Merge pull request #105 from sebadob/rauthy-notify-crate

Rauthy notify crate
sebadob · Oct 27, 2023 · 8767389 · 8767389
2 parents c76c208 + 2358c96
commit 8767389
Show file tree

Hide file tree

Showing 26 changed files with 2,264 additions and 347 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -5,6 +5,7 @@ members = [
     "rauthy-handlers",
     "rauthy-main",
     "rauthy-models",
+    "rauthy-notify",
     "rauthy-service",
 ]
 
@@ -32,6 +33,7 @@ actix-web-lab = "0.19"
 argon2 = { version = "0.5", features = ["std", "zeroize"] }
 askama = { version = "0.12", features = ["with-actix-web"] }
 askama_actix = "0.14"
+async-trait = "0.1.74"
 bincode = "1"
 chacha20poly1305 = { version = "0.10", features = ["std"] }
 chrono = { version = "0.4", default-features = false, features = ["clock", "serde", "std"] }
@@ -50,6 +52,7 @@ rand = "0.8"
 rand_core = { version = "0.6", features = ["std"] }
 redhac = "0.8.0"
 regex = "1"
+reqwest = { version = "0.11", default-features = false, features = ["json", "rustls-tls"] }
 ring = "0.17"
 semver = { version = "1.0.19", features = ["serde"] }
 serde = { version = "1", features = ["derive"] }

diff --git a/dev_notes.md b/dev_notes.md
@@ -3,16 +3,16 @@
 ## CURRENT WORK
 
 - admin ui component to show blacklisted IPs
+- maybe functionality to manually blacklist IPs?
 
 ## TODO v0.17
 
-
-- add a mechanism to detect DoS attempts
 - admin ui component for the new ApiKeys
-- maybe functionality to manually blacklist IPs?
+- add event for a user password reset
 - rauthy-notify crate for matrix + slack notifiers
 - latest app version check via github api
 - show current app version in admin ui
+- add event for new app version available
 
 ## Stage 1 - essentials
 

diff --git a/docs/config/config.html b/docs/config/config.html
@@ -371,23 +371,39 @@ <h1 id="reference-config"><a class="header" href="#reference-config">Reference C
 ######### EVENTS / AUDIT ############
 #####################################
 
-# The E-Mail address event notifications should be sent to
+# The E-Mail address event notifications should be sent to.
+# If left empty, no messages will be sent to Slack.
 #EVENT_EMAIL=admin@localhost.de
 
-# The notification level for events. Works the same way as a 
-# logging level. For instance: 'notice' means send out a 
-# notifications for all events with the info level or higher.
+# TODO MATRIX
+# If left empty, no messages will be sent to Slack.
+#EVENT_MATRIX_SERVER=
+#EVENT_MATRIX_SERVER=
+#EVENT_MATRIX_SERVER=
+
+# The Webhook for Slack Notifications.
+# If left empty, no messages will be sent to Slack.
+#EVENT_SLACK_WEBHOOK=
+
+# TODO Matrix
+
+# The notification level for events. Works the same way as a logging level. For instance:
+# 'notice' means send out a notifications for all events with the info level or higher.
 # Possible values:
 # - info
 # - notice
 # - warning
 # - critical
+#
+# default: 'warning'
+EVENT_NOTIFY_LEVEL_EMAIL=warning
 # default: 'notice'
-EVENT_NOTIFY_LEVEL=notice
+EVENT_NOTIFY_LEVEL_MATRIX=notice
+# default: 'notice'
+EVENT_NOTIFY_LEVEL_SLACK=notice
 
-# Define the level from which on events should be persisted 
-# inside the database. All events with a lower level will be 
-# lost, if there is no active event subscriber.
+# Define the level from which on events should be persisted inside the database.
+# All events with a lower level will be lost, if there is no active event subscriber.
 # Possible values:
 # - info
 # - notice
@@ -396,47 +412,41 @@ <h1 id="reference-config"><a class="header" href="#reference-config">Reference C
 # default: 'info'
 EVENT_PERSIST_LEVEL=info
 
-# Define the number of days when events should be cleaned up 
-# from the database.
+# Define the number of days when events should be cleaned up from the database.
 # default: 31
 EVENT_CLEANUP_DAYS=31
 
-# The level for the generated Event after a new user has been 
-# registered.
+# The level for the generated Event after a new user has been registered.
 # default: info
 EVENT_LEVEL_NEW_USER=info
-# The level for the generated Event after a user has changed 
-# his E-Mail
+# The level for the generated Event after a user has changed his E-Mail
 # default: notice
 EVENT_LEVEL_USER_EMAIL_CHANGE=notice
-# The level for the generated Event after a user has been given 
-# the 'rauthy_admin' role
+# The level for the generated Event after a user has been given the 'rauthy_admin' role
 # default: notice
 EVENT_LEVEL_RAUTHY_ADMIN=notice
+# The level for the generated Event after a new App version has been found
+# default: notice
+EVENT_LEVEL_RAUTHY_VERSION=notice
 # The level for the generated Event after the JWKS has been rotated
 # default: notice
 EVENT_LEVEL_JWKS_ROTATE=notice
-# The level for the generated Event after DB secrets have been 
-# migrated to a new key
+# The level for the generated Event after DB secrets have been migrated to a new key
 # default: notice
 EVENT_LEVEL_SECRETS_MIGRATED=notice
-# The level for the generated Event after a Rauthy instance 
-# has been started
+# The level for the generated Event after a Rauthy instance has been started
 # default: info
 EVENT_LEVEL_RAUTHY_START=info
-# The level for the generated Event after a Rauthy entered a 
-# healthy state (again)
+# The level for the generated Event after a Rauthy entered a healthy state (again)
 # default: notice
 EVENT_LEVEL_RAUTHY_HEALTHY=notice
-# The level for the generated Event after a Rauthy entered an 
-# unhealthy state
+# The level for the generated Event after a Rauthy entered an unhealthy state
 # default: critical
 EVENT_LEVEL_RAUTHY_UNHEALTHY=critical
 # The level for the generated Event after an IP has been blacklisted
 # default: warning
 EVENT_LEVEL_IP_BLACKLISTED=warning
-# The level for the generated Event after certain amounts of 
-# false logins from an IP
+# The level for the generated Event after certain amounts of false logins from an IP
 # default: criticao
 EVENT_LEVEL_FAILED_LOGINS_25=critical
 # default: criticao
@@ -450,6 +460,13 @@ <h1 id="reference-config"><a class="header" href="#reference-config">Reference C
 # default: info
 EVENT_LEVEL_FAILED_LOGIN=info
 
+# If set to 'true', it will disable the app version checker.
+# This is a scheduled task that looks up the latest version periodically
+# by doing a request to the Github API to check the latest release.
+# This ignores any type of prerelease and will only notify for a new stable.
+# default: false
+#DISABLE_APP_VERSION_CHECK=false
+
 #####################################
 ####### LIFETIMES / TIMEOUTS ########
 #####################################

diff --git a/docs/print.html b/docs/print.html
@@ -1530,23 +1530,39 @@ <h4 id="config-adjustements---rest-api"><a class="header" href="#config-adjustem
 ######### EVENTS / AUDIT ############
 #####################################
 
-# The E-Mail address event notifications should be sent to
+# The E-Mail address event notifications should be sent to.
+# If left empty, no messages will be sent to Slack.
 #EVENT_EMAIL=admin@localhost.de
 
-# The notification level for events. Works the same way as a 
-# logging level. For instance: 'notice' means send out a 
-# notifications for all events with the info level or higher.
+# TODO MATRIX
+# If left empty, no messages will be sent to Slack.
+#EVENT_MATRIX_SERVER=
+#EVENT_MATRIX_SERVER=
+#EVENT_MATRIX_SERVER=
+
+# The Webhook for Slack Notifications.
+# If left empty, no messages will be sent to Slack.
+#EVENT_SLACK_WEBHOOK=
+
+# TODO Matrix
+
+# The notification level for events. Works the same way as a logging level. For instance:
+# 'notice' means send out a notifications for all events with the info level or higher.
 # Possible values:
 # - info
 # - notice
 # - warning
 # - critical
+#
+# default: 'warning'
+EVENT_NOTIFY_LEVEL_EMAIL=warning
 # default: 'notice'
-EVENT_NOTIFY_LEVEL=notice
+EVENT_NOTIFY_LEVEL_MATRIX=notice
+# default: 'notice'
+EVENT_NOTIFY_LEVEL_SLACK=notice
 
-# Define the level from which on events should be persisted 
-# inside the database. All events with a lower level will be 
-# lost, if there is no active event subscriber.
+# Define the level from which on events should be persisted inside the database.
+# All events with a lower level will be lost, if there is no active event subscriber.
 # Possible values:
 # - info
 # - notice
@@ -1555,47 +1571,41 @@ <h4 id="config-adjustements---rest-api"><a class="header" href="#config-adjustem
 # default: 'info'
 EVENT_PERSIST_LEVEL=info
 
-# Define the number of days when events should be cleaned up 
-# from the database.
+# Define the number of days when events should be cleaned up from the database.
 # default: 31
 EVENT_CLEANUP_DAYS=31
 
-# The level for the generated Event after a new user has been 
-# registered.
+# The level for the generated Event after a new user has been registered.
 # default: info
 EVENT_LEVEL_NEW_USER=info
-# The level for the generated Event after a user has changed 
-# his E-Mail
+# The level for the generated Event after a user has changed his E-Mail
 # default: notice
 EVENT_LEVEL_USER_EMAIL_CHANGE=notice
-# The level for the generated Event after a user has been given 
-# the 'rauthy_admin' role
+# The level for the generated Event after a user has been given the 'rauthy_admin' role
 # default: notice
 EVENT_LEVEL_RAUTHY_ADMIN=notice
+# The level for the generated Event after a new App version has been found
+# default: notice
+EVENT_LEVEL_RAUTHY_VERSION=notice
 # The level for the generated Event after the JWKS has been rotated
 # default: notice
 EVENT_LEVEL_JWKS_ROTATE=notice
-# The level for the generated Event after DB secrets have been 
-# migrated to a new key
+# The level for the generated Event after DB secrets have been migrated to a new key
 # default: notice
 EVENT_LEVEL_SECRETS_MIGRATED=notice
-# The level for the generated Event after a Rauthy instance 
-# has been started
+# The level for the generated Event after a Rauthy instance has been started
 # default: info
 EVENT_LEVEL_RAUTHY_START=info
-# The level for the generated Event after a Rauthy entered a 
-# healthy state (again)
+# The level for the generated Event after a Rauthy entered a healthy state (again)
 # default: notice
 EVENT_LEVEL_RAUTHY_HEALTHY=notice
-# The level for the generated Event after a Rauthy entered an 
-# unhealthy state
+# The level for the generated Event after a Rauthy entered an unhealthy state
 # default: critical
 EVENT_LEVEL_RAUTHY_UNHEALTHY=critical
 # The level for the generated Event after an IP has been blacklisted
 # default: warning
 EVENT_LEVEL_IP_BLACKLISTED=warning
-# The level for the generated Event after certain amounts of 
-# false logins from an IP
+# The level for the generated Event after certain amounts of false logins from an IP
 # default: criticao
 EVENT_LEVEL_FAILED_LOGINS_25=critical
 # default: criticao
@@ -1609,6 +1619,13 @@ <h4 id="config-adjustements---rest-api"><a class="header" href="#config-adjustem
 # default: info
 EVENT_LEVEL_FAILED_LOGIN=info
 
+# If set to 'true', it will disable the app version checker.
+# This is a scheduled task that looks up the latest version periodically
+# by doing a request to the Github API to check the latest release.
+# This ignores any type of prerelease and will only notify for a new stable.
+# default: false
+#DISABLE_APP_VERSION_CHECK=false
+
 #####################################
 ####### LIFETIMES / TIMEOUTS ########
 #####################################

diff --git a/docs/searchindex.js b/docs/searchindex.js
diff --git a/docs/searchindex.json b/docs/searchindex.json
diff --git a/rauthy-book/src/config/config.md b/rauthy-book/src/config/config.md
@@ -222,18 +222,47 @@ JWK_AUTOROTATE_CRON="0 30 3 1 * * *"
 ######### EVENTS / AUDIT ############
 #####################################
 
-# The E-Mail address event notifications should be sent to
+# The E-Mail address event notifications should be sent to.
+# If left empty, no messages will be sent to Slack.
 #EVENT_EMAIL=admin@localhost.de
 
+# Matrix variables for event notifications.
+# `EVENT_MATRIX_USER_ID` and `EVENT_MATRIX_ROOM_ID` are mandatory.
+# Depending on your Matrix setup, additionally one of
+# `EVENT_MATRIX_ACCESS_TOKEN` or `EVENT_MATRIX_USER_PASSWORD` is needed.
+# If you log in to Matrix with User + Password, you may use `EVENT_MATRIX_USER_PASSWORD`.
+# If you log in via OIDC SSO (or just want to use a session token you can revoke),
+# you should provide `EVENT_MATRIX_ACCESS_TOKEN`.
+# If both are given, the `EVENT_MATRIX_ACCESS_TOKEN` will be preferred.
+#
+# If left empty, no messages will be sent to Slack.
+# Format: `@<user_id>:<server address>`
+#EVENT_MATRIX_USER_ID=
+# Format: `!<random string>:<server address>`
+#EVENT_MATRIX_ROOM_ID=
+#EVENT_MATRIX_ACCESS_TOKEN=
+#EVENT_MATRIX_USER_PASSWORD=
+
+# The Webhook for Slack Notifications.
+# If left empty, no messages will be sent to Slack.
+#EVENT_SLACK_WEBHOOK=
+
+# TODO Matrix
+
 # The notification level for events. Works the same way as a logging level. For instance:
 # 'notice' means send out a notifications for all events with the info level or higher.
 # Possible values:
 # - info
 # - notice
 # - warning
 # - critical
+#
+# default: 'warning'
+EVENT_NOTIFY_LEVEL_EMAIL=warning
+# default: 'notice'
+EVENT_NOTIFY_LEVEL_MATRIX=notice
 # default: 'notice'
-EVENT_NOTIFY_LEVEL=notice
+EVENT_NOTIFY_LEVEL_SLACK=notice
 
 # Define the level from which on events should be persisted inside the database.
 # All events with a lower level will be lost, if there is no active event subscriber.

diff --git a/rauthy-common/src/error_response.rs b/rauthy-common/src/error_response.rs
@@ -16,6 +16,7 @@ use utoipa::ToSchema;
 #[derive(Debug, Clone, Display, PartialEq, Eq, Serialize, Deserialize, ToSchema)]
 pub enum ErrorResponseType {
     BadRequest,
+    Connection,
     CSRFTokenError,
     Database,
     DatabaseIo,

diff --git a/rauthy-main/Cargo.toml b/rauthy-main/Cargo.toml
@@ -40,6 +40,6 @@ webauthn-rs = { workspace = true }
 [dev-dependencies]
 josekit = "0.8"
 pretty_assertions = "1"
-reqwest = { version = "0.11", default-features = false, features = ["json", "rustls-tls"] }
+reqwest = { workspace = true }
 ring = { workspace = true }
 tokio-test = "*"