgate-common/src/protocols/mod.rs
+++ b/warpgate-common/src/protocols/mod.rs
@ -4,8 +4,7 @@ use std::net::SocketAddr;
 use anyhow::Result;
 use async_trait::async_trait;
 pub use handle::{SessionHandle, WarpgateServerHandle};
-
-use crate::Target;
+use warpgate_common::Target;

 #[derive(Debug, thiserror::Error)]
 pub enum TargetTestError {
--- a/warpgate-common/src/recordings/mod.rs
+++ b/warpgate-common/src/recordings/mod.rs
@ -7,9 +7,9 @@ use sea_orm::{ActiveModelTrait, DatabaseConnection};
 use tokio::sync::{broadcast, Mutex};
 use tracing::*;
 use uuid::Uuid;
+use warpgate_common::helpers::fs::secure_directory;
+use warpgate_common::{RecordingsConfig, SessionId, WarpgateConfig};
 use warpgate_db_entities::Recording::{self, RecordingKind};
-
-use crate::{RecordingsConfig, SessionId, WarpgateConfig};
 mod terminal;
 mod traffic;
 mod writer;
@ -58,7 +58,7 @@ impl SessionRecordings {
        path.push(&config.store.recordings.path);
        if config.store.recordings.enable {
            std::fs::create_dir_all(&path)?;
-            crate::helpers::fs::secure_directory(&path)?;
+            secure_directory(&path)?;
        }
        Ok(Self {
            db,
--- a/warpgate-common/src/recordings/terminal.rs
+++ b/warpgate-common/src/recordings/terminal.rs
@ -39,7 +39,7 @@ pub enum TerminalRecordingItem {
        time: f32,
        #[serde(default)]
        stream: TerminalRecordingStreamId,
-        #[serde(with = "crate::helpers::serde_base64")]
+        #[serde(with = "warpgate_common::helpers::serde_base64")]
        data: Bytes,
    },
    PtyResize {
--- a/warpgate-common/src/recordings/traffic.rs
+++ b/warpgate-common/src/recordings/traffic.rs
--- a/warpgate-common/src/recordings/writer.rs
+++ b/warpgate-common/src/recordings/writer.rs
@ -10,11 +10,11 @@ use tokio::io::{AsyncWriteExt, BufWriter};
 use tokio::sync::{broadcast, mpsc, Mutex};
 use tracing::*;
 use uuid::Uuid;
+use warpgate_common::helpers::fs::secure_file;
+use warpgate_common::try_block;
 use warpgate_db_entities::Recording;

 use super::{Error, Result};
-use crate::helpers::fs::secure_file;
-use crate::try_block;

 #[derive(Clone)]
 pub struct RecordingWriter {
--- a/warpgate-common/src/services.rs
+++ b/warpgate-common/src/services.rs
@ -4,11 +4,11 @@ use std::time::Duration;
 use anyhow::Result;
 use sea_orm::DatabaseConnection;
 use tokio::sync::Mutex;
+use warpgate_common::WarpgateConfig;

-use crate::auth::AuthStateStore;
 use crate::db::{connect_to_db, sanitize_db};
 use crate::recordings::SessionRecordings;
-use crate::{ConfigProvider, FileConfigProvider, State, WarpgateConfig};
+use crate::{AuthStateStore, ConfigProvider, FileConfigProvider, State};

 #[derive(Clone)]
 pub struct Services {
@ -30,7 +30,7 @@ impl Services {
        let recordings = Arc::new(Mutex::new(recordings));

        let config = Arc::new(Mutex::new(config));
-        let config_provider = Arc::new(Mutex::new(FileConfigProvider::new(&db, &config).await));
+        let config_provider = Arc::new(Mutex::new(FileConfigProvider::new(&config).await));

        let auth_state_store = Arc::new(Mutex::new(AuthStateStore::new(config_provider.clone())));

--- a/warpgate-common/src/state.rs
+++ b/warpgate-common/src/state.rs
@ -7,9 +7,10 @@ use sea_orm::{ActiveModelTrait, DatabaseConnection, EntityTrait};
 use tokio::sync::{broadcast, Mutex};
 use tracing::*;
 use uuid::Uuid;
+use warpgate_common::{SessionId, ProtocolName, Target};
 use warpgate_db_entities::Session;

-use crate::{ProtocolName, SessionHandle, SessionId, Target, WarpgateServerHandle};
+use crate::{SessionHandle, WarpgateServerHandle};

 pub struct State {
    pub sessions: HashMap<SessionId, Arc<Mutex<SessionState>>>,
--- a/warpgate-db-entities/Cargo.toml
+++ b/warpgate-db-entities/Cargo.toml
@ -11,3 +11,4 @@ sea-orm = {version = "^0.9", features = ["macros", "with-chrono", "with-uuid", "
 serde = "1.0"
 serde_json = "1.0"
 uuid = {version = "1.0", features = ["v4", "serde"]}
+warpgate-common = { version = "*", path = "../warpgate-common" }
--- a/warpgate-protocol-http/Cargo.toml
+++ b/warpgate-protocol-http/Cargo.toml
@ -24,6 +24,7 @@ tokio-tungstenite = {version = "0.17", features = ["rustls-tls-native-roots"]}
 tracing = "0.1"
 warpgate-admin = {version = "*", path = "../warpgate-admin"}
 warpgate-common = {version = "*", path = "../warpgate-common"}
+warpgate-core = {version = "*", path = "../warpgate-core"}
 warpgate-db-entities = {version = "*", path = "../warpgate-db-entities"}
 warpgate-web = {version = "*", path = "../warpgate-web"}
 warpgate-sso = {version = "*", path = "../warpgate-sso"}
--- a/warpgate-protocol-http/src/api/auth.rs
+++ b/warpgate-protocol-http/src/api/auth.rs
@ -9,8 +9,9 @@ use poem_openapi::{ApiResponse, Enum, Object, OpenApi};
 use tokio::sync::Mutex;
 use tracing::*;
 use uuid::Uuid;
-use warpgate_common::auth::{AuthCredential, AuthState, CredentialKind};
-use warpgate_common::{AuthResult, Secret, Services, WarpgateError};
+use warpgate_common::auth::{AuthCredential, AuthState, CredentialKind, AuthResult};
+use warpgate_core::{Services};
+use warpgate_common::{Secret, WarpgateError};

 use crate::common::{
    authorize_session, endpoint_auth, get_auth_state_for_request, SessionAuthorization, SessionExt,
--- a/warpgate-protocol-http/src/api/info.rs
+++ b/warpgate-protocol-http/src/api/info.rs
@ -4,7 +4,7 @@ use poem::Request;
 use poem_openapi::payload::Json;
 use poem_openapi::{ApiResponse, Object, OpenApi};
 use serde::Serialize;
-use warpgate_common::Services;
+use warpgate_core::Services;

 use crate::common::{SessionAuthorization, SessionExt};

--- a/warpgate-protocol-http/src/api/sso_provider_detail.rs
+++ b/warpgate-protocol-http/src/api/sso_provider_detail.rs
@ -5,7 +5,7 @@ use poem_openapi::param::{Path, Query};
 use poem_openapi::payload::Json;
 use poem_openapi::{ApiResponse, Object, OpenApi};
 use serde::{Deserialize, Serialize};
-use warpgate_common::Services;
+use warpgate_core::Services;
 use warpgate_sso::{SsoClient, SsoLoginRequest};

 pub struct Api;
--- a/warpgate-protocol-http/src/api/sso_provider_list.rs
+++ b/warpgate-protocol-http/src/api/sso_provider_list.rs
@ -5,8 +5,8 @@ use poem_openapi::param::Query;
 use poem_openapi::payload::{Json, Response};
 use poem_openapi::{ApiResponse, Enum, Object, OpenApi};
 use tracing::*;
-use warpgate_common::auth::AuthCredential;
-use warpgate_common::{AuthResult, Services};
+use warpgate_common::auth::{AuthCredential, AuthResult};
+use warpgate_core::Services;
 use warpgate_sso::SsoInternalProviderConfig;

 use super::sso_provider_detail::{SsoContext, SSO_CONTEXT_SESSION_KEY};
@ -120,7 +120,8 @@ impl Api {
        };

        let mut auth_state_store = services.auth_state_store.lock().await;
-        let state_arc = get_auth_state_for_request(&username, session, &mut auth_state_store).await?;
+        let state_arc =
+            get_auth_state_for_request(&username, session, &mut auth_state_store).await?;

        let mut state = state_arc.lock().await;
        let mut cp = services.config_provider.lock().await;
--- a/warpgate-protocol-http/src/api/targets_list.rs
+++ b/warpgate-protocol-http/src/api/targets_list.rs
@ -1,33 +1,27 @@
 use futures::{stream, StreamExt};
 use poem::web::Data;
 use poem_openapi::payload::Json;
-use poem_openapi::{ApiResponse, Enum, Object, OpenApi};
+use poem_openapi::{ApiResponse, Object, OpenApi};
 use serde::Serialize;
-use warpgate_common::{Services, TargetOptions};
+use warpgate_db_entities::Target;
+use warpgate_common::{TargetOptions};
+use warpgate_core::{Services};

 use crate::common::{endpoint_auth, SessionAuthorization};

 pub struct Api;

-#[derive(Debug, Serialize, Clone, Enum)]
-pub enum TargetKind {
-    Http,
-    MySql,
-    Ssh,
-    WebAdmin,
-}
-
 #[derive(Debug, Serialize, Clone, Object)]
-pub struct Target {
+pub struct TargetSnapshot {
    pub name: String,
-    pub kind: TargetKind,
+    pub kind: Target::TargetKind,
    pub external_host: Option<String>,
 }

 #[derive(ApiResponse)]
 enum GetTargetsResponse {
    #[oai(status = 200)]
-    Ok(Json<Vec<Target>>),
+    Ok(Json<Vec<TargetSnapshot>>),
 }

 #[OpenApi]
@ -75,13 +69,13 @@ impl Api {
        Ok(GetTargetsResponse::Ok(Json(
            targets
                .into_iter()
-                .map(|t| Target {
+                .map(|t| TargetSnapshot {
                    name: t.name.clone(),
                    kind: match t.options {
-                        TargetOptions::Ssh(_) => TargetKind::Ssh,
-                        TargetOptions::Http(_) => TargetKind::Http,
-                        TargetOptions::MySql(_) => TargetKind::MySql,
-                        TargetOptions::WebAdmin(_) => TargetKind::WebAdmin,
+                        TargetOptions::Ssh(_) => Target::TargetKind::Ssh,
+                        TargetOptions::Http(_) => Target::TargetKind::Http,
+                        TargetOptions::MySql(_) => Target::TargetKind::MySql,
+                        TargetOptions::WebAdmin(_) => Target::TargetKind::WebAdmin,
                    },
                    external_host: match t.options {
                        TargetOptions::Http(ref opt) => opt.external_host.clone(),
--- a/warpgate-protocol-http/src/catchall.rs
+++ b/warpgate-protocol-http/src/catchall.rs
@ -7,7 +7,8 @@ use poem::{handler, Body, IntoResponse, Request, Response};
 use serde::Deserialize;
 use tokio::sync::Mutex;
 use tracing::*;
-use warpgate_common::{Services, Target, TargetHTTPOptions, TargetOptions, WarpgateServerHandle};
+use warpgate_common::{Target, TargetHTTPOptions, TargetOptions};
+use warpgate_core::{Services, WarpgateServerHandle};

 use crate::common::{gateway_redirect, SessionAuthorization, SessionExt};
 use crate::proxy::{proxy_normal_request, proxy_websocket_request};
--- a/warpgate-protocol-http/src/common.rs
+++ b/warpgate-protocol-http/src/common.rs
@ -10,8 +10,9 @@ use serde::{Deserialize, Serialize};
 use tokio::sync::Mutex;
 use tracing::*;
 use uuid::Uuid;
-use warpgate_common::auth::{AuthState, AuthStateStore};
-use warpgate_common::{ProtocolName, Services, TargetOptions, WarpgateError};
+use warpgate_common::auth::{AuthState};
+use warpgate_common::{ProtocolName,  TargetOptions, WarpgateError};
+use warpgate_core::{AuthStateStore, Services};

 use crate::session::SessionStore;

--- a/warpgate-protocol-http/src/lib.rs
+++ b/warpgate-protocol-http/src/lib.rs
@ -30,12 +30,14 @@ use tokio::sync::Mutex;
 use tracing::*;
 use warpgate_admin::admin_api_app;
 use warpgate_common::{
-    ProtocolServer, Services, Target, TargetOptions, TargetTestError, TlsCertificateAndPrivateKey,
-    TlsCertificateBundle, TlsPrivateKey,
+    Target, TargetOptions, TlsCertificateAndPrivateKey, TlsCertificateBundle, TlsPrivateKey,
 };
+use warpgate_core::{ProtocolServer, Services, TargetTestError};
 use warpgate_web::Assets;

-use crate::common::{endpoint_admin_auth, endpoint_auth, page_auth, COOKIE_MAX_AGE, SESSION_COOKIE_NAME};
+use crate::common::{
+    endpoint_admin_auth, endpoint_auth, page_auth, COOKIE_MAX_AGE, SESSION_COOKIE_NAME,
+};
 use crate::error::error_page;
 use crate::middleware::{CookieHostMiddleware, TicketMiddleware};
 use crate::session::{SessionStore, SharedSessionStorage};
--- a/warpgate-protocol-http/src/middleware/ticket.rs
+++ b/warpgate-protocol-http/src/middleware/ticket.rs
@ -3,9 +3,10 @@ use poem::session::Session;
 use poem::web::{Data, FromRequest};
 use poem::{Endpoint, Middleware, Request};
 use serde::Deserialize;
-use warpgate_common::{authorize_ticket, Secret, Services};
+use warpgate_common::Secret;
+use warpgate_core::{authorize_ticket, consume_ticket, Services};

-use crate::common::{SessionExt};
+use crate::common::SessionExt;

 pub struct TicketMiddleware {}

@ -64,9 +65,9 @@ impl<E: Endpoint> Endpoint for TicketMiddlewareEndpoint<E> {

                if let Some(ticket_model) = {
                    let ticket = Secret::new(ticket);
-                    let mut cp = services.config_provider.lock().await;
+                    let cp = services.config_provider.lock().await;
                    if let Some(res) = authorize_ticket(&services.db, &ticket).await? {
-                        cp.consume_ticket(&res.id).await?;
+                        consume_ticket(&services.db, &res.id).await?;
                        Some(res)
                    } else {
                        None
--- a/warpgate-protocol-http/src/session.rs
+++ b/warpgate-protocol-http/src/session.rs
@ -9,7 +9,8 @@ use poem::{FromRequest, Request};
 use serde_json::Value;
 use tokio::sync::Mutex;
 use tracing::*;
-use warpgate_common::{Services, SessionId, SessionStateInit, WarpgateServerHandle};
+use warpgate_common::SessionId;
+use warpgate_core::{Services, SessionStateInit, WarpgateServerHandle};

 use crate::common::{PROTOCOL_NAME, SESSION_MAX_AGE};
 use crate::session_handle::{
--- a/warpgate-protocol-http/src/session_handle.rs
+++ b/warpgate-protocol-http/src/session_handle.rs
@ -6,7 +6,7 @@ use poem::session::Session;
 use poem::web::Data;
 use poem::{FromRequest, Request, RequestBody};
 use tokio::sync::{mpsc, Mutex};
-use warpgate_common::{SessionHandle, WarpgateServerHandle};
+use warpgate_core::{SessionHandle, WarpgateServerHandle};

 use crate::session::SessionStore;

--- a/warpgate-protocol-mysql/Cargo.toml
+++ b/warpgate-protocol-mysql/Cargo.toml
@ -6,6 +6,7 @@ version = "0.5.0"

 [dependencies]
 warpgate-common = { version = "*", path = "../warpgate-common" }
+warpgate-core = { version = "*", path = "../warpgate-core" }
 warpgate-db-entities = { version = "*", path = "../warpgate-db-entities" }
 warpgate-database-protocols = { version = "*", path = "../warpgate-database-protocols" }
 anyhow = { version = "1.0", features = ["std"] }
--- a/warpgate-protocol-mysql/src/lib.rs
+++ b/warpgate-protocol-mysql/src/lib.rs
@ -18,9 +18,9 @@ use rustls::ServerConfig;
 use tokio::net::TcpListener;
 use tracing::*;
 use warpgate_common::{
-    ProtocolServer, Services, SessionStateInit, Target, TargetOptions, TargetTestError,
-    TlsCertificateAndPrivateKey, TlsCertificateBundle, TlsPrivateKey,
+    Target, TargetOptions, TlsCertificateAndPrivateKey, TlsCertificateBundle, TlsPrivateKey,
 };
+use warpgate_core::{ProtocolServer, Services, SessionStateInit, TargetTestError};

 use crate::session::MySqlSession;
 use crate::session_handle::MySqlSessionHandle;
--- a/warpgate-protocol-mysql/src/session.rs
+++ b/warpgate-protocol-mysql/src/session.rs
@ -7,12 +7,12 @@ use tokio::net::TcpStream;
 use tokio::sync::Mutex;
 use tracing::*;
 use uuid::Uuid;
-use warpgate_common::auth::{AuthCredential, AuthSelector};
+use warpgate_common::auth::{AuthCredential, AuthSelector, AuthResult};
 use warpgate_common::helpers::rng::get_crypto_rng;
 use warpgate_common::{
-    authorize_ticket, AuthResult, Secret, Services, TargetMySqlOptions, TargetOptions,
-    WarpgateServerHandle,
+    Secret, TargetMySqlOptions, TargetOptions,
 };
+use warpgate_core::{WarpgateServerHandle, Services, authorize_ticket, consume_ticket};
 use warpgate_database_protocols::io::{BufExt, Decode};
 use warpgate_database_protocols::mysql::protocol::auth::AuthPlugin;
 use warpgate_database_protocols::mysql::protocol::connect::{
@ -237,11 +237,7 @@ impl MySqlSession {
                {
                    Some(ticket) => {
                        info!("Authorized for {} with a ticket", ticket.target);
-                        self.services
-                            .config_provider
-                            .lock()
-                            .await
-                            .consume_ticket(&ticket.id)
+                        consume_ticket(&self.services.db, &ticket.id)
                            .await
                            .map_err(MySqlError::other)?;

--- a/warpgate-protocol-mysql/src/session_handle.rs
+++ b/warpgate-protocol-mysql/src/session_handle.rs
@ -1,5 +1,5 @@
 use tokio::sync::mpsc;
-use warpgate_common::SessionHandle;
+use warpgate_core::SessionHandle;

 pub struct MySqlSessionHandle {
    abort_tx: mpsc::UnboundedSender<()>,
--- a/warpgate-protocol-ssh/Cargo.toml
+++ b/warpgate-protocol-ssh/Cargo.toml
@ -21,5 +21,6 @@ tokio = {version = "1.20", features = ["tracing", "signal"]}
 tracing = "0.1"
 uuid = {version = "1.0", features = ["v4"]}
 warpgate-common = {version = "*", path = "../warpgate-common"}
+warpgate-core = {version = "*", path = "../warpgate-core"}
 warpgate-db-entities = {version = "*", path = "../warpgate-db-entities"}
 zeroize="^1.5"
--- a/warpgate-protocol-ssh/src/client/handler.rs
+++ b/warpgate-protocol-ssh/src/client/handler.rs
@ -7,7 +7,8 @@ use russh_keys::PublicKeyBase64;
 use tokio::sync::mpsc::UnboundedSender;
 use tokio::sync::oneshot;
 use tracing::*;
-use warpgate_common::{Services, SessionId, TargetSSHOptions};
+use warpgate_common::{SessionId, TargetSSHOptions};
+use warpgate_core::Services;

 use crate::known_hosts::{KnownHostValidationResult, KnownHosts};
 use crate::ConnectionError;
--- a/warpgate-protocol-ssh/src/client/mod.rs
+++ b/warpgate-protocol-ssh/src/client/mod.rs
@ -20,7 +20,8 @@ use tokio::sync::{oneshot, Mutex};
 use tokio::task::JoinHandle;
 use tracing::*;
 use uuid::Uuid;
-use warpgate_common::{SSHTargetAuth, Services, SessionId, TargetSSHOptions};
+use warpgate_common::{SSHTargetAuth, SessionId, TargetSSHOptions};
+use warpgate_core::Services;

 use self::handler::ClientHandlerEvent;
 use super::{ChannelOperation, DirectTCPIPParams};
--- a/warpgate-protocol-ssh/src/lib.rs
+++ b/warpgate-protocol-ssh/src/lib.rs
@ -17,10 +17,8 @@ pub use keys::*;
 use russh_keys::PublicKeyBase64;
 pub use server::run_server;
 use uuid::Uuid;
-use warpgate_common::{
-    ProtocolName, ProtocolServer, Services, SshHostKeyVerificationMode, Target, TargetOptions,
-    TargetTestError,
-};
+use warpgate_common::{ProtocolName, SshHostKeyVerificationMode, Target, TargetOptions};
+use warpgate_core::{ProtocolServer, Services, TargetTestError};

 use crate::client::{RCCommand, RemoteClient};

--- a/warpgate-protocol-ssh/src/server/mod.rs
+++ b/warpgate-protocol-ssh/src/server/mod.rs
@ -13,7 +13,7 @@ pub use session::ServerSession;
 use tokio::io::{AsyncRead, AsyncWrite};
 use tokio::net::TcpListener;
 use tracing::*;
-use warpgate_common::{Services, SessionStateInit};
+use warpgate_core::{Services, SessionStateInit};

 use crate::keys::load_host_keys;
 use crate::server::session_handle::SSHSessionHandle;
--- a/warpgate-protocol-ssh/src/server/session.rs
+++ b/warpgate-protocol-ssh/src/server/session.rs
@ -17,16 +17,16 @@ use tokio::sync::mpsc::{UnboundedReceiver, UnboundedSender};
 use tokio::sync::{broadcast, oneshot, Mutex};
 use tracing::*;
 use uuid::Uuid;
-use warpgate_common::auth::{AuthCredential, AuthSelector, AuthState, CredentialKind};
+use warpgate_common::auth::{AuthCredential, AuthResult, AuthSelector, AuthState, CredentialKind};
 use warpgate_common::eventhub::{EventHub, EventSender};
-use warpgate_common::recordings::{
+use warpgate_common::{
+    Secret, SessionId, SshHostKeyVerificationMode, Target, TargetOptions, TargetSSHOptions,
+};
+use warpgate_core::recordings::{
    self, ConnectionRecorder, TerminalRecorder, TerminalRecordingStreamId, TrafficConnectionParams,
    TrafficRecorder,
 };
-use warpgate_common::{
-    authorize_ticket, AuthResult, Secret, Services, SessionId, SshHostKeyVerificationMode, Target,
-    TargetOptions, TargetSSHOptions, WarpgateServerHandle,
-};
+use warpgate_core::{authorize_ticket, consume_ticket, Services, WarpgateServerHandle};

 use super::service_output::ServiceOutput;
 use super::session_handle::SessionHandleCommand;
@ -1168,12 +1168,7 @@ impl ServerSession {
                match authorize_ticket(&self.services.db, secret).await? {
                    Some(ticket) => {
                        info!("Authorized for {} with a ticket", ticket.target);
-                        self.services
-                            .config_provider
-                            .lock()
-                            .await
-                            .consume_ticket(&ticket.id)
-                            .await?;
+                        consume_ticket(&self.services.db, &ticket.id).await?;
                        self._auth_accept(&ticket.username, &ticket.target).await;
                        Ok(AuthResult::Accepted {
                            username: ticket.username.clone(),
--- a/warpgate-protocol-ssh/src/server/session_handle.rs
+++ b/warpgate-protocol-ssh/src/server/session_handle.rs
@ -1,5 +1,5 @@
 use tokio::sync::mpsc;
-use warpgate_common::SessionHandle;
+use warpgate_core::SessionHandle;

 #[derive(Clone, Debug, PartialEq, Eq)]
 pub enum SessionHandleCommand {
--- a/warpgate/Cargo.toml
+++ b/warpgate/Cargo.toml
@ -29,6 +29,7 @@ tracing = "0.1"
 tracing-subscriber = {version = "0.3", features = ["env-filter", "local-time"]}
 warpgate-admin = {version = "*", path = "../warpgate-admin"}
 warpgate-common = {version = "*", path = "../warpgate-common"}
+warpgate-core = {version = "*", path = "../warpgate-core"}
 warpgate-protocol-http = {version = "*", path = "../warpgate-protocol-http"}
 warpgate-protocol-mysql = {version = "*", path = "../warpgate-protocol-mysql"}
 warpgate-protocol-ssh = {version = "*", path = "../warpgate-protocol-ssh"}
--- a/warpgate/src/commands/run.rs
+++ b/warpgate/src/commands/run.rs
@ -6,9 +6,9 @@ use futures::StreamExt;
 use sd_notify::NotifyState;
 use tokio::signal::unix::SignalKind;
 use tracing::*;
-use warpgate_common::db::cleanup_db;
-use warpgate_common::logging::install_database_logger;
-use warpgate_common::{ProtocolServer, Services};
+use warpgate_core::db::cleanup_db;
+use warpgate_core::logging::install_database_logger;
+use warpgate_core::{ProtocolServer, Services};
 use warpgate_protocol_http::HTTPProtocolServer;
 use warpgate_protocol_mysql::MySQLProtocolServer;
 use warpgate_protocol_ssh::SSHProtocolServer;
--- a/warpgate/src/commands/setup.rs
+++ b/warpgate/src/commands/setup.rs
@ -10,9 +10,10 @@ use tracing::*;
 use warpgate_common::helpers::fs::{secure_directory, secure_file};
 use warpgate_common::helpers::hash::hash_password;
 use warpgate_common::{
-    HTTPConfig, ListenEndpoint, MySQLConfig, Role, SSHConfig, Secret, Services, Target,
+    HTTPConfig, ListenEndpoint, MySQLConfig, Role, SSHConfig, Secret, Target,
    TargetOptions, TargetWebAdminOptions, User, UserAuthCredential, WarpgateConfigStore,
 };
+use warpgate_core::Services;

 use crate::config::load_config;

--- a/warpgate/src/commands/test_target.rs
+++ b/warpgate/src/commands/test_target.rs
@ -1,6 +1,7 @@
 use anyhow::Result;
 use tracing::*;
-use warpgate_common::{ProtocolServer, Services, Target, TargetOptions, TargetTestError};
+use warpgate_common::{Target, TargetOptions};
+use warpgate_core::{ProtocolServer, Services, TargetTestError};

 use crate::config::load_config;

--- a/warpgate/src/logging.rs
+++ b/warpgate/src/logging.rs
@ -6,7 +6,7 @@ use tracing_subscriber::fmt::time::OffsetTime;
 use tracing_subscriber::layer::SubscriberExt;
 use tracing_subscriber::util::SubscriberInitExt;
 use tracing_subscriber::{EnvFilter, Layer};
-use warpgate_common::logging::{make_database_logger_layer, make_socket_logger_layer};
+use warpgate_core::logging::{make_database_logger_layer, make_socket_logger_layer};
 use warpgate_common::WarpgateConfig;

 pub async fn init_logging(config: Option<&WarpgateConfig>) {