diff --git a/.bumpversion.cfg b/.bumpversion.cfg index a3ebc7b..f511d85 100644 --- a/.bumpversion.cfg +++ b/.bumpversion.cfg @@ -15,6 +15,10 @@ replace = version = "{new_version}" search = version = "{current_version}" replace = version = "{new_version}" +[bumpversion:file:warpgate-config/Cargo.toml] +search = version = "{current_version}" +replace = version = "{new_version}" + [bumpversion:file:warpgate-database-protocols/Cargo.toml] search = version = "{current_version}" replace = version = "{new_version}" diff --git a/Cargo.lock b/Cargo.lock index fe5b0b7..7278dd6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4573,7 +4573,7 @@ dependencies = [ [[package]] name = "warpgate" -version = "0.4.0" +version = "0.5.0" dependencies = [ "ansi_term", "anyhow", @@ -4600,6 +4600,7 @@ dependencies = [ "tracing-subscriber", "warpgate-admin", "warpgate-common", + "warpgate-core", "warpgate-protocol-http", "warpgate-protocol-mysql", "warpgate-protocol-ssh", @@ -4607,7 +4608,7 @@ dependencies = [ [[package]] name = "warpgate-admin" -version = "0.4.0" +version = "0.5.0" dependencies = [ "anyhow", "async-trait", @@ -4629,13 +4630,14 @@ dependencies = [ "tracing", "uuid", "warpgate-common", + "warpgate-core", "warpgate-db-entities", "warpgate-protocol-ssh", ] [[package]] name = "warpgate-common" -version = "0.4.0" +version = "0.5.0" dependencies = [ "anyhow", "argon2", @@ -4667,6 +4669,45 @@ dependencies = [ "tracing-subscriber", "url", "uuid", + "warpgate-sso", + "webpki", +] + +[[package]] +name = "warpgate-core" +version = "0.5.0" +dependencies = [ + "anyhow", + "argon2", + "async-trait", + "bytes 1.2.1", + "chrono", + "data-encoding", + "futures", + "humantime-serde", + "lazy_static", + "once_cell", + "packet", + "password-hash 0.4.1", + "poem", + "poem-openapi", + "rand", + "rand_chacha", + "rand_core", + "rustls", + "rustls-pemfile", + "sea-orm", + "serde", + "serde_json", + "thiserror", + "tokio", + "totp-rs", + "tracing", + "tracing-core", + "tracing-subscriber", + "url", + "uuid", + "warpgate-common", "warpgate-db-entities", "warpgate-db-migrations", "warpgate-sso", @@ -4675,7 +4716,7 @@ dependencies = [ [[package]] name = "warpgate-database-protocols" -version = "0.4.0" +version = "0.5.0" dependencies = [ "bitflags", "bytes 1.2.1", @@ -4688,7 +4729,7 @@ dependencies = [ [[package]] name = "warpgate-db-entities" -version = "0.4.0" +version = "0.5.0" dependencies = [ "chrono", "poem-openapi", @@ -4696,11 +4737,12 @@ dependencies = [ "serde", "serde_json", "uuid", + "warpgate-common", ] [[package]] name = "warpgate-db-migrations" -version = "0.4.0" +version = "0.5.0" dependencies = [ "async-std", "chrono", @@ -4711,7 +4753,7 @@ dependencies = [ [[package]] name = "warpgate-protocol-http" -version = "0.4.0" +version = "0.5.0" dependencies = [ "anyhow", "async-trait", @@ -4735,6 +4777,7 @@ dependencies = [ "uuid", "warpgate-admin", "warpgate-common", + "warpgate-core", "warpgate-db-entities", "warpgate-sso", "warpgate-web", @@ -4742,7 +4785,7 @@ dependencies = [ [[package]] name = "warpgate-protocol-mysql" -version = "0.4.0" +version = "0.5.0" dependencies = [ "anyhow", "async-trait", @@ -4761,6 +4804,7 @@ dependencies = [ "tracing", "uuid", "warpgate-common", + "warpgate-core", "warpgate-database-protocols", "warpgate-db-entities", "webpki", @@ -4768,7 +4812,7 @@ dependencies = [ [[package]] name = "warpgate-protocol-ssh" -version = "0.4.0" +version = "0.5.0" dependencies = [ "ansi_term", "anyhow", @@ -4786,13 +4830,14 @@ dependencies = [ "tracing", "uuid", "warpgate-common", + "warpgate-core", "warpgate-db-entities", "zeroize", ] [[package]] name = "warpgate-sso" -version = "0.4.0" +version = "0.5.0" dependencies = [ "async-trait", "bytes 1.2.1", @@ -4808,7 +4853,7 @@ dependencies = [ [[package]] name = "warpgate-web" -version = "0.4.0" +version = "0.5.0" dependencies = [ "rust-embed", "serde", diff --git a/Cargo.toml b/Cargo.toml index 596fc93..64b295e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -5,6 +5,7 @@ members = [ "warpgate", "warpgate-admin", "warpgate-common", + "warpgate-core", "warpgate-db-migrations", "warpgate-db-entities", "warpgate-database-protocols", diff --git a/justfile b/justfile index 51f1ac0..462bb3b 100644 --- a/justfile +++ b/justfile @@ -1,4 +1,4 @@ -projects := "warpgate warpgate-admin warpgate-common warpgate-db-entities warpgate-db-migrations warpgate-database-protocols warpgate-protocol-ssh warpgate-protocol-mysql warpgate-sso" +projects := "warpgate warpgate-admin warpgate-common warpgate-db-entities warpgate-db-migrations warpgate-database-protocols warpgate-protocol-ssh warpgate-protocol-mysql warpgate-protocol-http warpgate-core warpgate-sso" run *ARGS: RUST_BACKTRACE=1 RUST_LOG=warpgate cd warpgate && cargo run -- --config ../config.yaml {{ARGS}} diff --git a/warpgate-admin/Cargo.toml b/warpgate-admin/Cargo.toml index 5eae681..712abd6 100644 --- a/warpgate-admin/Cargo.toml +++ b/warpgate-admin/Cargo.toml @@ -38,6 +38,7 @@ tokio = {version = "1.20", features = ["tracing"]} tracing = "0.1" uuid = { version = "1.0", features = ["v4", "serde"] } warpgate-common = { version = "*", path = "../warpgate-common" } +warpgate-core = { version = "*", path = "../warpgate-core" } warpgate-db-entities = { version = "*", path = "../warpgate-db-entities" } warpgate-protocol-ssh = { version = "*", path = "../warpgate-protocol-ssh" } regex = "1.6" diff --git a/warpgate-admin/src/api/recordings_detail.rs b/warpgate-admin/src/api/recordings_detail.rs index 22c70e3..317ed41 100644 --- a/warpgate-admin/src/api/recordings_detail.rs +++ b/warpgate-admin/src/api/recordings_detail.rs @@ -16,7 +16,7 @@ use tokio::io::{AsyncBufReadExt, BufReader}; use tokio::sync::Mutex; use tracing::*; use uuid::Uuid; -use warpgate_common::recordings::{AsciiCast, SessionRecordings, TerminalRecordingItem}; +use warpgate_core::recordings::{AsciiCast, SessionRecordings, TerminalRecordingItem}; use warpgate_db_entities::Recording::{self, RecordingKind}; pub struct Api; diff --git a/warpgate-admin/src/api/sessions_detail.rs b/warpgate-admin/src/api/sessions_detail.rs index e6d765d..cc84fc5 100644 --- a/warpgate-admin/src/api/sessions_detail.rs +++ b/warpgate-admin/src/api/sessions_detail.rs @@ -7,7 +7,7 @@ use poem_openapi::{ApiResponse, OpenApi}; use sea_orm::{ColumnTrait, DatabaseConnection, EntityTrait, QueryFilter, QueryOrder}; use tokio::sync::Mutex; use uuid::Uuid; -use warpgate_common::{SessionSnapshot, State}; +use warpgate_core::{SessionSnapshot, State}; use warpgate_db_entities::{Recording, Session}; pub struct Api; diff --git a/warpgate-admin/src/api/sessions_list.rs b/warpgate-admin/src/api/sessions_list.rs index db80fc3..6af56ad 100644 --- a/warpgate-admin/src/api/sessions_list.rs +++ b/warpgate-admin/src/api/sessions_list.rs @@ -10,7 +10,7 @@ use poem_openapi::payload::Json; use poem_openapi::{ApiResponse, OpenApi}; use sea_orm::{ColumnTrait, DatabaseConnection, EntityTrait, QueryFilter, QueryOrder}; use tokio::sync::Mutex; -use warpgate_common::{SessionSnapshot, State}; +use warpgate_core::{SessionSnapshot, State}; use super::pagination::{PaginatedResponse, PaginationParams}; diff --git a/warpgate-admin/src/api/targets_list.rs b/warpgate-admin/src/api/targets_list.rs index b489f1f..a5e7199 100644 --- a/warpgate-admin/src/api/targets_list.rs +++ b/warpgate-admin/src/api/targets_list.rs @@ -4,7 +4,8 @@ use poem::web::Data; use poem_openapi::payload::Json; use poem_openapi::{ApiResponse, OpenApi}; use tokio::sync::Mutex; -use warpgate_common::{ConfigProvider, Target}; +use warpgate_common::Target; +use warpgate_core::ConfigProvider; pub struct Api; diff --git a/warpgate-admin/src/api/users_list.rs b/warpgate-admin/src/api/users_list.rs index d63dc1b..3383b07 100644 --- a/warpgate-admin/src/api/users_list.rs +++ b/warpgate-admin/src/api/users_list.rs @@ -4,7 +4,7 @@ use poem::web::Data; use poem_openapi::payload::Json; use poem_openapi::{ApiResponse, OpenApi}; use tokio::sync::Mutex; -use warpgate_common::{ConfigProvider, UserSnapshot}; +use warpgate_core::{ConfigProvider, UserSnapshot}; pub struct Api; diff --git a/warpgate-admin/src/lib.rs b/warpgate-admin/src/lib.rs index dfa85fe..a6555f7 100644 --- a/warpgate-admin/src/lib.rs +++ b/warpgate-admin/src/lib.rs @@ -2,7 +2,7 @@ mod api; use poem::{EndpointExt, IntoEndpoint, Route}; use poem_openapi::OpenApiService; -use warpgate_common::Services; +use warpgate_core::Services; pub fn admin_api_app(services: &Services) -> impl IntoEndpoint { let api_service = OpenApiService::new( diff --git a/warpgate-common/Cargo.toml b/warpgate-common/Cargo.toml index 39bd993..6fab95e 100644 --- a/warpgate-common/Cargo.toml +++ b/warpgate-common/Cargo.toml @@ -42,8 +42,6 @@ tracing-core = "0.1" tracing-subscriber = "0.3" url = "2.2" uuid = { version = "1.0", features = ["v4", "serde"] } -warpgate-db-entities = { version = "*", path = "../warpgate-db-entities" } -warpgate-db-migrations = { version = "*", path = "../warpgate-db-migrations" } warpgate-sso = { version = "*", path = "../warpgate-sso" } rustls = { version = "0.20", features = ["dangerous_configuration"] } rustls-pemfile = "1.0" diff --git a/warpgate-common/src/auth/mod.rs b/warpgate-common/src/auth/mod.rs index 5dbdb82..e9d205e 100644 --- a/warpgate-common/src/auth/mod.rs +++ b/warpgate-common/src/auth/mod.rs @@ -2,9 +2,7 @@ mod cred; mod policy; mod selector; mod state; -mod store; pub use cred::*; pub use policy::*; pub use selector::*; pub use state::*; -pub use store::*; diff --git a/warpgate-common/src/auth/state.rs b/warpgate-common/src/auth/state.rs index 41617e9..897afdf 100644 --- a/warpgate-common/src/auth/state.rs +++ b/warpgate-common/src/auth/state.rs @@ -1,7 +1,15 @@ +use std::collections::HashSet; + use uuid::Uuid; -use super::{AuthCredential, CredentialPolicy, CredentialPolicyResponse}; -use crate::AuthResult; +use super::{AuthCredential, CredentialKind, CredentialPolicy, CredentialPolicyResponse}; + +#[derive(Debug, Clone)] +pub enum AuthResult { + Accepted { username: String }, + Need(HashSet), + Rejected, +} pub struct AuthState { id: Uuid, @@ -13,7 +21,7 @@ pub struct AuthState { } impl AuthState { - pub(crate) fn new( + pub fn new( id: Uuid, username: String, protocol: String, diff --git a/warpgate-common/src/lib.rs b/warpgate-common/src/lib.rs index 82b1f60..b3fb2e2 100644 --- a/warpgate-common/src/lib.rs +++ b/warpgate-common/src/lib.rs @@ -1,29 +1,16 @@ #![feature(let_else, drain_filter, duration_constants)] pub mod auth; mod config; -mod config_providers; pub mod consts; -mod data; -pub mod db; mod error; pub mod eventhub; pub mod helpers; -pub mod logging; -mod protocols; -pub mod recordings; -mod services; -mod state; mod tls; mod try_macro; mod types; pub use config::*; -pub use config_providers::*; -pub use data::*; pub use error::WarpgateError; -pub use protocols::*; -pub use services::*; -pub use state::{SessionState, SessionStateInit, State}; pub use tls::*; pub use try_macro::*; pub use types::*; diff --git a/warpgate-core/Cargo.toml b/warpgate-core/Cargo.toml new file mode 100644 index 0000000..be81f09 --- /dev/null +++ b/warpgate-core/Cargo.toml @@ -0,0 +1,52 @@ +[package] +edition = "2021" +license = "Apache-2.0" +name = "warpgate-core" +version = "0.5.0" + +[dependencies] +warpgate-common = { version = "*", path = "../warpgate-common" } +warpgate-db-entities = { version = "*", path = "../warpgate-db-entities" } +warpgate-db-migrations = { version = "*", path = "../warpgate-db-migrations" } + +anyhow = "1.0" +argon2 = "0.4" +async-trait = "0.1" +bytes = "1.2" +chrono = { version = "0.4", features = ["serde"] } +data-encoding = "2.3" +humantime-serde = "1.1" +lazy_static = "1.4" +futures = "0.3" +once_cell = "1.10" +packet = "0.1" +password-hash = "0.4" +poem = { version = "^1.3.37", features = ["rustls"] } +poem-openapi = { version = "^2.0.6", features = [ + "swagger-ui", + "chrono", + "uuid", + "static-files", +] } +rand = "0.8" +rand_chacha = "0.3" +rand_core = { version = "0.6", features = ["std"] } +sea-orm = { version = "^0.9", features = [ + "sqlx-sqlite", + "runtime-tokio-native-tls", + "macros", +], default-features = false } +serde = "1.0" +serde_json = "1.0" +thiserror = "1.0" +tokio = { version = "1.20", features = ["tracing"] } +totp-rs = { version = "3.0", features = ["otpauth"] } +tracing = "0.1" +tracing-core = "0.1" +tracing-subscriber = "0.3" +url = "2.2" +uuid = { version = "1.0", features = ["v4", "serde"] } +warpgate-sso = { version = "*", path = "../warpgate-sso" } +rustls = { version = "0.20", features = ["dangerous_configuration"] } +rustls-pemfile = "1.0" +webpki = "0.22" diff --git a/warpgate-common/src/auth/store.rs b/warpgate-core/src/auth_state_store.rs similarity index 95% rename from warpgate-common/src/auth/store.rs rename to warpgate-core/src/auth_state_store.rs index d3a8b8c..6a4c953 100644 --- a/warpgate-common/src/auth/store.rs +++ b/warpgate-core/src/auth_state_store.rs @@ -5,9 +5,10 @@ use std::time::{Duration, Instant}; use once_cell::sync::Lazy; use tokio::sync::{broadcast, Mutex}; use uuid::Uuid; +use warpgate_common::auth::{AuthResult, AuthState}; +use warpgate_common::WarpgateError; -use super::AuthState; -use crate::{AuthResult, ConfigProvider, WarpgateError}; +use crate::ConfigProvider; #[allow(clippy::unwrap_used)] pub static TIMEOUT: Lazy = Lazy::new(|| Duration::from_secs(60 * 10)); diff --git a/warpgate-common/src/config_providers/file.rs b/warpgate-core/src/config_providers/file.rs similarity index 88% rename from warpgate-common/src/config_providers/file.rs rename to warpgate-core/src/config_providers/file.rs index 6a87a86..a49d1fb 100644 --- a/warpgate-common/src/config_providers/file.rs +++ b/warpgate-core/src/config_providers/file.rs @@ -3,34 +3,26 @@ use std::sync::Arc; use async_trait::async_trait; use data_encoding::BASE64; -use sea_orm::ActiveValue::Set; -use sea_orm::{ActiveModelTrait, DatabaseConnection, EntityTrait}; use tokio::sync::Mutex; use tracing::*; -use uuid::Uuid; -use warpgate_db_entities::Ticket; - -use super::ConfigProvider; -use crate::auth::{ +use warpgate_common::auth::{ AllCredentialsPolicy, AnySingleCredentialPolicy, AuthCredential, CredentialKind, CredentialPolicy, PerProtocolCredentialPolicy, }; -use crate::helpers::hash::verify_password_hash; -use crate::helpers::otp::verify_totp; -use crate::{Target, User, UserAuthCredential, UserSnapshot, WarpgateConfig, WarpgateError}; +use warpgate_common::helpers::hash::verify_password_hash; +use warpgate_common::helpers::otp::verify_totp; +use warpgate_common::{Target, User, UserAuthCredential, WarpgateConfig, WarpgateError}; + +use super::ConfigProvider; +use crate::UserSnapshot; pub struct FileConfigProvider { - db: Arc>, config: Arc>, } impl FileConfigProvider { - pub async fn new( - db: &Arc>, - config: &Arc>, - ) -> Self { + pub async fn new(config: &Arc>) -> Self { Self { - db: db.clone(), config: config.clone(), } } @@ -284,20 +276,4 @@ impl ConfigProvider for FileConfigProvider { Ok(intersect) } - - async fn consume_ticket(&mut self, ticket_id: &Uuid) -> Result<(), WarpgateError> { - let db = self.db.lock().await; - let ticket = Ticket::Entity::find_by_id(*ticket_id).one(&*db).await?; - let Some(ticket) = ticket else { - return Err(WarpgateError::InvalidTicket(*ticket_id)); - }; - - if let Some(uses_left) = ticket.uses_left { - let mut model: Ticket::ActiveModel = ticket.into(); - model.uses_left = Set(Some(uses_left - 1)); - model.update(&*db).await?; - } - - Ok(()) - } } diff --git a/warpgate-common/src/config_providers/mod.rs b/warpgate-core/src/config_providers/mod.rs similarity index 71% rename from warpgate-common/src/config_providers/mod.rs rename to warpgate-core/src/config_providers/mod.rs index f23d1c5..dd1ffe9 100644 --- a/warpgate-common/src/config_providers/mod.rs +++ b/warpgate-core/src/config_providers/mod.rs @@ -1,24 +1,18 @@ mod file; -use std::collections::HashSet; use std::sync::Arc; use async_trait::async_trait; pub use file::FileConfigProvider; -use sea_orm::{ColumnTrait, DatabaseConnection, EntityTrait, QueryFilter}; +use sea_orm::ActiveValue::Set; +use sea_orm::{ActiveModelTrait, ColumnTrait, DatabaseConnection, EntityTrait, QueryFilter}; use tokio::sync::Mutex; use tracing::*; use uuid::Uuid; +use warpgate_common::auth::{AuthCredential, CredentialPolicy}; +use warpgate_common::{Secret, Target, WarpgateError}; use warpgate_db_entities::Ticket; -use crate::auth::{AuthCredential, CredentialKind, CredentialPolicy}; -use crate::{Secret, Target, UserSnapshot, WarpgateError}; - -#[derive(Debug, Clone)] -pub enum AuthResult { - Accepted { username: String }, - Need(HashSet), - Rejected, -} +use crate::UserSnapshot; #[async_trait] pub trait ConfigProvider { @@ -47,8 +41,6 @@ pub trait ConfigProvider { username: &str, target: &str, ) -> Result; - - async fn consume_ticket(&mut self, ticket_id: &Uuid) -> Result<(), WarpgateError>; } //TODO: move this somewhere @@ -85,3 +77,22 @@ pub async fn authorize_ticket( } } } + +pub async fn consume_ticket( + db: &Arc>, + ticket_id: &Uuid, +) -> Result<(), WarpgateError> { + let db = db.lock().await; + let ticket = Ticket::Entity::find_by_id(*ticket_id).one(&*db).await?; + let Some(ticket) = ticket else { + return Err(WarpgateError::InvalidTicket(*ticket_id)); + }; + + if let Some(uses_left) = ticket.uses_left { + let mut model: Ticket::ActiveModel = ticket.into(); + model.uses_left = Set(Some(uses_left - 1)); + model.update(&*db).await?; + } + + Ok(()) +} diff --git a/warpgate-common/src/data.rs b/warpgate-core/src/data.rs similarity index 92% rename from warpgate-common/src/data.rs rename to warpgate-core/src/data.rs index d3baf9b..83ca1e1 100644 --- a/warpgate-common/src/data.rs +++ b/warpgate-core/src/data.rs @@ -2,9 +2,8 @@ use chrono::{DateTime, Utc}; use poem_openapi::Object; use serde::{Deserialize, Serialize}; use uuid::Uuid; -use warpgate_db_entities::Session; - -use crate::{SessionId, Target, User}; +use warpgate_db_entities::{Session}; +use warpgate_common::{SessionId, Target, User}; #[derive(Serialize, Deserialize, Object)] pub struct SessionSnapshot { diff --git a/warpgate-common/src/db/mod.rs b/warpgate-core/src/db/mod.rs similarity index 97% rename from warpgate-common/src/db/mod.rs rename to warpgate-core/src/db/mod.rs index 59cf416..b647408 100644 --- a/warpgate-common/src/db/mod.rs +++ b/warpgate-core/src/db/mod.rs @@ -5,12 +5,11 @@ use sea_orm::sea_query::Expr; use sea_orm::{ ConnectOptions, Database, DatabaseConnection, EntityTrait, QueryFilter, TransactionTrait, }; +use warpgate_common::helpers::fs::secure_file; +use warpgate_common::WarpgateConfig; use warpgate_db_entities::LogEntry; use warpgate_db_migrations::migrate_database; -use crate::helpers::fs::secure_file; -use crate::WarpgateConfig; - pub async fn connect_to_db(config: &WarpgateConfig) -> Result { let mut url = url::Url::parse(&config.store.database_url.expose_secret()[..])?; if url.scheme() == "sqlite" { diff --git a/warpgate-common/src/db/uuid.rs b/warpgate-core/src/db/uuid.rs similarity index 100% rename from warpgate-common/src/db/uuid.rs rename to warpgate-core/src/db/uuid.rs diff --git a/warpgate-core/src/lib.rs b/warpgate-core/src/lib.rs new file mode 100644 index 0000000..d5264bc --- /dev/null +++ b/warpgate-core/src/lib.rs @@ -0,0 +1,16 @@ +#![feature(let_else, drain_filter, duration_constants)] +mod data; +mod state; +pub use data::*; +pub use state::{SessionState, SessionStateInit, State}; +mod config_providers; +pub use config_providers::*; +pub mod db; +mod protocols; +pub use protocols::*; +pub mod recordings; +mod services; +pub use services::*; +mod auth_state_store; +pub use auth_state_store::*; +pub mod logging; diff --git a/warpgate-common/src/logging/database.rs b/warpgate-core/src/logging/database.rs similarity index 100% rename from warpgate-common/src/logging/database.rs rename to warpgate-core/src/logging/database.rs diff --git a/warpgate-common/src/logging/layer.rs b/warpgate-core/src/logging/layer.rs similarity index 100% rename from warpgate-common/src/logging/layer.rs rename to warpgate-core/src/logging/layer.rs diff --git a/warpgate-common/src/logging/mod.rs b/warpgate-core/src/logging/mod.rs similarity index 100% rename from warpgate-common/src/logging/mod.rs rename to warpgate-core/src/logging/mod.rs index fbc9782..9164ec9 100644 --- a/warpgate-common/src/logging/mod.rs +++ b/warpgate-core/src/logging/mod.rs @@ -1,7 +1,7 @@ -mod database; mod layer; mod socket; mod values; -pub use database::{install_database_logger, make_database_logger_layer}; pub use socket::make_socket_logger_layer; +mod database; +pub use database::{install_database_logger, make_database_logger_layer}; diff --git a/warpgate-common/src/logging/socket.rs b/warpgate-core/src/logging/socket.rs similarity index 98% rename from warpgate-common/src/logging/socket.rs rename to warpgate-core/src/logging/socket.rs index c819f53..cca4459 100644 --- a/warpgate-common/src/logging/socket.rs +++ b/warpgate-core/src/logging/socket.rs @@ -6,7 +6,7 @@ use tracing_subscriber::registry::LookupSpan; use tracing_subscriber::Layer; use super::layer::ValuesLogLayer; -use crate::WarpgateConfig; +use warpgate_common::WarpgateConfig; static SKIP_KEY: &str = "is_socket_logging_error"; diff --git a/warpgate-common/src/logging/values.rs b/warpgate-core/src/logging/values.rs similarity index 100% rename from warpgate-common/src/logging/values.rs rename to warpgate-core/src/logging/values.rs diff --git a/warpgate-common/src/protocols/handle.rs b/warpgate-core/src/protocols/handle.rs similarity index 96% rename from warpgate-common/src/protocols/handle.rs rename to warpgate-core/src/protocols/handle.rs index 1a3fa93..5787054 100644 --- a/warpgate-common/src/protocols/handle.rs +++ b/warpgate-core/src/protocols/handle.rs @@ -2,9 +2,10 @@ use std::sync::Arc; use sea_orm::{ColumnTrait, DatabaseConnection, EntityTrait, QueryFilter}; use tokio::sync::Mutex; +use warpgate_common::{SessionId, Target, WarpgateError}; use warpgate_db_entities::Session; -use crate::{SessionId, SessionState, State, Target, WarpgateError}; +use crate::{SessionState, State}; pub trait SessionHandle { fn close(&mut self); diff --git a/warpgate-common/src/protocols/mod.rs b/warpgate-core/src/protocols/mod.rs similarity index 95% rename from warpgate-common/src/protocols/mod.rs rename to warpgate-core/src/protocols/mod.rs index 675eeee..a36c02a 100644 --- a/warpgate-common/src/protocols/mod.rs +++ b/warpgate-core/src/protocols/mod.rs @@ -4,8 +4,7 @@ use std::net::SocketAddr; use anyhow::Result; use async_trait::async_trait; pub use handle::{SessionHandle, WarpgateServerHandle}; - -use crate::Target; +use warpgate_common::Target; #[derive(Debug, thiserror::Error)] pub enum TargetTestError { diff --git a/warpgate-common/src/recordings/mod.rs b/warpgate-core/src/recordings/mod.rs similarity index 95% rename from warpgate-common/src/recordings/mod.rs rename to warpgate-core/src/recordings/mod.rs index fe0b173..11a665d 100644 --- a/warpgate-common/src/recordings/mod.rs +++ b/warpgate-core/src/recordings/mod.rs @@ -7,9 +7,9 @@ use sea_orm::{ActiveModelTrait, DatabaseConnection}; use tokio::sync::{broadcast, Mutex}; use tracing::*; use uuid::Uuid; +use warpgate_common::helpers::fs::secure_directory; +use warpgate_common::{RecordingsConfig, SessionId, WarpgateConfig}; use warpgate_db_entities::Recording::{self, RecordingKind}; - -use crate::{RecordingsConfig, SessionId, WarpgateConfig}; mod terminal; mod traffic; mod writer; @@ -58,7 +58,7 @@ impl SessionRecordings { path.push(&config.store.recordings.path); if config.store.recordings.enable { std::fs::create_dir_all(&path)?; - crate::helpers::fs::secure_directory(&path)?; + secure_directory(&path)?; } Ok(Self { db, diff --git a/warpgate-common/src/recordings/terminal.rs b/warpgate-core/src/recordings/terminal.rs similarity index 97% rename from warpgate-common/src/recordings/terminal.rs rename to warpgate-core/src/recordings/terminal.rs index a6bffbc..6ed8f7f 100644 --- a/warpgate-common/src/recordings/terminal.rs +++ b/warpgate-core/src/recordings/terminal.rs @@ -39,7 +39,7 @@ pub enum TerminalRecordingItem { time: f32, #[serde(default)] stream: TerminalRecordingStreamId, - #[serde(with = "crate::helpers::serde_base64")] + #[serde(with = "warpgate_common::helpers::serde_base64")] data: Bytes, }, PtyResize { diff --git a/warpgate-common/src/recordings/traffic.rs b/warpgate-core/src/recordings/traffic.rs similarity index 100% rename from warpgate-common/src/recordings/traffic.rs rename to warpgate-core/src/recordings/traffic.rs diff --git a/warpgate-common/src/recordings/writer.rs b/warpgate-core/src/recordings/writer.rs similarity index 97% rename from warpgate-common/src/recordings/writer.rs rename to warpgate-core/src/recordings/writer.rs index 0b5f209..86d86db 100644 --- a/warpgate-common/src/recordings/writer.rs +++ b/warpgate-core/src/recordings/writer.rs @@ -10,11 +10,11 @@ use tokio::io::{AsyncWriteExt, BufWriter}; use tokio::sync::{broadcast, mpsc, Mutex}; use tracing::*; use uuid::Uuid; +use warpgate_common::helpers::fs::secure_file; +use warpgate_common::try_block; use warpgate_db_entities::Recording; use super::{Error, Result}; -use crate::helpers::fs::secure_file; -use crate::try_block; #[derive(Clone)] pub struct RecordingWriter { diff --git a/warpgate-common/src/services.rs b/warpgate-core/src/services.rs similarity index 92% rename from warpgate-common/src/services.rs rename to warpgate-core/src/services.rs index 9bc5989..8935c44 100644 --- a/warpgate-common/src/services.rs +++ b/warpgate-core/src/services.rs @@ -4,11 +4,11 @@ use std::time::Duration; use anyhow::Result; use sea_orm::DatabaseConnection; use tokio::sync::Mutex; +use warpgate_common::WarpgateConfig; -use crate::auth::AuthStateStore; use crate::db::{connect_to_db, sanitize_db}; use crate::recordings::SessionRecordings; -use crate::{ConfigProvider, FileConfigProvider, State, WarpgateConfig}; +use crate::{AuthStateStore, ConfigProvider, FileConfigProvider, State}; #[derive(Clone)] pub struct Services { @@ -30,7 +30,7 @@ impl Services { let recordings = Arc::new(Mutex::new(recordings)); let config = Arc::new(Mutex::new(config)); - let config_provider = Arc::new(Mutex::new(FileConfigProvider::new(&db, &config).await)); + let config_provider = Arc::new(Mutex::new(FileConfigProvider::new(&config).await)); let auth_state_store = Arc::new(Mutex::new(AuthStateStore::new(config_provider.clone()))); diff --git a/warpgate-common/src/state.rs b/warpgate-core/src/state.rs similarity index 97% rename from warpgate-common/src/state.rs rename to warpgate-core/src/state.rs index da607b0..a9d1cb4 100644 --- a/warpgate-common/src/state.rs +++ b/warpgate-core/src/state.rs @@ -7,9 +7,10 @@ use sea_orm::{ActiveModelTrait, DatabaseConnection, EntityTrait}; use tokio::sync::{broadcast, Mutex}; use tracing::*; use uuid::Uuid; +use warpgate_common::{SessionId, ProtocolName, Target}; use warpgate_db_entities::Session; -use crate::{ProtocolName, SessionHandle, SessionId, Target, WarpgateServerHandle}; +use crate::{SessionHandle, WarpgateServerHandle}; pub struct State { pub sessions: HashMap>>, diff --git a/warpgate-db-entities/Cargo.toml b/warpgate-db-entities/Cargo.toml index 053926e..b13f966 100644 --- a/warpgate-db-entities/Cargo.toml +++ b/warpgate-db-entities/Cargo.toml @@ -11,3 +11,4 @@ sea-orm = {version = "^0.9", features = ["macros", "with-chrono", "with-uuid", " serde = "1.0" serde_json = "1.0" uuid = {version = "1.0", features = ["v4", "serde"]} +warpgate-common = { version = "*", path = "../warpgate-common" } diff --git a/warpgate-protocol-http/Cargo.toml b/warpgate-protocol-http/Cargo.toml index 532d8f9..e374b63 100644 --- a/warpgate-protocol-http/Cargo.toml +++ b/warpgate-protocol-http/Cargo.toml @@ -24,6 +24,7 @@ tokio-tungstenite = {version = "0.17", features = ["rustls-tls-native-roots"]} tracing = "0.1" warpgate-admin = {version = "*", path = "../warpgate-admin"} warpgate-common = {version = "*", path = "../warpgate-common"} +warpgate-core = {version = "*", path = "../warpgate-core"} warpgate-db-entities = {version = "*", path = "../warpgate-db-entities"} warpgate-web = {version = "*", path = "../warpgate-web"} warpgate-sso = {version = "*", path = "../warpgate-sso"} diff --git a/warpgate-protocol-http/src/api/auth.rs b/warpgate-protocol-http/src/api/auth.rs index bba662d..563e687 100644 --- a/warpgate-protocol-http/src/api/auth.rs +++ b/warpgate-protocol-http/src/api/auth.rs @@ -9,8 +9,9 @@ use poem_openapi::{ApiResponse, Enum, Object, OpenApi}; use tokio::sync::Mutex; use tracing::*; use uuid::Uuid; -use warpgate_common::auth::{AuthCredential, AuthState, CredentialKind}; -use warpgate_common::{AuthResult, Secret, Services, WarpgateError}; +use warpgate_common::auth::{AuthCredential, AuthState, CredentialKind, AuthResult}; +use warpgate_core::{Services}; +use warpgate_common::{Secret, WarpgateError}; use crate::common::{ authorize_session, endpoint_auth, get_auth_state_for_request, SessionAuthorization, SessionExt, diff --git a/warpgate-protocol-http/src/api/info.rs b/warpgate-protocol-http/src/api/info.rs index ed986c6..d7e5186 100644 --- a/warpgate-protocol-http/src/api/info.rs +++ b/warpgate-protocol-http/src/api/info.rs @@ -4,7 +4,7 @@ use poem::Request; use poem_openapi::payload::Json; use poem_openapi::{ApiResponse, Object, OpenApi}; use serde::Serialize; -use warpgate_common::Services; +use warpgate_core::Services; use crate::common::{SessionAuthorization, SessionExt}; diff --git a/warpgate-protocol-http/src/api/sso_provider_detail.rs b/warpgate-protocol-http/src/api/sso_provider_detail.rs index ee64d58..6536561 100644 --- a/warpgate-protocol-http/src/api/sso_provider_detail.rs +++ b/warpgate-protocol-http/src/api/sso_provider_detail.rs @@ -5,7 +5,7 @@ use poem_openapi::param::{Path, Query}; use poem_openapi::payload::Json; use poem_openapi::{ApiResponse, Object, OpenApi}; use serde::{Deserialize, Serialize}; -use warpgate_common::Services; +use warpgate_core::Services; use warpgate_sso::{SsoClient, SsoLoginRequest}; pub struct Api; diff --git a/warpgate-protocol-http/src/api/sso_provider_list.rs b/warpgate-protocol-http/src/api/sso_provider_list.rs index 27524cc..9672177 100644 --- a/warpgate-protocol-http/src/api/sso_provider_list.rs +++ b/warpgate-protocol-http/src/api/sso_provider_list.rs @@ -5,8 +5,8 @@ use poem_openapi::param::Query; use poem_openapi::payload::{Json, Response}; use poem_openapi::{ApiResponse, Enum, Object, OpenApi}; use tracing::*; -use warpgate_common::auth::AuthCredential; -use warpgate_common::{AuthResult, Services}; +use warpgate_common::auth::{AuthCredential, AuthResult}; +use warpgate_core::Services; use warpgate_sso::SsoInternalProviderConfig; use super::sso_provider_detail::{SsoContext, SSO_CONTEXT_SESSION_KEY}; @@ -120,7 +120,8 @@ impl Api { }; let mut auth_state_store = services.auth_state_store.lock().await; - let state_arc = get_auth_state_for_request(&username, session, &mut auth_state_store).await?; + let state_arc = + get_auth_state_for_request(&username, session, &mut auth_state_store).await?; let mut state = state_arc.lock().await; let mut cp = services.config_provider.lock().await; diff --git a/warpgate-protocol-http/src/api/targets_list.rs b/warpgate-protocol-http/src/api/targets_list.rs index 16f8837..06ef78a 100644 --- a/warpgate-protocol-http/src/api/targets_list.rs +++ b/warpgate-protocol-http/src/api/targets_list.rs @@ -1,33 +1,27 @@ use futures::{stream, StreamExt}; use poem::web::Data; use poem_openapi::payload::Json; -use poem_openapi::{ApiResponse, Enum, Object, OpenApi}; +use poem_openapi::{ApiResponse, Object, OpenApi}; use serde::Serialize; -use warpgate_common::{Services, TargetOptions}; +use warpgate_db_entities::Target; +use warpgate_common::{TargetOptions}; +use warpgate_core::{Services}; use crate::common::{endpoint_auth, SessionAuthorization}; pub struct Api; -#[derive(Debug, Serialize, Clone, Enum)] -pub enum TargetKind { - Http, - MySql, - Ssh, - WebAdmin, -} - #[derive(Debug, Serialize, Clone, Object)] -pub struct Target { +pub struct TargetSnapshot { pub name: String, - pub kind: TargetKind, + pub kind: Target::TargetKind, pub external_host: Option, } #[derive(ApiResponse)] enum GetTargetsResponse { #[oai(status = 200)] - Ok(Json>), + Ok(Json>), } #[OpenApi] @@ -75,13 +69,13 @@ impl Api { Ok(GetTargetsResponse::Ok(Json( targets .into_iter() - .map(|t| Target { + .map(|t| TargetSnapshot { name: t.name.clone(), kind: match t.options { - TargetOptions::Ssh(_) => TargetKind::Ssh, - TargetOptions::Http(_) => TargetKind::Http, - TargetOptions::MySql(_) => TargetKind::MySql, - TargetOptions::WebAdmin(_) => TargetKind::WebAdmin, + TargetOptions::Ssh(_) => Target::TargetKind::Ssh, + TargetOptions::Http(_) => Target::TargetKind::Http, + TargetOptions::MySql(_) => Target::TargetKind::MySql, + TargetOptions::WebAdmin(_) => Target::TargetKind::WebAdmin, }, external_host: match t.options { TargetOptions::Http(ref opt) => opt.external_host.clone(), diff --git a/warpgate-protocol-http/src/catchall.rs b/warpgate-protocol-http/src/catchall.rs index 9bf9127..e9eaae5 100644 --- a/warpgate-protocol-http/src/catchall.rs +++ b/warpgate-protocol-http/src/catchall.rs @@ -7,7 +7,8 @@ use poem::{handler, Body, IntoResponse, Request, Response}; use serde::Deserialize; use tokio::sync::Mutex; use tracing::*; -use warpgate_common::{Services, Target, TargetHTTPOptions, TargetOptions, WarpgateServerHandle}; +use warpgate_common::{Target, TargetHTTPOptions, TargetOptions}; +use warpgate_core::{Services, WarpgateServerHandle}; use crate::common::{gateway_redirect, SessionAuthorization, SessionExt}; use crate::proxy::{proxy_normal_request, proxy_websocket_request}; diff --git a/warpgate-protocol-http/src/common.rs b/warpgate-protocol-http/src/common.rs index 3a506e3..a8596a7 100644 --- a/warpgate-protocol-http/src/common.rs +++ b/warpgate-protocol-http/src/common.rs @@ -10,8 +10,9 @@ use serde::{Deserialize, Serialize}; use tokio::sync::Mutex; use tracing::*; use uuid::Uuid; -use warpgate_common::auth::{AuthState, AuthStateStore}; -use warpgate_common::{ProtocolName, Services, TargetOptions, WarpgateError}; +use warpgate_common::auth::{AuthState}; +use warpgate_common::{ProtocolName, TargetOptions, WarpgateError}; +use warpgate_core::{AuthStateStore, Services}; use crate::session::SessionStore; diff --git a/warpgate-protocol-http/src/lib.rs b/warpgate-protocol-http/src/lib.rs index c3917b2..37830fa 100644 --- a/warpgate-protocol-http/src/lib.rs +++ b/warpgate-protocol-http/src/lib.rs @@ -30,12 +30,14 @@ use tokio::sync::Mutex; use tracing::*; use warpgate_admin::admin_api_app; use warpgate_common::{ - ProtocolServer, Services, Target, TargetOptions, TargetTestError, TlsCertificateAndPrivateKey, - TlsCertificateBundle, TlsPrivateKey, + Target, TargetOptions, TlsCertificateAndPrivateKey, TlsCertificateBundle, TlsPrivateKey, }; +use warpgate_core::{ProtocolServer, Services, TargetTestError}; use warpgate_web::Assets; -use crate::common::{endpoint_admin_auth, endpoint_auth, page_auth, COOKIE_MAX_AGE, SESSION_COOKIE_NAME}; +use crate::common::{ + endpoint_admin_auth, endpoint_auth, page_auth, COOKIE_MAX_AGE, SESSION_COOKIE_NAME, +}; use crate::error::error_page; use crate::middleware::{CookieHostMiddleware, TicketMiddleware}; use crate::session::{SessionStore, SharedSessionStorage}; diff --git a/warpgate-protocol-http/src/middleware/ticket.rs b/warpgate-protocol-http/src/middleware/ticket.rs index fb5e54e..fa8afa2 100644 --- a/warpgate-protocol-http/src/middleware/ticket.rs +++ b/warpgate-protocol-http/src/middleware/ticket.rs @@ -3,9 +3,10 @@ use poem::session::Session; use poem::web::{Data, FromRequest}; use poem::{Endpoint, Middleware, Request}; use serde::Deserialize; -use warpgate_common::{authorize_ticket, Secret, Services}; +use warpgate_common::Secret; +use warpgate_core::{authorize_ticket, consume_ticket, Services}; -use crate::common::{SessionExt}; +use crate::common::SessionExt; pub struct TicketMiddleware {} @@ -64,9 +65,9 @@ impl Endpoint for TicketMiddlewareEndpoint { if let Some(ticket_model) = { let ticket = Secret::new(ticket); - let mut cp = services.config_provider.lock().await; + let cp = services.config_provider.lock().await; if let Some(res) = authorize_ticket(&services.db, &ticket).await? { - cp.consume_ticket(&res.id).await?; + consume_ticket(&services.db, &res.id).await?; Some(res) } else { None diff --git a/warpgate-protocol-http/src/session.rs b/warpgate-protocol-http/src/session.rs index d7b44a8..f18129c 100644 --- a/warpgate-protocol-http/src/session.rs +++ b/warpgate-protocol-http/src/session.rs @@ -9,7 +9,8 @@ use poem::{FromRequest, Request}; use serde_json::Value; use tokio::sync::Mutex; use tracing::*; -use warpgate_common::{Services, SessionId, SessionStateInit, WarpgateServerHandle}; +use warpgate_common::SessionId; +use warpgate_core::{Services, SessionStateInit, WarpgateServerHandle}; use crate::common::{PROTOCOL_NAME, SESSION_MAX_AGE}; use crate::session_handle::{ diff --git a/warpgate-protocol-http/src/session_handle.rs b/warpgate-protocol-http/src/session_handle.rs index 4736c38..ed8a697 100644 --- a/warpgate-protocol-http/src/session_handle.rs +++ b/warpgate-protocol-http/src/session_handle.rs @@ -6,7 +6,7 @@ use poem::session::Session; use poem::web::Data; use poem::{FromRequest, Request, RequestBody}; use tokio::sync::{mpsc, Mutex}; -use warpgate_common::{SessionHandle, WarpgateServerHandle}; +use warpgate_core::{SessionHandle, WarpgateServerHandle}; use crate::session::SessionStore; diff --git a/warpgate-protocol-mysql/Cargo.toml b/warpgate-protocol-mysql/Cargo.toml index 0d1972b..d7552ae 100644 --- a/warpgate-protocol-mysql/Cargo.toml +++ b/warpgate-protocol-mysql/Cargo.toml @@ -6,6 +6,7 @@ version = "0.5.0" [dependencies] warpgate-common = { version = "*", path = "../warpgate-common" } +warpgate-core = { version = "*", path = "../warpgate-core" } warpgate-db-entities = { version = "*", path = "../warpgate-db-entities" } warpgate-database-protocols = { version = "*", path = "../warpgate-database-protocols" } anyhow = { version = "1.0", features = ["std"] } diff --git a/warpgate-protocol-mysql/src/lib.rs b/warpgate-protocol-mysql/src/lib.rs index e091f1e..2b7d744 100644 --- a/warpgate-protocol-mysql/src/lib.rs +++ b/warpgate-protocol-mysql/src/lib.rs @@ -18,9 +18,9 @@ use rustls::ServerConfig; use tokio::net::TcpListener; use tracing::*; use warpgate_common::{ - ProtocolServer, Services, SessionStateInit, Target, TargetOptions, TargetTestError, - TlsCertificateAndPrivateKey, TlsCertificateBundle, TlsPrivateKey, + Target, TargetOptions, TlsCertificateAndPrivateKey, TlsCertificateBundle, TlsPrivateKey, }; +use warpgate_core::{ProtocolServer, Services, SessionStateInit, TargetTestError}; use crate::session::MySqlSession; use crate::session_handle::MySqlSessionHandle; diff --git a/warpgate-protocol-mysql/src/session.rs b/warpgate-protocol-mysql/src/session.rs index 537746b..7a18b10 100644 --- a/warpgate-protocol-mysql/src/session.rs +++ b/warpgate-protocol-mysql/src/session.rs @@ -7,12 +7,12 @@ use tokio::net::TcpStream; use tokio::sync::Mutex; use tracing::*; use uuid::Uuid; -use warpgate_common::auth::{AuthCredential, AuthSelector}; +use warpgate_common::auth::{AuthCredential, AuthSelector, AuthResult}; use warpgate_common::helpers::rng::get_crypto_rng; use warpgate_common::{ - authorize_ticket, AuthResult, Secret, Services, TargetMySqlOptions, TargetOptions, - WarpgateServerHandle, + Secret, TargetMySqlOptions, TargetOptions, }; +use warpgate_core::{WarpgateServerHandle, Services, authorize_ticket, consume_ticket}; use warpgate_database_protocols::io::{BufExt, Decode}; use warpgate_database_protocols::mysql::protocol::auth::AuthPlugin; use warpgate_database_protocols::mysql::protocol::connect::{ @@ -237,11 +237,7 @@ impl MySqlSession { { Some(ticket) => { info!("Authorized for {} with a ticket", ticket.target); - self.services - .config_provider - .lock() - .await - .consume_ticket(&ticket.id) + consume_ticket(&self.services.db, &ticket.id) .await .map_err(MySqlError::other)?; diff --git a/warpgate-protocol-mysql/src/session_handle.rs b/warpgate-protocol-mysql/src/session_handle.rs index 0cf6544..1d22e1e 100644 --- a/warpgate-protocol-mysql/src/session_handle.rs +++ b/warpgate-protocol-mysql/src/session_handle.rs @@ -1,5 +1,5 @@ use tokio::sync::mpsc; -use warpgate_common::SessionHandle; +use warpgate_core::SessionHandle; pub struct MySqlSessionHandle { abort_tx: mpsc::UnboundedSender<()>, diff --git a/warpgate-protocol-ssh/Cargo.toml b/warpgate-protocol-ssh/Cargo.toml index 3bb7eb8..ba231b0 100644 --- a/warpgate-protocol-ssh/Cargo.toml +++ b/warpgate-protocol-ssh/Cargo.toml @@ -21,5 +21,6 @@ tokio = {version = "1.20", features = ["tracing", "signal"]} tracing = "0.1" uuid = {version = "1.0", features = ["v4"]} warpgate-common = {version = "*", path = "../warpgate-common"} +warpgate-core = {version = "*", path = "../warpgate-core"} warpgate-db-entities = {version = "*", path = "../warpgate-db-entities"} zeroize="^1.5" diff --git a/warpgate-protocol-ssh/src/client/handler.rs b/warpgate-protocol-ssh/src/client/handler.rs index a211b89..ab5df2a 100644 --- a/warpgate-protocol-ssh/src/client/handler.rs +++ b/warpgate-protocol-ssh/src/client/handler.rs @@ -7,7 +7,8 @@ use russh_keys::PublicKeyBase64; use tokio::sync::mpsc::UnboundedSender; use tokio::sync::oneshot; use tracing::*; -use warpgate_common::{Services, SessionId, TargetSSHOptions}; +use warpgate_common::{SessionId, TargetSSHOptions}; +use warpgate_core::Services; use crate::known_hosts::{KnownHostValidationResult, KnownHosts}; use crate::ConnectionError; diff --git a/warpgate-protocol-ssh/src/client/mod.rs b/warpgate-protocol-ssh/src/client/mod.rs index cfc3e08..fa729c0 100644 --- a/warpgate-protocol-ssh/src/client/mod.rs +++ b/warpgate-protocol-ssh/src/client/mod.rs @@ -20,7 +20,8 @@ use tokio::sync::{oneshot, Mutex}; use tokio::task::JoinHandle; use tracing::*; use uuid::Uuid; -use warpgate_common::{SSHTargetAuth, Services, SessionId, TargetSSHOptions}; +use warpgate_common::{SSHTargetAuth, SessionId, TargetSSHOptions}; +use warpgate_core::Services; use self::handler::ClientHandlerEvent; use super::{ChannelOperation, DirectTCPIPParams}; diff --git a/warpgate-protocol-ssh/src/lib.rs b/warpgate-protocol-ssh/src/lib.rs index 31b8869..2f47c60 100644 --- a/warpgate-protocol-ssh/src/lib.rs +++ b/warpgate-protocol-ssh/src/lib.rs @@ -17,10 +17,8 @@ pub use keys::*; use russh_keys::PublicKeyBase64; pub use server::run_server; use uuid::Uuid; -use warpgate_common::{ - ProtocolName, ProtocolServer, Services, SshHostKeyVerificationMode, Target, TargetOptions, - TargetTestError, -}; +use warpgate_common::{ProtocolName, SshHostKeyVerificationMode, Target, TargetOptions}; +use warpgate_core::{ProtocolServer, Services, TargetTestError}; use crate::client::{RCCommand, RemoteClient}; diff --git a/warpgate-protocol-ssh/src/server/mod.rs b/warpgate-protocol-ssh/src/server/mod.rs index 0c5a1b8..eb9fdbe 100644 --- a/warpgate-protocol-ssh/src/server/mod.rs +++ b/warpgate-protocol-ssh/src/server/mod.rs @@ -13,7 +13,7 @@ pub use session::ServerSession; use tokio::io::{AsyncRead, AsyncWrite}; use tokio::net::TcpListener; use tracing::*; -use warpgate_common::{Services, SessionStateInit}; +use warpgate_core::{Services, SessionStateInit}; use crate::keys::load_host_keys; use crate::server::session_handle::SSHSessionHandle; diff --git a/warpgate-protocol-ssh/src/server/session.rs b/warpgate-protocol-ssh/src/server/session.rs index c5fe0e0..35aab49 100644 --- a/warpgate-protocol-ssh/src/server/session.rs +++ b/warpgate-protocol-ssh/src/server/session.rs @@ -17,16 +17,16 @@ use tokio::sync::mpsc::{UnboundedReceiver, UnboundedSender}; use tokio::sync::{broadcast, oneshot, Mutex}; use tracing::*; use uuid::Uuid; -use warpgate_common::auth::{AuthCredential, AuthSelector, AuthState, CredentialKind}; +use warpgate_common::auth::{AuthCredential, AuthResult, AuthSelector, AuthState, CredentialKind}; use warpgate_common::eventhub::{EventHub, EventSender}; -use warpgate_common::recordings::{ +use warpgate_common::{ + Secret, SessionId, SshHostKeyVerificationMode, Target, TargetOptions, TargetSSHOptions, +}; +use warpgate_core::recordings::{ self, ConnectionRecorder, TerminalRecorder, TerminalRecordingStreamId, TrafficConnectionParams, TrafficRecorder, }; -use warpgate_common::{ - authorize_ticket, AuthResult, Secret, Services, SessionId, SshHostKeyVerificationMode, Target, - TargetOptions, TargetSSHOptions, WarpgateServerHandle, -}; +use warpgate_core::{authorize_ticket, consume_ticket, Services, WarpgateServerHandle}; use super::service_output::ServiceOutput; use super::session_handle::SessionHandleCommand; @@ -1168,12 +1168,7 @@ impl ServerSession { match authorize_ticket(&self.services.db, secret).await? { Some(ticket) => { info!("Authorized for {} with a ticket", ticket.target); - self.services - .config_provider - .lock() - .await - .consume_ticket(&ticket.id) - .await?; + consume_ticket(&self.services.db, &ticket.id).await?; self._auth_accept(&ticket.username, &ticket.target).await; Ok(AuthResult::Accepted { username: ticket.username.clone(), diff --git a/warpgate-protocol-ssh/src/server/session_handle.rs b/warpgate-protocol-ssh/src/server/session_handle.rs index 935672a..d615440 100644 --- a/warpgate-protocol-ssh/src/server/session_handle.rs +++ b/warpgate-protocol-ssh/src/server/session_handle.rs @@ -1,5 +1,5 @@ use tokio::sync::mpsc; -use warpgate_common::SessionHandle; +use warpgate_core::SessionHandle; #[derive(Clone, Debug, PartialEq, Eq)] pub enum SessionHandleCommand { diff --git a/warpgate/Cargo.toml b/warpgate/Cargo.toml index c59fa36..796ef43 100644 --- a/warpgate/Cargo.toml +++ b/warpgate/Cargo.toml @@ -29,6 +29,7 @@ tracing = "0.1" tracing-subscriber = {version = "0.3", features = ["env-filter", "local-time"]} warpgate-admin = {version = "*", path = "../warpgate-admin"} warpgate-common = {version = "*", path = "../warpgate-common"} +warpgate-core = {version = "*", path = "../warpgate-core"} warpgate-protocol-http = {version = "*", path = "../warpgate-protocol-http"} warpgate-protocol-mysql = {version = "*", path = "../warpgate-protocol-mysql"} warpgate-protocol-ssh = {version = "*", path = "../warpgate-protocol-ssh"} diff --git a/warpgate/src/commands/run.rs b/warpgate/src/commands/run.rs index 212296b..9b954d5 100644 --- a/warpgate/src/commands/run.rs +++ b/warpgate/src/commands/run.rs @@ -6,9 +6,9 @@ use futures::StreamExt; use sd_notify::NotifyState; use tokio::signal::unix::SignalKind; use tracing::*; -use warpgate_common::db::cleanup_db; -use warpgate_common::logging::install_database_logger; -use warpgate_common::{ProtocolServer, Services}; +use warpgate_core::db::cleanup_db; +use warpgate_core::logging::install_database_logger; +use warpgate_core::{ProtocolServer, Services}; use warpgate_protocol_http::HTTPProtocolServer; use warpgate_protocol_mysql::MySQLProtocolServer; use warpgate_protocol_ssh::SSHProtocolServer; diff --git a/warpgate/src/commands/setup.rs b/warpgate/src/commands/setup.rs index 4af8dea..7143b19 100644 --- a/warpgate/src/commands/setup.rs +++ b/warpgate/src/commands/setup.rs @@ -10,9 +10,10 @@ use tracing::*; use warpgate_common::helpers::fs::{secure_directory, secure_file}; use warpgate_common::helpers::hash::hash_password; use warpgate_common::{ - HTTPConfig, ListenEndpoint, MySQLConfig, Role, SSHConfig, Secret, Services, Target, + HTTPConfig, ListenEndpoint, MySQLConfig, Role, SSHConfig, Secret, Target, TargetOptions, TargetWebAdminOptions, User, UserAuthCredential, WarpgateConfigStore, }; +use warpgate_core::Services; use crate::config::load_config; diff --git a/warpgate/src/commands/test_target.rs b/warpgate/src/commands/test_target.rs index 42c50d8..eafedd5 100644 --- a/warpgate/src/commands/test_target.rs +++ b/warpgate/src/commands/test_target.rs @@ -1,6 +1,7 @@ use anyhow::Result; use tracing::*; -use warpgate_common::{ProtocolServer, Services, Target, TargetOptions, TargetTestError}; +use warpgate_common::{Target, TargetOptions}; +use warpgate_core::{ProtocolServer, Services, TargetTestError}; use crate::config::load_config; diff --git a/warpgate/src/logging.rs b/warpgate/src/logging.rs index f007e57..ac406d9 100644 --- a/warpgate/src/logging.rs +++ b/warpgate/src/logging.rs @@ -6,7 +6,7 @@ use tracing_subscriber::fmt::time::OffsetTime; use tracing_subscriber::layer::SubscriberExt; use tracing_subscriber::util::SubscriberInitExt; use tracing_subscriber::{EnvFilter, Layer}; -use warpgate_common::logging::{make_database_logger_layer, make_socket_logger_layer}; +use warpgate_core::logging::{make_database_logger_layer, make_socket_logger_layer}; use warpgate_common::WarpgateConfig; pub async fn init_logging(config: Option<&WarpgateConfig>) {