From 0b2a1c96f74c3dc18aea93bd59cceecc0f16a042 Mon Sep 17 00:00:00 2001 From: Bailey Townsend Date: Tue, 2 Sep 2025 09:44:30 -0500 Subject: [PATCH] WIP on feature/2faCodeGeneration --- .dockerignore | 4 ++++ Cargo.lock | 6 +++--- Dockerfile | 14 ++++++++++++++ justfile | 9 +++++++++ src/main.rs | 10 ++++++++-- src/oauth_provider.rs | 5 +---- 6 files changed, 39 insertions(+), 9 deletions(-) create mode 100644 .dockerignore create mode 100644 Dockerfile create mode 100644 justfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..f26119f --- /dev/null +++ b/.dockerignore @@ -0,0 +1,4 @@ +target +/target +**/.idea +.idea \ No newline at end of file diff --git a/Cargo.lock b/Cargo.lock index fe3f1ae..1f42577 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -584,7 +584,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad" dependencies = [ "libc", - "windows-sys 0.59.0", + "windows-sys 0.52.0", ] [[package]] @@ -2080,7 +2080,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys 0.59.0", + "windows-sys 0.52.0", ] [[package]] @@ -2652,7 +2652,7 @@ dependencies = [ "getrandom 0.3.3", "once_cell", "rustix", - "windows-sys 0.59.0", + "windows-sys 0.52.0", ] [[package]] diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..3140df1 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,14 @@ +FROM rust:1.89.0-bookworm AS builder +RUN apt-get update +RUN apt-get install -y pkg-config \ + libssl-dev +WORKDIR /app +COPY ../ /app +RUN cargo build --release +# +FROM rust:1.89-bookworm AS api +RUN apt-get update +RUN apt-get install -y libssl3 \ + ca-certificates +COPY --from=builder /app/target/release/pds_gatekeeper /usr/local/bin/pds_gatekeeper +CMD ["pds_gatekeeper"] \ No newline at end of file diff --git a/justfile b/justfile new file mode 100644 index 0000000..380266e --- /dev/null +++ b/justfile @@ -0,0 +1,9 @@ +release: + docker buildx build \ + --platform linux/arm64 \ + --tag fatfingers23/pds_gatekeeper:arm-latest \ + --push . +# docker buildx build \ +# --platform linux/amd64 \ +# --tag fatfingers23/pds_gatekeeper:latest \ +# --push . \ No newline at end of file diff --git a/src/main.rs b/src/main.rs index a95eef1..44700a5 100644 --- a/src/main.rs +++ b/src/main.rs @@ -88,8 +88,10 @@ ______________| | || / \ / \||/ \ / \ || | |______________ #[tokio::main] async fn main() -> Result<(), Box> { setup_tracing(); - //TODO may need to change where this reads from? Like an env variable for it's location? Or arg? - dotenvy::from_path(Path::new("./pds.env"))?; + let pds_env_location = + env::var("PDS_ENV_LOCATION").unwrap_or_else(|_| "/pds/pds.env".to_string()); + + dotenvy::from_path(Path::new(&pds_env_location))?; let pds_root = env::var("PDS_DATA_DIRECTORY")?; let account_db_url = format!("{pds_root}/account.sqlite"); @@ -129,6 +131,10 @@ async fn main() -> Result<(), Box> { env::var("PDS_EMAIL_SMTP_URL").expect("PDS_EMAIL_SMTP_URL is not set in your pds.env file"); let sent_from = env::var("PDS_EMAIL_FROM_ADDRESS") .expect("PDS_EMAIL_FROM_ADDRESS is not set in your pds.env file"); + + //TODO current bug running in docker + // https://github.com/lettre/lettre/issues/349#issuecomment-510155500 + let mailer: AsyncSmtpTransport = AsyncSmtpTransport::::from_url(smtp_url.as_str())?.build(); //Email templates setup diff --git a/src/oauth_provider.rs b/src/oauth_provider.rs index ae3caad..5a545bf 100644 --- a/src/oauth_provider.rs +++ b/src/oauth_provider.rs @@ -36,9 +36,6 @@ pub async fn sign_in( "Invalid identifier or password", ), AuthResult::TwoFactorRequired(masked_email) => { - // Email sending step can be handled here if needed in the future. - - // {"error":"second_authentication_factor_required","error_description":"emailOtp authentication factor required (hint: 2***0@p***m)","type":"emailOtp","hint":"2***0@p***m"} let body_str = match serde_json::to_string(&serde_json::json!({ "error": "second_authentication_factor_required", "error_description": format!("emailOtp authentication factor required (hint: {})", masked_email), @@ -97,7 +94,7 @@ pub async fn sign_in( }, Err(err) => { log::error!( - "Error during pre-auth check. This happens on the create_session endpoint when trying to decide if the user has access:\n {err}" + "Error during pre-auth check. This happens on the oauth signin endpoint when trying to decide if the user has access:\n {err}" ); oauth_json_error_response( StatusCode::BAD_REQUEST, -- 2.43.0 From cbaa2f82e0582c4c21908308db605e432b283de4 Mon Sep 17 00:00:00 2001 From: Bailey Townsend Date: Tue, 2 Sep 2025 21:46:40 -0500 Subject: [PATCH] docker and setup --- Cargo.lock | 334 ++++++++++++++++++++++++------------------- Cargo.toml | 6 +- Dockerfile | 8 +- README.md | 94 ++++++++++-- examples/Caddyfile | 29 ++++ examples/compose.yml | 51 +++++++ justfile | 11 +- src/main.rs | 3 - 8 files changed, 353 insertions(+), 183 deletions(-) create mode 100644 examples/Caddyfile create mode 100644 examples/compose.yml diff --git a/Cargo.lock b/Cargo.lock index 1f42577..0f2cee2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -111,6 +111,30 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" +[[package]] +name = "aws-lc-rs" +version = "1.13.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c953fe1ba023e6b7730c0d4b031d06f267f23a46167dcbd40316644b10a17ba" +dependencies = [ + "aws-lc-sys", + "untrusted 0.7.1", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.30.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dbfd150b5dbdb988bcc8fb1fe787eb6b7ee6180ca24da683b61ea5405f3d43ff" +dependencies = [ + "bindgen", + "cc", + "cmake", + "dunce", + "fs_extra", +] + [[package]] name = "axum" version = "0.8.4" @@ -216,6 +240,29 @@ version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "55248b47b0caf0546f7988906588779981c43bb1bc9d0c44087278f80cdb44ba" +[[package]] +name = "bindgen" +version = "0.69.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" +dependencies = [ + "bitflags", + "cexpr", + "clang-sys", + "itertools", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn", + "which", +] + [[package]] name = "bitflags" version = "2.9.1" @@ -273,6 +320,15 @@ dependencies = [ "shlex", ] +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom 7.1.3", +] + [[package]] name = "cfg-if" version = "1.0.1" @@ -340,6 +396,26 @@ dependencies = [ "inout", ] +[[package]] +name = "clang-sys" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "cmake" +version = "0.1.54" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" +dependencies = [ + "cc", +] + [[package]] name = "concurrent-queue" version = "2.5.0" @@ -355,16 +431,6 @@ version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" -[[package]] -name = "core-foundation" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" -dependencies = [ - "core-foundation-sys", - "libc", -] - [[package]] name = "core-foundation-sys" version = "0.8.7" @@ -546,6 +612,12 @@ version = "0.15.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b" +[[package]] +name = "dunce" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" + [[package]] name = "either" version = "1.15.0" @@ -638,21 +710,6 @@ version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" -[[package]] -name = "foreign-types" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" -dependencies = [ - "foreign-types-shared", -] - -[[package]] -name = "foreign-types-shared" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" - [[package]] name = "form_urlencoded" version = "1.2.1" @@ -672,6 +729,12 @@ dependencies = [ "thiserror 1.0.69", ] +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + [[package]] name = "futures-channel" version = "0.3.31" @@ -791,6 +854,12 @@ version = "0.31.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" +[[package]] +name = "glob" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" + [[package]] name = "globset" version = "0.4.16" @@ -942,17 +1011,6 @@ dependencies = [ "windows-sys 0.59.0", ] -[[package]] -name = "hostname" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a56f203cd1c76362b69e3863fd987520ac36cf70a8c92627449b2f64a8cf7d65" -dependencies = [ - "cfg-if", - "libc", - "windows-link", -] - [[package]] name = "http" version = "1.3.1" @@ -1221,6 +1279,15 @@ dependencies = [ "libc", ] +[[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + [[package]] name = "itoa" version = "1.0.15" @@ -1278,6 +1345,12 @@ dependencies = [ "spin", ] +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + [[package]] name = "lettre" version = "0.11.18" @@ -1292,18 +1365,18 @@ dependencies = [ "fastrand", "futures-io", "futures-util", - "hostname", "httpdate", "idna", "mime", - "native-tls", - "nom", + "nom 8.0.0", "percent-encoding", "quoted_printable", + "rustls", "socket2", "tokio", - "tokio-native-tls", + "tokio-rustls", "url", + "webpki-roots 1.0.2", ] [[package]] @@ -1312,6 +1385,16 @@ version = "0.2.175" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543" +[[package]] +name = "libloading" +version = "0.8.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667" +dependencies = [ + "cfg-if", + "windows-targets 0.48.5", +] + [[package]] name = "libm" version = "0.2.15" @@ -1342,9 +1425,9 @@ dependencies = [ [[package]] name = "linux-raw-sys" -version = "0.9.4" +version = "0.4.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd945864f07fe9f5371a27ad7b52a172b4b499999f1d97574c9fa68373937e12" +checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab" [[package]] name = "litemap" @@ -1405,6 +1488,12 @@ version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + [[package]] name = "miniz_oxide" version = "0.8.9" @@ -1426,20 +1515,13 @@ dependencies = [ ] [[package]] -name = "native-tls" -version = "0.2.14" +name = "nom" +version = "7.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87de3442987e9dbec73158d5c715e7ad9072fda936bb03d19d7fa10e00520f0e" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" dependencies = [ - "libc", - "log", - "openssl", - "openssl-probe", - "openssl-sys", - "schannel", - "security-framework", - "security-framework-sys", - "tempfile", + "memchr", + "minimal-lexical", ] [[package]] @@ -1550,50 +1632,6 @@ version = "1.21.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" -[[package]] -name = "openssl" -version = "0.10.73" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8505734d46c8ab1e19a1dce3aef597ad87dcb4c37e7188231769bd6bd51cebf8" -dependencies = [ - "bitflags", - "cfg-if", - "foreign-types", - "libc", - "once_cell", - "openssl-macros", - "openssl-sys", -] - -[[package]] -name = "openssl-macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "openssl-probe" -version = "0.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e" - -[[package]] -name = "openssl-sys" -version = "0.9.109" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90096e2e47630d78b7d1c20952dc621f957103f8bc2c8359ec81290d75238571" -dependencies = [ - "cc", - "libc", - "pkg-config", - "vcpkg", -] - [[package]] name = "overload" version = "0.1.1" @@ -1655,6 +1693,7 @@ name = "pds_gatekeeper" version = "0.1.0" dependencies = [ "anyhow", + "aws-lc-rs", "axum", "axum-template", "chrono", @@ -1666,6 +1705,7 @@ dependencies = [ "lettre", "rand 0.9.2", "rust-embed", + "rustls", "scrypt", "serde", "serde_json", @@ -1820,6 +1860,16 @@ dependencies = [ "zerocopy", ] +[[package]] +name = "prettyplease" +version = "0.2.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "061c1221631e079b26479d25bbf2275bfe5917ae8419cd7e34f13bfc2aa7539a" +dependencies = [ + "proc-macro2", + "syn", +] + [[package]] name = "proc-macro2" version = "1.0.97" @@ -2005,7 +2055,7 @@ dependencies = [ "cfg-if", "getrandom 0.2.16", "libc", - "untrusted", + "untrusted 0.9.0", "windows-sys 0.52.0", ] @@ -2070,11 +2120,17 @@ version = "0.1.26" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace" +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + [[package]] name = "rustix" -version = "1.0.8" +version = "0.38.44" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11181fbabf243db407ef8df94a6ce0b2f9a733bd8be4ad02b4eda9602296cac8" +checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154" dependencies = [ "bitflags", "errno", @@ -2089,6 +2145,8 @@ version = "0.23.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c0ebcbd2f03de0fc1122ad9bb24b127a5a6cd51d72604a3f3c50ac459762b6cc" dependencies = [ + "aws-lc-rs", + "log", "once_cell", "ring", "rustls-pki-types", @@ -2112,9 +2170,10 @@ version = "0.103.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc" dependencies = [ + "aws-lc-rs", "ring", "rustls-pki-types", - "untrusted", + "untrusted 0.9.0", ] [[package]] @@ -2147,15 +2206,6 @@ dependencies = [ "winapi-util", ] -[[package]] -name = "schannel" -version = "0.1.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d" -dependencies = [ - "windows-sys 0.59.0", -] - [[package]] name = "scopeguard" version = "1.2.0" @@ -2192,29 +2242,6 @@ dependencies = [ "cc", ] -[[package]] -name = "security-framework" -version = "2.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" -dependencies = [ - "bitflags", - "core-foundation", - "core-foundation-sys", - "libc", - "security-framework-sys", -] - -[[package]] -name = "security-framework-sys" -version = "2.14.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32" -dependencies = [ - "core-foundation-sys", - "libc", -] - [[package]] name = "serde" version = "1.0.219" @@ -2642,19 +2669,6 @@ dependencies = [ "syn", ] -[[package]] -name = "tempfile" -version = "3.21.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15b61f8f20e3a6f7e0649d825294eaf317edce30f82cf6026e7e4cb9222a7d1e" -dependencies = [ - "fastrand", - "getrandom 0.3.3", - "once_cell", - "rustix", - "windows-sys 0.52.0", -] - [[package]] name = "thiserror" version = "1.0.69" @@ -2760,12 +2774,12 @@ dependencies = [ ] [[package]] -name = "tokio-native-tls" -version = "0.3.1" +name = "tokio-rustls" +version = "0.26.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" +checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b" dependencies = [ - "native-tls", + "rustls", "tokio", ] @@ -2996,6 +3010,12 @@ version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e70f2a8b45122e719eb623c01822704c4e0907e7e426a05927e1a1cfff5b75d0" +[[package]] +name = "untrusted" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" + [[package]] name = "untrusted" version = "0.9.0" @@ -3173,6 +3193,18 @@ dependencies = [ "rustls-pki-types", ] +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix", +] + [[package]] name = "whoami" version = "1.6.1" diff --git a/Cargo.toml b/Cargo.toml index 9bed70d..1c97f1e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -18,7 +18,11 @@ tower_governor = "0.8.0" hex = "0.4" jwt-compact = { version = "0.8.0", features = ["es256k"] } scrypt = "0.11" -lettre = { version = "0.11.18", features = ["tokio1", "pool", "tokio1-native-tls"] } +#lettre = { version = "0.11.18", default-features = false, features = ["pool", "tokio1-rustls", "smtp-transport", "hostname", "builder"] } +#lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] } +aws-lc-rs = "1.13.0" +lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] } +rustls = { version = "0.23", default-features = false, features = ["tls12", "std", "logging", "aws_lc_rs"] } handlebars = { version = "6.3.2", features = ["rust-embed"] } rust-embed = "8.7.2" axum-template = { version = "3.0.0", features = ["handlebars"] } diff --git a/Dockerfile b/Dockerfile index 3140df1..892d203 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,10 @@ FROM rust:1.89.0-bookworm AS builder -RUN apt-get update -RUN apt-get install -y pkg-config \ - libssl-dev WORKDIR /app COPY ../ /app RUN cargo build --release # -FROM rust:1.89-bookworm AS api +FROM rust:1.89-slim-bookworm AS api RUN apt-get update -RUN apt-get install -y libssl3 \ - ca-certificates +RUN apt-get install -y ca-certificates COPY --from=builder /app/target/release/pds_gatekeeper /usr/local/bin/pds_gatekeeper CMD ["pds_gatekeeper"] \ No newline at end of file diff --git a/README.md b/README.md index bf8deef..25b6363 100644 --- a/README.md +++ b/README.md @@ -21,28 +21,92 @@ Future feature? # Setup -We are getting close! Testing now - -Nothing here yet! If you are brave enough to try before full release, let me know and I'll help you set it up. -But I want to run it locally on my own PDS first to test run it a bit. - -Example Caddyfile (mostly so I don't lose it for now. Will have a better one in the future) +PDS Gatekeeper has 2 parts to its setup, docker compose file and a reverse proxy (Caddy in this case). I will be +assuming you setup the PDS following the directions +found [here](https://atproto.com/guides/self-hosting), but if yours is different, or you have questions, feel free to +let +me know, and we can figure it out. + +## Docker compose + +The pds gatekeeper container can be found on docker hub under the name `fatfingers23/pds_gatekeeper`. The container does +need access to the `/pds` root folder to access the same db's as your PDS. The part you need to add would look a bit +like below. You can find a full example of what I use for my pds at [./examples/compose.yml](./examples/compose.yml). +This is usually found at `/pds/compose.yaml`on your PDS> + +```yml + gatekeeper: + container_name: gatekeeper + image: fatfingers23/pds_gatekeeper:arm-latest + network_mode: host + restart: unless-stopped + #This gives the container to the access to the PDS folder. Source is the location on your server of that directory + volumes: + - type: bind + source: /pds + target: /pds + depends_on: + - pds +``` + +## Caddy setup + +For the reverse proxy I use caddy. This part is what overwrites the endpoints and proxies them to PDS gatekeeper to add +in extra functionality. The main part is below, for a full example see [./examples/Caddyfile](./examples/Caddyfile). +This is usually found at `/pds/caddy/etc/caddy/Caddyfile` on your PDS. ```caddyfile -http://localhost { - @gatekeeper { - path /xrpc/com.atproto.server.getSession - path /xrpc/com.atproto.server.updateEmail - path /xrpc/com.atproto.server.createSession - path /@atproto/oauth-provider/~api/sign-in + path /xrpc/com.atproto.server.getSession + path /xrpc/com.atproto.server.updateEmail + path /xrpc/com.atproto.server.createSession + path /@atproto/oauth-provider/~api/sign-in } handle @gatekeeper { - reverse_proxy http://localhost:8080 + reverse_proxy http://localhost:8080 } - reverse_proxy /* http://localhost:3000 + reverse_proxy http://localhost:3000 +``` + +If you use a cloudflare tunnel then your caddyfile would look a bit more like below with your tunnel proxying to +`localhost:8081` (or w/e port you want). + +```caddyfile +http://*.localhost:8082, http://localhost:8082 { + @gatekeeper { + path /xrpc/com.atproto.server.getSession + path /xrpc/com.atproto.server.updateEmail + path /xrpc/com.atproto.server.createSession + path /@atproto/oauth-provider/~api/sign-in + } + + handle @gatekeeper { + reverse_proxy http://localhost:8080 + } + + reverse_proxy http://localhost:3000 } -``` \ No newline at end of file +``` + +# Environment variables and bonuses + +Every environment variable can be set in the `pds.env` and shared between PDS and gatekeeper and the PDS, with the +exception of `PDS_ENV_LOCATION`. This can be set to load the pds.env, by default it checks `/pds/pds.env` and is +recommended to mount the `/pds` folder on the server to `/pds` in the pds gatekeeper container. + +`PDS_DATA_DIRECTORY` - Root directory of the PDS. Same as the one found in `pds.env` this is how pds gatekeeper knows +knows the rest of the environment variables. + +`GATEKEEPER_EMAIL_TEMPLATES_DIRECTORY` - The folder for templates of the emails PDS gatekeeper sends. You can find them +in [./email_templates](./email_templates). You are free to edit them as you please and set this variable to a location +in the pds gateekeper container and it will use them in place of the default ones. Just make sure ot keep the names the +same. + +`PDS_BASE_URL` - Base url of the PDS. You most likely want `https://localhost:3000` which is also the default + +`GATEKEEPER_HOST` - Host for pds gatekeeper. Defaults to `127.0.0.1` + +`GATEKEEPER_PORT` - Port for pds gatekeeper. Defaults to `8080` diff --git a/examples/Caddyfile b/examples/Caddyfile new file mode 100644 index 0000000..9832246 --- /dev/null +++ b/examples/Caddyfile @@ -0,0 +1,29 @@ +{ + email youremail@myemail.com + on_demand_tls { + ask http://localhost:3000/tls-check + } +} + +*.yourpds.com, yourpds.com { + tls { + on_demand + } + # You'll most likely just want from here to.... + @gatekeeper { + path /xrpc/com.atproto.server.getSession + path /xrpc/com.atproto.server.updateEmail + path /xrpc/com.atproto.server.createSession + path /@atproto/oauth-provider/~api/sign-in + } + + handle @gatekeeper { + #This is the address for PDS gatekeeper, default is 8080 + reverse_proxy http://localhost:8080 + } + + reverse_proxy http://localhost:3000 + #..here. Copy and paste this replacing the reverse_proxy http://localhost:3000 line +} + + diff --git a/examples/compose.yml b/examples/compose.yml new file mode 100644 index 0000000..e3c2f03 --- /dev/null +++ b/examples/compose.yml @@ -0,0 +1,51 @@ +version: '3.9' +services: + caddy: + container_name: caddy + image: caddy:2 + network_mode: host + depends_on: + - pds + restart: unless-stopped + volumes: + - type: bind + source: /pds/caddy/data + target: /data + - type: bind + source: /pds/caddy/etc/caddy + target: /etc/caddy + pds: + container_name: pds + image: ghcr.io/bluesky-social/pds:0.4 + network_mode: host + restart: unless-stopped + volumes: + - type: bind + source: /pds + target: /pds + env_file: + - /pds/pds.env + watchtower: + container_name: watchtower + image: containrrr/watchtower:latest + network_mode: host + volumes: + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + restart: unless-stopped + environment: + WATCHTOWER_CLEANUP: true + WATCHTOWER_SCHEDULE: "@midnight" + gatekeeper: + container_name: gatekeeper + image: fatfingers23/pds_gatekeeper:arm-latest + network_mode: host + restart: unless-stopped + #This gives the container to the access to the PDS folder. Source is the location on your server of that directory + volumes: + - type: bind + source: /pds + target: /pds + depends_on: + - pds \ No newline at end of file diff --git a/justfile b/justfile index 380266e..b0c1e2a 100644 --- a/justfile +++ b/justfile @@ -1,9 +1,6 @@ release: docker buildx build \ - --platform linux/arm64 \ - --tag fatfingers23/pds_gatekeeper:arm-latest \ - --push . -# docker buildx build \ -# --platform linux/amd64 \ -# --tag fatfingers23/pds_gatekeeper:latest \ -# --push . \ No newline at end of file + --platform linux/arm64,linux/amd64 \ + --tag fatfingers23/pds_gatekeeper:latest \ + --tag fatfingers23/pds_gatekeeper:0.1 \ + --push . \ No newline at end of file diff --git a/src/main.rs b/src/main.rs index 44700a5..03bb851 100644 --- a/src/main.rs +++ b/src/main.rs @@ -132,9 +132,6 @@ async fn main() -> Result<(), Box> { let sent_from = env::var("PDS_EMAIL_FROM_ADDRESS") .expect("PDS_EMAIL_FROM_ADDRESS is not set in your pds.env file"); - //TODO current bug running in docker - // https://github.com/lettre/lettre/issues/349#issuecomment-510155500 - let mailer: AsyncSmtpTransport = AsyncSmtpTransport::::from_url(smtp_url.as_str())?.build(); //Email templates setup -- 2.43.0