mirror of https://github.com/apibillme/broker
Compare commits
6 Commits
5228b58043
...
268b3acf9f
Author | SHA1 | Date |
---|---|---|
Bevan Hunt | 268b3acf9f | |
Bevan Hunt | 791c1b6d6b | |
Bevan Hunt | c868cab517 | |
Bevan Hunt | 45ff26c460 | |
Bevan Hunt | 323273ce24 | |
Bevan Hunt | 80840114c3 |
23
CHANGELOG.md
23
CHANGELOG.md
|
@ -4,6 +4,29 @@ All notable changes to this project will be documented in this file.
|
|||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## [15.1.0] - 2021-04-30
|
||||
|
||||
### Added
|
||||
- scopes to verify endpoint
|
||||
|
||||
## [15.0.0] - 2021-04-16
|
||||
|
||||
### Added
|
||||
- username to verify endpoint and JWT
|
||||
|
||||
### Updated
|
||||
- Updated README
|
||||
|
||||
## [14.1.2] - 2021-04-15
|
||||
|
||||
### Updated
|
||||
- Updated README
|
||||
|
||||
## [14.1.1] - 2021-04-14
|
||||
|
||||
### Updated
|
||||
- Updated README
|
||||
|
||||
## [14.1.0] - 2021-04-13
|
||||
|
||||
### Added
|
||||
|
|
|
@ -543,7 +543,7 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "broker"
|
||||
version = "14.1.0"
|
||||
version = "15.1.0"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"async-std",
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "broker"
|
||||
version = "14.1.0"
|
||||
version = "15.1.0"
|
||||
authors = ["Bevan Hunt <bevan@bevanhunt.com>"]
|
||||
edition = "2018"
|
||||
license = "MIT"
|
||||
|
|
14
README.md
14
README.md
|
@ -14,7 +14,7 @@ Broker follows an insert-only/publish/subscribe paradigm rather than a REST CRUD
|
|||
|
||||
Broker also provides full identity services using JWT, HTTP Basic, Two Factor, and TOTP.
|
||||
|
||||
Broker is a competitor to [Firebase](https://firebase.google.com/), [Parse Server](https://github.com/parse-community/parse-server), [Auth0](https://auth0.com), [AWS Cognito](https://aws.amazon.com/cognito/), [AWS SimpleDB](https://aws.amazon.com/simpledb/), and [AWS SNS](https://aws.amazon.com/sns/).
|
||||
Broker is a competitor to [Firebase](https://firebase.google.com/), [Parse Server](https://github.com/parse-community/parse-server), [Auth0](https://auth0.com), [AWS Cognito](https://aws.amazon.com/cognito/), [AWS IAM](https://aws.amazon.com/iam/), [AWS SimpleDB](https://aws.amazon.com/simpledb/), and [AWS SNS](https://aws.amazon.com/sns/).
|
||||
|
||||
### Features
|
||||
|
||||
|
@ -29,7 +29,7 @@ Broker is a competitor to [Firebase](https://firebase.google.com/), [Parse Serve
|
|||
* Provides user authentication with JWTs or HTTP Basic
|
||||
* Issues JWTs for authentication (username) and authorization (scopes) for external services
|
||||
* Uses [biscuit](https://crates.io/crates/biscuit-auth) for user authorization scoping
|
||||
* Verify endpoint for external services like [portal](https://crates.io/crates/portal)
|
||||
* Verify endpoint for external services like [portal](https://crates.io/crates/portal) and [files](https://crates.io/crates/files)
|
||||
* Secure password storage with Argon2 encoding
|
||||
* Uses Global NTP servers and doesn't rely on your local server time for JWT expiry timing and Two Factor timing
|
||||
* Sync latest events on SSE client connection
|
||||
|
@ -147,12 +147,14 @@ GET /verify
|
|||
|
||||
will return: `200` or `500` or `401`
|
||||
|
||||
200 - will return a biscuit public key, biscuit token, and JWT expiry for your microservice (use from_bytes to hydrate the key and token)
|
||||
200 - will return a biscuit public key, biscuit token, username, and JWT expiry for your microservice (use from_bytes to hydrate the key and token)
|
||||
```json
|
||||
{
|
||||
"key": [136,133,229,196,134,20,240,80,159,158,154,20,57,35,198,7,156,160,193,224,174,209,51,150,27,86,75,122,172,24,114,66],
|
||||
"token": [122,133,229,196,134,20,240,80,159,158,154,20,57,35,198,7,156,160,193,224,174,209,51,150,27,86,75,122,172,24,114,121],
|
||||
"expiry: 1618352841
|
||||
"expiry": 1618352841,
|
||||
"username": "bob",
|
||||
"scopes": ["news:get", "news:post"]
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -195,7 +197,7 @@ POST /list_users
|
|||
- public endpoint
|
||||
```json
|
||||
{
|
||||
"admin_token": "letmein",
|
||||
"admin_token": "letmein"
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -323,7 +325,7 @@ POST /create_totp
|
|||
```json
|
||||
{
|
||||
"admin_token": "letmein",
|
||||
"username": "bob",
|
||||
"username": "bob"
|
||||
}
|
||||
```
|
||||
will return: `200` or `500` or `400` or `401`
|
||||
|
|
14
src/main.rs
14
src/main.rs
|
@ -311,14 +311,14 @@ fn puts_event(event: Event) -> Result<()> {
|
|||
Ok(())
|
||||
}
|
||||
|
||||
fn jwt_aud(scopes: Vec<String>, exp: i64) -> Result<Option<String>> {
|
||||
fn jwt_aud(scopes: Vec<String>, exp: i64, username: String) -> Result<Option<String>> {
|
||||
let biscuit_root = KeyPair::new();
|
||||
let biscuit_public_key = biscuit_root.public();
|
||||
let public_key_bytes = biscuit_public_key.to_bytes();
|
||||
|
||||
let mut builder = Biscuit::builder(&biscuit_root);
|
||||
|
||||
for scope in scopes {
|
||||
for scope in scopes.clone() {
|
||||
let mut parts = scope.split(":");
|
||||
let first = parts.next().unwrap_or_else(|| "INTERNAL_ERROR");
|
||||
let second = parts.next().unwrap_or_else(|| "INTERNAL_ERROR");
|
||||
|
@ -331,7 +331,7 @@ fn jwt_aud(scopes: Vec<String>, exp: i64) -> Result<Option<String>> {
|
|||
}
|
||||
|
||||
let biscuit = builder.build()?;
|
||||
Ok(Some(json!({"key": public_key_bytes, "token": biscuit.to_vec()?, "expiry": exp}).to_string()))
|
||||
Ok(Some(json!({"key": public_key_bytes, "token": biscuit.to_vec()?, "expiry": exp, "username": username, "scopes": scopes}).to_string()))
|
||||
}
|
||||
|
||||
fn user_create(user_form: UserForm) -> Result<Option<String>> {
|
||||
|
@ -457,7 +457,7 @@ async fn create_jwt(login: LoginForm) -> Result<Option<String>> {
|
|||
let aud: String;
|
||||
match user.scopes.clone() {
|
||||
Some(scopes) => {
|
||||
match jwt_aud(scopes, exp)? {
|
||||
match jwt_aud(scopes, exp, user.clone().username)? {
|
||||
Some(a) => {
|
||||
aud = a;
|
||||
},
|
||||
|
@ -483,7 +483,7 @@ async fn create_jwt(login: LoginForm) -> Result<Option<String>> {
|
|||
let aud: String;
|
||||
match user.scopes.clone() {
|
||||
Some(scopes) => {
|
||||
match jwt_aud(scopes, exp)? {
|
||||
match jwt_aud(scopes, exp, user.clone().username)? {
|
||||
Some(a) => {
|
||||
aud = a;
|
||||
},
|
||||
|
@ -505,7 +505,7 @@ async fn create_jwt(login: LoginForm) -> Result<Option<String>> {
|
|||
let aud: String;
|
||||
match user.scopes.clone() {
|
||||
Some(scopes) => {
|
||||
match jwt_aud(scopes, exp)? {
|
||||
match jwt_aud(scopes, exp, user.clone().username)? {
|
||||
Some(a) => {
|
||||
aud = a;
|
||||
},
|
||||
|
@ -599,7 +599,7 @@ async fn jwt_verify(token: String) -> Result<Option<TokenData<Claims>>> {
|
|||
let aud: String;
|
||||
match user.scopes.clone() {
|
||||
Some(scopes) => {
|
||||
match jwt_aud(scopes, exp)? {
|
||||
match jwt_aud(scopes, exp, user.clone().username)? {
|
||||
Some(a) => {
|
||||
aud = a;
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue