// dead rust-lang/rustfmt/pull/5394 :( #![feature( decl_macro, duration_constructors, iterator_try_collect, never_type, once_cell_try, seek_stream_len )] #![allow(clippy::future_not_send)] // will get to fix these later //! # About, Licensing and More //! //! Check the README.md for entry-level documentation. //! //! # Where is my documentation? //! //! For ease of development and centralized **corrent** information, this codebase will serve both //! as project documentation AND documentation for the behavior of the OpenID Connect server. //! //! Might be hard to figure out how the program behaves based on the code, but I will try to put //! behavior parameters in [`consts`], so that might be a good starting point to know some stuff //! (e.g. profile profile picture search path). //! //! Checking out [`conf`] might be useful too to know what could've been configured by server //! administrators and less likely but maybe there can also be certain parameters in [`args`]. //! //! I will try to keep those 3 modules as documented as possible, please feel free to open any //! issues/PRs regarding information in there. //! //! # Public Information //! //! To make sure this application doesn't expose any public imformation it's important to define //! what public information we are willing to expose. The application deals with user information //! so it must leak at least some information, to make sure we don't overreach, we must have clear //! where we draw the line. //! //! By default all information is private, but this application might leak by default: //! //! - **User system information:** Unix's UID of a given username. //! - **User profile pictures:** See [`consts::USER_PFP_PATHS`]. //! - **User's `autorized_ssh_keys`:** See [`consts::AUTHORIZED_KEYS_PATH`]. //! //! Note that no file information within user's home can be accessed until the user adds `o+x` //! permissions on their home directory. Once this is done, only state of files regarding the //! previous can be publicly accessible, there's no arbirtary path reading. //! //! Any user information is checked ASAP against the allowed groups (see [`conf::Unix::groups`]) to //! fail fast without exposing any personal information for users alien to these groups. That means //! that any reference to the "user", will assume its already from an allowed group, if its not a //! group member, it will be treated as nonexistent. //! //! Information about existance of a user alien to the configured groups might vulnerable to timing //! attacks though. //! //! TODO: This was clearly defined after some API was already written so these assumptions will //! need to be reviewed for the old code (notably pfp logic). use std::fs::File; use clap::Parser; use crate::ext::FileExt as _; pub mod args; pub mod auth; pub mod conf; pub mod consts; pub mod db; pub mod ext; pub mod serdes; pub mod server; pub mod utils; #[tokio::main] async fn main() -> anyhow::Result<()> { let args = args::Args::parse(); #[cfg(feature = "log")] env_logger::init_from_env(env_logger::Env::new().default_filter_or("info")); let conf = if let Some(conf) = File::try_open(&args.conf) { conf::Config::from_toml_file(&mut conf?)? } else { println!( "\x1b[30;43mWRN\x1b[0m: \x1b[35m{:?}\x1b[0m not found, using default configuration", args.conf.display() ); conf::Config::default() }; // o tsukare su-mmer, awaaai yumeniii shiii oooo-tome, wa, hitoshireeeezu, cryyyyying // (idek japanese but im vibing) println!("\n\x1b[1;3;4;33mConfiguration\x1b[0m: {conf:#?}\n"); server::start_app(args, conf, db::DB::new()).await?; Ok(()) }