NotificationsYou must be signed in to change notification settings
Fork18
Star99

Commite57d395

committed

Release v1.0.0 of web-bot-auth crates

These include some pretty significant and breaking changes:1. Dependency on `time` library is now required instead of `std::time` for all API users. As a bonus, however, we gain support on Cloudflare Workers as well as removal of a class of errors related to system clocks and `created` / `expires` parsing.2. A number of constructs were removed: `WebBotAuthSignedMessage`, `SignedMessage::fetch_all_signature_headers` and `SignedMessage::fetch_all_signature_inputs`. The library now exposes a single method to look up components to verify.3. `Signature-Agent` can now be parsed as a dictionary, but retains support for being parsed as a raw string.4. It enforces use of `req` parameter in `http-message-dir`. This is in line with the specification, but can break verification of existing sites.These changes are sufficiently breaking enough to justify using semverbump.I also removed the pin to Rust v1.87 in the Github Actions handler. Thisensures we're building against the latest available Rust version.

1 parent274a5d7 commite57d395Copy full SHA for e57d395

File tree

6 files changed

+29

-28

lines changed

.github/workflows
- pullrequest.yml
Cargo.lock
Cargo.toml
README.md
crates
- http-signature-directory/src
  - main.rs
- web-bot-auth/src
  - lib.rs

6 files changed

+29

-28

lines changed

`‎.github/workflows/pullrequest.yml‎`

Lines changed: 1 addition & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ jobs:`
`47`	`47`	`target`
`48`	`48`	`key:${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}`
`49`	`49`	`-name:Set rust toolchain`
`50`		`-run:rustupoverride set 1.87 && rustupcomponent add clippy rustfmt && rustup target add wasm32-unknown-unknown`
	`50`	`+run:rustup component add clippy rustfmt && rustup target add wasm32-unknown-unknown`
`51`	`51`	`-run:cargo fetch`
`52`	`52`	`-run:cargo build --all --verbose --all-features --tests`
`53`	`53`	`-run:cargo build --all --verbose --exclude http-signature-directory --all-features --tests --target wasm32-unknown-unknown`
`@@ -85,8 +85,6 @@ jobs:`
`85`	`85`	`~/.cargo/git`
`86`	`86`	`target`
`87`	`87`	`key:${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}`
`88`		`- -name:Set rust toolchain`
`89`		`-run:rustup override set 1.87`
`90`	`88`	`-run:cargo publish -p web-bot-auth# will fail if we don't bump the version`
`91`	`89`	`continue-on-error:true`
`92`	`90`	`-run:cargo publish -p http-signature-directory# will fail if we don't bump the version`

`‎Cargo.lock‎`

Lines changed: 4 additions & 4 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎Cargo.toml‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ members = [`
`7`	`7`	`resolver ="2"`
`8`	`8`
`9`	`9`	`[workspace.package]`
`10`		`-version ="0.5.1"`
	`10`	`+version ="1.0.0"`
`11`	`11`	`authors = [`
`12`	`12`	`"Akshat Mahajan <akshat@cloudflare.com>",`
`13`	`13`	`"Gauri Baraskar <gbaraskar@cloudflare.com>",`
`@@ -35,4 +35,4 @@ regex = "1.12.2"`
`35`	`35`	`time = {version ="0.3.44" }`
`36`	`36`
`37`	`37`	`# workspace dependencies`
`38`		`-web-bot-auth = {version ="0.5.1",path ="./crates/web-bot-auth" }`
	`38`	`+web-bot-auth = {version ="1.0.0",path ="./crates/web-bot-auth" }`

`‎README.md‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,12 @@ This deployment allows to test your implementation.`
`39`	`39`	\|[Caddy Plugin](./examples/caddy-plugin/)\| Verify RFC 9421`Signature` for every incoming request\|
`40`	`40`	`\|[Rust](./examples/rust/)\| Verify a sample test request\|`
`41`	`41`
	`42`	`+###HTTP Signature Directories`
	`43`	`+`
	`44`	`+\| Example\| Description\|`
	`45`	`+\| :-----------------------------------------------------------------\| :-------------------------------------------------------------\|`
	`46`	`+\|[Cloudflare Workers](./examples/signature-agent-card-and-registry)\| Host a signature directory on Cloudflare Workers, using the[signature agent card and registry](https://datatracker.ietf.org/doc/draft-meunier-webbotauth-registry/) format\|`
	`47`	`+`
`42`	`48`	`##Development`
`43`	`49`
`44`	`50`	`This repository uses[npm](https://docs.npmjs.com/cli/v11/using-npm/workspaces) and[cargo](https://doc.rust-lang.org/book/ch14-03-cargo-workspaces.html) workspaces. There are several packages which it provides:`

`‎crates/http-signature-directory/src/main.rs‎`

Lines changed: 6 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -84,11 +84,11 @@ impl SignedMessage for SignedDirectory<'_> {`
`84`	`84`	`vec![]`
`85`	`85`	`}`
`86`	`86`	`CoveredComponent::HTTP(HTTPField{ name, ..}) =>{`
`87`		`-ifletSome(header) =self.headers.get(name){`
`88`		`-ifletOk(value) = header.to_str(){`
`89`		`-debug!("Found {} for header {}", value, name);`
`90`		`-returnvec![String::from(value)];`
`91`		`-}`
	`87`	`+ifletSome(header) =self.headers.get(name)`
	`88`	`+&&letOk(value) = header.to_str()`
	`89`	`+{`
	`90`	`+debug!("Found {} for header {}",value, name);`
	`91`	`+returnvec![String::from(value)];`
`92`	`92`	`}`
`93`	`93`
`94`	`94`	`debug!("No value for header {:?} found", name);`
`@@ -313,8 +313,7 @@ fn main() -> Result<(), String> {`
`313`	`313`	`.and_then(\|tag\| tag.as_string())`
`314`	`314`	`.is_some_and(\|tag\| tag.as_str() == thumbprint)`
`315`	`315`	`&& innerlist.items.iter().any(\|item\|{`
`316`		`-(*item)`
`317`		`-.bare_item`
	`316`	`+ item.bare_item`
`318`	`317`	`.as_string()`
`319`	`318`	`.is_some_and(\|s\|(*s).as_str() =="@authority")`
`320`	`319`	`})`

`‎crates/web-bot-auth/src/lib.rs‎`

Lines changed: 10 additions & 12 deletions

Original file line number	Diff line number	Diff line change
`@@ -149,13 +149,13 @@ impl WebBotAuthVerifier {`
`149`	`149`
`150`	`150`	`letmut signature_agent_key:Option<String> =None;`
`151`	`151`	`'outer_loop:for(component, _)in message_verifier.parsed.base.components.iter(){`
`152`		`-ifletCoveredComponent::HTTP(HTTPField{ name, parameters}) = component{`
`153`		`-if name =="signature-agent"{`
`154`		`-for parameterin parameters.0.iter(){`
`155`		`-ifletHTTPFieldParameters::Key(key) = parameter{`
`156`		`- signature_agent_key =Some(key.clone());`
`157`		`-break'outer_loop;`
`158`		`-}`
	`152`	`+ifletCoveredComponent::HTTP(HTTPField{ name, parameters}) = component`
	`153`	`+&& name =="signature-agent"`
	`154`	`+{`
	`155`	`+for parameterin parameters.0.iter(){`
	`156`	`+ifletHTTPFieldParameters::Key(key) = parameter{`
	`157`	`+signature_agent_key =Some(key.clone());`
	`158`	`+break'outer_loop;`
`159`	`159`	`}`
`160`	`160`	`}`
`161`	`161`	`}`
`@@ -171,12 +171,10 @@ impl WebBotAuthVerifier {`
`171`	`171`	`let mediatype = url.mime_type();`
`172`	`172`	`if mediatype.type_ =="application"`
`173`	`173`	`&& mediatype.subtype =="http-message-signatures-directory"`
	`174`	`+ &&letOk((body, _)) = url.decode_to_vec()`
	`175`	`+ &&letOk(jwks) = serde_json::from_slice::<JSONWebKeySet>(&body)`
`174`	`176`	`{`
`175`		`-ifletOk((body, _)) = url.decode_to_vec(){`
`176`		`-ifletOk(jwks) = serde_json::from_slice::<JSONWebKeySet>(&body){`
`177`		`-returnSome(SignatureAgentLink::Inline(jwks));`
`178`		`-}`
`179`		`-}`
	`177`	`+returnSome(SignatureAgentLink::Inline(jwks));`
`180`	`178`	`}`
`181`	`179`	`}`
`182`	`180`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commite57d395

File tree

6 files changed

6 files changed

`‎.github/workflows/pullrequest.yml‎`

`‎Cargo.lock‎`

`‎Cargo.toml‎`

`‎README.md‎`

`‎crates/http-signature-directory/src/main.rs‎`

`‎crates/web-bot-auth/src/lib.rs‎`

0 commit comments