From d177a759b7550fcdb582d5463fc9f36b1838ffe0 Mon Sep 17 00:00:00 2001 From: JR Conlin Date: Wed, 18 Nov 2020 10:07:16 -0800 Subject: [PATCH] bug: Allow JSON formatted Auth keys * correct sample config * update deps to clear audit* Closes #234 --- Cargo.lock | 304 ++++++++++++++++++------------- autoendpoint/Cargo.toml | 24 +-- autoendpoint/src/settings.rs | 42 ++++- configs/autoendpoint.toml.sample | 2 +- 4 files changed, 225 insertions(+), 147 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0509870c0..cd8101692 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -29,7 +29,7 @@ dependencies = [ "futures-core", "futures-sink", "log", - "pin-project", + "pin-project 0.4.27", "tokio 0.2.22", "tokio-util", ] @@ -55,21 +55,23 @@ dependencies = [ [[package]] name = "actix-cors" -version = "0.4.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3e5c769e4d332bfad27f11b8139b5818c4bbddb02c385b8f16344d93ff1a8eb" +checksum = "e5d7e35c80bb6472cddc7d26e9f61a28758a823ac526eb6188f738d172387bcf" dependencies = [ - "actix-service", "actix-web", "derive_more", "futures-util", + "log", + "once_cell", + "tinyvec 1.0.1", ] [[package]] name = "actix-http" -version = "2.0.0" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05dd80ba8f27c4a34357c07e338c8f5c38f8520e6d626ca1727d8fecc41b0cab" +checksum = "404df68c297f73b8d36c9c9056404913d25905a8f80127b0e5fe147c9c4b9f02" dependencies = [ "actix-codec", "actix-connect", @@ -77,7 +79,7 @@ dependencies = [ "actix-service", "actix-threadpool", "actix-utils", - "base64 0.12.3", + "base64 0.13.0", "bitflags", "brotli2", "bytes 0.5.6", @@ -101,7 +103,7 @@ dependencies = [ "log", "mime", "percent-encoding 2.1.0", - "pin-project", + "pin-project 1.0.1", "rand 0.7.3", "regex", "serde 1.0.117", @@ -177,7 +179,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0052435d581b5be835d11f4eb3bce417c8af18d87ddf8ace99f8e67e595882bb" dependencies = [ "futures-util", - "pin-project", + "pin-project 0.4.27", ] [[package]] @@ -237,15 +239,15 @@ dependencies = [ "futures-sink", "futures-util", "log", - "pin-project", + "pin-project 0.4.27", "slab", ] [[package]] name = "actix-web" -version = "3.1.0" +version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1b12fe25e11cd9ed2ef2e428427eb6178a1b363f3f7f0dab8278572f11b2da1" +checksum = "88344b7a5ef27e5e09e73565379f69273dd3e2d29e82afc381b84d170d0a5631" dependencies = [ "actix-codec", "actix-http", @@ -269,7 +271,7 @@ dependencies = [ "fxhash", "log", "mime", - "pin-project", + "pin-project 1.0.1", "regex", "serde 1.0.117", "serde_json", @@ -277,14 +279,14 @@ dependencies = [ "socket2", "time 0.2.22", "tinyvec 1.0.1", - "url 2.1.1", + "url 2.2.0", ] [[package]] name = "actix-web-codegen" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "750ca8fb60bbdc79491991650ba5d2ae7cd75f3fc00ead51390cfe9efda0d4d8" +checksum = "ad26f77093333e0e7c6ffe54ebe3582d908a104e448723eec6d43d08b07143fb" dependencies = [ "proc-macro2 1.0.24", "quote 1.0.7", @@ -401,7 +403,7 @@ dependencies = [ "autopush_common", "backtrace", "base64 0.13.0", - "cadence 0.21.1", + "cadence 0.22.0", "config", "docopt", "fernet", @@ -415,11 +417,11 @@ dependencies = [ "openssl", "regex", "reqwest 0.10.8", - "rusoto_core 0.44.0", - "rusoto_dynamodb 0.44.0", - "sentry 0.20.1", + "rusoto_core 0.45.0", + "rusoto_dynamodb 0.45.0", + "sentry 0.21.0", "serde 1.0.117", - "serde_dynamodb 0.5.1", + "serde_dynamodb 0.6.0", "serde_json", "slog", "slog-async", @@ -431,7 +433,7 @@ dependencies = [ "tempfile", "thiserror", "tokio 0.2.22", - "url 2.1.1", + "url 2.2.0", "uuid 0.8.1", "validator", "validator_derive", @@ -524,7 +526,7 @@ dependencies = [ "slog-term", "tokio-core", "tungstenite", - "url 2.1.1", + "url 2.2.0", "uuid 0.8.1", ] @@ -729,9 +731,9 @@ dependencies = [ [[package]] name = "cadence" -version = "0.21.1" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e45b9cdf75cdddb0877f8af74c345d06b0c8a924c5115d2467d94d7e4bdf9180" +checksum = "6281d1200ac3293fd08be899c9a0c17b83cda0672221fcbe1fefc886a555e35e" dependencies = [ "crossbeam-channel", ] @@ -901,20 +903,6 @@ dependencies = [ "cfg-if 0.1.10", ] -[[package]] -name = "crossbeam" -version = "0.7.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69323bff1fb41c635347b8ead484a5ca6c3f11914d784170b158d8449ab07f8e" -dependencies = [ - "cfg-if 0.1.10", - "crossbeam-channel", - "crossbeam-deque", - "crossbeam-epoch", - "crossbeam-queue 0.2.3", - "crossbeam-utils 0.7.2", -] - [[package]] name = "crossbeam-channel" version = "0.4.4" @@ -999,7 +987,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4434400df11d95d556bac068ddfedd482915eb18fe8bea89bc80b6e4b1c179e5" dependencies = [ "generic-array 0.12.3", - "subtle", + "subtle 1.0.0", +] + +[[package]] +name = "crypto-mac" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b584a330336237c1eecd3e94266efb216c56ed91225d634cb2991c5f3fd1aeab" +dependencies = [ + "generic-array 0.14.4", + "subtle 2.3.0", ] [[package]] @@ -1325,6 +1323,16 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" +[[package]] +name = "form_urlencoded" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ece68d15c92e84fa4f19d3780f1294e5ca82a78a6d515f1efaabcc144688be00" +dependencies = [ + "matches", + "percent-encoding 2.1.0", +] + [[package]] name = "fragile" version = "1.0.0" @@ -1387,9 +1395,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.6" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7a4d35f7401e948629c9c3d6638fb9bf94e0b2121e96c3b428cc4e631f3eb74" +checksum = "4b7109687aa4e177ef6fe84553af6280ef2778bdb7783ba44c9dc3399110fe64" dependencies = [ "futures-core", "futures-sink", @@ -1397,9 +1405,9 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.6" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d674eaa0056896d5ada519900dbf97ead2e46a7b6621e8160d79e2f2e1e2784b" +checksum = "847ce131b72ffb13b6109a221da9ad97a64cbe48feb1028356b836b47b8f1748" [[package]] name = "futures-cpupool" @@ -1424,9 +1432,9 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.6" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5fc94b64bb39543b4e432f1790b6bf18e3ee3b74653c5449f63310e9a74b123c" +checksum = "611834ce18aaa1bd13c4b374f5d653e1027cf99b6b502584ff8c9a64413b30bb" [[package]] name = "futures-locks" @@ -1441,9 +1449,9 @@ dependencies = [ [[package]] name = "futures-macro" -version = "0.3.6" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f57ed14da4603b2554682e9f2ff3c65d7567b53188db96cb71538217fc64581b" +checksum = "77408a692f1f97bcc61dc001d752e00643408fbc922e4d634c655df50d595556" dependencies = [ "proc-macro-hack", "proc-macro2 1.0.24", @@ -1453,15 +1461,15 @@ dependencies = [ [[package]] name = "futures-sink" -version = "0.3.6" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d8764258ed64ebc5d9ed185cf86a95db5cac810269c5d20ececb32e0088abbd" +checksum = "f878195a49cee50e006b02b93cf7e0a95a38ac7b776b4c4d9cc1207cd20fcb3d" [[package]] name = "futures-task" -version = "0.3.6" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4dd26820a9f3637f1302da8bceba3ff33adbe53464b54ca24d4e2d4f1db30f94" +checksum = "7c554eb5bf48b2426c4771ab68c6b14468b6e76cc90996f528c3338d761a4d0d" dependencies = [ "once_cell", ] @@ -1477,9 +1485,9 @@ dependencies = [ [[package]] name = "futures-util" -version = "0.3.6" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a894a0acddba51a2d49a6f4263b1e64b8c579ece8af50fa86503d52cd1eea34" +checksum = "d304cff4a7b99cfb7986f7d43fbe93d175e72e704a8860787cc95e9ffd85cbd2" dependencies = [ "futures-channel", "futures-core", @@ -1488,7 +1496,7 @@ dependencies = [ "futures-sink", "futures-task", "memchr", - "pin-project", + "pin-project 1.0.1", "pin-utils", "proc-macro-hack", "proc-macro-nested", @@ -1613,10 +1621,20 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5dcb5e64cda4c23119ab41ba960d1e170a774c8e4b9d9e6a9bc18aabf5e59695" dependencies = [ - "crypto-mac", + "crypto-mac 0.7.0", "digest 0.8.1", ] +[[package]] +name = "hmac" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "126888268dcc288495a26bf004b38c5fdbb31682f992c84ceb046a1f0fe38840" +dependencies = [ + "crypto-mac 0.8.0", + "digest 0.9.0", +] + [[package]] name = "hostname" version = "0.1.5" @@ -1749,7 +1767,7 @@ dependencies = [ "httparse", "httpdate", "itoa", - "pin-project", + "pin-project 0.4.27", "socket2", "tokio 0.2.22", "tower-service", @@ -2187,9 +2205,9 @@ dependencies = [ [[package]] name = "mockall" -version = "0.7.2" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01458f8a19b10cb28195290942e3149161c75acf67ebc8fbf714ab67a2b943bc" +checksum = "41cabea45a7fc0e37093f4f30a5e2b62602253f91791c057d5f0470c63260c3d" dependencies = [ "cfg-if 0.1.10", "downcast", @@ -2202,9 +2220,9 @@ dependencies = [ [[package]] name = "mockall_derive" -version = "0.7.2" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a673cb441f78cd9af4f5919c28576a3cc325fb6b54e42f7047dacce3c718c17b" +checksum = "7c461918bf7f59eefb1459252756bf2351a995d6bd510d0b2061bd86bcdabfa6" dependencies = [ "cfg-if 0.1.10", "proc-macro2 1.0.24", @@ -2214,9 +2232,9 @@ dependencies = [ [[package]] name = "mockito" -version = "0.26.0" +version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "835b02e32817ac0638e05d06effef43a82820bc454ae4d28f6502cc65d1ce74f" +checksum = "36a0eb7e686b49b02c1cb87c14b8e2a05de0d36c6eee0293653d0a875906d499" dependencies = [ "assert-json-diff", "colored", @@ -2490,7 +2508,16 @@ version = "0.4.27" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2ffbc8e94b38ea3d2d8ba92aea2983b503cd75d0888d75b86bb37970b5698e15" dependencies = [ - "pin-project-internal", + "pin-project-internal 0.4.27", +] + +[[package]] +name = "pin-project" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee41d838744f60d959d7074e3afb6b35c7456d0f61cad38a24e35e6553f73841" +dependencies = [ + "pin-project-internal 1.0.1", ] [[package]] @@ -2504,6 +2531,17 @@ dependencies = [ "syn 1.0.45", ] +[[package]] +name = "pin-project-internal" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81a4ffa594b66bff340084d4081df649a7dc049ac8d7fc458d8e628bfbbb2f86" +dependencies = [ + "proc-macro2 1.0.24", + "quote 1.0.7", + "syn 1.0.45", +] + [[package]] name = "pin-project-lite" version = "0.1.10" @@ -2583,9 +2621,9 @@ dependencies = [ [[package]] name = "proc-macro-hack" -version = "0.5.18" +version = "0.5.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99c605b9a0adc77b7211c6b1f722dcb613d68d66859a44f3d485a6da332b0598" +checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" [[package]] name = "proc-macro-nested" @@ -2621,7 +2659,7 @@ dependencies = [ "idna 0.2.0", "lazy_static", "regex", - "url 2.1.1", + "url 2.2.0", ] [[package]] @@ -2939,7 +2977,7 @@ dependencies = [ "serde_urlencoded 0.6.1", "tokio 0.2.22", "tokio-tls", - "url 2.1.1", + "url 2.2.0", "wasm-bindgen", "wasm-bindgen-futures", "web-sys", @@ -2999,15 +3037,15 @@ dependencies = [ [[package]] name = "rusoto_core" -version = "0.44.0" +version = "0.45.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "841ca8f73e7498ba39146ab43acea906bbbb807d92ec0b7ea4b6293d2621f80d" +checksum = "e977941ee0658df96fca7291ecc6fc9a754600b21ad84b959eb1dbbc9d5abcc7" dependencies = [ "async-trait", "base64 0.12.3", "bytes 0.5.6", + "crc32fast", "futures 0.3.6", - "hmac", "http 0.2.1", "hyper 0.13.8", "hyper-tls 0.4.3", @@ -3015,13 +3053,12 @@ dependencies = [ "log", "md5", "percent-encoding 2.1.0", - "pin-project", - "rusoto_credential 0.44.0", - "rusoto_signature 0.44.0", + "pin-project 0.4.27", + "rusoto_credential 0.45.0", + "rusoto_signature 0.45.0", "rustc_version", "serde 1.0.117", "serde_json", - "sha2", "tokio 0.2.22", "xml-rs", ] @@ -3048,16 +3085,16 @@ dependencies = [ [[package]] name = "rusoto_credential" -version = "0.44.0" +version = "0.45.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60669ddc1bdbb83ce225593649d36b4c5f6bf9db47cc1ab3e81281abffc853f4" +checksum = "09ac05563f83489b19b4d413607a30821ab08bbd9007d14fa05618da3ef09d8b" dependencies = [ "async-trait", "chrono", "dirs 2.0.2", "futures 0.3.6", "hyper 0.13.8", - "pin-project", + "pin-project 0.4.27", "regex", "serde 1.0.117", "serde_json", @@ -3082,14 +3119,14 @@ dependencies = [ [[package]] name = "rusoto_dynamodb" -version = "0.44.0" +version = "0.45.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a485bf81a63fd92a4e011b76daed2731b363a6f2b6279b8b26b389699bcf1525" +checksum = "8a1473bb1c1dd54f61c5e150aec47bcbf4a992963dcc3c60e12be5af3245cefc" dependencies = [ "async-trait", "bytes 0.5.6", "futures 0.3.6", - "rusoto_core 0.44.0", + "rusoto_core 0.45.0", "serde 1.0.117", "serde_json", ] @@ -3104,7 +3141,7 @@ dependencies = [ "bytes 0.4.12", "futures 0.1.30", "hex", - "hmac", + "hmac 0.7.1", "http 0.1.21", "hyper 0.12.35", "log", @@ -3113,32 +3150,32 @@ dependencies = [ "rusoto_credential 0.42.0", "rustc_version", "serde 1.0.117", - "sha2", + "sha2 0.8.2", "time 0.1.44", "tokio 0.1.22", ] [[package]] name = "rusoto_signature" -version = "0.44.0" +version = "0.45.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9eddff187ac18c5a91d9ccda9353f30cf531620dce437c4db661dfe2e23b2029" +checksum = "97a740a88dde8ded81b6f2cff9cd5e054a5a2e38a38397260f7acdd2c85d17dd" dependencies = [ "base64 0.12.3", "bytes 0.5.6", "futures 0.3.6", "hex", - "hmac", + "hmac 0.8.1", "http 0.2.1", "hyper 0.13.8", "log", "md5", "percent-encoding 2.1.0", - "pin-project", - "rusoto_credential 0.44.0", + "pin-project 0.4.27", + "rusoto_credential 0.45.0", "rustc_version", "serde 1.0.117", - "sha2", + "sha2 0.9.2", "time 0.2.22", "tokio 0.2.22", ] @@ -3316,14 +3353,14 @@ dependencies = [ "rustc_version", "sentry-types 0.14.1", "uname", - "url 2.1.1", + "url 2.2.0", ] [[package]] name = "sentry" -version = "0.20.1" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "144e85b28d129f056ef91664fe2b985eade906d2838752c2f61c9f233cd98e4a" +checksum = "933beb0343c84eefd69a368318e9291b179e09e51982d49c65d7b362b0e9466f" dependencies = [ "httpdate", "log", @@ -3331,15 +3368,14 @@ dependencies = [ "sentry-backtrace", "sentry-contexts", "sentry-core", - "sentry-failure", "sentry-panic", ] [[package]] name = "sentry-backtrace" -version = "0.20.1" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92dabd890482f152fb6d261fe2034a193facc2c99c0c571bbf7687c356fcb2e8" +checksum = "38e528fb457baf53fcd6c90beb420705f35c12c3d8caed8817dcf7be00eff7c7" dependencies = [ "backtrace", "lazy_static", @@ -3349,9 +3385,9 @@ dependencies = [ [[package]] name = "sentry-contexts" -version = "0.20.1" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "039ac50d2d740d51c5d376c2e9e93725eea662fa3acdcbcfe1b8b93a3b30c478" +checksum = "ce3a560a34cffac347f0b588fc29b31db969e27bf57208f946d6a2d588668b0b" dependencies = [ "hostname 0.3.1", "lazy_static", @@ -3364,35 +3400,24 @@ dependencies = [ [[package]] name = "sentry-core" -version = "0.20.1" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fe4fe890b12416701f838c702898a9c5e574c333cfbbee9fb7855a14e6490a3" +checksum = "17b8c235063c1007fd8e2fc7e35ce7eac09dd678d198ecc996daee33d46b3dcc" dependencies = [ "im 15.0.0", "lazy_static", "log", "rand 0.7.3", - "sentry-types 0.20.1", + "sentry-types 0.21.0", "serde 1.0.117", "serde_json", ] -[[package]] -name = "sentry-failure" -version = "0.20.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ead35e7019f77a79ed0345b3f3c28427139100f87f318c1c3e2788db2cdea8b7" -dependencies = [ - "failure", - "sentry-backtrace", - "sentry-core", -] - [[package]] name = "sentry-panic" -version = "0.20.1" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab8a3ac989339a76efd6155f9d02675ce4b04419cd8083ca58d083c222554147" +checksum = "04ee338d8292fcdcfb032929c9f53bc0dfac8e0b9d3096be79ceee96818851ed" dependencies = [ "sentry-backtrace", "sentry-core", @@ -3409,22 +3434,22 @@ dependencies = [ "failure", "serde 1.0.117", "serde_json", - "url 2.1.1", + "url 2.2.0", "uuid 0.8.1", ] [[package]] name = "sentry-types" -version = "0.20.1" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8124f0e9bc1113ecbcc8c3746e0e590943cf23e7d09c70a088c116869bb12e3" +checksum = "5fbbea6debac0a24880a38239d4c2fc3dbb0b1b398f621bea03ed761796b7dfb" dependencies = [ "chrono", "debugid", "serde 1.0.117", "serde_json", "thiserror", - "url 2.1.1", + "url 2.2.0", "uuid 0.8.1", ] @@ -3479,12 +3504,12 @@ dependencies = [ [[package]] name = "serde_dynamodb" -version = "0.5.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "21ceb0b8298ba5707f1c2573109d16ca31434b4449ab07a6e064d9f60fa20d7a" +checksum = "4bd887fdf521b38d7fa4bdcec1b72dc47d41c085240f453b2cf7dd0242bf3ea4" dependencies = [ "bytes 0.5.6", - "rusoto_dynamodb 0.44.0", + "rusoto_dynamodb 0.45.0", "serde 1.0.117", ] @@ -3529,7 +3554,7 @@ dependencies = [ "dtoa", "itoa", "serde 1.0.117", - "url 2.1.1", + "url 2.2.0", ] [[package]] @@ -3575,6 +3600,19 @@ dependencies = [ "opaque-debug 0.2.3", ] +[[package]] +name = "sha2" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e7aab86fe2149bad8c507606bdb3f4ef5e7b2380eb92350f56122cca72a42a8" +dependencies = [ + "block-buffer 0.9.0", + "cfg-if 1.0.0", + "cpuid-bool", + "digest 0.9.0", + "opaque-debug 0.3.0", +] + [[package]] name = "shlex" version = "0.1.1" @@ -3699,11 +3737,10 @@ dependencies = [ [[package]] name = "slog-stdlog" -version = "4.0.0" +version = "4.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be4d87903baf655da2d82bc3ac3f7ef43868c58bf712b3a661fda72009304c23" +checksum = "8228ab7302adbf4fcb37e66f3cda78003feb521e7fd9e3847ec117a7784d0f5a" dependencies = [ - "crossbeam", "log", "slog", "slog-scope", @@ -3851,6 +3888,12 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2d67a5a62ba6e01cb2192ff309324cb4875d0c451d55fe2319433abe7a05a8ee" +[[package]] +name = "subtle" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "343f3f510c2915908f155e94f17220b19ccfacf2a64a2a5d8004f2c3e311e7fd" + [[package]] name = "syn" version = "0.15.44" @@ -4453,7 +4496,7 @@ dependencies = [ "smallvec 1.4.2", "thiserror", "tokio 0.2.22", - "url 2.1.1", + "url 2.2.0", ] [[package]] @@ -4506,7 +4549,7 @@ dependencies = [ "log", "rand 0.7.3", "sha-1 0.8.2", - "url 2.1.1", + "url 2.2.0", "utf-8", ] @@ -4589,10 +4632,11 @@ dependencies = [ [[package]] name = "url" -version = "2.1.1" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "829d4a8476c35c9bf0bbce5a3b23f4106f79728039b726d292bb93bc106787cb" +checksum = "5909f2b0817350449ed73e8bcd81c8c3c8d9a7a5d8acba4b27db277f1868976e" dependencies = [ + "form_urlencoded", "idna 0.2.0", "matches", "percent-encoding 2.1.0", @@ -4636,7 +4680,7 @@ dependencies = [ "serde 1.0.117", "serde_derive", "serde_json", - "url 2.1.1", + "url 2.2.0", "validator_types", ] @@ -4949,7 +4993,7 @@ dependencies = [ "serde 1.0.117", "serde_json", "tokio 0.2.22", - "url 2.1.1", + "url 2.2.0", ] [[package]] diff --git a/autoendpoint/Cargo.toml b/autoendpoint/Cargo.toml index 3ab275131..97b979c31 100644 --- a/autoendpoint/Cargo.toml +++ b/autoendpoint/Cargo.toml @@ -13,15 +13,15 @@ edition = "2018" # The `autoendpoint` branch merges these three PRs together. # The version of a2 at the time of the fork is v0.5.3. a2 = { git = "https://github.com/Mcat12/a2.git", branch = "autoendpoint" } -actix-web = "3.1" +actix-web = "3.2" actix-rt = "1.1" -actix-cors = "0.4" +actix-cors = "0.5" again = { version = "0.1.2", default-features = false, features = ["log"] } async-trait = "0.1" autopush_common = { path = "../autopush-common" } backtrace = "0.3" base64 = "0.13" -cadence = "0.21" +cadence = "0.22" config = "0.10.1" docopt = "1.1.0" fernet = "0.1.3" @@ -31,32 +31,32 @@ jsonwebtoken = "7.2" lazy_static = "1.4.0" log = "0.4" openssl = "0.10" -regex = "1.3" +regex = "1.4" reqwest = "0.10.6" -rusoto_core = "0.44.0" -rusoto_dynamodb = "0.44.0" +rusoto_core = "0.45.0" +rusoto_dynamodb = "0.45.0" # Using debug-logs avoids https://github.com/getsentry/sentry-rust/issues/237 -sentry = { version = "0.20", features = ["debug-logs"] } +sentry = { version = "0.21", features = ["debug-logs"] } serde = { version = "1.0", features = ["derive"] } -serde_dynamodb = "0.5.1" +serde_dynamodb = "0.6" serde_json = "1.0" slog = { version = "2.5", features = ["max_level_trace", "release_max_level_error", "dynamic-keys"] } slog-async = "2.5" slog-envlogger = "2.2.0" slog-mozlog-json = "0.1" slog-scope = "4.3" -slog-stdlog = "4.0" +slog-stdlog = "4.1" slog-term = "2.6" tokio = { version = "0.2", features = ["fs"] } thiserror = "1.0" -url = "2.1" +url = "2.2" uuid = { version = "0.8.1", features = ["serde", "v4"] } validator = "0.11" validator_derive = "0.11" yup-oauth2 = "4.1.2" [dev-dependencies] -mockall = "0.7.1" -mockito = "0.26.0" +mockall = "0.8.1" +mockito = "0.28.0" tempfile = "3.1.0" tokio = { version = "0.2", features = ["macros"] } diff --git a/autoendpoint/src/settings.rs b/autoendpoint/src/settings.rs index 6865ce3f3..39be1c2ea 100644 --- a/autoendpoint/src/settings.rs +++ b/autoendpoint/src/settings.rs @@ -45,7 +45,7 @@ impl Default for Settings { message_table_name: "message".to_string(), max_data_bytes: 4096, crypto_keys: format!("[{}]", Fernet::generate_key()), - auth_keys: "[AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB=]".to_string(), + auth_keys: r#"["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB="]"#.to_string(), human_logs: false, statsd_host: None, statsd_port: 8125, @@ -106,15 +106,19 @@ impl Settings { /// Initialize the fernet encryption instance pub fn make_fernet(&self) -> MultiFernet { - let fernets = Self::read_list_from_str(&self.crypto_keys, "Invalid AUTOEND_CRYPTO_KEYS") + let keys = &self.crypto_keys.replace('"', "").replace(" ", ""); + let fernets = Self::read_list_from_str(&keys, "Invalid AUTOEND_CRYPTO_KEYS") .map(|key| Fernet::new(key).expect("Invalid AUTOEND_CRYPTO_KEYS")) .collect(); MultiFernet::new(fernets) } /// Get the list of auth hash keys - pub fn auth_keys(&self) -> Vec<&str> { - Self::read_list_from_str(&self.auth_keys, "Invalid AUTOEND_AUTH_KEYS").collect() + pub fn auth_keys(&self) -> Vec { + let keys = &self.auth_keys.replace('"', "").replace(" ", ""); + Self::read_list_from_str(&keys, "Invalid AUTOEND_AUTH_KEYS") + .map(|v| v.to_owned()) + .collect() } /// Get the URL for this endpoint server @@ -123,3 +127,33 @@ impl Settings { .expect("Invalid endpoint URL") } } + +#[cfg(test)] +mod tests { + use super::Settings; + use crate::error::ApiResult; + + #[test] + fn test_auth_keys() -> ApiResult<()> { + let success: Vec = vec![ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB=".to_owned(), + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC=".to_owned(), + ]; + // Try with quoted strings + let settings = Settings{ + auth_keys: r#"["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB=", "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC="]"#.to_owned(), + ..Default::default() + }; + let result = settings.auth_keys(); + assert_eq!(result, success); + + // try with unquoted, non-JSON compliant strings. + let settings = Settings{ + auth_keys: r#"[AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB=,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC=]"#.to_owned(), + ..Default::default() + }; + let result = settings.auth_keys(); + assert_eq!(result, success); + Ok(()) + } +} diff --git a/configs/autoendpoint.toml.sample b/configs/autoendpoint.toml.sample index 81f4f2679..c28f5ca34 100644 --- a/configs/autoendpoint.toml.sample +++ b/configs/autoendpoint.toml.sample @@ -23,7 +23,7 @@ # The HMAC SHA256 keys to use, for authenticating registration update requests. # Multiple are allowed when separated by a comma. -#auth_keys = "[AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=]" +#auth_keys = "["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="]" # If human-readable logging should be used #human_logs = false