├── .codecov.yml ├── .devcontainer ├── .env ├── Dockerfile ├── devcontainer.json └── docker-compose.yml ├── .dockerignore ├── .editorconfig ├── .gitattributes ├── .github ├── dependabot.yml └── workflows │ ├── build.yaml │ ├── ci.yaml │ ├── coverage.yaml │ ├── docs.yaml │ ├── release.yaml │ ├── translations-download.yaml │ └── translations-upload.yaml ├── .gitignore ├── .rustfmt.toml ├── CONTRIBUTING.md ├── Cargo.lock ├── Cargo.toml ├── Dockerfile ├── LICENSE ├── README.md ├── book.toml ├── clippy.toml ├── crates ├── axum-utils │ ├── Cargo.toml │ └── src │ │ ├── client_authorization.rs │ │ ├── cookies.rs │ │ ├── csrf.rs │ │ ├── error_wrapper.rs │ │ ├── fancy_error.rs │ │ ├── http_client_factory.rs │ │ ├── jwt.rs │ │ ├── language_detection.rs │ │ ├── lib.rs │ │ ├── sentry.rs │ │ ├── session.rs │ │ └── user_authorization.rs ├── cli │ ├── Cargo.toml │ └── src │ │ ├── app_state.rs │ │ ├── commands │ │ ├── config.rs │ │ ├── database.rs │ │ ├── debug.rs │ │ ├── doctor.rs │ │ ├── manage.rs │ │ ├── mod.rs │ │ ├── server.rs │ │ ├── templates.rs │ │ └── worker.rs │ │ ├── main.rs │ │ ├── sentry_transport │ │ ├── mod.rs │ │ ├── ratelimit.rs │ │ └── tokio_thread.rs │ │ ├── server.rs │ │ ├── sync.rs │ │ ├── telemetry.rs │ │ └── util.rs ├── config │ ├── Cargo.toml │ └── src │ │ ├── bin │ │ └── schema.rs │ │ ├── lib.rs │ │ ├── schema.rs │ │ ├── sections │ │ ├── account.rs │ │ ├── branding.rs │ │ ├── captcha.rs │ │ ├── clients.rs │ │ ├── database.rs │ │ ├── email.rs │ │ ├── experimental.rs │ │ ├── http.rs │ │ ├── matrix.rs │ │ ├── mod.rs │ │ ├── passwords.rs │ │ ├── policy.rs │ │ ├── rate_limiting.rs │ │ ├── secrets.rs │ │ ├── telemetry.rs │ │ ├── templates.rs │ │ └── upstream_oauth2.rs │ │ └── util.rs ├── data-model │ ├── Cargo.toml │ ├── examples │ │ └── ua-parser.rs │ └── src │ │ ├── compat │ │ ├── device.rs │ │ ├── mod.rs │ │ ├── session.rs │ │ └── sso_login.rs │ │ ├── lib.rs │ │ ├── oauth2 │ │ ├── authorization_grant.rs │ │ ├── client.rs │ │ ├── device_code_grant.rs │ │ ├── mod.rs │ │ └── session.rs │ │ ├── site_config.rs │ │ ├── tokens.rs │ │ ├── upstream_oauth2 │ │ ├── link.rs │ │ ├── mod.rs │ │ ├── provider.rs │ │ └── session.rs │ │ ├── user_agent.rs │ │ └── users.rs ├── email │ ├── Cargo.toml │ └── src │ │ ├── lib.rs │ │ ├── mailer.rs │ │ └── transport.rs ├── handlers │ ├── Cargo.toml │ └── src │ │ ├── activity_tracker │ │ ├── bound.rs │ │ ├── mod.rs │ │ └── worker.rs │ │ ├── admin │ │ ├── call_context.rs │ │ ├── mod.rs │ │ ├── model.rs │ │ ├── params.rs │ │ ├── response.rs │ │ ├── schema.rs │ │ └── v1 │ │ │ ├── mod.rs │ │ │ ├── oauth2_sessions │ │ │ ├── get.rs │ │ │ ├── list.rs │ │ │ └── mod.rs │ │ │ └── users │ │ │ ├── add.rs │ │ │ ├── by_username.rs │ │ │ ├── deactivate.rs │ │ │ ├── get.rs │ │ │ ├── list.rs │ │ │ ├── lock.rs │ │ │ ├── mod.rs │ │ │ ├── set_admin.rs │ │ │ ├── set_password.rs │ │ │ └── unlock.rs │ │ ├── bin │ │ ├── api-schema.rs │ │ └── graphql-schema.rs │ │ ├── captcha.rs │ │ ├── compat │ │ ├── login.rs │ │ ├── login_sso_complete.rs │ │ ├── login_sso_redirect.rs │ │ ├── logout.rs │ │ ├── mod.rs │ │ └── refresh.rs │ │ ├── graphql │ │ ├── mod.rs │ │ ├── model │ │ │ ├── browser_sessions.rs │ │ │ ├── compat_sessions.rs │ │ │ ├── cursor.rs │ │ │ ├── matrix.rs │ │ │ ├── mod.rs │ │ │ ├── node.rs │ │ │ ├── oauth.rs │ │ │ ├── site_config.rs │ │ │ ├── upstream_oauth.rs │ │ │ ├── users.rs │ │ │ └── viewer │ │ │ │ ├── anonymous.rs │ │ │ │ └── mod.rs │ │ ├── mutations │ │ │ ├── browser_session.rs │ │ │ ├── compat_session.rs │ │ │ ├── matrix.rs │ │ │ ├── mod.rs │ │ │ ├── oauth2_session.rs │ │ │ ├── user.rs │ │ │ └── user_email.rs │ │ ├── query │ │ │ ├── mod.rs │ │ │ ├── session.rs │ │ │ ├── upstream_oauth.rs │ │ │ ├── user.rs │ │ │ └── viewer.rs │ │ ├── state.rs │ │ └── tests.rs │ │ ├── health.rs │ │ ├── lib.rs │ │ ├── oauth2 │ │ ├── authorization │ │ │ ├── callback.rs │ │ │ ├── complete.rs │ │ │ └── mod.rs │ │ ├── consent.rs │ │ ├── device │ │ │ ├── authorize.rs │ │ │ ├── consent.rs │ │ │ ├── link.rs │ │ │ └── mod.rs │ │ ├── discovery.rs │ │ ├── introspection.rs │ │ ├── keys.rs │ │ ├── mod.rs │ │ ├── registration.rs │ │ ├── revoke.rs │ │ ├── token.rs │ │ ├── userinfo.rs │ │ └── webfinger.rs │ │ ├── passwords.rs │ │ ├── preferred_language.rs │ │ ├── rate_limit.rs │ │ ├── snapshots │ │ ├── mas_handlers__passwords__tests__hash_verify_and_upgrade-2.snap │ │ ├── mas_handlers__passwords__tests__hash_verify_and_upgrade-3.snap │ │ ├── mas_handlers__passwords__tests__hash_verify_and_upgrade.snap │ │ ├── mas_handlers__passwords__tests__hashing_argon2id-2.snap │ │ ├── mas_handlers__passwords__tests__hashing_argon2id.snap │ │ ├── mas_handlers__passwords__tests__hashing_bcrypt-2.snap │ │ ├── mas_handlers__passwords__tests__hashing_bcrypt.snap │ │ ├── mas_handlers__passwords__tests__hashing_pbkdf2-2.snap │ │ └── mas_handlers__passwords__tests__hashing_pbkdf2.snap │ │ ├── test_utils.rs │ │ ├── upstream_oauth2 │ │ ├── authorize.rs │ │ ├── cache.rs │ │ ├── callback.rs │ │ ├── cookie.rs │ │ ├── link.rs │ │ ├── mod.rs │ │ └── template.rs │ │ └── views │ │ ├── account │ │ ├── emails │ │ │ ├── add.rs │ │ │ ├── mod.rs │ │ │ └── verify.rs │ │ └── mod.rs │ │ ├── app.rs │ │ ├── index.rs │ │ ├── login.rs │ │ ├── logout.rs │ │ ├── mod.rs │ │ ├── reauth.rs │ │ ├── recovery │ │ ├── mod.rs │ │ ├── progress.rs │ │ └── start.rs │ │ ├── register.rs │ │ └── shared.rs ├── http │ ├── Cargo.toml │ ├── src │ │ ├── client.rs │ │ ├── ext.rs │ │ ├── layers │ │ │ ├── body_to_bytes_response.rs │ │ │ ├── bytes_to_body_request.rs │ │ │ ├── catch_http_codes.rs │ │ │ ├── client.rs │ │ │ ├── form_urlencoded_request.rs │ │ │ ├── json_request.rs │ │ │ ├── json_response.rs │ │ │ └── mod.rs │ │ ├── lib.rs │ │ └── service.rs │ └── tests │ │ └── client_layers.rs ├── i18n-scan │ ├── Cargo.toml │ └── src │ │ ├── key.rs │ │ ├── main.rs │ │ └── minijinja.rs ├── i18n │ ├── Cargo.toml │ ├── src │ │ ├── lib.rs │ │ ├── sprintf │ │ │ ├── argument.rs │ │ │ ├── formatter.rs │ │ │ ├── grammar.pest │ │ │ ├── message.rs │ │ │ ├── mod.rs │ │ │ └── parser.rs │ │ ├── translations.rs │ │ └── translator.rs │ └── test_data │ │ ├── en-US.json │ │ ├── en.json │ │ └── fr.json ├── iana-codegen │ ├── Cargo.toml │ └── src │ │ ├── gen.rs │ │ ├── jose.rs │ │ ├── main.rs │ │ ├── oauth.rs │ │ └── traits.rs ├── iana │ ├── Cargo.toml │ └── src │ │ ├── jose.rs │ │ ├── lib.rs │ │ └── oauth.rs ├── jose │ ├── Cargo.toml │ ├── src │ │ ├── base64.rs │ │ ├── claims.rs │ │ ├── constraints.rs │ │ ├── jwa │ │ │ ├── asymmetric.rs │ │ │ ├── hmac.rs │ │ │ ├── mod.rs │ │ │ ├── signature.rs │ │ │ └── symmetric.rs │ │ ├── jwk │ │ │ ├── mod.rs │ │ │ ├── private_parameters.rs │ │ │ └── public_parameters.rs │ │ ├── jwt │ │ │ ├── header.rs │ │ │ ├── mod.rs │ │ │ ├── raw.rs │ │ │ └── signed.rs │ │ └── lib.rs │ └── tests │ │ ├── generate.py │ │ ├── jws.rs │ │ ├── jwts │ │ ├── eddsa-ed25519.jwt │ │ ├── eddsa-ed448.jwt │ │ ├── es256.jwt │ │ ├── es256k.jwt │ │ ├── es384.jwt │ │ ├── es512.jwt │ │ ├── hs256.jwt │ │ ├── hs384.jwt │ │ ├── hs512.jwt │ │ ├── ps256.jwt │ │ ├── ps384.jwt │ │ ├── ps512.jwt │ │ ├── rs256.jwt │ │ ├── rs384.jwt │ │ └── rs512.jwt │ │ ├── keys │ │ ├── ed25519.priv.pem │ │ ├── ed25519.pub.pem │ │ ├── ed448.priv.pem │ │ ├── ed448.pub.pem │ │ ├── jwks.priv.json │ │ ├── jwks.pub.json │ │ ├── k256.priv.pem │ │ ├── k256.pub.pem │ │ ├── oct.bin │ │ ├── p256.priv.pem │ │ ├── p256.pub.pem │ │ ├── p384.priv.pem │ │ ├── p384.pub.pem │ │ ├── p521.priv.pem │ │ ├── p521.pub.pem │ │ ├── rsa.priv.pem │ │ └── rsa.pub.pem │ │ └── snapshots │ │ ├── jws__es256__sign_jwt.snap │ │ ├── jws__es256k__sign_jwt.snap │ │ ├── jws__es384__sign_jwt.snap │ │ ├── jws__ps256__sign_jwt.snap │ │ ├── jws__ps384__sign_jwt.snap │ │ ├── jws__ps512__sign_jwt.snap │ │ ├── jws__rs256__sign_jwt.snap │ │ ├── jws__rs384__sign_jwt.snap │ │ └── jws__rs512__sign_jwt.snap ├── keystore │ ├── Cargo.toml │ ├── src │ │ ├── encrypter.rs │ │ └── lib.rs │ └── tests │ │ ├── generate.sh │ │ ├── keys │ │ ├── ec-k256.pkcs8.der │ │ ├── ec-k256.pkcs8.encrypted.der │ │ ├── ec-k256.pkcs8.encrypted.pem │ │ ├── ec-k256.pkcs8.pem │ │ ├── ec-k256.sec1.der │ │ ├── ec-k256.sec1.pem │ │ ├── ec-p256.pkcs8.der │ │ ├── ec-p256.pkcs8.encrypted.der │ │ ├── ec-p256.pkcs8.encrypted.pem │ │ ├── ec-p256.pkcs8.pem │ │ ├── ec-p256.sec1.der │ │ ├── ec-p256.sec1.pem │ │ ├── ec-p384.pkcs8.der │ │ ├── ec-p384.pkcs8.encrypted.der │ │ ├── ec-p384.pkcs8.encrypted.pem │ │ ├── ec-p384.pkcs8.pem │ │ ├── ec-p384.sec1.der │ │ ├── ec-p384.sec1.pem │ │ ├── ec256.pkcs8.encrypted.pem │ │ ├── rsa.pkcs1.der │ │ ├── rsa.pkcs1.pem │ │ ├── rsa.pkcs8.der │ │ ├── rsa.pkcs8.encrypted.der │ │ ├── rsa.pkcs8.encrypted.pem │ │ └── rsa.pkcs8.pem │ │ ├── keystore.rs │ │ └── snapshots │ │ ├── keystore__generate_sign_and_verify-2.snap │ │ ├── keystore__generate_sign_and_verify-3.snap │ │ ├── keystore__generate_sign_and_verify-4.snap │ │ ├── keystore__generate_sign_and_verify-5.snap │ │ ├── keystore__generate_sign_and_verify.snap │ │ ├── keystore__jwt_ES256.snap │ │ ├── keystore__jwt_ES256K.snap │ │ ├── keystore__jwt_ES384.snap │ │ ├── keystore__jwt_PS256.snap │ │ ├── keystore__jwt_PS384.snap │ │ ├── keystore__jwt_PS512.snap │ │ ├── keystore__jwt_RS256.snap │ │ ├── keystore__jwt_RS384.snap │ │ └── keystore__jwt_RS512.snap ├── listener │ ├── Cargo.toml │ ├── examples │ │ └── demo │ │ │ ├── certs │ │ │ ├── ca-key.pem │ │ │ ├── ca.csr │ │ │ ├── ca.json │ │ │ ├── ca.pem │ │ │ ├── client-key.pem │ │ │ ├── client.csr │ │ │ ├── client.json │ │ │ ├── client.pem │ │ │ ├── config.json │ │ │ ├── gen.sh │ │ │ ├── server-key.pem │ │ │ ├── server.csr │ │ │ ├── server.json │ │ │ └── server.pem │ │ │ └── main.rs │ └── src │ │ ├── lib.rs │ │ ├── maybe_tls.rs │ │ ├── proxy_protocol │ │ ├── acceptor.rs │ │ ├── maybe.rs │ │ ├── mod.rs │ │ └── v1.rs │ │ ├── rewind.rs │ │ ├── server.rs │ │ ├── shutdown.rs │ │ └── unix_or_tcp.rs ├── matrix-synapse │ ├── Cargo.toml │ └── src │ │ ├── error.rs │ │ └── lib.rs ├── matrix │ ├── Cargo.toml │ └── src │ │ ├── lib.rs │ │ └── mock.rs ├── oauth2-types │ ├── Cargo.toml │ └── src │ │ ├── errors.rs │ │ ├── lib.rs │ │ ├── oidc.rs │ │ ├── pkce.rs │ │ ├── registration │ │ ├── client_metadata_serde.rs │ │ └── mod.rs │ │ ├── requests.rs │ │ ├── response_type.rs │ │ ├── scope.rs │ │ ├── test_utils.rs │ │ └── webfinger.rs ├── oidc-client │ ├── Cargo.toml │ ├── src │ │ ├── error.rs │ │ ├── http_service.rs │ │ ├── lib.rs │ │ ├── requests │ │ │ ├── account_management.rs │ │ │ ├── authorization_code.rs │ │ │ ├── client_credentials.rs │ │ │ ├── discovery.rs │ │ │ ├── introspection.rs │ │ │ ├── jose.rs │ │ │ ├── mod.rs │ │ │ ├── refresh_token.rs │ │ │ ├── registration.rs │ │ │ ├── revocation.rs │ │ │ ├── rp_initiated_logout.rs │ │ │ ├── token.rs │ │ │ └── userinfo.rs │ │ ├── types │ │ │ ├── client_credentials.rs │ │ │ ├── mod.rs │ │ │ └── scope.rs │ │ └── utils │ │ │ └── mod.rs │ └── tests │ │ └── it │ │ ├── main.rs │ │ ├── requests │ │ ├── account_management.rs │ │ ├── authorization_code.rs │ │ ├── client_credentials.rs │ │ ├── discovery.rs │ │ ├── introspection.rs │ │ ├── jose.rs │ │ ├── mod.rs │ │ ├── refresh_token.rs │ │ ├── registration.rs │ │ ├── revocation.rs │ │ ├── rp_initiated_logout.rs │ │ └── userinfo.rs │ │ └── types │ │ ├── client_credentials.rs │ │ └── mod.rs ├── policy │ ├── Cargo.toml │ └── src │ │ ├── bin │ │ └── schema.rs │ │ ├── lib.rs │ │ └── model.rs ├── router │ ├── Cargo.toml │ └── src │ │ ├── endpoints.rs │ │ ├── lib.rs │ │ ├── traits.rs │ │ └── url_builder.rs ├── spa │ ├── Cargo.toml │ └── src │ │ ├── lib.rs │ │ └── vite.rs ├── storage-pg │ ├── .sqlx │ │ ├── query-015f7ad7c8d5403ce4dfb71d598fd9af472689d5aef7c1c4b1c594ca57c02237.json │ │ ├── query-036e9e2cb7271782e48700fecd3fdd80f596ed433f37f2528c7edbdc88b13646.json │ │ ├── query-037fae6964130343453ef607791c4c3deaa01b5aaa091d3a3487caf3e2634daf.json │ │ ├── query-03eee34f05df9c79f8ca5bfb1af339b3fcea95ba59395106318366a6ef432d85.json │ │ ├── query-047990a99794b565c2cad396946299db5b617f52f6c24bcca0a24c0c185c4478.json │ │ ├── query-048eec775f4af3ffd805e830e8286c6a5745e523b76e1083d6bfced0035c2f76.json │ │ ├── query-0d892dc8589ba54bb886972b6db00eaf7e41ff0db98fabdff5dcba0a7aa4e77d.json │ │ ├── query-100c6cfa46133f3b196b00ccf8f33ba0bcb4bb1afc1985092dd8ec51b40f631a.json │ │ ├── query-1764715e59f879f6b917ca30f8e3c1de5910c7a46e7fe52d1fb3bfd5561ac320.json │ │ ├── query-1787a5e86b60f57295fe5111259a29ffb15aa31e707cb7f2ad4269d125f6d8c9.json │ │ ├── query-1919d402fd6f148d14417f633be3353004f458c85f7b4f361802f86651900fbc.json │ │ ├── query-1a8701f5672de052bb766933f60b93249acc7237b996e8b93cd61b9f69c902ff.json │ │ ├── query-1b547552eed4128f2227c681ff2d45586cdb0c20b98393f89036fbf0f1d2dee2.json │ │ ├── query-1d372f36c382ab16264cea54537af3544ea6d6d75d10b432b07dbd0dadd2fa4e.json │ │ ├── query-1dbc50cdab36da307c569891ab7b1ab4aaf128fed6be67ca0f139d697614c63b.json │ │ ├── query-1eb829460407fca22b717b88a1a0a9b7b920d807a4b6c235e1bee524cd73b266.json │ │ ├── query-1f131aa966a4358d83e7247d3e30451f8bcf5df20faf46a4a4c0d4a36d1ff173.json │ │ ├── query-1f6297fb323e9f2fbfa1c9e3225c0b3037c8c4714533a6240c62275332aa58dc.json │ │ ├── query-22896e8f2a002f307089c3e0f9ee561e6521c45ce07d3a42411984c9a6b75fdc.json │ │ ├── query-2564bf6366eb59268c41fb25bb40d0e4e9e1fd1f9ea53b7a359c9025d7304223.json │ │ ├── query-29148548d592046f7d711676911e3847e376e443ccd841f76b17a81f53fafc3a.json │ │ ├── query-2a0d8d70d21afa9a2c9c1c432853361bb85911c48f7db6c3873b0f5abf35940b.json │ │ ├── query-2ee26886c56f04cd53d4c0968f5cf0963f92b6d15e6af0e69378a6447dee677c.json │ │ ├── query-359a00f6667b5b1fef616b0c18e11eb91698aa1f2d5d146cffbb7aea8d77467b.json │ │ ├── query-3d66f3121b11ce923b9c60609b510a8ca899640e78cc8f5b03168622928ffe94.json │ │ ├── query-4187907bfc770b2c76f741671d5e672f5c35eed7c9a9e57ff52888b1768a5ed6.json │ │ ├── query-4192c1144c0ea530cf1aa77993a38e94cd5cf8b5c42cb037efb7917c6fc44a1d.json │ │ ├── query-423e6aa88e0b8a01a90e108107a3d3998418fa43638b6510f28b56a2d6952222.json │ │ ├── query-432e199b0d47fe299d840c91159726c0a4f89f65b4dc3e33ddad58aabf6b148b.json │ │ ├── query-446a8d7bd8532a751810401adfab924dc20785c91770ed43d62df2e590e8da71.json │ │ ├── query-477f79556e5777b38feb85013b4f04dbb8230e4b0b0bcc45f669d7b8d0b91db4.json │ │ ├── query-478f0ad710da8bfd803c6cddd982bc504d1b6bd0f5283de53c8c7b1b4b7dafd4.json │ │ ├── query-496813daf6f8486353e7f509a64362626daebb0121c3c9420b96e2d8157f1e07.json │ │ ├── query-4c2064fed8fa464ea3d2a1258fb0544dbf1493cad31a21c0cd7ddb57ed12de16.json │ │ ├── query-4d79ce892e4595edb8b801e94fb0cbef28facdfd2e45d1c72c57f47418fbe24b.json │ │ ├── query-51b204376c63671a47b73ee8b3f8e669f90933f7e81ba744dca88d6bb94bf96a.json │ │ ├── query-5236305c49b1ee99a00e32df3727ebe97b523b6836e1696d8b8e2a0ef70bfa44.json │ │ ├── query-53ad718642644b47a2d49f768d81bd993088526923769a9147281686c2d47591.json │ │ ├── query-55bc51efddf7a1cf06610fdb20d46beca29964733338ea4fec2a29393f031c4f.json │ │ ├── query-5a2e9b5002c1927c0035c22e393172b36ab46a4377b46618205151ea041886d5.json │ │ ├── query-5b697dd7834d33ec55972d3ba43d25fe794bc0b69c5938275711faa7a80b811f.json │ │ ├── query-5d9f3d47ce6164b3f81aa09ef4fd8d5cd070945fd497d209ac1df99abcfb7c5d.json │ │ ├── query-5f6b7e38ef9bc3b39deabba277d0255fb8cfb2adaa65f47b78a8fac11d8c91c3.json │ │ ├── query-5fe1bb569d13a7d3ff22887b3fc5b76ff901c183b314f8ccb5018d70c516abf6.json │ │ ├── query-607262ccf28b672df51e4e5d371e5cc5119a7d6e7fe784112703c0406f28300f.json │ │ ├── query-608366f45ecaf392ab69cddb12252b5efcc103c3383fa68b552295e2289d1f55.json │ │ ├── query-64e6ea47c2e877c1ebe4338d64d9ad8a6c1c777d1daea024b8ca2e7f0dd75b0f.json │ │ ├── query-67ab838035946ddc15b43dd2f79d10b233d07e863b3a5c776c5db97cff263c8c.json │ │ ├── query-689ffbfc5137ec788e89062ad679bbe6b23a8861c09a7246dc1659c28f12bf8d.json │ │ ├── query-6a3b543ec53ce242866d1e84de26728e6dd275cae745f9c646e3824d859c5384.json │ │ ├── query-6e21e7d816f806da9bb5176931bdb550dee05c44c9d93f53df95fe3b4a840347.json │ │ ├── query-6f97b5f9ad0d4d15387150bea3839fb7f81015f7ceef61ecaadba64521895cff.json │ │ ├── query-755f62d0a3a40acc90037371339a8459736fdd4bbffd932f7930d847f2c3ef5d.json │ │ ├── query-75a62d170e4c959a14c5698f1da983113e7d1bc565d01e85c158856abb17ddc6.json │ │ ├── query-77dfa9fae1a9c77b70476d7da19d3313a02886994cfff0690451229fb5ae2f77.json │ │ ├── query-7ce387b1b0aaf10e72adde667b19521b66eaafa51f73bf2f95e38b8f3b64a229.json │ │ ├── query-7f4c4634ada4dc2745530dcca8eee92abf78dfbdf1a25e58a2bc9c14be8035f0.json │ │ ├── query-8275a440640ea28fd8f82e7df672e45a6eba981a0d621665ed8f8b60354b3389.json │ │ ├── query-89041298e272d15c21e2b7127bd16c5a4f48e2be87dc26e9d0e3a932c9c49dfb.json │ │ ├── query-8acbdc892d44efb53529da1c2df65bea6b799a43cf4c9264a37d392847e6eff0.json │ │ ├── query-8b7297c263336d70c2b647212b16f7ae39bc5cb1572e3a2dcfcd67f196a1fa39.json │ │ ├── query-90b5512c0c9dc3b3eb6500056cc72f9993216d9b553c2e33a7edec26ffb0fc59.json │ │ ├── query-90fe32cb9c88a262a682c0db700fef7d69d6ce0be1f930d9f16c50b921a8b819.json │ │ ├── query-91a3ee5ad64a947b7807a590f6b014c6856229918b972b98946f98b75686ab6c.json │ │ ├── query-921d77c194609615a7e9a6fd806e9cc17a7927e3e5deb58f3917ceeb9ab4dede.json │ │ ├── query-92c8eb526fcc5de6874eb0fab1d71fb1ed3dafe2bd1a49aa72e4f4862931c6c2.json │ │ ├── query-92fb511938dff21e5e0f7800c742b852b8c4468d1770c4cbc0b51611ce50e922.json │ │ ├── query-9348d87f9e06b614c7e90bdc93bcf38236766aaf4d894bf768debdff2b59fae2.json │ │ ├── query-94fd96446b237c87bd6bf741f3c42b37ee751b87b7fcc459602bdf8c46962443.json │ │ ├── query-9a6c197ff4ad80217262d48f8792ce7e16bc5df0677c7cd4ecb4fdbc5ee86395.json │ │ ├── query-9aa8fa3a6277f67b2bf5a5ea5429a61e7997ff4f3e8d0dc772448a1f97e1e390.json │ │ ├── query-9c9c65d4ca6847761d8f999253590082672b3782875cf3f5ba0b2f9d26e3a507.json │ │ ├── query-9e6e639be74654bb5a9e6a978b7b07d6d59a22c876f24dd92eb43917259934fd.json │ │ ├── query-9f7bdc034c618e47e49c467d0d7f5b8c297d055abe248cc876dbc12c5a7dc920.json │ │ ├── query-a2f7433f06fb4f6a7ad5ac6c1db18705276bce41e9b19d5d7e910ad4b767fb5e.json │ │ ├── query-a300fe99c95679c5664646a6a525c0491829e97db45f3234483872ed38436322.json │ │ ├── query-a40531c4c2b0cbf8cd968f72dfbeed00df0e6a9689195ee8c4f83f8ccbe59748.json │ │ ├── query-a6fa7811d0a7c62c7cccff96dc82db5b25462fa7669fde1941ccab4712585b20.json │ │ ├── query-a7f780528882a2ae66c45435215763eed0582264861436eab3f862e3eb12cab1.json │ │ ├── query-ab34912b42a48a8b5c8d63e271b99b7d0b690a2471873c6654b1b6cf2079b95c.json │ │ ├── query-afa86e79e3de2a83265cb0db8549d378a2f11b2a27bbd86d60558318c87eb698.json │ │ ├── query-aff08a8caabeb62f4929e6e901e7ca7c55e284c18c5c1d1e78821dd9bc961412.json │ │ ├── query-b515bbfb331e46acd3c0219f09223cc5d8d31cb41287e693dcb82c6e199f7991.json │ │ ├── query-b6a6f5386dc89e4bc2ce56d578a29341848fce336d339b6bbf425956f5ed5032.json │ │ ├── query-b700dc3f7d0f86f4904725d8357e34b7e457f857ed37c467c314142877fd5367.json │ │ ├── query-b9875a270f7e753e48075ccae233df6e24a91775ceb877735508c1d5b2300d64.json │ │ ├── query-b992283a9b43cbb8f86149f3f55cb47fb628dabd8fadc50e6a5772903f851e1c.json │ │ ├── query-bb141d28c0c82244f31d542038c314d05ceb3a7b8f35397c0faef3b36d2d14a7.json │ │ ├── query-bb6f55a4cc10bec8ec0fc138485f6b4d308302bb1fa3accb12932d1e5ce457e9.json │ │ ├── query-bbf62633c561706a762089bbab2f76a9ba3e2ed3539ef16accb601fb609c2ec9.json │ │ ├── query-bd1f6daa5fa1b10250c01f8b3fbe451646a9ceeefa6f72b9c4e29b6d05f17641.json │ │ ├── query-c0ed9d70e496433d8686a499055d8a8376459109b6154a2c0c13b28462afa523.json │ │ ├── query-c29fa41743811a6ac3a9b952b6ea75d18e914f823902587b63c9f295407144b1.json │ │ ├── query-c5e7dbb22488aca427b85b3415bd1f1a1766ff865f2e08a5daa095d2a1ccbd56.json │ │ ├── query-c984ae0496d0bd7520ee3d6761ce6a4f61a6a2001b597e4c63ba4588ec5cf530.json │ │ ├── query-cf1273b8aaaccedeb212a971d5e8e0dd23bfddab0ec08ee192783e103a1c4766.json │ │ ├── query-d0b403e9c843ef19fa5ad60bec32ebf14a1ba0d01681c3836366d3f55e7851f4.json │ │ ├── query-d26e42d9fd2b2ee3cf9702c1666d83e7cffa26b320ae1442c7f3e22376c4a4ee.json │ │ ├── query-d7a0e4fa2f168976505405c7e7800847f3379f7b57c0972659a35bfb68b0f6cd.json │ │ ├── query-d83421d4a16f4ad084dd0db5abb56d3688851c36a48a50aa6104e8291e73630d.json │ │ ├── query-dbf4be84eeff9ea51b00185faae2d453ab449017ed492bf6711dc7fceb630880.json │ │ ├── query-dd16942318bf38d9a245b2c86fedd3cbd6b65e7a13465552d79cd3c022122fd4.json │ │ ├── query-ddb22dd9ae9367af65a607e1fdc48b3d9581d67deea0c168f24e02090082bb82.json │ │ ├── query-e35d56de7136d43d0803ec825b0612e4185cef838f105d66f18cb24865e45140.json │ │ ├── query-e602a7c76386f732de686694257e03f35c18643c91a06f9c4a3fa0a5f103df58.json │ │ ├── query-e68a7084d44462d19f30902d7e6c1bd60bb771c6f075df15ab0137a7ffc896da.json │ │ ├── query-e6dc63984aced9e19c20e90e9cd75d6f6d7ade64f782697715ac4da077b2e1fc.json │ │ ├── query-e709869c062ac50248b1f9f8f808cc2f5e7bef58a6c2e42a7bb0c1cb8f508671.json │ │ ├── query-f41f76c94cd68fca2285b1cc60f426603c84df4ef1c6ce5dc441a63d2dc46f6e.json │ │ └── query-f46e87bbb149b35e1d13b2b3cd2bdeab3c28a56a395f52f001a7bb013a5dfece.json │ ├── Cargo.toml │ ├── build.rs │ ├── migrations │ │ ├── 20220530084123_jobs_workers.sql │ │ ├── 20221018142001_init.sql │ │ ├── 20221121151402_upstream_oauth.sql │ │ ├── 20221213145242_password_schemes.sql │ │ ├── 20230408234928_add_get_jobs_fn_.sql │ │ ├── 20230616093555_compat_admin_flag.sql │ │ ├── 20230621140528_upstream_oauth_claims_imports.sql │ │ ├── 20230626130338_oauth_clients_static.sql │ │ ├── 20230728154304_user_lock.sql │ │ ├── 20230823125247_drop_apalis_push_job.sql │ │ ├── 20230828085439_oauth2_clients_more_fields.sql │ │ ├── 20230828143553_user_session_authentication_source.sql │ │ ├── 20230829092920_oauth2_sessions_user_id_scope_list.sql │ │ ├── 20230829141928_user_session_user_agent.sql │ │ ├── 20230904135550_oauth2_client_credentials_grant.sql │ │ ├── 20230911091636_oauth2_token_expiration.sql │ │ ├── 20230919155444_record_session_last_activity.sql │ │ ├── 20231009142904_user_can_request_admin.sql │ │ ├── 20231116104353_upstream_oauth_overrides.sql │ │ ├── 20231120110559_upstream_oauth_branding.sql │ │ ├── 20231207090532_oauth_device_code_grant.sql │ │ ├── 20231208155602_oauth_clients_device_code_grant.sql │ │ ├── 20240207100003_user_terms.sql │ │ ├── 20240220141353_nonunique_compat_device_id.sql │ │ ├── 20240220150201_compat_sessions_user_sessions_link.sql │ │ ├── 20240221164945_sessions_user_agent.sql │ │ ├── 20240301091201_upstream_oauth_additional_parameters.sql │ │ ├── 20240402084854_upstream_oauth_disabled_at.sql │ │ ├── 20240621080509_user_recovery.sql │ │ └── 20240718075125_sessions_active_index.sql │ └── src │ │ ├── app_session.rs │ │ ├── compat │ │ ├── access_token.rs │ │ ├── mod.rs │ │ ├── refresh_token.rs │ │ ├── session.rs │ │ └── sso_login.rs │ │ ├── errors.rs │ │ ├── filter.rs │ │ ├── iden.rs │ │ ├── job.rs │ │ ├── lib.rs │ │ ├── oauth2 │ │ ├── access_token.rs │ │ ├── authorization_grant.rs │ │ ├── client.rs │ │ ├── device_code_grant.rs │ │ ├── mod.rs │ │ ├── refresh_token.rs │ │ └── session.rs │ │ ├── pagination.rs │ │ ├── repository.rs │ │ ├── tracing.rs │ │ ├── upstream_oauth2 │ │ ├── link.rs │ │ ├── mod.rs │ │ ├── provider.rs │ │ └── session.rs │ │ └── user │ │ ├── email.rs │ │ ├── mod.rs │ │ ├── password.rs │ │ ├── recovery.rs │ │ ├── session.rs │ │ ├── terms.rs │ │ └── tests.rs ├── storage │ ├── Cargo.toml │ └── src │ │ ├── app_session.rs │ │ ├── clock.rs │ │ ├── compat │ │ ├── access_token.rs │ │ ├── mod.rs │ │ ├── refresh_token.rs │ │ ├── session.rs │ │ └── sso_login.rs │ │ ├── job.rs │ │ ├── lib.rs │ │ ├── oauth2 │ │ ├── access_token.rs │ │ ├── authorization_grant.rs │ │ ├── client.rs │ │ ├── device_code_grant.rs │ │ ├── mod.rs │ │ ├── refresh_token.rs │ │ └── session.rs │ │ ├── pagination.rs │ │ ├── repository.rs │ │ ├── upstream_oauth2 │ │ ├── link.rs │ │ ├── mod.rs │ │ ├── provider.rs │ │ └── session.rs │ │ ├── user │ │ ├── email.rs │ │ ├── mod.rs │ │ ├── password.rs │ │ ├── recovery.rs │ │ ├── session.rs │ │ └── terms.rs │ │ └── utils.rs ├── tasks │ ├── Cargo.toml │ └── src │ │ ├── database.rs │ │ ├── email.rs │ │ ├── lib.rs │ │ ├── matrix.rs │ │ ├── recovery.rs │ │ ├── storage │ │ ├── from_row.rs │ │ ├── mod.rs │ │ └── postgres.rs │ │ ├── user.rs │ │ └── utils.rs ├── templates │ ├── Cargo.toml │ └── src │ │ ├── context.rs │ │ ├── context │ │ ├── branding.rs │ │ ├── captcha.rs │ │ ├── ext.rs │ │ └── features.rs │ │ ├── forms.rs │ │ ├── functions.rs │ │ ├── lib.rs │ │ └── macros.rs └── tower │ ├── Cargo.toml │ └── src │ ├── lib.rs │ ├── metrics │ ├── duration.rs │ ├── in_flight.rs │ ├── make_attributes.rs │ └── mod.rs │ ├── trace_context.rs │ ├── tracing │ ├── enrich_span.rs │ ├── future.rs │ ├── layer.rs │ ├── make_span.rs │ ├── mod.rs │ └── service.rs │ └── utils.rs ├── deny.toml ├── docker-bake.hcl ├── docs ├── README.md ├── SUMMARY.md ├── api │ ├── index.html │ ├── oauth2-redirect.html │ └── spec.json ├── as-login.md ├── config.schema.json ├── development │ ├── architecture.md │ ├── contributing.md │ ├── database.md │ └── graphql.md ├── reference │ ├── cli │ │ ├── README.md │ │ ├── config.md │ │ ├── database.md │ │ ├── doctor.md │ │ ├── manage.md │ │ ├── server.md │ │ └── templates.md │ ├── configuration.md │ └── scopes.md ├── rustdoc │ └── mas_handlers │ │ └── README.md ├── setup │ ├── README.md │ ├── database.md │ ├── general.md │ ├── homeserver.md │ ├── installation.md │ ├── migration.md │ ├── reverse-proxy.md │ ├── running.md │ ├── sso.md │ └── well-known.md ├── storybook │ └── README.md └── topics │ ├── admin-api.md │ ├── authorization.md │ └── policy.md ├── frontend ├── .browserlistrc ├── .eslintrc.cjs ├── .gitignore ├── .postcssrc.json ├── .prettierignore ├── .storybook │ ├── locales.ts │ ├── main.ts │ ├── preview-head.html │ └── preview.tsx ├── codegen.ts ├── graphql.config.json ├── i18next-parser.config.ts ├── index.html ├── locales │ ├── de.json │ ├── en.json │ ├── et.json │ ├── fr.json │ ├── nl.json │ └── zh-Hans.json ├── package-lock.json ├── package.json ├── schema.graphql ├── src │ ├── @types │ │ └── i18next.d.ts │ ├── components │ │ ├── AccountManagementPasswordPreview │ │ │ ├── AccountManagementPasswordPreview.module.css │ │ │ ├── AccountManagementPasswordPreview.tsx │ │ │ └── index.ts │ │ ├── Block │ │ │ ├── Block.module.css │ │ │ ├── Block.stories.tsx │ │ │ ├── Block.test.tsx │ │ │ ├── Block.tsx │ │ │ ├── __snapshots__ │ │ │ │ └── Block.test.tsx.snap │ │ │ └── index.ts │ │ ├── BlockList │ │ │ ├── BlockList.module.css │ │ │ ├── BlockList.stories.tsx │ │ │ ├── BlockList.test.tsx │ │ │ ├── BlockList.tsx │ │ │ ├── __snapshots__ │ │ │ │ └── BlockList.test.tsx.snap │ │ │ └── index.ts │ │ ├── BrowserSession.tsx │ │ ├── ButtonLink.tsx │ │ ├── Client │ │ │ ├── OAuth2ClientDetail.module.css │ │ │ ├── OAuth2ClientDetail.test.tsx │ │ │ ├── OAuth2ClientDetail.tsx │ │ │ └── __snapshots__ │ │ │ │ └── OAuth2ClientDetail.test.tsx.snap │ │ ├── Collapsible │ │ │ ├── Collapsible.module.css │ │ │ ├── Collapsible.tsx │ │ │ └── index.ts │ │ ├── CompatSession.test.tsx │ │ ├── CompatSession.tsx │ │ ├── DateTime.stories.tsx │ │ ├── DateTime.tsx │ │ ├── Dialog │ │ │ ├── Dialog.module.css │ │ │ ├── Dialog.stories.tsx │ │ │ ├── Dialog.tsx │ │ │ └── index.ts │ │ ├── EmptyState │ │ │ ├── EmptyState.module.css │ │ │ ├── EmptyState.stories.tsx │ │ │ ├── EmptyState.tsx │ │ │ └── index.ts │ │ ├── ErrorBoundary.tsx │ │ ├── ExternalLink │ │ │ ├── ExternalLink.module.css │ │ │ └── ExternalLink.tsx │ │ ├── Filter │ │ │ ├── Filter.module.css │ │ │ ├── Filter.stories.tsx │ │ │ ├── Filter.tsx │ │ │ └── index.ts │ │ ├── Footer │ │ │ ├── Footer.module.css │ │ │ ├── Footer.stories.tsx │ │ │ ├── Footer.tsx │ │ │ └── index.ts │ │ ├── GenericError.module.css │ │ ├── GenericError.tsx │ │ ├── Layout │ │ │ ├── Layout.module.css │ │ │ ├── Layout.tsx │ │ │ ├── __snapshots__ │ │ │ │ └── Layout.test.tsx.snap │ │ │ └── index.ts │ │ ├── Link.tsx │ │ ├── LoadingScreen │ │ │ ├── LoadingScreen.module.css │ │ │ ├── LoadingScreen.stories.tsx │ │ │ ├── LoadingScreen.test.tsx │ │ │ ├── LoadingScreen.tsx │ │ │ ├── __snapshots__ │ │ │ │ └── LoadingScreen.test.tsx.snap │ │ │ └── index.ts │ │ ├── LoadingSpinner │ │ │ ├── LoadingSpinner.module.css │ │ │ ├── LoadingSpinner.stories.tsx │ │ │ ├── LoadingSpinner.tsx │ │ │ └── index.ts │ │ ├── NavBar │ │ │ ├── NavBar.module.css │ │ │ ├── NavBar.stories.tsx │ │ │ ├── NavBar.tsx │ │ │ └── index.ts │ │ ├── NavItem │ │ │ ├── NavItem.module.css │ │ │ ├── NavItem.tsx │ │ │ ├── __snapshots__ │ │ │ │ └── NavItem.test.tsx.snap │ │ │ └── index.ts │ │ ├── NotFound.tsx │ │ ├── NotLoggedIn.tsx │ │ ├── OAuth2Session.test.tsx │ │ ├── OAuth2Session.tsx │ │ ├── PageHeading │ │ │ ├── PageHeading.module.css │ │ │ ├── PageHeading.tsx │ │ │ └── index.ts │ │ ├── PaginationControls.tsx │ │ ├── PasswordCreationDoubleInput.tsx │ │ ├── Session │ │ │ ├── ClientAvatar.module.css │ │ │ ├── ClientAvatar.test.tsx │ │ │ ├── ClientAvatar.tsx │ │ │ ├── DeviceTypeIcon.module.css │ │ │ ├── DeviceTypeIcon.stories.tsx │ │ │ ├── DeviceTypeIcon.test.tsx │ │ │ ├── DeviceTypeIcon.tsx │ │ │ ├── EndSessionButton.stories.tsx │ │ │ ├── EndSessionButton.tsx │ │ │ ├── LastActive.module.css │ │ │ ├── LastActive.stories.tsx │ │ │ ├── LastActive.test.tsx │ │ │ ├── LastActive.tsx │ │ │ └── __snapshots__ │ │ │ │ ├── ClientAvatar.test.tsx.snap │ │ │ │ ├── DeviceTypeIcon.test.tsx.snap │ │ │ │ ├── LastActive.test.tsx.snap │ │ │ │ └── Session.test.tsx.snap │ │ ├── SessionCard │ │ │ ├── SessionCard.module.css │ │ │ ├── SessionCard.stories.tsx │ │ │ ├── SessionCard.tsx │ │ │ └── index.ts │ │ ├── SessionDetail │ │ │ ├── BrowserSessionDetail.module.css │ │ │ ├── BrowserSessionDetail.tsx │ │ │ ├── CompatSessionDetail.test.tsx │ │ │ ├── CompatSessionDetail.tsx │ │ │ ├── OAuth2SessionDetail.test.tsx │ │ │ ├── OAuth2SessionDetail.tsx │ │ │ ├── SessionDetails.module.css │ │ │ ├── SessionDetails.tsx │ │ │ ├── SessionHeader.module.css │ │ │ ├── SessionHeader.stories.tsx │ │ │ ├── SessionHeader.test.tsx │ │ │ ├── SessionHeader.tsx │ │ │ └── __snapshots__ │ │ │ │ ├── CompatSessionDetail.test.tsx.snap │ │ │ │ ├── OAuth2SessionDetail.test.tsx.snap │ │ │ │ └── SessionHeader.test.tsx.snap │ │ ├── Typography.stories.tsx │ │ ├── Typography.tsx │ │ ├── UnverifiedEmailAlert │ │ │ ├── UnverifiedEmailAlert.module.css │ │ │ ├── UnverifiedEmailAlert.test.tsx │ │ │ ├── UnverifiedEmailAlert.tsx │ │ │ ├── __snapshots__ │ │ │ │ └── UnverifiedEmailAlert.test.tsx.snap │ │ │ └── index.ts │ │ ├── UserEmail │ │ │ ├── UserEmail.module.css │ │ │ ├── UserEmail.tsx │ │ │ └── index.ts │ │ ├── UserGreeting │ │ │ ├── UserGreeting.module.css │ │ │ ├── UserGreeting.stories.tsx │ │ │ ├── UserGreeting.tsx │ │ │ └── index.ts │ │ ├── UserProfile │ │ │ ├── AddEmailForm.tsx │ │ │ └── UserEmailList.tsx │ │ ├── UserSessionsOverview │ │ │ ├── BrowserSessionsOverview.module.css │ │ │ ├── BrowserSessionsOverview.stories.tsx │ │ │ ├── BrowserSessionsOverview.test.tsx │ │ │ ├── BrowserSessionsOverview.tsx │ │ │ └── __snapshots__ │ │ │ │ ├── BrowserSessionsOverview.test.tsx.snap │ │ │ │ └── UserSessionsOverview.test.tsx.snap │ │ ├── VerifyEmail │ │ │ ├── VerifyEmail.module.css │ │ │ ├── VerifyEmail.tsx │ │ │ ├── __snapshots__ │ │ │ │ └── VerifyEmail.test.tsx.snap │ │ │ └── index.ts │ │ ├── VisualList │ │ │ ├── VisualList.module.css │ │ │ └── VisualList.tsx │ │ └── __snapshots__ │ │ │ ├── CompatSession.test.tsx.snap │ │ │ ├── LoadingScreen.test.tsx.snap │ │ │ └── OAuth2Session.test.tsx.snap │ ├── config.ts │ ├── gql │ │ ├── fragment-masking.ts │ │ ├── gql.ts │ │ ├── graphql.ts │ │ ├── index.ts │ │ └── schema.ts │ ├── graphql.ts │ ├── i18n.ts │ ├── i18n │ │ └── password_changes.ts │ ├── main.tsx │ ├── pagination.ts │ ├── result.ts │ ├── routeTree.gen.ts │ ├── routes │ │ ├── __root.tsx │ │ ├── _account.index.lazy.tsx │ │ ├── _account.index.tsx │ │ ├── _account.lazy.tsx │ │ ├── _account.sessions.$id.lazy.tsx │ │ ├── _account.sessions.$id.tsx │ │ ├── _account.sessions.browsers.lazy.tsx │ │ ├── _account.sessions.browsers.tsx │ │ ├── _account.sessions.index.lazy.tsx │ │ ├── _account.sessions.index.tsx │ │ ├── _account.tsx │ │ ├── clients.$id.lazy.tsx │ │ ├── clients.$id.tsx │ │ ├── devices.$.tsx │ │ ├── emails.$id.verify.lazy.tsx │ │ ├── emails.$id.verify.tsx │ │ ├── password.change.index.lazy.tsx │ │ ├── password.change.index.tsx │ │ ├── password.change.success.lazy.tsx │ │ ├── password.recovery.index.lazy.tsx │ │ ├── password.recovery.index.tsx │ │ ├── reset-cross-signing.lazy.tsx │ │ └── reset-cross-signing.tsx │ ├── shared.css │ ├── styles │ │ ├── cpd-button.css │ │ ├── cpd-checkbox-control.css │ │ ├── cpd-form.css │ │ ├── cpd-link.css │ │ ├── cpd-mfa-control.css │ │ └── cpd-text-control.css │ ├── swagger.tsx │ ├── templates.css │ ├── test-utils │ │ ├── mockLocale.ts │ │ └── router.tsx │ ├── utils │ │ ├── dates.ts │ │ ├── deviceIdFromScope.test.ts │ │ ├── deviceIdFromScope.ts │ │ └── password_complexity │ │ │ ├── enwiki.json │ │ │ ├── index.ts │ │ │ ├── namesf.json │ │ │ ├── namesm.json │ │ │ ├── namess.json │ │ │ ├── passwords.json │ │ │ └── ustvfilm.json │ └── vite-env.d.ts ├── tailwind.config.cjs ├── tsconfig.json ├── tsconfig.node.json ├── vite.config.ts ├── vitest.global-setup.ts └── vitest.i18n-setup.ts ├── localazy.json ├── misc ├── build-docs.sh └── update.sh ├── overview.png ├── policies ├── .gitignore ├── Makefile ├── authorization_grant.rego ├── authorization_grant_test.rego ├── client_registration.rego ├── client_registration_test.rego ├── email.rego ├── email_test.rego ├── register.rego ├── register_test.rego ├── schema │ ├── authorization_grant_input.json │ ├── client_registration_input.json │ ├── email_input.json │ ├── password_input.json │ └── register_input.json └── util │ └── coveralls.rego ├── templates ├── app.html ├── base.html ├── components │ ├── back_to_client.html │ ├── button.html │ ├── captcha.html │ ├── errors.html │ ├── field.html │ ├── footer.html │ ├── icon.html │ ├── idp_brand.html │ ├── logout.html │ └── scope.html ├── emails │ ├── recovery.html │ ├── recovery.subject │ ├── recovery.txt │ ├── verification.html │ ├── verification.subject │ └── verification.txt ├── form_post.html ├── pages │ ├── 404.html │ ├── account │ │ └── emails │ │ │ ├── add.html │ │ │ └── verify.html │ ├── consent.html │ ├── device_consent.html │ ├── device_link.html │ ├── error.html │ ├── index.html │ ├── login.html │ ├── policy_violation.html │ ├── reauth.html │ ├── recovery │ │ ├── consumed.html │ │ ├── disabled.html │ │ ├── expired.html │ │ ├── finish.html │ │ ├── progress.html │ │ └── start.html │ ├── register.html │ ├── sso.html │ └── upstream_oauth2 │ │ ├── do_register.html │ │ ├── link_mismatch.html │ │ └── suggest_link.html └── swagger │ ├── doc.html │ └── oauth2-redirect.html ├── theme ├── additional.css └── header.hbs ├── tools └── syn2mas │ ├── .eslintrc.cjs │ ├── .gitignore │ ├── .nvmrc │ ├── Dockerfile │ ├── LICENSE │ ├── README.md │ ├── package-lock.json │ ├── package.json │ ├── src │ ├── advisor.mts │ ├── db.mts │ ├── index.ts │ ├── migrate.mts │ ├── schemas │ │ ├── mas.mts │ │ └── synapse.mts │ └── types │ │ ├── MCompatAccessToken.d.ts │ │ ├── MCompatRefreshToken.d.ts │ │ ├── MCompatSession.d.ts │ │ ├── MUpstreamOauthLink.d.ts │ │ ├── MUpstreamOauthProvider.d.ts │ │ ├── MUser.d.ts │ │ ├── MUserEmail.d.ts │ │ ├── MUserPassword.d.ts │ │ ├── SAccessToken.d.ts │ │ ├── SRefreshToken.d.ts │ │ ├── SUser.d.ts │ │ ├── SUserExternalId.d.ts │ │ ├── SUserThreePid.d.ts │ │ ├── index.d.ts │ │ └── knex.d.ts │ ├── tsconfig.eslint.json │ └── tsconfig.json └── translations ├── de.json ├── en.json ├── et.json ├── fr.json ├── nl.json └── zh-Hans.json /.codecov.yml: -------------------------------------------------------------------------------- 1 | comment: false 2 | 3 | flag_management: 4 | default_rules: 5 | carryforward: true 6 | -------------------------------------------------------------------------------- /.devcontainer/.env: -------------------------------------------------------------------------------- 1 | MAS_OAUTH2_ISSUER="https://${CODESPACE_NAME}-8080.githubpreview.dev/" -------------------------------------------------------------------------------- /.devcontainer/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM mcr.microsoft.com/vscode/devcontainers/rust:0-1 2 | 3 | RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ 4 | && apt-get -y install --no-install-recommends postgresql-client 5 | 6 | COPY .env /.env 7 | 8 | # TODO: pre-build custom images, those take too much time 9 | #RUN cargo install sqlx-cli --no-default-features --features postgres 10 | #RUN cargo install cargo-edit -------------------------------------------------------------------------------- /.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Rust", 3 | "dockerComposeFile": "docker-compose.yml", 4 | "service": "app", 5 | "workspaceFolder": "/workspace", 6 | 7 | "postCreateCommand": "SQLX_OFFLINE=1 cargo run -- database migrate", 8 | "settings": { 9 | "lldb.executable": "/usr/bin/lldb", 10 | "sqltools.connections": [{ 11 | "name": "Container database", 12 | "driver": "PostgreSQL", 13 | "previewLimit": 50, 14 | "server": "localhost", 15 | "port": 5432, 16 | "database": "postgres", 17 | "username": "postgres", 18 | "password": "postgres" 19 | }], 20 | "files.watcherExclude": { 21 | "**/target/**": true 22 | } 23 | }, 24 | 25 | "forwardPorts": [8080], 26 | "portsAttributes": { 27 | "8080": { 28 | "label": "Application" 29 | } 30 | }, 31 | 32 | "extensions": [ 33 | "bungcip.better-toml", 34 | "vadimcn.vscode-lldb", 35 | "mutantdino.resourcemonitor", 36 | "matklad.rust-analyzer", 37 | "mtxr.sqltools", 38 | "mtxr.sqltools-driver-pg" 39 | ] 40 | } 41 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | target/ 2 | crates/*/target 3 | crates/*/node_modules 4 | frontend/node_modules 5 | frontend/dist 6 | tools/syn2mas/** 7 | docs/ 8 | .devcontainer/ 9 | .git/ 10 | .github/ 11 | .gitignore 12 | Dockerfile 13 | .dockerignore 14 | docker-bake.hcl 15 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | charset=utf-8 5 | end_of_line = lf 6 | 7 | [*.{ts,tsx,css}] 8 | indent_size = 2 9 | insert_final_newline = true 10 | trim_trailing_whitespace = true 11 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.wasm binary 2 | -------------------------------------------------------------------------------- /.github/workflows/translations-upload.yaml: -------------------------------------------------------------------------------- 1 | name: Upload translation files to Localazy 2 | on: 3 | push: 4 | branches: 5 | - main 6 | 7 | jobs: 8 | upload: 9 | runs-on: ubuntu-22.04 10 | permissions: 11 | contents: read 12 | 13 | steps: 14 | - name: Checkout the code 15 | uses: actions/checkout@v4.1.7 16 | 17 | - name: Upload 18 | uses: localazy/upload@v1 19 | with: 20 | write_key: ${{ secrets.LOCALAZY_WRITE_KEY }} -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | -------------------------------------------------------------------------------- /.rustfmt.toml: -------------------------------------------------------------------------------- 1 | max_width = 100 2 | comment_width = 80 3 | wrap_comments = true 4 | imports_granularity = "Crate" 5 | use_small_heuristics = "Default" 6 | group_imports = "StdExternalCrate" 7 | -------------------------------------------------------------------------------- /book.toml: -------------------------------------------------------------------------------- 1 | # Documentation for possible options in this file is at 2 | # https://rust-lang.github.io/mdBook/format/config.html 3 | [book] 4 | title = "Matrix Authentication Service" 5 | authors = ["The Matrix.org Foundation C.I.C."] 6 | language = "en" 7 | multilingual = false 8 | 9 | src = "docs" 10 | 11 | [build] 12 | build-dir = "target/book" 13 | 14 | [output.html] 15 | # The URL visitors will be directed to when they try to edit a page 16 | edit-url-template = "https://github.com/matrix-org/matrix-authentication-service/edit/main/{path}" 17 | 18 | # The source code URL of the repository 19 | git-repository-url = "https://github.com/matrix-org/matrix-authentication-service" 20 | 21 | # The path that the docs are hosted on 22 | site-url = "/matrix-authentication-service/" 23 | 24 | additional-css = ["theme/additional.css"] 25 | -------------------------------------------------------------------------------- /clippy.toml: -------------------------------------------------------------------------------- 1 | doc-valid-idents = ["OpenID", "OAuth", "..", "PostgreSQL"] 2 | 3 | disallowed-methods = [ 4 | { path = "rand::thread_rng", reason = "do not create rngs on the fly, pass them as parameters" }, 5 | { path = "chrono::Utc::now", reason = "source the current time from the clock instead" }, 6 | { path = "ulid::Ulid::from_datetime", reason = "use Ulid::from_datetime_with_source instead" }, 7 | { path = "ulid::Ulid::new", reason = "use Ulid::from_datetime_with_source instead" }, 8 | ] 9 | 10 | disallowed-types = [ 11 | "rand::OsRng", 12 | { path = "std::path::PathBuf", reason = "use camino::Utf8PathBuf instead" }, 13 | { path = "std::path::Path", reason = "use camino::Utf8Path instead" }, 14 | ] 15 | -------------------------------------------------------------------------------- /crates/data-model/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-data-model" 3 | version.workspace = true 4 | authors.workspace = true 5 | edition.workspace = true 6 | license.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish = false 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | chrono.workspace = true 16 | thiserror.workspace = true 17 | serde.workspace = true 18 | url.workspace = true 19 | crc = "3.2.1" 20 | ulid.workspace = true 21 | rand.workspace = true 22 | rand_chacha = "0.3.1" 23 | regex = "1.10.6" 24 | woothee = "0.13.0" 25 | 26 | mas-iana.workspace = true 27 | mas-jose.workspace = true 28 | oauth2-types.workspace = true 29 | -------------------------------------------------------------------------------- /crates/data-model/src/upstream_oauth2/link.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | use chrono::{DateTime, Utc}; 16 | use serde::Serialize; 17 | use ulid::Ulid; 18 | 19 | #[derive(Debug, Clone, PartialEq, Eq, Serialize)] 20 | pub struct UpstreamOAuthLink { 21 | pub id: Ulid, 22 | pub provider_id: Ulid, 23 | pub user_id: Option, 24 | pub subject: String, 25 | pub created_at: DateTime, 26 | } 27 | -------------------------------------------------------------------------------- /crates/email/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-email" 3 | version.workspace = true 4 | authors.workspace = true 5 | edition.workspace = true 6 | license.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish = false 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | async-trait.workspace = true 16 | headers.workspace = true 17 | lettre.workspace = true 18 | thiserror.workspace = true 19 | tracing.workspace = true 20 | 21 | mas-templates.workspace = true 22 | -------------------------------------------------------------------------------- /crates/handlers/src/admin/v1/oauth2_sessions/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | mod get; 16 | mod list; 17 | 18 | pub use self::{ 19 | get::{doc as get_doc, handler as get}, 20 | list::{doc as list_doc, handler as list}, 21 | }; 22 | -------------------------------------------------------------------------------- /crates/handlers/src/bin/graphql-schema.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #![forbid(unsafe_code)] 16 | #![deny( 17 | clippy::all, 18 | clippy::str_to_string, 19 | rustdoc::broken_intra_doc_links, 20 | clippy::future_not_send 21 | )] 22 | #![warn(clippy::pedantic)] 23 | 24 | fn main() { 25 | let schema = mas_handlers::graphql_schema_builder().finish(); 26 | println!("{}", schema.sdl()); 27 | } 28 | -------------------------------------------------------------------------------- /crates/handlers/src/graphql/model/viewer/anonymous.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | use async_graphql::{Object, ID}; 16 | 17 | /// An anonymous viewer 18 | #[derive(Default, Clone, Copy)] 19 | pub struct Anonymous; 20 | 21 | #[Object] 22 | impl Anonymous { 23 | pub async fn id(&self) -> ID { 24 | "anonymous".into() 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /crates/handlers/src/oauth2/device/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | pub mod authorize; 16 | pub mod consent; 17 | pub mod link; 18 | -------------------------------------------------------------------------------- /crates/handlers/src/oauth2/keys.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2021, 2022 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | use axum::{extract::State, response::IntoResponse, Json}; 16 | use mas_keystore::Keystore; 17 | 18 | #[tracing::instrument(name = "handlers.oauth2.keys.get", skip_all)] 19 | pub(crate) async fn get(State(key_store): State) -> impl IntoResponse { 20 | let jwks = key_store.public_jwks(); 21 | Json(jwks) 22 | } 23 | -------------------------------------------------------------------------------- /crates/handlers/src/snapshots/mas_handlers__passwords__tests__hash_verify_and_upgrade-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/handlers/src/passwords.rs 3 | expression: hash 4 | --- 5 | $argon2id$v=19$m=19456,t=2,p=1$4aRFZH7bgRs24delZVap/Q$Y2SNOQuEfwWuBXflRnbJhqpksexRziQ9Wf9BatCuIVY 6 | -------------------------------------------------------------------------------- /crates/handlers/src/snapshots/mas_handlers__passwords__tests__hash_verify_and_upgrade-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/handlers/src/passwords.rs 3 | expression: hash 4 | --- 5 | $argon2id$v=19$m=19456,t=2,p=1$1Ke64U6Mrdl5imSjjFRU+g$yirg39x3QVVTxsV5OI4usyIaCw6IRxPl5Li3mQyNmN8 6 | -------------------------------------------------------------------------------- /crates/handlers/src/snapshots/mas_handlers__passwords__tests__hash_verify_and_upgrade.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/handlers/src/passwords.rs 3 | expression: hash 4 | --- 5 | $2b$10$1Mgv9BLlKUPw2H3LIWlseeWUiTWF2yZC/.TyzuC3bGuB9XacoEUu6 6 | -------------------------------------------------------------------------------- /crates/handlers/src/snapshots/mas_handlers__passwords__tests__hashing_argon2id-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/handlers/src/passwords.rs 3 | expression: hash 4 | --- 5 | $argon2id$v=19$m=19456,t=2,p=1$1WdxAF1UChkYSTnJ6NDbKg$ajKAfwlUmkbxITSdh55j+Hvoxzppx20ArNUF44oV9Nk 6 | -------------------------------------------------------------------------------- /crates/handlers/src/snapshots/mas_handlers__passwords__tests__hashing_argon2id.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/handlers/src/passwords.rs 3 | expression: hash 4 | --- 5 | $argon2id$v=19$m=19456,t=2,p=1$eEi11xG8mIOZYxej+ckCaQ$eBeygPqiuImQAaFQOkE6oVkPfqxIGgnqpQd/MwW4YX4 6 | -------------------------------------------------------------------------------- /crates/handlers/src/snapshots/mas_handlers__passwords__tests__hashing_bcrypt-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/handlers/src/passwords.rs 3 | expression: hash 4 | --- 5 | $2b$10$mqjtwG6w3GawhuQQdwBCqOt0TQ0V4vGhB.tMuCZO8WL.ycBHkOLca 6 | -------------------------------------------------------------------------------- /crates/handlers/src/snapshots/mas_handlers__passwords__tests__hashing_bcrypt.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/handlers/src/passwords.rs 3 | expression: hash 4 | --- 5 | $2b$10$c/EX8bTbEMfTn4oCvcQyBOR1zPyLmGzZ2pMXoElLASqv2qpq5X15i 6 | -------------------------------------------------------------------------------- /crates/handlers/src/snapshots/mas_handlers__passwords__tests__hashing_pbkdf2-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/handlers/src/passwords.rs 3 | expression: hash 4 | --- 5 | $pbkdf2-sha256$i=600000,l=32$1WdxAF1UChkYSTnJ6NDbKg$uwgJSFAtjA082fY37K09Q5Hjbw3mBjFI/JLW9sw0F2A 6 | -------------------------------------------------------------------------------- /crates/handlers/src/snapshots/mas_handlers__passwords__tests__hashing_pbkdf2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/handlers/src/passwords.rs 3 | expression: hash 4 | --- 5 | $pbkdf2-sha256$i=600000,l=32$eEi11xG8mIOZYxej+ckCaQ$uyS+Ip4DieQ9S+m1EcT+vCtuiWpQ3TsDGPLY4mwkOxc 6 | -------------------------------------------------------------------------------- /crates/handlers/src/views/account/emails/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | pub mod add; 16 | pub mod verify; 17 | -------------------------------------------------------------------------------- /crates/handlers/src/views/account/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2021-2024 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | pub mod emails; 16 | -------------------------------------------------------------------------------- /crates/handlers/src/views/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2021, 2022 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | pub mod account; 16 | pub mod app; 17 | pub mod index; 18 | pub mod login; 19 | pub mod logout; 20 | pub mod reauth; 21 | pub mod recovery; 22 | pub mod register; 23 | pub mod shared; 24 | -------------------------------------------------------------------------------- /crates/handlers/src/views/recovery/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | pub mod progress; 16 | pub mod start; 17 | -------------------------------------------------------------------------------- /crates/http/src/layers/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | pub mod body_to_bytes_response; 16 | pub mod bytes_to_body_request; 17 | pub mod catch_http_codes; 18 | pub mod form_urlencoded_request; 19 | pub mod json_request; 20 | pub mod json_response; 21 | 22 | #[cfg(feature = "client")] 23 | pub(crate) mod client; 24 | -------------------------------------------------------------------------------- /crates/i18n-scan/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-i18n-scan" 3 | version.workspace = true 4 | license.workspace = true 5 | authors.workspace = true 6 | edition.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish = false 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | camino.workspace = true 16 | clap.workspace = true 17 | minijinja = { workspace = true, features = ["unstable_machinery"] } 18 | serde_json.workspace = true 19 | tracing-subscriber.workspace = true 20 | tracing.workspace = true 21 | walkdir = "2.5.0" 22 | 23 | mas-i18n.workspace = true 24 | -------------------------------------------------------------------------------- /crates/i18n/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | pub mod sprintf; 16 | pub mod translations; 17 | mod translator; 18 | 19 | pub use icu_calendar; 20 | pub use icu_datetime; 21 | pub use icu_locid::locale; 22 | pub use icu_provider::DataLocale; 23 | 24 | pub use self::{ 25 | sprintf::{Argument, ArgumentList, Message}, 26 | translator::{LoadError, Translator}, 27 | }; 28 | -------------------------------------------------------------------------------- /crates/i18n/test_data/en-US.json: -------------------------------------------------------------------------------- 1 | { 2 | "hello": "Hey!" 3 | } -------------------------------------------------------------------------------- /crates/i18n/test_data/en.json: -------------------------------------------------------------------------------- 1 | { 2 | "hello": "Hello!", 3 | "goodbye": "Goodbye!", 4 | "active_sessions": { 5 | "one": "%(count)d active session.", 6 | "other": "%(count)d active sessions." 7 | } 8 | } -------------------------------------------------------------------------------- /crates/i18n/test_data/fr.json: -------------------------------------------------------------------------------- 1 | { 2 | "hello": "Bonjour !", 3 | "goodbye": "Au revoir !", 4 | "active_sessions": { 5 | "one": "%(count)d session active.", 6 | "other": "%(count)d sessions actives." 7 | } 8 | } -------------------------------------------------------------------------------- /crates/iana-codegen/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-iana-codegen" 3 | version.workspace = true 4 | authors.workspace = true 5 | edition.workspace = true 6 | license.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish = false 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | anyhow.workspace = true 16 | async-trait.workspace = true 17 | camino.workspace = true 18 | convert_case = "0.6.0" 19 | csv = "1.3.0" 20 | futures-util = "0.3.30" 21 | reqwest = { version = "0.12.7", default-features = false, features = [ 22 | "rustls-tls", 23 | ] } 24 | serde.workspace = true 25 | tokio.workspace = true 26 | tracing.workspace = true 27 | tracing-subscriber.workspace = true 28 | -------------------------------------------------------------------------------- /crates/iana/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-iana" 3 | description = "IANA registry data for JOSE and OAuth 2.0" 4 | version.workspace = true 5 | authors.workspace = true 6 | edition.workspace = true 7 | license.workspace = true 8 | homepage.workspace = true 9 | repository.workspace = true 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | serde = { workspace = true, optional = true } 16 | schemars = { workspace = true, optional = true } 17 | 18 | [features] 19 | default = ["serde", "schemars"] 20 | serde = ["dep:serde"] 21 | schemars = ["dep:schemars"] 22 | -------------------------------------------------------------------------------- /crates/jose/src/jwt/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | mod header; 16 | mod raw; 17 | mod signed; 18 | 19 | pub use self::{ 20 | header::JsonWebSignatureHeader, 21 | signed::{Jwt, JwtDecodeError, JwtSignatureError, JwtVerificationError, NoKeyWorked}, 22 | }; 23 | -------------------------------------------------------------------------------- /crates/jose/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #![deny(rustdoc::broken_intra_doc_links)] 16 | #![allow(clippy::module_name_repetitions)] 17 | 18 | mod base64; 19 | pub mod claims; 20 | pub mod constraints; 21 | pub mod jwa; 22 | pub mod jwk; 23 | pub mod jwt; 24 | 25 | pub use self::base64::Base64; 26 | -------------------------------------------------------------------------------- /crates/jose/tests/jwts/eddsa-ed25519.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJFZERTQSIsImtpZCI6ImlYa2l5aEVoNkU3VS1hWDBmZzd3LWVzSFdxUHZ2eFdkNmdIMUpHMnU3TjAifQ.eyJoZWxsbyI6IndvcmxkIn0.ZFiNWsheqUC_mQNztHpZXLnyb5LtvyT1dTGcMSCgG97Cobju83xCIkbJwfjOSgZrI2CpEVobVM_mfnmFIAUfBg -------------------------------------------------------------------------------- /crates/jose/tests/jwts/eddsa-ed448.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJFZERTQSIsImtpZCI6IlFsdGEycVZsaEhoZzNqcmlKcDBIc0lCUXFHVkIxWkgycEVueVBIemwxTXMifQ.eyJoZWxsbyI6IndvcmxkIn0.7EqBc73c8UjbZnW5LkkDmPlAnlgjVdDzfABvssoLE3FoFX3uUr1dPdX3I9Hu_rtOIdRtTLfN9eeABuG5cugUoshrYSFuHF6vy2Nim7uM3GWa6mVZx6fzOBq6goCK4JpNfwkJ3a4VyslHU7wQBfXAOxcA -------------------------------------------------------------------------------- /crates/jose/tests/jwts/es256.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJFUzI1NiIsImtpZCI6ImxNYlNJNjlhanNCSEhrSXBWQUZLUktZblI2NmtHZEd0ZWcyb3FNenAwX0UifQ.eyJoZWxsbyI6IndvcmxkIn0.YckCGhpak2hpO9EiR-X2MD6CVBnUAmQbRVKvKoYCbRnydOOksNlzWaOl0S-C4KZxGTuKG-spzFQJov5h_ob5nw -------------------------------------------------------------------------------- /crates/jose/tests/jwts/es256k.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJFUzI1NksiLCJraWQiOiJuOWI0Z3lkNU5nSHY3cEo3UzI3QUtCcmhCUEhhM0g1cHRjaXhtWWVyU1VnIn0.eyJoZWxsbyI6IndvcmxkIn0.e0XIMec0_gvlxS8je5hVpYQGls2A5r2TUJ9eJNmdwZQbo1alRB93dgbh3yd4fh8bDOmmLhRfMKti93c7-ljPVg -------------------------------------------------------------------------------- /crates/jose/tests/jwts/es384.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJFUzM4NCIsImtpZCI6IkoxRVpKR1AxTHloWDJabHo4eFBjc3BNUUVsOFczYllHMngzTnFpTWJQeVkifQ.eyJoZWxsbyI6IndvcmxkIn0.XK3AIs0TQ1r5Wbpd14MkVIp3rvisQEb_8wlp3F4usveL23GH15y5TQ8mcU5NrxNFFylclwikyz4ozM2zmU7fkCYfjKD8AoEABOTlfjH3DRQnynVcpkvB47CsSgt8QpGe -------------------------------------------------------------------------------- /crates/jose/tests/jwts/es512.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJFUzUxMiIsImtpZCI6Il94R3lJM21zOTBBdmdGNjU4d3o5NzF3c3dTeVluR1NHX0EwZEFnbXJBTTAifQ.eyJoZWxsbyI6IndvcmxkIn0.AJ9YcP56d-1Z1wsZL0ikFRY_4Q6du7YEWsqtQDOloCLMYQ-3citw6Fm35t4kg8E5aoe8QrEj8kTqsQLloWv0eBMFAWh-Uyrupmz0Kzllc6xbOEVoWuM5DWc6AJ6Da6k0f6XHsZ_MVcayQpdmZTLcM_pyo1U6olqwLYqv1YNx-2M2GdCl -------------------------------------------------------------------------------- /crates/jose/tests/jwts/hs256.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJIUzI1NiIsImtpZCI6ImRqSEtvV1Uzck9sV2c1RTBFSV80RmxiRVRmZDRPRlFnVjk4REZYRW1HZmcifQ.eyJoZWxsbyI6IndvcmxkIn0.GBxkJdc15D26siv1Ov_a2jgQSIsgLwiF2ZDFSUdzoFY -------------------------------------------------------------------------------- /crates/jose/tests/jwts/hs384.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJIUzM4NCIsImtpZCI6ImRqSEtvV1Uzck9sV2c1RTBFSV80RmxiRVRmZDRPRlFnVjk4REZYRW1HZmcifQ.eyJoZWxsbyI6IndvcmxkIn0.pOZkiI4HMCNHgUf9diq6CkFxsMIMCNADvDPHmtkjerSYWy16dmlZy-FT9ZxyyD_1 -------------------------------------------------------------------------------- /crates/jose/tests/jwts/hs512.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJIUzUxMiIsImtpZCI6ImRqSEtvV1Uzck9sV2c1RTBFSV80RmxiRVRmZDRPRlFnVjk4REZYRW1HZmcifQ.eyJoZWxsbyI6IndvcmxkIn0.1kVwcE7LajF4Ph3yl2cKhJRs4FtZUMT6mxVCbtfttLPLqkxX-WAlZ0Hd7zg1JAzxNUmkeF8bsgZ9P0bPxBDSyw -------------------------------------------------------------------------------- /crates/jose/tests/jwts/ps256.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJQUzI1NiIsImtpZCI6ImxqQXdGc1czMmV4cHlBMFJqcktvT0h1WnhmazdLTFNlajh6bGRPOXo0aVUifQ.eyJoZWxsbyI6IndvcmxkIn0.JWY1HZhLrDngEV7-V7to489hsX3muDOeCr4cedGUY2cpDNgJs0CgTe1pknXws9msZSlG4C-oA08UqgousBA2FWbcuVDhSEmSyNWM2rHekFuYcLlAupP8wucMQ3yzP425V2PzlgWV85xRe18PifNaTldMHLArbTKplMQgHHHopz28kuP1Uko99lHxpZrDVMHSLXNTyYaoQeOd81Hbx8uSx5wZO6tVIErV1RhKhSFGLP9DsbOKKW6jRgam_tKNh35VYBQZ6CIQkgsZCruDP7KFHHqC4xHTbkNQ6VlxHHHOpHz-SuRcBS901EN6NVCSPRSc0oYp1ChQCPgUeH_SrloCMg -------------------------------------------------------------------------------- /crates/jose/tests/jwts/ps384.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJQUzM4NCIsImtpZCI6ImxqQXdGc1czMmV4cHlBMFJqcktvT0h1WnhmazdLTFNlajh6bGRPOXo0aVUifQ.eyJoZWxsbyI6IndvcmxkIn0.XLe8Fxg1wALfGIYBtGtYCSxneiReNMRsUiXukYPS3KWvIH6xcLV93GflNRBHRE1aijy1GPnqZv-mZoKjfZr4PoZMX0MalE0j0bFqrLJvfoyxlZLTIzjfyYm81JtPwlB3iU3DvqKGAYBE8aknTOnv65nyprdhGuJhFEW-_7omDzXqE03DofIGQOu-F3nkVP5Om28VKY6Vdr7PswJhKawP97VXrhN5aIubSjldv5-LcKlVwjV9_3RTiEbVGCgluyhzUUhoa-y0Y1oplJC4GMzvQ1YCYQeYJOn0bB1FjpOryJ2mxlIf8qNzlDHnpyr5MVRJ2PAlhZ31GB5JGr_ZQYTRUA -------------------------------------------------------------------------------- /crates/jose/tests/jwts/ps512.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJQUzUxMiIsImtpZCI6ImxqQXdGc1czMmV4cHlBMFJqcktvT0h1WnhmazdLTFNlajh6bGRPOXo0aVUifQ.eyJoZWxsbyI6IndvcmxkIn0.aQ6sXJsU-U14WW7cD344aZi72Hf_XNq9LBi0_feKRVQOO98gV-jlBKWer-n_FI1qLcOUoHfitOciTOVLgvYxeJUwePCwUm9JhQ186CLAc6i_AhqpeKRlDkVOF_viQeZTFwEadHT2KMIe0ImZnPqGUb07arUdzGO67Lwsts2ob7qgG_uWgVbjXMkTUwt-JSHdXUcGIz1FgCJaFgGygfQE_I_doNiApWr2okiuIMs_4Q5BfxIlvPR-uaOcpqxk7ldukvQgUjv4rTfOGE12fCx5eLDVF4P1OXgMjgmcXH1yaV89DgTBgDPP11tQrbsFbANX004VLF9MQWoVF6esl6xwQw -------------------------------------------------------------------------------- /crates/jose/tests/jwts/rs256.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJSUzI1NiIsImtpZCI6ImxqQXdGc1czMmV4cHlBMFJqcktvT0h1WnhmazdLTFNlajh6bGRPOXo0aVUifQ.eyJoZWxsbyI6IndvcmxkIn0.JLzSM5NDbAIb5vpbnKJeHUgU-uJ46616qzDjWXRbIAdxPk8WUqpRDRTlPoRUBXsAKn7E14r_CZmwvGAgJipS7EY0PbJYOkA_6oi8sYWykMUT1F2BlqKQGv2BvRR0LGu0tmm4XYZT2nOLRiEa4bs9l-D2jA5GRTKjDnmgUBHXpX4vIICtnkHHvZilMf1Fjsdm-3X9NFmxjtvQChg-w0h6hM3NZAt6Gd5AG8MaFf-mj3sLa40c51XXz1J1WE9iOWF8lGC6EfP5MSWunKnhyHf2xPQiH4C_Tvm529p2EiEBjjoL1f2A8WH8EYruHF8AXsz2F8HxN_7ryGmjrqLGwuw7iQ -------------------------------------------------------------------------------- /crates/jose/tests/jwts/rs384.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJSUzM4NCIsImtpZCI6ImxqQXdGc1czMmV4cHlBMFJqcktvT0h1WnhmazdLTFNlajh6bGRPOXo0aVUifQ.eyJoZWxsbyI6IndvcmxkIn0.Qf9DbTCoisWvPvGYahn-dMe9r-escYv5cTL-5X2tz5uPRUmAEJ6D6cn0VtLCCPmTIuzSYDzeMqdEx1Is-AVkzvWMKdFRXNVL_E54bhS6Dg04a75bL4YGQOg8iaTTdRlHMaLLfClf8sXttpHmnOFhQ9C6pLcmtT5cfle8qrAw9x7Ivri7jkcjydWcR2WKsYHJxEWDwdhDiBK461F2fi9YtbZOL4qdKEoYpg08v4jH7hFf5G60W_k2oKvPQnbVJe0VcnGcEXvItMAEi8omMn3_OxIGNH-mxBf9DOpOu8Vj-kvvWuE03f31goWLqiL6-Eq8ykqqFZ3sKb23WfGPd26pDw -------------------------------------------------------------------------------- /crates/jose/tests/jwts/rs512.jwt: -------------------------------------------------------------------------------- 1 | eyJhbGciOiJSUzUxMiIsImtpZCI6ImxqQXdGc1czMmV4cHlBMFJqcktvT0h1WnhmazdLTFNlajh6bGRPOXo0aVUifQ.eyJoZWxsbyI6IndvcmxkIn0.UevGIlEIlrQWvLLm3Iouq6cxjWf7CtFwaDXQOUEQzdQxa3Mg9H0KD7Ztc1LRS36RFd0rnh9dWsXmeDbQ9yWNepnRvv0QP8Vxq3ty7wOHZtLn2kG1SjDQqgaU743p4n-YUpVugzSha0RHTiRN1TU4zufpx26jQBuO7ihOFof6trc8E2UG98Pgd1w3kv20Glwo_cWauhAefgDRhS-sOaH_SsOFWSBNCa8ISeIOiuKLFOEp2o1m2sla0yCDHVptERYDp3D_LHTLX-BP0dyaxpKwfQ7EuECGK1r7_yyiSq_pOwPrainC3lBKYovOgj8tYGTJxfw4Au_QSY57J96M7N4TmA -------------------------------------------------------------------------------- /crates/jose/tests/keys/ed25519.priv.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MC4CAQAwBQYDK2VwBCIEIIutDmtMjMBKXN/Oxmfvxw3cNwtqgcyR2awtQYH/OS/5 3 | -----END PRIVATE KEY----- 4 | -------------------------------------------------------------------------------- /crates/jose/tests/keys/ed25519.pub.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MCowBQYDK2VwAyEAnVo63sClAQ8qwBAZW0tttHFhXdrLiKqJnFeJ+j3nA3U= 3 | -----END PUBLIC KEY----- 4 | -------------------------------------------------------------------------------- /crates/jose/tests/keys/ed448.priv.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MEcCAQAwBQYDK2VxBDsEOdwdrXdIIxmkz/6pi3/JeOemGYvMECA+CvW5CAGXCvwi 3 | VXFdnXxUt22BpU8Hl1jl1+kuGe3Mx5Pt3w== 4 | -----END PRIVATE KEY----- 5 | -------------------------------------------------------------------------------- /crates/jose/tests/keys/ed448.pub.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MEMwBQYDK2VxAzoAKgaYHB+xIpPPvmH2PdbnWT+67/CfJhuD3U90sv+i5CZmGdwt 3 | WOErsowzNYSvuFWk8vztPOERjn4A 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /crates/jose/tests/keys/k256.priv.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQACg== 3 | -----END EC PARAMETERS----- 4 | -----BEGIN EC PRIVATE KEY----- 5 | MHQCAQEEIPwbk/wHJMKyIvACaVE5Km8UzGlYi1yuc9KCHj1n/ZJIoAcGBSuBBAAK 6 | oUQDQgAEt+mBmz+Rvh0n3W/bRL/TSOc3Vv0ZB0oGaPZBEqu4sTQ8ubxqypS0fDmB 7 | Vk3T28DmCImQMg8M5njNobs1HvupKA== 8 | -----END EC PRIVATE KEY----- 9 | -------------------------------------------------------------------------------- /crates/jose/tests/keys/k256.pub.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEt+mBmz+Rvh0n3W/bRL/TSOc3Vv0ZB0oG 3 | aPZBEqu4sTQ8ubxqypS0fDmBVk3T28DmCImQMg8M5njNobs1HvupKA== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /crates/jose/tests/keys/oct.bin: -------------------------------------------------------------------------------- 1 | 23eaa437c2ace04e35a3a77b8132100f3438aa68946a30553cbf8fe80e2a5f3ca70082053f4bd4457653bbb15877d847c232948ea7512ccd679f71c268f1dd08 2 | -------------------------------------------------------------------------------- /crates/jose/tests/keys/p256.priv.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BggqhkjOPQMBBw== 3 | -----END EC PARAMETERS----- 4 | -----BEGIN EC PRIVATE KEY----- 5 | MHcCAQEEIFffy3Oo3NIcqhbqkh1WjM13JljI9+CG96Rub5bNxG2joAoGCCqGSM49 6 | AwEHoUQDQgAE4rnALl/X1zeOJtDmxz+YiUR1+9QGBfRE90qy/rqe0N2oaXdN6WDT 7 | a6yBcr2NBPBw1BEsui+jTu99/BppncNzmg== 8 | -----END EC PRIVATE KEY----- 9 | -------------------------------------------------------------------------------- /crates/jose/tests/keys/p256.pub.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4rnALl/X1zeOJtDmxz+YiUR1+9QG 3 | BfRE90qy/rqe0N2oaXdN6WDTa6yBcr2NBPBw1BEsui+jTu99/BppncNzmg== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /crates/jose/tests/keys/p384.priv.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAIg== 3 | -----END EC PARAMETERS----- 4 | -----BEGIN EC PRIVATE KEY----- 5 | MIGkAgEBBDCouZuJuvvAc+9SiWwALojasP9rvygIDdK82I6HgL9a9ma1Um0gEN5D 6 | cgaHPyrmUXSgBwYFK4EEACKhZANiAAR1Pv/f5aneSB7ACIDKhqspDb+svh2R62pp 7 | S2Lycc4hP0rR0a0wYO3lb25OFziYAs0sd0LkbjZFhNlx2ecQx+3NzHcM45p5MSut 8 | x0ylVN27SB2MBAOsPC0ca7vcTcB4cak= 9 | -----END EC PRIVATE KEY----- 10 | -------------------------------------------------------------------------------- /crates/jose/tests/keys/p384.pub.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEdT7/3+Wp3kgewAiAyoarKQ2/rL4dketq 3 | aUti8nHOIT9K0dGtMGDt5W9uThc4mALNLHdC5G42RYTZcdnnEMftzcx3DOOaeTEr 4 | rcdMpVTdu0gdjAQDrDwtHGu73E3AeHGp 5 | -----END PUBLIC KEY----- 6 | -------------------------------------------------------------------------------- /crates/jose/tests/keys/p521.priv.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAIw== 3 | -----END EC PARAMETERS----- 4 | -----BEGIN EC PRIVATE KEY----- 5 | MIHcAgEBBEIB7pEkW3rt95hcMEixYS/fZYvsyy6I0mA7cDtYTKJ1oc3X4I/mciMU 6 | 3m6t/wy8Px8FaprF3CsAQgDq499zx/ZTUnygBwYFK4EEACOhgYkDgYYABAEb/gVt 7 | YMU1snsv8IpeknNomj7rv4gbBCo4tgfFAYFvryKfiUh807rdXUdVKZBZ2XudxJEu 8 | j+ZEzZuXAQPq/dvNiQHlbbx5CbJcLj44vjO9Wadw8zqLLaf5HljAdH9c5Y5dD9Ql 9 | YXKQuceE/w95xDv80Xbi9UdBb+YBOs2i5vF+HGQ+Zg== 10 | -----END EC PRIVATE KEY----- 11 | -------------------------------------------------------------------------------- /crates/jose/tests/keys/p521.pub.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBG/4FbWDFNbJ7L/CKXpJzaJo+67+I 3 | GwQqOLYHxQGBb68in4lIfNO63V1HVSmQWdl7ncSRLo/mRM2blwED6v3bzYkB5W28 4 | eQmyXC4+OL4zvVmncPM6iy2n+R5YwHR/XOWOXQ/UJWFykLnHhP8PecQ7/NF24vVH 5 | QW/mATrNoubxfhxkPmY= 6 | -----END PUBLIC KEY----- 7 | -------------------------------------------------------------------------------- /crates/jose/tests/keys/rsa.pub.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNYHjNfiXl2SPu7NYSkd 3 | 5RiF45bo4c/WW4K1NwH+iBwOOb970RvwlcyhctsvrtrUAJ046Z+3LgW27MR73Ndc 4 | BP6z756XWIQ6CV6XlowG9NlgnEmOolh3XujZuNig+/05anzhTJr6Xl7uxh8o61VQ 5 | gBjOgDma7cnEJNz2s89nu9f+WOMNage63O02ecA17TsZjU2jYcOCnV5UhsIyVRUc 6 | B3S2Jtk8FtRGBIydbkFHCX61atyh8GjzXYpneVPxTm1fRr+qUvGgNJqvK2HhuOzP 7 | 6wRpcyKS6cl47I9Mu4L36pavtB/WOTXNhtduSYbUvMnkifAGuYTJHpT2e5QzSm2p 8 | 7QIDAQAB 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /crates/jose/tests/snapshots/jws__es256__sign_jwt.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/jose/tests/jws.rs 3 | expression: jwt.as_str() 4 | --- 5 | eyJhbGciOiJFUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIn0._3wYtQklt0l_fhcwpQUSWbySVA3uJjVNgoudkvUInWjPpS7tO0sgmPf8Bwb3Rv9oTJncQfavs4rEw2kmgouPBw 6 | -------------------------------------------------------------------------------- /crates/jose/tests/snapshots/jws__es256k__sign_jwt.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/jose/tests/jws.rs 3 | expression: jwt.as_str() 4 | --- 5 | eyJhbGciOiJFUzI1NksifQ.eyJoZWxsbyI6IndvcmxkIn0.-9Z19RYab_3Ym4Ork_lZUriouz5ktZFkT6B-DBGPYCJhVvSSNtG9Je9PEo0xpe9al0NhFcG5YJ4s4usDicsVjQ 6 | -------------------------------------------------------------------------------- /crates/jose/tests/snapshots/jws__es384__sign_jwt.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/jose/tests/jws.rs 3 | expression: jwt.as_str() 4 | --- 5 | eyJhbGciOiJFUzM4NCJ9.eyJoZWxsbyI6IndvcmxkIn0.QIX0_gN6orAY32t6gKiDnstNdnBAmf1D5y-000ym-C8Y_MGt-HReODkUIMl7k6FNS1kw1FSbNXhXAPnAfcfgg2rR7oWDWfdxY5D0u1DcFGmhIrU5mxcUG50I_5YHIbe2 6 | -------------------------------------------------------------------------------- /crates/jose/tests/snapshots/jws__ps256__sign_jwt.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/jose/tests/jws.rs 3 | expression: jwt.as_str() 4 | --- 5 | eyJhbGciOiJQUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIn0.CupFwPDQkECCpxd9y0y4hdPccVa387MXe8jMnI5Q0nWwdXqJ9PCyEGOfdBDwFqAfWGYlTkcDjTua81K6tV2ctnFRd9mqs_i1PyhLp8PFO9PcdxtqQKRgA0M4CEA_Yd-7mDFeh4raHgWX6xoNGnEoqrPrp-Vl4jQzdXVpY-J_PKuam_0PlXv-pk3uBW5RD8HU1J8injsUp2FRIJfnOGok4ZnXZqy4_jKkBgu35ymgn011MvLKjHnwTSWteHHc1CVUmJ-txiCaQGWL-6sz0tKdpEpekDCXyygaabn4rDtxm4Be2NeS1Nm852pwzg78SLgxgGPs9uxOx-cH66nWX6Ct9w 6 | -------------------------------------------------------------------------------- /crates/jose/tests/snapshots/jws__ps384__sign_jwt.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/jose/tests/jws.rs 3 | expression: jwt.as_str() 4 | --- 5 | eyJhbGciOiJQUzM4NCJ9.eyJoZWxsbyI6IndvcmxkIn0.IlvyM131OVgUdNUlnAFDC4ZgIUtF_rzM_mOYasKi9WMB6d83AD-CRSnpkCXjSRS6WXx8fcLl5WA5COAMTG7PiDZlCxQ2zWsBn4SF2e8ARAiCsEGkkHhY6r68mXq86bdVD_46RKOnpBBK_DGu_ZHFY7Cjo6SGYol57HKIoGhTi79qQd0tYPdqNYO02KOTsR83-ph5vdEdM4jLg81X7--rH08Zhtnywu1JnmtxEotTvtbwXB1tDTTZvgywzgP63krP44D5hH-PlKLw4Bia_LQkSE4OE1HfDsK1IK4Y7SniJTrTQXp5FVASPrQnF2-lJUz_oDqzTKAv7FXCcCz1iPKbvg 6 | -------------------------------------------------------------------------------- /crates/jose/tests/snapshots/jws__ps512__sign_jwt.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/jose/tests/jws.rs 3 | expression: jwt.as_str() 4 | --- 5 | eyJhbGciOiJQUzUxMiJ9.eyJoZWxsbyI6IndvcmxkIn0.Chyx9_a-dAyy2tB5hgj3SzLCoDSFx7GxO1PnFCrPN0z8pVRpOTrHaHDVlqPq0IjIGwPAcrTpNtwTIJdjNcpck9nyTShOUQya0tAGCrV1hbxR_QLGPayJydq8_treTKHeGxby4RaInM8k_hLz-6136FDiZXSxtZ6p4mCEcWeYiG5WGVqY15YptCuIipsY01Fyrew8djnIgW9bqS0aP9pakQWOIigYavFxhrLzyutgXiNxsNSH8OTCh9UQr62xEePJWsXkZIkSqtQlEnK68qhSgLffinyDtDMS7CAt82Lh0ac3vqRVyM0w4_l2C-auLE1aeAAroAhnc9YLVg0BufvydQ 6 | -------------------------------------------------------------------------------- /crates/jose/tests/snapshots/jws__rs256__sign_jwt.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/jose/tests/jws.rs 3 | expression: jwt.as_str() 4 | --- 5 | eyJhbGciOiJSUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIn0.ji96-idJ7VHafGOGt22nJPVSDC6S2XvZSUFG7TLrjv-_ylINko_9YsI9_-9UZcB5ZtMeCX6Z5eO_9MTaq3Fhcj7mdn_hozZaNseTVgnwkFfTBlF7HcWhBdWbihAoY1YDvhTu-l_L6iBt1KhQh3J6fsfeGB-l3JfygZLKLtM1gsEz2qaZpnM90wESpphvpaJ_rGlWcTu61DGBBB3kOGCgaG2CJypCKp67m2vxFfi7J_2yE-1H2Y9ACWye73TWNuZubXNdo6azqqiJRe9o6oFmuPwkjgld66MdshQWjo3sGPHPI1_V-nhR9AtoizzF-3_YoS9oVwAzL6GiVUzeKpvZfQ 6 | -------------------------------------------------------------------------------- /crates/jose/tests/snapshots/jws__rs384__sign_jwt.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/jose/tests/jws.rs 3 | expression: jwt.as_str() 4 | --- 5 | eyJhbGciOiJSUzM4NCJ9.eyJoZWxsbyI6IndvcmxkIn0.UgY6PfaVQ3Rhz_RvS8YZmCjUIcchejdWcf5zvSRK0ANGB1r2yvcdvGkOeVsFdKW_z7oru_4jTOffLgm8NoYVvg_x44u_z63ENrQTGbO0QLOLZKI4fuEvKDrKpkf2BmSPa-2feKQECVXxCcIiR32Q_zTHJtTIaDV2-hk2W_CEJxCVqLZ4b6l5iI2qLKUS3vERDKdwA2igiA_NElv4KThCtNIoS8TBohwio-M-SV43i-aJHnyn2U6Uw3Gu1mCSIBeRUNoQPXFBFnWY1Pa5TrxPA2jekck9j_xCWOX_jWK1khBW1lMwzYC5Ry24S7QxOcg8l2x8I6J03gB4N651fhcKgQ 6 | -------------------------------------------------------------------------------- /crates/jose/tests/snapshots/jws__rs512__sign_jwt.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/jose/tests/jws.rs 3 | expression: jwt.as_str() 4 | --- 5 | eyJhbGciOiJSUzUxMiJ9.eyJoZWxsbyI6IndvcmxkIn0.HMs8F0DuJbLh0mjhXh5-PE66m8hwjdRP0_ixm_LKmeieAmJrerObyKHtstOdaLO0l_r3XXg2bHjzwGNSn3XF5Gj0RgqRqW6T5X8CO_Kf__0B-lTUfiXpxyLMhb3Vkt9fRa1YZjVix8hGsEx8oerA_xqv1DzgdKNvO4kK_Vzykuz5bgLn2oQR1w1NARCqazmjKh4S9q9XS8BZ-Ke2xTLSOpLP4g67IGyo79Y_BZ0-mOgBWZmPGzJnBGOrv4Lc-Vn3kPNZqREM9DA9IILw1hbCRG6x31pM5u1PESIV1dSuoIaab5A9yfBx1Fr9PRxV-1qHRaRYi06E_q_jxwtPG2oM7w 6 | -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-k256.pkcs8.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matrix-org/matrix-authentication-service/162119dd6651370fea5a74fdd5a7b6a2d26f1b20/crates/keystore/tests/keys/ec-k256.pkcs8.der -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-k256.pkcs8.encrypted.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matrix-org/matrix-authentication-service/162119dd6651370fea5a74fdd5a7b6a2d26f1b20/crates/keystore/tests/keys/ec-k256.pkcs8.encrypted.der -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-k256.pkcs8.encrypted.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN ENCRYPTED PRIVATE KEY----- 2 | MIHsMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAhwADdSwH2MNgICCAAw 3 | DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEH8t882jspL2rajw+8VU6TcEgZAb 4 | CF6z9u2wMvUdDsj83zLoOyMxC+QB46EGr6EwnZP5zzy3iq+0fAnmufKp16/Lziiy 5 | CQecvYb9qZ67NejmrirFP95OLIXm7Sc38aBLJ7DXirUC3msOPyTGOgz2qUwM2xvu 6 | zy+aNzsEwRkOD3i1yWipIGSZ++oQ/FSnJ3ALKPjNZlDG86yBBi2FN+Ug2uz2rOE= 7 | -----END ENCRYPTED PRIVATE KEY----- 8 | -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-k256.pkcs8.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgTzJ5SHXXU2mq7Z7nBfGM 3 | L8YDmVsZ7SPQpVepk/Xa+qKhRANCAARIp9S0pouoJ+Er6nfPzvRbn3I5i936SMZZ 4 | 760rXpKZbNkltEKB0dqQcTkwLq0lGe952xigpOtigO/9dkgEj3OU 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-k256.sec1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matrix-org/matrix-authentication-service/162119dd6651370fea5a74fdd5a7b6a2d26f1b20/crates/keystore/tests/keys/ec-k256.sec1.der -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-k256.sec1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MHQCAQEEIE8yeUh111Npqu2e5wXxjC/GA5lbGe0j0KVXqZP12vqioAcGBSuBBAAK 3 | oUQDQgAESKfUtKaLqCfhK+p3z870W59yOYvd+kjGWe+tK16SmWzZJbRCgdHakHE5 4 | MC6tJRnvedsYoKTrYoDv/XZIBI9zlA== 5 | -----END EC PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-p256.pkcs8.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matrix-org/matrix-authentication-service/162119dd6651370fea5a74fdd5a7b6a2d26f1b20/crates/keystore/tests/keys/ec-p256.pkcs8.der -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-p256.pkcs8.encrypted.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matrix-org/matrix-authentication-service/162119dd6651370fea5a74fdd5a7b6a2d26f1b20/crates/keystore/tests/keys/ec-p256.pkcs8.encrypted.der -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-p256.pkcs8.encrypted.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN ENCRYPTED PRIVATE KEY----- 2 | MIHsMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAhIOTdQ9pS7EgICCAAw 3 | DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEEVvTsSwG1HEr6urEKUSC8kEgZCQ 4 | fLQHNDHSjGin9RvcMYi5htsKZbRJK1JL19o7cf8W4AH0kKNAlDtJBrc7j/9tlCkP 5 | b/7O7KFCNkeCrfF113mzgoRuD4xLzoe3n+ybpeBgf8WJuJowiZwhKGXGlUP/m+XX 6 | aWiCKUaaA4huhJbQzJDBdVUnKEZZ+lysEMjYjNgplGc2uvoNSywWKHubgY9Wj0Y= 7 | -----END ENCRYPTED PRIVATE KEY----- 8 | -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-p256.pkcs8.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg5Ru1AmWbX0F4p3X0 3 | 8YIWMnVm+6KJqQiIjm0Pw2BDqO6hRANCAARQQd/kCEAv7PYjKvA+xhQAvnQXNbXZ 4 | fXfUHEiuBjpV2b70TZCr08POfUZf/BjTHG+NuluyLFle6dJWIga1muhV 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-p256.sec1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matrix-org/matrix-authentication-service/162119dd6651370fea5a74fdd5a7b6a2d26f1b20/crates/keystore/tests/keys/ec-p256.sec1.der -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-p256.sec1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MHcCAQEEIOUbtQJlm19BeKd19PGCFjJ1ZvuiiakIiI5tD8NgQ6juoAoGCCqGSM49 3 | AwEHoUQDQgAEUEHf5AhAL+z2IyrwPsYUAL50FzW12X131BxIrgY6Vdm+9E2Qq9PD 4 | zn1GX/wY0xxvjbpbsixZXunSViIGtZroVQ== 5 | -----END EC PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-p384.pkcs8.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matrix-org/matrix-authentication-service/162119dd6651370fea5a74fdd5a7b6a2d26f1b20/crates/keystore/tests/keys/ec-p384.pkcs8.der -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-p384.pkcs8.encrypted.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matrix-org/matrix-authentication-service/162119dd6651370fea5a74fdd5a7b6a2d26f1b20/crates/keystore/tests/keys/ec-p384.pkcs8.encrypted.der -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-p384.pkcs8.encrypted.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN ENCRYPTED PRIVATE KEY----- 2 | MIIBHDBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIYMIe05yFZUgCAggA 3 | MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBAlgotQyGiZyH4G0SlIKij5BIHA 4 | 0vyLKiFzcUxy5Ch1FGWx4WpZlzhBKwk4ZPxKBH18/DXVbC9yfZJR5dCTgE46fFLM 5 | QJmOTxRbY7B3SH9UsvLQ96+83Y0et/wGLIdqW4yvf60oSH042XKZKs6j/I6LA3pE 6 | NAez9K4hXjKSN9FGkN86s+9+ouuw4dVKznu3zzk6uuBv/5buQwkNMP1vLIgHDh1n 7 | ZvimXlfqOkeZriyNk6OhjN3JiU1jjUeZghAjOKM6o6U5CYAi9KgCDBJWtu6M8edV 8 | -----END ENCRYPTED PRIVATE KEY----- 9 | -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-p384.pkcs8.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB7jIEkTYf/O4QMPM+o 3 | KGha8Z9rgfRVOJNWMHRuLvw5HuIJhgobe9n1xUaydBj7/nmhZANiAASsmR291tkF 4 | a+aXcNUqBec55lIFYjRvaKvOP7vL7nSj1PGsPgud/YF7w33yb56fwE7H9ELG3+3j 5 | JM26/rx9JZyKurTnhQVkWe/ZHB+59Dqke9zAzDXW0vRmOoFCrZL8IRw= 6 | -----END PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-p384.sec1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matrix-org/matrix-authentication-service/162119dd6651370fea5a74fdd5a7b6a2d26f1b20/crates/keystore/tests/keys/ec-p384.sec1.der -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec-p384.sec1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MIGkAgEBBDB7jIEkTYf/O4QMPM+oKGha8Z9rgfRVOJNWMHRuLvw5HuIJhgobe9n1 3 | xUaydBj7/nmgBwYFK4EEACKhZANiAASsmR291tkFa+aXcNUqBec55lIFYjRvaKvO 4 | P7vL7nSj1PGsPgud/YF7w33yb56fwE7H9ELG3+3jJM26/rx9JZyKurTnhQVkWe/Z 5 | HB+59Dqke9zAzDXW0vRmOoFCrZL8IRw= 6 | -----END EC PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /crates/keystore/tests/keys/ec256.pkcs8.encrypted.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN ENCRYPTED PRIVATE KEY----- 2 | MIHsMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAhuoY9YhPfgvwICCAAw 3 | DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEIYpzmbQGScgbLLC3aqyxIAEgZB0 4 | BfhaPQtEGidyNscFjopgxP/wHTdrvzFzqgikeOif9/GeaEXjRlc6vBEGnkq0gR6P 5 | i1E1ie31wwasBK3EwvvSgJdMsSQyD+RjpQy+0RqncNhsJvE9gshMCSWDxqR/CIJw 6 | VnZeGxhWFYQf9ybcBBwp2W/bqInPdQdqGwUi9agkWdmui2B9bb4eKz5p2htVClQ= 7 | -----END ENCRYPTED PRIVATE KEY----- 8 | -------------------------------------------------------------------------------- /crates/keystore/tests/keys/rsa.pkcs1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matrix-org/matrix-authentication-service/162119dd6651370fea5a74fdd5a7b6a2d26f1b20/crates/keystore/tests/keys/rsa.pkcs1.der -------------------------------------------------------------------------------- /crates/keystore/tests/keys/rsa.pkcs8.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matrix-org/matrix-authentication-service/162119dd6651370fea5a74fdd5a7b6a2d26f1b20/crates/keystore/tests/keys/rsa.pkcs8.der -------------------------------------------------------------------------------- /crates/keystore/tests/keys/rsa.pkcs8.encrypted.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matrix-org/matrix-authentication-service/162119dd6651370fea5a74fdd5a7b6a2d26f1b20/crates/keystore/tests/keys/rsa.pkcs8.encrypted.der -------------------------------------------------------------------------------- /crates/keystore/tests/snapshots/keystore__generate_sign_and_verify-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/keystore/tests/keystore.rs 3 | expression: "ec_p256.to_pem(LineEnding::LF).unwrap()" 4 | --- 5 | -----BEGIN EC PRIVATE KEY----- 6 | MHcCAQEEIH3L+ZYgfEaJtclP07qPQBrmkHEhYkyYooxvU8AlSW+CoAoGCCqGSM49 7 | AwEHoUQDQgAEXcA+X+lhDCmmzaUQFh7i7gkT7mwdrRUsMl9RSfyWh93n+xq3O4/m 8 | vMmUnlvy7tBoHkcAdTJ+Zkv+loLw+mkcBA== 9 | -----END EC PRIVATE KEY----- 10 | 11 | -------------------------------------------------------------------------------- /crates/keystore/tests/snapshots/keystore__generate_sign_and_verify-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/keystore/tests/keystore.rs 3 | expression: "ec_p384.to_pem(LineEnding::LF).unwrap()" 4 | --- 5 | -----BEGIN EC PRIVATE KEY----- 6 | MIGkAgEBBDAl3R97SR8hWLuMH6737YdvXVb7P7T9pKSIhQozmzN+r+V5Ncvjn+DQ 7 | Q/QxYr9nLwOgBwYFK4EEACKhZANiAASa86XQW7CDF9GhvcBY53sJ4lP0z9rfrjwo 8 | nwixQJIWBROjlpsm5hdIwLfj46IUPYCNEoD8VP8eR2s/uzlgEv1hnz/2wmLlMqU0 9 | 2R5QcY7Gc9CyDTO1bh5V2FFYjks4xfs= 10 | -----END EC PRIVATE KEY----- 11 | 12 | -------------------------------------------------------------------------------- /crates/keystore/tests/snapshots/keystore__generate_sign_and_verify-4.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/keystore/tests/keystore.rs 3 | expression: "ec_k256.to_pem(LineEnding::LF).unwrap()" 4 | --- 5 | -----BEGIN EC PRIVATE KEY----- 6 | MHQCAQEEIBcikq9QkV39T8VFZWD4j5wO9xm0FWxhuAmvDRpix8XUoAcGBSuBBAAK 7 | oUQDQgAEf4htTtPsdxlZn1htWE3ueHT4JB/4n4lxVOQdT/3RFuCS5aKQ04oS9pKM 8 | QAHAn1bjbLRQ88Yxi3CgHuCitS+RrA== 9 | -----END EC PRIVATE KEY----- 10 | 11 | -------------------------------------------------------------------------------- /crates/keystore/tests/snapshots/keystore__generate_sign_and_verify-5.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/keystore/tests/keystore.rs 3 | expression: jwks 4 | --- 5 | keys: 6 | - kty: RSA 7 | n: vClyfM076hWBZonjThx_PX46UQUWb2LfOpUV1655ZGoKMKgqanLMMfLBPjW9ouY6UtrZ7BxEgl01xLZ1dLdD2Ggb2IpwW56PUuZD2w9hJMungjR0ImymFBwjA9j2ucr0eIHdVQoOakEsrB0dqEC-3R7ax7piGCj9YB6uGZbDVfIJUv40o1pb-hvmmyQHwpoU4jR1y_V-OhrdFMPtwCXov2nlrqDb_e-T7TQlu4FN0URI6VxLNcSkgZfJH50PdJPr7AHqtnWhOGBfLaC9jDpGxfbjmC1iSMSzOt6WyVdcnqHv_JpzXu0SzFqpUSm3OI_l2DUjwTJBL1TOIRTVsjQN1w 8 | e: AQAB 9 | - kty: EC 10 | crv: P-256 11 | x: XcA-X-lhDCmmzaUQFh7i7gkT7mwdrRUsMl9RSfyWh90 12 | y: 5_satzuP5rzJlJ5b8u7QaB5HAHUyfmZL_paC8PppHAQ 13 | - kty: EC 14 | crv: P-384 15 | x: mvOl0FuwgxfRob3AWOd7CeJT9M_a3648KJ8IsUCSFgUTo5abJuYXSMC34-OiFD2A 16 | y: jRKA_FT_HkdrP7s5YBL9YZ8_9sJi5TKlNNkeUHGOxnPQsg0ztW4eVdhRWI5LOMX7 17 | - kty: EC 18 | crv: secp256k1 19 | x: f4htTtPsdxlZn1htWE3ueHT4JB_4n4lxVOQdT_3RFuA 20 | y: kuWikNOKEvaSjEABwJ9W42y0UPPGMYtwoB7gorUvkaw 21 | 22 | -------------------------------------------------------------------------------- /crates/keystore/tests/snapshots/keystore__jwt_ES256.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/keystore/tests/keystore.rs 3 | expression: token.as_str() 4 | --- 5 | eyJhbGciOiJFUzI1NiJ9.IiI.Yvudbc_oPln_H02H9woFZurQrgzsuWGnRK2kZzat_rp2HYFZtYobvMw9LqPDgeqq9a1HiL_Hx796SqyobiTXJg 6 | -------------------------------------------------------------------------------- /crates/keystore/tests/snapshots/keystore__jwt_ES256K.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/keystore/tests/keystore.rs 3 | expression: token.as_str() 4 | --- 5 | eyJhbGciOiJFUzI1NksifQ.IiI.4q4ua7R-we5m58rKtLQDHJmQJb15dEUhj7A_H5kh591mrScXFmCYXVQI5iKKXGFHBV_AFISrJF4YjWCHDnLPeQ 6 | -------------------------------------------------------------------------------- /crates/keystore/tests/snapshots/keystore__jwt_ES384.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/keystore/tests/keystore.rs 3 | expression: token.as_str() 4 | --- 5 | eyJhbGciOiJFUzM4NCJ9.IiI.p9Otttjs3JOxZCeuIKwkql3YM-nfdxo__EVt84sex_PcokYjY47sa0qsvCqUUhpUoLSBihdchynuYqc5lOFuAM3Pi2pjg-ZrTqrzI23UlzFonlr4Zag9Qo3IYD10HKFq 6 | -------------------------------------------------------------------------------- /crates/keystore/tests/snapshots/keystore__jwt_PS256.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/keystore/tests/keystore.rs 3 | expression: token.as_str() 4 | --- 5 | eyJhbGciOiJQUzI1NiJ9.IiI.HlJaOfS2PMi4mWzE8-0EgXt06-MeqzaLRy_04gs4HTS7FugbSJ0rJiwUwhss6O1KWT9TvDqo6AQBO_2hV1DKDiBIIh5Z6M92uC4MJNVLbAVQo6dSBt2DfSzioBI5MoDOBvgbIwSZAIFMqKTbYDa9rQ3XRAaClpqrIN-ACa3gz99ds5mYvUyiYsL5uuEBuWrp8DRk6WKjduhpOi4sMvylZbnfop1uHbvg6_dk5lzXt-1MKIW1QJW_63cFn7vdap5T9U4DBsEkCzYtuwgU-UCmsC8W07QEfcrJhHIlYoPQPHePKF0A4dVHKrgRmf1ik2p6e-VNw129JMvx0KO6v_JBww 6 | -------------------------------------------------------------------------------- /crates/keystore/tests/snapshots/keystore__jwt_PS384.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/keystore/tests/keystore.rs 3 | expression: token.as_str() 4 | --- 5 | eyJhbGciOiJQUzM4NCJ9.IiI.AHBo1kZW72IQfs7NvjfrD_WpDa9avLdKyf_rqcCp0mJtGID60cgOG5RDTmI6K7TwzykW6l6LjEuYXDR8hemri6mQrtpQ6rMVTJwqJ6D8M92vH4b2gDBwSwbKz427bGdd_fnqm5K2ntwZGC7pceYg1zbcUQ6NJXs3vqKI6YSKustmm9yA1iMfugFG4eLAPrpfTtLmT1sSWYTYWHVT-6G5q7Bfk7Yu5aHiGDQTo427-Y9YF2fabIuDyCGG48UrBp0ajlm1MHKCBuOvK6NI5Jojd9IWDIf7tvAArsrKVR8QRvDXqqPInJEEZ5x7H1YEEZ5Qrh4XKVhRh9b3O-grDMxMng 6 | -------------------------------------------------------------------------------- /crates/keystore/tests/snapshots/keystore__jwt_PS512.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/keystore/tests/keystore.rs 3 | expression: token.as_str() 4 | --- 5 | eyJhbGciOiJQUzUxMiJ9.IiI.o_-UDhc26qYAstuaFJQUz8OKw3UeMc4N7b3U4qcLM-84dxRdw-wBw1rf94jX71vsrFQ2bEh6J5fc4_VtYgKBb2P6QvoL55c7Gqr-5JBw8BkoiiCzlvKIsi_j41FH5Gb4ZBE5Nf9vZD7DnD9BhYXadxaiksx20oNRKIKQ3oMiJxH1w0c-miCSoIR0jnS1QLlKoHYVb7wnkCiR2SOYQ42Je8B8REVzWm2GrqS2cRWnpi3nHihrapruL_BA161Ip1uH4lUFdZLXeG-R6pAlg1OJ_QXSZlP16nzT6MAW_-IFXfioR1QKT8AFNBodY8zlQCGglMyppZi5Y9i7YaMxFgnM4A 6 | -------------------------------------------------------------------------------- /crates/keystore/tests/snapshots/keystore__jwt_RS256.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/keystore/tests/keystore.rs 3 | expression: token.as_str() 4 | --- 5 | eyJhbGciOiJSUzI1NiJ9.IiI.H_iz_ry505dPMNxQIi4raU88i3wu7DS0Rre6Qm_LJz0Ee_gd5C_t92fBcrFkber1XL_p8AvlXx4DT2Zr_PMBL_2IblJ7t0Od5wnGC__twarj0v1t6KfUkLXcJ3Jy-StnHNbFTmdFnLuGGWIO7xG9h6xgKIvTroVoLJekMzYCc0wSFiyCfaow4yuKesQHUO-N9VDDPoYhkCPqbhVI_d0y6u7KmQy97FbCdCIxvPGHWrwxWcmYbTh4K9xhGDspDUUEubjYTg3t-oaMc2TJqWvu2FE8jyD02A8OCgca6bCU3NmV_Qr6LSUpFNsL4c-0sIp3-L9ndEWzGnN-ZeeGKur-FQ 6 | -------------------------------------------------------------------------------- /crates/keystore/tests/snapshots/keystore__jwt_RS384.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/keystore/tests/keystore.rs 3 | expression: token.as_str() 4 | --- 5 | eyJhbGciOiJSUzM4NCJ9.IiI.bxKYTQQ4RlxOUvxbU_kuwJKGXXiuIPeRgO78a_3zHjvxIzDNKDvQK3w4DUVTlibR-iTVOASRSycWifBJZx_tsU7-BSqrBcjMtgP7mW-HwZ6pANO071iPkkiQU7gqMzbc2tz4uqGI0Z0izkX0_9dOOFSb7jKIUMzzW1O14fBPhZ4kPqkj07A9S9LW9lauQUTXrFgyEaT6G372cyNxi3-T55u9lkjjiiVN4TAhkaXUSN79IE2rNstU8DtKKs725WNUFy30f1-Ftc-J2uGEOsMZ9CQvEVPwOKbvFY2Uh1S8-FT4ahhwj1fxrmUwDH2lSmz6Rj5zf9-FF-IzivSVq4Z4ig 6 | -------------------------------------------------------------------------------- /crates/keystore/tests/snapshots/keystore__jwt_RS512.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/keystore/tests/keystore.rs 3 | expression: token.as_str() 4 | --- 5 | eyJhbGciOiJSUzUxMiJ9.IiI.nFsZ3X8GCgpPEojuEktc9a4C-YGQYx8XpbzhOkgnMVrw_wpqIQgWI--4r6BYV6TYAH8NBdQ8Dkdw6POh1Ni-vAtE2rAzjU19ySth5mfP7WEJXRxA1oEV3-dOqCgUI2JJEM13DuLlWFsUaOCbc1_kCkiziTcLtNap__EPGp5koRy-ZyVa1p_mQSQ4NlhJ3hZfHMGnQ0k3RWnpBn3AqERWllQllLniWGQ4l7rZStsD8PRr-rg7P7W7CRIyjrDqy_3bNJyKQCzs_oUrxO-Z7CU6-KfAeyM2U80TQvhZb-Z8_1dJ8e9WsfudQMLtHgO4tlD678Ywezjvr5ackZdn4QEEEA 6 | -------------------------------------------------------------------------------- /crates/listener/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-listener" 3 | version.workspace = true 4 | authors.workspace = true 5 | edition.workspace = true 6 | license.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish = false 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | bytes.workspace = true 16 | event-listener = "5.3.1" 17 | futures-util = "0.3.30" 18 | http-body.workspace = true 19 | hyper = { workspace = true, features = ["server"] } 20 | hyper-util.workspace = true 21 | libc = "0.2.158" 22 | pin-project-lite = "0.2.14" 23 | socket2 = "0.5.7" 24 | thiserror.workspace = true 25 | tokio.workspace = true 26 | tokio-rustls = "0.26.0" 27 | tower.workspace = true 28 | tower-http.workspace = true 29 | tracing.workspace = true 30 | 31 | [dev-dependencies] 32 | anyhow.workspace = true 33 | rustls-pemfile = "2.1.3" 34 | tokio.workspace = true 35 | tokio-test = "0.4.4" 36 | tracing-subscriber.workspace = true 37 | 38 | [[example]] 39 | name = "demo" 40 | path = "examples/demo/main.rs" 41 | -------------------------------------------------------------------------------- /crates/listener/examples/demo/certs/ca.json: -------------------------------------------------------------------------------- 1 | { 2 | "CN": "My own CA", 3 | "key": { 4 | "algo": "rsa", 5 | "size": 2048 6 | }, 7 | "names": [ 8 | { 9 | "C": "US", 10 | "L": "CA", 11 | "O": "My Company Name", 12 | "ST": "San Francisco", 13 | "OU": "Org Unit 1" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /crates/listener/examples/demo/certs/client.json: -------------------------------------------------------------------------------- 1 | { 2 | "CN": "client", 3 | "hosts": [ 4 | "localhost", 5 | "127.0.0.1" 6 | ], 7 | "key": { 8 | "algo": "rsa", 9 | "size": 2048 10 | }, 11 | "names": [ 12 | { 13 | "C": "US", 14 | "ST": "CA", 15 | "L": "San Francisco" 16 | } 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /crates/listener/examples/demo/certs/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "signing": { 3 | "default": { 4 | "expiry": "43800h" 5 | }, 6 | "profiles": { 7 | "server": { 8 | "expiry": "43800h", 9 | "usages": [ 10 | "signing", 11 | "key encipherment", 12 | "server auth" 13 | ] 14 | }, 15 | "client": { 16 | "expiry": "43800h", 17 | "usages": [ 18 | "signing", 19 | "key encipherment", 20 | "client auth" 21 | ] 22 | } 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /crates/listener/examples/demo/certs/gen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Script to regenerate the server and client certificate 4 | 5 | set -eux 6 | 7 | cd "$(dirname "$0")" 8 | rm -f ./*.pem ./*.csr 9 | cfssl gencert -config=config.json -initca ca.json | cfssljson -bare ca 10 | cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=config.json -profile=server server.json | cfssljson -bare server 11 | cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=config.json -profile=client client.json | cfssljson -bare client 12 | -------------------------------------------------------------------------------- /crates/listener/examples/demo/certs/server.json: -------------------------------------------------------------------------------- 1 | { 2 | "CN": "localhost", 3 | "hosts": [ 4 | "localhost", 5 | "127.0.0.1" 6 | ], 7 | "key": { 8 | "algo": "rsa", 9 | "size": 2048 10 | }, 11 | "names": [ 12 | { 13 | "C": "US", 14 | "ST": "CA", 15 | "L": "San Francisco" 16 | } 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /crates/listener/src/proxy_protocol/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | mod acceptor; 16 | mod maybe; 17 | mod v1; 18 | 19 | pub use self::{ 20 | acceptor::{ProxyAcceptError, ProxyAcceptor}, 21 | maybe::MaybeProxyAcceptor, 22 | v1::ProxyProtocolV1Info, 23 | }; 24 | -------------------------------------------------------------------------------- /crates/matrix-synapse/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-matrix-synapse" 3 | version.workspace = true 4 | authors.workspace = true 5 | edition.workspace = true 6 | license.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish = false 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | anyhow.workspace = true 16 | async-trait.workspace = true 17 | http.workspace = true 18 | serde.workspace = true 19 | serde_json.workspace = true 20 | tower.workspace = true 21 | tracing.workspace = true 22 | url.workspace = true 23 | urlencoding = "2.1.3" 24 | 25 | mas-axum-utils.workspace = true 26 | mas-http.workspace = true 27 | mas-matrix.workspace = true 28 | -------------------------------------------------------------------------------- /crates/matrix/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-matrix" 3 | version.workspace = true 4 | authors.workspace = true 5 | edition.workspace = true 6 | license.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish = false 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | anyhow.workspace = true 16 | serde.workspace = true 17 | async-trait.workspace = true 18 | http.workspace = true 19 | tokio.workspace = true 20 | url.workspace = true 21 | -------------------------------------------------------------------------------- /crates/oauth2-types/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "oauth2-types" 3 | description = "OAuth 2.0 types used by the Matrix Authentication Service" 4 | version.workspace = true 5 | authors.workspace = true 6 | edition.workspace = true 7 | license.workspace = true 8 | homepage.workspace = true 9 | repository.workspace = true 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | http.workspace = true 16 | serde.workspace = true 17 | serde_json.workspace = true 18 | language-tags = { version = "0.3.2", features = ["serde"] } 19 | url.workspace = true 20 | serde_with = { version = "3.9.0", features = ["chrono"] } 21 | chrono.workspace = true 22 | sha2 = "0.10.8" 23 | data-encoding = "2.6.0" 24 | thiserror.workspace = true 25 | 26 | mas-iana.workspace = true 27 | mas-jose.workspace = true 28 | 29 | [dev-dependencies] 30 | assert_matches = "1.5.0" 31 | -------------------------------------------------------------------------------- /crates/oidc-client/src/http_service.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Kévin Commaille. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | //! Reexports of traits to implement to provide a custom HTTP service for 16 | //! `Client`. 17 | 18 | pub use mas_http::{BoxCloneSyncService, HttpService}; 19 | -------------------------------------------------------------------------------- /crates/oidc-client/tests/it/requests/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Kévin Commaille. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | mod account_management; 16 | mod authorization_code; 17 | mod client_credentials; 18 | mod discovery; 19 | mod introspection; 20 | mod jose; 21 | mod refresh_token; 22 | mod registration; 23 | mod revocation; 24 | mod rp_initiated_logout; 25 | mod userinfo; 26 | -------------------------------------------------------------------------------- /crates/oidc-client/tests/it/types/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Kévin Commaille. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | mod client_credentials; 16 | -------------------------------------------------------------------------------- /crates/policy/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-policy" 3 | version.workspace = true 4 | authors.workspace = true 5 | edition.workspace = true 6 | license.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish = false 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | anyhow.workspace = true 16 | opa-wasm = "0.1.0" 17 | serde.workspace = true 18 | serde_json.workspace = true 19 | schemars = { workspace = true, optional = true } 20 | thiserror.workspace = true 21 | tokio.workspace = true 22 | tracing.workspace = true 23 | 24 | mas-data-model.workspace = true 25 | oauth2-types.workspace = true 26 | 27 | [features] 28 | jsonschema = ["dep:schemars"] 29 | 30 | [[bin]] 31 | name = "schema" 32 | required-features = ["jsonschema"] 33 | -------------------------------------------------------------------------------- /crates/router/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-router" 3 | version.workspace = true 4 | authors.workspace = true 5 | edition.workspace = true 6 | license.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish = false 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | axum.workspace = true 16 | serde.workspace = true 17 | serde_urlencoded = "0.7.1" 18 | url.workspace = true 19 | ulid.workspace = true 20 | -------------------------------------------------------------------------------- /crates/spa/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-spa" 3 | version.workspace = true 4 | authors.workspace = true 5 | edition.workspace = true 6 | license.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish = false 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | serde.workspace = true 16 | thiserror.workspace = true 17 | camino = { workspace = true, features = ["serde1"] } 18 | 19 | -------------------------------------------------------------------------------- /crates/spa/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #![deny(rustdoc::missing_crate_level_docs)] 16 | 17 | //! A crate to help serve single-page apps built by Vite. 18 | 19 | mod vite; 20 | 21 | pub use self::vite::Manifest as ViteManifest; 22 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-015f7ad7c8d5403ce4dfb71d598fd9af472689d5aef7c1c4b1c594ca57c02237.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE oauth2_authorization_grants\n SET fulfilled_at = $2\n , oauth2_session_id = $3\n WHERE oauth2_authorization_grant_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Timestamptz", 10 | "Uuid" 11 | ] 12 | }, 13 | "nullable": [] 14 | }, 15 | "hash": "015f7ad7c8d5403ce4dfb71d598fd9af472689d5aef7c1c4b1c594ca57c02237" 16 | } 17 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-036e9e2cb7271782e48700fecd3fdd80f596ed433f37f2528c7edbdc88b13646.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n DELETE FROM oauth2_consents\n WHERE oauth2_client_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "036e9e2cb7271782e48700fecd3fdd80f596ed433f37f2528c7edbdc88b13646" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-037fae6964130343453ef607791c4c3deaa01b5aaa091d3a3487caf3e2634daf.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO user_terms (user_terms_id, user_id, terms_url, created_at)\n VALUES ($1, $2, $3, $4)\n ON CONFLICT (user_id, terms_url) DO NOTHING\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Text", 11 | "Timestamptz" 12 | ] 13 | }, 14 | "nullable": [] 15 | }, 16 | "hash": "037fae6964130343453ef607791c4c3deaa01b5aaa091d3a3487caf3e2634daf" 17 | } 18 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-03eee34f05df9c79f8ca5bfb1af339b3fcea95ba59395106318366a6ef432d85.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE user_sessions\n SET last_active_at = GREATEST(t.last_active_at, user_sessions.last_active_at)\n , last_active_ip = COALESCE(t.last_active_ip, user_sessions.last_active_ip)\n FROM (\n SELECT *\n FROM UNNEST($1::uuid[], $2::timestamptz[], $3::inet[])\n AS t(user_session_id, last_active_at, last_active_ip)\n ) AS t\n WHERE user_sessions.user_session_id = t.user_session_id\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "UuidArray", 9 | "TimestamptzArray", 10 | "InetArray" 11 | ] 12 | }, 13 | "nullable": [] 14 | }, 15 | "hash": "03eee34f05df9c79f8ca5bfb1af339b3fcea95ba59395106318366a6ef432d85" 16 | } 17 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-047990a99794b565c2cad396946299db5b617f52f6c24bcca0a24c0c185c4478.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE oauth2_sessions\n SET last_active_at = GREATEST(t.last_active_at, oauth2_sessions.last_active_at)\n , last_active_ip = COALESCE(t.last_active_ip, oauth2_sessions.last_active_ip)\n FROM (\n SELECT *\n FROM UNNEST($1::uuid[], $2::timestamptz[], $3::inet[])\n AS t(oauth2_session_id, last_active_at, last_active_ip)\n ) AS t\n WHERE oauth2_sessions.oauth2_session_id = t.oauth2_session_id\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "UuidArray", 9 | "TimestamptzArray", 10 | "InetArray" 11 | ] 12 | }, 13 | "nullable": [] 14 | }, 15 | "hash": "047990a99794b565c2cad396946299db5b617f52f6c24bcca0a24c0c185c4478" 16 | } 17 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-048eec775f4af3ffd805e830e8286c6a5745e523b76e1083d6bfced0035c2f76.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE upstream_oauth_providers\n SET disabled_at = $2\n WHERE upstream_oauth_provider_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Timestamptz" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "048eec775f4af3ffd805e830e8286c6a5745e523b76e1083d6bfced0035c2f76" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-1764715e59f879f6b917ca30f8e3c1de5910c7a46e7fe52d1fb3bfd5561ac320.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE user_recovery_sessions\n SET consumed_at = $1\n WHERE user_recovery_session_id = $2\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Timestamptz", 9 | "Uuid" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "1764715e59f879f6b917ca30f8e3c1de5910c7a46e7fe52d1fb3bfd5561ac320" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-1919d402fd6f148d14417f633be3353004f458c85f7b4f361802f86651900fbc.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE oauth2_sessions\n SET user_agent = $2\n WHERE oauth2_session_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Text" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "1919d402fd6f148d14417f633be3353004f458c85f7b4f361802f86651900fbc" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-1a8701f5672de052bb766933f60b93249acc7237b996e8b93cd61b9f69c902ff.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n DELETE FROM oauth2_access_tokens\n WHERE expires_at < $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Timestamptz" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "1a8701f5672de052bb766933f60b93249acc7237b996e8b93cd61b9f69c902ff" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-1b547552eed4128f2227c681ff2d45586cdb0c20b98393f89036fbf0f1d2dee2.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO oauth2_sessions\n ( oauth2_session_id\n , user_id\n , user_session_id\n , oauth2_client_id\n , scope_list\n , created_at\n )\n VALUES ($1, $2, $3, $4, $5, $6)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Uuid", 11 | "Uuid", 12 | "TextArray", 13 | "Timestamptz" 14 | ] 15 | }, 16 | "nullable": [] 17 | }, 18 | "hash": "1b547552eed4128f2227c681ff2d45586cdb0c20b98393f89036fbf0f1d2dee2" 19 | } 20 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-1dbc50cdab36da307c569891ab7b1ab4aaf128fed6be67ca0f139d697614c63b.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE users\n SET can_request_admin = $2\n WHERE user_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Bool" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "1dbc50cdab36da307c569891ab7b1ab4aaf128fed6be67ca0f139d697614c63b" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-1eb829460407fca22b717b88a1a0a9b7b920d807a4b6c235e1bee524cd73b266.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n DELETE FROM upstream_oauth_links\n WHERE upstream_oauth_provider_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "1eb829460407fca22b717b88a1a0a9b7b920d807a4b6c235e1bee524cd73b266" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-1f6297fb323e9f2fbfa1c9e3225c0b3037c8c4714533a6240c62275332aa58dc.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n DELETE FROM user_email_confirmation_codes\n WHERE user_email_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "1f6297fb323e9f2fbfa1c9e3225c0b3037c8c4714533a6240c62275332aa58dc" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-22896e8f2a002f307089c3e0f9ee561e6521c45ce07d3a42411984c9a6b75fdc.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE users\n SET locked_at = NULL\n WHERE user_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "22896e8f2a002f307089c3e0f9ee561e6521c45ce07d3a42411984c9a6b75fdc" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-2564bf6366eb59268c41fb25bb40d0e4e9e1fd1f9ea53b7a359c9025d7304223.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE oauth2_access_tokens\n SET revoked_at = $2\n WHERE oauth2_access_token_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Timestamptz" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "2564bf6366eb59268c41fb25bb40d0e4e9e1fd1f9ea53b7a359c9025d7304223" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-29148548d592046f7d711676911e3847e376e443ccd841f76b17a81f53fafc3a.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE compat_sessions\n SET user_agent = $2\n WHERE compat_session_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Text" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "29148548d592046f7d711676911e3847e376e443ccd841f76b17a81f53fafc3a" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-2a0d8d70d21afa9a2c9c1c432853361bb85911c48f7db6c3873b0f5abf35940b.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n DELETE FROM oauth2_authorization_grants\n WHERE oauth2_client_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "2a0d8d70d21afa9a2c9c1c432853361bb85911c48f7db6c3873b0f5abf35940b" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-2ee26886c56f04cd53d4c0968f5cf0963f92b6d15e6af0e69378a6447dee677c.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n DELETE FROM oauth2_access_tokens\n WHERE oauth2_session_id IN (\n SELECT oauth2_session_id\n FROM oauth2_sessions\n WHERE oauth2_client_id = $1\n )\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "2ee26886c56f04cd53d4c0968f5cf0963f92b6d15e6af0e69378a6447dee677c" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-359a00f6667b5b1fef616b0c18e11eb91698aa1f2d5d146cffbb7aea8d77467b.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO apalis.jobs (job, id, job_type)\n VALUES ($1::json, $2::text, $3::text)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Json", 9 | "Text", 10 | "Text" 11 | ] 12 | }, 13 | "nullable": [] 14 | }, 15 | "hash": "359a00f6667b5b1fef616b0c18e11eb91698aa1f2d5d146cffbb7aea8d77467b" 16 | } 17 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-3d66f3121b11ce923b9c60609b510a8ca899640e78cc8f5b03168622928ffe94.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n DELETE FROM user_emails\n WHERE user_email_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "3d66f3121b11ce923b9c60609b510a8ca899640e78cc8f5b03168622928ffe94" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-4d79ce892e4595edb8b801e94fb0cbef28facdfd2e45d1c72c57f47418fbe24b.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE compat_sso_logins\n SET\n compat_session_id = $2,\n fulfilled_at = $3\n WHERE\n compat_sso_login_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Timestamptz" 11 | ] 12 | }, 13 | "nullable": [] 14 | }, 15 | "hash": "4d79ce892e4595edb8b801e94fb0cbef28facdfd2e45d1c72c57f47418fbe24b" 16 | } 17 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-55bc51efddf7a1cf06610fdb20d46beca29964733338ea4fec2a29393f031c4f.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE compat_sessions\n SET last_active_at = GREATEST(t.last_active_at, compat_sessions.last_active_at)\n , last_active_ip = COALESCE(t.last_active_ip, compat_sessions.last_active_ip)\n FROM (\n SELECT *\n FROM UNNEST($1::uuid[], $2::timestamptz[], $3::inet[])\n AS t(compat_session_id, last_active_at, last_active_ip)\n ) AS t\n WHERE compat_sessions.compat_session_id = t.compat_session_id\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "UuidArray", 9 | "TimestamptzArray", 10 | "InetArray" 11 | ] 12 | }, 13 | "nullable": [] 14 | }, 15 | "hash": "55bc51efddf7a1cf06610fdb20d46beca29964733338ea4fec2a29393f031c4f" 16 | } 17 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-5b697dd7834d33ec55972d3ba43d25fe794bc0b69c5938275711faa7a80b811f.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n DELETE FROM oauth2_refresh_tokens\n WHERE oauth2_session_id IN (\n SELECT oauth2_session_id\n FROM oauth2_sessions\n WHERE oauth2_client_id = $1\n )\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "5b697dd7834d33ec55972d3ba43d25fe794bc0b69c5938275711faa7a80b811f" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-5f6b7e38ef9bc3b39deabba277d0255fb8cfb2adaa65f47b78a8fac11d8c91c3.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO upstream_oauth_links (\n upstream_oauth_link_id,\n upstream_oauth_provider_id,\n user_id,\n subject,\n created_at\n ) VALUES ($1, $2, NULL, $3, $4)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Text", 11 | "Timestamptz" 12 | ] 13 | }, 14 | "nullable": [] 15 | }, 16 | "hash": "5f6b7e38ef9bc3b39deabba277d0255fb8cfb2adaa65f47b78a8fac11d8c91c3" 17 | } 18 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-5fe1bb569d13a7d3ff22887b3fc5b76ff901c183b314f8ccb5018d70c516abf6.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n DELETE FROM oauth2_clients\n WHERE oauth2_client_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "5fe1bb569d13a7d3ff22887b3fc5b76ff901c183b314f8ccb5018d70c516abf6" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-608366f45ecaf392ab69cddb12252b5efcc103c3383fa68b552295e2289d1f55.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO user_session_authentications\n (user_session_authentication_id, user_session_id, created_at, user_password_id)\n VALUES ($1, $2, $3, $4)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Timestamptz", 11 | "Uuid" 12 | ] 13 | }, 14 | "nullable": [] 15 | }, 16 | "hash": "608366f45ecaf392ab69cddb12252b5efcc103c3383fa68b552295e2289d1f55" 17 | } 18 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-64e6ea47c2e877c1ebe4338d64d9ad8a6c1c777d1daea024b8ca2e7f0dd75b0f.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO upstream_oauth_authorization_sessions (\n upstream_oauth_authorization_session_id,\n upstream_oauth_provider_id,\n state,\n code_challenge_verifier,\n nonce,\n created_at,\n completed_at,\n consumed_at,\n id_token\n ) VALUES ($1, $2, $3, $4, $5, $6, NULL, NULL, NULL)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Text", 11 | "Text", 12 | "Text", 13 | "Timestamptz" 14 | ] 15 | }, 16 | "nullable": [] 17 | }, 18 | "hash": "64e6ea47c2e877c1ebe4338d64d9ad8a6c1c777d1daea024b8ca2e7f0dd75b0f" 19 | } 20 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-689ffbfc5137ec788e89062ad679bbe6b23a8861c09a7246dc1659c28f12bf8d.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE upstream_oauth_authorization_sessions\n SET consumed_at = $1\n WHERE upstream_oauth_authorization_session_id = $2\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Timestamptz", 9 | "Uuid" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "689ffbfc5137ec788e89062ad679bbe6b23a8861c09a7246dc1659c28f12bf8d" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-6e21e7d816f806da9bb5176931bdb550dee05c44c9d93f53df95fe3b4a840347.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO compat_sso_logins\n (compat_sso_login_id, login_token, redirect_uri, created_at)\n VALUES ($1, $2, $3, $4)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Text", 10 | "Text", 11 | "Timestamptz" 12 | ] 13 | }, 14 | "nullable": [] 15 | }, 16 | "hash": "6e21e7d816f806da9bb5176931bdb550dee05c44c9d93f53df95fe3b4a840347" 17 | } 18 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-6f97b5f9ad0d4d15387150bea3839fb7f81015f7ceef61ecaadba64521895cff.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO user_passwords\n (user_password_id, user_id, hashed_password, version, upgraded_from_id, created_at)\n VALUES ($1, $2, $3, $4, $5, $6)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Text", 11 | "Int4", 12 | "Uuid", 13 | "Timestamptz" 14 | ] 15 | }, 16 | "nullable": [] 17 | }, 18 | "hash": "6f97b5f9ad0d4d15387150bea3839fb7f81015f7ceef61ecaadba64521895cff" 19 | } 20 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-755f62d0a3a40acc90037371339a8459736fdd4bbffd932f7930d847f2c3ef5d.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE oauth2_device_code_grant\n SET rejected_at = $1\n , user_session_id = $2\n WHERE oauth2_device_code_grant_id = $3\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Timestamptz", 9 | "Uuid", 10 | "Uuid" 11 | ] 12 | }, 13 | "nullable": [] 14 | }, 15 | "hash": "755f62d0a3a40acc90037371339a8459736fdd4bbffd932f7930d847f2c3ef5d" 16 | } 17 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-7ce387b1b0aaf10e72adde667b19521b66eaafa51f73bf2f95e38b8f3b64a229.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE upstream_oauth_links\n SET user_id = $1\n WHERE upstream_oauth_link_id = $2\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "7ce387b1b0aaf10e72adde667b19521b66eaafa51f73bf2f95e38b8f3b64a229" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-7f4c4634ada4dc2745530dcca8eee92abf78dfbdf1a25e58a2bc9c14be8035f0.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO users (user_id, username, created_at)\n VALUES ($1, $2, $3)\n ON CONFLICT (username) DO NOTHING\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Text", 10 | "Timestamptz" 11 | ] 12 | }, 13 | "nullable": [] 14 | }, 15 | "hash": "7f4c4634ada4dc2745530dcca8eee92abf78dfbdf1a25e58a2bc9c14be8035f0" 16 | } 17 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-8275a440640ea28fd8f82e7df672e45a6eba981a0d621665ed8f8b60354b3389.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO user_recovery_sessions (\n user_recovery_session_id\n , email\n , user_agent\n , ip_address\n , locale\n , created_at\n )\n VALUES ($1, $2, $3, $4, $5, $6)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Text", 10 | "Text", 11 | "Inet", 12 | "Text", 13 | "Timestamptz" 14 | ] 15 | }, 16 | "nullable": [] 17 | }, 18 | "hash": "8275a440640ea28fd8f82e7df672e45a6eba981a0d621665ed8f8b60354b3389" 19 | } 20 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-8acbdc892d44efb53529da1c2df65bea6b799a43cf4c9264a37d392847e6eff0.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n DELETE FROM oauth2_sessions\n WHERE oauth2_client_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "8acbdc892d44efb53529da1c2df65bea6b799a43cf4c9264a37d392847e6eff0" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-8b7297c263336d70c2b647212b16f7ae39bc5cb1572e3a2dcfcd67f196a1fa39.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n SELECT scope_token\n FROM oauth2_consents\n WHERE user_id = $1 AND oauth2_client_id = $2\n ", 4 | "describe": { 5 | "columns": [ 6 | { 7 | "ordinal": 0, 8 | "name": "scope_token", 9 | "type_info": "Text" 10 | } 11 | ], 12 | "parameters": { 13 | "Left": [ 14 | "Uuid", 15 | "Uuid" 16 | ] 17 | }, 18 | "nullable": [ 19 | false 20 | ] 21 | }, 22 | "hash": "8b7297c263336d70c2b647212b16f7ae39bc5cb1572e3a2dcfcd67f196a1fa39" 23 | } 24 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-90b5512c0c9dc3b3eb6500056cc72f9993216d9b553c2e33a7edec26ffb0fc59.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE user_emails\n SET confirmed_at = $2\n WHERE user_email_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Timestamptz" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "90b5512c0c9dc3b3eb6500056cc72f9993216d9b553c2e33a7edec26ffb0fc59" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-90fe32cb9c88a262a682c0db700fef7d69d6ce0be1f930d9f16c50b921a8b819.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO user_emails (user_email_id, user_id, email, created_at)\n VALUES ($1, $2, $3, $4)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Text", 11 | "Timestamptz" 12 | ] 13 | }, 14 | "nullable": [] 15 | }, 16 | "hash": "90fe32cb9c88a262a682c0db700fef7d69d6ce0be1f930d9f16c50b921a8b819" 17 | } 18 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-91a3ee5ad64a947b7807a590f6b014c6856229918b972b98946f98b75686ab6c.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n DELETE FROM upstream_oauth_providers\n WHERE upstream_oauth_provider_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "91a3ee5ad64a947b7807a590f6b014c6856229918b972b98946f98b75686ab6c" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-921d77c194609615a7e9a6fd806e9cc17a7927e3e5deb58f3917ceeb9ab4dede.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE user_email_confirmation_codes\n SET consumed_at = $2\n WHERE user_email_confirmation_code_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Timestamptz" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "921d77c194609615a7e9a6fd806e9cc17a7927e3e5deb58f3917ceeb9ab4dede" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-92c8eb526fcc5de6874eb0fab1d71fb1ed3dafe2bd1a49aa72e4f4862931c6c2.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE oauth2_device_code_grant\n SET exchanged_at = $1\n , oauth2_session_id = $2\n WHERE oauth2_device_code_grant_id = $3\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Timestamptz", 9 | "Uuid", 10 | "Uuid" 11 | ] 12 | }, 13 | "nullable": [] 14 | }, 15 | "hash": "92c8eb526fcc5de6874eb0fab1d71fb1ed3dafe2bd1a49aa72e4f4862931c6c2" 16 | } 17 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-9348d87f9e06b614c7e90bdc93bcf38236766aaf4d894bf768debdff2b59fae2.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE compat_sso_logins\n SET\n exchanged_at = $2\n WHERE\n compat_sso_login_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Timestamptz" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "9348d87f9e06b614c7e90bdc93bcf38236766aaf4d894bf768debdff2b59fae2" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-94fd96446b237c87bd6bf741f3c42b37ee751b87b7fcc459602bdf8c46962443.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n SELECT EXISTS(\n SELECT 1 FROM users WHERE username = $1\n ) AS \"exists!\"\n ", 4 | "describe": { 5 | "columns": [ 6 | { 7 | "ordinal": 0, 8 | "name": "exists!", 9 | "type_info": "Bool" 10 | } 11 | ], 12 | "parameters": { 13 | "Left": [ 14 | "Text" 15 | ] 16 | }, 17 | "nullable": [ 18 | null 19 | ] 20 | }, 21 | "hash": "94fd96446b237c87bd6bf741f3c42b37ee751b87b7fcc459602bdf8c46962443" 22 | } 23 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-9a6c197ff4ad80217262d48f8792ce7e16bc5df0677c7cd4ecb4fdbc5ee86395.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO oauth2_consents\n (oauth2_consent_id, user_id, oauth2_client_id, scope_token, created_at)\n SELECT id, $2, $3, scope_token, $5 FROM UNNEST($1::uuid[], $4::text[]) u(id, scope_token)\n ON CONFLICT (user_id, oauth2_client_id, scope_token) DO UPDATE SET refreshed_at = $5\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "UuidArray", 9 | "Uuid", 10 | "Uuid", 11 | "TextArray", 12 | "Timestamptz" 13 | ] 14 | }, 15 | "nullable": [] 16 | }, 17 | "hash": "9a6c197ff4ad80217262d48f8792ce7e16bc5df0677c7cd4ecb4fdbc5ee86395" 18 | } 19 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-9c9c65d4ca6847761d8f999253590082672b3782875cf3f5ba0b2f9d26e3a507.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO user_session_authentications\n (user_session_authentication_id, user_session_id, created_at, upstream_oauth_authorization_session_id)\n VALUES ($1, $2, $3, $4)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Timestamptz", 11 | "Uuid" 12 | ] 13 | }, 14 | "nullable": [] 15 | }, 16 | "hash": "9c9c65d4ca6847761d8f999253590082672b3782875cf3f5ba0b2f9d26e3a507" 17 | } 18 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-9f7bdc034c618e47e49c467d0d7f5b8c297d055abe248cc876dbc12c5a7dc920.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO compat_refresh_tokens\n (compat_refresh_token_id, compat_session_id,\n compat_access_token_id, refresh_token, created_at)\n VALUES ($1, $2, $3, $4, $5)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Uuid", 11 | "Text", 12 | "Timestamptz" 13 | ] 14 | }, 15 | "nullable": [] 16 | }, 17 | "hash": "9f7bdc034c618e47e49c467d0d7f5b8c297d055abe248cc876dbc12c5a7dc920" 18 | } 19 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-a2f7433f06fb4f6a7ad5ac6c1db18705276bce41e9b19d5d7e910ad4b767fb5e.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO oauth2_refresh_tokens\n (oauth2_refresh_token_id, oauth2_session_id, oauth2_access_token_id,\n refresh_token, created_at)\n VALUES\n ($1, $2, $3, $4, $5)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Uuid", 11 | "Text", 12 | "Timestamptz" 13 | ] 14 | }, 15 | "nullable": [] 16 | }, 17 | "hash": "a2f7433f06fb4f6a7ad5ac6c1db18705276bce41e9b19d5d7e910ad4b767fb5e" 18 | } 19 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-a7f780528882a2ae66c45435215763eed0582264861436eab3f862e3eb12cab1.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO compat_access_tokens\n (compat_access_token_id, compat_session_id, access_token, created_at, expires_at)\n VALUES ($1, $2, $3, $4, $5)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Text", 11 | "Timestamptz", 12 | "Timestamptz" 13 | ] 14 | }, 15 | "nullable": [] 16 | }, 17 | "hash": "a7f780528882a2ae66c45435215763eed0582264861436eab3f862e3eb12cab1" 18 | } 19 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-ab34912b42a48a8b5c8d63e271b99b7d0b690a2471873c6654b1b6cf2079b95c.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE compat_sessions cs\n SET finished_at = $2\n WHERE compat_session_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Timestamptz" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "ab34912b42a48a8b5c8d63e271b99b7d0b690a2471873c6654b1b6cf2079b95c" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-afa86e79e3de2a83265cb0db8549d378a2f11b2a27bbd86d60558318c87eb698.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO oauth2_access_tokens\n (oauth2_access_token_id, oauth2_session_id, access_token, created_at, expires_at)\n VALUES\n ($1, $2, $3, $4, $5)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Text", 11 | "Timestamptz", 12 | "Timestamptz" 13 | ] 14 | }, 15 | "nullable": [] 16 | }, 17 | "hash": "afa86e79e3de2a83265cb0db8549d378a2f11b2a27bbd86d60558318c87eb698" 18 | } 19 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-b515bbfb331e46acd3c0219f09223cc5d8d31cb41287e693dcb82c6e199f7991.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO user_email_confirmation_codes\n (user_email_confirmation_code_id, user_email_id, code, created_at, expires_at)\n VALUES ($1, $2, $3, $4, $5)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Text", 11 | "Timestamptz", 12 | "Timestamptz" 13 | ] 14 | }, 15 | "nullable": [] 16 | }, 17 | "hash": "b515bbfb331e46acd3c0219f09223cc5d8d31cb41287e693dcb82c6e199f7991" 18 | } 19 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-b6a6f5386dc89e4bc2ce56d578a29341848fce336d339b6bbf425956f5ed5032.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE oauth2_refresh_tokens\n SET consumed_at = $2\n WHERE oauth2_refresh_token_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Timestamptz" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "b6a6f5386dc89e4bc2ce56d578a29341848fce336d339b6bbf425956f5ed5032" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-b700dc3f7d0f86f4904725d8357e34b7e457f857ed37c467c314142877fd5367.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE oauth2_sessions\n SET finished_at = $2\n WHERE oauth2_session_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Timestamptz" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "b700dc3f7d0f86f4904725d8357e34b7e457f857ed37c467c314142877fd5367" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-b9875a270f7e753e48075ccae233df6e24a91775ceb877735508c1d5b2300d64.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE upstream_oauth_authorization_sessions\n SET upstream_oauth_link_id = $1,\n completed_at = $2,\n id_token = $3\n WHERE upstream_oauth_authorization_session_id = $4\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Timestamptz", 10 | "Text", 11 | "Uuid" 12 | ] 13 | }, 14 | "nullable": [] 15 | }, 16 | "hash": "b9875a270f7e753e48075ccae233df6e24a91775ceb877735508c1d5b2300d64" 17 | } 18 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-b992283a9b43cbb8f86149f3f55cb47fb628dabd8fadc50e6a5772903f851e1c.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n DELETE FROM upstream_oauth_authorization_sessions\n WHERE upstream_oauth_provider_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "b992283a9b43cbb8f86149f3f55cb47fb628dabd8fadc50e6a5772903f851e1c" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-bbf62633c561706a762089bbab2f76a9ba3e2ed3539ef16accb601fb609c2ec9.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE compat_access_tokens\n SET expires_at = $2\n WHERE compat_access_token_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Timestamptz" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "bbf62633c561706a762089bbab2f76a9ba3e2ed3539ef16accb601fb609c2ec9" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-bd1f6daa5fa1b10250c01f8b3fbe451646a9ceeefa6f72b9c4e29b6d05f17641.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE users\n SET primary_user_email_id = user_emails.user_email_id\n FROM user_emails\n WHERE user_emails.user_email_id = $1\n AND users.user_id = user_emails.user_id\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "bd1f6daa5fa1b10250c01f8b3fbe451646a9ceeefa6f72b9c4e29b6d05f17641" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-c29fa41743811a6ac3a9b952b6ea75d18e914f823902587b63c9f295407144b1.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE users\n SET locked_at = $1\n WHERE user_id = $2\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Timestamptz", 9 | "Uuid" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "c29fa41743811a6ac3a9b952b6ea75d18e914f823902587b63c9f295407144b1" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-c5e7dbb22488aca427b85b3415bd1f1a1766ff865f2e08a5daa095d2a1ccbd56.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE oauth2_authorization_grants\n SET exchanged_at = $2\n WHERE oauth2_authorization_grant_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Timestamptz" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "c5e7dbb22488aca427b85b3415bd1f1a1766ff865f2e08a5daa095d2a1ccbd56" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-cf1273b8aaaccedeb212a971d5e8e0dd23bfddab0ec08ee192783e103a1c4766.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO compat_sessions\n (compat_session_id, user_id, device_id,\n user_session_id, created_at, is_synapse_admin)\n VALUES ($1, $2, $3, $4, $5, $6)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Text", 11 | "Uuid", 12 | "Timestamptz", 13 | "Bool" 14 | ] 15 | }, 16 | "nullable": [] 17 | }, 18 | "hash": "cf1273b8aaaccedeb212a971d5e8e0dd23bfddab0ec08ee192783e103a1c4766" 19 | } 20 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-d0b403e9c843ef19fa5ad60bec32ebf14a1ba0d01681c3836366d3f55e7851f4.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE compat_refresh_tokens\n SET consumed_at = $2\n WHERE compat_refresh_token_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Timestamptz" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "d0b403e9c843ef19fa5ad60bec32ebf14a1ba0d01681c3836366d3f55e7851f4" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-d26e42d9fd2b2ee3cf9702c1666d83e7cffa26b320ae1442c7f3e22376c4a4ee.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE oauth2_device_code_grant\n SET fulfilled_at = $1\n , user_session_id = $2\n WHERE oauth2_device_code_grant_id = $3\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Timestamptz", 9 | "Uuid", 10 | "Uuid" 11 | ] 12 | }, 13 | "nullable": [] 14 | }, 15 | "hash": "d26e42d9fd2b2ee3cf9702c1666d83e7cffa26b320ae1442c7f3e22376c4a4ee" 16 | } 17 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-d7a0e4fa2f168976505405c7e7800847f3379f7b57c0972659a35bfb68b0f6cd.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO user_recovery_tickets (\n user_recovery_ticket_id\n , user_recovery_session_id\n , user_email_id\n , ticket\n , created_at\n , expires_at\n )\n VALUES ($1, $2, $3, $4, $5, $6)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Uuid", 11 | "Text", 12 | "Timestamptz", 13 | "Timestamptz" 14 | ] 15 | }, 16 | "nullable": [] 17 | }, 18 | "hash": "d7a0e4fa2f168976505405c7e7800847f3379f7b57c0972659a35bfb68b0f6cd" 19 | } 20 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-d83421d4a16f4ad084dd0db5abb56d3688851c36a48a50aa6104e8291e73630d.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE oauth2_authorization_grants AS og\n SET\n requires_consent = 'f'\n WHERE\n og.oauth2_authorization_grant_id = $1\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid" 9 | ] 10 | }, 11 | "nullable": [] 12 | }, 13 | "hash": "d83421d4a16f4ad084dd0db5abb56d3688851c36a48a50aa6104e8291e73630d" 14 | } 15 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-dbf4be84eeff9ea51b00185faae2d453ab449017ed492bf6711dc7fceb630880.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n UPDATE user_sessions\n SET finished_at = $1\n WHERE user_session_id = $2\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Timestamptz", 9 | "Uuid" 10 | ] 11 | }, 12 | "nullable": [] 13 | }, 14 | "hash": "dbf4be84eeff9ea51b00185faae2d453ab449017ed492bf6711dc7fceb630880" 15 | } 16 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-e68a7084d44462d19f30902d7e6c1bd60bb771c6f075df15ab0137a7ffc896da.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n SELECT pg_advisory_xact_lock($1)\n ", 4 | "describe": { 5 | "columns": [ 6 | { 7 | "ordinal": 0, 8 | "name": "pg_advisory_xact_lock", 9 | "type_info": "Void" 10 | } 11 | ], 12 | "parameters": { 13 | "Left": [ 14 | "Int8" 15 | ] 16 | }, 17 | "nullable": [ 18 | null 19 | ] 20 | }, 21 | "hash": "e68a7084d44462d19f30902d7e6c1bd60bb771c6f075df15ab0137a7ffc896da" 22 | } 23 | -------------------------------------------------------------------------------- /crates/storage-pg/.sqlx/query-f41f76c94cd68fca2285b1cc60f426603c84df4ef1c6ce5dc441a63d2dc46f6e.json: -------------------------------------------------------------------------------- 1 | { 2 | "db_name": "PostgreSQL", 3 | "query": "\n INSERT INTO user_sessions (user_session_id, user_id, created_at, user_agent)\n VALUES ($1, $2, $3, $4)\n ", 4 | "describe": { 5 | "columns": [], 6 | "parameters": { 7 | "Left": [ 8 | "Uuid", 9 | "Uuid", 10 | "Timestamptz", 11 | "Text" 12 | ] 13 | }, 14 | "nullable": [] 15 | }, 16 | "hash": "f41f76c94cd68fca2285b1cc60f426603c84df4ef1c6ce5dc441a63d2dc46f6e" 17 | } 18 | -------------------------------------------------------------------------------- /crates/storage-pg/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-storage-pg" 3 | version.workspace = true 4 | authors.workspace = true 5 | edition.workspace = true 6 | license.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish = false 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | async-trait.workspace = true 16 | sqlx.workspace = true 17 | sea-query.workspace = true 18 | sea-query-binder.workspace = true 19 | chrono.workspace = true 20 | serde.workspace = true 21 | serde_json.workspace = true 22 | thiserror.workspace = true 23 | tracing.workspace = true 24 | futures-util = "0.3.30" 25 | opentelemetry-semantic-conventions.workspace = true 26 | 27 | rand.workspace = true 28 | rand_chacha = "0.3.1" 29 | url.workspace = true 30 | uuid = "1.10.0" 31 | ulid = { workspace = true, features = ["uuid"] } 32 | 33 | oauth2-types.workspace = true 34 | mas-storage.workspace = true 35 | mas-data-model.workspace = true 36 | mas-iana.workspace = true 37 | mas-jose.workspace = true 38 | -------------------------------------------------------------------------------- /crates/storage-pg/build.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2021-2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | fn main() { 16 | // trigger recompilation when a new migration is added 17 | println!("cargo:rerun-if-changed=migrations"); 18 | } 19 | -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20230408234928_add_get_jobs_fn_.sql: -------------------------------------------------------------------------------- 1 | DROP FUNCTION apalis.get_job( 2 | worker_id TEXT, 3 | v_job_type TEXT 4 | ); 5 | 6 | CREATE OR replace FUNCTION apalis.get_jobs( 7 | worker_id TEXT, 8 | v_job_type TEXT, 9 | v_job_count integer DEFAULT 5 :: integer 10 | ) returns setof apalis.jobs AS $$ BEGIN RETURN QUERY 11 | UPDATE apalis.jobs 12 | SET status = 'Running', 13 | lock_by = worker_id, 14 | lock_at = now() 15 | WHERE id IN ( 16 | SELECT id 17 | FROM apalis.jobs 18 | WHERE status = 'Pending' 19 | AND run_at < now() 20 | AND job_type = v_job_type 21 | ORDER BY run_at ASC 22 | limit v_job_count FOR 23 | UPDATE skip LOCKED 24 | ) 25 | returning *; 26 | END; 27 | $$ LANGUAGE plpgsql volatile; -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20230616093555_compat_admin_flag.sql: -------------------------------------------------------------------------------- 1 | -- Copyright 2023 The Matrix.org Foundation C.I.C. 2 | -- 3 | -- Licensed under the Apache License, Version 2.0 (the "License"); 4 | -- you may not use this file except in compliance with the License. 5 | -- You may obtain a copy of the License at 6 | -- 7 | -- http://www.apache.org/licenses/LICENSE-2.0 8 | -- 9 | -- Unless required by applicable law or agreed to in writing, software 10 | -- distributed under the License is distributed on an "AS IS" BASIS, 11 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | -- See the License for the specific language governing permissions and 13 | -- limitations under the License. 14 | 15 | ALTER TABLE compat_sessions 16 | ADD COLUMN is_synapse_admin BOOLEAN NOT NULL DEFAULT FALSE; -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20230621140528_upstream_oauth_claims_imports.sql: -------------------------------------------------------------------------------- 1 | -- Copyright 2023 The Matrix.org Foundation C.I.C. 2 | -- 3 | -- Licensed under the Apache License, Version 2.0 (the "License"); 4 | -- you may not use this file except in compliance with the License. 5 | -- You may obtain a copy of the License at 6 | -- 7 | -- http://www.apache.org/licenses/LICENSE-2.0 8 | -- 9 | -- Unless required by applicable law or agreed to in writing, software 10 | -- distributed under the License is distributed on an "AS IS" BASIS, 11 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | -- See the License for the specific language governing permissions and 13 | -- limitations under the License. 14 | 15 | ALTER TABLE upstream_oauth_providers 16 | ADD COLUMN claims_imports 17 | JSONB 18 | NOT NULL 19 | DEFAULT '{}'; -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20230626130338_oauth_clients_static.sql: -------------------------------------------------------------------------------- 1 | -- Copyright 2023 The Matrix.org Foundation C.I.C. 2 | -- 3 | -- Licensed under the Apache License, Version 2.0 (the "License"); 4 | -- you may not use this file except in compliance with the License. 5 | -- You may obtain a copy of the License at 6 | -- 7 | -- http://www.apache.org/licenses/LICENSE-2.0 8 | -- 9 | -- Unless required by applicable law or agreed to in writing, software 10 | -- distributed under the License is distributed on an "AS IS" BASIS, 11 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | -- See the License for the specific language governing permissions and 13 | -- limitations under the License. 14 | 15 | -- This adds a flag to the OAuth 2.0 clients to indicate whether they are static (i.e. defined in config) or not. 16 | ALTER TABLE oauth2_clients 17 | ADD COLUMN is_static 18 | BOOLEAN NOT NULL 19 | DEFAULT FALSE; -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20230728154304_user_lock.sql: -------------------------------------------------------------------------------- 1 | -- Copyright 2023 The Matrix.org Foundation C.I.C. 2 | -- 3 | -- Licensed under the Apache License, Version 2.0 (the "License"); 4 | -- you may not use this file except in compliance with the License. 5 | -- You may obtain a copy of the License at 6 | -- 7 | -- http://www.apache.org/licenses/LICENSE-2.0 8 | -- 9 | -- Unless required by applicable law or agreed to in writing, software 10 | -- distributed under the License is distributed on an "AS IS" BASIS, 11 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | -- See the License for the specific language governing permissions and 13 | -- limitations under the License. 14 | 15 | -- Add a new column in on the `users` to record when an account gets locked 16 | ALTER TABLE "users" 17 | ADD COLUMN "locked_at" 18 | TIMESTAMP WITH TIME ZONE 19 | DEFAULT NULL; -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20230829141928_user_session_user_agent.sql: -------------------------------------------------------------------------------- 1 | -- Copyright 2023 The Matrix.org Foundation C.I.C. 2 | -- 3 | -- Licensed under the Apache License, Version 2.0 (the "License"); 4 | -- you may not use this file except in compliance with the License. 5 | -- You may obtain a copy of the License at 6 | -- 7 | -- http://www.apache.org/licenses/LICENSE-2.0 8 | -- 9 | -- Unless required by applicable law or agreed to in writing, software 10 | -- distributed under the License is distributed on an "AS IS" BASIS, 11 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | -- See the License for the specific language governing permissions and 13 | -- limitations under the License. 14 | 15 | -- This adds a user_agent column to the user_sessions table 16 | ALTER TABLE user_sessions ADD COLUMN user_agent TEXT; -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20230911091636_oauth2_token_expiration.sql: -------------------------------------------------------------------------------- 1 | -- Copyright 2023 The Matrix.org Foundation C.I.C. 2 | -- 3 | -- Licensed under the Apache License, Version 2.0 (the "License"); 4 | -- you may not use this file except in compliance with the License. 5 | -- You may obtain a copy of the License at 6 | -- 7 | -- http://www.apache.org/licenses/LICENSE-2.0 8 | -- 9 | -- Unless required by applicable law or agreed to in writing, software 10 | -- distributed under the License is distributed on an "AS IS" BASIS, 11 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | -- See the License for the specific language governing permissions and 13 | -- limitations under the License. 14 | 15 | -- This makes the `expires_at` column nullable on the `oauth2_access_tokens`. 16 | -- This is to allow permanent tokens to be created via the admin API. 17 | ALTER TABLE oauth2_access_tokens 18 | ALTER COLUMN expires_at DROP NOT NULL; 19 | 20 | -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20231009142904_user_can_request_admin.sql: -------------------------------------------------------------------------------- 1 | -- Copyright 2023 The Matrix.org Foundation C.I.C. 2 | -- 3 | -- Licensed under the Apache License, Version 2.0 (the "License"); 4 | -- you may not use this file except in compliance with the License. 5 | -- You may obtain a copy of the License at 6 | -- 7 | -- http://www.apache.org/licenses/LICENSE-2.0 8 | -- 9 | -- Unless required by applicable law or agreed to in writing, software 10 | -- distributed under the License is distributed on an "AS IS" BASIS, 11 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | -- See the License for the specific language governing permissions and 13 | -- limitations under the License. 14 | 15 | -- Adds a `can_request_admin` column to the `users` table 16 | ALTER TABLE users 17 | ADD COLUMN can_request_admin BOOLEAN NOT NULL DEFAULT FALSE; -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20231120110559_upstream_oauth_branding.sql: -------------------------------------------------------------------------------- 1 | -- Copyright 2023 The Matrix.org Foundation C.I.C. 2 | -- 3 | -- Licensed under the Apache License, Version 2.0 (the "License"); 4 | -- you may not use this file except in compliance with the License. 5 | -- You may obtain a copy of the License at 6 | -- 7 | -- http://www.apache.org/licenses/LICENSE-2.0 8 | -- 9 | -- Unless required by applicable law or agreed to in writing, software 10 | -- distributed under the License is distributed on an "AS IS" BASIS, 11 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | -- See the License for the specific language governing permissions and 13 | -- limitations under the License. 14 | 15 | -- Adds human readable branding information to the upstream_oauth_providers table 16 | ALTER TABLE upstream_oauth_providers 17 | ADD COLUMN human_name text, 18 | ADD COLUMN brand_name text; 19 | -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20231208155602_oauth_clients_device_code_grant.sql: -------------------------------------------------------------------------------- 1 | -- Copyright 2023 The Matrix.org Foundation C.I.C. 2 | -- 3 | -- Licensed under the Apache License, Version 2.0 (the "License"); 4 | -- you may not use this file except in compliance with the License. 5 | -- You may obtain a copy of the License at 6 | -- 7 | -- http://www.apache.org/licenses/LICENSE-2.0 8 | -- 9 | -- Unless required by applicable law or agreed to in writing, software 10 | -- distributed under the License is distributed on an "AS IS" BASIS, 11 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | -- See the License for the specific language governing permissions and 13 | -- limitations under the License. 14 | 15 | -- Add a flag on oauth_clients to indicate whether they support the device code grant 16 | ALTER TABLE oauth2_clients 17 | ADD COLUMN grant_type_device_code BOOLEAN 18 | NOT NULL DEFAULT FALSE; 19 | -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20240220141353_nonunique_compat_device_id.sql: -------------------------------------------------------------------------------- 1 | -- Copyright 2024 The Matrix.org Foundation C.I.C. 2 | -- 3 | -- Licensed under the Apache License, Version 2.0 (the "License"); 4 | -- you may not use this file except in compliance with the License. 5 | -- You may obtain a copy of the License at 6 | -- 7 | -- http://www.apache.org/licenses/LICENSE-2.0 8 | -- 9 | -- Unless required by applicable law or agreed to in writing, software 10 | -- distributed under the License is distributed on an "AS IS" BASIS, 11 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | -- See the License for the specific language governing permissions and 13 | -- limitations under the License. 14 | 15 | -- Drops the unique constraint on the device_id column in the compat_sessions table 16 | ALTER TABLE compat_sessions 17 | DROP CONSTRAINT compat_sessions_device_id_unique; 18 | -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20240220150201_compat_sessions_user_sessions_link.sql: -------------------------------------------------------------------------------- 1 | -- Copyright 2024 The Matrix.org Foundation C.I.C. 2 | -- 3 | -- Licensed under the Apache License, Version 2.0 (the "License"); 4 | -- you may not use this file except in compliance with the License. 5 | -- You may obtain a copy of the License at 6 | -- 7 | -- http://www.apache.org/licenses/LICENSE-2.0 8 | -- 9 | -- Unless required by applicable law or agreed to in writing, software 10 | -- distributed under the License is distributed on an "AS IS" BASIS, 11 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | -- See the License for the specific language governing permissions and 13 | -- limitations under the License. 14 | 15 | -- Adds an optional link between the compatibility sessions and the user sessions 16 | ALTER TABLE compat_sessions 17 | ADD COLUMN user_session_id UUID 18 | REFERENCES user_sessions (user_session_id) 19 | ON DELETE SET NULL; 20 | -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20240221164945_sessions_user_agent.sql: -------------------------------------------------------------------------------- 1 | -- Copyright 2024 The Matrix.org Foundation C.I.C. 2 | -- 3 | -- Licensed under the Apache License, Version 2.0 (the "License"); 4 | -- you may not use this file except in compliance with the License. 5 | -- You may obtain a copy of the License at 6 | -- 7 | -- http://www.apache.org/licenses/LICENSE-2.0 8 | -- 9 | -- Unless required by applicable law or agreed to in writing, software 10 | -- distributed under the License is distributed on an "AS IS" BASIS, 11 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | -- See the License for the specific language governing permissions and 13 | -- limitations under the License. 14 | 15 | -- Adds user agent columns to oauth and compat sessions tables 16 | ALTER TABLE oauth2_sessions ADD COLUMN user_agent TEXT; 17 | ALTER TABLE compat_sessions ADD COLUMN user_agent TEXT; 18 | -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20240301091201_upstream_oauth_additional_parameters.sql: -------------------------------------------------------------------------------- 1 | -- Copyright 2024 The Matrix.org Foundation C.I.C. 2 | -- 3 | -- Licensed under the Apache License, Version 2.0 (the "License"); 4 | -- you may not use this file except in compliance with the License. 5 | -- You may obtain a copy of the License at 6 | -- 7 | -- http://www.apache.org/licenses/LICENSE-2.0 8 | -- 9 | -- Unless required by applicable law or agreed to in writing, software 10 | -- distributed under the License is distributed on an "AS IS" BASIS, 11 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | -- See the License for the specific language governing permissions and 13 | -- limitations under the License. 14 | 15 | -- Adds a column to the upstream_oauth_providers table to store additional parameters to be sent to the OAuth provider. 16 | -- Parameters are stored as [["key", "value"], ["key", "value"], ...] in a JSONB column to keep key ordering. 17 | ALTER TABLE upstream_oauth_providers 18 | ADD COLUMN additional_parameters JSONB; 19 | -------------------------------------------------------------------------------- /crates/storage-pg/migrations/20240402084854_upstream_oauth_disabled_at.sql: -------------------------------------------------------------------------------- 1 | -- Copyright 2024 The Matrix.org Foundation C.I.C. 2 | -- 3 | -- Licensed under the Apache License, Version 2.0 (the "License"); 4 | -- you may not use this file except in compliance with the License. 5 | -- You may obtain a copy of the License at 6 | -- 7 | -- http://www.apache.org/licenses/LICENSE-2.0 8 | -- 9 | -- Unless required by applicable law or agreed to in writing, software 10 | -- distributed under the License is distributed on an "AS IS" BASIS, 11 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | -- See the License for the specific language governing permissions and 13 | -- limitations under the License. 14 | 15 | 16 | -- Adds a `disabled_at` column to the `upstream_oauth_providers` table, to soft-delete providers. 17 | ALTER TABLE "upstream_oauth_providers" 18 | ADD COLUMN "disabled_at" TIMESTAMP WITH TIME ZONE; 19 | -------------------------------------------------------------------------------- /crates/storage/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-storage" 3 | version.workspace = true 4 | authors.workspace = true 5 | edition.workspace = true 6 | license.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish = false 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | async-trait.workspace = true 16 | chrono.workspace = true 17 | thiserror.workspace = true 18 | futures-util = "0.3.30" 19 | 20 | apalis-core = { version = "0.4.9", features = ["tokio-comp"] } 21 | opentelemetry.workspace = true 22 | rand_core = "0.6.4" 23 | serde.workspace = true 24 | serde_json.workspace = true 25 | tracing.workspace = true 26 | tracing-opentelemetry.workspace = true 27 | url.workspace = true 28 | ulid.workspace = true 29 | 30 | oauth2-types.workspace = true 31 | mas-data-model.workspace = true 32 | mas-iana.workspace = true 33 | mas-jose.workspace = true 34 | -------------------------------------------------------------------------------- /crates/tasks/src/storage/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | //! Reimplementation of the [`apalis_sql::storage::PostgresStorage`] using a 16 | //! shared connection for the [`PgListener`] 17 | 18 | mod from_row; 19 | mod postgres; 20 | 21 | use self::from_row::SqlJobRequest; 22 | pub(crate) use self::postgres::StorageFactory as PostgresStorageFactory; 23 | -------------------------------------------------------------------------------- /crates/templates/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-templates" 3 | version.workspace = true 4 | authors.workspace = true 5 | edition.workspace = true 6 | license.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish = false 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | arc-swap = "1.7.1" 16 | tracing.workspace = true 17 | tokio.workspace = true 18 | walkdir = "2.5.0" 19 | 20 | anyhow.workspace = true 21 | thiserror.workspace = true 22 | 23 | minijinja = { workspace = true, features = ["loader", "json", "speedups", "unstable_machinery"] } 24 | serde.workspace = true 25 | serde_json.workspace = true 26 | serde_urlencoded = "0.7.1" 27 | v_htmlescape = "0.15.8" 28 | 29 | camino.workspace = true 30 | chrono.workspace = true 31 | url.workspace = true 32 | http.workspace = true 33 | ulid.workspace = true 34 | rand.workspace = true 35 | 36 | oauth2-types.workspace = true 37 | mas-data-model.workspace = true 38 | mas-i18n.workspace = true 39 | mas-router.workspace = true 40 | mas-spa.workspace = true 41 | -------------------------------------------------------------------------------- /crates/tower/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mas-tower" 3 | description = "Tower layers used by the Matrix Authentication Service" 4 | version.workspace = true 5 | authors.workspace = true 6 | edition.workspace = true 7 | license.workspace = true 8 | homepage.workspace = true 9 | repository.workspace = true 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [dependencies] 15 | http.workspace = true 16 | tracing.workspace = true 17 | tracing-opentelemetry.workspace = true 18 | tower.workspace = true 19 | opentelemetry.workspace = true 20 | opentelemetry-http.workspace = true 21 | opentelemetry-semantic-conventions.workspace = true 22 | pin-project-lite = "0.2.14" 23 | -------------------------------------------------------------------------------- /crates/tower/src/metrics/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | mod duration; 16 | mod in_flight; 17 | mod make_attributes; 18 | 19 | pub use self::{ 20 | duration::{DurationRecorderFuture, DurationRecorderLayer, DurationRecorderService}, 21 | in_flight::{InFlightCounterLayer, InFlightCounterService, InFlightFuture}, 22 | make_attributes::{metrics_attributes_fn, MetricsAttributes}, 23 | }; 24 | -------------------------------------------------------------------------------- /crates/tower/src/tracing/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | mod enrich_span; 16 | mod future; 17 | mod layer; 18 | mod make_span; 19 | mod service; 20 | 21 | pub use self::{ 22 | enrich_span::{enrich_span_fn, EnrichSpan}, 23 | future::TraceFuture, 24 | layer::TraceLayer, 25 | make_span::{make_span_fn, MakeSpan}, 26 | service::TraceService, 27 | }; 28 | -------------------------------------------------------------------------------- /docker-bake.hcl: -------------------------------------------------------------------------------- 1 | // This is what is baked by GitHub Actions 2 | group "default" { targets = ["regular", "debug", "syn2mas"] } 3 | 4 | // Targets filled by GitHub Actions: one for the regular tag, one for the debug tag 5 | target "docker-metadata-action" {} 6 | target "docker-metadata-action-debug" {} 7 | target "docker-metadata-action-syn2mas" {} 8 | 9 | // This sets the platforms and is further extended by GitHub Actions to set the 10 | // output and the cache locations 11 | target "base" { 12 | platforms = [ 13 | "linux/amd64", 14 | "linux/arm64", 15 | ] 16 | } 17 | 18 | target "regular" { 19 | inherits = ["base", "docker-metadata-action"] 20 | } 21 | 22 | target "debug" { 23 | inherits = ["base", "docker-metadata-action-debug"] 24 | target = "debug" 25 | } 26 | 27 | target "syn2mas" { 28 | inherits = ["base", "docker-metadata-action-syn2mas"] 29 | context = "./tools/syn2mas" 30 | } 31 | -------------------------------------------------------------------------------- /docs/api/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | API documentation 7 | 8 | 9 | 10 |
11 | 12 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /docs/as-login.md: -------------------------------------------------------------------------------- 1 | # About Application Services login 2 | 3 | Encrypted Application Services/Bridges currently leverage the `m.login.application_service` login type to create devices for users. 4 | This API is *not* available in the Matrix Authentication Service. 5 | 6 | We're working on a solution to support this use case, but in the meantime, this means **encrypted bridges will not work with the Matrix Authentication Service.** 7 | A workaround is to disable E2EE support in your bridge setup. 8 | -------------------------------------------------------------------------------- /docs/reference/cli/database.md: -------------------------------------------------------------------------------- 1 | # `database` 2 | 3 | Run database-related operations 4 | 5 | ## `database migrate` 6 | 7 | Run the pending database migrations 8 | 9 | ``` 10 | $ mas-cli database migrate 11 | ``` 12 | -------------------------------------------------------------------------------- /docs/reference/cli/doctor.md: -------------------------------------------------------------------------------- 1 | # `doctor` 2 | 3 | Run diagnostics on the live deployment. 4 | This tool should help diagnose common issues with the service configuration and deployment. 5 | 6 | When running this tool, make sure it runs from the same point-of-view as the service, with the same configuration file and environment variables. 7 | 8 | ``` 9 | $ mas-cli doctor 10 | ``` 11 | -------------------------------------------------------------------------------- /docs/reference/cli/manage.md: -------------------------------------------------------------------------------- 1 | # `manage` 2 | 3 | Includes admin-related subcommands. 4 | 5 | ## `manage verify-email ` 6 | 7 | Mark a user email address as verified 8 | -------------------------------------------------------------------------------- /docs/reference/cli/server.md: -------------------------------------------------------------------------------- 1 | # `server` 2 | 3 | Runs the authentication service. 4 | 5 | ``` 6 | $ mas-cli server 7 | INFO mas_cli::server: Starting task scheduler 8 | INFO mas_core::templates: Loading builtin templates 9 | INFO mas_cli::server: Listening on http://0.0.0.0:8080 10 | ``` 11 | -------------------------------------------------------------------------------- /docs/reference/cli/templates.md: -------------------------------------------------------------------------------- 1 | # `templates` 2 | 3 | ## `templates check` 4 | 5 | Check the validity of the templates loaded by the config. 6 | It compiles the templates and then renders them with different contexts. 7 | 8 | ```console 9 | $ mas-cli templates check 10 | INFO mas_core::templates: Loading templates from filesystem path=./templates/**/*.{html,txt} 11 | INFO mas_core::templates::check: Rendering template name="login.html" context={"csrf_token":"fake_csrf_token","form":{"fields_errors":{},"form_errors":[],"has_errors":false}} 12 | INFO mas_core::templates::check: Rendering template name="register.html" context={"__UNUSED":null,"csrf_token":"fake_csrf_token"} 13 | INFO mas_core::templates::check: Rendering template name="index.html" context={"csrf_token":"fake_csrf_token","current_session":{"active":true,"created_at":"2021-09-24T13:26:52.962135085Z","id":1,"last_authd_at":"2021-09-24T13:26:52.962135316Z","user_id":2,"username":"john"},"discovery_url":"https://example.com/.well-known/openid-configuration"} 14 | ... 15 | ``` 16 | -------------------------------------------------------------------------------- /docs/rustdoc/mas_handlers/README.md: -------------------------------------------------------------------------------- 1 | This is a placeholder which is replaced by the built crates technical documentation when building the documentation. 2 | If you're seeing this, you're probably looking at the documentation source, and should look at the built documentation instead here: 3 | -------------------------------------------------------------------------------- /docs/setup/well-known.md: -------------------------------------------------------------------------------- 1 | # .well-known configuration 2 | 3 | A `.well-known/matrix/client` file is required to be served to allow clients to discover the authentication service. 4 | 5 | If no `.well-known/matrix/client` file is served currently then this will need to be enabled. 6 | 7 | If the homeserver is Synapse and serving this file already then the correct values will already be included when the homeserver is [configured to use MAS](./homeserver.md). 8 | 9 | If the .well-known is hosted elsewhere then `org.matrix.msc2965.authentication` entries need to be included similar to the following: 10 | 11 | ```json 12 | { 13 | "m.homeserver": { 14 | "base_url": "https://matrix.example.com" 15 | }, 16 | "org.matrix.msc2965.authentication": { 17 | "issuer": "https://example.com/", 18 | "account": "https://auth.example.com/account" 19 | } 20 | } 21 | ``` 22 | 23 | For more context on what the correct values are, see [here](./). 24 | -------------------------------------------------------------------------------- /docs/storybook/README.md: -------------------------------------------------------------------------------- 1 | This is a placeholder which is replaced by the built Storybook when building the documentation. 2 | If you're seeing this, you're probably looking at the documentation source, and should look at the built documentation instead here: -------------------------------------------------------------------------------- /frontend/.browserlistrc: -------------------------------------------------------------------------------- 1 | last 2 Chrome versions, 2 | last 2 Firefox versions, 3 | Firefox ESR, 4 | last 2 Opera versions, 5 | last 2 Safari versions, 6 | last 2 edge version, 7 | not dead 8 | -------------------------------------------------------------------------------- /frontend/.gitignore: -------------------------------------------------------------------------------- 1 | /node_modules 2 | /dist 3 | /coverage 4 | -------------------------------------------------------------------------------- /frontend/.postcssrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "plugins": { 3 | "postcss-import": {}, 4 | "tailwindcss/nesting": "postcss-nesting", 5 | "tailwindcss": {}, 6 | "autoprefixer": {} 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /frontend/.prettierignore: -------------------------------------------------------------------------------- 1 | .storybook/locales.ts 2 | locales/*.json 3 | src/routeTree.gen.ts 4 | src/gql/* 5 | -------------------------------------------------------------------------------- /frontend/.storybook/preview-head.html: -------------------------------------------------------------------------------- 1 | 4 | 5 | 10 | -------------------------------------------------------------------------------- /frontend/graphql.config.json: -------------------------------------------------------------------------------- 1 | { 2 | "schema": "./schema.graphql", 3 | "documents": "./src/**/*" 4 | } 5 | -------------------------------------------------------------------------------- /frontend/src/@types/i18next.d.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | import "i18next"; 16 | import type frontend from "../../locales/en.json"; 17 | 18 | declare module "i18next" { 19 | interface CustomTypeOptions { 20 | keySeparator: "."; 21 | pluralSeparator: ":"; 22 | defaultNS: "frontend"; 23 | resources: { 24 | frontend: typeof frontend; 25 | }; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /frontend/src/components/AccountManagementPasswordPreview/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { default } from "./AccountManagementPasswordPreview"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/Block/__snapshots__/Block.test.tsx.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[`Block > passes down the className prop 1`] = ` 4 |
7 | `; 8 | 9 | exports[`Block > render 1`] = ` 10 |
13 | `; 14 | 15 | exports[`Block > render with children 1`] = ` 16 |
19 |

20 | Title 21 |

22 |

23 | Body 24 |

25 |
26 | `; 27 | 28 | exports[`Block > renders with highlight 1`] = ` 29 |
33 | `; 34 | -------------------------------------------------------------------------------- /frontend/src/components/Block/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { default } from "./Block"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/BlockList/BlockList.module.css: -------------------------------------------------------------------------------- 1 | /* Copyright 2023 The Matrix.org Foundation C.I.C. 2 | * 3 | * Licensed under the Apache License, Version 2.0 (the "License"); 4 | * you may not use this file except in compliance with the License. 5 | * You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software 10 | * distributed under the License is distributed on an "AS IS" BASIS, 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | * See the License for the specific language governing permissions and 13 | * limitations under the License. 14 | */ 15 | 16 | .block-list { 17 | display: flex; 18 | flex-direction: column; 19 | align-content: flex-start; 20 | gap: var(--cpd-space-6x); 21 | } 22 | -------------------------------------------------------------------------------- /frontend/src/components/BlockList/__snapshots__/BlockList.test.tsx.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[`BlockList > passes down the className prop 1`] = ` 4 |
7 | `; 8 | 9 | exports[`BlockList > render with children 1`] = ` 10 |
13 |
16 | Block 1 17 |
18 |
21 | Block 2 22 |
23 |
24 | `; 25 | 26 | exports[`BlockList > render an empty 1`] = ` 27 |
30 | `; 31 | -------------------------------------------------------------------------------- /frontend/src/components/BlockList/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { default } from "./BlockList"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/Client/OAuth2ClientDetail.module.css: -------------------------------------------------------------------------------- 1 | /* Copyright 2023 The Matrix.org Foundation C.I.C. 2 | * 3 | * Licensed under the Apache License, Version 2.0 (the "License"); 4 | * you may not use this file except in compliance with the License. 5 | * You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software 10 | * distributed under the License is distributed on an "AS IS" BASIS, 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | * See the License for the specific language governing permissions and 13 | * limitations under the License. 14 | */ 15 | 16 | .header { 17 | display: flex; 18 | flex-direction: row; 19 | justify-content: flex-start; 20 | align-items: center; 21 | gap: var(--cpd-space-2x); 22 | } 23 | -------------------------------------------------------------------------------- /frontend/src/components/Collapsible/Collapsible.module.css: -------------------------------------------------------------------------------- 1 | /* Copyright 2024 The Matrix.org Foundation C.I.C. 2 | * 3 | * Licensed under the Apache License, Version 2.0 (the "License"); 4 | * you may not use this file except in compliance with the License. 5 | * You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software 10 | * distributed under the License is distributed on an "AS IS" BASIS, 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | * See the License for the specific language governing permissions and 13 | * limitations under the License. 14 | */ 15 | 16 | .trigger { 17 | display: flex; 18 | width: 100%; 19 | } 20 | 21 | .trigger-title { 22 | flex-grow: 1; 23 | text-align: start; 24 | } 25 | 26 | [data-state="closed"] .trigger-icon { 27 | transform: rotate(180deg); 28 | } 29 | 30 | .content { 31 | margin-top: var(--cpd-space-2x); 32 | } 33 | -------------------------------------------------------------------------------- /frontend/src/components/Collapsible/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export * from "./Collapsible"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/Dialog/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { Close, Dialog, Title, Description } from "./Dialog"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/EmptyState/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { EmptyState as default } from "./EmptyState"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/ExternalLink/ExternalLink.module.css: -------------------------------------------------------------------------------- 1 | /* Copyright 2023 The Matrix.org Foundation C.I.C. 2 | * 3 | * Licensed under the Apache License, Version 2.0 (the "License"); 4 | * you may not use this file except in compliance with the License. 5 | * You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software 10 | * distributed under the License is distributed on an "AS IS" BASIS, 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | * See the License for the specific language governing permissions and 13 | * limitations under the License. 14 | */ 15 | 16 | .external-link { 17 | /* override compound style */ 18 | color: var(--cpd-color-text-link-external) !important; 19 | } 20 | -------------------------------------------------------------------------------- /frontend/src/components/Filter/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { Filter as default } from "./Filter"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/Footer/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { default } from "./Footer"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/GenericError.module.css: -------------------------------------------------------------------------------- 1 | /* Copyright 2024 The Matrix.org Foundation C.I.C. 2 | * 3 | * Licensed under the Apache License, Version 2.0 (the "License"); 4 | * you may not use this file except in compliance with the License. 5 | * You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software 10 | * distributed under the License is distributed on an "AS IS" BASIS, 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | * See the License for the specific language governing permissions and 13 | * limitations under the License. 14 | */ 15 | 16 | .details { 17 | font: var(--cpd-font-body-sm-regular); 18 | background: var(--cpd-color-bg-critical-subtle); 19 | border: 1px solid var(--cpd-color-border-critical-subtle); 20 | padding: var(--cpd-space-4x); 21 | text-align: initial; 22 | } 23 | -------------------------------------------------------------------------------- /frontend/src/components/Layout/__snapshots__/Layout.test.tsx.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[` > renders app navigation correctly 1`] = ` 4 | 10 | Profile 11 | 12 | `; 13 | 14 | exports[` > renders app navigation correctly 2`] = ` 15 | 19 | Sessions 20 | 21 | `; 22 | -------------------------------------------------------------------------------- /frontend/src/components/Layout/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { default } from "./Layout"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/Link.tsx: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | import { createLink } from "@tanstack/react-router"; 16 | import { Link as CompoundLink } from "@vector-im/compound-web"; 17 | 18 | export const Link = createLink(CompoundLink); 19 | -------------------------------------------------------------------------------- /frontend/src/components/LoadingScreen/LoadingScreen.module.css: -------------------------------------------------------------------------------- 1 | /* Copyright 2023 The Matrix.org Foundation C.I.C. 2 | * 3 | * Licensed under the Apache License, Version 2.0 (the "License"); 4 | * you may not use this file except in compliance with the License. 5 | * You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software 10 | * distributed under the License is distributed on an "AS IS" BASIS, 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | * See the License for the specific language governing permissions and 13 | * limitations under the License. 14 | */ 15 | 16 | .loading-screen { 17 | display: flex; 18 | 19 | /* Fallback for browsers that do not support 100svh */ 20 | min-height: 100vh; 21 | min-height: 100svh; 22 | 23 | justify-content: center; 24 | align-items: center; 25 | } 26 | -------------------------------------------------------------------------------- /frontend/src/components/LoadingScreen/LoadingScreen.tsx: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | import LoadingSpinner from "../LoadingSpinner"; 16 | 17 | import styles from "./LoadingScreen.module.css"; 18 | 19 | const LoadingScreen: React.FC = () => ( 20 |
21 | 22 |
23 | ); 24 | 25 | export default LoadingScreen; 26 | -------------------------------------------------------------------------------- /frontend/src/components/LoadingScreen/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { default } from "./LoadingScreen"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/LoadingSpinner/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { default } from "./LoadingSpinner"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/NavBar/NavBar.module.css: -------------------------------------------------------------------------------- 1 | /* Copyright 2023 The Matrix.org Foundation C.I.C. 2 | * 3 | * Licensed under the Apache License, Version 2.0 (the "License"); 4 | * you may not use this file except in compliance with the License. 5 | * You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software 10 | * distributed under the License is distributed on an "AS IS" BASIS, 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | * See the License for the specific language governing permissions and 13 | * limitations under the License. 14 | */ 15 | 16 | .nav-bar { 17 | border-bottom: var(--cpd-border-width-1) solid var(--cpd-color-gray-400); 18 | } 19 | 20 | .nav-bar-items { 21 | display: flex; 22 | flex-direction: row; 23 | justify-content: flex-start; 24 | align-items: center; 25 | gap: var(--cpd-space-3x); 26 | } 27 | -------------------------------------------------------------------------------- /frontend/src/components/NavBar/NavBar.tsx: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | import styles from "./NavBar.module.css"; 16 | 17 | const NavBar: React.FC> = ({ children }) => ( 18 | 21 | ); 22 | 23 | export default NavBar; 24 | -------------------------------------------------------------------------------- /frontend/src/components/NavBar/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { default } from "./NavBar"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/NavItem/__snapshots__/NavItem.test.tsx.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[`NavItem > render an active 1`] = ` 4 |
  • 8 | 14 | Active 15 | 16 |
    • 17 | `; 18 | 19 | exports[`NavItem > render an inactive 1`] = ` 20 |
  • 23 | 28 | Inactive 29 | 30 |
    • 31 | `; 32 | 33 | exports[`NavItem > renders a different route 1`] = ` 34 |
  • 37 | 42 | Sessions 43 | 44 |
    • 45 | `; 46 | -------------------------------------------------------------------------------- /frontend/src/components/NavItem/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { default } from "./NavItem"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/PageHeading/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { default } from "./PageHeading"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/Session/ClientAvatar.module.css: -------------------------------------------------------------------------------- 1 | /* Copyright 2023 The Matrix.org Foundation C.I.C. 2 | * 3 | * Licensed under the Apache License, Version 2.0 (the "License"); 4 | * you may not use this file except in compliance with the License. 5 | * You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software 10 | * distributed under the License is distributed on an "AS IS" BASIS, 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | * See the License for the specific language governing permissions and 13 | * limitations under the License. 14 | */ 15 | 16 | .avatar { 17 | object-fit: cover; 18 | overflow: hidden; 19 | aspect-ratio: 1 / 1; 20 | width: var(--mas-avatar-size); 21 | border-radius: 50%; 22 | display: inline-block; 23 | } 24 | -------------------------------------------------------------------------------- /frontend/src/components/Session/DeviceTypeIcon.module.css: -------------------------------------------------------------------------------- 1 | /* Copyright 2023 The Matrix.org Foundation C.I.C. 2 | * 3 | * Licensed under the Apache License, Version 2.0 (the "License"); 4 | * you may not use this file except in compliance with the License. 5 | * You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software 10 | * distributed under the License is distributed on an "AS IS" BASIS, 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | * See the License for the specific language governing permissions and 13 | * limitations under the License. 14 | */ 15 | 16 | .device-type-icon { 17 | color: var(--cpd-color-icon-secondary); 18 | background-color: var(--cpd-color-bg-subtle-secondary); 19 | box-sizing: content-box; 20 | height: var(--cpd-space-6x); 21 | width: var(--cpd-space-6x); 22 | padding: var(--cpd-space-2x); 23 | border-radius: var(--cpd-space-2x); 24 | } 25 | -------------------------------------------------------------------------------- /frontend/src/components/Session/LastActive.module.css: -------------------------------------------------------------------------------- 1 | /* Copyright 2023 The Matrix.org Foundation C.I.C. 2 | * 3 | * Licensed under the Apache License, Version 2.0 (the "License"); 4 | * you may not use this file except in compliance with the License. 5 | * You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software 10 | * distributed under the License is distributed on an "AS IS" BASIS, 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | * See the License for the specific language governing permissions and 13 | * limitations under the License. 14 | */ 15 | 16 | .active { 17 | color: var(--cpd-color-text-success-primary); 18 | } 19 | -------------------------------------------------------------------------------- /frontend/src/components/Session/__snapshots__/ClientAvatar.test.tsx.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[` > renders client logo 1`] = ` 4 |
    5 | Test Client 12 |
    13 | `; 14 | -------------------------------------------------------------------------------- /frontend/src/components/Session/__snapshots__/LastActive.test.tsx.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[` renders a default timestamp 1`] = ` 4 |
    5 | 8 | Active Fri, 15 Sept 2023, 01:12 9 | 10 |
    11 | `; 12 | 13 | exports[` renders a relative timestamp 1`] = ` 14 |
    15 | 18 | Active 1 hour ago 19 | 20 |
    21 | `; 22 | 23 | exports[` renders an 'active now' timestamp 1`] = ` 24 |
    25 | 29 | Active now 30 | 31 |
    32 | `; 33 | 34 | exports[` renders an inactive timestamp 1`] = ` 35 |
    36 | 39 | Inactive for 90+ days 40 | 41 |
    42 | `; 43 | -------------------------------------------------------------------------------- /frontend/src/components/SessionCard/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { 16 | Root, 17 | LinkBody, 18 | Body, 19 | Header, 20 | Name, 21 | Client, 22 | Metadata, 23 | Info, 24 | Action, 25 | } from "./SessionCard"; 26 | -------------------------------------------------------------------------------- /frontend/src/components/SessionDetail/BrowserSessionDetail.module.css: -------------------------------------------------------------------------------- 1 | /* Copyright 2023 The Matrix.org Foundation C.I.C. 2 | * 3 | * Licensed under the Apache License, Version 2.0 (the "License"); 4 | * you may not use this file except in compliance with the License. 5 | * You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software 10 | * distributed under the License is distributed on an "AS IS" BASIS, 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | * See the License for the specific language governing permissions and 13 | * limitations under the License. 14 | */ 15 | 16 | .current-badge { 17 | align-self: flex-start; 18 | } 19 | -------------------------------------------------------------------------------- /frontend/src/components/UnverifiedEmailAlert/UnverifiedEmailAlert.module.css: -------------------------------------------------------------------------------- 1 | /* Copyright 2023 The Matrix.org Foundation C.I.C. 2 | * 3 | * Licensed under the Apache License, Version 2.0 (the "License"); 4 | * you may not use this file except in compliance with the License. 5 | * You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software 10 | * distributed under the License is distributed on an "AS IS" BASIS, 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | * See the License for the specific language governing permissions and 13 | * limitations under the License. 14 | */ 15 | 16 | .alert > * { 17 | box-sizing: content-box; 18 | } 19 | -------------------------------------------------------------------------------- /frontend/src/components/UnverifiedEmailAlert/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { default } from "./UnverifiedEmailAlert"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/UserEmail/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { default } from "./UserEmail"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/UserGreeting/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { default } from "./UserGreeting"; 16 | -------------------------------------------------------------------------------- /frontend/src/components/UserSessionsOverview/__snapshots__/UserSessionsOverview.test.tsx.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[`UserSessionsOverview > render an simple 1`] = `
    `; 4 | -------------------------------------------------------------------------------- /frontend/src/components/VerifyEmail/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export { default } from "./VerifyEmail"; 16 | -------------------------------------------------------------------------------- /frontend/src/config.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2022-2024 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export type AppConfig = { 16 | root: string; 17 | graphqlEndpoint: string; 18 | }; 19 | 20 | interface IWindow { 21 | APP_CONFIG?: AppConfig; 22 | } 23 | 24 | const config: AppConfig = (typeof window !== "undefined" && 25 | (window as IWindow).APP_CONFIG) || { 26 | root: "/", 27 | graphqlEndpoint: "/graphql", 28 | }; 29 | 30 | export default config; 31 | -------------------------------------------------------------------------------- /frontend/src/gql/index.ts: -------------------------------------------------------------------------------- 1 | export * from "./fragment-masking"; 2 | export * from "./gql"; -------------------------------------------------------------------------------- /frontend/src/utils/dates.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | /** Compute what the date was 90 days ago, rouding down to the start of the day */ 16 | export const getNinetyDaysAgo = (): string => { 17 | const date = new Date(Date.now() - 90 * 24 * 60 * 60 * 1000); 18 | // Round down to the start of the day to avoid rerendering/requerying 19 | date.setHours(0, 0, 0, 0); 20 | return date.toISOString(); 21 | }; 22 | -------------------------------------------------------------------------------- /frontend/src/vite-env.d.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | /// 16 | /// 17 | -------------------------------------------------------------------------------- /frontend/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "target": "ESNext", 4 | "useDefineForClassFields": true, 5 | "lib": ["DOM", "DOM.Iterable", "ESNext"], 6 | "types": ["vite/client", "vitest/importMeta"], 7 | "allowJs": false, 8 | "skipLibCheck": true, 9 | "esModuleInterop": false, 10 | "allowSyntheticDefaultImports": true, 11 | "strict": true, 12 | "forceConsistentCasingInFileNames": true, 13 | "module": "ESNext", 14 | "moduleResolution": "bundler", 15 | "resolveJsonModule": true, 16 | "isolatedModules": true, 17 | "noEmit": true, 18 | "jsx": "react-jsx" 19 | }, 20 | "include": ["src", "locales", ".storybook/preview.tsx"], 21 | "references": [ 22 | { 23 | "path": "./tsconfig.node.json" 24 | } 25 | ] 26 | } 27 | -------------------------------------------------------------------------------- /frontend/tsconfig.node.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "composite": true, 4 | "module": "ESNext", 5 | "moduleResolution": "Node", 6 | "allowSyntheticDefaultImports": true, 7 | "allowJs": true, 8 | "resolveJsonModule": true 9 | }, 10 | "include": [ 11 | ".storybook/main.ts", 12 | "vite.config.ts", 13 | "vitest.global-setup.ts", 14 | "vitest.i18n-setup.ts", 15 | ".eslintrc.cjs", 16 | "postcss.config.cjs", 17 | "tailwind.config.cjs", 18 | "tailwind.templates.config.cjs", 19 | "codegen.ts", 20 | "i18next-parser.config.ts" 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /frontend/vitest.global-setup.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export const setup = (): void => { 16 | process.env.TZ = "UTC"; 17 | }; 18 | -------------------------------------------------------------------------------- /localazy.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://raw.githubusercontent.com/localazy/cli-schema/master/localazy.json", 3 | "readKey": "a7633943728394577700-c0f9f1df124fbdbe76b2c7dfcbfe574476d56509e0da6180e2a321dbbe056c40", 4 | "upload": { 5 | "type": "json", 6 | "files": [{ 7 | "file": "file.json", 8 | "pattern": "translations/en.json", 9 | "features": [ 10 | "arb_metadata", 11 | "plural_object" 12 | ] 13 | }, { 14 | "file": "frontend.json", 15 | "pattern": "frontend/locales/en.json", 16 | "features": ["plural_postfix_dd"] 17 | }] 18 | }, 19 | "download": { 20 | "metadataFileTs": "frontend/.storybook/locales.ts", 21 | "files": [{ 22 | "conditions": "equals: ${file}, file.json", 23 | "output": "translations/${lang}.json" 24 | }, { 25 | "conditions": "equals: ${file}, frontend.json", 26 | "output": "frontend/locales/${lang}.json" 27 | }] 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /misc/update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -eu 4 | 5 | export SQLX_OFFLINE=1 6 | BASE_DIR="$(dirname "$0")/.." 7 | CONFIG_SCHEMA="${BASE_DIR}/docs/config.schema.json" 8 | API_SCHEMA="${BASE_DIR}/docs/api/spec.json" 9 | GRAPHQL_SCHEMA="${BASE_DIR}/frontend/schema.graphql" 10 | POLICIES_SCHEMA="${BASE_DIR}/policies/schema/" 11 | 12 | set -x 13 | cargo run -p mas-config > "${CONFIG_SCHEMA}" 14 | cargo run -p mas-handlers --bin graphql-schema > "${GRAPHQL_SCHEMA}" 15 | cargo run -p mas-handlers --bin api-schema > "${API_SCHEMA}" 16 | cargo run -p mas-i18n-scan -- --update "${BASE_DIR}/templates/" "${BASE_DIR}/translations/en.json" 17 | OUT_DIR="${POLICIES_SCHEMA}" cargo run -p mas-policy --features jsonschema 18 | 19 | cd "${BASE_DIR}/frontend" 20 | npm run format 21 | npm run generate 22 | -------------------------------------------------------------------------------- /overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matrix-org/matrix-authentication-service/162119dd6651370fea5a74fdd5a7b6a2d26f1b20/overview.png -------------------------------------------------------------------------------- /policies/.gitignore: -------------------------------------------------------------------------------- 1 | /policy.wasm 2 | /bundle.tar.gz 3 | /coverage.json 4 | -------------------------------------------------------------------------------- /policies/email.rego: -------------------------------------------------------------------------------- 1 | # METADATA 2 | # schemas: 3 | # - input: schema["email_input"] 4 | package email 5 | 6 | import future.keywords.in 7 | 8 | default allow := false 9 | 10 | allow { 11 | count(violation) == 0 12 | } 13 | 14 | # Allow any domains if the data.allowed_domains array is not set 15 | email_domain_allowed { 16 | not data.allowed_domains 17 | } 18 | 19 | # Allow an email only if its domain is in the list of allowed domains 20 | email_domain_allowed { 21 | [_, domain] := split(input.email, "@") 22 | some allowed_domain in data.allowed_domains 23 | glob.match(allowed_domain, ["."], domain) 24 | } 25 | 26 | violation[{"msg": "email domain is not allowed"}] { 27 | not email_domain_allowed 28 | } 29 | 30 | # Deny emails with their domain in the domains banlist 31 | violation[{"msg": "email domain is banned"}] { 32 | [_, domain] := split(input.email, "@") 33 | some banned_domain in data.banned_domains 34 | glob.match(banned_domain, ["."], domain) 35 | } 36 | -------------------------------------------------------------------------------- /policies/email_test.rego: -------------------------------------------------------------------------------- 1 | package email 2 | 3 | test_allow_all_domains { 4 | allow with input.email as "hello@staging.element.io" 5 | } 6 | 7 | test_allowed_domain { 8 | allow with input.email as "hello@staging.element.io" 9 | with data.allowed_domains as ["*.element.io"] 10 | } 11 | 12 | test_not_allowed_domain { 13 | not allow with input.email as "hello@staging.element.io" 14 | with data.allowed_domains as ["example.com"] 15 | } 16 | 17 | test_banned_domain { 18 | not allow with input.email as "hello@staging.element.io" 19 | with data.banned_domains as ["*.element.io"] 20 | } 21 | 22 | test_banned_subdomain { 23 | not allow with input.email as "hello@staging.element.io" 24 | with data.allowed_domains as ["*.element.io"] 25 | with data.banned_domains as ["staging.element.io"] 26 | } 27 | -------------------------------------------------------------------------------- /policies/schema/authorization_grant_input.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "title": "AuthorizationGrantInput", 4 | "description": "Input for the authorization grant policy.", 5 | "type": "object", 6 | "required": [ 7 | "client", 8 | "grant_type", 9 | "scope" 10 | ], 11 | "properties": { 12 | "user": { 13 | "type": "object", 14 | "additionalProperties": true 15 | }, 16 | "client": { 17 | "type": "object", 18 | "additionalProperties": true 19 | }, 20 | "scope": { 21 | "type": "string" 22 | }, 23 | "grant_type": { 24 | "$ref": "#/definitions/GrantType" 25 | } 26 | }, 27 | "definitions": { 28 | "GrantType": { 29 | "type": "string", 30 | "enum": [ 31 | "authorization_code", 32 | "client_credentials", 33 | "urn:ietf:params:oauth:grant-type:device_code" 34 | ] 35 | } 36 | } 37 | } -------------------------------------------------------------------------------- /policies/schema/client_registration_input.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "title": "ClientRegistrationInput", 4 | "description": "Input for the client registration policy.", 5 | "type": "object", 6 | "required": [ 7 | "client_metadata" 8 | ], 9 | "properties": { 10 | "client_metadata": { 11 | "type": "object", 12 | "additionalProperties": true 13 | } 14 | } 15 | } -------------------------------------------------------------------------------- /policies/schema/email_input.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "title": "EmailInput", 4 | "description": "Input for the email add policy.", 5 | "type": "object", 6 | "required": [ 7 | "email" 8 | ], 9 | "properties": { 10 | "email": { 11 | "type": "string" 12 | } 13 | } 14 | } -------------------------------------------------------------------------------- /policies/schema/password_input.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "title": "PasswordInput", 4 | "description": "Input for the password set policy.", 5 | "type": "object", 6 | "required": [ 7 | "password" 8 | ], 9 | "properties": { 10 | "password": { 11 | "type": "string" 12 | } 13 | } 14 | } -------------------------------------------------------------------------------- /templates/emails/recovery.subject: -------------------------------------------------------------------------------- 1 | {# 2 | Copyright 2024 The Matrix.org Foundation C.I.C. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | -#} 16 | 17 | {%- set _ = translator(lang) -%} 18 | {%- set mxid -%} 19 | @{{ user.username }}:{{ branding.server_name }} 20 | {%- endset -%} 21 | 22 | {{ _("mas.emails.recovery.subject", mxid=mxid) }} 23 | -------------------------------------------------------------------------------- /templates/emails/recovery.txt: -------------------------------------------------------------------------------- 1 | {# 2 | Copyright 2024 The Matrix.org Foundation C.I.C. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | -#} 16 | 17 | {%- set _ = translator(lang) -%} 18 | {{ _("mas.emails.recovery.headline", server_name=branding.server_name) }} 19 | 20 | {{ _("mas.emails.recovery.copy_link") }} 21 | 22 | {{ recovery_link }} 23 | 24 | {{ _("mas.emails.recovery.you_can_ignore") }} -------------------------------------------------------------------------------- /templates/emails/verification.html: -------------------------------------------------------------------------------- 1 | {# 2 | Copyright 2021, 2022 The Matrix.org Foundation C.I.C. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | -#} 16 | 17 | {%- set _ = translator(lang) -%} 18 | 19 | {{ _("mas.emails.greeting", username=user.username) }}
    20 |
    21 | {{ _("mas.emails.verify.body_html", code=verification.code) }}
    22 | -------------------------------------------------------------------------------- /templates/emails/verification.subject: -------------------------------------------------------------------------------- 1 | {# 2 | Copyright 2022 The Matrix.org Foundation C.I.C. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | -#} 16 | 17 | {%- set _ = translator(lang) -%} 18 | 19 | {{ _("mas.emails.verify.subject", code=verification.code) }} 20 | -------------------------------------------------------------------------------- /templates/emails/verification.txt: -------------------------------------------------------------------------------- 1 | {# 2 | Copyright 2021, 2022 The Matrix.org Foundation C.I.C. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | -#} 16 | 17 | {%- set _ = translator(lang) -%} 18 | 19 | {{ _("mas.emails.greeting", username=user.username) }} 20 | 21 | {{ _("mas.emails.verify.body_text", code=verification.code) }} 22 | -------------------------------------------------------------------------------- /theme/additional.css: -------------------------------------------------------------------------------- 1 | #page-wrapper .page { 2 | display: flex; 3 | flex-direction: column; 4 | } 5 | 6 | .deprecation-notice { 7 | box-sizing: border-box; 8 | order: 2; 9 | color: rgb(213, 25, 40); 10 | background-color: rgb(255, 247, 246); 11 | border: 1px solid rgb(213, 25, 40); 12 | padding: 1rem 2rem; 13 | margin: 1rem 0; 14 | align-self: center; 15 | max-width: var(--content-max-width); 16 | } 17 | 18 | #content { 19 | order: 3; 20 | } 21 | -------------------------------------------------------------------------------- /theme/header.hbs: -------------------------------------------------------------------------------- 1 |
    2 |

    This documentation is out of date!

    3 |

    4 | This documentation site is for the versions of matrix-authentication-service maintained by the Matrix.org Foundation (github.com/matrix-org/matrix-authentication-service), available under the Apache 2.0 licence. 5 |

    6 | 7 |

    8 | Since version 0.12.0, matrix-authentication-service is now maintained by Element under a new licence (github.com/element-hq/matrix-authentication-service). 9 |

    10 | 11 |

    12 | If you are interested in the documentation for a later version of matrix-authentication-service, please refer to https://element-hq.github.io/matrix-authentication-service/. 13 |

    14 |
    15 | -------------------------------------------------------------------------------- /tools/syn2mas/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | dist 3 | -------------------------------------------------------------------------------- /tools/syn2mas/.nvmrc: -------------------------------------------------------------------------------- 1 | 18 -------------------------------------------------------------------------------- /tools/syn2mas/README.md: -------------------------------------------------------------------------------- 1 | # syn2mas - Synapse to Matrix Authentication Service 2 | 3 | Tool to help with the migration of a Matrix Synapse installation to the Matrix Authentication Service. 4 | 5 | The tool has two modes of operation: 6 | 7 | - Advisor mode: Analyses the Synapse configuration and reports on any issues that would prevent a successful migration. 8 | - Migration mode: Performs the migration of the Synapse database into the Matrix Authentication Service database. 9 | 10 | ## Usage 11 | 12 | Pre-migration advisor: 13 | 14 | ```sh 15 | npx @matrix-org/syn2mas --command=advisor --synapseConfigFile homeserver.yaml 16 | ``` 17 | -------------------------------------------------------------------------------- /tools/syn2mas/src/types/MUser.d.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | import { MUserEmail } from "./MUserEmail"; 16 | 17 | import { UUID } from "./index"; 18 | 19 | export interface MUser { 20 | user_id: UUID; 21 | username: string; // localpart only without @ 22 | created_at: Date; 23 | primary_user_email_id?: UUID; 24 | } 25 | -------------------------------------------------------------------------------- /tools/syn2mas/src/types/MUserPassword.d.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | import { MUser } from "./MUser"; 16 | 17 | import { UUID } from "./index"; 18 | 19 | export interface MUserPassword { 20 | user_password_id: UUID; 21 | user_id: UUID; 22 | hashed_password: string; 23 | created_at: Date; 24 | version: number; 25 | upgraded_from_id?: UUID; 26 | } 27 | -------------------------------------------------------------------------------- /tools/syn2mas/src/types/SUser.d.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | import { SynapseUserId, UnixTimestamp } from "./index"; 16 | 17 | export interface SUser { 18 | name: SynapseUserId; // '@test2:localhost:8008' 19 | password_hash?: string; 20 | admin: number; 21 | is_guest: number; 22 | deactivated: number; 23 | creation_ts: UnixTimestamp; 24 | appservice_id?: string; 25 | } 26 | -------------------------------------------------------------------------------- /tools/syn2mas/src/types/SUserExternalId.d.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | import { SynapseUserId } from "./index"; 16 | 17 | export interface SUserExternalId { 18 | auth_provider: string; 19 | external_id: string; 20 | user_id: SynapseUserId; 21 | } 22 | -------------------------------------------------------------------------------- /tools/syn2mas/src/types/index.d.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | export type UnixTimestamp = number; 16 | export type SynapseUserId = string; 17 | // eslint-disable-next-line @typescript-eslint/no-unused-vars 18 | export type Id = number; 19 | // eslint-disable-next-line @typescript-eslint/no-unused-vars 20 | export type UUID = string; 21 | -------------------------------------------------------------------------------- /tools/syn2mas/src/types/knex.d.ts: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Matrix.org Foundation C.I.C. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | import "knex/types/result"; 16 | 17 | declare module "knex/types/result" { 18 | interface Registry { 19 | Count: number; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /tools/syn2mas/tsconfig.eslint.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": [ 3 | "@tsconfig/strictest/tsconfig.json", 4 | "@tsconfig/node18/tsconfig.json", 5 | ], 6 | "compilerOptions": { 7 | "noEmit": true, 8 | "allowJs": true, 9 | }, 10 | "include": [ 11 | ".eslintrc.cjs", 12 | "src/**/*.mts", 13 | "src/**/*.ts" 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /tools/syn2mas/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": [ 3 | "@tsconfig/strictest/tsconfig.json", 4 | "@tsconfig/node18/tsconfig.json" 5 | ], 6 | "compilerOptions": { 7 | "outDir": "dist", 8 | "rootDir": "src", 9 | "sourceMap": true, 10 | "declaration": false, 11 | } 12 | } --------------------------------------------------------------------------------