diff --git a/keyserver/addons/rust-node-addon/src/identity_client/mod.rs b/keyserver/addons/rust-node-addon/src/identity_client/mod.rs index 4503def77..9ac287d5d 100644 --- a/keyserver/addons/rust-node-addon/src/identity_client/mod.rs +++ b/keyserver/addons/rust-node-addon/src/identity_client/mod.rs @@ -1,139 +1,139 @@ pub mod compare_users; pub mod delete_user; pub mod login_user; pub mod register_user; pub mod identity { tonic::include_proto!("identity.keyserver"); } pub mod update_user; use comm_opaque::Cipher; use identity::identity_keyserver_service_client::IdentityKeyserverServiceClient; use identity::{ login_request::Data::PakeLoginRequest, login_request::Data::WalletLoginRequest, login_response::Data::PakeLoginResponse as LoginPakeLoginResponse, login_response::Data::WalletLoginResponse, pake_login_request::Data::PakeCredentialFinalization as LoginPakeCredentialFinalization, pake_login_request::Data::PakeCredentialRequestAndUserId, pake_login_response::Data::AccessToken, pake_login_response::Data::PakeCredentialResponse, registration_request::Data::PakeCredentialFinalization as RegistrationPakeCredentialFinalization, registration_request::Data::PakeRegistrationRequestAndUserId, registration_request::Data::PakeRegistrationUploadAndCredentialRequest, registration_response::Data::PakeLoginResponse as RegistrationPakeLoginResponse, registration_response::Data::PakeRegistrationResponse, CompareUsersRequest, DeleteUserRequest, LoginRequest, LoginResponse, PakeCredentialRequestAndUserId as PakeCredentialRequestAndUserIdStruct, PakeLoginRequest as PakeLoginRequestStruct, PakeLoginResponse as PakeLoginResponseStruct, PakeRegistrationRequestAndUserId as PakeRegistrationRequestAndUserIdStruct, PakeRegistrationUploadAndCredentialRequest as PakeRegistrationUploadAndCredentialRequestStruct, RegistrationRequest, RegistrationResponse as RegistrationResponseMessage, SessionInitializationInfo, WalletLoginRequest as WalletLoginRequestStruct, WalletLoginResponse as WalletLoginResponseStruct, }; use lazy_static::lazy_static; use napi::bindgen_prelude::*; use opaque_ke::{ ClientLogin, ClientLoginFinishParameters, ClientLoginStartParameters, ClientLoginStartResult, ClientRegistration, ClientRegistrationFinishParameters, CredentialFinalization, CredentialResponse, RegistrationResponse, RegistrationUpload, }; use rand::{rngs::OsRng, CryptoRng, Rng}; use serde::{Deserialize, Serialize}; use std::collections::HashMap; use std::env::var; use tokio::sync::mpsc; use tokio_stream::wrappers::ReceiverStream; use tonic::{metadata::MetadataValue, transport::Channel, Code, Request}; use tracing::{error, instrument}; lazy_static! { static ref IDENTITY_SERVICE_CONFIG: IdentityServiceConfig = { let config_json_string = var("COMM_JSONCONFIG_secrets_identity_service_config"); match config_json_string { Ok(json) => serde_json::from_str(&json).unwrap(), Err(_) => IdentityServiceConfig::default(), } }; } #[derive(Serialize, Deserialize)] #[serde(rename_all = "camelCase")] struct IdentityServiceConfig { identity_socket_addr: String, identity_auth_token: String, } impl Default for IdentityServiceConfig { fn default() -> Self { Self { - identity_socket_addr: "https://[::1]:50051".to_string(), + identity_socket_addr: "https://[::1]:50054".to_string(), identity_auth_token: "test".to_string(), } } } fn handle_unexpected_response(message: Option) -> Error { error!("Received an unexpected message: {:?}", message); Error::from_status(Status::GenericFailure) } async fn send_to_mpsc(tx: mpsc::Sender, request: T) -> Result<()> { if let Err(e) = tx.send(request).await { error!("Response was dropped: {}", e); return Err(Error::from_status(Status::GenericFailure)); } Ok(()) } fn pake_login_start( rng: &mut (impl Rng + CryptoRng), password: &str, ) -> Result> { ClientLogin::::start( rng, password.as_bytes(), ClientLoginStartParameters::default(), ) .map_err(|e| { error!("Failed to start PAKE login: {}", e); Error::from_status(Status::GenericFailure) }) } fn pake_login_finish( credential_response_bytes: &[u8], client_login: ClientLogin, ) -> Result> { client_login .finish( CredentialResponse::deserialize(credential_response_bytes).map_err( |e| { error!("Could not deserialize credential response bytes: {}", e); Error::from_status(Status::GenericFailure) }, )?, ClientLoginFinishParameters::default(), ) .map_err(|e| { error!("Failed to finish PAKE login: {}", e); Error::from_status(Status::GenericFailure) }) .map(|res| res.message) } async fn get_identity_service_channel() -> Result { Channel::from_static(&IDENTITY_SERVICE_CONFIG.identity_socket_addr) .connect() .await .map_err(|_| { Error::new( Status::GenericFailure, "Unable to connect to identity service".to_string(), ) }) } diff --git a/services/docker-compose.yml b/services/docker-compose.yml index 334a7a691..62c9f8766 100644 --- a/services/docker-compose.yml +++ b/services/docker-compose.yml @@ -1,102 +1,102 @@ version: '3.9' volumes: localstack: services: # tunnelbroker tunnelbroker-server: depends_on: - localstack - rabbitmq build: dockerfile: services/tunnelbroker/Dockerfile context: ../ args: - COMM_TEST_SERVICES=${COMM_TEST_SERVICES} - COMM_SERVICES_SANDBOX=${COMM_SERVICES_SANDBOX} image: commapp/tunnelbroker-server:0.2 ports: - '${COMM_SERVICES_PORT_TUNNELBROKER}:50051' volumes: - $HOME/.aws/config:/root/.aws/config:ro - $HOME/.aws/credentials:/root/.aws/credentials:ro - ./tunnelbroker/tunnelbroker.ini:/root/tunnelbroker/tunnelbroker.ini:ro - ./tunnelbroker/tunnelbroker-sandbox.ini:/root/tunnelbroker/tunnelbroker-sandbox.ini:ro # backup backup-server: depends_on: - localstack - blob-server build: dockerfile: services/backup/Dockerfile context: ../ args: - COMM_TEST_SERVICES=${COMM_TEST_SERVICES} - COMM_SERVICES_SANDBOX=${COMM_SERVICES_SANDBOX} - LOCALSTACK_URL=http://localstack:4566 - BLOB_SERVICE_URL=http://blob-server:50051 image: commapp/backup-server:0.1 ports: - '${COMM_SERVICES_PORT_BACKUP}:50051' volumes: - $HOME/.aws/credentials:/home/comm/.aws/credentials:ro # blob blob-server: depends_on: - localstack build: dockerfile: services/blob/Dockerfile context: ../ args: - COMM_TEST_SERVICES=${COMM_TEST_SERVICES} - COMM_SERVICES_SANDBOX=${COMM_SERVICES_SANDBOX} image: commapp/blob-server:0.1 ports: - '${COMM_SERVICES_PORT_BLOB}:50051' volumes: - $HOME/.aws/config:/home/comm/.aws/config:ro - $HOME/.aws/credentials:/home/comm/.aws/credentials:ro # identity identity-server: depends_on: - localstack build: dockerfile: services/identity/Dockerfile context: ../ image: commapp/identity-server:0.1 ports: - - '${COMM_SERVICES_PORT_IDENTITY}:50051' + - '${COMM_SERVICES_PORT_IDENTITY}:50054' feature-flags-server: depends_on: - localstack build: dockerfile: services/feature-flags/Dockerfile context: ../ image: commapp/feature-flags:0.1 ports: - '${COMM_SERVICES_PORT_FEATURE_FLAGS}:50051' volumes: - $HOME/.aws/config:/home/comm/.aws/config:ro - $HOME/.aws/credentials:/home/comm/.aws/credentials:ro # localstack localstack: image: localstack/localstack hostname: localstack ports: - '4566:4566' environment: - SERVICES=s3,dynamodb - DATA_DIR=/tmp/localstack - HOSTNAME_EXTERNAL=localstack volumes: - localstack:/tmp/localstack # RabbitMQ rabbitmq: image: rabbitmq:3-management hostname: rabbitmq ports: - '5672:5672' - '5671:5671' - '15672:15672' environment: - RABBITMQ_DEFAULT_USER=comm - RABBITMQ_DEFAULT_PASS=comm diff --git a/services/identity/src/constants.rs b/services/identity/src/constants.rs index 1300db0da..b2a3d2653 100644 --- a/services/identity/src/constants.rs +++ b/services/identity/src/constants.rs @@ -1,48 +1,48 @@ // Secrets pub const SECRETS_DIRECTORY: &str = "secrets"; pub const SECRETS_FILE_NAME: &str = "secret_key"; pub const SECRETS_FILE_EXTENSION: &str = "txt"; // DynamoDB pub const USERS_TABLE: &str = "identity-users"; pub const USERS_TABLE_PARTITION_KEY: &str = "userID"; pub const USERS_TABLE_REGISTRATION_ATTRIBUTE: &str = "pakeRegistrationData"; pub const USERS_TABLE_USERNAME_ATTRIBUTE: &str = "username"; pub const USERS_TABLE_DEVICES_ATTRIBUTE: &str = "devices"; pub const USERS_TABLE_DEVICE_ATTRIBUTE_NAME: &str = "device"; pub const USERS_TABLE_DEVICES_MAP_ATTRIBUTE_NAME: &str = "signingPublicKey"; pub const USERS_TABLE_WALLET_ADDRESS_ATTRIBUTE: &str = "walletAddress"; pub const USERS_TABLE_USERNAME_INDEX: &str = "username-index"; pub const USERS_TABLE_WALLET_ADDRESS_INDEX: &str = "walletAddress-index"; pub const USERS_TABLE_INITIALIZATION_INFO: &str = "initializationInfo"; pub const ACCESS_TOKEN_TABLE: &str = "identity-tokens"; pub const ACCESS_TOKEN_TABLE_PARTITION_KEY: &str = "userID"; pub const ACCESS_TOKEN_SORT_KEY: &str = "signingPublicKey"; pub const ACCESS_TOKEN_TABLE_CREATED_ATTRIBUTE: &str = "created"; pub const ACCESS_TOKEN_TABLE_AUTH_TYPE_ATTRIBUTE: &str = "authType"; pub const ACCESS_TOKEN_TABLE_VALID_ATTRIBUTE: &str = "valid"; pub const ACCESS_TOKEN_TABLE_TOKEN_ATTRIBUTE: &str = "token"; pub const NONCE_TABLE: &str = "identity-nonces"; pub const NONCE_TABLE_PARTITION_KEY: &str = "nonce"; pub const NONCE_TABLE_CREATED_ATTRIBUTE: &str = "created"; // Tokio pub const MPSC_CHANNEL_BUFFER_CAPACITY: usize = 1; -pub const IDENTITY_SERVICE_SOCKET_ADDR: &str = "[::]:50051"; +pub const IDENTITY_SERVICE_SOCKET_ADDR: &str = "[::]:50054"; // Token pub const ACCESS_TOKEN_LENGTH: usize = 512; // Temporary config pub const AUTH_TOKEN: &str = "COMM_IDENTITY_SERVICE_AUTH_TOKEN"; // Nonce pub const NONCE_LENGTH: usize = 17; diff --git a/services/identity/src/main.rs b/services/identity/src/main.rs index 3cdbb0399..60cbd7533 100644 --- a/services/identity/src/main.rs +++ b/services/identity/src/main.rs @@ -1,67 +1,69 @@ use clap::{Parser, Subcommand}; use database::DatabaseClient; use interceptor::check_auth; use tonic::transport::Server; use tracing_subscriber::FmtSubscriber; mod config; mod constants; mod database; mod interceptor; mod keygen; mod nonce; mod pake_grpc; mod service; mod token; use config::load_config; use constants::{IDENTITY_SERVICE_SOCKET_ADDR, SECRETS_DIRECTORY}; use keygen::generate_and_persist_keypair; use service::{IdentityKeyserverServiceServer, MyIdentityService}; +use tracing::info; #[derive(Parser)] #[clap(author, version, about, long_about = None)] #[clap(propagate_version = true)] struct Cli { #[clap(subcommand)] command: Commands, } #[derive(Subcommand)] enum Commands { /// Runs the server Server, /// Generates and persists a keypair to use for PAKE registration and login Keygen { #[clap(short, long)] #[clap(default_value_t = String::from(SECRETS_DIRECTORY))] dir: String, }, /// Populates the `identity-users` table in DynamoDB from MySQL PopulateDB, } #[tokio::main] async fn main() -> Result<(), Box> { let subscriber = FmtSubscriber::new(); tracing::subscriber::set_global_default(subscriber)?; let cli = Cli::parse(); match &cli.command { Commands::Keygen { dir } => { generate_and_persist_keypair(dir)?; } Commands::Server => { load_config(); let addr = IDENTITY_SERVICE_SOCKET_ADDR.parse()?; let aws_config = aws_config::from_env().region("us-east-2").load().await; let database_client = DatabaseClient::new(&aws_config); let server = MyIdentityService::new(database_client); let svc = IdentityKeyserverServiceServer::with_interceptor(server, check_auth); + info!("Listening to gRPC traffic on {}", addr); Server::builder().add_service(svc).serve(addr).await?; } Commands::PopulateDB => unimplemented!(), } Ok(()) }