diff --git a/Cargo.lock b/Cargo.lock index f99fb16d..e8afdf72 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,22 +2,13 @@ # It is not intended for manual editing. version = 4 -[[package]] -name = "addr2line" -version = "0.24.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1" -dependencies = [ - "gimli 0.31.1", -] - [[package]] name = "addr2line" version = "0.25.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b5d307320b3181d6d7954e663bd7c774a838b8220fe0593c86d9fb09f498b4b" dependencies = [ - "gimli 0.32.3", + "gimli", ] [[package]] @@ -200,7 +191,7 @@ checksum = "965c2d33e53cb6b267e148a4cb0760bc01f4904c1cd4bb4002a085bb016d1490" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", "synstructure", ] @@ -212,14 +203,14 @@ checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] name = "async-compression" -version = "0.4.33" +version = "0.4.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93c1f86859c1af3d514fa19e8323147ff10ea98684e6c7b307912509f50e67b2" +checksum = "0e86f6d3dc9dc4352edeea6b8e499e13e3f5dc3b964d7ca5fd411415a3498473" dependencies = [ "compression-codecs", "compression-core", @@ -247,7 +238,7 @@ checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -258,7 +249,7 @@ checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -343,7 +334,7 @@ checksum = "604fde5e028fea851ce1d8570bbdc034bec850d157f7569d10f347d06808c05c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -352,11 +343,11 @@ version = "0.3.76" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bb531853791a215d7c62a30daf0dde835f381ab5de4589cfe7c649d2cbe92bd6" dependencies = [ - "addr2line 0.25.1", + "addr2line", "cfg-if", "libc", "miniz_oxide", - "object 0.37.3", + "object", "rustc-demangle", "windows-link", ] @@ -474,9 +465,9 @@ dependencies = [ [[package]] name = "borsh" -version = "1.5.7" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad8646f98db542e39fc66e68a20b2144f6a732636df7c2354e74645faaa433ce" +checksum = "d1da5ab77c1437701eeff7c88d968729e7766172279eab0676857b3d63af7a6f" dependencies = [ "borsh-derive", "cfg_aliases", @@ -484,15 +475,15 @@ dependencies = [ [[package]] name = "borsh-derive" -version = "1.5.7" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fdd1d3c0c2f5833f22386f252fe8ed005c7f59fdcddeef025c01b4c3b9fd9ac3" +checksum = "0686c856aa6aac0c4498f936d7d6a02df690f614c03e4d906d1018062b5c5e2c" dependencies = [ "once_cell", "proc-macro-crate", "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -576,9 +567,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.2.46" +version = "1.2.47" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b97463e1064cb1b1c1384ad0a0b9c8abd0988e2a91f52606c80ef14aadb63e36" +checksum = "cd405d82c84ff7f35739f175f67d8b9fb7687a0e84ccdc78bd3568839827cf07" dependencies = [ "find-msvc-tools", "jobserver", @@ -670,9 +661,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.51" +version = "4.5.53" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c26d721170e0295f191a69bd9a1f93efcdb0aff38684b61ab5750468972e5f5" +checksum = "c9e340e012a1bf4935f5282ed1436d1489548e8f72308207ea5df0e23d2d03f8" dependencies = [ "clap_builder", "clap_derive", @@ -680,9 +671,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.51" +version = "4.5.53" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75835f0c7bf681bfd05abe44e965760fea999a5286c6eb2d59883634fd02011a" +checksum = "d76b5d13eaa18c901fd2f7fca939fefe3a0727a953561fefdf3b2922b8569d00" dependencies = [ "anstream", "anstyle", @@ -699,7 +690,7 @@ dependencies = [ "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -752,9 +743,9 @@ checksum = "b05b61dc5112cbb17e4b6cd61790d9845d13888356391624cbe7e41efeac1e75" [[package]] name = "compression-codecs" -version = "0.4.32" +version = "0.4.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "680dc087785c5230f8e8843e2e57ac7c1c90488b6a91b88caa265410568f441b" +checksum = "302266479cb963552d11bd042013a58ef1adc56768016c8b82b4199488f2d4ad" dependencies = [ "brotli", "compression-core", @@ -766,9 +757,9 @@ dependencies = [ [[package]] name = "compression-core" -version = "0.4.30" +version = "0.4.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a9b614a5787ef0c8802a55766480563cb3a93b435898c422ed2a359cf811582" +checksum = "75984efb6ed102a0d42db99afb6c1948f0380d1d91808d5529916e6c08b49d8d" [[package]] name = "concurrent-queue" @@ -865,36 +856,36 @@ dependencies = [ [[package]] name = "cranelift-assembler-x64" -version = "0.122.0" +version = "0.125.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ae7b60ec3fd7162427d3b3801520a1908bef7c035b52983cd3ca11b8e7deb51" +checksum = "c088d3406f0c0252efa7445adfd2d05736bfb5218838f64eaf79d567077aed14" dependencies = [ "cranelift-assembler-x64-meta", ] [[package]] name = "cranelift-assembler-x64-meta" -version = "0.122.0" +version = "0.125.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6511c200fed36452697b4b6b161eae57d917a2044e6333b1c1389ed63ccadeee" +checksum = "5c03f887a763abb9c1dc08f722aa82b69067fda623b6f0273050f45f8b1a6776" dependencies = [ "cranelift-srcgen", ] [[package]] name = "cranelift-bforest" -version = "0.122.0" +version = "0.125.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f7086a645aa58bae979312f64e3029ac760ac1b577f5cd2417844842a2ca07f" +checksum = "0206887a11a43f507fee320a218dc365980bfc42ec2696792079a9f8c9369e90" dependencies = [ "cranelift-entity", ] [[package]] name = "cranelift-bitset" -version = "0.122.0" +version = "0.125.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5225b4dec45f3f3dbf383f12560fac5ce8d780f399893607e21406e12e77f491" +checksum = "ac0790c83cfdab95709c5d0105fd888221e3af9049a7d7ec376ec901ab4e4dba" dependencies = [ "serde", "serde_derive", @@ -902,9 +893,9 @@ dependencies = [ [[package]] name = "cranelift-codegen" -version = "0.122.0" +version = "0.125.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "858fb3331e53492a95979378d6df5208dd1d0d315f19c052be8115f4efc888e0" +checksum = "9a98aed2d262eda69310e84bae8e053ee4f17dbdd3347b8d9156aa618ba2de0a" dependencies = [ "bumpalo", "cranelift-assembler-x64", @@ -915,7 +906,7 @@ dependencies = [ "cranelift-control", "cranelift-entity", "cranelift-isle", - "gimli 0.31.1", + "gimli", "hashbrown 0.15.5", "log", "pulley-interpreter", @@ -929,36 +920,37 @@ dependencies = [ [[package]] name = "cranelift-codegen-meta" -version = "0.122.0" +version = "0.125.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "456715b9d5f12398f156d5081096e7b5d039f01b9ecc49790a011c8e43e65b5f" +checksum = "6906852826988563e9b0a9232ad951f53a47aa41ffd02f8ac852d3f41aae836a" dependencies = [ "cranelift-assembler-x64-meta", "cranelift-codegen-shared", "cranelift-srcgen", + "heck 0.5.0", "pulley-interpreter", ] [[package]] name = "cranelift-codegen-shared" -version = "0.122.0" +version = "0.125.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0306041099499833f167a0ddb707e1e54100f1a84eab5631bc3dad249708f482" +checksum = "3a50105aab667b5cc845f2be37c78475d7cc127cd8ec0a31f7b2b71d526099a7" [[package]] name = "cranelift-control" -version = "0.122.0" +version = "0.125.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1672945e1f9afc2297f49c92623f5eabc64398e2cb0d824f8f72a2db2df5af23" +checksum = "6adcc7aa7c0bc1727176a6f2d99c28a9e79a541ccd5ca911a0cb352da8befa36" dependencies = [ "arbitrary", ] [[package]] name = "cranelift-entity" -version = "0.122.0" +version = "0.125.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa3cd55eb5f3825b9ae5de1530887907360a6334caccdc124c52f6d75246c98a" +checksum = "981b56af777f9a34ea6dcce93255125776d391410c2a68b75bed5941b714fa15" dependencies = [ "cranelift-bitset", "serde", @@ -967,9 +959,9 @@ dependencies = [ [[package]] name = "cranelift-frontend" -version = "0.122.0" +version = "0.125.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "781f9905f8139b8de22987b66b522b416fe63eb76d823f0b3a8c02c8fd9500c7" +checksum = "dea982589684dfb71afecb9fc09555c3a266300a1162a60d7fa39d41a5705b1c" dependencies = [ "cranelift-codegen", "log", @@ -979,15 +971,15 @@ dependencies = [ [[package]] name = "cranelift-isle" -version = "0.122.0" +version = "0.125.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a05337a2b02c3df00b4dd9a263a027a07b3dff49f61f7da3b5d195c21eaa633d" +checksum = "a0422686b22ed6a1f33cc40e3c43eb84b67155788568d1a5cac8439d3dca1783" [[package]] name = "cranelift-native" -version = "0.122.0" +version = "0.125.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2eee7a496dd66380082c9c5b6f2d5fa149cec0ec383feec5caf079ca2b3671c2" +checksum = "56f697bbbe135c655ea1deb7af0bae4a5c4fae2c88fdfc0fa57b34ae58c91040" dependencies = [ "cranelift-codegen", "libc", @@ -996,9 +988,9 @@ dependencies = [ [[package]] name = "cranelift-srcgen" -version = "0.122.0" +version = "0.125.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b530783809a55cb68d070e0de60cfbb3db0dc94c8850dd5725411422bedcf6bb" +checksum = "718efe674f3df645462677e22a3128e890d88ba55821bb091083d257707be76c" [[package]] name = "crc" @@ -1144,7 +1136,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -1178,7 +1170,7 @@ dependencies = [ "proc-macro2", "quote", "strsim", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -1192,7 +1184,7 @@ dependencies = [ "proc-macro2", "quote", "strsim", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -1203,7 +1195,7 @@ checksum = "fc34b93ccb385b40dc71c6fceac4b2ad23662c7eeb248cf10d529b7e055b6ead" dependencies = [ "darling_core 0.20.11", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -1214,7 +1206,7 @@ checksum = "d38308df82d1080de0afee5d069fa14b0326a88c14f15c5ccda35b4a6c414c81" dependencies = [ "darling_core 0.21.3", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -1266,7 +1258,7 @@ checksum = "1e567bd82dcff979e4b03460c307b3cdc9e96fde3d73bed1496d2bc75d9dd62a" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -1287,7 +1279,7 @@ dependencies = [ "darling 0.20.11", "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -1297,7 +1289,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ab63b0e2bf4d5928aff72e83a7dace85d7bba5fe12dcc3c5a572d78caffd3f3c" dependencies = [ "derive_builder_core", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -1317,7 +1309,7 @@ checksum = "bda628edc44c4bb645fbe0f758797143e4e07926f7ebf4e9bdfbd3d2ce621df3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", "unicode-xid", ] @@ -1341,7 +1333,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -1706,7 +1698,7 @@ checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -1778,21 +1770,15 @@ dependencies = [ [[package]] name = "gimli" -version = "0.31.1" +version = "0.32.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" +checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7" dependencies = [ "fallible-iterator", - "indexmap 2.12.0", + "indexmap 2.12.1", "stable_deref_trait", ] -[[package]] -name = "gimli" -version = "0.32.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7" - [[package]] name = "glob" version = "0.3.3" @@ -1822,7 +1808,7 @@ dependencies = [ "futures-core", "futures-sink", "http", - "indexmap 2.12.0", + "indexmap 2.12.1", "slab", "tokio", "tokio-util", @@ -1869,9 +1855,9 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.16.0" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5419bdc4f6a9207fbeba6d11b604d481addf78ecd10c11ad51e76c2f6482748d" +checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100" [[package]] name = "hashlink" @@ -1929,12 +1915,11 @@ dependencies = [ [[package]] name = "http" -version = "1.3.1" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4a85d31aea989eead29a3aaf9e1115a180df8282431156e533de47660892565" +checksum = "e3ba2a386d7f85a81f119ad7498ebe444d2e22c2af0b86b069416ace48b3311a" dependencies = [ "bytes", - "fnv", "itoa", ] @@ -2212,12 +2197,12 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.12.0" +version = "2.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6717a8d2a5a929a1a2eb43a12812498ed141a0bcfb7e8f7844fbdbe4303bba9f" +checksum = "0ad4bb2b565bca0645f4d68c5c9af97fba094e9791da685bf83cb5f3ce74acf2" dependencies = [ "equivalent", - "hashbrown 0.16.0", + "hashbrown 0.16.1", "serde", "serde_core", ] @@ -2230,7 +2215,7 @@ checksum = "c727f80bfa4a6c6e2508d2f05b6f4bfce242030bd88ed15ae5331c5b5d30fba7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -2560,7 +2545,7 @@ dependencies = [ "cfg-if", "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -2572,7 +2557,7 @@ dependencies = [ "cfg-if", "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -2693,24 +2678,15 @@ dependencies = [ "url", ] -[[package]] -name = "object" -version = "0.36.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87" -dependencies = [ - "crc32fast", - "hashbrown 0.15.5", - "indexmap 2.12.0", - "memchr", -] - [[package]] name = "object" version = "0.37.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe" dependencies = [ + "crc32fast", + "hashbrown 0.15.5", + "indexmap 2.12.1", "memchr", ] @@ -2743,9 +2719,9 @@ checksum = "d6790f58c7ff633d8771f42965289203411a5e5c68388703c06e14f24770b41e" [[package]] name = "opa-wasm" -version = "0.1.7" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cdd2bab45ae1b87f45b4ddea74902158543322dc49bf45d2f714c50bbf8cf44f" +checksum = "abd89491a7de9144566be8bca70853333dfd2859077432c65e45c8bfc00b6234" dependencies = [ "anyhow", "base64 0.22.1", @@ -2831,7 +2807,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -2882,12 +2858,14 @@ dependencies = [ "mockall_double", "opa-wasm", "openidconnect", + "rand 0.9.2", "regex", "reqwest", "rmp", "schemars 1.1.0", "sea-orm", "sea-orm-migration", + "secrecy", "serde", "serde_bytes", "serde_json", @@ -2960,7 +2938,7 @@ dependencies = [ "proc-macro2", "proc-macro2-diagnostics", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -3254,7 +3232,7 @@ dependencies = [ "proc-macro-error-attr2", "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -3274,7 +3252,7 @@ checksum = "af066a9c399a26e020ada66a034357a868728e72cd426f3adcd35f80d88d88c8" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", "version_check", "yansi", ] @@ -3301,9 +3279,9 @@ dependencies = [ [[package]] name = "pulley-interpreter" -version = "35.0.0" +version = "38.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b89c4319786b16c1a6a38ee04788d32c669b61ba4b69da2162c868c18be99c1b" +checksum = "beafc309a2d35e16cc390644d88d14dfa45e45e15075ec6a9e37f6dfb43e926f" dependencies = [ "cranelift-bitset", "log", @@ -3313,13 +3291,13 @@ dependencies = [ [[package]] name = "pulley-macros" -version = "35.0.0" +version = "38.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "938543690519c20c3a480d20a8efcc8e69abeb44093ab1df4e7c1f81f26c677a" +checksum = "1885fbb6c07454cfc8725a18a1da3cfc328ee8c53fb8d0671ea313edc8567947" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -3503,14 +3481,14 @@ checksum = "b7186006dcb21920990093f30e3dea63b7d6e977bf1256be20c3563a5db070da" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] name = "regalloc2" -version = "0.12.2" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5216b1837de2149f8bc8e6d5f88a9326b63b8c836ed58ce4a0a29ec736a59734" +checksum = "4e249c660440317032a71ddac302f25f1d5dff387667bcc3978d1f77aa31ac34" dependencies = [ "allocator-api2", "bumpalo", @@ -3710,7 +3688,7 @@ dependencies = [ "proc-macro2", "quote", "rust-embed-utils", - "syn 2.0.110", + "syn 2.0.111", "walkdir", ] @@ -3892,7 +3870,7 @@ dependencies = [ "proc-macro2", "quote", "serde_derive_internals", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -3911,7 +3889,7 @@ dependencies = [ "proc-macro-error2", "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -3973,7 +3951,7 @@ dependencies = [ "proc-macro2", "quote", "sea-bae", - "syn 2.0.110", + "syn 2.0.111", "unicode-ident", ] @@ -4036,7 +4014,7 @@ dependencies = [ "heck 0.4.1", "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", "thiserror 2.0.17", ] @@ -4062,7 +4040,7 @@ dependencies = [ "heck 0.4.1", "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -4085,6 +4063,16 @@ dependencies = [ "zeroize", ] +[[package]] +name = "secrecy" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e891af845473308773346dc847b2c23ee78fe442e0472ac50e22a18a93d3ae5a" +dependencies = [ + "serde", + "zeroize", +] + [[package]] name = "security-framework" version = "2.11.1" @@ -4171,7 +4159,7 @@ checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -4182,7 +4170,7 @@ checksum = "18d26a20a969b9e3fdf2fc2d9f21eda6c40e2de84c9408bb5d3b05d499aae711" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -4191,7 +4179,7 @@ version = "1.0.145" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c" dependencies = [ - "indexmap 2.12.0", + "indexmap 2.12.1", "itoa", "memchr", "ryu", @@ -4205,7 +4193,7 @@ version = "0.9.42" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e408f29489b5fd500fab51ff1484fc859bb655f32c671f307dcd733b72e8168c" dependencies = [ - "indexmap 2.12.0", + "indexmap 2.12.1", "itoa", "ryu", "serde", @@ -4240,7 +4228,7 @@ checksum = "175ee3e80ae9982737ca543e96133087cbd9a485eecc3bc4de9c1a37b47ea59c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -4265,7 +4253,7 @@ dependencies = [ "chrono", "hex", "indexmap 1.9.3", - "indexmap 2.12.0", + "indexmap 2.12.1", "schemars 0.9.0", "schemars 1.1.0", "serde_core", @@ -4283,7 +4271,7 @@ dependencies = [ "darling 0.21.3", "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -4292,7 +4280,7 @@ version = "0.9.34+deprecated" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47" dependencies = [ - "indexmap 2.12.0", + "indexmap 2.12.1", "itoa", "ryu", "serde", @@ -4338,9 +4326,9 @@ checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" [[package]] name = "signal-hook-registry" -version = "1.4.6" +version = "1.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2a4719bff48cee6b39d12c020eeb490953ad2443b7055bd0b21fca26bd8c28b" +checksum = "7664a098b8e616bdfcc2dc0e9ac44eb231eedf41db4e9fe95d8d32ec728dedad" dependencies = [ "libc", ] @@ -4459,7 +4447,7 @@ dependencies = [ "futures-util", "hashbrown 0.15.5", "hashlink", - "indexmap 2.12.0", + "indexmap 2.12.1", "log", "memchr", "native-tls", @@ -4489,7 +4477,7 @@ dependencies = [ "quote", "sqlx-core", "sqlx-macros-core", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -4512,7 +4500,7 @@ dependencies = [ "sqlx-mysql", "sqlx-postgres", "sqlx-sqlite", - "syn 2.0.110", + "syn 2.0.111", "tokio", "url", ] @@ -4697,9 +4685,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.110" +version = "2.0.111" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a99801b5bd34ede4cf3fc688c5919368fea4e4814a4664359503e6015b280aea" +checksum = "390cc9a294ab71bdb1aa2e99d13be9c753cd2d7bd6560c77118597410c4d2e87" dependencies = [ "proc-macro2", "quote", @@ -4723,7 +4711,7 @@ checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -4801,7 +4789,7 @@ dependencies = [ "const_format", "futures-util", "http", - "indexmap 2.12.0", + "indexmap 2.12.1", "paste", "reqwest", "serde", @@ -4823,7 +4811,7 @@ checksum = "5cf0ffc3ba4368e99597bd6afd83f4ff6febad66d9ae541ab46e697d32285fc0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -4852,7 +4840,7 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -4863,7 +4851,7 @@ checksum = "3ff15c8ecd7de3849db632e14d18d2571fa09dfc5ed93479bc4485c7a517c913" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -4974,7 +4962,7 @@ checksum = "af407857209536a95c8e56f8231ef2c2e2aff839b22e07a1ffcbc617e9db9fa5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -5036,7 +5024,7 @@ version = "0.23.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6485ef6d0d9b5d0ec17244ff7eb05310113c3f316f2d14200d4de56b3cb98f8d" dependencies = [ - "indexmap 2.12.0", + "indexmap 2.12.1", "toml_datetime", "toml_parser", "winnow", @@ -5069,9 +5057,9 @@ dependencies = [ [[package]] name = "tower-http" -version = "0.6.6" +version = "0.6.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "adc82fd73de2a9722ac5da747f12383d2bfdb93591ee6c58486e0097890f05f2" +checksum = "9cf146f99d442e8e68e585f5d798ccd3cad9a7835b917e09728880a862706456" dependencies = [ "async-compression", "bitflags", @@ -5123,7 +5111,7 @@ checksum = "81383ab64e72a7a8b8e13130c49e3dab29def6d0c7d76a03087b3cf71c5c6903" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -5193,18 +5181,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "04659ddb06c87d233c566112c1c9c5b9e98256d9af50ec3bc9c8327f873a7568" dependencies = [ "quote", - "syn 2.0.110", -] - -[[package]] -name = "trait-variant" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70977707304198400eb4835a78f6a9f928bf41bba420deb8fdb175cd965d77a7" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -5312,7 +5289,7 @@ version = "5.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2fcc29c80c21c31608227e0912b2d7fddba57ad76b606890627ba8ee7964e993" dependencies = [ - "indexmap 2.12.0", + "indexmap 2.12.1", "serde", "serde_json", "serde_norway", @@ -5341,7 +5318,7 @@ dependencies = [ "proc-macro2", "quote", "regex", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -5483,7 +5460,7 @@ dependencies = [ "bumpalo", "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", "wasm-bindgen-shared", ] @@ -5498,9 +5475,9 @@ dependencies = [ [[package]] name = "wasm-encoder" -version = "0.235.0" +version = "0.239.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3bc393c395cb621367ff02d854179882b9a351b4e0c93d1397e6090b53a5c2a" +checksum = "5be00faa2b4950c76fe618c409d2c3ea5a3c9422013e079482d78544bb2d184c" dependencies = [ "leb128fmt", "wasmparser", @@ -5508,22 +5485,22 @@ dependencies = [ [[package]] name = "wasmparser" -version = "0.235.0" +version = "0.239.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "161296c618fa2d63f6ed5fffd1112937e803cb9ec71b32b01a76321555660917" +checksum = "8c9d90bb93e764f6beabf1d02028c70a2156a6583e63ac4218dd07ef733368b0" dependencies = [ "bitflags", "hashbrown 0.15.5", - "indexmap 2.12.0", + "indexmap 2.12.1", "semver", "serde", ] [[package]] name = "wasmprinter" -version = "0.235.0" +version = "0.239.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75aa8e9076de6b9544e6dab4badada518cca0bf4966d35b131bbd057aed8fa0a" +checksum = "b3981f3d51f39f24f5fc90f93049a90f08dbbca8deba602cd46bb8ca67a94718" dependencies = [ "anyhow", "termcolor", @@ -5532,11 +5509,11 @@ dependencies = [ [[package]] name = "wasmtime" -version = "35.0.0" +version = "38.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6fe976922a16af3b0d67172c473d1fd4f1aa5d0af9c8ba6538c741f3af686f4" +checksum = "f81eafc07c867be94c47e0dc66355d9785e09107a18901f76a20701ba0663ad7" dependencies = [ - "addr2line 0.24.2", + "addr2line", "anyhow", "async-trait", "bitflags", @@ -5544,12 +5521,12 @@ dependencies = [ "cc", "cfg-if", "hashbrown 0.15.5", - "indexmap 2.12.0", + "indexmap 2.12.1", "libc", "log", "mach2", "memfd", - "object 0.36.7", + "object", "once_cell", "postcard", "pulley-interpreter", @@ -5559,34 +5536,33 @@ dependencies = [ "serde_derive", "smallvec", "target-lexicon", - "trait-variant", "wasmparser", "wasmtime-environ", - "wasmtime-internal-asm-macros", "wasmtime-internal-component-macro", "wasmtime-internal-cranelift", "wasmtime-internal-fiber", + "wasmtime-internal-jit-debug", "wasmtime-internal-jit-icache-coherence", "wasmtime-internal-math", "wasmtime-internal-slab", "wasmtime-internal-unwinder", "wasmtime-internal-versioned-export-macros", - "windows-sys 0.59.0", + "windows-sys 0.60.2", ] [[package]] name = "wasmtime-environ" -version = "35.0.0" +version = "38.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44b6264a78d806924abbc76bbc75eac24976bc83bdfb938e5074ae551242436f" +checksum = "78587abe085a44a13c90fa16fea6db014e9883e627a7044d7f0cb397ad08d1da" dependencies = [ "anyhow", "cranelift-bitset", "cranelift-entity", - "gimli 0.31.1", - "indexmap 2.12.0", + "gimli", + "indexmap 2.12.1", "log", - "object 0.36.7", + "object", "postcard", "serde", "serde_derive", @@ -5597,25 +5573,16 @@ dependencies = [ "wasmprinter", ] -[[package]] -name = "wasmtime-internal-asm-macros" -version = "35.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6775a9b516559716e5710e95a8014ca0adcc81e5bf4d3ad7899d89ae40094d1a" -dependencies = [ - "cfg-if", -] - [[package]] name = "wasmtime-internal-component-macro" -version = "35.0.0" +version = "38.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc3d098205e405e6b5ced06c1815621b823464b6ea289eaafe494139b0aee287" +checksum = "d843bb444f2d1509ea9304ad749242d1fa5de95cde67665bfcdcafa0f360925c" dependencies = [ "anyhow", "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", "wasmtime-internal-component-util", "wasmtime-internal-wit-bindgen", "wit-parser", @@ -5623,15 +5590,15 @@ dependencies = [ [[package]] name = "wasmtime-internal-component-util" -version = "35.0.0" +version = "38.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "219252067216242ed2b32665611b0ee356d6e92cbb897ecb9a10cae0b97bdeca" +checksum = "801ee1a80ab66f065a88c6a62f2d495d5540d027b366757c6a53e9c42f153aef" [[package]] name = "wasmtime-internal-cranelift" -version = "35.0.0" +version = "38.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ec9ad7565e6a8de7cb95484e230ff689db74a4a085219e0da0cbd637a29c01c" +checksum = "deb50f1c50365c32e557266ca85acdf77696c44a3f98797ba6af58cebc6d6d1e" dependencies = [ "anyhow", "cfg-if", @@ -5640,10 +5607,10 @@ dependencies = [ "cranelift-entity", "cranelift-frontend", "cranelift-native", - "gimli 0.31.1", + "gimli", "itertools 0.14.0", "log", - "object 0.36.7", + "object", "pulley-interpreter", "smallvec", "target-lexicon", @@ -5651,85 +5618,96 @@ dependencies = [ "wasmparser", "wasmtime-environ", "wasmtime-internal-math", + "wasmtime-internal-unwinder", "wasmtime-internal-versioned-export-macros", ] [[package]] name = "wasmtime-internal-fiber" -version = "35.0.0" +version = "38.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b636ff8b220ebaf29dfe3b23770e4b2bad317b9683e3bf7345e162387385b39" +checksum = "9308cdb17f8d51e3164185616d809e28c29a6515c03b9dd95c89436b71f6d154" dependencies = [ "anyhow", "cc", "cfg-if", "libc", "rustix", - "wasmtime-internal-asm-macros", "wasmtime-internal-versioned-export-macros", - "windows-sys 0.59.0", + "windows-sys 0.60.2", +] + +[[package]] +name = "wasmtime-internal-jit-debug" +version = "38.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c9b63a22bf2a8b6a149a41c6768bc17a8b2e3288a249cb8216987fbd7128e81" +dependencies = [ + "cc", + "wasmtime-internal-versioned-export-macros", ] [[package]] name = "wasmtime-internal-jit-icache-coherence" -version = "35.0.0" +version = "38.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4417e06b7f80baff87d9770852c757a39b8d7f11d78b2620ca992b8725f16f50" +checksum = "eb8e042b6e3de2f3d708279f89f50b4b9aa1b9bab177300cdffb0ffcd2816df5" dependencies = [ "anyhow", "cfg-if", "libc", - "windows-sys 0.59.0", + "windows-sys 0.60.2", ] [[package]] name = "wasmtime-internal-math" -version = "35.0.0" +version = "38.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7710d5c4ecdaa772927fd11e5dc30a9a62d1fc8fe933e11ad5576ad596ab6612" +checksum = "3c1f0674f38cd7d014eb1a49ea1d1766cca1a64459e8856ee118a10005302e16" dependencies = [ "libm", ] [[package]] name = "wasmtime-internal-slab" -version = "35.0.0" +version = "38.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6ab22fabe1eed27ab01fd47cd89deacf43ad222ed7fd169ba6f4dd1fbddc53b" +checksum = "fb24b7535306713e7a250f8b71e35f05b6a5031bf9c3ed7330c308e899cbe7d3" [[package]] name = "wasmtime-internal-unwinder" -version = "35.0.0" +version = "38.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "307708f302f5dcf19c1bbbfb3d9f2cbc837dd18088a7988747b043a46ba38ecc" +checksum = "21d5a80e2623a49cb8e8c419542337b8fe0260b162c40dcc201080a84cbe9b7c" dependencies = [ "anyhow", "cfg-if", "cranelift-codegen", "log", - "object 0.36.7", + "object", ] [[package]] name = "wasmtime-internal-versioned-export-macros" -version = "35.0.0" +version = "38.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "342b0466f92b7217a4de9e114175fedee1907028567d2548bcd42f71a8b5b016" +checksum = "23e277f734b9256359b21517c3b0c26a2a9de6c53a51b670ae55cdcde548bf4e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] name = "wasmtime-internal-wit-bindgen" -version = "35.0.0" +version = "38.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ae057d44a5b60e6ec529b0c21809a9d1fc92e91ef6e0f6771ed11dd02a94a08" +checksum = "5f758625553fe33fdce0713f63bb7784c4f5fecb7f7cd4813414519ec24b6a4c" dependencies = [ "anyhow", + "bitflags", "heck 0.5.0", - "indexmap 2.12.0", + "indexmap 2.12.1", "wit-parser", ] @@ -5870,7 +5848,7 @@ checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -5881,7 +5859,7 @@ checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -5937,15 +5915,6 @@ dependencies = [ "windows-targets 0.52.6", ] -[[package]] -name = "windows-sys" -version = "0.59.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" -dependencies = [ - "windows-targets 0.52.6", -] - [[package]] name = "windows-sys" version = "0.60.2" @@ -6167,13 +6136,13 @@ checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59" [[package]] name = "wit-parser" -version = "0.235.0" +version = "0.239.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a1f95a87d03a33e259af286b857a95911eb46236a0f726cbaec1227b3dfc67a" +checksum = "55c92c939d667b7bf0c6bf2d1f67196529758f99a2a45a3355cc56964fd5315d" dependencies = [ "anyhow", "id-arena", - "indexmap 2.12.0", + "indexmap 2.12.1", "log", "semver", "serde", @@ -6240,28 +6209,28 @@ checksum = "b659052874eb698efe5b9e8cf382204678a0086ebf46982b79d6ca3182927e5d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", "synstructure", ] [[package]] name = "zerocopy" -version = "0.8.27" +version = "0.8.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0894878a5fa3edfd6da3f88c4805f4c8558e2b996227a3d864f47fe11e38282c" +checksum = "4ea879c944afe8a2b25fef16bb4ba234f47c694565e97383b36f3a878219065c" dependencies = [ "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.8.27" +version = "0.8.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88d2b8d9c68ad2b9e4340d7832716a4d21a22a1154777ad56ea55c51a9cf3831" +checksum = "cf955aa904d6040f70dc8e9384444cb1030aed272ba3cb09bbc4ab9e7c1f34f5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -6281,7 +6250,7 @@ checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", "synstructure", ] @@ -6302,7 +6271,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -6335,7 +6304,7 @@ checksum = "eadce39539ca5cb3985590102671f2567e659fca9666581ad3411d59207951f3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.110", + "syn 2.0.111", ] [[package]] @@ -6347,7 +6316,7 @@ dependencies = [ "arbitrary", "crc32fast", "flate2", - "indexmap 2.12.0", + "indexmap 2.12.1", "memchr", "zopfli", ] diff --git a/Cargo.toml b/Cargo.toml index ed31876b..dd98c9bb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -48,8 +48,9 @@ regex = { version = "1.12" } reqwest = { version = "0.12", features = ["json", "http2", "gzip", "deflate"] } rmp = { version = "0.8" } schemars = { version = "1.1" } -sea-orm = { version = "1.1", features = ["sqlx-mysql", "sqlx-postgres", "runtime-tokio", "runtime-tokio-native-tls"] } +sea-orm = { version = "1.1", features = ["debug-print", "sqlx-mysql", "sqlx-postgres", "runtime-tokio", "runtime-tokio-native-tls"] } sea-orm-migration = { version = "1.1", features = ["sqlx-mysql", "sqlx-postgres", "runtime-tokio"] } +secrecy = { version = "0.10", features = ["serde"] } serde = { version = "1.0" } serde_bytes = { version = "0.11" } serde_json = { version = "1.0" } @@ -76,6 +77,7 @@ hyper = { version = "1.8", features = ["http1"] } hyper-util = { version = "0.1", features = ["tokio", "http1"] } keycloak = { version = "26.4" } mockall = { version = "0.14" } +rand = "0.9" reqwest = { version = "0.12", features = ["json", "multipart"] } sea-orm = { version = "1.1", features = ["mock", "sqlx-sqlite" ]} serde_urlencoded = { version = "0.7" } diff --git a/src/bin/keystone.rs b/src/bin/keystone.rs index e686a4b2..065079a4 100644 --- a/src/bin/keystone.rs +++ b/src/bin/keystone.rs @@ -15,12 +15,13 @@ //! //! This is the entry point of the `keystone` binary. +use axum::extract::DefaultBodyLimit; use axum::http::{self, HeaderName, Request, header}; use clap::{Parser, ValueEnum}; use color_eyre::eyre::{Report, Result}; use eyre::WrapErr; -use sea_orm::ConnectOptions; -use sea_orm::Database; +use sea_orm::{ConnectOptions, Database}; +use secrecy::ExposeSecret; use std::io; use std::net::{Ipv4Addr, SocketAddr}; use std::path::PathBuf; @@ -36,6 +37,7 @@ use tower_http::{ }; use tracing::{Level, debug, error, info, info_span, trace}; use tracing_subscriber::{ + Layer, filter::{LevelFilter, Targets}, prelude::*, }; @@ -53,6 +55,9 @@ use openstack_keystone::plugin_manager::PluginManager; use openstack_keystone::policy::PolicyFactory; use openstack_keystone::provider::Provider; +// Default body limit 256kB +const DEFAULT_BODY_LIMIT: usize = 1024 * 256; + /// `OpenStack` Keystone. /// /// Keystone is an `OpenStack` service that provides API client authentication, service discovery, @@ -144,11 +149,10 @@ async fn main() -> Result<(), Report> { let cloned_token = token.clone(); let cfg = Config::new(args.config)?; - let db_url = cfg.database.get_connection(); - let mut opt = ConnectOptions::new(db_url.clone()); - if args.verbose < 2 { - opt.sqlx_logging(false); - } + let opt: ConnectOptions = ConnectOptions::new(cfg.database.get_connection().expose_secret()) + // Prevent dumping the password in plaintext. + .sqlx_logging(false) + .to_owned(); debug!("Establishing the database connection..."); let conn = Database::connect(opt) @@ -192,6 +196,7 @@ async fn main() -> Result<(), Report> { )) //.layer(PropagateRequestIdLayer::new(x_request_id)) .sensitive_request_headers(sensitive_headers.clone()) + .layer(DefaultBodyLimit::max(DEFAULT_BODY_LIMIT)) .layer( TraceLayer::new_for_http() //.make_span_with(DefaultMakeSpan::new().include_headers(true)) diff --git a/src/bin/keystone_db.rs b/src/bin/keystone_db.rs index d6e0833f..390b1852 100644 --- a/src/bin/keystone_db.rs +++ b/src/bin/keystone_db.rs @@ -14,6 +14,7 @@ use clap::{Parser, Subcommand}; use color_eyre::Report; use eyre::WrapErr; +use secrecy::ExposeSecret; use std::io; use std::path::PathBuf; use tracing::info; @@ -87,12 +88,10 @@ async fn main() -> Result<(), Report> { // build the tracing registry tracing_subscriber::registry().with(log_layer).init(); let cfg = Config::new(cli.config)?; - let db_url = cfg.database.get_connection(); - let mut opt = ConnectOptions::new(db_url.clone()); - - if cli.verbose < 2 { - opt.sqlx_logging(false); - } + let opt: ConnectOptions = ConnectOptions::new(cfg.database.get_connection().expose_secret()) + // Prevent dumping the password in plaintext. + .sqlx_logging(false) + .to_owned(); info!("Establishing the database connection..."); let conn = Database::connect(opt) diff --git a/src/config.rs b/src/config.rs index fb6dc7dd..57d7ffc2 100644 --- a/src/config.rs +++ b/src/config.rs @@ -15,6 +15,7 @@ use config::{File, FileFormat}; use eyre::{Report, WrapErr}; use regex::Regex; +use secrecy::{ExposeSecret, SecretString}; use serde::{Deserialize, Deserializer}; use std::collections::HashMap; use std::path::PathBuf; @@ -111,14 +112,16 @@ pub struct FernetTokenSection { #[derive(Debug, Default, Deserialize, Clone)] pub struct DatabaseSection { - pub connection: String, + /// Database URL. + pub connection: SecretString, } impl DatabaseSection { - pub fn get_connection(&self) -> String { - if self.connection.contains("+") { + pub fn get_connection(&self) -> SecretString { + let val = self.connection.expose_secret(); + if val.contains("+") { return Regex::new(r"(?\w+)\+(\w+)://") - .map(|re| re.replace(&self.connection, "${type}://").to_string()) + .map(|re| SecretString::from(re.replace(val, "${type}://").to_string())) .unwrap_or(self.connection.clone()); } self.connection.clone() @@ -321,16 +324,17 @@ impl TryFrom> for Config { #[cfg(test)] mod tests { use super::*; + use secrecy::ExposeSecret; #[test] fn test_db_connection() { let sot = DatabaseSection { connection: "mysql://u:p@h".into(), }; - assert_eq!("mysql://u:p@h", sot.get_connection()); + assert_eq!("mysql://u:p@h", sot.get_connection().expose_secret()); let sot = DatabaseSection { connection: "mysql+driver://u:p@h".into(), }; - assert_eq!("mysql://u:p@h", sot.get_connection()); + assert_eq!("mysql://u:p@h", sot.get_connection().expose_secret()); } } diff --git a/src/identity/backends/sql.rs b/src/identity/backends/sql.rs index db1a02c7..332869d7 100644 --- a/src/identity/backends/sql.rs +++ b/src/identity/backends/sql.rs @@ -77,7 +77,9 @@ impl IdentityBackend for SqlBackend { { let user_opts = user_option::get(&state.db, local_user.user_id.clone()).await?; - if password_hashing::verify_password(&self.config, auth.password, expected_hash)? { + if password_hashing::verify_password(&self.config, auth.password, expected_hash) + .await? + { if let Some(user) = user::get(&state.db, &local_user.user_id).await? { // TODO: Check password is expired // TODO: reset failed login attempt @@ -574,7 +576,7 @@ async fn create_user( let password_entry = password::create( db, local_user.id, - password_hashing::hash_password(conf, password)?, + password_hashing::hash_password(conf, password).await?, None, ) .await?; diff --git a/src/identity/error.rs b/src/identity/error.rs index 168fe444..af616c8f 100644 --- a/src/identity/error.rs +++ b/src/identity/error.rs @@ -107,11 +107,20 @@ impl From for IdentityProviderError { } } +/// Password hashing related errors. #[derive(Error, Debug)] pub enum IdentityProviderPasswordHashError { + /// Bcrypt error. #[error(transparent)] BCrypt { #[from] source: bcrypt::BcryptError, }, + + /// Async task join error. + #[error(transparent)] + Join { + #[from] + source: tokio::task::JoinError, + }, } diff --git a/src/identity/password_hashing.rs b/src/identity/password_hashing.rs index 3ac67d9b..98feece7 100644 --- a/src/identity/password_hashing.rs +++ b/src/identity/password_hashing.rs @@ -13,6 +13,7 @@ // SPDX-License-Identifier: Apache-2.0 use std::cmp::max; +use tokio::task; use tracing::warn; use crate::config::{Config, PasswordHashingAlgo}; @@ -26,7 +27,8 @@ fn verify_length_and_trunc_password(password: &[u8], max_length: usize) -> &[u8] password } -pub fn hash_password>( +/// Calculate password hash with the configuration defaults. +pub async fn hash_password>( conf: &Config, password: S, ) -> Result { @@ -35,14 +37,18 @@ pub fn hash_password>( let password_bytes = verify_length_and_trunc_password( password.as_ref(), max(conf.identity.max_password_length, 72), - ); + ) + .to_owned(); let rounds = conf.identity.password_hash_rounds.unwrap_or(12); - Ok(bcrypt::hash(password_bytes, rounds as u32)?) + let hash = + task::spawn_blocking(move || bcrypt::hash(password_bytes, rounds as u32)).await??; + Ok(hash) } } } -pub fn verify_password, H: AsRef>( +/// Verify the password matches the hashed value. +pub async fn verify_password, H: AsRef>( conf: &Config, password: P, hash: H, @@ -52,8 +58,15 @@ pub fn verify_password, H: AsRef>( let password_bytes = verify_length_and_trunc_password( password.as_ref(), max(conf.identity.max_password_length, 72), - ); - Ok(bcrypt::verify(password_bytes, hash.as_ref())?) + ) + .to_owned(); + let password_hash = hash.as_ref().to_string(); + // Do not block the main thread with a definitely long running call. + let verify = + task::spawn_blocking(move || bcrypt::verify(password_bytes, &password_hash)) + .await??; + Ok(verify) + //Ok(bcrypt::verify(password_bytes, hash.as_ref())?) } } } @@ -61,6 +74,7 @@ pub fn verify_password, H: AsRef>( #[cfg(test)] mod tests { use super::*; + use rand::distr::{Alphanumeric, SampleString}; #[test] fn test_verify_length_and_trunc_password() { @@ -79,14 +93,39 @@ mod tests { ); } - #[test] - fn test_hash_bcrypt() { + #[tokio::test] + async fn test_hash_bcrypt() { + let builder = config::Config::builder() + .set_override("auth.methods", "") + .unwrap() + .set_override("database.connection", "dummy") + .unwrap(); + let conf: Config = Config::try_from(builder).expect("can build a valid config"); + assert!(hash_password(&conf, "abcdefg").await.is_ok()); + } + + #[tokio::test] + async fn test_roundtrip_bcrypt() { + let builder = config::Config::builder() + .set_override("auth.methods", "") + .unwrap() + .set_override("database.connection", "dummy") + .unwrap(); + let conf: Config = Config::try_from(builder).expect("can build a valid config"); + let hashed = hash_password(&conf, "abcdefg").await.unwrap(); + assert!(verify_password(&conf, "abcdefg", hashed).await.unwrap()); + } + + #[tokio::test] + async fn test_roundtrip_bcrypt_longer_than_72() { let builder = config::Config::builder() .set_override("auth.methods", "") .unwrap() .set_override("database.connection", "dummy") .unwrap(); let conf: Config = Config::try_from(builder).expect("can build a valid config"); - assert!(hash_password(&conf, "abcdefg").is_ok()); + let pass = Alphanumeric.sample_string(&mut rand::rng(), 80); + let hashed = hash_password(&conf, pass.clone()).await.unwrap(); + assert!(verify_password(&conf, pass, hashed).await.unwrap()); } }