Improvements from vynil

.github/workflows/ci.yml

@@ -120,7 +120,7 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - name: Download docker image artifact from docker job
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: controller-image
           path: /tmp

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "kuberest"
-version = "1.1.0"
+version = "1.1.2"
 authors = ["Sébastien Huss <[email protected]>"]
 edition = "2021"
 default-run = "controller"
@@ -70,6 +70,7 @@ rhai = { version = "1.20.0", features = ["sync", "serde"] }
 reqwest = { version = "0.12.4", features = ["rustls-tls"] }
 base64 = "0.22.1"
 rand = "0.8.5"
+argon2 = { version = "0.5.3", features = ["std"] }
 
 [dev-dependencies]
 assert-json-diff = "2.0.2"

charts/kuberest/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: kuberest
 description: Allow to Control remote REST api endpoints from the confort of your cluster
 type: application
-version: "1.1.1"
-appVersion: "1.1.1"
+version: "1.1.2"
+appVersion: "1.1.2"

deploy/operator/deployment.yaml

@@ -8,7 +8,7 @@ metadata:
   labels:
     app: kuberest
     app.kubernetes.io/name: kuberest
-    app.kubernetes.io/version: "1.0.0"
+    app.kubernetes.io/version: "1.1.2"
   namespace: default
 automountServiceAccountToken: true
 ---
@@ -57,7 +57,7 @@ metadata:
   labels:
     app: kuberest
     app.kubernetes.io/name: kuberest
-    app.kubernetes.io/version: "1.0.0"
+    app.kubernetes.io/version: "1.1.2"
 spec:
   type: ClusterIP
   ports:
@@ -77,7 +77,7 @@ metadata:
   labels:
     app: kuberest
     app.kubernetes.io/name: kuberest
-    app.kubernetes.io/version: "1.0.0"
+    app.kubernetes.io/version: "1.1.2"
 spec:
   replicas: 1
   selector:
@@ -95,7 +95,7 @@ spec:
         {}
       containers:
       - name: kuberest
-        image: sebt3/kuberest:1.0.0
+        image: sebt3/kuberest:1.1.2
         imagePullPolicy: IfNotPresent
         securityContext:
           {}

src/handlebarshandler.rs

@@ -1,10 +1,10 @@
-use crate::passwordhandler::Passwords;
+use crate::{hasheshandlers::Argon, passwordhandler::Passwords, Error, Result, RhaiRes};
 use base64::{engine::general_purpose::STANDARD, Engine as _};
 use handlebars::{handlebars_helper, Handlebars};
 use handlebars_misc_helpers::new_hbs;
 pub use serde_json::Value;
 use tracing::*;
-
+// TODO: improve error management
 handlebars_helper!(base64_decode: |arg:Value| String::from_utf8(STANDARD.decode(arg.as_str().unwrap_or_else(|| {
     warn!("handlebars::base64_decode received a non-string parameter: {:?}",arg);
     ""
@@ -19,14 +19,21 @@ handlebars_helper!(base64_encode: |arg:Value| STANDARD.encode(arg.as_str().unwra
     warn!("handlebars::base64_encode received a non-string parameter: {:?}",arg);
     ""
 }).to_string()));
-handlebars_helper!(header_basic: |username:Value,password:Value| format!("Basic {}",STANDARD.encode(format!("{}:{}",username.as_str().unwrap_or_else(|| {
+handlebars_helper!(header_basic: |username:Value, password:Value| format!("Basic {}",STANDARD.encode(format!("{}:{}",username.as_str().unwrap_or_else(|| {
     warn!("handlebars::header_basic received a non-string username: {:?}",username);
     ""
 }),password.as_str().unwrap_or_else(|| {
     warn!("handlebars::header_basic received a non-string password: {:?}",password);
     ""
 })))));
-handlebars_helper!(gen_password:  |len:u32| Passwords::new().generate(len, 6, 2, 2));
+handlebars_helper!(argon_hash: |password:Value| Argon::new().hash(password.as_str().unwrap_or_else(|| {
+    warn!("handlebars::argon_hash received a non-string password: {:?}",password);
+    ""
+}).to_string()).unwrap_or_else(|e| {
+    warn!("handlebars::argon_hash failed to convert to string with: {e:?}");
+    String::new()
+}));
+handlebars_helper!(gen_password: |len:u32| Passwords::new().generate(len, 6, 2, 2));
 handlebars_helper!(gen_password_alphanum:  |len:u32| Passwords::new().generate(len, 8, 2, 0));
 
 #[derive(Clone, Debug)]
@@ -36,47 +43,37 @@ pub struct HandleBars<'a> {
 impl HandleBars<'_> {
     #[must_use]
     pub fn new() -> HandleBars<'static> {
-        let mut res = HandleBars { engine: new_hbs() };
-        res.engine
-            .register_helper("base64_decode", Box::new(base64_decode));
-        res.engine
-            .register_helper("base64_encode", Box::new(base64_encode));
-        res.engine.register_helper("header_basic", Box::new(header_basic));
-        res.engine.register_helper("gen_password", Box::new(gen_password));
-        res.engine
-            .register_helper("gen_password_alphanum", Box::new(gen_password_alphanum));
+        let mut engine = new_hbs();
+        engine.register_helper("base64_decode", Box::new(base64_decode));
+        engine.register_helper("base64_encode", Box::new(base64_encode));
+        engine.register_helper("header_basic", Box::new(header_basic));
+        engine.register_helper("argon_hash", Box::new(argon_hash));
+        engine.register_helper("gen_password", Box::new(gen_password));
+        engine.register_helper("gen_password_alphanum", Box::new(gen_password_alphanum));
         // TODO: add more helpers
-        res
+        HandleBars { engine }
     }
 
-    pub fn register_template(&mut self, name: &str, template: &str) -> Result<(), handlebars::TemplateError> {
-        self.engine.register_template_string(name, template)
+    pub fn register_template(&mut self, name: &str, template: &str) -> Result<()> {
+        self.engine
+            .register_template_string(name, template)
+            .map_err(|e| Error::HbsTemplateError(e))
     }
 
-    pub fn register_template_rhai(&mut self, name: String, template: String) -> bool {
-        match self.register_template(name.as_str(), template.as_str()) {
-            Ok(()) => true,
-            Err(e) => {
-                debug!("Registring template from rhai generated: {e:?}");
-                false
-            }
-        }
+    pub fn rhai_register_template(&mut self, name: String, template: String) -> RhaiRes<()> {
+        self.register_template(name.as_str(), template.as_str())
+            .map_err(|e| format!("{e}").into())
     }
 
-    pub fn render(
-        &mut self,
-        template: &str,
-        data: &Value,
-    ) -> std::result::Result<String, handlebars::RenderError> {
-        self.engine.render_template(template, data)
+    pub fn render(&mut self, template: &str, data: &Value) -> Result<String> {
+        self.engine
+            .render_template(template, data)
+            .map_err(|e| Error::HbsRenderError(e))
     }
 
-    pub fn render_from_rhai(&mut self, template: String, data: rhai::Map) -> String {
+    pub fn rhai_render(&mut self, template: String, data: rhai::Map) -> RhaiRes<String> {
         self.engine
             .render_template(template.as_str(), &data)
-            .unwrap_or_else(|e| {
-                debug!("Rendering template from rhai generated: {e:?}");
-                String::new()
-            })
+            .map_err(|e| format!("{e}").into())
     }
 }

src/hasheshandlers.rs

@@ -0,0 +1,32 @@
+use crate::{rhai_err, Error, Result, RhaiRes};
+use argon2::{
+    password_hash::{rand_core::OsRng, PasswordHasher, SaltString},
+    Argon2,
+};
+
+#[derive(Clone, Debug)]
+pub struct Argon {
+    salt: SaltString,
+    argon: Argon2<'static>,
+}
+impl Argon {
+    #[must_use]
+    pub fn new() -> Self {
+        Self {
+            salt: SaltString::generate(&mut OsRng),
+            argon: Argon2::default(),
+        }
+    }
+
+    pub fn hash(&self, password: String) -> Result<String> {
+        Ok(self
+            .argon
+            .hash_password(password.as_bytes(), &self.salt)
+            .map_err(Error::Argon2hash)?
+            .to_string())
+    }
+
+    pub fn rhai_hash(&mut self, password: String) -> RhaiRes<String> {
+        self.hash(password).map_err(rhai_err)
+    }
+}