Compare commits
11 Commits
63ec38ac6d
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
ac35982153
|
|||
|
52390de4c5
|
|||
|
e01c16e166
|
|||
|
08bb610bbb
|
|||
|
9b6afa1d01
|
|||
|
2bba56e811
|
|||
|
27d2038b33
|
|||
|
82cc5202dd
|
|||
|
f6d6137edf
|
|||
|
7cd3fcb12c
|
|||
|
eceba1da4b
|
41
.github/workflows/ci.yml
vendored
41
.github/workflows/ci.yml
vendored
@@ -1,41 +0,0 @@
|
||||
name: ci
|
||||
|
||||
on: push
|
||||
|
||||
env:
|
||||
CARGO_TERM_COLOR: always
|
||||
RUSTFLAGS: "-Dwarnings"
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- cargo_target: "x86_64-unknown-linux-gnu"
|
||||
- cargo_target: "wasm32-unknown-unknown"
|
||||
steps:
|
||||
- name: Clone repo
|
||||
uses: actions/checkout@v3
|
||||
- name: Add targets
|
||||
run: rustup target add wasm32-unknown-unknown
|
||||
- uses: Swatinem/rust-cache@v2
|
||||
- name: Docker Compose
|
||||
run: docker-compose -f test/docker-compose.yml up -d redis
|
||||
|
||||
- name: Build
|
||||
env:
|
||||
CARGO_BUILD_TARGET: ${{ matrix.cargo_target }}
|
||||
run: cargo build
|
||||
- name: Clippy
|
||||
env:
|
||||
CARGO_BUILD_TARGET: ${{ matrix.cargo_target }}
|
||||
run: cargo clippy
|
||||
- name: Fmt
|
||||
env:
|
||||
CARGO_BUILD_TARGET: ${{ matrix.cargo_target }}
|
||||
run: cargo fmt -- --check
|
||||
|
||||
- name: Test
|
||||
if: matrix.cargo_target == 'x86_64-unknown-linux-gnu'
|
||||
run: cargo test
|
||||
16
.github/workflows/docker.yml
vendored
16
.github/workflows/docker.yml
vendored
@@ -11,13 +11,23 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
- name: Install Docker
|
||||
run: |
|
||||
apt-get update
|
||||
apt-get install curl -y
|
||||
curl -fsSL https://get.docker.com | sh
|
||||
- name: Install building tools
|
||||
run: |
|
||||
apt-get install build-essential python3 python3-pip -y
|
||||
|
||||
- name: Build and push image
|
||||
uses: elgohr/Publish-Docker-Github-Action@master
|
||||
uses: elgohr/Publish-Docker-Github-Action@v5
|
||||
with:
|
||||
name: spruceid/siwe_oidc
|
||||
username: ${{ github.actor }}
|
||||
name: nathanwoodburn/eth-oidc
|
||||
username: nathanwoodburn
|
||||
password: ${{ secrets.DOCKERGIT_TOKEN }}
|
||||
registry: git.woodburn.au
|
||||
tag_names: true
|
||||
tag_semver: true
|
||||
snapshot: true
|
||||
buildargs: PROJECT_ID=${{ secrets.PROJECT_ID }}
|
||||
|
||||
@@ -14,7 +14,8 @@ COPY --from=dep_planner /siwe-oidc/recipe.json recipe.json
|
||||
RUN cargo chef cook --release --recipe-path recipe.json
|
||||
|
||||
FROM node:16-alpine as node_builder
|
||||
ENV PROJECT_ID=""
|
||||
ARG PROJECT_ID
|
||||
ENV PROJECT_ID=${PROJECT_ID}
|
||||
ADD --chown=node:node ./static /siwe-oidc/static
|
||||
ADD --chown=node:node ./js/ui /siwe-oidc/js/ui
|
||||
WORKDIR /siwe-oidc/js/ui
|
||||
|
||||
15
src/oidc.rs
15
src/oidc.rs
@@ -14,14 +14,7 @@ use openidconnect::{
|
||||
CoreJwsSigningAlgorithm, CoreProviderMetadata, CoreRegisterErrorResponseType,
|
||||
CoreResponseType, CoreRsaPrivateSigningKey, CoreSubjectIdentifierType, CoreTokenResponse,
|
||||
CoreTokenType, CoreUserInfoClaims, CoreUserInfoJsonWebToken,
|
||||
},
|
||||
registration::{EmptyAdditionalClientMetadata, EmptyAdditionalClientRegistrationResponse},
|
||||
url::Url,
|
||||
AccessToken, Audience, AuthUrl, ClientConfigUrl, ClientId, ClientSecret, EmptyAdditionalClaims,
|
||||
EmptyAdditionalProviderMetadata, EmptyExtraTokenFields, EndUserPictureUrl, EndUserUsername,
|
||||
IssuerUrl, JsonWebKeyId, JsonWebKeySetUrl, LocalizedClaim, Nonce, OpPolicyUrl, OpTosUrl,
|
||||
PrivateSigningKey, RedirectUrl, RegistrationAccessToken, RegistrationUrl, RequestUrl,
|
||||
ResponseTypes, Scope, StandardClaims, SubjectIdentifier, TokenUrl, UserInfoUrl,
|
||||
}, registration::{EmptyAdditionalClientMetadata, EmptyAdditionalClientRegistrationResponse}, url::Url, AccessToken, Audience, AuthUrl, ClientConfigUrl, ClientId, ClientSecret, EmptyAdditionalClaims, EmptyAdditionalProviderMetadata, EmptyExtraTokenFields, EndUserEmail, EndUserPictureUrl, EndUserUsername, IssuerUrl, JsonWebKeyId, JsonWebKeySetUrl, LocalizedClaim, Nonce, OpPolicyUrl, OpTosUrl, PrivateSigningKey, RedirectUrl, RegistrationAccessToken, RegistrationUrl, RequestUrl, ResponseTypes, Scope, StandardClaims, SubjectIdentifier, TokenUrl, UserInfoUrl
|
||||
};
|
||||
use rand::{distributions::Alphanumeric, thread_rng, Rng};
|
||||
use rsa::{
|
||||
@@ -42,9 +35,10 @@ use super::db::*;
|
||||
use siwe_oidc::db::*;
|
||||
|
||||
lazy_static::lazy_static! {
|
||||
static ref SCOPES: [Scope; 2] = [
|
||||
static ref SCOPES: [Scope; 3] = [
|
||||
Scope::new("openid".to_string()),
|
||||
Scope::new("profile".to_string()),
|
||||
Scope::new("email".to_string()),
|
||||
];
|
||||
}
|
||||
const SIGNING_ALG: [CoreJwsSigningAlgorithm; 1] = [CoreJwsSigningAlgorithm::RsaSsaPkcs1V15Sha256];
|
||||
@@ -146,6 +140,7 @@ pub fn metadata(base_url: Url) -> Result<CoreProviderMetadata, CustomError> {
|
||||
CoreClaimName::new("iss".to_string()),
|
||||
CoreClaimName::new("preferred_username".to_string()),
|
||||
CoreClaimName::new("picture".to_string()),
|
||||
CoreClaimName::new("email".to_string()),
|
||||
]))
|
||||
.set_registration_endpoint(Some(RegistrationUrl::from_url(
|
||||
base_url
|
||||
@@ -238,6 +233,7 @@ async fn resolve_claims(
|
||||
Ok(n) => resolve_avatar(eth_provider.clone(), &n).await,
|
||||
Err(_) => None,
|
||||
};
|
||||
let email = format!("{}@eth.woodburn.au", address);
|
||||
StandardClaims::new(subject_id)
|
||||
.set_preferred_username(Some(EndUserUsername::new(username)))
|
||||
.set_picture(avatar.map(|a| {
|
||||
@@ -245,6 +241,7 @@ async fn resolve_claims(
|
||||
avatar_localized.insert(None, EndUserPictureUrl::new(a.to_string()));
|
||||
avatar_localized
|
||||
}))
|
||||
.set_email(Some(EndUserEmail::new(email)))
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize)]
|
||||
|
||||
Reference in New Issue
Block a user