diff --git a/Cargo.lock b/Cargo.lock index 26854d64e..e4ef87641 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -308,9 +308,9 @@ dependencies = [ [[package]] name = "async-compression" -version = "0.4.15" +version = "0.4.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e26a9844c659a2a293d239c7910b752f8487fe122c6c8bd1659bf85a6507c302" +checksum = "103db485efc3e41214fe4fda9f3dbeae2eb9082f48fd236e6095627a9422066e" dependencies = [ "brotli", "flate2", @@ -700,9 +700,9 @@ dependencies = [ [[package]] name = "bb8" -version = "0.8.5" +version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b10cf871f3ff2ce56432fddc2615ac7acc3aa22ca321f8fea800846fbb32f188" +checksum = "d89aabfae550a5c44b43ab941844ffcd2e993cb6900b342debf59e9ea74acdb8" dependencies = [ "async-trait", "futures-util", @@ -2895,9 +2895,9 @@ dependencies = [ [[package]] name = "hyper" -version = "1.4.1" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50dfd22e0e76d0f662d429a5f80fcaf3855009297eab6a0a9f8543834744ba05" +checksum = "bbbff0a806a4728c99295b254c8838933b5b082d75e3cb70c8dab21fdfbcfa9a" dependencies = [ "bytes", "futures-channel", @@ -3862,6 +3862,7 @@ dependencies = [ "serde", "sonic-rs", "speedy-uuid", + "tokio", "url", ] @@ -4181,9 +4182,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.159" +version = "0.2.160" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "561d97a539a36e26a9a5fad1ea11a3039a67714694aaa379433e580854bc3dc5" +checksum = "f0b21006cd1874ae9e650973c565615676dc4a274c965bb0a73796dac838ce4f" [[package]] name = "libm" @@ -5348,9 +5349,9 @@ checksum = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068" [[package]] name = "proc-macro2" -version = "1.0.87" +version = "1.0.88" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3e4daa0dcf6feba26f985457cdf104d4b4256fc5a09547140f3631bb076b19a" +checksum = "7c3a7fc5db1e57d5a779a352c8cdb57b29aa4c40cc69c3a68a7fedc815fbf2f9" dependencies = [ "unicode-ident", ] @@ -5416,9 +5417,9 @@ dependencies = [ [[package]] name = "pulldown-cmark" -version = "0.12.1" +version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "666f0f59e259aea2d72e6012290c09877a780935cc3c18b1ceded41f3890d59c" +checksum = "f86ba2052aebccc42cbbb3ed234b8b13ce76f75c3551a303cb2bcffcff12bb14" dependencies = [ "bitflags 2.6.0", "memchr", @@ -5891,9 +5892,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.14" +version = "0.23.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "415d9944693cb90382053259f89fbb077ea730ad7273047ec63b19bc9b160ba8" +checksum = "5fbb44d7acc4e873d613422379f69f237a1b141928c02f6bc6ccfddddc2d7993" dependencies = [ "log", "once_cell", @@ -5941,9 +5942,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.9.0" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e696e35370c65c9c541198af4543ccd580cf17fc25d8e05c5a242b202488c55" +checksum = "16f1201b3c9a7ee8039bcadc17b7e605e2945b27eee7631788c1bd2b0643674b" [[package]] name = "rustls-webpki" @@ -6176,9 +6177,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.128" +version = "1.0.129" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8" +checksum = "6dbcf9b78a125ee667ae19388837dd12294b858d101fdd393cb9d5501ef09eb2" dependencies = [ "itoa 1.0.11", "memchr", @@ -7552,9 +7553,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "uuid" -version = "1.10.0" +version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314" +checksum = "f8c5f0a0af699448548ad1a2fbf920fb4bee257eae39953ba95cb84891a0446a" dependencies = [ "getrandom 0.2.15", "rand 0.8.5", diff --git a/crates/kitsune-activitypub/Cargo.toml b/crates/kitsune-activitypub/Cargo.toml index 8eb4d9a23..e3bfc657b 100644 --- a/crates/kitsune-activitypub/Cargo.toml +++ b/crates/kitsune-activitypub/Cargo.toml @@ -45,7 +45,7 @@ sha2 = { version = "0.10.8", features = ["asm"] } [dev-dependencies] http-body-util = "0.1.2" -hyper = "1.4.1" +hyper = "1.5.0" kitsune-config = { workspace = true } kitsune-test = { workspace = true } kitsune-webfinger = { workspace = true } diff --git a/crates/kitsune-db/Cargo.toml b/crates/kitsune-db/Cargo.toml index d93743b44..7015fc2fa 100644 --- a/crates/kitsune-db/Cargo.toml +++ b/crates/kitsune-db/Cargo.toml @@ -22,7 +22,7 @@ kitsune-language = { workspace = true } kitsune-type = { workspace = true } num-derive = "0.4.2" num-traits = "0.2.19" -rustls = { version = "0.23.14", default-features = false, features = [ +rustls = { version = "0.23.15", default-features = false, features = [ "logging", "ring", "std", diff --git a/crates/kitsune-derive/impl/Cargo.toml b/crates/kitsune-derive/impl/Cargo.toml index 2681dc2bf..f1b451ae1 100644 --- a/crates/kitsune-derive/impl/Cargo.toml +++ b/crates/kitsune-derive/impl/Cargo.toml @@ -9,7 +9,7 @@ license.workspace = true proc-macro = true [dependencies] -proc-macro2 = "1.0.87" +proc-macro2 = "1.0.88" quote = "1.0.37" syn = { version = "2.0.79", features = ["full"] } diff --git a/crates/kitsune-http-client/Cargo.toml b/crates/kitsune-http-client/Cargo.toml index 0c927f2a0..57556d87e 100644 --- a/crates/kitsune-http-client/Cargo.toml +++ b/crates/kitsune-http-client/Cargo.toml @@ -14,7 +14,7 @@ futures-util = { version = "0.3.31", default-features = false, features = [ http-body = "1.0.1" http-body-util = "0.1.2" http-signatures = { workspace = true } -hyper = "1.4.1" +hyper = "1.5.0" hyper-util = { version = "0.1.9", features = [ "client-legacy", "http1", diff --git a/crates/kitsune-observability/Cargo.toml b/crates/kitsune-observability/Cargo.toml index 3d9e12db5..d9b9063c6 100644 --- a/crates/kitsune-observability/Cargo.toml +++ b/crates/kitsune-observability/Cargo.toml @@ -9,7 +9,7 @@ license.workspace = true async-trait = "0.1.83" eyre = "0.6.12" http-body-util = "0.1.2" -hyper = { version = "1.4.1", default-features = false } +hyper = { version = "1.5.0", default-features = false } kitsune-config = { workspace = true } kitsune-core = { workspace = true } kitsune-http-client = { workspace = true } diff --git a/crates/kitsune-oidc/Cargo.toml b/crates/kitsune-oidc/Cargo.toml index e7e685835..375a27c02 100644 --- a/crates/kitsune-oidc/Cargo.toml +++ b/crates/kitsune-oidc/Cargo.toml @@ -13,17 +13,21 @@ kitsune-config = { workspace = true } kitsune-derive = { workspace = true } kitsune-error = { workspace = true } kitsune-http-client = { workspace = true } -moka = { workspace = true } +moka = { workspace = true, features = ["sync"] } oauth2 = { version = "5.0.0-rc.1", default-features = false } openidconnect = { version = "4.0.0-rc.1", default-features = false, features = [ # Accept these two, per specification invalid, cases to increase compatibility "accept-rfc3339-timestamps", "accept-string-booleans", + "timing-resistant-secret-traits", ] } serde = { version = "1.0.210", features = ["derive"] } sonic-rs = { workspace = true } speedy-uuid = { workspace = true } url = "2.5.2" +[dev-dependencies] +tokio = { version = "1.40.0", features = ["macros", "rt"] } + [lints] workspace = true diff --git a/crates/kitsune-oidc/src/state/mod.rs b/crates/kitsune-oidc/src/state/mod.rs index 4d8cff836..b580b2f8e 100644 --- a/crates/kitsune-oidc/src/state/mod.rs +++ b/crates/kitsune-oidc/src/state/mod.rs @@ -6,14 +6,14 @@ pub use self::store::{AnyStore, Store}; pub mod store; -#[derive(Clone, Deserialize, Serialize)] +#[derive(Clone, Debug, Deserialize, Serialize, PartialEq)] pub struct OAuth2LoginState { pub application_id: Uuid, pub scope: String, pub state: Option, } -#[derive(Deserialize, Serialize)] +#[derive(Debug, Deserialize, Serialize, PartialEq)] pub struct LoginState { pub nonce: Nonce, pub pkce_verifier: PkceCodeVerifier, diff --git a/crates/kitsune-oidc/src/state/store/in_memory.rs b/crates/kitsune-oidc/src/state/store/in_memory.rs index e2e4594c3..6610efe0b 100644 --- a/crates/kitsune-oidc/src/state/store/in_memory.rs +++ b/crates/kitsune-oidc/src/state/store/in_memory.rs @@ -28,3 +28,52 @@ impl Store for InMemory { Ok(()) } } + +#[cfg(test)] +mod test { + use super::InMemory; + use crate::state::{LoginState, OAuth2LoginState, Store}; + use oauth2::PkceCodeVerifier; + use openidconnect::Nonce; + use speedy_uuid::Uuid; + + #[tokio::test] + async fn basic_ops() { + let val = LoginState { + nonce: Nonce::new_random(), + pkce_verifier: PkceCodeVerifier::new("test".into()), + oauth2: OAuth2LoginState { + application_id: Uuid::now_v7(), + scope: "owo".into(), + state: None, + }, + }; + + let in_memory = InMemory::new(10); + in_memory.set("uwu", val.clone()).await.unwrap(); + let got_val = in_memory.get_and_remove("uwu").await.unwrap(); + assert_eq!(got_val, val); + } + + #[tokio::test] + async fn limits_size() { + let val = LoginState { + nonce: Nonce::new_random(), + pkce_verifier: PkceCodeVerifier::new("test".into()), + oauth2: OAuth2LoginState { + application_id: Uuid::now_v7(), + scope: "owo".into(), + state: None, + }, + }; + + let in_memory = InMemory::new(2); + in_memory.set("owo", val.clone()).await.unwrap(); + in_memory.set("uwu", val.clone()).await.unwrap(); + in_memory.set("ùwú", val.clone()).await.unwrap(); + + in_memory.inner.run_pending_tasks(); + + assert_eq!(in_memory.inner.entry_count(), 2); + } +} diff --git a/crates/kitsune-service/Cargo.toml b/crates/kitsune-service/Cargo.toml index d42b1d32d..57d77fc26 100644 --- a/crates/kitsune-service/Cargo.toml +++ b/crates/kitsune-service/Cargo.toml @@ -58,7 +58,7 @@ zxcvbn = { version = "3.1.0", default-features = false } [dev-dependencies] hex-simd = "0.8.0" http-body-util = "0.1.2" -hyper = "1.4.1" +hyper = "1.5.0" kitsune-activitypub = { workspace = true } kitsune-config = { workspace = true } kitsune-federation-filter = { workspace = true } diff --git a/crates/kitsune-test/Cargo.toml b/crates/kitsune-test/Cargo.toml index 9e6b345dc..5ec4ee5ac 100644 --- a/crates/kitsune-test/Cargo.toml +++ b/crates/kitsune-test/Cargo.toml @@ -22,7 +22,7 @@ rusty-s3 = { version = "0.5.0", default-features = false } tokio = { workspace = true, features = ["time"] } triomphe = { workspace = true } url = "2.5.2" -uuid = { version = "1.10.0", features = ["fast-rng", "v4"] } +uuid = { version = "1.11.0", features = ["fast-rng", "v4"] } [lints] workspace = true diff --git a/crates/kitsune-util/Cargo.toml b/crates/kitsune-util/Cargo.toml index f4fb7600f..c09dc6e48 100644 --- a/crates/kitsune-util/Cargo.toml +++ b/crates/kitsune-util/Cargo.toml @@ -9,7 +9,7 @@ license.workspace = true bubble-bath = "0.2.0" iso8601-timestamp = { workspace = true } kitsune-type = { workspace = true } -pulldown-cmark = { version = "0.12.1", default-features = false, features = [ +pulldown-cmark = { version = "0.12.2", default-features = false, features = [ "html", "simd", ] } diff --git a/crates/kitsune-webfinger/Cargo.toml b/crates/kitsune-webfinger/Cargo.toml index ca1c1dd4a..0d68d9b80 100644 --- a/crates/kitsune-webfinger/Cargo.toml +++ b/crates/kitsune-webfinger/Cargo.toml @@ -22,7 +22,7 @@ urlencoding = "2.1.3" [dev-dependencies] http-body-util = "0.1.2" -hyper = "1.4.1" +hyper = "1.5.0" pretty_assertions = "1.4.1" sonic-rs = { workspace = true } tokio = { workspace = true, features = ["macros"] } diff --git a/flake.lock b/flake.lock index d51b66acd..0a5af6f4f 100644 --- a/flake.lock +++ b/flake.lock @@ -68,11 +68,11 @@ }, "crane": { "locked": { - "lastModified": 1728344376, - "narHash": "sha256-lxTce2XE6mfJH8Zk6yBbqsbu9/jpwdymbSH5cCbiVOA=", + "lastModified": 1728776144, + "narHash": "sha256-fROVjMcKRoGHofDm8dY3uDUtCMwUICh/KjBFQnuBzfg=", "owner": "ipetkov", "repo": "crane", - "rev": "fd86b78f5f35f712c72147427b1eb81a9bd55d0b", + "rev": "f876e3d905b922502f031aeec1a84490122254b7", "type": "github" }, "original": { @@ -108,11 +108,11 @@ "pre-commit-hooks": "pre-commit-hooks_2" }, "locked": { - "lastModified": 1728452860, - "narHash": "sha256-YtknslVeAXyK3zq6AoazydZrC8tisiZzvHsvZJAqMRk=", + "lastModified": 1729189092, + "narHash": "sha256-gA31aflrrsSCukNnxnBgCfrfGClXxc00ZE+R+7r9W6c=", "owner": "cachix", "repo": "devenv", - "rev": "e7a0bc559f5a66aaa42f5028db6162c4dd4587eb", + "rev": "7afa57b19353149c5814f1da66d23993dea732a6", "type": "github" }, "original": { @@ -560,11 +560,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1728241625, - "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", + "lastModified": 1728888510, + "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", + "rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c", "type": "github" }, "original": { @@ -681,11 +681,11 @@ ] }, "locked": { - "lastModified": 1728461096, - "narHash": "sha256-cd0cXB85B3kGpm+iumP9xCnqFErspXL9Z/2X59kQ6c4=", + "lastModified": 1729184663, + "narHash": "sha256-uNyi5vQrzaLkt4jj6ZEOs4+4UqOAwP6jFG2s7LIDwIk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "e310b9bd71fa6c6a9fec0a8cf5af43ce798a0ad6", + "rev": "16fb78d443c1970dda9a0bbb93070c9d8598a925", "type": "github" }, "original": { diff --git a/lib/fast-cjson/Cargo.toml b/lib/fast-cjson/Cargo.toml index 906a70715..09a414855 100644 --- a/lib/fast-cjson/Cargo.toml +++ b/lib/fast-cjson/Cargo.toml @@ -22,7 +22,7 @@ olpc-cjson = "0.1.4" proptest = { version = "1.5.0", default-features = false, features = ["std"] } proptest-derive = "0.5.0" serde = { version = "1.0.210", features = ["derive"] } -serde_json = "1.0.128" +serde_json = "1.0.129" [lints] workspace = true diff --git a/lib/masto-id-convert/Cargo.toml b/lib/masto-id-convert/Cargo.toml index 43c17e971..8d2990201 100644 --- a/lib/masto-id-convert/Cargo.toml +++ b/lib/masto-id-convert/Cargo.toml @@ -14,7 +14,7 @@ atoi_radix10 = "0.0.1" nanorand = { version = "0.7.0", default-features = false, features = [ "wyrand", ] } -uuid = { version = "1.10.0", default-features = false } +uuid = { version = "1.11.0", default-features = false } [features] default = ["std"] @@ -23,7 +23,7 @@ std = [] [dev-dependencies] divan = "0.1.14" time = "0.3.36" -uuid = { version = "1.10.0", features = ["v7"] } +uuid = { version = "1.11.0", features = ["v7"] } [lints] workspace = true diff --git a/lib/speedy-uuid/Cargo.toml b/lib/speedy-uuid/Cargo.toml index 4c29c0c7b..a112adabb 100644 --- a/lib/speedy-uuid/Cargo.toml +++ b/lib/speedy-uuid/Cargo.toml @@ -14,7 +14,7 @@ diesel = { version = "2.2.4", default-features = false, features = [ fred = { version = "9.2.1", default-features = false, optional = true } serde = { version = "1.0.210", optional = true } thiserror = "1.0.64" -uuid = { version = "1.10.0", features = ["fast-rng", "v7"] } +uuid = { version = "1.11.0", features = ["fast-rng", "v7"] } uuid-simd = { version = "0.8.0", features = ["uuid"] } [dev-dependencies]