mirror of
https://github.com/warp-tech/warpgate.git
synced 2024-09-20 06:46:17 +08:00
cargo fmt
This commit is contained in:
parent
f3dc1ad668
commit
bcba6763ae
80
oidc-test/docker-compose.yml
Normal file
80
oidc-test/docker-compose.yml
Normal file
|
@ -0,0 +1,80 @@
|
|||
version: '3'
|
||||
services:
|
||||
oidc-server-mock:
|
||||
container_name: oidc-server-mock
|
||||
image: ghcr.io/soluto/oidc-server-mock:latest
|
||||
ports:
|
||||
- '4011:80'
|
||||
environment:
|
||||
ASPNETCORE_ENVIRONMENT: Development
|
||||
SERVER_OPTIONS_INLINE: |
|
||||
{
|
||||
"AccessTokenJwtType": "JWT",
|
||||
"Discovery": {
|
||||
"ShowKeySet": true
|
||||
},
|
||||
"Authentication": {
|
||||
"CookieSameSiteMode": "Lax",
|
||||
"CheckSessionCookieSameSiteMode": "Lax"
|
||||
}
|
||||
}
|
||||
LOGIN_OPTIONS_INLINE: |
|
||||
{
|
||||
"AllowRememberLogin": false
|
||||
}
|
||||
LOGOUT_OPTIONS_INLINE: |
|
||||
{
|
||||
"AutomaticRedirectAfterSignOut": true
|
||||
}
|
||||
API_SCOPES_INLINE: |
|
||||
- Name: some-app-scope-1
|
||||
- Name: some-app-scope-2
|
||||
API_RESOURCES_INLINE: |
|
||||
- Name: some-app
|
||||
Scopes:
|
||||
- some-app-scope-1
|
||||
- some-app-scope-2
|
||||
USERS_CONFIGURATION_INLINE: |
|
||||
[
|
||||
{
|
||||
"SubjectId":"1",
|
||||
"Username":"User1",
|
||||
"Password":"pwd",
|
||||
"Claims": [
|
||||
{
|
||||
"Type": "name",
|
||||
"Value": "Sam Tailor",
|
||||
"ValueType": "string"
|
||||
},
|
||||
{
|
||||
"Type": "email",
|
||||
"Value": "sam.tailor@gmail.com",
|
||||
"ValueType": "string"
|
||||
},
|
||||
{
|
||||
"Type": "some-api-resource-claim",
|
||||
"Value": "Sam's Api Resource Custom Claim",
|
||||
"ValueType": "string"
|
||||
},
|
||||
{
|
||||
"Type": "some-api-scope-claim",
|
||||
"Value": "Sam's Api Scope Custom Claim",
|
||||
"ValueType": "string"
|
||||
},
|
||||
{
|
||||
"Type": "some-identity-resource-claim",
|
||||
"Value": "Sam's Identity Resource Custom Claim",
|
||||
"ValueType": "string"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
CLIENTS_CONFIGURATION_PATH: /tmp/config/clients-config.json
|
||||
ASPNET_SERVICES_OPTIONS_INLINE: |
|
||||
{
|
||||
"ForwardedHeadersOptions": {
|
||||
"ForwardedHeaders" : "All"
|
||||
}
|
||||
}
|
||||
volumes:
|
||||
- .:/tmp/config:ro
|
|
@ -69,8 +69,8 @@ pub async fn api_get_recording_cast(
|
|||
.map_err(InternalServerError)?;
|
||||
|
||||
let Some(recording) = recording else {
|
||||
return Err(NotFoundError.into())
|
||||
};
|
||||
return Err(NotFoundError.into());
|
||||
};
|
||||
|
||||
if recording.kind != RecordingKind::Terminal {
|
||||
return Err(NotFoundError.into());
|
||||
|
@ -128,8 +128,8 @@ pub async fn api_get_recording_tcpdump(
|
|||
.map_err(poem::error::InternalServerError)?;
|
||||
|
||||
let Some(recording) = recording else {
|
||||
return Err(NotFoundError.into())
|
||||
};
|
||||
return Err(NotFoundError.into());
|
||||
};
|
||||
|
||||
if recording.kind != RecordingKind::Traffic {
|
||||
return Err(NotFoundError.into());
|
||||
|
|
|
@ -139,9 +139,10 @@ impl DetailApi {
|
|||
let Some(target) = Target::Entity::find_by_id(id.0)
|
||||
.one(&*db)
|
||||
.await
|
||||
.map_err(poem::error::InternalServerError)? else {
|
||||
return Ok(GetTargetResponse::NotFound);
|
||||
};
|
||||
.map_err(poem::error::InternalServerError)?
|
||||
else {
|
||||
return Ok(GetTargetResponse::NotFound);
|
||||
};
|
||||
|
||||
Ok(GetTargetResponse::Ok(Json(
|
||||
target
|
||||
|
@ -162,7 +163,8 @@ impl DetailApi {
|
|||
let Some(target) = Target::Entity::find_by_id(id.0)
|
||||
.one(&*db)
|
||||
.await
|
||||
.map_err(poem::error::InternalServerError)? else {
|
||||
.map_err(poem::error::InternalServerError)?
|
||||
else {
|
||||
return Ok(UpdateTargetResponse::NotFound);
|
||||
};
|
||||
|
||||
|
@ -199,9 +201,10 @@ impl DetailApi {
|
|||
let Some(target) = Target::Entity::find_by_id(id.0)
|
||||
.one(&*db)
|
||||
.await
|
||||
.map_err(poem::error::InternalServerError)? else {
|
||||
return Ok(DeleteTargetResponse::NotFound);
|
||||
};
|
||||
.map_err(poem::error::InternalServerError)?
|
||||
else {
|
||||
return Ok(DeleteTargetResponse::NotFound);
|
||||
};
|
||||
|
||||
if target.kind == TargetKind::WebAdmin {
|
||||
return Ok(DeleteTargetResponse::Forbidden);
|
||||
|
@ -268,8 +271,9 @@ impl RolesApi {
|
|||
.all(&*db)
|
||||
.await
|
||||
.map(|x| x.into_iter().next())
|
||||
.map_err(WarpgateError::from)? else {
|
||||
return Ok(GetTargetRolesResponse::NotFound)
|
||||
.map_err(WarpgateError::from)?
|
||||
else {
|
||||
return Ok(GetTargetRolesResponse::NotFound);
|
||||
};
|
||||
|
||||
Ok(GetTargetRolesResponse::Ok(Json(
|
||||
|
@ -328,16 +332,18 @@ impl RolesApi {
|
|||
let Some(target) = Target::Entity::find_by_id(id.0)
|
||||
.one(&*db)
|
||||
.await
|
||||
.map_err(poem::error::InternalServerError)? else {
|
||||
return Ok(DeleteTargetRoleResponse::NotFound);
|
||||
};
|
||||
.map_err(poem::error::InternalServerError)?
|
||||
else {
|
||||
return Ok(DeleteTargetRoleResponse::NotFound);
|
||||
};
|
||||
|
||||
let Some(role) = Role::Entity::find_by_id(role_id.0)
|
||||
.one(&*db)
|
||||
.await
|
||||
.map_err(poem::error::InternalServerError)? else {
|
||||
return Ok(DeleteTargetRoleResponse::NotFound);
|
||||
};
|
||||
.map_err(poem::error::InternalServerError)?
|
||||
else {
|
||||
return Ok(DeleteTargetRoleResponse::NotFound);
|
||||
};
|
||||
|
||||
if role.name == BUILTIN_ADMIN_ROLE_NAME && target.kind == TargetKind::WebAdmin {
|
||||
return Ok(DeleteTargetRoleResponse::Forbidden);
|
||||
|
@ -348,9 +354,10 @@ impl RolesApi {
|
|||
.filter(TargetRoleAssignment::Column::RoleId.eq(role_id.0))
|
||||
.one(&*db)
|
||||
.await
|
||||
.map_err(WarpgateError::from)? else {
|
||||
return Ok(DeleteTargetRoleResponse::NotFound);
|
||||
};
|
||||
.map_err(WarpgateError::from)?
|
||||
else {
|
||||
return Ok(DeleteTargetRoleResponse::NotFound);
|
||||
};
|
||||
|
||||
model.delete(&*db).await.map_err(WarpgateError::from)?;
|
||||
|
||||
|
|
|
@ -134,9 +134,10 @@ impl DetailApi {
|
|||
let Some(user) = User::Entity::find_by_id(id.0)
|
||||
.one(&*db)
|
||||
.await
|
||||
.map_err(poem::error::InternalServerError)? else {
|
||||
return Ok(GetUserResponse::NotFound);
|
||||
};
|
||||
.map_err(poem::error::InternalServerError)?
|
||||
else {
|
||||
return Ok(GetUserResponse::NotFound);
|
||||
};
|
||||
|
||||
Ok(GetUserResponse::Ok(Json(
|
||||
user.try_into().map_err(poem::error::InternalServerError)?,
|
||||
|
@ -155,7 +156,8 @@ impl DetailApi {
|
|||
let Some(user) = User::Entity::find_by_id(id.0)
|
||||
.one(&*db)
|
||||
.await
|
||||
.map_err(poem::error::InternalServerError)? else {
|
||||
.map_err(poem::error::InternalServerError)?
|
||||
else {
|
||||
return Ok(UpdateUserResponse::NotFound);
|
||||
};
|
||||
|
||||
|
@ -196,9 +198,10 @@ impl DetailApi {
|
|||
let Some(user) = User::Entity::find_by_id(id.0)
|
||||
.one(&*db)
|
||||
.await
|
||||
.map_err(poem::error::InternalServerError)? else {
|
||||
return Ok(DeleteUserResponse::NotFound);
|
||||
};
|
||||
.map_err(poem::error::InternalServerError)?
|
||||
else {
|
||||
return Ok(DeleteUserResponse::NotFound);
|
||||
};
|
||||
|
||||
UserRoleAssignment::Entity::delete_many()
|
||||
.filter(UserRoleAssignment::Column::UserId.eq(user.id))
|
||||
|
@ -270,8 +273,9 @@ impl RolesApi {
|
|||
.all(&*db)
|
||||
.await
|
||||
.map(|x| x.into_iter().next())
|
||||
.map_err(WarpgateError::from)? else {
|
||||
return Ok(GetUserRolesResponse::NotFound)
|
||||
.map_err(WarpgateError::from)?
|
||||
else {
|
||||
return Ok(GetUserRolesResponse::NotFound);
|
||||
};
|
||||
|
||||
Ok(GetUserRolesResponse::Ok(Json(
|
||||
|
@ -330,25 +334,28 @@ impl RolesApi {
|
|||
let Some(_user) = User::Entity::find_by_id(id.0)
|
||||
.one(&*db)
|
||||
.await
|
||||
.map_err(poem::error::InternalServerError)? else {
|
||||
return Ok(DeleteUserRoleResponse::NotFound);
|
||||
};
|
||||
.map_err(poem::error::InternalServerError)?
|
||||
else {
|
||||
return Ok(DeleteUserRoleResponse::NotFound);
|
||||
};
|
||||
|
||||
let Some(_role) = Role::Entity::find_by_id(role_id.0)
|
||||
.one(&*db)
|
||||
.await
|
||||
.map_err(poem::error::InternalServerError)? else {
|
||||
return Ok(DeleteUserRoleResponse::NotFound);
|
||||
};
|
||||
.map_err(poem::error::InternalServerError)?
|
||||
else {
|
||||
return Ok(DeleteUserRoleResponse::NotFound);
|
||||
};
|
||||
|
||||
let Some(model) = UserRoleAssignment::Entity::find()
|
||||
.filter(UserRoleAssignment::Column::UserId.eq(id.0))
|
||||
.filter(UserRoleAssignment::Column::RoleId.eq(role_id.0))
|
||||
.one(&*db)
|
||||
.await
|
||||
.map_err(WarpgateError::from)? else {
|
||||
return Ok(DeleteUserRoleResponse::NotFound);
|
||||
};
|
||||
.map_err(WarpgateError::from)?
|
||||
else {
|
||||
return Ok(DeleteUserRoleResponse::NotFound);
|
||||
};
|
||||
|
||||
model.delete(&*db).await.map_err(WarpgateError::from)?;
|
||||
|
||||
|
|
|
@ -62,7 +62,7 @@ impl AuthStateStore {
|
|||
.get_credential_policy(username, supported_credential_types)
|
||||
.await?;
|
||||
let Some(policy) = policy else {
|
||||
return Err(WarpgateError::UserNotFound)
|
||||
return Err(WarpgateError::UserNotFound);
|
||||
};
|
||||
|
||||
let state = AuthState::new(
|
||||
|
@ -93,7 +93,7 @@ impl AuthStateStore {
|
|||
|
||||
pub async fn complete(&mut self, id: &Uuid) {
|
||||
let Some((state, _)) = self.store.get(id) else {
|
||||
return
|
||||
return;
|
||||
};
|
||||
if let Some(sig) = self.completion_signals.remove(id) {
|
||||
let _ = sig.sender.send(state.lock().await.verify());
|
||||
|
|
|
@ -135,7 +135,11 @@ impl ConfigProvider for DatabaseConfigProvider {
|
|||
&mut self,
|
||||
client_credential: &AuthCredential,
|
||||
) -> Result<Option<String>, WarpgateError> {
|
||||
let AuthCredential::Sso { provider: client_provider, email : client_email} = client_credential else {
|
||||
let AuthCredential::Sso {
|
||||
provider: client_provider,
|
||||
email: client_email,
|
||||
} = client_credential
|
||||
else {
|
||||
return Ok(None);
|
||||
};
|
||||
|
||||
|
@ -171,9 +175,9 @@ impl ConfigProvider for DatabaseConfigProvider {
|
|||
.await?;
|
||||
|
||||
let Some(user_model) = user_model else {
|
||||
error!("Selected user not found: {}", username);
|
||||
return Ok(false);
|
||||
};
|
||||
error!("Selected user not found: {}", username);
|
||||
return Ok(false);
|
||||
};
|
||||
|
||||
let user: UserConfig = user_model.try_into()?;
|
||||
|
||||
|
|
|
@ -132,7 +132,11 @@ impl ConfigProvider for FileConfigProvider {
|
|||
&mut self,
|
||||
client_credential: &AuthCredential,
|
||||
) -> Result<Option<String>, WarpgateError> {
|
||||
let AuthCredential::Sso { provider: client_provider, email : client_email} = client_credential else {
|
||||
let AuthCredential::Sso {
|
||||
provider: client_provider,
|
||||
email: client_email,
|
||||
} = client_credential
|
||||
else {
|
||||
return Ok(None);
|
||||
};
|
||||
|
||||
|
|
|
@ -32,9 +32,7 @@ where
|
|||
id: &tracing_core::span::Id,
|
||||
ctx: Context<'_, S>,
|
||||
) {
|
||||
let Some(span) = ctx.span(id) else {
|
||||
return
|
||||
};
|
||||
let Some(span) = ctx.span(id) else { return };
|
||||
if !span.metadata().target().starts_with("warpgate") {
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -42,16 +42,14 @@ where
|
|||
|
||||
tokio::spawn(async move {
|
||||
while let Some(values) = rx.recv().await {
|
||||
let Some(ref socket) = socket else {
|
||||
return
|
||||
};
|
||||
let Some(ref socket) = socket else { return };
|
||||
let Some(ref socket_address) = socket_address else {
|
||||
return
|
||||
return;
|
||||
};
|
||||
|
||||
let Ok(serialized) = serde_json::to_vec(&values) else {
|
||||
eprintln!("Failed to serialize log entry {values:?}");
|
||||
continue
|
||||
continue;
|
||||
};
|
||||
|
||||
let buffer = BytesMut::from(&serialized[..]);
|
||||
|
|
|
@ -179,7 +179,7 @@ impl Api {
|
|||
let Some(state_arc) = state_id.and_then(|id| auth_state_store.get(&id.0)) else {
|
||||
return Ok(LoginResponse::Failure(Json(LoginFailureResponse {
|
||||
state: ApiAuthState::NotStarted,
|
||||
})))
|
||||
})));
|
||||
};
|
||||
|
||||
let mut state = state_arc.lock().await;
|
||||
|
@ -226,7 +226,7 @@ impl Api {
|
|||
services: Data<&Services>,
|
||||
) -> poem::Result<AuthStateResponse> {
|
||||
let Some(state_id) = session.get_auth_state_id() else {
|
||||
return Ok(AuthStateResponse::NotFound)
|
||||
return Ok(AuthStateResponse::NotFound);
|
||||
};
|
||||
let store = services.auth_state_store.lock().await;
|
||||
let Some(state_arc) = store.get(&state_id.0) else {
|
||||
|
@ -246,7 +246,7 @@ impl Api {
|
|||
services: Data<&Services>,
|
||||
) -> poem::Result<AuthStateResponse> {
|
||||
let Some(state_id) = session.get_auth_state_id() else {
|
||||
return Ok(AuthStateResponse::NotFound)
|
||||
return Ok(AuthStateResponse::NotFound);
|
||||
};
|
||||
let mut store = services.auth_state_store.lock().await;
|
||||
let Some(state_arc) = store.get(&state_id.0) else {
|
||||
|
@ -289,7 +289,7 @@ impl Api {
|
|||
auth: Option<Data<&SessionAuthorization>>,
|
||||
id: Path<Uuid>,
|
||||
) -> poem::Result<AuthStateResponse> {
|
||||
let Some(state_arc) = get_auth_state(&id, &services, auth.map(|x|x.0)).await else {
|
||||
let Some(state_arc) = get_auth_state(&id, &services, auth.map(|x| x.0)).await else {
|
||||
return Ok(AuthStateResponse::NotFound);
|
||||
};
|
||||
|
||||
|
@ -317,7 +317,7 @@ impl Api {
|
|||
auth: Option<Data<&SessionAuthorization>>,
|
||||
id: Path<Uuid>,
|
||||
) -> poem::Result<AuthStateResponse> {
|
||||
let Some(state_arc) = get_auth_state(&id, &services, auth.map(|x|x.0)).await else {
|
||||
let Some(state_arc) = get_auth_state(&id, &services, auth.map(|x| x.0)).await else {
|
||||
return Ok(AuthStateResponse::NotFound);
|
||||
};
|
||||
state_arc.lock().await.reject();
|
||||
|
|
|
@ -55,7 +55,8 @@ impl Api {
|
|||
let mut return_url = config.construct_external_url(Some(req))?;
|
||||
return_url.set_path("@warpgate/api/sso/return");
|
||||
|
||||
let Some(provider_config) = config.store.sso_providers.iter().find(|p| p.name == *name) else {
|
||||
let Some(provider_config) = config.store.sso_providers.iter().find(|p| p.name == *name)
|
||||
else {
|
||||
return Ok(StartSsoResponse::NotFound);
|
||||
};
|
||||
|
||||
|
|
|
@ -152,7 +152,9 @@ impl Api {
|
|||
};
|
||||
|
||||
let Some(ref code) = *code else {
|
||||
return Ok(Err("No authorization code in the return URL request".to_string()));
|
||||
return Ok(Err(
|
||||
"No authorization code in the return URL request".to_string()
|
||||
));
|
||||
};
|
||||
|
||||
let response = context
|
||||
|
|
|
@ -95,7 +95,7 @@ async fn is_user_admin(req: &Request, auth: &SessionAuthorization) -> poem::Resu
|
|||
let services: Data<&Services> = <_>::from_request_without_body(req).await?;
|
||||
|
||||
let SessionAuthorization::User(username) = auth else {
|
||||
return Ok(false)
|
||||
return Ok(false);
|
||||
};
|
||||
|
||||
let mut config_provider = services.config_provider.lock().await;
|
||||
|
|
|
@ -35,7 +35,7 @@ pub fn log_request_result(method: &Method, url: &Uri, client_ip: String, status:
|
|||
}
|
||||
|
||||
pub async fn get_client_ip(req: &Request) -> poem::Result<String> {
|
||||
let services: Option<Data<&Services>> = <_>::from_request_without_body(&req).await.ok();
|
||||
let services: Option<Data<&Services>> = <_>::from_request_without_body(req).await.ok();
|
||||
let trust_x_forwarded_headers = if let Some(services) = services {
|
||||
let config = services.config.lock().await;
|
||||
config.store.http.trust_x_forwarded_headers
|
||||
|
|
|
@ -128,7 +128,7 @@ impl SessionStore {
|
|||
session.set(SESSION_ID_SESSION_KEY, id);
|
||||
|
||||
let Some(this) = self.this.upgrade() else {
|
||||
return Err(anyhow::anyhow!("Invalid session state").into())
|
||||
return Err(anyhow::anyhow!("Invalid session state").into());
|
||||
};
|
||||
tokio::spawn({
|
||||
let session_storage = (*session_storage).clone();
|
||||
|
|
|
@ -67,7 +67,7 @@ impl MySqlClient {
|
|||
}
|
||||
|
||||
let Some(payload) = stream.recv().await? else {
|
||||
return Err(MySqlError::Eof)
|
||||
return Err(MySqlError::Eof);
|
||||
};
|
||||
let handshake = Handshake::decode(payload)?;
|
||||
|
||||
|
@ -147,7 +147,7 @@ impl MySqlClient {
|
|||
stream.flush().await?;
|
||||
|
||||
let Some(response) = stream.recv().await? else {
|
||||
return Err(MySqlError::Eof)
|
||||
return Err(MySqlError::Eof);
|
||||
};
|
||||
if response.first() == Some(&0) || response.first() == Some(&0xfe) {
|
||||
debug!("Authorized");
|
||||
|
|
|
@ -113,7 +113,9 @@ impl ProtocolServer for MySQLProtocolServer {
|
|||
|
||||
async fn test_target(&self, target: Target) -> Result<(), TargetTestError> {
|
||||
let TargetOptions::MySql(options) = target.options else {
|
||||
return Err(TargetTestError::Misconfigured("Not a MySQL target".to_owned()));
|
||||
return Err(TargetTestError::Misconfigured(
|
||||
"Not a MySQL target".to_owned(),
|
||||
));
|
||||
};
|
||||
MySqlClient::connect(&options, ConnectionOptions::default())
|
||||
.await
|
||||
|
|
|
@ -422,7 +422,7 @@ impl MySqlSession {
|
|||
client: &mut MySqlClient,
|
||||
) -> Result<(), MySqlError> {
|
||||
loop {
|
||||
let Some(response) = client.stream.recv().await? else{
|
||||
let Some(response) = client.stream.recv().await? else {
|
||||
return Err(MySqlError::Eof);
|
||||
};
|
||||
trace!(?response, "client got packet");
|
||||
|
|
|
@ -1324,7 +1324,9 @@ impl ServerSession {
|
|||
}
|
||||
} else if kinds.contains(&CredentialKind::WebUserApproval) {
|
||||
let Some(auth_state) = self.auth_state.as_ref() else {
|
||||
return russh::server::Auth::Reject { proceed_with_methods: None};
|
||||
return russh::server::Auth::Reject {
|
||||
proceed_with_methods: None,
|
||||
};
|
||||
};
|
||||
let identification_string =
|
||||
auth_state.lock().await.identification_string().to_owned();
|
||||
|
|
|
@ -31,9 +31,9 @@ pub async fn make_client(config: &SsoInternalProviderConfig) -> Result<CoreClien
|
|||
.set_auth_type(config.auth_type());
|
||||
|
||||
if let Some(trusted_audiences) = config.additional_trusted_audiences() {
|
||||
client.id_token_verifier().set_other_audience_verifier_fn(|aud| {
|
||||
trusted_audiences.contains(aud.deref())
|
||||
});
|
||||
client
|
||||
.id_token_verifier()
|
||||
.set_other_audience_verifier_fn(|aud| trusted_audiences.contains(aud.deref()));
|
||||
}
|
||||
|
||||
Ok(client)
|
||||
|
|
|
@ -17,7 +17,8 @@ pub(crate) async fn command(cli: &crate::Cli, target_name: &String) -> Result<()
|
|||
.await?
|
||||
.iter()
|
||||
.find(|x| &x.name == target_name)
|
||||
.map(Target::clone) else {
|
||||
.map(Target::clone)
|
||||
else {
|
||||
error!("Target not found: {}", target_name);
|
||||
return Ok(());
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue