simple-auth

A little web server providing JWT token for auth user.

Build

cargo build --release

Configuration

Store

The store represents the credentials. For now, this a .txt file with plain passwords. You have to create one like:

# acts as a comment (only on a start line)
<username>:<password>

WARN: the file should have a chmod to 600.

RSA key pair creation

The server uses RS384 signature algorithm (asymmetric). You have to create a private key to sign the token and a public key for the validation:

openssl genrsa -out priv.pem 2048
openssl rsa -in priv.pem -outform PEM -pubout -out pub.pem

WARN: those files must be readable be the server user.

INI file

To start the server correctly, you need to create an .ini file as below:

[server]
url = <ip>:<port>

[store]
path = <store_path>

[jwt]
issuer = <issuer.fr>
private_key = <priv_key_path> 
public_key = <pub_key_path>
expiration_time = 2 # in hours

Run

./simple-auth <ini_path>

curl http://<ip>:<port>/get/ -d '{"username":"<user>", "password":"<password>"}'
# should returned
{"token":"<header>.<payload>.<signature>"}

curl http://<ip>:<port>/validate/ -d '{"token":"<header>.<payload>.<signature>"}'
# should returned (if valid)
{"valid":"true"}

Test

unit tests

cargo test

integration tests

• do the configuration step for your env tests
• set the following env variables:

export SIMPLE_AUTH_URL="http://<url>:<port>"
export SIMPLE_AUTH_PUB_KEY="<path_to_pem_pub_key>" # DO NOT USE THE ONE IN PRODUCTION !

• run the server (if no one is running remotly)
• run curl tests

cd tests/bash/
./curling.bash && echo "passed"

• run python requests tests

# create a python venv
cd tests/python
python3 -m venv venv
source venv/bin/activate

# intall the requirements
pip install -r requirements

# launch the tests
python -m unittest

Documentation

# add the '--open' arg to open the doc on a browser
cargo doc --no-deps