generated from eblume/project-template
Erich Blume
f4db186234
Some checks failed
Build / validate (pull_request) Failing after 9s
Close the auth loop: clients obtain a bearer token and present it to the hub (tech-spec §13). - oauth module: DeviceFlow (RFC 8628 — discover, start, poll handling authorization_pending/slow_down, refresh) + StoredToken + TokenStore (OS keyring via `keyring`, in-memory for tests) + current_bearer (loads and refreshes-on-expiry). - heph auth login/logout: runs the device flow, prints the verification URL + user code, caches the token in the keyring. - sync_once gains a bearer arg; the daemon (Daemon::spawn_sync_loop + sync.now) obtains it via current_bearer; RemoteStore attaches it to /rpc. --oidc-issuer/--oidc-client-id configure the spoke/client. - Fix a latent panic: reqwest::blocking spins its own runtime and panics inside the daemon's spawn_blocking pool. All blocking auth/proxy HTTP (OidcVerifier JWKS, DeviceFlow, RemoteStore) now uses runtime-free `ureq`; async reqwest remains only for sync_once. (Caught by the new e2e test.) - Tests (offline): device flow + refresh + token store vs a mock OAuth server; a full spoke->authenticated-hub loop (valid token accepted, missing token rejected) signed by a runtime-generated RSA key. 112 tests green; clippy -D warnings + fmt + prek clean. Slice 10 (auth) complete; next is heph.nvim. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
41 lines
939 B
TOML
41 lines
939 B
TOML
[package]
|
|
name = "hephd"
|
|
description = "Hephaestus per-device daemon: owns the local store and serves surfaces over a unix socket."
|
|
edition.workspace = true
|
|
version.workspace = true
|
|
license.workspace = true
|
|
publish.workspace = true
|
|
authors.workspace = true
|
|
rust-version.workspace = true
|
|
|
|
[lib]
|
|
name = "hephd"
|
|
path = "src/lib.rs"
|
|
|
|
[[bin]]
|
|
name = "hephd"
|
|
path = "src/main.rs"
|
|
|
|
[dependencies]
|
|
heph-core = { path = "../heph-core" }
|
|
tokio.workspace = true
|
|
serde.workspace = true
|
|
serde_json.workspace = true
|
|
anyhow.workspace = true
|
|
thiserror.workspace = true
|
|
tracing.workspace = true
|
|
tracing-subscriber.workspace = true
|
|
clap.workspace = true
|
|
fs4.workspace = true
|
|
axum.workspace = true
|
|
jsonwebtoken.workspace = true
|
|
keyring.workspace = true
|
|
reqwest.workspace = true
|
|
ureq.workspace = true
|
|
|
|
[dev-dependencies]
|
|
tempfile = "3"
|
|
# Auth tests generate a throwaway RSA key + JWKS at runtime (no key in the repo).
|
|
rsa = "0.9"
|
|
rand = "0.8"
|
|
base64 = "0.22"
|