Docker setup #2

+4

.dockerignore

··· 1 + target 2 + /target 3 + **/.idea 4 + .idea

+564 -12

Cargo.lock

··· 108 108 109 109 110 110 111 + source = "registry+https://github.com/rust-lang/crates.io-index" 112 + checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" 111 113 114 + [[package]] 115 + name = "aws-lc-rs" 116 + version = "1.13.3" 117 + source = "registry+https://github.com/rust-lang/crates.io-index" 118 + checksum = "5c953fe1ba023e6b7730c0d4b031d06f267f23a46167dcbd40316644b10a17ba" 119 + dependencies = [ 120 + "aws-lc-sys", 121 + "untrusted 0.7.1", 122 + "zeroize", 123 + ] 112 124 125 + [[package]] 126 + name = "aws-lc-sys" 127 + version = "0.30.0" 128 + source = "registry+https://github.com/rust-lang/crates.io-index" 129 + checksum = "dbfd150b5dbdb988bcc8fb1fe787eb6b7ee6180ca24da683b61ea5405f3d43ff" 130 + dependencies = [ 131 + "bindgen", 132 + "cc", 133 + "cmake", 134 + "dunce", 135 + "fs_extra", 136 + ] 113 137 138 + [[package]] 139 + name = "axum" 140 + version = "0.8.4" 114 141 115 142 116 143 ··· 210 237 211 238 212 239 240 + source = "registry+https://github.com/rust-lang/crates.io-index" 241 + checksum = "55248b47b0caf0546f7988906588779981c43bb1bc9d0c44087278f80cdb44ba" 213 242 243 + [[package]] 244 + name = "bindgen" 245 + version = "0.69.5" 246 + source = "registry+https://github.com/rust-lang/crates.io-index" 247 + checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" 248 + dependencies = [ 249 + "bitflags", 250 + "cexpr", 251 + "clang-sys", 252 + "itertools", 253 + "lazy_static", 254 + "lazycell", 255 + "log", 256 + "prettyplease", 257 + "proc-macro2", 258 + "quote", 259 + "regex", 260 + "rustc-hash", 261 + "shlex", 262 + "syn", 263 + "which", 264 + ] 214 265 266 + [[package]] 267 + name = "bitflags" 268 + version = "2.9.1" 215 269 216 270 217 271 ··· 263 317 264 318 265 319 320 + "shlex", 321 + ] 322 + 323 + [[package]] 324 + name = "cexpr" 325 + version = "0.6.0" 326 + source = "registry+https://github.com/rust-lang/crates.io-index" 327 + checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" 328 + dependencies = [ 329 + "nom 7.1.3", 330 + ] 331 + 332 + [[package]] 333 + name = "cfg-if" 334 + version = "1.0.1" 335 + 336 + 337 + 266 338 267 339 268 340 ··· 321 393 322 394 323 395 396 + "inout", 397 + ] 324 398 399 + [[package]] 400 + name = "clang-sys" 401 + version = "1.8.1" 402 + source = "registry+https://github.com/rust-lang/crates.io-index" 403 + checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" 404 + dependencies = [ 405 + "glob", 406 + "libc", 407 + "libloading", 408 + ] 325 409 410 + [[package]] 411 + name = "cmake" 412 + version = "0.1.54" 413 + source = "registry+https://github.com/rust-lang/crates.io-index" 414 + checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" 415 + dependencies = [ 416 + "cc", 417 + ] 326 418 419 + [[package]] 420 + name = "concurrent-queue" 421 + version = "2.5.0" 327 422 328 423 329 424 ··· 333 428 334 429 335 430 431 + source = "registry+https://github.com/rust-lang/crates.io-index" 432 + checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" 336 433 434 + [[package]] 435 + name = "core-foundation-sys" 436 + version = "0.8.7" 337 437 338 438 339 439 ··· 509 609 510 610 511 611 612 + source = "registry+https://github.com/rust-lang/crates.io-index" 613 + checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b" 512 614 615 + [[package]] 616 + name = "dunce" 617 + version = "1.0.5" 618 + source = "registry+https://github.com/rust-lang/crates.io-index" 619 + checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" 513 620 621 + [[package]] 622 + name = "either" 623 + version = "1.15.0" 514 624 515 625 516 626 ··· 543 653 544 654 545 655 656 + checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad" 657 + dependencies = [ 658 + "libc", 659 + "windows-sys 0.52.0", 660 + ] 546 661 662 + [[package]] 547 663 548 664 549 665 ··· 581 697 582 698 583 699 584 - checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad" 585 - dependencies = [ 586 - "libc", 587 - "windows-sys 0.59.0", 700 + 701 + 702 + 703 + 704 + 705 + 706 + 707 + 708 + 709 + 710 + source = "registry+https://github.com/rust-lang/crates.io-index" 711 + checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" 712 + 713 + [[package]] 714 + name = "form_urlencoded" 715 + version = "1.2.1" 716 + 717 + 718 + 719 + 720 + 721 + 722 + 723 + 724 + 725 + 726 + 727 + 728 + 729 + "thiserror 1.0.69", 588 730 ] 589 731 590 732 [[package]] 733 + name = "fs_extra" 734 + version = "1.3.0" 735 + source = "registry+https://github.com/rust-lang/crates.io-index" 736 + checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" 737 + 738 + [[package]] 739 + name = "futures-channel" 740 + version = "0.3.31" 741 + 742 + 743 + 744 + 745 + 746 + 747 + 748 + 749 + 750 + 751 + 752 + 753 + 754 + 591 755 592 756 593 757 ··· 687 851 688 852 689 853 854 + source = "registry+https://github.com/rust-lang/crates.io-index" 855 + checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" 690 856 857 + [[package]] 858 + name = "glob" 859 + version = "0.3.3" 860 + source = "registry+https://github.com/rust-lang/crates.io-index" 861 + checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" 691 862 863 + [[package]] 864 + name = "globset" 865 + version = "0.4.16" 692 866 693 867 694 868 ··· 834 1008 835 1009 836 1010 1011 + "windows-sys 0.59.0", 1012 + ] 837 1013 1014 + [[package]] 1015 + name = "http" 1016 + version = "1.3.1" 838 1017 839 1018 840 1019 ··· 1097 1276 1098 1277 1099 1278 1279 + "libc", 1280 + ] 1100 1281 1282 + [[package]] 1283 + name = "itertools" 1284 + version = "0.12.1" 1285 + source = "registry+https://github.com/rust-lang/crates.io-index" 1286 + checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" 1287 + dependencies = [ 1288 + "either", 1289 + ] 1101 1290 1291 + [[package]] 1292 + name = "itoa" 1293 + version = "1.0.15" 1102 1294 1103 1295 1104 1296 ··· 1150 1342 1151 1343 1152 1344 1345 + "spin", 1346 + ] 1153 1347 1348 + [[package]] 1349 + name = "lazycell" 1350 + version = "1.3.0" 1351 + source = "registry+https://github.com/rust-lang/crates.io-index" 1352 + checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" 1154 1353 1354 + [[package]] 1355 + name = "lettre" 1356 + version = "0.11.18" 1155 1357 1156 1358 1157 1359 ··· 1160 1362 1161 1363 1162 1364 1365 + "fastrand", 1366 + "futures-io", 1367 + "futures-util", 1368 + "httpdate", 1369 + "idna", 1370 + "mime", 1371 + "nom 8.0.0", 1372 + "percent-encoding", 1373 + "quoted_printable", 1374 + "rustls", 1375 + "socket2", 1376 + "tokio", 1377 + "tokio-rustls", 1378 + "url", 1379 + "webpki-roots 1.0.2", 1380 + ] 1163 1381 1382 + [[package]] 1164 1383 1165 1384 1385 + source = "registry+https://github.com/rust-lang/crates.io-index" 1386 + checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543" 1166 1387 1388 + [[package]] 1389 + name = "libloading" 1390 + version = "0.8.8" 1391 + source = "registry+https://github.com/rust-lang/crates.io-index" 1392 + checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667" 1393 + dependencies = [ 1394 + "cfg-if", 1395 + "windows-targets 0.48.5", 1396 + ] 1167 1397 1398 + [[package]] 1399 + name = "libm" 1400 + version = "0.2.15" 1168 1401 1169 1402 1170 1403 ··· 1190 1423 1191 1424 1192 1425 1426 + [[package]] 1427 + name = "linux-raw-sys" 1428 + version = "0.4.15" 1429 + source = "registry+https://github.com/rust-lang/crates.io-index" 1430 + checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab" 1193 1431 1432 + [[package]] 1433 + name = "litemap" 1194 1434 1195 1435 1196 1436 ··· 1245 1485 1246 1486 1247 1487 1488 + source = "registry+https://github.com/rust-lang/crates.io-index" 1489 + checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" 1248 1490 1491 + [[package]] 1492 + name = "minimal-lexical" 1493 + version = "0.2.1" 1494 + source = "registry+https://github.com/rust-lang/crates.io-index" 1495 + checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" 1249 1496 1497 + [[package]] 1498 + name = "miniz_oxide" 1499 + version = "0.8.9" 1250 1500 1251 1501 1252 1502 ··· 1262 1512 1263 1513 1264 1514 1515 + ] 1265 1516 1517 + [[package]] 1518 + name = "nom" 1519 + version = "7.1.3" 1520 + source = "registry+https://github.com/rust-lang/crates.io-index" 1521 + checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" 1522 + dependencies = [ 1523 + "memchr", 1524 + "minimal-lexical", 1525 + ] 1266 1526 1527 + [[package]] 1267 1528 1268 1529 1269 1530 ··· 1368 1629 1369 1630 1370 1631 1632 + source = "registry+https://github.com/rust-lang/crates.io-index" 1633 + checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" 1371 1634 1635 + [[package]] 1636 + name = "overload" 1637 + version = "0.1.1" 1372 1638 1373 1639 1374 1640 ··· 1424 1690 1425 1691 1426 1692 1693 + version = "0.1.0" 1694 + dependencies = [ 1695 + "anyhow", 1696 + "aws-lc-rs", 1697 + "axum", 1698 + "axum-template", 1699 + "chrono", 1427 1700 1428 1701 1429 1702 1430 1703 1431 1704 1705 + "lettre", 1706 + "rand 0.9.2", 1707 + "rust-embed", 1708 + "rustls", 1709 + "scrypt", 1710 + "serde", 1711 + "serde_json", 1432 1712 1433 1713 1434 1714 ··· 1577 1857 1578 1858 1579 1859 1860 + "zerocopy", 1861 + ] 1580 1862 1863 + [[package]] 1864 + name = "prettyplease" 1865 + version = "0.2.35" 1866 + source = "registry+https://github.com/rust-lang/crates.io-index" 1867 + checksum = "061c1221631e079b26479d25bbf2275bfe5917ae8419cd7e34f13bfc2aa7539a" 1868 + dependencies = [ 1869 + "proc-macro2", 1870 + "syn", 1871 + ] 1581 1872 1873 + [[package]] 1874 + name = "proc-macro2" 1875 + version = "1.0.97" 1582 1876 1583 1877 1584 1878 ··· 1758 2052 1759 2053 1760 2054 2055 + "cfg-if", 2056 + "getrandom 0.2.16", 2057 + "libc", 2058 + "untrusted 0.9.0", 2059 + "windows-sys 0.52.0", 2060 + ] 1761 2061 1762 2062 1763 2063 ··· 1817 2117 1818 2118 1819 2119 2120 + source = "registry+https://github.com/rust-lang/crates.io-index" 2121 + checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace" 1820 2122 2123 + [[package]] 2124 + name = "rustc-hash" 2125 + version = "1.1.0" 2126 + source = "registry+https://github.com/rust-lang/crates.io-index" 2127 + checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" 1821 2128 2129 + [[package]] 2130 + name = "rustix" 2131 + version = "0.38.44" 2132 + source = "registry+https://github.com/rust-lang/crates.io-index" 2133 + checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154" 2134 + dependencies = [ 2135 + "bitflags", 2136 + "errno", 2137 + "libc", 2138 + "linux-raw-sys", 2139 + "windows-sys 0.52.0", 2140 + ] 1822 2141 2142 + [[package]] 1823 2143 1824 2144 2145 + source = "registry+https://github.com/rust-lang/crates.io-index" 2146 + checksum = "c0ebcbd2f03de0fc1122ad9bb24b127a5a6cd51d72604a3f3c50ac459762b6cc" 2147 + dependencies = [ 2148 + "aws-lc-rs", 2149 + "log", 2150 + "once_cell", 2151 + "ring", 2152 + "rustls-pki-types", 1825 2153 1826 2154 1827 2155 ··· 1839 2167 1840 2168 1841 2169 2170 + source = "registry+https://github.com/rust-lang/crates.io-index" 2171 + checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc" 2172 + dependencies = [ 2173 + "aws-lc-rs", 2174 + "ring", 2175 + "rustls-pki-types", 2176 + "untrusted 0.9.0", 2177 + ] 1842 2178 2179 + [[package]] 1843 2180 1844 2181 1845 2182 ··· 1866 2203 1867 2204 1868 2205 2206 + "winapi-util", 2207 + ] 1869 2208 2209 + [[package]] 2210 + name = "scopeguard" 2211 + version = "1.2.0" 1870 2212 1871 2213 1872 2214 ··· 1897 2239 1898 2240 1899 2241 2242 + "cc", 2243 + ] 2244 + 2245 + [[package]] 2246 + name = "serde" 2247 + version = "1.0.219" 2248 + 2249 + 2250 + 2251 + 2252 + 2253 + 2254 + 2255 + 2256 + 2257 + 2258 + 2259 + 2260 + 2261 + 2262 + 2263 + 2264 + 2265 + 2266 + 2267 + 2268 + 1900 2269 1901 2270 1902 2271 ··· 2077 2446 2078 2447 2079 2448 2080 - "errno", 2081 - "libc", 2082 - "linux-raw-sys", 2083 - "windows-sys 0.59.0", 2084 - ] 2085 2449 2086 - [[package]] 2087 2450 2088 2451 2089 2452 ··· 2303 2666 2304 2667 2305 2668 2669 + "syn", 2670 + ] 2671 + 2672 + [[package]] 2673 + name = "thiserror" 2674 + version = "1.0.69" 2675 + 2676 + 2677 + 2678 + 2679 + 2680 + 2681 + 2682 + 2683 + 2684 + 2685 + 2686 + 2687 + 2688 + 2689 + 2690 + 2691 + 2692 + 2693 + 2694 + 2695 + 2696 + 2697 + 2698 + 2699 + 2700 + 2701 + 2702 + 2703 + 2704 + 2705 + 2706 + 2707 + 2708 + 2709 + 2710 + 2711 + 2712 + 2713 + 2714 + 2715 + 2716 + 2717 + 2718 + 2719 + 2720 + 2721 + 2722 + 2723 + 2724 + 2725 + 2726 + 2727 + 2728 + 2729 + 2730 + 2731 + 2732 + 2733 + 2734 + 2735 + 2736 + 2737 + 2738 + 2739 + 2740 + 2741 + 2742 + 2743 + 2744 + 2745 + 2746 + 2747 + 2748 + 2749 + 2750 + 2751 + 2752 + 2753 + 2754 + 2306 2755 2307 2756 2308 2757 ··· 2322 2771 2323 2772 2324 2773 2774 + ] 2775 + 2776 + [[package]] 2777 + name = "tokio-rustls" 2778 + version = "0.26.2" 2779 + source = "registry+https://github.com/rust-lang/crates.io-index" 2780 + checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b" 2781 + dependencies = [ 2782 + "rustls", 2783 + "tokio", 2784 + ] 2785 + 2786 + 2787 + 2788 + 2789 + 2790 + 2791 + 2792 + 2793 + 2794 + 2795 + 2796 + 2797 + 2798 + 2799 + 2800 + 2325 2801 2326 2802 2327 2803 ··· 2531 3007 2532 3008 2533 3009 3010 + source = "registry+https://github.com/rust-lang/crates.io-index" 3011 + checksum = "e70f2a8b45122e719eb623c01822704c4e0907e7e426a05927e1a1cfff5b75d0" 3012 + 3013 + [[package]] 3014 + name = "untrusted" 3015 + version = "0.7.1" 3016 + source = "registry+https://github.com/rust-lang/crates.io-index" 3017 + checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" 3018 + 3019 + [[package]] 3020 + name = "untrusted" 3021 + version = "0.9.0" 3022 + 3023 + 3024 + 3025 + 3026 + 3027 + 3028 + 3029 + 3030 + 3031 + 3032 + 3033 + 3034 + 3035 + 3036 + 3037 + 3038 + 2534 3039 2535 3040 2536 3041 ··· 2649 3154 2650 3155 2651 3156 2652 - "getrandom 0.3.3", 3157 + 3158 + 3159 + 3160 + 3161 + 3162 + 3163 + 3164 + 3165 + 3166 + 3167 + 3168 + 3169 + 3170 + 3171 + 3172 + 3173 + 3174 + 3175 + 3176 + 3177 + 3178 + 3179 + 3180 + 3181 + 3182 + 3183 + 3184 + 3185 + 3186 + 3187 + 3188 + 3189 + 3190 + 3191 + 3192 + 3193 + "rustls-pki-types", 3194 + ] 3195 + 3196 + [[package]] 3197 + name = "which" 3198 + version = "4.4.2" 3199 + source = "registry+https://github.com/rust-lang/crates.io-index" 3200 + checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" 3201 + dependencies = [ 3202 + "either", 3203 + "home", 2653 3204 "once_cell", 2654 3205 "rustix", 2655 - "windows-sys 0.59.0", 2656 3206 ] 2657 3207 2658 3208 [[package]] 3209 + name = "whoami" 3210 + version = "1.6.1"

+10

Dockerfile

··· 1 + FROM rust:1.89.0-bookworm AS builder 2 + WORKDIR /app 3 + COPY ../ /app 4 + RUN cargo build --release 5 + # 6 + FROM rust:1.89-slim-bookworm AS api 7 + RUN apt-get update 8 + RUN apt-get install -y ca-certificates 9 + COPY --from=builder /app/target/release/pds_gatekeeper /usr/local/bin/pds_gatekeeper 10 + CMD ["pds_gatekeeper"]

+6

justfile

··· 1 + release: 2 + docker buildx build \ 3 + --platform linux/arm64,linux/amd64 \ 4 + --tag fatfingers23/pds_gatekeeper:latest \ 5 + --tag fatfingers23/pds_gatekeeper:0.1 \ 6 + --push .

+5 -2

src/main.rs

··· 88 88 #[tokio::main] 89 89 async fn main() -> Result<(), Box<dyn std::error::Error>> { 90 90 setup_tracing(); 91 - //TODO may need to change where this reads from? Like an env variable for it's location? Or arg? 92 - dotenvy::from_path(Path::new("./pds.env"))?; 91 + let pds_env_location = 92 + env::var("PDS_ENV_LOCATION").unwrap_or_else(|_| "/pds/pds.env".to_string()); 93 + 94 + dotenvy::from_path(Path::new(&pds_env_location))?; 93 95 let pds_root = env::var("PDS_DATA_DIRECTORY")?; 94 96 let account_db_url = format!("{pds_root}/account.sqlite"); 95 97 ··· 129 131 env::var("PDS_EMAIL_SMTP_URL").expect("PDS_EMAIL_SMTP_URL is not set in your pds.env file"); 130 132 let sent_from = env::var("PDS_EMAIL_FROM_ADDRESS") 131 133 .expect("PDS_EMAIL_FROM_ADDRESS is not set in your pds.env file"); 134 + 132 135 let mailer: AsyncSmtpTransport<Tokio1Executor> = 133 136 AsyncSmtpTransport::<Tokio1Executor>::from_url(smtp_url.as_str())?.build(); 134 137 //Email templates setup

+1 -4

src/oauth_provider.rs

··· 36 36 "Invalid identifier or password", 37 37 ), 38 38 AuthResult::TwoFactorRequired(masked_email) => { 39 - // Email sending step can be handled here if needed in the future. 40 - 41 - // {"error":"second_authentication_factor_required","error_description":"emailOtp authentication factor required (hint: 2***0@p***m)","type":"emailOtp","hint":"2***0@p***m"} 42 39 let body_str = match serde_json::to_string(&serde_json::json!({ 43 40 "error": "second_authentication_factor_required", 44 41 "error_description": format!("emailOtp authentication factor required (hint: {})", masked_email), ··· 97 94 }, 98 95 Err(err) => { 99 96 log::error!( 100 - "Error during pre-auth check. This happens on the create_session endpoint when trying to decide if the user has access:\n {err}" 97 + "Error during pre-auth check. This happens on the oauth signin endpoint when trying to decide if the user has access:\n {err}" 101 98 ); 102 99 oauth_json_error_response( 103 100 StatusCode::BAD_REQUEST,

+5 -1

Cargo.toml

··· 18 18 hex = "0.4" 19 19 jwt-compact = { version = "0.8.0", features = ["es256k"] } 20 20 scrypt = "0.11" 21 - lettre = { version = "0.11.18", features = ["tokio1", "pool", "tokio1-native-tls"] } 21 + #lettre = { version = "0.11.18", default-features = false, features = ["pool", "tokio1-rustls", "smtp-transport", "hostname", "builder"] } 22 + #lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] } 23 + aws-lc-rs = "1.13.0" 24 + lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] } 25 + rustls = { version = "0.23", default-features = false, features = ["tls12", "std", "logging", "aws_lc_rs"] } 22 26 handlebars = { version = "6.3.2", features = ["rust-embed"] } 23 27 rust-embed = "8.7.2" 24 28 axum-template = { version = "3.0.0", features = ["handlebars"] }

+79 -15

README.md

··· 21 21 22 22 # Setup 23 23 24 - We are getting close! Testing now 25 - 26 - Nothing here yet! If you are brave enough to try before full release, let me know and I'll help you set it up. 27 - But I want to run it locally on my own PDS first to test run it a bit. 28 - 29 - Example Caddyfile (mostly so I don't lose it for now. Will have a better one in the future) 24 + PDS Gatekeeper has 2 parts to its setup, docker compose file and a reverse proxy (Caddy in this case). I will be 25 + assuming you setup the PDS following the directions 26 + found [here](https://atproto.com/guides/self-hosting), but if yours is different, or you have questions, feel free to 27 + let 28 + me know, and we can figure it out. 29 + 30 + ## Docker compose 31 + 32 + The pds gatekeeper container can be found on docker hub under the name `fatfingers23/pds_gatekeeper`. The container does 33 + need access to the `/pds` root folder to access the same db's as your PDS. The part you need to add would look a bit 34 + like below. You can find a full example of what I use for my pds at [./examples/compose.yml](./examples/compose.yml). 35 + This is usually found at `/pds/compose.yaml`on your PDS> 36 + 37 + ```yml 38 + gatekeeper: 39 + container_name: gatekeeper 40 + image: fatfingers23/pds_gatekeeper:arm-latest 41 + network_mode: host 42 + restart: unless-stopped 43 + #This gives the container to the access to the PDS folder. Source is the location on your server of that directory 44 + volumes: 45 + - type: bind 46 + source: /pds 47 + target: /pds 48 + depends_on: 49 + - pds 50 + ``` 51 + 52 + ## Caddy setup 53 + 54 + For the reverse proxy I use caddy. This part is what overwrites the endpoints and proxies them to PDS gatekeeper to add 55 + in extra functionality. The main part is below, for a full example see [./examples/Caddyfile](./examples/Caddyfile). 56 + This is usually found at `/pds/caddy/etc/caddy/Caddyfile` on your PDS. 30 57 31 58 ```caddyfile 32 - http://localhost { 33 - 34 59 @gatekeeper { 35 - path /xrpc/com.atproto.server.getSession 36 - path /xrpc/com.atproto.server.updateEmail 37 - path /xrpc/com.atproto.server.createSession 38 - path /@atproto/oauth-provider/~api/sign-in 60 + path /xrpc/com.atproto.server.getSession 61 + path /xrpc/com.atproto.server.updateEmail 62 + path /xrpc/com.atproto.server.createSession 63 + path /@atproto/oauth-provider/~api/sign-in 39 64 } 40 65 41 66 handle @gatekeeper { 42 - reverse_proxy http://localhost:8080 67 + reverse_proxy http://localhost:8080 43 68 } 44 69 45 - reverse_proxy /* http://localhost:3000 70 + reverse_proxy http://localhost:3000 71 + ``` 72 + 73 + If you use a cloudflare tunnel then your caddyfile would look a bit more like below with your tunnel proxying to 74 + `localhost:8081` (or w/e port you want). 75 + 76 + ```caddyfile 77 + http://*.localhost:8082, http://localhost:8082 { 78 + @gatekeeper { 79 + path /xrpc/com.atproto.server.getSession 80 + path /xrpc/com.atproto.server.updateEmail 81 + path /xrpc/com.atproto.server.createSession 82 + path /@atproto/oauth-provider/~api/sign-in 83 + } 84 + 85 + handle @gatekeeper { 86 + reverse_proxy http://localhost:8080 87 + } 88 + 89 + reverse_proxy http://localhost:3000 46 90 } 47 91 48 - ``` 92 + ``` 93 + 94 + # Environment variables and bonuses 95 + 96 + Every environment variable can be set in the `pds.env` and shared between PDS and gatekeeper and the PDS, with the 97 + exception of `PDS_ENV_LOCATION`. This can be set to load the pds.env, by default it checks `/pds/pds.env` and is 98 + recommended to mount the `/pds` folder on the server to `/pds` in the pds gatekeeper container. 99 + 100 + `PDS_DATA_DIRECTORY` - Root directory of the PDS. Same as the one found in `pds.env` this is how pds gatekeeper knows 101 + knows the rest of the environment variables. 102 + 103 + `GATEKEEPER_EMAIL_TEMPLATES_DIRECTORY` - The folder for templates of the emails PDS gatekeeper sends. You can find them 104 + in [./email_templates](./email_templates). You are free to edit them as you please and set this variable to a location 105 + in the pds gateekeper container and it will use them in place of the default ones. Just make sure ot keep the names the 106 + same. 107 + 108 + `PDS_BASE_URL` - Base url of the PDS. You most likely want `https://localhost:3000` which is also the default 109 + 110 + `GATEKEEPER_HOST` - Host for pds gatekeeper. Defaults to `127.0.0.1` 111 + 112 + `GATEKEEPER_PORT` - Port for pds gatekeeper. Defaults to `8080`

+29

examples/Caddyfile

··· 1 + { 2 + email youremail@myemail.com 3 + on_demand_tls { 4 + ask http://localhost:3000/tls-check 5 + } 6 + } 7 + 8 + *.yourpds.com, yourpds.com { 9 + tls { 10 + on_demand 11 + } 12 + # You'll most likely just want from here to.... 13 + @gatekeeper { 14 + path /xrpc/com.atproto.server.getSession 15 + path /xrpc/com.atproto.server.updateEmail 16 + path /xrpc/com.atproto.server.createSession 17 + path /@atproto/oauth-provider/~api/sign-in 18 + } 19 + 20 + handle @gatekeeper { 21 + #This is the address for PDS gatekeeper, default is 8080 22 + reverse_proxy http://localhost:8080 23 + } 24 + 25 + reverse_proxy http://localhost:3000 26 + #..here. Copy and paste this replacing the reverse_proxy http://localhost:3000 line 27 + } 28 + 29 +

+51

examples/compose.yml

··· 1 + version: '3.9' 2 + services: 3 + caddy: 4 + container_name: caddy 5 + image: caddy:2 6 + network_mode: host 7 + depends_on: 8 + - pds 9 + restart: unless-stopped 10 + volumes: 11 + - type: bind 12 + source: /pds/caddy/data 13 + target: /data 14 + - type: bind 15 + source: /pds/caddy/etc/caddy 16 + target: /etc/caddy 17 + pds: 18 + container_name: pds 19 + image: ghcr.io/bluesky-social/pds:0.4 20 + network_mode: host 21 + restart: unless-stopped 22 + volumes: 23 + - type: bind 24 + source: /pds 25 + target: /pds 26 + env_file: 27 + - /pds/pds.env 28 + watchtower: 29 + container_name: watchtower 30 + image: containrrr/watchtower:latest 31 + network_mode: host 32 + volumes: 33 + - type: bind 34 + source: /var/run/docker.sock 35 + target: /var/run/docker.sock 36 + restart: unless-stopped 37 + environment: 38 + WATCHTOWER_CLEANUP: true 39 + WATCHTOWER_SCHEDULE: "@midnight" 40 + gatekeeper: 41 + container_name: gatekeeper 42 + image: fatfingers23/pds_gatekeeper:arm-latest 43 + network_mode: host 44 + restart: unless-stopped 45 + #This gives the container to the access to the PDS folder. Source is the location on your server of that directory 46 + volumes: 47 + - type: bind 48 + source: /pds 49 + target: /pds 50 + depends_on: 51 + - pds

History