lldap/server/src/infra/configuration.rs

use anyhow::{Context, Result};
use figment::{
    providers::{Env, Format, Serialized, Toml},
    Figment,
};
use lldap_auth::opaque::{server::ServerSetup, KeyPair};
use log::*;
use serde::{Deserialize, Serialize};

use crate::infra::cli::RunOpts;

#[derive(Clone, Debug, Deserialize, Serialize, derive_builder::Builder)]
#[builder(
    pattern = "owned",
    build_fn(name = "private_build", validate = "Self::validate")
)]
pub struct Configuration {
    #[builder(default = "3890")]
    pub ldap_port: u16,
    #[builder(default = "6360")]
    pub ldaps_port: u16,
    #[builder(default = "17170")]
    pub http_port: u16,
    #[builder(default = r#"String::from("secretjwtsecret")"#)]
    pub jwt_secret: String,
    #[builder(default = r#"String::from("dc=example,dc=com")"#)]
    pub ldap_base_dn: String,
    #[builder(default = r#"String::from("admin")"#)]
    pub ldap_user_dn: String,
    #[builder(default = r#"String::from("password")"#)]
    pub ldap_user_pass: String,
    #[builder(default = r#"String::from("sqlite://users.db?mode=rwc")"#)]
    pub database_url: String,
    #[builder(default = "false")]
    pub verbose: bool,
    #[builder(default = r#"String::from("server_key")"#)]
    pub key_file: String,
    #[serde(skip)]
    #[builder(field(private), setter(strip_option))]
    server_setup: Option<ServerSetup>,
}

impl ConfigurationBuilder {
    pub fn build(self) -> Result<Configuration> {
        let server_setup = get_server_setup(self.key_file.as_deref().unwrap_or("server_key"))?;
        Ok(self.server_setup(server_setup).private_build()?)
    }

    fn validate(&self) -> Result<(), String> {
        if self.server_setup.is_none() {
            Err("Don't use `private_build`, use `build` instead".to_string())
        } else {
            Ok(())
        }
    }
}

impl Configuration {
    pub fn get_server_setup(&self) -> &ServerSetup {
        self.server_setup.as_ref().unwrap()
    }

    pub fn get_server_keys(&self) -> &KeyPair {
        self.get_server_setup().keypair()
    }

    fn merge_with_cli(mut self: Configuration, cli_opts: RunOpts) -> Configuration {
        if cli_opts.verbose {
            self.verbose = true;
        }

        if let Some(port) = cli_opts.ldap_port {
            self.ldap_port = port;
        }

        if let Some(port) = cli_opts.ldaps_port {
            self.ldaps_port = port;
        }

        self
    }
}

fn get_server_setup(file_path: &str) -> Result<ServerSetup> {
    use std::path::Path;
    let path = Path::new(file_path);
    if path.exists() {
        let bytes =
            std::fs::read(file_path).context(format!("Could not read key file `{}`", file_path))?;
        Ok(ServerSetup::deserialize(&bytes)?)
    } else {
        let mut rng = rand::rngs::OsRng;
        let server_setup = ServerSetup::new(&mut rng);
        std::fs::write(path, server_setup.serialize()).context(format!(
            "Could not write the generated server setup to file `{}`",
            file_path,
        ))?;
        Ok(server_setup)
    }
}

pub fn init(cli_opts: RunOpts) -> Result<Configuration> {
    let config_file = cli_opts.config_file.clone();

    println!("Loading configuration from {}", cli_opts.config_file);

    let config: Configuration = Figment::from(Serialized::defaults(
        ConfigurationBuilder::default().build().unwrap(),
    ))
    .merge(Toml::file(config_file))
    .merge(Env::prefixed("LLDAP_"))
    .extract()?;

    let mut config = config.merge_with_cli(cli_opts);
    config.server_setup = Some(get_server_setup(&config.key_file)?);
    if config.jwt_secret == "secretjwtsecret" {
        println!("WARNING: Default JWT secret used! This is highly unsafe and can allow attackers to log in as admin.");
    }
    if config.ldap_user_pass == "password" {
        println!("WARNING: Unsecure default admin password is used.");
    }
    Ok(config)
}
errors: use anyhow::Context everywhere 2021-08-26 19:56:42 +00:00			`use anyhow::{Context, Result};`
Add complex configuration 2021-03-02 19:30:43 +00:00			`use figment::{`
			`providers::{Env, Format, Serialized, Toml},`
			`Figment,`
			`};`
model: rename to auth Since the "model" doesn't contain any message from the API anymore, and instead contains only the structures needed for authentication, it was renamed as such. 2021-08-31 14:29:49 +00:00			`use lldap_auth::opaque::{server::ServerSetup, KeyPair};`
server: Improve startup error messages and fail fast 2021-10-20 06:05:26 +00:00			`use log::*;`
Add complex configuration 2021-03-02 19:30:43 +00:00			`use serde::{Deserialize, Serialize};`
Add Clap and base config 2021-03-02 19:13:58 +00:00
cli: introduce the export_graphql_schema command Split the command line into subcommands `run` and `export_graphql_schema`. 2021-08-26 19:46:00 +00:00			`use crate::infra::cli::RunOpts;`
Add logging + start wiring config 2021-03-02 19:51:33 +00:00
Implement password checking using opaque 2021-06-14 14:02:36 +00:00			`#[derive(Clone, Debug, Deserialize, Serialize, derive_builder::Builder)]`
			`#[builder(`
			`pattern = "owned",`
			`build_fn(name = "private_build", validate = "Self::validate")`
			`)]`
Add complex configuration 2021-03-02 19:30:43 +00:00			`pub struct Configuration {`
configuration: move default values inline 2021-11-03 07:01:34 +00:00			`#[builder(default = "3890")]`
add tcp server 2021-03-02 22:07:01 +00:00			`pub ldap_port: u16,`
configuration: move default values inline 2021-11-03 07:01:34 +00:00			`#[builder(default = "6360")]`
add tcp server 2021-03-02 22:07:01 +00:00			`pub ldaps_port: u16,`
configuration: move default values inline 2021-11-03 07:01:34 +00:00			`#[builder(default = "17170")]`
Fix the pipeline_factory We can now bring up the two servers 2021-03-07 11:36:12 +00:00			`pub http_port: u16,`
configuration: move default values inline 2021-11-03 07:01:34 +00:00			`#[builder(default = r#"String::from("secretjwtsecret")"#)]`
Implement server-side JWT generation and checks 2021-05-12 18:42:15 +00:00			`pub jwt_secret: String,`
configuration: move default values inline 2021-11-03 07:01:34 +00:00			`#[builder(default = r#"String::from("dc=example,dc=com")"#)]`
Add ability to list users with an LDAP search request 2021-03-16 17:27:31 +00:00			`pub ldap_base_dn: String,`
configuration: move default values inline 2021-11-03 07:01:34 +00:00			`#[builder(default = r#"String::from("admin")"#)]`
Misc cleanup 2021-03-12 08:33:43 +00:00			`pub ldap_user_dn: String,`
configuration: move default values inline 2021-11-03 07:01:34 +00:00			`#[builder(default = r#"String::from("password")"#)]`
Misc cleanup 2021-03-12 08:33:43 +00:00			`pub ldap_user_pass: String,`
configuration: move default values inline 2021-11-03 07:01:34 +00:00			`#[builder(default = r#"String::from("sqlite://users.db?mode=rwc")"#)]`
Misc cleanup 2021-03-12 08:33:43 +00:00			`pub database_url: String,`
configuration: move default values inline 2021-11-03 07:01:34 +00:00			`#[builder(default = "false")]`
add tcp server 2021-03-02 22:07:01 +00:00			`pub verbose: bool,`
configuration: move default values inline 2021-11-03 07:01:34 +00:00			`#[builder(default = r#"String::from("server_key")"#)]`
Implement password checking using opaque 2021-06-14 14:02:36 +00:00			`pub key_file: String,`
			`#[serde(skip)]`
			`#[builder(field(private), setter(strip_option))]`
Update opaque and implement it without DB 2021-06-23 18:33:36 +00:00			`server_setup: Option<ServerSetup>,`
Add complex configuration 2021-03-02 19:30:43 +00:00			`}`

Implement password checking using opaque 2021-06-14 14:02:36 +00:00			`impl ConfigurationBuilder {`
			`pub fn build(self) -> Result<Configuration> {`
Update opaque and implement it without DB 2021-06-23 18:33:36 +00:00			`let server_setup = get_server_setup(self.key_file.as_deref().unwrap_or("server_key"))?;`
			`Ok(self.server_setup(server_setup).private_build()?)`
Implement password checking using opaque 2021-06-14 14:02:36 +00:00			`}`

			`fn validate(&self) -> Result<(), String> {`
Update opaque and implement it without DB 2021-06-23 18:33:36 +00:00			`if self.server_setup.is_none() {`
Implement password checking using opaque 2021-06-14 14:02:36 +00:00			Err("Don't use `private_build`, use `build` instead".to_string())
			`} else {`
			`Ok(())`
Add complex configuration 2021-03-02 19:30:43 +00:00			`}`
			`}`
			`}`

Fix cli arg precedence and finish config wiring 2021-03-02 20:43:26 +00:00			`impl Configuration {`
Update opaque and implement it without DB 2021-06-23 18:33:36 +00:00			`pub fn get_server_setup(&self) -> &ServerSetup {`
			`self.server_setup.as_ref().unwrap()`
			`}`

Implement password checking using opaque 2021-06-14 14:02:36 +00:00			`pub fn get_server_keys(&self) -> &KeyPair {`
Update opaque and implement it without DB 2021-06-23 18:33:36 +00:00			`self.get_server_setup().keypair()`
Implement password checking using opaque 2021-06-14 14:02:36 +00:00			`}`

cli: introduce the export_graphql_schema command Split the command line into subcommands `run` and `export_graphql_schema`. 2021-08-26 19:46:00 +00:00			`fn merge_with_cli(mut self: Configuration, cli_opts: RunOpts) -> Configuration {`
Fix bug in config from cli flags The flag value (true/false) was always provided to the configuration, which means that the cli was overriding everything else. 2021-03-02 21:03:58 +00:00			`if cli_opts.verbose {`
add tcp server 2021-03-02 22:07:01 +00:00			`self.verbose = true;`
			`}`

			`if let Some(port) = cli_opts.ldap_port {`
			`self.ldap_port = port;`
			`}`

			`if let Some(port) = cli_opts.ldaps_port {`
			`self.ldaps_port = port;`
Fix bug in config from cli flags The flag value (true/false) was always provided to the configuration, which means that the cli was overriding everything else. 2021-03-02 21:03:58 +00:00			`}`
Fix cli arg precedence and finish config wiring 2021-03-02 20:43:26 +00:00
add tcp server 2021-03-02 22:07:01 +00:00			`self`
Fix cli arg precedence and finish config wiring 2021-03-02 20:43:26 +00:00			`}`
Implement password checking using opaque 2021-06-14 14:02:36 +00:00			`}`

Update opaque and implement it without DB 2021-06-23 18:33:36 +00:00			`fn get_server_setup(file_path: &str) -> Result<ServerSetup> {`
Implement password checking using opaque 2021-06-14 14:02:36 +00:00			`use std::path::Path;`
			`let path = Path::new(file_path);`
			`if path.exists() {`
errors: use anyhow::Context everywhere 2021-08-26 19:56:42 +00:00			`let bytes =`
			std::fs::read(file_path).context(format!("Could not read key file `{}`", file_path))?;
Update opaque and implement it without DB 2021-06-23 18:33:36 +00:00			`Ok(ServerSetup::deserialize(&bytes)?)`
Implement password checking using opaque 2021-06-14 14:02:36 +00:00			`} else {`
			`let mut rng = rand::rngs::OsRng;`
Update opaque and implement it without DB 2021-06-23 18:33:36 +00:00			`let server_setup = ServerSetup::new(&mut rng);`
errors: use anyhow::Context everywhere 2021-08-26 19:56:42 +00:00			`std::fs::write(path, server_setup.serialize()).context(format!(`
			"Could not write the generated server setup to file `{}`",
			`file_path,`
			`))?;`
Update opaque and implement it without DB 2021-06-23 18:33:36 +00:00			`Ok(server_setup)`
Implement password checking using opaque 2021-06-14 14:02:36 +00:00			`}`
Fix cli arg precedence and finish config wiring 2021-03-02 20:43:26 +00:00			`}`

cli: introduce the export_graphql_schema command Split the command line into subcommands `run` and `export_graphql_schema`. 2021-08-26 19:46:00 +00:00			`pub fn init(cli_opts: RunOpts) -> Result<Configuration> {`
Fix cli arg precedence and finish config wiring 2021-03-02 20:43:26 +00:00			`let config_file = cli_opts.config_file.clone();`

configuration: move default values inline 2021-11-03 07:01:34 +00:00			`println!("Loading configuration from {}", cli_opts.config_file);`
server: Improve startup error messages and fail fast 2021-10-20 06:05:26 +00:00
configuration: move default values inline 2021-11-03 07:01:34 +00:00			`let config: Configuration = Figment::from(Serialized::defaults(`
			`ConfigurationBuilder::default().build().unwrap(),`
			`))`
			`.merge(Toml::file(config_file))`
			`.merge(Env::prefixed("LLDAP_"))`
			`.extract()?;`
Add complex configuration 2021-03-02 19:30:43 +00:00
Implement password checking using opaque 2021-06-14 14:02:36 +00:00			`let mut config = config.merge_with_cli(cli_opts);`
Update opaque and implement it without DB 2021-06-23 18:33:36 +00:00			`config.server_setup = Some(get_server_setup(&config.key_file)?);`
configuration: move default values inline 2021-11-03 07:01:34 +00:00			`if config.jwt_secret == "secretjwtsecret" {`
			`println!("WARNING: Default JWT secret used! This is highly unsafe and can allow attackers to log in as admin.");`
			`}`
			`if config.ldap_user_pass == "password" {`
			`println!("WARNING: Unsecure default admin password is used.");`
			`}`
Add complex configuration 2021-03-02 19:30:43 +00:00			`Ok(config)`
Add Clap and base config 2021-03-02 19:13:58 +00:00			`}`