warp-tech/warpgate
1
1
Fork 0
mirror of https://github.com/warp-tech/warpgate.git synced 2024-09-20 06:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

cargo fmt

Browse source
This commit is contained in:
Eugene 2024-03-04 10:15:15 +01:00
parent f3dc1ad668
commit bcba6763ae
No known key found for this signature in database
GPG key ID: 5896FCBBDD1CF4F4
21 changed files with 180 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
oidc-test/docker-compose.yml Normal file
View file

@ -0,0 +1,80 @@
version: '3'
services:
oidc-server-mock:
container_name: oidc-server-mock
image: ghcr.io/soluto/oidc-server-mock:latest
ports:
- '4011:80'
environment:
ASPNETCORE_ENVIRONMENT: Development
SERVER_OPTIONS_INLINE: |
{
"AccessTokenJwtType": "JWT",
"Discovery": {
"ShowKeySet": true
},
"Authentication": {
"CookieSameSiteMode": "Lax",
"CheckSessionCookieSameSiteMode": "Lax"
}
}
LOGIN_OPTIONS_INLINE: |
{
"AllowRememberLogin": false
}
LOGOUT_OPTIONS_INLINE: |
{
"AutomaticRedirectAfterSignOut": true
}
API_SCOPES_INLINE: |
- Name: some-app-scope-1
- Name: some-app-scope-2
API_RESOURCES_INLINE: |
- Name: some-app
Scopes:
- some-app-scope-1
- some-app-scope-2
USERS_CONFIGURATION_INLINE: |
[
{
"SubjectId":"1",
"Username":"User1",
"Password":"pwd",
"Claims": [
{
"Type": "name",
"Value": "Sam Tailor",
"ValueType": "string"
},
{
"Type": "email",
"Value": "sam.tailor@gmail.com",
"ValueType": "string"
},
{
"Type": "some-api-resource-claim",
"Value": "Sam's Api Resource Custom Claim",
"ValueType": "string"
},
{
"Type": "some-api-scope-claim",
"Value": "Sam's Api Scope Custom Claim",
"ValueType": "string"
},
{
"Type": "some-identity-resource-claim",
"Value": "Sam's Identity Resource Custom Claim",
"ValueType": "string"
}
]
}
]
CLIENTS_CONFIGURATION_PATH: /tmp/config/clients-config.json
ASPNET_SERVICES_OPTIONS_INLINE: |
{
"ForwardedHeadersOptions": {
"ForwardedHeaders" : "All"
}
}
volumes:
- .:/tmp/config:ro

8
warpgate-admin/src/api/recordings_detail.rs
View file

@ -69,8 +69,8 @@ pub async fn api_get_recording_cast(
.map_err(InternalServerError)?;
let Some(recording) = recording else {
return Err(NotFoundError.into())
};
return Err(NotFoundError.into());
};
if recording.kind != RecordingKind::Terminal {
return Err(NotFoundError.into());
@ -128,8 +128,8 @@ pub async fn api_get_recording_tcpdump(
.map_err(poem::error::InternalServerError)?;
let Some(recording) = recording else {
return Err(NotFoundError.into())
};
return Err(NotFoundError.into());
};
if recording.kind != RecordingKind::Traffic {
return Err(NotFoundError.into());

43
warpgate-admin/src/api/targets.rs
View file

@ -139,9 +139,10 @@ impl DetailApi {
let Some(target) = Target::Entity::find_by_id(id.0)
.one(&*db)
.await
.map_err(poem::error::InternalServerError)? else {
return Ok(GetTargetResponse::NotFound);
};
.map_err(poem::error::InternalServerError)?
else {
return Ok(GetTargetResponse::NotFound);
};
Ok(GetTargetResponse::Ok(Json(
target
@ -162,7 +163,8 @@ impl DetailApi {
let Some(target) = Target::Entity::find_by_id(id.0)
.one(&*db)
.await
.map_err(poem::error::InternalServerError)? else {
.map_err(poem::error::InternalServerError)?
else {
return Ok(UpdateTargetResponse::NotFound);
};
@ -199,9 +201,10 @@ impl DetailApi {
let Some(target) = Target::Entity::find_by_id(id.0)
.one(&*db)
.await
.map_err(poem::error::InternalServerError)? else {
return Ok(DeleteTargetResponse::NotFound);
};
.map_err(poem::error::InternalServerError)?
else {
return Ok(DeleteTargetResponse::NotFound);
};
if target.kind == TargetKind::WebAdmin {
return Ok(DeleteTargetResponse::Forbidden);
@ -268,8 +271,9 @@ impl RolesApi {
.all(&*db)
.await
.map(|x| x.into_iter().next())
.map_err(WarpgateError::from)? else {
return Ok(GetTargetRolesResponse::NotFound)
.map_err(WarpgateError::from)?
else {
return Ok(GetTargetRolesResponse::NotFound);
};
Ok(GetTargetRolesResponse::Ok(Json(
@ -328,16 +332,18 @@ impl RolesApi {
let Some(target) = Target::Entity::find_by_id(id.0)
.one(&*db)
.await
.map_err(poem::error::InternalServerError)? else {
return Ok(DeleteTargetRoleResponse::NotFound);
};
.map_err(poem::error::InternalServerError)?
else {
return Ok(DeleteTargetRoleResponse::NotFound);
};
let Some(role) = Role::Entity::find_by_id(role_id.0)
.one(&*db)
.await
.map_err(poem::error::InternalServerError)? else {
return Ok(DeleteTargetRoleResponse::NotFound);
};
.map_err(poem::error::InternalServerError)?
else {
return Ok(DeleteTargetRoleResponse::NotFound);
};
if role.name == BUILTIN_ADMIN_ROLE_NAME && target.kind == TargetKind::WebAdmin {
return Ok(DeleteTargetRoleResponse::Forbidden);
@ -348,9 +354,10 @@ impl RolesApi {
.filter(TargetRoleAssignment::Column::RoleId.eq(role_id.0))
.one(&*db)
.await
.map_err(WarpgateError::from)? else {
return Ok(DeleteTargetRoleResponse::NotFound);
};
.map_err(WarpgateError::from)?
else {
return Ok(DeleteTargetRoleResponse::NotFound);
};
model.delete(&*db).await.map_err(WarpgateError::from)?;

43
warpgate-admin/src/api/users.rs
View file

@ -134,9 +134,10 @@ impl DetailApi {
let Some(user) = User::Entity::find_by_id(id.0)
.one(&*db)
.await
.map_err(poem::error::InternalServerError)? else {
return Ok(GetUserResponse::NotFound);
};
.map_err(poem::error::InternalServerError)?
else {
return Ok(GetUserResponse::NotFound);
};
Ok(GetUserResponse::Ok(Json(
user.try_into().map_err(poem::error::InternalServerError)?,
@ -155,7 +156,8 @@ impl DetailApi {
let Some(user) = User::Entity::find_by_id(id.0)
.one(&*db)
.await
.map_err(poem::error::InternalServerError)? else {
.map_err(poem::error::InternalServerError)?
else {
return Ok(UpdateUserResponse::NotFound);
};
@ -196,9 +198,10 @@ impl DetailApi {
let Some(user) = User::Entity::find_by_id(id.0)
.one(&*db)
.await
.map_err(poem::error::InternalServerError)? else {
return Ok(DeleteUserResponse::NotFound);
};
.map_err(poem::error::InternalServerError)?
else {
return Ok(DeleteUserResponse::NotFound);
};
UserRoleAssignment::Entity::delete_many()
.filter(UserRoleAssignment::Column::UserId.eq(user.id))
@ -270,8 +273,9 @@ impl RolesApi {
.all(&*db)
.await
.map(|x| x.into_iter().next())
.map_err(WarpgateError::from)? else {
return Ok(GetUserRolesResponse::NotFound)
.map_err(WarpgateError::from)?
else {
return Ok(GetUserRolesResponse::NotFound);
};
Ok(GetUserRolesResponse::Ok(Json(
@ -330,25 +334,28 @@ impl RolesApi {
let Some(_user) = User::Entity::find_by_id(id.0)
.one(&*db)
.await
.map_err(poem::error::InternalServerError)? else {
return Ok(DeleteUserRoleResponse::NotFound);
};
.map_err(poem::error::InternalServerError)?
else {
return Ok(DeleteUserRoleResponse::NotFound);
};
let Some(_role) = Role::Entity::find_by_id(role_id.0)
.one(&*db)
.await
.map_err(poem::error::InternalServerError)? else {
return Ok(DeleteUserRoleResponse::NotFound);
};
.map_err(poem::error::InternalServerError)?
else {
return Ok(DeleteUserRoleResponse::NotFound);
};
let Some(model) = UserRoleAssignment::Entity::find()
.filter(UserRoleAssignment::Column::UserId.eq(id.0))
.filter(UserRoleAssignment::Column::RoleId.eq(role_id.0))
.one(&*db)
.await
.map_err(WarpgateError::from)? else {
return Ok(DeleteUserRoleResponse::NotFound);
};
.map_err(WarpgateError::from)?
else {
return Ok(DeleteUserRoleResponse::NotFound);
};
model.delete(&*db).await.map_err(WarpgateError::from)?;

4
warpgate-core/src/auth_state_store.rs
View file

@ -62,7 +62,7 @@ impl AuthStateStore {
.get_credential_policy(username, supported_credential_types)
.await?;
let Some(policy) = policy else {
return Err(WarpgateError::UserNotFound)
return Err(WarpgateError::UserNotFound);
};
let state = AuthState::new(
@ -93,7 +93,7 @@ impl AuthStateStore {
pub async fn complete(&mut self, id: &Uuid) {
let Some((state, _)) = self.store.get(id) else {
return
return;
};
if let Some(sig) = self.completion_signals.remove(id) {
let _ = sig.sender.send(state.lock().await.verify());

12
warpgate-core/src/config_providers/db.rs
View file

@ -135,7 +135,11 @@ impl ConfigProvider for DatabaseConfigProvider {
&mut self,
client_credential: &AuthCredential,
) -> Result<Option<String>, WarpgateError> {
let AuthCredential::Sso { provider: client_provider, email : client_email} = client_credential else {
let AuthCredential::Sso {
provider: client_provider,
email: client_email,
} = client_credential
else {
return Ok(None);
};
@ -171,9 +175,9 @@ impl ConfigProvider for DatabaseConfigProvider {
.await?;
let Some(user_model) = user_model else {
error!("Selected user not found: {}", username);
return Ok(false);
};
error!("Selected user not found: {}", username);
return Ok(false);
};
let user: UserConfig = user_model.try_into()?;

6
warpgate-core/src/config_providers/file.rs
View file

@ -132,7 +132,11 @@ impl ConfigProvider for FileConfigProvider {
&mut self,
client_credential: &AuthCredential,
) -> Result<Option<String>, WarpgateError> {
let AuthCredential::Sso { provider: client_provider, email : client_email} = client_credential else {
let AuthCredential::Sso {
provider: client_provider,
email: client_email,
} = client_credential
else {
return Ok(None);
};

4
warpgate-core/src/logging/layer.rs
View file

@ -32,9 +32,7 @@ where
id: &tracing_core::span::Id,
ctx: Context<'_, S>,
) {
let Some(span) = ctx.span(id) else {
return
};
let Some(span) = ctx.span(id) else { return };
if !span.metadata().target().starts_with("warpgate") {
return;
}

8
warpgate-core/src/logging/socket.rs
View file

@ -42,16 +42,14 @@ where
tokio::spawn(async move {
while let Some(values) = rx.recv().await {
let Some(ref socket) = socket else {
return
};
let Some(ref socket) = socket else { return };
let Some(ref socket_address) = socket_address else {
return
return;
};
let Ok(serialized) = serde_json::to_vec(&values) else {
eprintln!("Failed to serialize log entry {values:?}");
continue
continue;
};
let buffer = BytesMut::from(&serialized[..]);

10
warpgate-protocol-http/src/api/auth.rs
View file

@ -179,7 +179,7 @@ impl Api {
let Some(state_arc) = state_id.and_then(|id| auth_state_store.get(&id.0)) else {
return Ok(LoginResponse::Failure(Json(LoginFailureResponse {
state: ApiAuthState::NotStarted,
})))
})));
};
let mut state = state_arc.lock().await;
@ -226,7 +226,7 @@ impl Api {
services: Data<&Services>,
) -> poem::Result<AuthStateResponse> {
let Some(state_id) = session.get_auth_state_id() else {
return Ok(AuthStateResponse::NotFound)
return Ok(AuthStateResponse::NotFound);
};
let store = services.auth_state_store.lock().await;
let Some(state_arc) = store.get(&state_id.0) else {
@ -246,7 +246,7 @@ impl Api {
services: Data<&Services>,
) -> poem::Result<AuthStateResponse> {
let Some(state_id) = session.get_auth_state_id() else {
return Ok(AuthStateResponse::NotFound)
return Ok(AuthStateResponse::NotFound);
};
let mut store = services.auth_state_store.lock().await;
let Some(state_arc) = store.get(&state_id.0) else {
@ -289,7 +289,7 @@ impl Api {
auth: Option<Data<&SessionAuthorization>>,
id: Path<Uuid>,
) -> poem::Result<AuthStateResponse> {
let Some(state_arc) = get_auth_state(&id, &services, auth.map(|x|x.0)).await else {
let Some(state_arc) = get_auth_state(&id, &services, auth.map(|x| x.0)).await else {
return Ok(AuthStateResponse::NotFound);
};
@ -317,7 +317,7 @@ impl Api {
auth: Option<Data<&SessionAuthorization>>,
id: Path<Uuid>,
) -> poem::Result<AuthStateResponse> {
let Some(state_arc) = get_auth_state(&id, &services, auth.map(|x|x.0)).await else {
let Some(state_arc) = get_auth_state(&id, &services, auth.map(|x| x.0)).await else {
return Ok(AuthStateResponse::NotFound);
};
state_arc.lock().await.reject();

3
warpgate-protocol-http/src/api/sso_provider_detail.rs
View file

@ -55,7 +55,8 @@ impl Api {
let mut return_url = config.construct_external_url(Some(req))?;
return_url.set_path("@warpgate/api/sso/return");
let Some(provider_config) = config.store.sso_providers.iter().find(|p| p.name == *name) else {
let Some(provider_config) = config.store.sso_providers.iter().find(|p| p.name == *name)
else {
return Ok(StartSsoResponse::NotFound);
};

4
warpgate-protocol-http/src/api/sso_provider_list.rs
View file

@ -152,7 +152,9 @@ impl Api {
};
let Some(ref code) = *code else {
return Ok(Err("No authorization code in the return URL request".to_string()));
return Ok(Err(
"No authorization code in the return URL request".to_string()
));
};
let response = context

2
warpgate-protocol-http/src/common.rs
View file

@ -95,7 +95,7 @@ async fn is_user_admin(req: &Request, auth: &SessionAuthorization) -> poem::Resu
let services: Data<&Services> = <_>::from_request_without_body(req).await?;
let SessionAuthorization::User(username) = auth else {
return Ok(false)
return Ok(false);
};
let mut config_provider = services.config_provider.lock().await;

2
warpgate-protocol-http/src/logging.rs
View file

@ -35,7 +35,7 @@ pub fn log_request_result(method: &Method, url: &Uri, client_ip: String, status:
}
pub async fn get_client_ip(req: &Request) -> poem::Result<String> {
let services: Option<Data<&Services>> = <_>::from_request_without_body(&req).await.ok();
let services: Option<Data<&Services>> = <_>::from_request_without_body(req).await.ok();
let trust_x_forwarded_headers = if let Some(services) = services {
let config = services.config.lock().await;
config.store.http.trust_x_forwarded_headers

2
warpgate-protocol-http/src/session.rs
View file

@ -128,7 +128,7 @@ impl SessionStore {
session.set(SESSION_ID_SESSION_KEY, id);
let Some(this) = self.this.upgrade() else {
return Err(anyhow::anyhow!("Invalid session state").into())
return Err(anyhow::anyhow!("Invalid session state").into());
};
tokio::spawn({
let session_storage = (*session_storage).clone();

4
warpgate-protocol-mysql/src/client.rs
View file

@ -67,7 +67,7 @@ impl MySqlClient {
}
let Some(payload) = stream.recv().await? else {
return Err(MySqlError::Eof)
return Err(MySqlError::Eof);
};
let handshake = Handshake::decode(payload)?;
@ -147,7 +147,7 @@ impl MySqlClient {
stream.flush().await?;
let Some(response) = stream.recv().await? else {
return Err(MySqlError::Eof)
return Err(MySqlError::Eof);
};
if response.first() == Some(&0) || response.first() == Some(&0xfe) {
debug!("Authorized");

4
warpgate-protocol-mysql/src/lib.rs
View file

@ -113,7 +113,9 @@ impl ProtocolServer for MySQLProtocolServer {
async fn test_target(&self, target: Target) -> Result<(), TargetTestError> {
let TargetOptions::MySql(options) = target.options else {
return Err(TargetTestError::Misconfigured("Not a MySQL target".to_owned()));
return Err(TargetTestError::Misconfigured(
"Not a MySQL target".to_owned(),
));
};
MySqlClient::connect(&options, ConnectionOptions::default())
.await

2
warpgate-protocol-mysql/src/session.rs
View file

@ -422,7 +422,7 @@ impl MySqlSession {
client: &mut MySqlClient,
) -> Result<(), MySqlError> {
loop {
let Some(response) = client.stream.recv().await? else{
let Some(response) = client.stream.recv().await? else {
return Err(MySqlError::Eof);
};
trace!(?response, "client got packet");

4
warpgate-protocol-ssh/src/server/session.rs
View file

@ -1324,7 +1324,9 @@ impl ServerSession {
}
} else if kinds.contains(&CredentialKind::WebUserApproval) {
let Some(auth_state) = self.auth_state.as_ref() else {
return russh::server::Auth::Reject { proceed_with_methods: None};
return russh::server::Auth::Reject {
proceed_with_methods: None,
};
};
let identification_string =
auth_state.lock().await.identification_string().to_owned();

6
warpgate-sso/src/sso.rs
View file

@ -31,9 +31,9 @@ pub async fn make_client(config: &SsoInternalProviderConfig) -> Result<CoreClien
.set_auth_type(config.auth_type());
if let Some(trusted_audiences) = config.additional_trusted_audiences() {
client.id_token_verifier().set_other_audience_verifier_fn(|aud| {
trusted_audiences.contains(aud.deref())
});
client
.id_token_verifier()
.set_other_audience_verifier_fn(|aud| trusted_audiences.contains(aud.deref()));
}
Ok(client)

3
warpgate/src/commands/test_target.rs
View file

@ -17,7 +17,8 @@ pub(crate) async fn command(cli: &crate::Cli, target_name: &String) -> Result<()
.await?
.iter()
.find(|x| &x.name == target_name)
.map(Target::clone) else {
.map(Target::clone)
else {
error!("Target not found: {}", target_name);
return Ok(());
};