GeneralBots/botserver
2
1
Fork 0
Code Issues Pull requests Projects Releases 323 Packages Wiki Activity Actions
botserver/src/core/oauth/mod.rs

215 lines
5.3 KiB
Rust
Raw Normal View History

feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
pub mod providers;
pub mod routes;
use serde::{Deserialize, Serialize};
use std::fmt;
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
#[serde(rename_all = "lowercase")]
pub enum OAuthProvider {
Google,
Discord,
Reddit,
Twitter,
Microsoft,
Facebook,
}
impl OAuthProvider {
Fix clippy warnings: match arms, async/await, Debug impls, formatting - Fix match arms with identical bodies by consolidating patterns - Fix case-insensitive file extension comparisons using eq_ignore_ascii_case - Fix unnecessary Debug formatting in log/format macros - Fix clone_from usage instead of clone assignment - Fix let...else patterns where appropriate - Fix format! append to String using write! macro - Fix unwrap_or with function calls to use unwrap_or_else - Add missing fields to manual Debug implementations - Fix duplicate code in if blocks - Add type aliases for complex types - Rename struct fields to avoid common prefixes - Various other clippy warning fixes Note: Some 'unused async' warnings remain for functions that are called with .await but don't contain await internally - these are kept async for API compatibility.
2025-12-26 08:59:25 -03:00
pub fn all() -> Vec<Self> {
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
vec![
Fix clippy warnings: match arms, async/await, Debug impls, formatting - Fix match arms with identical bodies by consolidating patterns - Fix case-insensitive file extension comparisons using eq_ignore_ascii_case - Fix unnecessary Debug formatting in log/format macros - Fix clone_from usage instead of clone assignment - Fix let...else patterns where appropriate - Fix format! append to String using write! macro - Fix unwrap_or with function calls to use unwrap_or_else - Add missing fields to manual Debug implementations - Fix duplicate code in if blocks - Add type aliases for complex types - Rename struct fields to avoid common prefixes - Various other clippy warning fixes Note: Some 'unused async' warnings remain for functions that are called with .await but don't contain await internally - these are kept async for API compatibility.
2025-12-26 08:59:25 -03:00
Self::Google,
Self::Discord,
Self::Reddit,
Self::Twitter,
Self::Microsoft,
Self::Facebook,
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
]
}
feat(autotask): Implement AutoTask system with intent classification and app generation - Add IntentClassifier with 7 intent types (APP_CREATE, TODO, MONITOR, ACTION, SCHEDULE, GOAL, TOOL) - Add AppGenerator with LLM-powered app structure analysis - Add DesignerAI for modifying apps through conversation - Add app_server for serving generated apps with clean URLs - Add db_api for CRUD operations on bot database tables - Add ask_later keyword for pending info collection - Add migration 6.1.1 with tables: pending_info, auto_tasks, execution_plans, task_approvals, task_decisions, safety_audit_log, generated_apps, intent_classifications, designer_changes - Write apps to S3 drive and sync to SITE_ROOT for serving - Clean URL structure: /apps/{app_name}/ - Integrate with DriveMonitor for file sync Based on Chapter 17 - Autonomous Tasks specification
2025-12-27 21:10:09 -03:00
pub fn parse(s: &str) -> Option<Self> {
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
match s.to_lowercase().as_str() {
Fix clippy warnings: match arms, async/await, Debug impls, formatting - Fix match arms with identical bodies by consolidating patterns - Fix case-insensitive file extension comparisons using eq_ignore_ascii_case - Fix unnecessary Debug formatting in log/format macros - Fix clone_from usage instead of clone assignment - Fix let...else patterns where appropriate - Fix format! append to String using write! macro - Fix unwrap_or with function calls to use unwrap_or_else - Add missing fields to manual Debug implementations - Fix duplicate code in if blocks - Add type aliases for complex types - Rename struct fields to avoid common prefixes - Various other clippy warning fixes Note: Some 'unused async' warnings remain for functions that are called with .await but don't contain await internally - these are kept async for API compatibility.
2025-12-26 08:59:25 -03:00
"google" => Some(Self::Google),
"discord" => Some(Self::Discord),
"reddit" => Some(Self::Reddit),
"twitter" | "x" => Some(Self::Twitter),
"microsoft" => Some(Self::Microsoft),
"facebook" => Some(Self::Facebook),
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
_ => None,
}
}
pub fn config_prefix(&self) -> &'static str {
match self {
Fix clippy warnings: match arms, async/await, Debug impls, formatting - Fix match arms with identical bodies by consolidating patterns - Fix case-insensitive file extension comparisons using eq_ignore_ascii_case - Fix unnecessary Debug formatting in log/format macros - Fix clone_from usage instead of clone assignment - Fix let...else patterns where appropriate - Fix format! append to String using write! macro - Fix unwrap_or with function calls to use unwrap_or_else - Add missing fields to manual Debug implementations - Fix duplicate code in if blocks - Add type aliases for complex types - Rename struct fields to avoid common prefixes - Various other clippy warning fixes Note: Some 'unused async' warnings remain for functions that are called with .await but don't contain await internally - these are kept async for API compatibility.
2025-12-26 08:59:25 -03:00
Self::Google => "oauth-google",
Self::Discord => "oauth-discord",
Self::Reddit => "oauth-reddit",
Self::Twitter => "oauth-twitter",
Self::Microsoft => "oauth-microsoft",
Self::Facebook => "oauth-facebook",
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
}
}
pub fn display_name(&self) -> &'static str {
match self {
Fix clippy warnings: match arms, async/await, Debug impls, formatting - Fix match arms with identical bodies by consolidating patterns - Fix case-insensitive file extension comparisons using eq_ignore_ascii_case - Fix unnecessary Debug formatting in log/format macros - Fix clone_from usage instead of clone assignment - Fix let...else patterns where appropriate - Fix format! append to String using write! macro - Fix unwrap_or with function calls to use unwrap_or_else - Add missing fields to manual Debug implementations - Fix duplicate code in if blocks - Add type aliases for complex types - Rename struct fields to avoid common prefixes - Various other clippy warning fixes Note: Some 'unused async' warnings remain for functions that are called with .await but don't contain await internally - these are kept async for API compatibility.
2025-12-26 08:59:25 -03:00
Self::Google => "Google",
Self::Discord => "Discord",
Self::Reddit => "Reddit",
Self::Twitter => "Twitter",
Self::Microsoft => "Microsoft",
Self::Facebook => "Facebook",
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
}
}
pub fn icon(&self) -> &'static str {
match self {
Fix clippy warnings: match arms, async/await, Debug impls, formatting - Fix match arms with identical bodies by consolidating patterns - Fix case-insensitive file extension comparisons using eq_ignore_ascii_case - Fix unnecessary Debug formatting in log/format macros - Fix clone_from usage instead of clone assignment - Fix let...else patterns where appropriate - Fix format! append to String using write! macro - Fix unwrap_or with function calls to use unwrap_or_else - Add missing fields to manual Debug implementations - Fix duplicate code in if blocks - Add type aliases for complex types - Rename struct fields to avoid common prefixes - Various other clippy warning fixes Note: Some 'unused async' warnings remain for functions that are called with .await but don't contain await internally - these are kept async for API compatibility.
2025-12-26 08:59:25 -03:00
Self::Google
| Self::Discord
| Self::Reddit
| Self::Twitter
| Self::Microsoft
| Self::Facebook => "",
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
}
}
}
impl fmt::Display for OAuthProvider {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
write!(f, "{}", self.display_name())
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OAuthConfig {
pub provider: OAuthProvider,
pub client_id: String,
pub client_secret: String,
pub redirect_uri: String,
pub enabled: bool,
}
impl OAuthConfig {
pub fn new(
provider: OAuthProvider,
client_id: String,
client_secret: String,
redirect_uri: String,
) -> Self {
Self {
provider,
client_id,
client_secret,
redirect_uri,
enabled: true,
}
}
pub fn is_valid(&self) -> bool {
self.enabled
&& !self.client_id.is_empty()
&& !self.client_secret.is_empty()
&& !self.redirect_uri.is_empty()
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OAuthUserInfo {
pub provider_id: String,
Remove all code comments and fix ratatui version
2025-12-23 18:40:58 -03:00
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
pub provider: OAuthProvider,
Remove all code comments and fix ratatui version
2025-12-23 18:40:58 -03:00
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
pub email: Option<String>,
Remove all code comments and fix ratatui version
2025-12-23 18:40:58 -03:00
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
pub name: Option<String>,
Remove all code comments and fix ratatui version
2025-12-23 18:40:58 -03:00
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
pub avatar_url: Option<String>,
Remove all code comments and fix ratatui version
2025-12-23 18:40:58 -03:00
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
#[serde(skip_serializing_if = "Option::is_none")]
pub raw: Option<serde_json::Value>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OAuthTokenResponse {
pub access_token: String,
#[serde(default)]
pub token_type: String,
#[serde(default)]
pub expires_in: Option<i64>,
#[serde(default)]
pub refresh_token: Option<String>,
#[serde(default)]
pub scope: Option<String>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OAuthError {
pub error: String,
pub error_description: Option<String>,
}
impl fmt::Display for OAuthError {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
if let Some(desc) = &self.error_description {
write!(f, "{}: {}", self.error, desc)
} else {
write!(f, "{}", self.error)
}
}
}
impl std::error::Error for OAuthError {}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OAuthState {
pub token: String,
Remove all code comments and fix ratatui version
2025-12-23 18:40:58 -03:00
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
pub provider: OAuthProvider,
Remove all code comments and fix ratatui version
2025-12-23 18:40:58 -03:00
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
pub redirect_after: Option<String>,
Remove all code comments and fix ratatui version
2025-12-23 18:40:58 -03:00
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
pub created_at: i64,
}
impl OAuthState {
pub fn new(provider: OAuthProvider, redirect_after: Option<String>) -> Self {
use std::time::{SystemTime, UNIX_EPOCH};
let token = uuid::Uuid::new_v4().to_string();
let created_at = SystemTime::now()
.duration_since(UNIX_EPOCH)
feat(security): Complete security infrastructure implementation SECURITY MODULES ADDED: - security/auth.rs: Full RBAC with roles (Anonymous, User, Moderator, Admin, SuperAdmin, Service, Bot, BotOwner, BotOperator, BotViewer) and permissions - security/cors.rs: Hardened CORS (no wildcard in production, env-based config) - security/panic_handler.rs: Panic catching middleware with safe 500 responses - security/path_guard.rs: Path traversal protection, null byte prevention - security/request_id.rs: UUID request tracking with correlation IDs - security/error_sanitizer.rs: Sensitive data redaction from responses - security/zitadel_auth.rs: Zitadel token introspection and role mapping - security/sql_guard.rs: SQL injection prevention with table whitelist - security/command_guard.rs: Command injection prevention - security/secrets.rs: Zeroizing secret management - security/validation.rs: Input validation utilities - security/rate_limiter.rs: Rate limiting with governor crate - security/headers.rs: Security headers (CSP, HSTS, X-Frame-Options) MAIN.RS UPDATES: - Replaced tower_http::cors::Any with hardened create_cors_layer() - Added panic handler middleware - Added request ID tracking middleware - Set global panic hook SECURITY STATUS: - 0 unwrap() in production code - 0 panic! in production code - 0 unsafe blocks - cargo audit: PASS (no vulnerabilities) - Estimated completion: ~98% Remaining: Wire auth middleware to handlers, audit logs for sensitive data
2025-12-28 19:29:18 -03:00
.expect("system time after UNIX epoch")
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
.as_secs() as i64;
Self {
token,
provider,
redirect_after,
created_at,
}
}
pub fn is_expired(&self) -> bool {
use std::time::{SystemTime, UNIX_EPOCH};
let now = SystemTime::now()
.duration_since(UNIX_EPOCH)
feat(security): Complete security infrastructure implementation SECURITY MODULES ADDED: - security/auth.rs: Full RBAC with roles (Anonymous, User, Moderator, Admin, SuperAdmin, Service, Bot, BotOwner, BotOperator, BotViewer) and permissions - security/cors.rs: Hardened CORS (no wildcard in production, env-based config) - security/panic_handler.rs: Panic catching middleware with safe 500 responses - security/path_guard.rs: Path traversal protection, null byte prevention - security/request_id.rs: UUID request tracking with correlation IDs - security/error_sanitizer.rs: Sensitive data redaction from responses - security/zitadel_auth.rs: Zitadel token introspection and role mapping - security/sql_guard.rs: SQL injection prevention with table whitelist - security/command_guard.rs: Command injection prevention - security/secrets.rs: Zeroizing secret management - security/validation.rs: Input validation utilities - security/rate_limiter.rs: Rate limiting with governor crate - security/headers.rs: Security headers (CSP, HSTS, X-Frame-Options) MAIN.RS UPDATES: - Replaced tower_http::cors::Any with hardened create_cors_layer() - Added panic handler middleware - Added request ID tracking middleware - Set global panic hook SECURITY STATUS: - 0 unwrap() in production code - 0 panic! in production code - 0 unsafe blocks - cargo audit: PASS (no vulnerabilities) - Estimated completion: ~98% Remaining: Wire auth middleware to handlers, audit logs for sensitive data
2025-12-28 19:29:18 -03:00
.expect("system time after UNIX epoch")
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
.as_secs() as i64;
Remove all code comments and fix ratatui version
2025-12-23 18:40:58 -03:00
now - self.created_at > 600
feat(auth): Add OAuth login for Google, Discord, Reddit, Twitter, Microsoft, Facebook - Create core/oauth module with OAuthProvider enum and shared types - Implement providers.rs with auth URLs, token exchange, user info endpoints - Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks - Update login.html with OAuth button grid and dynamic provider loading - Add OAuth config settings to config.csv with setup documentation and links - Uses HTMX for login form, minimal JS for OAuth provider visibility
2025-12-04 22:53:40 -03:00
}
pub fn encode(&self) -> String {
use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
let json = serde_json::to_string(self).unwrap_or_default();
URL_SAFE_NO_PAD.encode(json.as_bytes())
}
pub fn decode(encoded: &str) -> Option<Self> {
use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
let bytes = URL_SAFE_NO_PAD.decode(encoded).ok()?;
let json = String::from_utf8(bytes).ok()?;
serde_json::from_str(&json).ok()
}
}
Reference in a new issue Copy permalink