diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index ea88888e..e07e71da 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,4 +1,5 @@ name: Build + on: push: branches: [ main ] @@ -28,7 +29,7 @@ jobs: - name: Setup OPA uses: open-policy-agent/setup-opa@v2.1.0 with: - version: 0.54.0 + version: 0.55.0 - name: Install Node uses: actions/setup-node@v3.8.1 @@ -91,7 +92,7 @@ jobs: save-if: "${{ github.event_name != 'pull_request' }}" - name: Install zig and cargo-zigbuild - run: pip3 install ziglang==0.9.1 cargo-zigbuild==0.16.12 + run: pip3 install ziglang==0.11.0 cargo-zigbuild==0.17.1 - name: Build the binary run: | @@ -155,11 +156,7 @@ jobs: save-if: "${{ github.event_name != 'pull_request' }}" - name: Install zig and cargo-zigbuild - # XXX: note how the ziglang version is not the same as the Dockerfile and the Linux build - # This is because there is an issue with zig 0.10.x when building the `psm` crate for Linux, but it works fine for macOS - # The reason we're not on 0.9.x for the macOS build is because there is an issue for linking the final binary with 0.9.x - # This should all be fixed once zig 0.11.x is released in a few weeks - run: pip3 install ziglang==0.10.1.post1 cargo-zigbuild==0.16.12 + run: pip3 install ziglang==0.11.0 cargo-zigbuild==0.17.1 - name: Download the macOS SDK run: curl -L "https://github.com/phracker/MacOSX-SDKs/releases/download/11.3/MacOSX11.3.sdk.tar.xz" | tar -J -x -C /opt diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7a4185b9..b4ddc955 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -29,7 +29,7 @@ jobs: - name: Setup OPA uses: open-policy-agent/setup-opa@v2.1.0 with: - version: 0.54.0 + version: 0.55.0 - name: Lint policies working-directory: ./policies @@ -196,7 +196,7 @@ jobs: - name: Setup OPA uses: open-policy-agent/setup-opa@v2.1.0 with: - version: 0.54.0 + version: 0.55.0 - name: Compile OPA policies working-directory: ./policies @@ -260,7 +260,7 @@ jobs: - name: Setup OPA uses: open-policy-agent/setup-opa@v2.1.0 with: - version: 0.54.0 + version: 0.55.0 - name: Compile OPA policies working-directory: ./policies diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml index 03401e6f..2c66f063 100644 --- a/.github/workflows/coverage.yaml +++ b/.github/workflows/coverage.yaml @@ -29,7 +29,7 @@ jobs: - name: Setup OPA uses: open-policy-agent/setup-opa@v2.1.0 with: - version: 0.54.0 + version: 0.55.0 - name: Run OPA tests with coverage working-directory: ./policies @@ -119,7 +119,7 @@ jobs: - name: Setup OPA uses: open-policy-agent/setup-opa@v2.1.0 with: - version: 0.54.0 + version: 0.55.0 - name: Compile OPA policies working-directory: ./policies diff --git a/Dockerfile b/Dockerfile index 96fa4ea5..86b650dc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,14 +12,15 @@ # The Debian version and version name must be in sync ARG DEBIAN_VERSION=11 ARG DEBIAN_VERSION_NAME=bullseye -ARG RUSTC_VERSION=1.71.0 +ARG RUSTC_VERSION=1.72.0 # XXX: Upgrade to 0.10.0 blocked by https://github.com/ziglang/zig/issues/10915#issuecomment-1354548110 +# XXX: Upgrade to 0.11.0 blocked by https://github.com/rust-cross/cargo-zigbuild/issues/162 ARG ZIG_VERSION=0.9.1 -ARG NODEJS_VERSION=18.16.1 -ARG OPA_VERSION=0.54.0 +ARG NODEJS_VERSION=18.17.1 +ARG OPA_VERSION=0.55.0 ARG CARGO_AUDITABLE_VERSION=0.6.1 -ARG CARGO_CHEF_VERSION=0.1.61 -ARG CARGO_ZIGBUILD_VERSION=0.16.12 +ARG CARGO_CHEF_VERSION=0.1.62 +ARG CARGO_ZIGBUILD_VERSION=0.17.1 ########################################## ## Build stage that builds the frontend ## diff --git a/crates/axum-utils/src/cookies.rs b/crates/axum-utils/src/cookies.rs index afbea2b3..b761f20a 100644 --- a/crates/axum-utils/src/cookies.rs +++ b/crates/axum-utils/src/cookies.rs @@ -108,6 +108,13 @@ pub struct CookieJar { } impl CookieJar { + /// Save the given payload in a cookie + /// + /// If `permanent` is true, the cookie will be valid for 10 years + /// + /// # Panics + /// + /// Panics if the payload cannot be serialized #[must_use] pub fn save(mut self, key: &str, payload: &T, permanent: bool) -> Self { let serialized = diff --git a/crates/cli/src/commands/manage.rs b/crates/cli/src/commands/manage.rs index 4da5577e..28e600c5 100644 --- a/crates/cli/src/commands/manage.rs +++ b/crates/cli/src/commands/manage.rs @@ -300,7 +300,7 @@ impl Options { continue; } - for scope in oauth2_session.scope.iter() { + for scope in &*oauth2_session.scope { if let Some(device) = Device::from_scope_token(scope) { // Schedule a job to delete the device. repo.job() diff --git a/crates/data-model/src/oauth2/mod.rs b/crates/data-model/src/oauth2/mod.rs index bc76b091..14c55694 100644 --- a/crates/data-model/src/oauth2/mod.rs +++ b/crates/data-model/src/oauth2/mod.rs @@ -12,9 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. -pub(self) mod authorization_grant; -pub(self) mod client; -pub(self) mod session; +mod authorization_grant; +mod client; +mod session; pub use self::{ authorization_grant::{AuthorizationCode, AuthorizationGrant, AuthorizationGrantStage, Pkce}, diff --git a/crates/graphql/src/mutations/oauth2_session.rs b/crates/graphql/src/mutations/oauth2_session.rs index c3874e5e..96774735 100644 --- a/crates/graphql/src/mutations/oauth2_session.rs +++ b/crates/graphql/src/mutations/oauth2_session.rs @@ -109,7 +109,7 @@ impl OAuth2SessionMutations { // XXX: this might not be the right semantic, but it's the best we // can do for now, since we're not explicitly storing devices for OAuth2 // sessions. - for scope in session.scope.iter() { + for scope in &*session.scope { if let Some(device) = Device::from_scope_token(scope) { // Schedule a job to delete the device. repo.job() diff --git a/crates/handlers/src/oauth2/revoke.rs b/crates/handlers/src/oauth2/revoke.rs index f19d7ce0..e8c88e4e 100644 --- a/crates/handlers/src/oauth2/revoke.rs +++ b/crates/handlers/src/oauth2/revoke.rs @@ -213,7 +213,7 @@ pub(crate) async fn post( // XXX: this might not be the right semantic, but it's the best we // can do for now, since we're not explicitly storing devices for OAuth2 // sessions. - for scope in session.scope.iter() { + for scope in &*session.scope { if let Some(device) = Device::from_scope_token(scope) { // Schedule a job to delete the device. repo.job() diff --git a/crates/handlers/src/oauth2/token.rs b/crates/handlers/src/oauth2/token.rs index e52476f4..17920b66 100644 --- a/crates/handlers/src/oauth2/token.rs +++ b/crates/handlers/src/oauth2/token.rs @@ -337,7 +337,7 @@ async fn authorization_code_grant( } // Look for device to provision - for scope in session.scope.iter() { + for scope in &*session.scope { if let Some(device) = Device::from_scope_token(scope) { // Note that we're not waiting for the job to finish, we just schedule it. We // might get in a situation where the provisioning job is not finished when the diff --git a/crates/http/src/ext.rs b/crates/http/src/ext.rs index 831515db..675945e4 100644 --- a/crates/http/src/ext.rs +++ b/crates/http/src/ext.rs @@ -61,7 +61,7 @@ impl CorsLayerExt for CorsLayer { H: IntoIterator, { let base = PROPAGATOR_HEADERS.get().cloned().unwrap_or_default(); - let headers: Vec<_> = headers.into_iter().chain(base.into_iter()).collect(); + let headers: Vec<_> = headers.into_iter().chain(base).collect(); self.allow_headers(headers) } } diff --git a/crates/jose/src/jwa/mod.rs b/crates/jose/src/jwa/mod.rs index 8b47d253..352ff132 100644 --- a/crates/jose/src/jwa/mod.rs +++ b/crates/jose/src/jwa/mod.rs @@ -17,7 +17,7 @@ use sha2::{Sha256, Sha384, Sha512}; mod asymmetric; pub(crate) mod hmac; -pub(self) mod signature; +mod signature; mod symmetric; pub use self::{ diff --git a/crates/listener/src/maybe_tls.rs b/crates/listener/src/maybe_tls.rs index ca296e63..82788dab 100644 --- a/crates/listener/src/maybe_tls.rs +++ b/crates/listener/src/maybe_tls.rs @@ -80,6 +80,10 @@ impl MaybeTlsStream { /// Gather informations about the TLS connection. Returns `None` if the /// stream is not a TLS stream. + /// + /// # Panics + /// + /// Panics if the TLS handshake is not done yet, which should never happen pub fn tls_info(&self) -> Option { let conn = self.get_tls_connection()?; diff --git a/crates/oauth2-types/src/requests.rs b/crates/oauth2-types/src/requests.rs index fcac3a6f..cfa0bcf9 100644 --- a/crates/oauth2-types/src/requests.rs +++ b/crates/oauth2-types/src/requests.rs @@ -317,7 +317,7 @@ impl fmt::Debug for AuthorizationRequest { .field("request", &self.request) .field("request_uri", &self.request_uri) .field("registration", &self.registration) - .finish() + .finish_non_exhaustive() } } @@ -422,7 +422,7 @@ impl fmt::Debug for DeviceAuthorizationResponse { .field("verification_uri", &self.verification_uri) .field("expires_in", &self.expires_in) .field("interval", &self.interval) - .finish() + .finish_non_exhaustive() } } diff --git a/policies/Makefile b/policies/Makefile index 7c43e21d..d110c21d 100644 --- a/policies/Makefile +++ b/policies/Makefile @@ -1,6 +1,6 @@ # Set to 1 to run OPA through Docker DOCKER := 0 -OPA_DOCKER_IMAGE := docker.io/openpolicyagent/opa:0.54.0 +OPA_DOCKER_IMAGE := docker.io/openpolicyagent/opa:0.55.0 ifeq ($(DOCKER), 0) OPA := opa