fxbox / users Goto Github PK

Project Link user management and authentication lib

Home Page: https://wiki.mozilla.org/Project_Link

License: Mozilla Public License 2.0

Rust 100.00%

users's Introduction

Project Link Users

This crate implements a user management and authentication library for the first iteration of Project Link. It is currently used by FoxBox, the core of Project Link. It intentionally allows only the registration and authentication of a single user, although the database module is ready for a multi-user scenario. The crate is being built with Project Link's requirements in mind, but it is completely independent from it and could be reused and extended for other purposes.

The main modules that this crate exposes are:

users_router: Allows the extension of an Iron based server with the user management routes. You can read more about the HTTP API that is exposed on these routes on the API documentation.
users_db: This module allows direct modification of the users' database. Based on rusqlite.
auth_middleware: Iron middleware that allows the authentication of specific endpoints.

Usage

Rust

Currently v1.10.x nightly is required

$ rustc -V
rustc 1.10.0-nightly (62e2b2fb7 2016-05-06)

It's recommended that you use multirust to install and switch between versions of Rust.

$ multirust override nightly-2016-05-07

Exposing the HTTP API

extern crate foxbox_users;
extern crate iron;

use foxbox_users::{ EmailDispatcher, UsersManager };
use iron::prelude::*;

fn main() {
    let mut manager = UsersManager::new("sqlite_db.sqlite");
    manager.setup_invitation_middleware("http://knilxof.org:4000".to_owned(),
                                        "https://remote.whatever.knilxof.org".to_owned());
    Iron::new(manager.get_router_chain()).http("localhost:3000").unwrap();
}

Authenticating endpoints

extern crate foxbox_users;
extern crate iron;
extern crate router;

use foxbox_users::{ AuthEndpoint, UsersManager };
use iron::method::Method;
use iron::prelude::*;
use iron::status;
use router::Router;
use std::thread;
use std::time::Duration;

fn dummy_handler(_: &mut Request) -> IronResult<Response> {
    Ok(Response::with(status::Ok))
}

fn main() {
    let manager = UsersManager::new("sqlite_db.sqlite");
    let mut router =  Router::new();
    router.get("/authenticated", dummy_handler);
    router.get("/authenticated2", dummy_handler);
    router.get("/not_authenticated", dummy_handler);

    let mut chain = Chain::new(router);
    let mut middleware = manager.get_middleware(
        vec![AuthEndpoint(vec![Method::Get, Method::Delete],
                          "/authenticated".to_owned())]
    );

    chain.link_around(middleware.clone());

    thread::spawn(move || {
        println!("Adding new auth endpoint");
        thread::sleep(Duration::from_millis(3000));
        // Add new authenticated endpoints after the middleware has been given
        // to the Iron chain and the Iron server has started.
        middleware.add_auth_endpoints(vec![
             AuthEndpoint(vec![Method::Get],
                          "/authenticated2".to_owned())
        ]);
    });

    Iron::new(chain).http("localhost:3000").unwrap();
}

Direct access to users database

extern crate foxbox_users;

use foxbox_users::{ReadFilter, UserBuilder};

fn main() {
    let manager = UsersManager::new("sqlite_db.sqlite");
    let db = manager.get_db();
    let user = UserBuilder::new()
        .name("MrFox")
        .email("[email protected]")
        .password("pass12345678")
        .finalize()
        .unwrap();
    db.create(&user).unwrap();
    match db.read(ReadFilter::All) {
        Ok(users) => {
            println!("Users {:?}", users);
        },
        Err(err) => println!("{}", err)
    }
}

Contributing

Note: We're in an iterative prototyping phase of the project. Things are moving really fast so it may be easier to contribute when the dust starts to settle. You've been warned.

Forks and feature branches

You should fork the main repo and create pull requests against feature branches of your fork. If you need some guidance with this see:

Setup

$ git clone [email protected]:<username>/users.git
$ cd users

Building the lib

$ cargo build

Rust tests

$ cargo test

Documentation

$ cargo doc

Then open ./target/doc/foxbox_users/index.html. There is not online version available yet.

users's People

Contributors

Stargazers

Watchers

Forkers

arcturus ferjm aosmond fabricedesre

users's Issues

Put test dependency out of regular build

Implement backoff protocol

We need a backoff protocol to request that clients enter a "backoff" state in which they avoid making further requests in periods of heavy load or in the case that a single client makes too many requests in a short period of time.

We can probably abstract this so it can be reused in foxbox and other servers.

Bump nightly version

The foxbox project has updated their nightly version to 2-22, we should keep in sync with that version too

See fxbox/foxbox#81

Add a limited ttl to tokens and implement refresh auth flow

Use bcrypt for storing passwords

MD5 is not sufficient. Let's use bcrypt instead.

Keep in sync rust version with foxbox

FoxBox is using a pinned version of rust nightly.

Return session JWT on successful POST /setup request

Persist users in disk

Right now we are using an in memory sqlite db. We need to change this to a disk db when using the crate and keep in memory for testing

Get rid of not implemented endpoints

UsersDb::read should get a filter parameter

Right now UsersDb::read returns the whole database. For the basic login feature, we need at least a way to retrieve a record by its id.

Update rust nightly to 03-07

Following the changes in the foxbox project:

fxbox/foxbox#147

we should update the version too.

Hide /setup endpoint or reject new requests if admin user already exists

Run tests on Travis

We need to run the tests automatically on Travis.

Review strings usage

Because of my lack of experience in Rust I found myself copying strings all over the place. I'm pretty sure we can use &str in many situations where String is currently used.

Restrict setup call to same-origin

https://github.com/fxbox/users/blob/master/doc/API.md#post-setup will be called from the setup app on http://foxbox.local/, so we can serve more restrictive CORS for this specific API call.

POST /login

Fail to response with errno 102 and message in case of password shorter than 8 chars

Move code into foxbox

I read the readme and I can appreicate the intent to make something that can be resued and extended. But right now, the coupling is tight and specific to foxbox and the extra layer of indirection doesn't help us either.

Making a iron-user-module crate is a different goal than building Project Link and I don't think we should sign up for that. I've created a few user systems before 😉 and based on experience, this stuff is better as a boilerplate than of a library/crate.

With that said, I feel strongly that we should merge this repo with foxbox. There should only be 5-6 files to move over into a module directory. I can help doing this.

📟 @fabricedesre @ferjm @arcturus

Refactor auth middleware

Right now the authentication middleware owns the list of authenticated endpoints. That means that we need to know in advance the endpoints that need authentication, which is not the case for FoxBox, where services are added/removed when they are detected.

Improve readme.md

Interview partners for research about communication in GitHub projects wanted

Hi. My name is Verena Ebert, and I am a PhD student at the University of Stuttgart in Germany.
A few months ago, I have examined 90 GitHub projects to see what communication channels they use and how they write about them in the written documents, for example README or wiki. If you are interested in the previous results, you can find them here:
https://arxiv.org/abs/2205.01440
Your project was one of these 90 projects and, therefore, I am interested in further details about your communication setup.

To gather more data about your communication setup, I kindly ask one of the maintainers to do an interview with me. The interview will be about 30-35 minutes long and via Skype, WebEx or any other provider you prefer. The interviews should be done in November 2022, if possible.

In this interview, I would like to ask some questions about the reasons behind the channels, to understand the thoughts of the maintainers in addition to the written information.

The long goal of my PhD is to understand how communication works in GitHub projects and how a good set of communication channels and information for other maintainers and developers looks like. One possible outcome is a COMMUNICATION.md with instructions and tips about which channels could be useful and how these channels should be introduced to other projects participants. Of course, if you are interested, I will keep you up to date about any further results in my research.

If you are interested in doing an interview, please respond here or contact me via email ([email protected]). We will then make an appointment for the interview at a time and date that suits you.

If you agree, I would like to record the interview and transcribe the spoken texts into anonymized written texts. In this case, I will send you the transcript for corrections afterwards. Only if you agree, the transcripts or parts of it would be part of a publication.