Merge pull request #103 from sebadob/impl-rauthy-version-checker

Impl rauthy version checker
sebadob · Oct 27, 2023 · aea7794 · aea7794
2 parents a097a5d + c24b1fc
commit aea7794
Show file tree

Hide file tree

Showing 15 changed files with 333 additions and 48 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -48,6 +48,7 @@ rand_core = { version = "0.6", features = ["std"] }
 redhac = "0.8.0"
 regex = "1"
 ring = "0.17"
+semver = { version = "1.0.19", features = ["serde"] }
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 sqlx = { version = "0.7", features = ["macros", "migrate", "postgres", "runtime-tokio", "sqlite", "tls-rustls", "uuid"] }

diff --git a/rauthy-book/src/config/config.md b/rauthy-book/src/config/config.md
@@ -225,9 +225,8 @@ JWK_AUTOROTATE_CRON="0 30 3 1 * * *"
 # The E-Mail address event notifications should be sent to
 #EVENT_EMAIL=admin@localhost.de
 
-# The notification level for events. Works the same way as a 
-# logging level. For instance: 'notice' means send out a 
-# notifications for all events with the info level or higher.
+# The notification level for events. Works the same way as a logging level. For instance:
+# 'notice' means send out a notifications for all events with the info level or higher.
 # Possible values:
 # - info
 # - notice
@@ -236,9 +235,8 @@ JWK_AUTOROTATE_CRON="0 30 3 1 * * *"
 # default: 'notice'
 EVENT_NOTIFY_LEVEL=notice
 
-# Define the level from which on events should be persisted 
-# inside the database. All events with a lower level will be 
-# lost, if there is no active event subscriber.
+# Define the level from which on events should be persisted inside the database.
+# All events with a lower level will be lost, if there is no active event subscriber.
 # Possible values:
 # - info
 # - notice
@@ -247,47 +245,41 @@ EVENT_NOTIFY_LEVEL=notice
 # default: 'info'
 EVENT_PERSIST_LEVEL=info
 
-# Define the number of days when events should be cleaned up 
-# from the database.
+# Define the number of days when events should be cleaned up from the database.
 # default: 31
 EVENT_CLEANUP_DAYS=31
 
-# The level for the generated Event after a new user has been 
-# registered.
+# The level for the generated Event after a new user has been registered.
 # default: info
 EVENT_LEVEL_NEW_USER=info
-# The level for the generated Event after a user has changed 
-# his E-Mail
+# The level for the generated Event after a user has changed his E-Mail
 # default: notice
 EVENT_LEVEL_USER_EMAIL_CHANGE=notice
-# The level for the generated Event after a user has been given 
-# the 'rauthy_admin' role
+# The level for the generated Event after a user has been given the 'rauthy_admin' role
 # default: notice
 EVENT_LEVEL_RAUTHY_ADMIN=notice
+# The level for the generated Event after a new App version has been found
+# default: notice
+EVENT_LEVEL_RAUTHY_VERSION=notice
 # The level for the generated Event after the JWKS has been rotated
 # default: notice
 EVENT_LEVEL_JWKS_ROTATE=notice
-# The level for the generated Event after DB secrets have been 
-# migrated to a new key
+# The level for the generated Event after DB secrets have been migrated to a new key
 # default: notice
 EVENT_LEVEL_SECRETS_MIGRATED=notice
-# The level for the generated Event after a Rauthy instance 
-# has been started
+# The level for the generated Event after a Rauthy instance has been started
 # default: info
 EVENT_LEVEL_RAUTHY_START=info
-# The level for the generated Event after a Rauthy entered a 
-# healthy state (again)
+# The level for the generated Event after a Rauthy entered a healthy state (again)
 # default: notice
 EVENT_LEVEL_RAUTHY_HEALTHY=notice
-# The level for the generated Event after a Rauthy entered an 
-# unhealthy state
+# The level for the generated Event after a Rauthy entered an unhealthy state
 # default: critical
 EVENT_LEVEL_RAUTHY_UNHEALTHY=critical
 # The level for the generated Event after an IP has been blacklisted
 # default: warning
 EVENT_LEVEL_IP_BLACKLISTED=warning
-# The level for the generated Event after certain amounts of 
-# false logins from an IP
+# The level for the generated Event after certain amounts of false logins from an IP
 # default: criticao
 EVENT_LEVEL_FAILED_LOGINS_25=critical
 # default: criticao
@@ -301,6 +293,13 @@ EVENT_LEVEL_FAILED_LOGINS_7=notice
 # default: info
 EVENT_LEVEL_FAILED_LOGIN=info
 
+# If set to 'true', it will disable the app version checker.
+# This is a scheduled task that looks up the latest version periodically
+# by doing a request to the Github API to check the latest release.
+# This ignores any type of prerelease and will only notify for a new stable.
+# default: false
+#DISABLE_APP_VERSION_CHECK=false
+
 #####################################
 ####### LIFETIMES / TIMEOUTS ########
 #####################################

diff --git a/rauthy-common/src/constants.rs b/rauthy-common/src/constants.rs
@@ -33,6 +33,7 @@ pub const CACHE_NAME_POW: &str = "pow";
 pub const CACHE_NAME_WEBAUTHN: &str = "webauthn";
 pub const CACHE_NAME_WEBAUTHN_DATA: &str = "webauthn-data";
 
+pub const IDX_APP_VERSION: &str = "rauthy_app_version";
 pub const IDX_CLIENTS: &str = "clients_";
 pub const IDX_CLIENT_LOGO: &str = "client_logo_";
 pub const IDX_GROUPS: &str = "groups_";

diff --git a/rauthy-main/Cargo.toml b/rauthy-main/Cargo.toml
@@ -25,6 +25,7 @@ rauthy-service = { path = "../rauthy-service" }
 redhac = { workspace = true }
 rustls = "0.21"
 rustls-pemfile = "1"
+semver = { workspace = true }
 serde_json = { workspace = true }
 sqlx = { workspace = true }
 time = { workspace = true }

diff --git a/rauthy-main/src/schedulers.rs b/rauthy-main/src/schedulers.rs
@@ -1,14 +1,18 @@
 use ::time::OffsetDateTime;
 use actix_web::web;
 use chrono::Utc;
-use rauthy_common::constants::{CACHE_NAME_12HR, DB_TYPE, IDX_JWK_KID, OFFLINE_TOKEN_LT};
+use rauthy_common::constants::{
+    CACHE_NAME_12HR, DB_TYPE, IDX_JWK_KID, OFFLINE_TOKEN_LT, RAUTHY_VERSION,
+};
 use rauthy_common::DbType;
 use rauthy_models::app_state::{AppState, DbPool};
 use rauthy_models::email::send_pwd_reset_info;
+use rauthy_models::entity::app_version::LatestAppVersion;
 use rauthy_models::entity::jwk::Jwk;
 use rauthy_models::entity::refresh_tokens::RefreshToken;
 use rauthy_models::entity::sessions::Session;
 use rauthy_models::entity::users::User;
+use rauthy_models::events::event::Event;
 use rauthy_models::migration::backup_db;
 use rauthy_service::auth;
 use redhac::{cache_del, QuorumHealthState, QuorumState};
@@ -19,7 +23,7 @@ use std::str::FromStr;
 use std::time::Duration;
 use tokio::sync::watch::Receiver;
 use tokio::time;
-use tracing::{debug, error, info};
+use tracing::{debug, error, info, warn};
 
 pub async fn scheduler_main(data: web::Data<AppState>) {
     info!("Starting schedulers");
@@ -34,7 +38,8 @@ pub async fn scheduler_main(data: web::Data<AppState>) {
     tokio::spawn(jwks_auto_rotate(data.clone(), rx_health.clone()));
     tokio::spawn(jwks_cleanup(data.clone(), rx_health.clone()));
     tokio::spawn(password_expiry_checker(data.clone(), rx_health.clone()));
-    tokio::spawn(user_expiry_checker(data, rx_health));
+    tokio::spawn(user_expiry_checker(data.clone(), rx_health.clone()));
+    tokio::spawn(app_version_check(data, rx_health));
 }
 
 // Creates a backup of the data store
@@ -494,6 +499,72 @@ pub async fn jwks_cleanup(
     }
 }
 
+pub async fn app_version_check(
+    data: web::Data<AppState>,
+    rx_health: Receiver<Option<QuorumHealthState>>,
+) {
+    let disable = env::var("DISABLE_APP_VERSION_CHECK")
+        .unwrap_or_else(|_| "false".to_string())
+        .parse::<bool>()
+        .expect("Cannot parse DISABLE_APP_VERSION_CHECK to bool");
+    if disable {
+        warn!("The automatic Rauthy version checker is disabled");
+        return;
+    }
+
+    // do a first check shortly after startup to not wait hours on a fresh install
+    tokio::time::sleep(Duration::from_secs(120)).await;
+    check_app_version(&data, &rx_health).await;
+
+    let mut interval = time::interval(Duration::from_secs(3595 * 8));
+    loop {
+        interval.tick().await;
+        check_app_version(&data, &rx_health).await;
+    }
+}
+
+async fn check_app_version(
+    data: &web::Data<AppState>,
+    rx_health: &Receiver<Option<QuorumHealthState>>,
+) {
+    // will return None in a non-HA deployment
+    if let Some(is_ha_leader) = is_ha_leader(rx_health) {
+        if !is_ha_leader {
+            debug!(
+                "Running HA mode without being the leader - skipping app_version_check scheduler"
+            );
+            return;
+        }
+    }
+
+    debug!("Running app_version_check scheduler");
+
+    let (latest_version, url) = match LatestAppVersion::lookup().await {
+        Ok(l) => l,
+        Err(err) => {
+            error!("LatestAppVersion::lookup(): {:?}", err);
+            return;
+        }
+    };
+    let this_version = semver::Version::parse(RAUTHY_VERSION).unwrap();
+
+    if latest_version > this_version && latest_version.pre.is_empty() {
+        info!("A new Rauthy App Version is available: {}", latest_version);
+        let version_url = format!("v{} -> {}", latest_version, url);
+
+        if let Err(err) = LatestAppVersion::upsert(data, latest_version).await {
+            error!("Saving LatestAppVersion into DB: {:?}", err);
+        }
+
+        data.tx_events
+            .send_async(Event::new_rauthy_version(version_url))
+            .await
+            .unwrap();
+    } else {
+        debug!("No new Rauthy App Version available");
+    }
+}
+
 // sleeps until the next scheduled event
 async fn sleep_schedule_next(schedule: &cron::Schedule) {
     // this 10 sec sleep is done to prevent an overlap with the calculation in some cases

diff --git a/rauthy-models/Cargo.toml b/rauthy-models/Cargo.toml
@@ -44,8 +44,9 @@ rand_core = { workspace = true }
 rauthy-common = { path = "../rauthy-common" }
 redhac = { workspace = true }
 regex = { workspace = true }
+reqwest = { version = "0.11", default-features = false, features = ["json", "rustls-tls"] }
 ring = { workspace = true }
-semver = { version = "1.0.19", features = ["serde"] }
+semver = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 sqlx = { workspace = true }
@@ -56,8 +57,6 @@ utoipa = { workspace = true }
 utoipa-swagger-ui = { workspace = true }
 uuid = { version = "1", features = ["serde", "v4"] }
 validator = { workspace = true }
-# danger-allow-state-serialisation is needed to save the state into the DB for HA setup's
-# danger-credential-internals is needed for the feature to optionally force user verification
 webauthn-rs = { workspace = true }
 webauthn-rs-proto = { workspace = true }
 

diff --git a/rauthy-models/src/app_state.rs b/rauthy-models/src/app_state.rs
@@ -368,7 +368,7 @@ impl AppState {
         }
 
         // update the DbVersion after successful pool creation and migrations
-        DbVersion::update(&pool, db_version)
+        DbVersion::upsert(&pool, db_version)
             .await
             .map_err(|err| anyhow::Error::msg(err.message))?;