8000 Draft: Support Axum 0.8 by danielblignaut · Pull Request #3603 · kanidm/kanidm · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Draft: Support Axum 0.8 #3603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Draft: Support Axum 0.8 #3603

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6dab433
WIP changes
danielblignaut May 7, 2025
968b6e9
remove custom changes
danielblignaut May 7, 2025
730fd63
remove unneccessary code
danielblignaut May 7, 2025
e54be67
remove unnecessary code
danielblignaut May 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
255 changes: 135 additions & 120 deletions Cargo.lock
View file
Open in desktop

Large diffs are not rendered by default.

26 changes: 13 additions & 13 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,10 +145,10 @@ sketching = { path = "./libs/sketching", version = "=1.7.0-dev" }

anyhow = { version = "1.0.98" }
argon2 = { version = "0.5.3", features = ["alloc"] }
askama = { version = "0.12.1", features = ["serde", "with-axum"] }
askama_axum = { version = "0.4.0" }
askama = { version = "0.14.0", features = ["serde_json"] }
askama_web = { version = "0.14.0", features = ["axum-0.8"] }
async-trait = "^0.1.85"
axum = { version = "0.7.9", features = [
axum = { version = "^0.8.0", features = [
"form",
"json",
"macros",
Expand All @@ -158,9 +158,9 @@ axum = { version = "0.7.9", features = [
"tokio",
"tracing",
] }
axum-extra = { version = "0.9.6", features = ["cookie"] }
axum-extra = { version = "0.10.1", features = ["cookie"] }
axum-macros = "0.4.2"
axum-htmx = { version = "0.5.0", features = ["serde", "guards"] }
axum-htmx = { version = "0.7.0", features = ["serde", "guards"] }
base32 = "^0.5.1"
base64 = "^0.22.1"
base64urlsafedata = "0.5.1"
Expand Down Expand Up @@ -222,18 +222,18 @@ oauth2_ext = { version = "^4.4.2", package = "oauth2", default-features = false
openssl-sys = "^0.9"
openssl = "^0.10.72"

opentelemetry = { version = "0.27.0" }
opentelemetry_api = { version = "0.27.0", features = ["logs", "metrics"] }
opentelemetry-otlp = { version = "0.27.0", default-features = false, features = [
opentelemetry = { version = "0.29.0" }
opentelemetry_api = { version = "0.29.0", features = ["logs", "metrics"] }
opentelemetry-otlp = { version = "0.29.0", default-features = false, features = [
"serde",
"logs",
"metrics",
"http-proto",
"grpc-tonic",
] }
opentelemetry_sdk = { version = "0.27.0", features = ["rt-tokio"] }
opentelemetry-semantic-conventions = "0.27.0"
tracing-opentelemetry = "0.28.0"
opentelemetry_sdk = { version = "0.29.0", features = ["rt-tokio"] }
opentelemetry-semantic-conventions = "0.29.0"
tracing-opentelemetry = "0.30.0"
tracing-core = "0.1.33"

peg = "0.8"
Expand Down Expand Up @@ -292,8 +292,8 @@ tracing-forest = "^0.1.6"

url = "^2.5.2"
urlencoding = "2.1.3"
utoipa = { version = "4.2.0", features = ["url", "uuid"] }
utoipa-swagger-ui = "6.0.0"
utoipa = { version = "5.3.1", features = ["url", "uuid"] }
utoipa-swagger-ui = "9.0.1"
uuid = "^1.12.1"

webauthn-authenticator-rs = { version = "0.5.1", features = [
Expand Down
18 changes: 9 additions & 9 deletions book/src/integrations/oauth2.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ introspection.
## Kanidm's OAuth2 URLs

Kanidm will expose its OAuth2 APIs at the following URLs, substituting
`:client_id:` with an OAuth2 client ID.
`{client_id}:` with an OAuth2 client ID.
<!-- markdownlint-disable MD033 -->

<dl>
Expand All @@ -57,7 +57,7 @@ URL **(recommended)**
</dt>
<dd>

`https://idm.example.com/oauth2/openid/:client_id:/.well-known/openid-configuration`
`https://idm.example.com/oauth2/openid/{client_id}:/.well-known/openid-configuration`

This document includes all the URLs and attributes an app needs to be able to
authenticate using OIDC with Kanidm, _except_ for the `client_id` and
Expand All @@ -79,7 +79,7 @@ URL **(recommended)**

<dd>

`https://idm.example.com/oauth2/openid/:client_id:/.well-known/oauth-authorization-server`
`https://idm.example.com/oauth2/openid/{client_id}:/.well-known/oauth-authorization-server`

</dd>

Expand All @@ -91,7 +91,7 @@ URL **(recommended)**

<dd>

`https://idm.example.com/oauth2/openid/:client_id:/.well-known/webfinger`
`https://idm.example.com/oauth2/openid/{client_id}:/.well-known/webfinger`

See [the WebFinger section](#webfinger) for more details, as there a number of
caveats for WebFinger clients.
Expand Down Expand Up @@ -168,7 +168,7 @@ OpenID Connect Issuer URL

<dd>

`https://idm.example.com/oauth2/openid/:client_id:`
`https://idm.example.com/oauth2/openid/{client_id}:`

</dd>

Expand All @@ -180,7 +180,7 @@ OpenID Connect user info

<dd>

`https://idm.example.com/oauth2/openid/:client_id:/userinfo`
`https://idm.example.com/oauth2/openid/{client_id}:/userinfo`

</dd>

Expand All @@ -192,7 +192,7 @@ Token signing public key

<dd>

`https://idm.example.com/oauth2/openid/:client_id:/public_key.jwk`
`https://idm.example.com/oauth2/openid/{client_id}:/public_key.jwk`

</dd>

Expand Down Expand Up @@ -497,14 +497,14 @@ difficult to use with Kanidm:

You will need a load balancer in front of Kanidm's HTTPS server to send a HTTP
307 redirect to the appropriate
`/oauth2/openid/:client_id:/.well-known/webfinger` URL, *while preserving all
`/oauth2/openid/{client_id}:/.well-known/webfinger` URL, *while preserving all
query parameters*. For example, with Caddy:

```caddy
# Match on a prefix, and use {uri} to preserve all query parameters.
# This only supports *one* client.
example.com {
redir /.well-known/webfinger https://idm.example.com/oauth2/openid/:client_id:{uri} 307
redir /.well-known/webfinger https://idm.example.com/oauth2/openid/{client_id}:{uri} 307
}
```

Expand Down
2 changes: 1 addition & 1 deletion book/src/integrations/oauth2/examples.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -981,7 +981,7 @@ server.config.yaml:
GUI:
authenticator:
type: OIDC
oidc_issuer: https://idm.example.com/oauth2/openid/:client_id:/
oidc_issuer: https://idm.example.com/oauth2/openid/{client_id}:/
oauth_client_id: <client name/>
oauth_client_secret: <client secret>
```
Expand Down
3 changes: 2 additions & 1 deletion libs/scim_proto/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ pub mod prelude {
pub use crate::{ScimAttr, ScimComplexAttr, ScimEntry, ScimEntryHeader, ScimMeta, ScimValue};
}


#[derive(Deserialize, Serialize, Debug, Clone, ToSchema)]
#[serde(untagged)]
pub enum ScimAttr {
Expand All @@ -41,7 +42,7 @@ pub enum ScimAttr {
// this point.
#[serde(with = "time::serde::rfc3339")]
DateTime(OffsetDateTime),

#[schema(value_type = Object)]
Binary(Base64UrlSafeData),
Reference(Url),
}
Expand Down
29 changes: 19 additions & 10 deletions libs/sketching/src/otel.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ use opentelemetry_otlp::{Protocol, WithExportConfig};
use opentelemetry::{global, trace::TracerProvider as _, KeyValue};

use opentelemetry_sdk::{
trace::{Sampler, TracerProvider},
trace::{Sampler, TracerProviderBuilder},
Resource,
};
use tracing::Subscriber;
Expand Down Expand Up @@ -86,19 +86,27 @@ pub fn start_logging_pipeline(
// let hostname = hostname.to_string_lossy();
// let hostname = hostname.to_lowercase();

let resource = Resource::from_schema_url(
[
let resource = Resource::builder()
.with_schema_url(vec![
// TODO: it'd be really nice to be able to set the instance ID here, from the server UUID so we know *which* instance on this host is logging
KeyValue::new(SERVICE_NAME, service_name),
KeyValue::new(SERVICE_VERSION, version),
// TODO: currently marked as an experimental flag, leaving it out for now
// KeyValue::new(DEPLOYMENT_ENVIRONMENT_NAME, hostname),
],
SCHEMA_URL,
);

let provider = TracerProvider::builder()
.with_batch_exporter(otlp_exporter, opentelemetry_sdk::runtime::Tokio)
], SCHEMA_URL)
.build();
// .with_attributes(vec![
// // TODO: it'd be really nice to be able to set the instance ID here, from the server UUID so we know *which* instance on this host is logging
// KeyValue::new(SERVICE_NAME, service_name),
// KeyValue::new(SERVICE_VERSION, version),
// // TODO: currently marked as an experimental flag, leaving it out for now
// // KeyValue::new(DEPLOYMENT_ENVIRONMENT_NAME, hostname),
// ],
// SCHEMA_URL,
// );

let provider = TracerProviderBuilder::default()
.with_batch_exporter(otlp_exporter)
// we want *everything!*
.with_sampler(Sampler::AlwaysOn)
.with_max_events_per_span(MAX_EVENTS_PER_SPAN)
Expand Down Expand Up @@ -137,7 +145,8 @@ pub struct TracingPipelineGuard {}

impl Drop for TracingPipelineGuard {
fn drop(&mut self) {
opentelemetry::global::shutdown_tracer_provider();
// TODO: https://github.com/open-telemetry/opentelemetry-rust/blob/main/opentelemetry-sdk/CHANGELOG.md how to remove tihs?
// opentelemetry::global::shutdown_tracer_provider();
eprintln!("Logging pipeline completed shutdown");
}
}
4 changes: 3 additions & 1 deletion proto/src/internal/credupdate.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,9 @@ pub enum CURegState {
TotpNameTryAgain(String),
TotpInvalidSha1,
BackupCodes(Vec<String>),
#[schema(value_type = Object)]
Passkey(CreationChallengeResponse),
#[schema(value_type = Object)]
AttestedPasskey(CreationChallengeResponse),
}

Expand Down Expand Up @@ -185,7 +187,7 @@ pub struct CUStatus {

pub unixcred: Option<CredentialDetail>,
pub unixcred_state: CUCredState,

#[schema(value_type = Object)]
pub sshkeys: BTreeMap<String, SshPublicKey>,
pub sshkeys_state: CUCredState,
}
Expand Down
1 change: 1 addition & 0 deletions proto/src/scim_v1/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ pub struct ScimMail {
#[serde(rename_all = "camelCase")]
pub struct ScimSshPublicKey {
pub label: String,
#[schema(value_type = Object)]
pub value: SshPublicKey,
}

Expand Down
4 changes: 4 additions & 0 deletions proto/src/v1/auth.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,11 @@ pub enum AuthCredential {
Anonymous,
Password(String),
Totp(u32),
#[schema(value_type = Object)]
SecurityKey(Box<PublicKeyCredential>),
BackupCode(String),
// Should this just be discoverable?
#[schema(value_type = Object)]
Passkey(Box<PublicKeyCredential>),
}

Expand Down Expand Up @@ -151,7 +153,9 @@ pub enum AuthAllowed {
BackupCode,
Password,
Totp,
#[schema(value_type = Object)]
SecurityKey(RequestChallengeResponse),
#[schema(value_type = Object)]
Passkey(RequestChallengeResponse),
}

Expand Down
6 changes: 6 additions & 0 deletions proto/src/v1/unix.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ use crate::constants::{ATTR_GROUP, ATTR_LDAP_SSHPUBLICKEY};
#[allow(dead_code)]
#[derive(ToSchema)]
#[schema(as = KeyTypeKind)]
#[schema(value_type = Object)]
pub struct KeyTypeKindSchema(KeyTypeKind);

#[derive(ToSchema)]
Expand All @@ -21,19 +22,23 @@ pub struct KeyTypeSchema {
pub short_name: &'static str,
pub is_cert: bool,
pub is_sk: bool,
#[schema(value_type = Object)]
pub kind: KeyTypeKind,
pub plain: &'static str,
}

#[allow(dead_code)]
#[derive(ToSchema)]
#[schema(as = PublicKeyKind)]
#[schema(value_type = Object)]
pub struct PublicKeyKindSchema(PublicKeyKind);

#[derive(ToSchema)]
#[schema(as = SshPublicKey)]
pub struct SshPublicKeySchema {
#[schema(value_type = Object)]
pub key_type: KeyType,
#[schema(value_type = Object)]
pub kind: PublicKeyKind,
pub comment: Option<String>,
}
Expand Down Expand Up @@ -74,6 +79,7 @@ pub struct UnixUserToken {
pub uuid: Uuid,
pub shell: Option<String>,
pub groups: Vec<UnixGroupToken>,
#[schema(value_type = Object)]
pub sshkeys: Vec<SshPublicKey>,
// The default value of bool is false.
#[serde(default)]
Expand Down
4 changes: 2 additions & 2 deletions server/core/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ default = []
dev-oauth2-device-flow = []

[dependencies]
askama = { workspace = true, features = ["with-axum"] }
askama_axum = { workspace = true }
askama = { workspace = true }
askama_web = { workspace = true }
axum = { workspace = true }
axum-htmx = { workspace = true }
axum-extra = { workspace = true }
Expand Down
24 changes: 12 additions & 12 deletions server/core/src/https/apidocs/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,8 @@ impl Modify for SecurityAddon {
super::v1::raw_modify,
super::v1::raw_search,

super::v1_oauth2::oauth2_id_image_delete,
super::v1_oauth2::oauth2_id_image_post,
// super::v1_oauth2::oauth2_id_image_delete,
// super::v1_oauth2::oauth2_id_image_post,
super::v1_oauth2::oauth2_get,
super::v1_oauth2::oauth2_basic_post,
super::v1_oauth2::oauth2_public_post,
Expand Down Expand Up @@ -89,10 +89,10 @@ impl Modify for SecurityAddon {
super::v1::schema_classtype_get_id,
super::v1::person_get,
super::v1::person_post,
super::v1::service_account_credential_generate,
super::v1::service_account_api_token_delete,
super::v1::service_account_api_token_get,
super::v1::service_account_api_token_post,
// super::v1::service_account_credential_generate,
// super::v1::service_account_api_token_delete,
// super::v1::service_account_api_token_get,
// super::v1::service_account_api_token_post,
super::v1::person_search_id,
super::v1::person_id_get,
super::v1::person_id_patch,
Expand Down Expand Up @@ -121,16 +121,16 @@ impl Modify for SecurityAddon {
super::v1::person_id_radius_delete,
super::v1::person_id_radius_token_get,

super::v1::account_id_ssh_pubkeys_get,
// super::v1::account_id_ssh_pubkeys_get,
super::v1::account_id_radius_token_post,
super::v1::person_id_unix_post,
super::v1::person_id_unix_credential_put,
super::v1::person_id_unix_credential_delete,
super::v1::person_identify_user_post,
super::v1::service_account_get,
super::v1::service_account_post,
super::v1::service_account_get,
super::v1::service_account_post,
// super::v1::service_account_get,
// super::v1::service_account_post,
super::v1::service_account_id_get,
super::v1::service_account_id_delete,
super::v1::service_account_id_patch,
Expand All @@ -150,9 +150,9 @@ impl Modify for SecurityAddon {
super::v1::account_id_unix_post,
super::v1::account_id_unix_auth_post,
super::v1::account_id_unix_token,
super::v1::account_id_unix_token,
super::v1::account_id_radius_token_post,
super::v1::account_id_radius_token_get,
// super::v1::account_id_unix_token,
// super::v1::account_id_radius_token_post,
// super::v1::account_id_radius_token_get,
super::v1::account_id_ssh_pubkeys_get,
super::v1::account_id_ssh_pubkeys_tag_get,
super::v1::account_id_user_auth_token_get,
Expand Down
Loading
0