matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-29 22:01:14 +03:00
Code Activity

Remove the dependency on sqlx in the config crate

Browse Source
This commit is contained in:
Quentin Gliech
2022-12-15 14:44:20 +01:00
parent 306b71baf5
commit ee42250660
14 changed files with 130 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@ -2732,6 +2732,7 @@ dependencies = [
"rustls", "rustls",
"serde_json", "serde_json",
"serde_yaml", "serde_yaml",
"sqlx",
"tokio", "tokio",
"tower", "tower",
"tower-http", "tower-http",
@ -2764,7 +2765,6 @@ dependencies = [
"serde", "serde",
"serde_json", "serde_json",
"serde_with", "serde_with",
"sqlx",
"thiserror", "thiserror",
"tokio", "tokio",
"tracing", "tracing",

1
crates/cli/Cargo.toml
View File

@ -21,6 +21,7 @@ rand_chacha = "0.3.1"
rustls = "0.20.7" rustls = "0.20.7"
serde_json = "1.0.89" serde_json = "1.0.89"
serde_yaml = "0.9.14" serde_yaml = "0.9.14"
sqlx = { version = "0.6.2", features = ["runtime-tokio-rustls", "postgres"] }
tokio = { version = "1.23.0", features = ["full"] } tokio = { version = "1.23.0", features = ["full"] }
tower = { version = "0.4.13", features = ["full"] } tower = { version = "0.4.13", features = ["full"] }
tower-http = { version = "0.3.5", features = ["fs", "compression-full"] } tower-http = { version = "0.3.5", features = ["fs", "compression-full"] }

4
crates/cli/src/commands/database.rs
View File

@ -17,6 +17,8 @@ use clap::Parser;
use mas_config::DatabaseConfig; use mas_config::DatabaseConfig;
use mas_storage::MIGRATOR; use mas_storage::MIGRATOR;
use crate::util::database_from_config;
#[derive(Parser, Debug)] #[derive(Parser, Debug)]
pub(super) struct Options { pub(super) struct Options {
#[command(subcommand)] #[command(subcommand)]
@ -32,7 +34,7 @@ enum Subcommand {
impl Options { impl Options {
pub async fn run(&self, root: &super::Options) -> anyhow::Result<()> { pub async fn run(&self, root: &super::Options) -> anyhow::Result<()> {
let config: DatabaseConfig = root.load_config()?; let config: DatabaseConfig = root.load_config()?;
let pool = config.connect().await?; let pool = database_from_config(&config).await?;
// Run pending migrations // Run pending migrations
MIGRATOR MIGRATOR

10
crates/cli/src/commands/manage.rs
View File

@ -28,7 +28,7 @@ use oauth2_types::scope::Scope;
use rand::SeedableRng; use rand::SeedableRng;
use tracing::{info, warn}; use tracing::{info, warn};
use crate::util::password_manager_from_config; use crate::util::{database_from_config, password_manager_from_config};
#[derive(Parser, Debug)] #[derive(Parser, Debug)]
pub(super) struct Options { pub(super) struct Options {
@ -197,7 +197,7 @@ impl Options {
let database_config: DatabaseConfig = root.load_config()?; let database_config: DatabaseConfig = root.load_config()?;
let passwords_config: PasswordsConfig = root.load_config()?; let passwords_config: PasswordsConfig = root.load_config()?;
let pool = database_config.connect().await?; let pool = database_from_config(&database_config).await?;
let password_manager = password_manager_from_config(&passwords_config).await?; let password_manager = password_manager_from_config(&passwords_config).await?;
let mut txn = pool.begin().await?; let mut txn = pool.begin().await?;
@ -228,7 +228,7 @@ impl Options {
SC::VerifyEmail { username, email } => { SC::VerifyEmail { username, email } => {
let config: DatabaseConfig = root.load_config()?; let config: DatabaseConfig = root.load_config()?;
let pool = config.connect().await?; let pool = database_from_config(&config).await?;
let mut txn = pool.begin().await?; let mut txn = pool.begin().await?;
let user = lookup_user_by_username(&mut txn, username) let user = lookup_user_by_username(&mut txn, username)
@ -247,7 +247,7 @@ impl Options {
SC::ImportClients { truncate } => { SC::ImportClients { truncate } => {
let config: RootConfig = root.load_config()?; let config: RootConfig = root.load_config()?;
let pool = config.database.connect().await?; let pool = database_from_config(&config.database).await?;
let encrypter = config.secrets.encrypter(); let encrypter = config.secrets.encrypter();
let mut txn = pool.begin().await?; let mut txn = pool.begin().await?;
@ -306,7 +306,7 @@ impl Options {
} => { } => {
let config: RootConfig = root.load_config()?; let config: RootConfig = root.load_config()?;
let encrypter = config.secrets.encrypter(); let encrypter = config.secrets.encrypter();
let pool = config.database.connect().await?; let pool = database_from_config(&config.database).await?;
let url_builder = UrlBuilder::new(config.http.public_base); let url_builder = UrlBuilder::new(config.http.public_base);
let mut conn = pool.acquire().await?; let mut conn = pool.acquire().await?;

12
crates/cli/src/commands/server.rs
View File

@ -28,7 +28,10 @@ use mas_templates::Templates;
use tokio::signal::unix::SignalKind; use tokio::signal::unix::SignalKind;
use tracing::{error, info, log::warn}; use tracing::{error, info, log::warn};
use crate::util::{mailer_from_config, password_manager_from_config, policy_factory_from_config}; use crate::util::{
database_from_config, mailer_from_config, password_manager_from_config,
policy_factory_from_config, templates_from_config,
};
#[derive(Parser, Debug, Default)] #[derive(Parser, Debug, Default)]
pub(super) struct Options { pub(super) struct Options {
@ -105,7 +108,7 @@ impl Options {
let config: RootConfig = root.load_config()?; let config: RootConfig = root.load_config()?;
// Connect to the database // Connect to the database
let pool = config.database.connect().await?; let pool = database_from_config(&config.database).await?;
if self.migrate { if self.migrate {
info!("Running pending migrations"); info!("Running pending migrations");
@ -120,7 +123,6 @@ impl Options {
queue.recuring(Duration::from_secs(15), mas_tasks::cleanup_expired(&pool)); queue.recuring(Duration::from_secs(15), mas_tasks::cleanup_expired(&pool));
queue.start(); queue.start();
// TODO: task queue, key store, encrypter, url builder, http client
// Initialize the key store // Initialize the key store
let key_store = config let key_store = config
.secrets .secrets
@ -138,9 +140,7 @@ impl Options {
let url_builder = UrlBuilder::new(config.http.public_base.clone()); let url_builder = UrlBuilder::new(config.http.public_base.clone());
// Load and compile the templates // Load and compile the templates
let templates = Templates::load(config.templates.path.clone(), url_builder.clone()) let templates = templates_from_config(&config.templates, &url_builder).await?;
.await
.context("could not load templates")?;
let mailer = mailer_from_config(&config.email, &templates).await?; let mailer = mailer_from_config(&config.email, &templates).await?;
mailer.test_connection().await?; mailer.test_connection().await?;

81
crates/cli/src/util.rs
View File

@ -12,12 +12,23 @@
// See the License for the specific language governing permissions and // See the License for the specific language governing permissions and
// limitations under the License. // limitations under the License.
use std::time::Duration;
use anyhow::Context; use anyhow::Context;
use mas_config::{EmailConfig, EmailSmtpMode, EmailTransportConfig, PasswordsConfig, PolicyConfig}; use mas_config::{
DatabaseConfig, DatabaseConnectConfig, EmailConfig, EmailSmtpMode, EmailTransportConfig,
PasswordsConfig, PolicyConfig, TemplatesConfig,
};
use mas_email::{MailTransport, Mailer}; use mas_email::{MailTransport, Mailer};
use mas_handlers::passwords::PasswordManager; use mas_handlers::passwords::PasswordManager;
use mas_policy::PolicyFactory; use mas_policy::PolicyFactory;
use mas_templates::Templates; use mas_router::UrlBuilder;
use mas_templates::{TemplateLoadingError, Templates};
use sqlx::{
postgres::{PgConnectOptions, PgPoolOptions},
ConnectOptions, PgPool,
};
use tracing::log::LevelFilter;
pub async fn password_manager_from_config( pub async fn password_manager_from_config(
config: &PasswordsConfig, config: &PasswordsConfig,
@ -91,3 +102,69 @@ pub async fn policy_factory_from_config(
.await .await
.context("failed to load the policy") .context("failed to load the policy")
} }
pub async fn templates_from_config(
config: &TemplatesConfig,
url_builder: &UrlBuilder,
) -> Result<Templates, TemplateLoadingError> {
Templates::load(config.path.clone(), url_builder.clone()).await
}
pub async fn database_from_config(config: &DatabaseConfig) -> Result<PgPool, anyhow::Error> {
let mut options = match &config.options {
DatabaseConnectConfig::Uri { uri } => uri
.parse()
.context("could not parse database connection string")?,
DatabaseConnectConfig::Options {
host,
port,
socket,
username,
password,
database,
} => {
let mut opts =
PgConnectOptions::new().application_name("matrix-authentication-service");
if let Some(host) = host {
opts = opts.host(host);
}
if let Some(port) = port {
opts = opts.port(*port);
}
if let Some(socket) = socket {
opts = opts.socket(socket);
}
if let Some(username) = username {
opts = opts.username(username);
}
if let Some(password) = password {
opts = opts.password(password);
}
if let Some(database) = database {
opts = opts.database(database);
}
opts
}
};
options
.log_statements(LevelFilter::Debug)
.log_slow_statements(LevelFilter::Warn, Duration::from_millis(100));
PgPoolOptions::new()
.max_connections(config.max_connections.into())
.min_connections(config.min_connections)
.acquire_timeout(config.connect_timeout)
.idle_timeout(config.idle_timeout)
.max_lifetime(config.max_lifetime)
.connect_with(options)
.await
.context("could not connect to the database")
}

5
crates/config/Cargo.toml
View File

@ -6,8 +6,8 @@ edition = "2021"
license = "Apache-2.0" license = "Apache-2.0"
[dependencies] [dependencies]
tokio = { version = "1.23.0", features = [] } tokio = { version = "1.23.0", features = ["fs", "rt"] }
tracing = { version = "0.1.37", features = ["log"] } tracing = { version = "0.1.37" }
async-trait = "0.1.59" async-trait = "0.1.59"
thiserror = "1.0.37" thiserror = "1.0.37"
@ -23,7 +23,6 @@ url = { version = "2.3.1", features = ["serde"] }
serde = { version = "1.0.150", features = ["derive"] } serde = { version = "1.0.150", features = ["derive"] }
serde_with = { version = "2.1.0", features = ["hex", "chrono"] } serde_with = { version = "2.1.0", features = ["hex", "chrono"] }
serde_json = "1.0.89" serde_json = "1.0.89"
sqlx = { version = "0.6.2", features = ["runtime-tokio-rustls", "postgres"] }
pem-rfc7468 = "0.6.0" pem-rfc7468 = "0.6.0"
rustls-pemfile = "1.0.1" rustls-pemfile = "1.0.1"

9
crates/config/src/schema.rs
View File

@ -40,3 +40,12 @@ pub fn hostname(_gen: &mut SchemaGenerator) -> Schema {
..SchemaObject::default() ..SchemaObject::default()
}) })
} }
/// An email address
pub fn mailbox(_gen: &mut SchemaGenerator) -> Schema {
Schema::Object(SchemaObject {
instance_type: Some(InstanceType::String.into()),
format: Some("email".to_owned()),
..SchemaObject::default()
})
}

99
crates/config/src/sections/database.rs
View File

@ -14,18 +14,12 @@
use std::{num::NonZeroU32, time::Duration}; use std::{num::NonZeroU32, time::Duration};
use anyhow::Context;
use async_trait::async_trait; use async_trait::async_trait;
use camino::Utf8PathBuf; use camino::Utf8PathBuf;
use rand::Rng; use rand::Rng;
use schemars::JsonSchema; use schemars::JsonSchema;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use serde_with::{serde_as, skip_serializing_none}; use serde_with::{serde_as, skip_serializing_none};
use sqlx::{
postgres::{PgConnectOptions, PgPool, PgPoolOptions},
ConnectOptions,
};
use tracing::log::LevelFilter;
use super::ConfigurationSection; use super::ConfigurationSection;
use crate::schema; use crate::schema;
@ -65,14 +59,17 @@ impl Default for DatabaseConfig {
} }
} }
#[derive(Debug, Serialize, Deserialize, JsonSchema, PartialEq)] /// Database connection configuration
#[derive(Debug, Serialize, Deserialize, JsonSchema, PartialEq, Eq)]
#[serde(untagged)] #[serde(untagged)]
enum ConnectConfig { pub enum ConnectConfig {
/// Connect via a full URI
Uri { Uri {
/// Connection URI /// Connection URI
#[schemars(url, default = "default_connection_string")] #[schemars(url, default = "default_connection_string")]
uri: String, uri: String,
}, },
/// Connect via a map of options
Options { Options {
/// Name of host to connect to /// Name of host to connect to
#[schemars(schema_with = "schema::hostname")] #[schemars(schema_with = "schema::hostname")]
@ -100,59 +97,9 @@ enum ConnectConfig {
/// The database name /// The database name
#[serde(default)] #[serde(default)]
database: Option<String>, database: Option<String>,
/* TODO
* ssl_mode: PgSslMode,
* ssl_root_cert: Option<CertificateInput>, */
}, },
} }
impl TryInto<PgConnectOptions> for &ConnectConfig {
type Error = sqlx::Error;
fn try_into(self) -> Result<PgConnectOptions, Self::Error> {
match self {
ConnectConfig::Uri { uri } => uri.parse(),
ConnectConfig::Options {
host,
port,
socket,
username,
password,
database,
} => {
let mut opts =
PgConnectOptions::new().application_name("matrix-authentication-service");
if let Some(host) = host {
opts = opts.host(host);
}
if let Some(port) = port {
opts = opts.port(*port);
}
if let Some(socket) = socket {
opts = opts.socket(socket);
}
if let Some(username) = username {
opts = opts.username(username);
}
if let Some(password) = password {
opts = opts.password(password);
}
if let Some(database) = database {
opts = opts.database(database);
}
Ok(opts)
}
}
}
}
impl Default for ConnectConfig { impl Default for ConnectConfig {
fn default() -> Self { fn default() -> Self {
Self::Uri { Self::Uri {
@ -168,57 +115,33 @@ impl Default for ConnectConfig {
pub struct DatabaseConfig { pub struct DatabaseConfig {
/// Options related to how to connect to the database /// Options related to how to connect to the database
#[serde(default, flatten)] #[serde(default, flatten)]
options: ConnectConfig, pub options: ConnectConfig,
/// Set the maximum number of connections the pool should maintain /// Set the maximum number of connections the pool should maintain
#[serde(default = "default_max_connections")] #[serde(default = "default_max_connections")]
max_connections: NonZeroU32, pub max_connections: NonZeroU32,
/// Set the minimum number of connections the pool should maintain /// Set the minimum number of connections the pool should maintain
#[serde(default)] #[serde(default)]
min_connections: u32, pub min_connections: u32,
/// Set the amount of time to attempt connecting to the database /// Set the amount of time to attempt connecting to the database
#[schemars(with = "u64")] #[schemars(with = "u64")]
#[serde(default = "default_connect_timeout")] #[serde(default = "default_connect_timeout")]
#[serde_as(as = "serde_with::DurationSeconds<u64>")] #[serde_as(as = "serde_with::DurationSeconds<u64>")]
connect_timeout: Duration, pub connect_timeout: Duration,
/// Set a maximum idle duration for individual connections /// Set a maximum idle duration for individual connections
#[schemars(with = "Option<u64>")] #[schemars(with = "Option<u64>")]
#[serde(default = "default_idle_timeout")] #[serde(default = "default_idle_timeout")]
#[serde_as(as = "Option<serde_with::DurationSeconds<u64>>")] #[serde_as(as = "Option<serde_with::DurationSeconds<u64>>")]
idle_timeout: Option<Duration>, pub idle_timeout: Option<Duration>,
/// Set the maximum lifetime of individual connections /// Set the maximum lifetime of individual connections
#[schemars(with = "u64")] #[schemars(with = "u64")]
#[serde(default = "default_max_lifetime")] #[serde(default = "default_max_lifetime")]
#[serde_as(as = "Option<serde_with::DurationSeconds<u64>>")] #[serde_as(as = "Option<serde_with::DurationSeconds<u64>>")]
max_lifetime: Option<Duration>, pub max_lifetime: Option<Duration>,
}
impl DatabaseConfig {
/// Connect to the database
#[tracing::instrument(err, skip_all)]
pub async fn connect(&self) -> anyhow::Result<PgPool> {
let mut options: PgConnectOptions = (&self.options)
.try_into()
.context("invalid database config")?;
options
.log_statements(LevelFilter::Debug)
.log_slow_statements(LevelFilter::Warn, Duration::from_millis(100));
PgPoolOptions::new()
.max_connections(self.max_connections.into())
.min_connections(self.min_connections)
.acquire_timeout(self.connect_timeout)
.idle_timeout(self.idle_timeout)
.max_lifetime(self.max_lifetime)
.connect_with(options)
.await
.context("could not connect to the database")
}
} }
#[async_trait] #[async_trait]

28
crates/config/src/sections/email.rs
View File

@ -16,31 +16,11 @@ use std::num::NonZeroU16;
use async_trait::async_trait; use async_trait::async_trait;
use rand::Rng; use rand::Rng;
use schemars::{ use schemars::JsonSchema;
gen::SchemaGenerator,
schema::{InstanceType, Schema, SchemaObject},
JsonSchema,
};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use super::ConfigurationSection; use super::ConfigurationSection;
fn mailbox_schema(_gen: &mut SchemaGenerator) -> Schema {
Schema::Object(SchemaObject {
instance_type: Some(InstanceType::String.into()),
format: Some("email".to_owned()),
..SchemaObject::default()
})
}
fn hostname_schema(_gen: &mut SchemaGenerator) -> Schema {
Schema::Object(SchemaObject {
instance_type: Some(InstanceType::String.into()),
format: Some("hostname".to_owned()),
..SchemaObject::default()
})
}
#[derive(Clone, Debug, Serialize, Deserialize, JsonSchema)] #[derive(Clone, Debug, Serialize, Deserialize, JsonSchema)]
pub struct Credentials { pub struct Credentials {
/// Username for use to authenticate when connecting to the SMTP server /// Username for use to authenticate when connecting to the SMTP server
@ -77,7 +57,7 @@ pub enum EmailTransportConfig {
mode: EmailSmtpMode, mode: EmailSmtpMode,
/// Hostname to connect to /// Hostname to connect to
#[schemars(schema_with = "hostname_schema")] #[schemars(schema_with = "crate::schema::hostname")]
hostname: String, hostname: String,
/// Port to connect to. Default is 25 for plain, 465 for TLS and 587 for /// Port to connect to. Default is 25 for plain, 465 for TLS and 587 for
@ -120,12 +100,12 @@ fn default_sendmail_command() -> String {
pub struct EmailConfig { pub struct EmailConfig {
/// Email address to use as From when sending emails /// Email address to use as From when sending emails
#[serde(default = "default_email")] #[serde(default = "default_email")]
#[schemars(schema_with = "mailbox_schema")] #[schemars(schema_with = "crate::schema::mailbox")]
pub from: String, pub from: String,
/// Email address to use as Reply-To when sending emails /// Email address to use as Reply-To when sending emails
#[serde(default = "default_email")] #[serde(default = "default_email")]
#[schemars(schema_with = "mailbox_schema")] #[schemars(schema_with = "crate::schema::mailbox")]
pub reply_to: String, pub reply_to: String,
/// What backend should be used when sending emails /// What backend should be used when sending emails

2
crates/config/src/sections/mod.rs
View File

@ -32,7 +32,7 @@ mod templates;
pub use self::{ pub use self::{
clients::{ClientAuthMethodConfig, ClientConfig, ClientsConfig}, clients::{ClientAuthMethodConfig, ClientConfig, ClientsConfig},
csrf::CsrfConfig, csrf::CsrfConfig,
database::DatabaseConfig, database::{ConnectConfig as DatabaseConnectConfig, DatabaseConfig},
email::{EmailConfig, EmailSmtpMode, EmailTransportConfig}, email::{EmailConfig, EmailSmtpMode, EmailTransportConfig},
http::{ http::{
BindConfig as HttpBindConfig, HttpConfig, ListenerConfig as HttpListenerConfig, BindConfig as HttpBindConfig, HttpConfig, ListenerConfig as HttpListenerConfig,

2
crates/config/src/sections/secrets.rs
View File

@ -214,7 +214,7 @@ impl ConfigurationSection<'_> for SecretsConfig {
}; };
Ok(Self { Ok(Self {
encryption: rand::random(), encryption: rng.gen(),
keys: vec![rsa_key, ec_p256_key, ec_p384_key, ec_k256_key], keys: vec![rsa_key, ec_p256_key, ec_p384_key, ec_k256_key],
}) })
} }

10
docs/config.schema.json
View File

@ -45,8 +45,8 @@
"email": { "email": {
"description": "Configuration related to sending emails", "description": "Configuration related to sending emails",
"default": { "default": {
"from": "Authentication Service <root@localhost>", "from": "\"Authentication Service\" <root@localhost>",
"reply_to": "Authentication Service <root@localhost>", "reply_to": "\"Authentication Service\" <root@localhost>",
"transport": "blackhole" "transport": "blackhole"
}, },
"allOf": [ "allOf": [
@ -436,6 +436,7 @@
"type": "object", "type": "object",
"anyOf": [ "anyOf": [
{ {
"description": "Connect via a full URI",
"type": "object", "type": "object",
"properties": { "properties": {
"uri": { "uri": {
@ -447,6 +448,7 @@
} }
}, },
{ {
"description": "Connect via a map of options",
"type": "object", "type": "object",
"properties": { "properties": {
"database": { "database": {
@ -625,13 +627,13 @@
"properties": { "properties": {
"from": { "from": {
"description": "Email address to use as From when sending emails", "description": "Email address to use as From when sending emails",
"default": "Authentication Service <root@localhost>", "default": "\"Authentication Service\" <root@localhost>",
"type": "string", "type": "string",
"format": "email" "format": "email"
}, },
"reply_to": { "reply_to": {
"description": "Email address to use as Reply-To when sending emails", "description": "Email address to use as Reply-To when sending emails",
"default": "Authentication Service <root@localhost>", "default": "\"Authentication Service\" <root@localhost>",
"type": "string", "type": "string",
"format": "email" "format": "email"
} }

2
misc/update.sh
View File

@ -9,7 +9,7 @@ GRAPHQL_SCHEMA="${BASE_DIR}/frontend/schema.graphql"
set -x set -x
# XXX: we shouldn't have to specify this feature # XXX: we shouldn't have to specify this feature
cargo run -p mas-config --features webpki-roots > "${CONFIG_SCHEMA}" cargo run -p mas-config > "${CONFIG_SCHEMA}"
cargo run -p mas-graphql --features webpki-roots > "${GRAPHQL_SCHEMA}" cargo run -p mas-graphql --features webpki-roots > "${GRAPHQL_SCHEMA}"
cd "${BASE_DIR}/frontend" cd "${BASE_DIR}/frontend"