lldap/server/src/main.rs

#![forbid(unsafe_code)]
#![forbid(non_ascii_idents)]
#![allow(clippy::nonstandard_macro_braces)]

use crate::{
    domain::{
        handler::{BackendHandler, CreateUserRequest, GroupRequestFilter},
        sql_backend_handler::SqlBackendHandler,
        sql_opaque_handler::register_password,
        sql_tables::PoolOptions,
    },
    infra::{cli::*, configuration::Configuration, db_cleaner::Scheduler, mail},
};
use actix::Actor;
use actix_server::ServerBuilder;
use anyhow::{anyhow, Context, Result};
use futures_util::TryFutureExt;
use tracing::*;

mod domain;
mod infra;

async fn create_admin_user(handler: &SqlBackendHandler, config: &Configuration) -> Result<()> {
    let pass_length = config.ldap_user_pass.unsecure().len();
    assert!(
        pass_length >= 8,
        "Minimum password length is 8 characters, got {} characters",
        pass_length
    );
    handler
        .create_user(CreateUserRequest {
            user_id: config.ldap_user_dn.clone(),
            display_name: Some("Administrator".to_string()),
            ..Default::default()
        })
        .and_then(|_| register_password(handler, &config.ldap_user_dn, &config.ldap_user_pass))
        .await
        .context("Error creating admin user")?;
    let admin_group_id = handler
        .create_group("lldap_admin")
        .await
        .context("Error creating admin group")?;
    handler
        .add_user_to_group(&config.ldap_user_dn, admin_group_id)
        .await
        .context("Error adding admin user to group")
}

#[instrument(skip_all)]
async fn set_up_server(config: Configuration) -> Result<ServerBuilder> {
    info!("Starting LLDAP....");

    let sql_pool = PoolOptions::new()
        .max_connections(5)
        .connect(&config.database_url)
        .await
        .context("while connecting to the DB")?;
    domain::sql_tables::init_table(&sql_pool)
        .await
        .context("while creating the tables")?;
    let backend_handler = SqlBackendHandler::new(config.clone(), sql_pool.clone());
    if let Err(e) = backend_handler.get_user_details(&config.ldap_user_dn).await {
        warn!("Could not get admin user, trying to create it: {:#}", e);
        create_admin_user(&backend_handler, &config)
            .await
            .map_err(|e| anyhow!("Error setting up admin login/account: {:#}", e))
            .context("while creating the admin user")?;
    }
    if backend_handler
        .list_groups(Some(GroupRequestFilter::DisplayName(
            "lldap_readonly".to_string(),
        )))
        .await?
        .is_empty()
    {
        warn!("Could not find readonly group, trying to create it");
        backend_handler
            .create_group("lldap_readonly")
            .await
            .context("while creating readonly group")?;
    }
    let server_builder = infra::ldap_server::build_ldap_server(
        &config,
        backend_handler.clone(),
        actix_server::Server::build(),
    )
    .context("while binding the LDAP server")?;
    infra::jwt_sql_tables::init_table(&sql_pool).await?;
    let server_builder =
        infra::tcp_server::build_tcp_server(&config, backend_handler, server_builder)
            .await
            .context("while binding the TCP server")?;
    // Run every hour.
    let scheduler = Scheduler::new("0 0 * * * * *", sql_pool);
    scheduler.start();
    Ok(server_builder)
}

async fn run_server(config: Configuration) -> Result<()> {
    set_up_server(config)
        .await?
        .workers(1)
        .run()
        .await
        .context("while starting the server")?;
    Ok(())
}

fn run_server_command(opts: RunOpts) -> Result<()> {
    debug!("CLI: {:#?}", &opts);

    let config = infra::configuration::init(opts)?;
    infra::logging::init(&config)?;

    actix::run(
        run_server(config).unwrap_or_else(|e| error!("Could not bring up the servers: {:#}", e)),
    )?;

    info!("End.");
    Ok(())
}

fn send_test_email_command(opts: TestEmailOpts) -> Result<()> {
    let to = opts.to.parse()?;
    let config = infra::configuration::init(opts)?;
    infra::logging::init(&config)?;
    mail::send_test_email(to, &config.smtp_options)
}

fn main() -> Result<()> {
    let cli_opts = infra::cli::init();
    match cli_opts.command {
        Command::ExportGraphQLSchema(opts) => infra::graphql::api::export_schema(opts),
        Command::Run(opts) => run_server_command(opts),
        Command::SendTestEmail(opts) => send_test_email_command(opts),
    }
}
Forbid unsafe code 2021-05-14 07:38:36 +00:00			`#![forbid(unsafe_code)]`
misc: Forbid non-ascii identifiers That prevents a class of unicode attacks, e.g. invisible characters. 2021-11-10 09:53:37 +00:00			`#![forbid(non_ascii_idents)]`
Add allow warnings for nonstandard macro braces The warnings come from the macros of libraries that we use, so we can't change them. 2021-07-05 08:00:13 +00:00			`#![allow(clippy::nonstandard_macro_braces)]`

Split big files into little ones 2021-05-20 17:18:15 +00:00			`use crate::{`
Create admin user by default 2021-05-26 13:13:17 +00:00			`domain::{`
server: Introduce a read-only user 2022-06-06 14:48:22 +00:00			`handler::{BackendHandler, CreateUserRequest, GroupRequestFilter},`
model: remove CreateUserRequest 2021-08-31 13:51:55 +00:00			`sql_backend_handler::SqlBackendHandler,`
			`sql_opaque_handler::register_password,`
			`sql_tables::PoolOptions,`
Create admin user by default 2021-05-26 13:13:17 +00:00			`},`
server: Send an email with the test command 2021-11-11 09:15:00 +00:00			`infra::{cli::*, configuration::Configuration, db_cleaner::Scheduler, mail},`
Split big files into little ones 2021-05-20 17:18:15 +00:00			`};`
Add a DB cleaner cron job 2021-05-25 08:39:09 +00:00			`use actix::Actor;`
server: Add tracing logging Fixes #17 2022-04-15 11:52:20 +00:00			`use actix_server::ServerBuilder;`
server: Improve startup error messages and fail fast 2021-10-20 06:05:26 +00:00			`use anyhow::{anyhow, Context, Result};`
Fix the pipeline_factory We can now bring up the two servers 2021-03-07 11:36:12 +00:00			`use futures_util::TryFutureExt;`
server: Add tracing logging Fixes #17 2022-04-15 11:52:20 +00:00			`use tracing::*;`
Add logging + start wiring config 2021-03-02 19:51:33 +00:00
Introduce BackendHandler trait and impl 2021-03-11 09:14:15 +00:00			`mod domain;`
Add Clap and base config 2021-03-02 19:13:58 +00:00			`mod infra;`

Add the admin user to the admin group by default 2021-05-26 17:22:41 +00:00			`async fn create_admin_user(handler: &SqlBackendHandler, config: &Configuration) -> Result<()> {`
server: Prevent passwords and secrets from being printed 2021-11-11 09:36:42 +00:00			`let pass_length = config.ldap_user_pass.unsecure().len();`
server: Improve startup error messages and fail fast 2021-10-20 06:05:26 +00:00			`assert!(`
server: Prevent passwords and secrets from being printed 2021-11-11 09:36:42 +00:00			`pass_length >= 8,`
server: Improve startup error messages and fail fast 2021-10-20 06:05:26 +00:00			`"Minimum password length is 8 characters, got {} characters",`
server: Prevent passwords and secrets from being printed 2021-11-11 09:36:42 +00:00			`pass_length`
server: Improve startup error messages and fail fast 2021-10-20 06:05:26 +00:00			`);`
Create admin user by default 2021-05-26 13:13:17 +00:00			`handler`
model: remove CreateUserRequest 2021-08-31 13:51:55 +00:00			`.create_user(CreateUserRequest {`
Create admin user by default 2021-05-26 13:13:17 +00:00			`user_id: config.ldap_user_dn.clone(),`
server: add a display name to the administrator user 2021-10-11 18:04:16 +00:00			`display_name: Some("Administrator".to_string()),`
Create admin user by default 2021-05-26 13:13:17 +00:00			`..Default::default()`
			`})`
Set admin password when creating the user 2021-07-05 07:42:54 +00:00			`.and_then(\|_\| register_password(handler, &config.ldap_user_dn, &config.ldap_user_pass))`
Create admin user by default 2021-05-26 13:13:17 +00:00			`.await`
errors: use anyhow::Context everywhere 2021-08-26 19:56:42 +00:00			`.context("Error creating admin user")?;`
Add the admin user to the admin group by default 2021-05-26 17:22:41 +00:00			`let admin_group_id = handler`
model: remove CreateGroupRequest 2021-08-31 13:57:01 +00:00			`.create_group("lldap_admin")`
Add the admin user to the admin group by default 2021-05-26 17:22:41 +00:00			`.await`
errors: use anyhow::Context everywhere 2021-08-26 19:56:42 +00:00			`.context("Error creating admin group")?;`
Add the admin user to the admin group by default 2021-05-26 17:22:41 +00:00			`handler`
model: remove AddUserToGroupRequest 2021-08-31 14:16:17 +00:00			`.add_user_to_group(&config.ldap_user_dn, admin_group_id)`
Add the admin user to the admin group by default 2021-05-26 17:22:41 +00:00			`.await`
errors: use anyhow::Context everywhere 2021-08-26 19:56:42 +00:00			`.context("Error adding admin user to group")`
Create admin user by default 2021-05-26 13:13:17 +00:00			`}`

server: Add tracing logging Fixes #17 2022-04-15 11:52:20 +00:00			`#[instrument(skip_all)]`
			`async fn set_up_server(config: Configuration) -> Result<ServerBuilder> {`
			`info!("Starting LLDAP....");`

Centralize the definition of pool type 2021-04-11 20:07:28 +00:00			`let sql_pool = PoolOptions::new()`
Implement SQL connection 2021-03-07 15:13:50 +00:00			`.max_connections(5)`
Misc cleanup 2021-03-12 08:33:43 +00:00			`.connect(&config.database_url)`
server: improve error messages 2021-11-03 07:01:55 +00:00			`.await`
			`.context("while connecting to the DB")?;`
			`domain::sql_tables::init_table(&sql_pool)`
			`.await`
			`.context("while creating the tables")?;`
Split big files into little ones 2021-05-20 17:18:15 +00:00			`let backend_handler = SqlBackendHandler::new(config.clone(), sql_pool.clone());`
server: Improve startup error messages and fail fast 2021-10-20 06:05:26 +00:00			`if let Err(e) = backend_handler.get_user_details(&config.ldap_user_dn).await {`
			`warn!("Could not get admin user, trying to create it: {:#}", e);`
			`create_admin_user(&backend_handler, &config)`
			`.await`
server: improve error messages 2021-11-03 07:01:55 +00:00			`.map_err(\|e\| anyhow!("Error setting up admin login/account: {:#}", e))`
			`.context("while creating the admin user")?;`
server: Improve startup error messages and fail fast 2021-10-20 06:05:26 +00:00			`}`
server: Introduce a read-only user 2022-06-06 14:48:22 +00:00			`if backend_handler`
			`.list_groups(Some(GroupRequestFilter::DisplayName(`
			`"lldap_readonly".to_string(),`
			`)))`
			`.await?`
			`.is_empty()`
			`{`
			`warn!("Could not find readonly group, trying to create it");`
			`backend_handler`
			`.create_group("lldap_readonly")`
			`.await`
			`.context("while creating readonly group")?;`
			`}`
Implement SQL connection 2021-03-07 15:13:50 +00:00			`let server_builder = infra::ldap_server::build_ldap_server(`
			`&config,`
Introduce BackendHandler trait and impl 2021-03-11 09:14:15 +00:00			`backend_handler.clone(),`
Implement SQL connection 2021-03-07 15:13:50 +00:00			`actix_server::Server::build(),`
server: improve error messages 2021-11-03 07:01:55 +00:00			`)`
			`.context("while binding the LDAP server")?;`
Implement refresh tokens 2021-05-20 15:40:30 +00:00			`infra::jwt_sql_tables::init_table(&sql_pool).await?;`
Introduce BackendHandler trait and impl 2021-03-11 09:14:15 +00:00			`let server_builder =`
server: improve error messages 2021-11-03 07:01:55 +00:00			`infra::tcp_server::build_tcp_server(&config, backend_handler, server_builder)`
			`.await`
			`.context("while binding the TCP server")?;`
Add a DB cleaner cron job 2021-05-25 08:39:09 +00:00			`// Run every hour.`
			`let scheduler = Scheduler::new("0 0 * * * * *", sql_pool);`
			`scheduler.start();`
server: Add tracing logging Fixes #17 2022-04-15 11:52:20 +00:00			`Ok(server_builder)`
			`}`

			`async fn run_server(config: Configuration) -> Result<()> {`
			`set_up_server(config)`
			`.await?`
server: improve error messages 2021-11-03 07:01:55 +00:00			`.workers(1)`
			`.run()`
			`.await`
			`.context("while starting the server")?;`
Fix the pipeline_factory We can now bring up the two servers 2021-03-07 11:36:12 +00:00			`Ok(())`
			`}`

cli: introduce the export_graphql_schema command Split the command line into subcommands `run` and `export_graphql_schema`. 2021-08-26 19:46:00 +00:00			`fn run_server_command(opts: RunOpts) -> Result<()> {`
server: Load config for both run and mail 2021-11-11 09:14:03 +00:00			`debug!("CLI: {:#?}", &opts);`
Add logging + start wiring config 2021-03-02 19:51:33 +00:00
server: Load config for both run and mail 2021-11-11 09:14:03 +00:00			`let config = infra::configuration::init(opts)?;`
			`infra::logging::init(&config)?;`
Fix bug in config from cli flags The flag value (true/false) was always provided to the configuration, which means that the cli was overriding everything else. 2021-03-02 21:03:58 +00:00
Fix the pipeline_factory We can now bring up the two servers 2021-03-07 11:36:12 +00:00			`actix::run(`
server: improve error messages 2021-11-03 07:01:55 +00:00			`run_server(config).unwrap_or_else(\|e\| error!("Could not bring up the servers: {:#}", e)),`
Fix the pipeline_factory We can now bring up the two servers 2021-03-07 11:36:12 +00:00			`)?;`
add tcp server 2021-03-02 22:07:01 +00:00
Add logging + start wiring config 2021-03-02 19:51:33 +00:00			`info!("End.");`
			`Ok(())`
Initialize new Cargo repository 2021-03-02 11:45:30 +00:00			`}`
cli: introduce the export_graphql_schema command Split the command line into subcommands `run` and `export_graphql_schema`. 2021-08-26 19:46:00 +00:00
server: Send an email with the test command 2021-11-11 09:15:00 +00:00			`fn send_test_email_command(opts: TestEmailOpts) -> Result<()> {`
			`let to = opts.to.parse()?;`
			`let config = infra::configuration::init(opts)?;`
			`infra::logging::init(&config)?;`
			`mail::send_test_email(to, &config.smtp_options)`
			`}`

cli: introduce the export_graphql_schema command Split the command line into subcommands `run` and `export_graphql_schema`. 2021-08-26 19:46:00 +00:00			`fn main() -> Result<()> {`
			`let cli_opts = infra::cli::init();`
			`match cli_opts.command {`
			`Command::ExportGraphQLSchema(opts) => infra::graphql::api::export_schema(opts),`
			`Command::Run(opts) => run_server_command(opts),`
server: Send an email with the test command 2021-11-11 09:15:00 +00:00			`Command::SendTestEmail(opts) => send_test_email_command(opts),`
cli: introduce the export_graphql_schema command Split the command line into subcommands `run` and `export_graphql_schema`. 2021-08-26 19:46:00 +00:00			`}`
			`}`