There's a whole load of stuff here and it was a few days to get it working. I discovered that httpsig-rs doesn't handle colons in signature names correctly, so I had to seperate out the algorithm from the key ID. A seperate binary exists to demonstrate making a singed request, as the functionality is not used in the main binary yet. There is a bunch of stuff to make it ieasier if the key algorithm changes, although it is left hardcoded in a few places because we don't need forwards compatibility, we just need to make backwards compatibility easy Server-side graphql queries use cynic, which builds queries from rust types. We have code to resolve the graphql endpoint for a server and then fetch keys. A trait is implemented to make it easier to run graphql queries from the server. Signature is implemented by the httpsig library on the hyper request. Luckily for us, reqwest and axum roughly use similar types (thanks to the http crate). There is some conversion going on, in particular around buffering the request body to sign the digest. Speaking of, the covered components are picked to cover all parts of the request that could affect the response. The assumption is this, in combination with TLS, is sufficient security to subvert impersonation.
7 lines
193 B
Rust
7 lines
193 B
Rust
fn main() {
|
|
cynic_codegen::register_schema("playerbrainz")
|
|
.from_sdl_file("../../packages/playerbrainz/schema.graphql")
|
|
.unwrap()
|
|
.as_default()
|
|
.unwrap();
|
|
}
|