Docker setup #2

+4

.dockerignore

···

··· 1 + target 2 + /target 3 + **/.idea 4 + .idea

+564 -12

Cargo.lock

··· 108 109 110 111 112 113 114 115 116 ··· 210 211 212 213 214 215 216 217 ··· 263 264 265 266 267 268 ··· 321 322 323 324 325 326 327 328 329 ··· 333 334 335 336 337 338 339 ··· 509 510 511 512 513 514 515 516 ··· 543 544 545 546 547 548 549 ··· 581 582 583 584 - checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad" 585 - dependencies = [ 586 - "libc", 587 - "windows-sys 0.59.0", 588 ] 589 590 [[package]] 591 592 593 ··· 687 688 689 690 691 692 693 694 ··· 834 835 836 837 838 839 840 ··· 1097 1098 1099 1100 1101 1102 1103 1104 ··· 1150 1151 1152 1153 1154 1155 1156 1157 ··· 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 ··· 1190 1191 1192 1193 1194 1195 1196 ··· 1245 1246 1247 1248 1249 1250 1251 1252 ··· 1262 1263 1264 1265 1266 1267 1268 1269 ··· 1368 1369 1370 1371 1372 1373 1374 ··· 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 ··· 1577 1578 1579 1580 1581 1582 1583 1584 ··· 1758 1759 1760 1761 1762 1763 ··· 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 ··· 1839 1840 1841 1842 1843 1844 1845 ··· 1866 1867 1868 1869 1870 1871 1872 ··· 1897 1898 1899 1900 1901 1902 ··· 2077 2078 2079 2080 - "errno", 2081 - "libc", 2082 - "linux-raw-sys", 2083 - "windows-sys 0.59.0", 2084 - ] 2085 2086 - [[package]] 2087 2088 2089 ··· 2303 2304 2305 2306 2307 2308 ··· 2322 2323 2324 2325 2326 2327 ··· 2531 2532 2533 2534 2535 2536 ··· 2649 2650 2651 2652 - "getrandom 0.3.3", 2653 "once_cell", 2654 "rustix", 2655 - "windows-sys 0.59.0", 2656 ] 2657 2658 [[package]]

··· 108 109 110 111 + source = "registry+https://github.com/rust-lang/crates.io-index" 112 + checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" 113 114 + [[package]] 115 + name = "aws-lc-rs" 116 + version = "1.13.3" 117 + source = "registry+https://github.com/rust-lang/crates.io-index" 118 + checksum = "5c953fe1ba023e6b7730c0d4b031d06f267f23a46167dcbd40316644b10a17ba" 119 + dependencies = [ 120 + "aws-lc-sys", 121 + "untrusted 0.7.1", 122 + "zeroize", 123 + ] 124 125 + [[package]] 126 + name = "aws-lc-sys" 127 + version = "0.30.0" 128 + source = "registry+https://github.com/rust-lang/crates.io-index" 129 + checksum = "dbfd150b5dbdb988bcc8fb1fe787eb6b7ee6180ca24da683b61ea5405f3d43ff" 130 + dependencies = [ 131 + "bindgen", 132 + "cc", 133 + "cmake", 134 + "dunce", 135 + "fs_extra", 136 + ] 137 138 + [[package]] 139 + name = "axum" 140 + version = "0.8.4" 141 142 143 ··· 237 238 239 240 + source = "registry+https://github.com/rust-lang/crates.io-index" 241 + checksum = "55248b47b0caf0546f7988906588779981c43bb1bc9d0c44087278f80cdb44ba" 242 243 + [[package]] 244 + name = "bindgen" 245 + version = "0.69.5" 246 + source = "registry+https://github.com/rust-lang/crates.io-index" 247 + checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" 248 + dependencies = [ 249 + "bitflags", 250 + "cexpr", 251 + "clang-sys", 252 + "itertools", 253 + "lazy_static", 254 + "lazycell", 255 + "log", 256 + "prettyplease", 257 + "proc-macro2", 258 + "quote", 259 + "regex", 260 + "rustc-hash", 261 + "shlex", 262 + "syn", 263 + "which", 264 + ] 265 266 + [[package]] 267 + name = "bitflags" 268 + version = "2.9.1" 269 270 271 ··· 317 318 319 320 + "shlex", 321 + ] 322 + 323 + [[package]] 324 + name = "cexpr" 325 + version = "0.6.0" 326 + source = "registry+https://github.com/rust-lang/crates.io-index" 327 + checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" 328 + dependencies = [ 329 + "nom 7.1.3", 330 + ] 331 + 332 + [[package]] 333 + name = "cfg-if" 334 + version = "1.0.1" 335 + 336 + 337 + 338 339 340 ··· 393 394 395 396 + "inout", 397 + ] 398 399 + [[package]] 400 + name = "clang-sys" 401 + version = "1.8.1" 402 + source = "registry+https://github.com/rust-lang/crates.io-index" 403 + checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" 404 + dependencies = [ 405 + "glob", 406 + "libc", 407 + "libloading", 408 + ] 409 410 + [[package]] 411 + name = "cmake" 412 + version = "0.1.54" 413 + source = "registry+https://github.com/rust-lang/crates.io-index" 414 + checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" 415 + dependencies = [ 416 + "cc", 417 + ] 418 419 + [[package]] 420 + name = "concurrent-queue" 421 + version = "2.5.0" 422 423 424 ··· 428 429 430 431 + source = "registry+https://github.com/rust-lang/crates.io-index" 432 + checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" 433 434 + [[package]] 435 + name = "core-foundation-sys" 436 + version = "0.8.7" 437 438 439 ··· 609 610 611 612 + source = "registry+https://github.com/rust-lang/crates.io-index" 613 + checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b" 614 615 + [[package]] 616 + name = "dunce" 617 + version = "1.0.5" 618 + source = "registry+https://github.com/rust-lang/crates.io-index" 619 + checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" 620 621 + [[package]] 622 + name = "either" 623 + version = "1.15.0" 624 625 626 ··· 653 654 655 656 + checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad" 657 + dependencies = [ 658 + "libc", 659 + "windows-sys 0.52.0", 660 + ] 661 662 + [[package]] 663 664 665 ··· 697 698 699 700 + 701 + 702 + 703 + 704 + 705 + 706 + 707 + 708 + 709 + 710 + source = "registry+https://github.com/rust-lang/crates.io-index" 711 + checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" 712 + 713 + [[package]] 714 + name = "form_urlencoded" 715 + version = "1.2.1" 716 + 717 + 718 + 719 + 720 + 721 + 722 + 723 + 724 + 725 + 726 + 727 + 728 + 729 + "thiserror 1.0.69", 730 ] 731 732 [[package]] 733 + name = "fs_extra" 734 + version = "1.3.0" 735 + source = "registry+https://github.com/rust-lang/crates.io-index" 736 + checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" 737 + 738 + [[package]] 739 + name = "futures-channel" 740 + version = "0.3.31" 741 + 742 + 743 + 744 + 745 + 746 + 747 + 748 + 749 + 750 + 751 + 752 + 753 + 754 + 755 756 757 ··· 851 852 853 854 + source = "registry+https://github.com/rust-lang/crates.io-index" 855 + checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" 856 857 + [[package]] 858 + name = "glob" 859 + version = "0.3.3" 860 + source = "registry+https://github.com/rust-lang/crates.io-index" 861 + checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" 862 863 + [[package]] 864 + name = "globset" 865 + version = "0.4.16" 866 867 868 ··· 1008 1009 1010 1011 + "windows-sys 0.59.0", 1012 + ] 1013 1014 + [[package]] 1015 + name = "http" 1016 + version = "1.3.1" 1017 1018 1019 ··· 1276 1277 1278 1279 + "libc", 1280 + ] 1281 1282 + [[package]] 1283 + name = "itertools" 1284 + version = "0.12.1" 1285 + source = "registry+https://github.com/rust-lang/crates.io-index" 1286 + checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" 1287 + dependencies = [ 1288 + "either", 1289 + ] 1290 1291 + [[package]] 1292 + name = "itoa" 1293 + version = "1.0.15" 1294 1295 1296 ··· 1342 1343 1344 1345 + "spin", 1346 + ] 1347 1348 + [[package]] 1349 + name = "lazycell" 1350 + version = "1.3.0" 1351 + source = "registry+https://github.com/rust-lang/crates.io-index" 1352 + checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" 1353 1354 + [[package]] 1355 + name = "lettre" 1356 + version = "0.11.18" 1357 1358 1359 ··· 1362 1363 1364 1365 + "fastrand", 1366 + "futures-io", 1367 + "futures-util", 1368 + "httpdate", 1369 + "idna", 1370 + "mime", 1371 + "nom 8.0.0", 1372 + "percent-encoding", 1373 + "quoted_printable", 1374 + "rustls", 1375 + "socket2", 1376 + "tokio", 1377 + "tokio-rustls", 1378 + "url", 1379 + "webpki-roots 1.0.2", 1380 + ] 1381 1382 + [[package]] 1383 1384 1385 + source = "registry+https://github.com/rust-lang/crates.io-index" 1386 + checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543" 1387 1388 + [[package]] 1389 + name = "libloading" 1390 + version = "0.8.8" 1391 + source = "registry+https://github.com/rust-lang/crates.io-index" 1392 + checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667" 1393 + dependencies = [ 1394 + "cfg-if", 1395 + "windows-targets 0.48.5", 1396 + ] 1397 1398 + [[package]] 1399 + name = "libm" 1400 + version = "0.2.15" 1401 1402 1403 ··· 1423 1424 1425 1426 + [[package]] 1427 + name = "linux-raw-sys" 1428 + version = "0.4.15" 1429 + source = "registry+https://github.com/rust-lang/crates.io-index" 1430 + checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab" 1431 1432 + [[package]] 1433 + name = "litemap" 1434 1435 1436 ··· 1485 1486 1487 1488 + source = "registry+https://github.com/rust-lang/crates.io-index" 1489 + checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" 1490 1491 + [[package]] 1492 + name = "minimal-lexical" 1493 + version = "0.2.1" 1494 + source = "registry+https://github.com/rust-lang/crates.io-index" 1495 + checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" 1496 1497 + [[package]] 1498 + name = "miniz_oxide" 1499 + version = "0.8.9" 1500 1501 1502 ··· 1512 1513 1514 1515 + ] 1516 1517 + [[package]] 1518 + name = "nom" 1519 + version = "7.1.3" 1520 + source = "registry+https://github.com/rust-lang/crates.io-index" 1521 + checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" 1522 + dependencies = [ 1523 + "memchr", 1524 + "minimal-lexical", 1525 + ] 1526 1527 + [[package]] 1528 1529 1530 ··· 1629 1630 1631 1632 + source = "registry+https://github.com/rust-lang/crates.io-index" 1633 + checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" 1634 1635 + [[package]] 1636 + name = "overload" 1637 + version = "0.1.1" 1638 1639 1640 ··· 1690 1691 1692 1693 + version = "0.1.0" 1694 + dependencies = [ 1695 + "anyhow", 1696 + "aws-lc-rs", 1697 + "axum", 1698 + "axum-template", 1699 + "chrono", 1700 1701 1702 1703 1704 1705 + "lettre", 1706 + "rand 0.9.2", 1707 + "rust-embed", 1708 + "rustls", 1709 + "scrypt", 1710 + "serde", 1711 + "serde_json", 1712 1713 1714 ··· 1857 1858 1859 1860 + "zerocopy", 1861 + ] 1862 1863 + [[package]] 1864 + name = "prettyplease" 1865 + version = "0.2.35" 1866 + source = "registry+https://github.com/rust-lang/crates.io-index" 1867 + checksum = "061c1221631e079b26479d25bbf2275bfe5917ae8419cd7e34f13bfc2aa7539a" 1868 + dependencies = [ 1869 + "proc-macro2", 1870 + "syn", 1871 + ] 1872 1873 + [[package]] 1874 + name = "proc-macro2" 1875 + version = "1.0.97" 1876 1877 1878 ··· 2052 2053 2054 2055 + "cfg-if", 2056 + "getrandom 0.2.16", 2057 + "libc", 2058 + "untrusted 0.9.0", 2059 + "windows-sys 0.52.0", 2060 + ] 2061 2062 2063 ··· 2117 2118 2119 2120 + source = "registry+https://github.com/rust-lang/crates.io-index" 2121 + checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace" 2122 2123 + [[package]] 2124 + name = "rustc-hash" 2125 + version = "1.1.0" 2126 + source = "registry+https://github.com/rust-lang/crates.io-index" 2127 + checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" 2128 2129 + [[package]] 2130 + name = "rustix" 2131 + version = "0.38.44" 2132 + source = "registry+https://github.com/rust-lang/crates.io-index" 2133 + checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154" 2134 + dependencies = [ 2135 + "bitflags", 2136 + "errno", 2137 + "libc", 2138 + "linux-raw-sys", 2139 + "windows-sys 0.52.0", 2140 + ] 2141 2142 + [[package]] 2143 2144 2145 + source = "registry+https://github.com/rust-lang/crates.io-index" 2146 + checksum = "c0ebcbd2f03de0fc1122ad9bb24b127a5a6cd51d72604a3f3c50ac459762b6cc" 2147 + dependencies = [ 2148 + "aws-lc-rs", 2149 + "log", 2150 + "once_cell", 2151 + "ring", 2152 + "rustls-pki-types", 2153 2154 2155 ··· 2167 2168 2169 2170 + source = "registry+https://github.com/rust-lang/crates.io-index" 2171 + checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc" 2172 + dependencies = [ 2173 + "aws-lc-rs", 2174 + "ring", 2175 + "rustls-pki-types", 2176 + "untrusted 0.9.0", 2177 + ] 2178 2179 + [[package]] 2180 2181 2182 ··· 2203 2204 2205 2206 + "winapi-util", 2207 + ] 2208 2209 + [[package]] 2210 + name = "scopeguard" 2211 + version = "1.2.0" 2212 2213 2214 ··· 2239 2240 2241 2242 + "cc", 2243 + ] 2244 + 2245 + [[package]] 2246 + name = "serde" 2247 + version = "1.0.219" 2248 + 2249 + 2250 + 2251 + 2252 + 2253 + 2254 + 2255 + 2256 + 2257 + 2258 + 2259 + 2260 + 2261 + 2262 + 2263 + 2264 + 2265 + 2266 + 2267 + 2268 + 2269 2270 2271 ··· 2446 2447 2448 2449 2450 2451 2452 ··· 2666 2667 2668 2669 + "syn", 2670 + ] 2671 + 2672 + [[package]] 2673 + name = "thiserror" 2674 + version = "1.0.69" 2675 + 2676 + 2677 + 2678 + 2679 + 2680 + 2681 + 2682 + 2683 + 2684 + 2685 + 2686 + 2687 + 2688 + 2689 + 2690 + 2691 + 2692 + 2693 + 2694 + 2695 + 2696 + 2697 + 2698 + 2699 + 2700 + 2701 + 2702 + 2703 + 2704 + 2705 + 2706 + 2707 + 2708 + 2709 + 2710 + 2711 + 2712 + 2713 + 2714 + 2715 + 2716 + 2717 + 2718 + 2719 + 2720 + 2721 + 2722 + 2723 + 2724 + 2725 + 2726 + 2727 + 2728 + 2729 + 2730 + 2731 + 2732 + 2733 + 2734 + 2735 + 2736 + 2737 + 2738 + 2739 + 2740 + 2741 + 2742 + 2743 + 2744 + 2745 + 2746 + 2747 + 2748 + 2749 + 2750 + 2751 + 2752 + 2753 + 2754 + 2755 2756 2757 ··· 2771 2772 2773 2774 + ] 2775 + 2776 + [[package]] 2777 + name = "tokio-rustls" 2778 + version = "0.26.2" 2779 + source = "registry+https://github.com/rust-lang/crates.io-index" 2780 + checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b" 2781 + dependencies = [ 2782 + "rustls", 2783 + "tokio", 2784 + ] 2785 + 2786 + 2787 + 2788 + 2789 + 2790 + 2791 + 2792 + 2793 + 2794 + 2795 + 2796 + 2797 + 2798 + 2799 + 2800 + 2801 2802 2803 ··· 3007 3008 3009 3010 + source = "registry+https://github.com/rust-lang/crates.io-index" 3011 + checksum = "e70f2a8b45122e719eb623c01822704c4e0907e7e426a05927e1a1cfff5b75d0" 3012 + 3013 + [[package]] 3014 + name = "untrusted" 3015 + version = "0.7.1" 3016 + source = "registry+https://github.com/rust-lang/crates.io-index" 3017 + checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" 3018 + 3019 + [[package]] 3020 + name = "untrusted" 3021 + version = "0.9.0" 3022 + 3023 + 3024 + 3025 + 3026 + 3027 + 3028 + 3029 + 3030 + 3031 + 3032 + 3033 + 3034 + 3035 + 3036 + 3037 + 3038 + 3039 3040 3041 ··· 3154 3155 3156 3157 + 3158 + 3159 + 3160 + 3161 + 3162 + 3163 + 3164 + 3165 + 3166 + 3167 + 3168 + 3169 + 3170 + 3171 + 3172 + 3173 + 3174 + 3175 + 3176 + 3177 + 3178 + 3179 + 3180 + 3181 + 3182 + 3183 + 3184 + 3185 + 3186 + 3187 + 3188 + 3189 + 3190 + 3191 + 3192 + 3193 + "rustls-pki-types", 3194 + ] 3195 + 3196 + [[package]] 3197 + name = "which" 3198 + version = "4.4.2" 3199 + source = "registry+https://github.com/rust-lang/crates.io-index" 3200 + checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" 3201 + dependencies = [ 3202 + "either", 3203 + "home", 3204 "once_cell", 3205 "rustix", 3206 ] 3207 3208 [[package]] 3209 + name = "whoami" 3210 + version = "1.6.1"

+10

Dockerfile

···

··· 1 + FROM rust:1.89.0-bookworm AS builder 2 + WORKDIR /app 3 + COPY ../ /app 4 + RUN cargo build --release 5 + # 6 + FROM rust:1.89-slim-bookworm AS api 7 + RUN apt-get update 8 + RUN apt-get install -y ca-certificates 9 + COPY --from=builder /app/target/release/pds_gatekeeper /usr/local/bin/pds_gatekeeper 10 + CMD ["pds_gatekeeper"]

+6

justfile

···

··· 1 + release: 2 + docker buildx build \ 3 + --platform linux/arm64,linux/amd64 \ 4 + --tag fatfingers23/pds_gatekeeper:latest \ 5 + --tag fatfingers23/pds_gatekeeper:0.1 \ 6 + --push .

+5 -2

src/main.rs

··· 88 #[tokio::main] 89 async fn main() -> Result<(), Box<dyn std::error::Error>> { 90 setup_tracing(); 91 - //TODO may need to change where this reads from? Like an env variable for it's location? Or arg? 92 - dotenvy::from_path(Path::new("./pds.env"))?; 93 let pds_root = env::var("PDS_DATA_DIRECTORY")?; 94 let account_db_url = format!("{pds_root}/account.sqlite"); 95 ··· 129 env::var("PDS_EMAIL_SMTP_URL").expect("PDS_EMAIL_SMTP_URL is not set in your pds.env file"); 130 let sent_from = env::var("PDS_EMAIL_FROM_ADDRESS") 131 .expect("PDS_EMAIL_FROM_ADDRESS is not set in your pds.env file"); 132 let mailer: AsyncSmtpTransport<Tokio1Executor> = 133 AsyncSmtpTransport::<Tokio1Executor>::from_url(smtp_url.as_str())?.build(); 134 //Email templates setup

··· 88 #[tokio::main] 89 async fn main() -> Result<(), Box<dyn std::error::Error>> { 90 setup_tracing(); 91 + let pds_env_location = 92 + env::var("PDS_ENV_LOCATION").unwrap_or_else(|_| "/pds/pds.env".to_string()); 93 + 94 + dotenvy::from_path(Path::new(&pds_env_location))?; 95 let pds_root = env::var("PDS_DATA_DIRECTORY")?; 96 let account_db_url = format!("{pds_root}/account.sqlite"); 97 ··· 131 env::var("PDS_EMAIL_SMTP_URL").expect("PDS_EMAIL_SMTP_URL is not set in your pds.env file"); 132 let sent_from = env::var("PDS_EMAIL_FROM_ADDRESS") 133 .expect("PDS_EMAIL_FROM_ADDRESS is not set in your pds.env file"); 134 + 135 let mailer: AsyncSmtpTransport<Tokio1Executor> = 136 AsyncSmtpTransport::<Tokio1Executor>::from_url(smtp_url.as_str())?.build(); 137 //Email templates setup

+1 -4

src/oauth_provider.rs

··· 36 "Invalid identifier or password", 37 ), 38 AuthResult::TwoFactorRequired(masked_email) => { 39 - // Email sending step can be handled here if needed in the future. 40 - 41 - // {"error":"second_authentication_factor_required","error_description":"emailOtp authentication factor required (hint: 2***0@p***m)","type":"emailOtp","hint":"2***0@p***m"} 42 let body_str = match serde_json::to_string(&serde_json::json!({ 43 "error": "second_authentication_factor_required", 44 "error_description": format!("emailOtp authentication factor required (hint: {})", masked_email), ··· 97 }, 98 Err(err) => { 99 log::error!( 100 - "Error during pre-auth check. This happens on the create_session endpoint when trying to decide if the user has access:\n {err}" 101 ); 102 oauth_json_error_response( 103 StatusCode::BAD_REQUEST,

··· 36 "Invalid identifier or password", 37 ), 38 AuthResult::TwoFactorRequired(masked_email) => { 39 let body_str = match serde_json::to_string(&serde_json::json!({ 40 "error": "second_authentication_factor_required", 41 "error_description": format!("emailOtp authentication factor required (hint: {})", masked_email), ··· 94 }, 95 Err(err) => { 96 log::error!( 97 + "Error during pre-auth check. This happens on the oauth signin endpoint when trying to decide if the user has access:\n {err}" 98 ); 99 oauth_json_error_response( 100 StatusCode::BAD_REQUEST,

+5 -1

Cargo.toml

··· 18 hex = "0.4" 19 jwt-compact = { version = "0.8.0", features = ["es256k"] } 20 scrypt = "0.11" 21 - lettre = { version = "0.11.18", features = ["tokio1", "pool", "tokio1-native-tls"] } 22 handlebars = { version = "6.3.2", features = ["rust-embed"] } 23 rust-embed = "8.7.2" 24 axum-template = { version = "3.0.0", features = ["handlebars"] }

··· 18 hex = "0.4" 19 jwt-compact = { version = "0.8.0", features = ["es256k"] } 20 scrypt = "0.11" 21 + #lettre = { version = "0.11.18", default-features = false, features = ["pool", "tokio1-rustls", "smtp-transport", "hostname", "builder"] } 22 + #lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] } 23 + aws-lc-rs = "1.13.0" 24 + lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] } 25 + rustls = { version = "0.23", default-features = false, features = ["tls12", "std", "logging", "aws_lc_rs"] } 26 handlebars = { version = "6.3.2", features = ["rust-embed"] } 27 rust-embed = "8.7.2" 28 axum-template = { version = "3.0.0", features = ["handlebars"] }

+79 -15

README.md

··· 21 22 # Setup 23 24 - We are getting close! Testing now 25 - 26 - Nothing here yet! If you are brave enough to try before full release, let me know and I'll help you set it up. 27 - But I want to run it locally on my own PDS first to test run it a bit. 28 - 29 - Example Caddyfile (mostly so I don't lose it for now. Will have a better one in the future) 30 31 ```caddyfile 32 - http://localhost { 33 - 34 @gatekeeper { 35 - path /xrpc/com.atproto.server.getSession 36 - path /xrpc/com.atproto.server.updateEmail 37 - path /xrpc/com.atproto.server.createSession 38 - path /@atproto/oauth-provider/~api/sign-in 39 } 40 41 handle @gatekeeper { 42 - reverse_proxy http://localhost:8080 43 } 44 45 - reverse_proxy /* http://localhost:3000 46 } 47 48 - ```

··· 21 22 # Setup 23 24 + PDS Gatekeeper has 2 parts to its setup, docker compose file and a reverse proxy (Caddy in this case). I will be 25 + assuming you setup the PDS following the directions 26 + found [here](https://atproto.com/guides/self-hosting), but if yours is different, or you have questions, feel free to 27 + let 28 + me know, and we can figure it out. 29 + 30 + ## Docker compose 31 + 32 + The pds gatekeeper container can be found on docker hub under the name `fatfingers23/pds_gatekeeper`. The container does 33 + need access to the `/pds` root folder to access the same db's as your PDS. The part you need to add would look a bit 34 + like below. You can find a full example of what I use for my pds at [./examples/compose.yml](./examples/compose.yml). 35 + This is usually found at `/pds/compose.yaml`on your PDS> 36 + 37 + ```yml 38 + gatekeeper: 39 + container_name: gatekeeper 40 + image: fatfingers23/pds_gatekeeper:arm-latest 41 + network_mode: host 42 + restart: unless-stopped 43 + #This gives the container to the access to the PDS folder. Source is the location on your server of that directory 44 + volumes: 45 + - type: bind 46 + source: /pds 47 + target: /pds 48 + depends_on: 49 + - pds 50 + ``` 51 + 52 + ## Caddy setup 53 + 54 + For the reverse proxy I use caddy. This part is what overwrites the endpoints and proxies them to PDS gatekeeper to add 55 + in extra functionality. The main part is below, for a full example see [./examples/Caddyfile](./examples/Caddyfile). 56 + This is usually found at `/pds/caddy/etc/caddy/Caddyfile` on your PDS. 57 58 ```caddyfile 59 @gatekeeper { 60 + path /xrpc/com.atproto.server.getSession 61 + path /xrpc/com.atproto.server.updateEmail 62 + path /xrpc/com.atproto.server.createSession 63 + path /@atproto/oauth-provider/~api/sign-in 64 } 65 66 handle @gatekeeper { 67 + reverse_proxy http://localhost:8080 68 } 69 70 + reverse_proxy http://localhost:3000 71 + ``` 72 + 73 + If you use a cloudflare tunnel then your caddyfile would look a bit more like below with your tunnel proxying to 74 + `localhost:8081` (or w/e port you want). 75 + 76 + ```caddyfile 77 + http://*.localhost:8082, http://localhost:8082 { 78 + @gatekeeper { 79 + path /xrpc/com.atproto.server.getSession 80 + path /xrpc/com.atproto.server.updateEmail 81 + path /xrpc/com.atproto.server.createSession 82 + path /@atproto/oauth-provider/~api/sign-in 83 + } 84 + 85 + handle @gatekeeper { 86 + reverse_proxy http://localhost:8080 87 + } 88 + 89 + reverse_proxy http://localhost:3000 90 } 91 92 + ``` 93 + 94 + # Environment variables and bonuses 95 + 96 + Every environment variable can be set in the `pds.env` and shared between PDS and gatekeeper and the PDS, with the 97 + exception of `PDS_ENV_LOCATION`. This can be set to load the pds.env, by default it checks `/pds/pds.env` and is 98 + recommended to mount the `/pds` folder on the server to `/pds` in the pds gatekeeper container. 99 + 100 + `PDS_DATA_DIRECTORY` - Root directory of the PDS. Same as the one found in `pds.env` this is how pds gatekeeper knows 101 + knows the rest of the environment variables. 102 + 103 + `GATEKEEPER_EMAIL_TEMPLATES_DIRECTORY` - The folder for templates of the emails PDS gatekeeper sends. You can find them 104 + in [./email_templates](./email_templates). You are free to edit them as you please and set this variable to a location 105 + in the pds gateekeper container and it will use them in place of the default ones. Just make sure ot keep the names the 106 + same. 107 + 108 + `PDS_BASE_URL` - Base url of the PDS. You most likely want `https://localhost:3000` which is also the default 109 + 110 + `GATEKEEPER_HOST` - Host for pds gatekeeper. Defaults to `127.0.0.1` 111 + 112 + `GATEKEEPER_PORT` - Port for pds gatekeeper. Defaults to `8080`

+29

examples/Caddyfile

···

··· 1 + { 2 + email youremail@myemail.com 3 + on_demand_tls { 4 + ask http://localhost:3000/tls-check 5 + } 6 + } 7 + 8 + *.yourpds.com, yourpds.com { 9 + tls { 10 + on_demand 11 + } 12 + # You'll most likely just want from here to.... 13 + @gatekeeper { 14 + path /xrpc/com.atproto.server.getSession 15 + path /xrpc/com.atproto.server.updateEmail 16 + path /xrpc/com.atproto.server.createSession 17 + path /@atproto/oauth-provider/~api/sign-in 18 + } 19 + 20 + handle @gatekeeper { 21 + #This is the address for PDS gatekeeper, default is 8080 22 + reverse_proxy http://localhost:8080 23 + } 24 + 25 + reverse_proxy http://localhost:3000 26 + #..here. Copy and paste this replacing the reverse_proxy http://localhost:3000 line 27 + } 28 + 29 +

+51

examples/compose.yml

···

··· 1 + version: '3.9' 2 + services: 3 + caddy: 4 + container_name: caddy 5 + image: caddy:2 6 + network_mode: host 7 + depends_on: 8 + - pds 9 + restart: unless-stopped 10 + volumes: 11 + - type: bind 12 + source: /pds/caddy/data 13 + target: /data 14 + - type: bind 15 + source: /pds/caddy/etc/caddy 16 + target: /etc/caddy 17 + pds: 18 + container_name: pds 19 + image: ghcr.io/bluesky-social/pds:0.4 20 + network_mode: host 21 + restart: unless-stopped 22 + volumes: 23 + - type: bind 24 + source: /pds 25 + target: /pds 26 + env_file: 27 + - /pds/pds.env 28 + watchtower: 29 + container_name: watchtower 30 + image: containrrr/watchtower:latest 31 + network_mode: host 32 + volumes: 33 + - type: bind 34 + source: /var/run/docker.sock 35 + target: /var/run/docker.sock 36 + restart: unless-stopped 37 + environment: 38 + WATCHTOWER_CLEANUP: true 39 + WATCHTOWER_SCHEDULE: "@midnight" 40 + gatekeeper: 41 + container_name: gatekeeper 42 + image: fatfingers23/pds_gatekeeper:arm-latest 43 + network_mode: host 44 + restart: unless-stopped 45 + #This gives the container to the access to the PDS folder. Source is the location on your server of that directory 46 + volumes: 47 + - type: bind 48 + source: /pds 49 + target: /pds 50 + depends_on: 51 + - pds

History