forked from
pds.dad/at-advent
this repo has no description
oauth for prod
+93
-45
+3
-1
.env.template
+3
-1
.env.template
···
4
4
DATABASE_URL="postgresql://${DB_USER}:${DB_PASSWORD}@localhost:5432/${DB_NAME}"
5
5
DOCKER_DB_URL="postgresql://${DB_USER}:${DB_PASSWORD}@host.docker.internal:5432/${DB_NAME}"
6
6
REDIS_URL=redis://127.0.0.1:6379/
7
-
PROD=true
7
+
PROD=true
8
+
# Set's the hostname for oauth
9
+
#OAUTH_HOST=advent.codes
+8
-8
Cargo.lock
+8
-8
Cargo.lock
···
135
135
136
136
[[package]]
137
137
name = "atrium-api"
138
-
version = "0.25.4"
138
+
version = "0.25.7"
139
139
source = "registry+https://github.com/rust-lang/crates.io-index"
140
-
checksum = "46355d3245edc7b3160b2a45fe55d09a6963ebd3eee0252feb6b72fb0eb71463"
140
+
checksum = "1f182d9437cd447ed87eca75540151653e332d6753a2a4749d72c0f15aa1f179"
141
141
dependencies = [
142
142
"atrium-common",
143
143
"atrium-xrpc",
···
156
156
157
157
[[package]]
158
158
name = "atrium-common"
159
-
version = "0.1.2"
159
+
version = "0.1.3"
160
160
source = "registry+https://github.com/rust-lang/crates.io-index"
161
-
checksum = "9ed5610654043faa396a5a15afac0ac646d76aebe45aebd7cef4f8b96b0ab7f4"
161
+
checksum = "eff94b4ce3e9ba11d8bda83674e75ccaca281d5251ec3816d03e6bb23583ff4f"
162
162
dependencies = [
163
163
"dashmap",
164
164
"lru",
···
171
171
172
172
[[package]]
173
173
name = "atrium-identity"
174
-
version = "0.1.5"
174
+
version = "0.1.8"
175
175
source = "registry+https://github.com/rust-lang/crates.io-index"
176
-
checksum = "c9e2d42bb4dbea038f4f5f45e3af2a89d61a9894a75f06aa550b74a60d2be380"
176
+
checksum = "3e7cfd14c15bda5087b340a4a8825a7315bbf06a4f879a02186f10481e8a22a6"
177
177
dependencies = [
178
178
"atrium-api",
179
179
"atrium-common",
···
187
187
188
188
[[package]]
189
189
name = "atrium-oauth"
190
-
version = "0.1.3"
190
+
version = "0.1.6"
191
191
source = "registry+https://github.com/rust-lang/crates.io-index"
192
-
checksum = "ca22dc4eaf77fd9bf050b21192ac58cd654a437d28e000ec114ebd93a51d36f5"
192
+
checksum = "d0189ceacad86c3f19e79a548e75897d95d33286857d9f692d83cf9b094cf83d"
193
193
dependencies = [
194
194
"atrium-api",
195
195
"atrium-common",
+4
-4
Cargo.toml
+4
-4
Cargo.toml
···
5
5
6
6
[workspace.dependencies]
7
7
axum = "0.8.4"
8
-
atrium-common = "0.1.2"
9
-
atrium-api = "0.25.4"
10
-
atrium-identity = "0.1.5"
11
-
atrium-oauth = "0.1.3"
8
+
atrium-common = "0.1.3"
9
+
atrium-api = "0.25.7"
10
+
atrium-identity = "0.1.8"
11
+
atrium-oauth = "0.1.6"
12
12
chrono = { version = "0.4", features = ["serde", "now"] }
13
13
hickory-resolver = "0.24.1"
14
14
dotenv = "0.15.0"
+7
web/src/handlers/oauth_metadata.rs
+7
web/src/handlers/oauth_metadata.rs
+70
-32
web/src/main.rs
+70
-32
web/src/main.rs
···
10
10
handle::{AtprotoHandleResolver, AtprotoHandleResolverConfig},
11
11
};
12
12
use atrium_oauth::{
13
-
AtprotoLocalhostClientMetadata, DefaultHttpClient, KnownScope, OAuthClient, OAuthClientConfig,
14
-
OAuthResolverConfig, Scope,
13
+
AtprotoClientMetadata, AtprotoLocalhostClientMetadata, AuthMethod, DefaultHttpClient,
14
+
GrantType, KnownScope, OAuthClient, OAuthClientConfig, OAuthResolverConfig, Scope,
15
15
};
16
16
use axum::{
17
17
Router,
···
69
69
handle_resolver: HandleResolver,
70
70
}
71
71
72
-
fn oauth_scopes() -> Vec<Scope> {
72
+
pub fn oauth_scopes() -> Vec<Scope> {
73
73
vec![
74
74
Scope::Known(KnownScope::Atproto),
75
75
// Scope::Known(KnownScope::TransitionGeneric),
···
90
90
))
91
91
}
92
92
93
+
fn build_oauth_client(
94
+
host: &str,
95
+
port: u16,
96
+
redis_pool: bb8::Pool<RedisConnectionManager>,
97
+
) -> OAuthClientType {
98
+
let http_client = Arc::new(DefaultHttpClient::default());
99
+
let state_store = AtriumStateStore::new(redis_pool.clone());
100
+
let session_store = AtriumSessionStore::new(redis_pool);
101
+
let resolver = OAuthResolverConfig {
102
+
did_resolver: CommonDidResolver::new(CommonDidResolverConfig {
103
+
plc_directory_url: DEFAULT_PLC_DIRECTORY_URL.to_string(),
104
+
http_client: http_client.clone(),
105
+
}),
106
+
handle_resolver: AtprotoHandleResolver::new(AtprotoHandleResolverConfig {
107
+
dns_txt_resolver: HickoryDnsTxtResolver::default(),
108
+
http_client: http_client.clone(),
109
+
}),
110
+
authorization_server_metadata: Default::default(),
111
+
protected_resource_metadata: Default::default(),
112
+
};
113
+
114
+
if let Ok(oauth_host) = env::var("OAUTH_HOST") {
115
+
println!("https://{oauth_host}/oauth-client-metadata.json");
116
+
let config = OAuthClientConfig {
117
+
client_metadata: AtprotoClientMetadata {
118
+
client_id: format!("https://{oauth_host}/oauth-client-metadata.json"),
119
+
client_uri: Some(format!("https://{oauth_host}")),
120
+
redirect_uris: vec![format!("https://{oauth_host}/oauth/callback")],
121
+
token_endpoint_auth_method: AuthMethod::None,
122
+
grant_types: vec![GrantType::AuthorizationCode, GrantType::RefreshToken],
123
+
scopes: oauth_scopes(),
124
+
jwks_uri: None,
125
+
token_endpoint_auth_signing_alg: None,
126
+
},
127
+
keys: None,
128
+
resolver,
129
+
state_store,
130
+
session_store,
131
+
};
132
+
Arc::new(OAuthClient::new(config).expect("failed to create OAuth client"))
133
+
} else {
134
+
let config = OAuthClientConfig {
135
+
client_metadata: AtprotoLocalhostClientMetadata {
136
+
redirect_uris: Some(vec![format!("http://{host}:{port}/oauth/callback")]),
137
+
scopes: Some(oauth_scopes()),
138
+
},
139
+
keys: None,
140
+
resolver,
141
+
state_store,
142
+
session_store,
143
+
};
144
+
Arc::new(OAuthClient::new(config).expect("failed to create OAuth client"))
145
+
}
146
+
}
147
+
93
148
#[tokio::main]
94
149
async fn main() -> Result<(), Box<dyn std::error::Error>> {
95
150
dotenv().ok();
···
145
200
});
146
201
let handle_resolver = Arc::new(handle_resolver);
147
202
148
-
// Create a new OAuth client
149
-
let http_client = Arc::new(DefaultHttpClient::default());
150
-
let config = OAuthClientConfig {
151
-
client_metadata: AtprotoLocalhostClientMetadata {
152
-
redirect_uris: Some(vec![String::from(format!(
153
-
//This must match the endpoint you use the callback function
154
-
"http://{host}:{port}/oauth/callback"
155
-
))]),
156
-
scopes: Some(oauth_scopes()),
157
-
},
158
-
keys: None,
159
-
resolver: OAuthResolverConfig {
160
-
did_resolver: CommonDidResolver::new(CommonDidResolverConfig {
161
-
plc_directory_url: DEFAULT_PLC_DIRECTORY_URL.to_string(),
162
-
http_client: http_client.clone(),
163
-
}),
164
-
handle_resolver: AtprotoHandleResolver::new(AtprotoHandleResolverConfig {
165
-
dns_txt_resolver: HickoryDnsTxtResolver::default(),
166
-
http_client: http_client.clone(),
167
-
}),
168
-
authorization_server_metadata: Default::default(),
169
-
protected_resource_metadata: Default::default(),
170
-
},
171
-
state_store: AtriumStateStore::new(redis_pool.clone()),
172
-
session_store: AtriumSessionStore::new(redis_pool.clone()),
173
-
};
174
-
let client = Arc::new(OAuthClient::new(config).expect("failed to create OAuth client"));
203
+
let client = build_oauth_client(&host.to_string(), port, redis_pool.clone());
175
204
176
205
let session_store = redis_session_store::RedisSessionStore::new(redis_pool.clone());
177
206
let session_layer = SessionManagerLayer::new(session_store)
···
191
220
.unwrap_or_else(|_| true);
192
221
log::info!("listening on http://{}", addr);
193
222
194
-
let app = Router::new()
223
+
let mut app = Router::new()
195
224
.route("/", get(home_handler))
196
225
.route(
197
226
"/day/{id}",
···
216
245
"/oauth/callback",
217
246
get(handlers::auth::oauth_callback_handler),
218
247
)
219
-
.nest_service("/public", axum_embed::ServeEmbed::<Assets>::new())
248
+
.nest_service("/public", axum_embed::ServeEmbed::<Assets>::new());
249
+
250
+
if env::var("OAUTH_HOST").is_ok() {
251
+
app = app.route(
252
+
"/oauth-client-metadata.json",
253
+
get(handlers::oauth_metadata::oauth_client_metadata_handler),
254
+
);
255
+
}
256
+
257
+
let app = app
220
258
.layer(session_layer)
221
259
.with_state(app_state)
222
260
.layer(TraceLayer::new_for_http());