MarketTakers/arbiter
6
0
Fork 0
Code Issues 27 Pull Requests 2 Packages Projects Releases Wiki Activity

housekeeping(server): clippy warns fix
Some checks failed
ci/woodpecker/pr/server-audit Pipeline was successful
Details
ci/woodpecker/pr/server-vet Pipeline failed
Details
ci/woodpecker/pr/server-lint Pipeline was successful
Details
ci/woodpecker/pr/server-test Pipeline was successful
Details
ci/woodpecker/pr/useragent-analyze Pipeline failed
Details

Browse Source
This commit is contained in:
Skipper
2026-04-18 13:53:03 +02:00
parent 9cf87b2058
commit 38cf1b98b9
6 changed files with 42 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
server/Cargo.lock generated
View File

@@ -707,6 +707,7 @@ dependencies = [
"memsafe", "memsafe",
"ml-dsa", "ml-dsa",
"rand 0.10.1", "rand 0.10.1",
"thiserror 2.0.18",
"x-wing", "x-wing",
] ]

1
server/crates/arbiter-crypto/Cargo.toml
View File

@@ -11,6 +11,7 @@ hmac.workspace = true
alloy.workspace = true alloy.workspace = true
x-wing = { version = "0.1.0-rc.0", features = ["zeroize"] } x-wing = { version = "0.1.0-rc.0", features = ["zeroize"] }
chrono.workspace = true chrono.workspace = true
thiserror.workspace = true
[lints] [lints]
workspace = true workspace = true

14
server/crates/arbiter-crypto/src/authn/v1.rs
View File

@@ -11,6 +11,13 @@ pub static USERAGENT_CONTEXT: &[u8] = b"arbiter_user_agent";
const NONCE_SIZE: usize = 32; const NONCE_SIZE: usize = 32;
#[derive(Debug, Clone, Copy, PartialEq, Eq, thiserror::Error)]
#[error("invalid length: expected {expected} bytes, got {actual} bytes")]
pub struct InvalidLength {
pub expected: usize,
pub actual: usize,
}
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct AuthChallenge { pub struct AuthChallenge {
pub nonce: [u8; NONCE_SIZE], pub nonce: [u8; NONCE_SIZE],
@@ -43,8 +50,11 @@ impl AuthChallenge {
} }
} }
pub fn from_parts(nonce: &[u8], timestamp: i64) -> Result<Self, ()> { pub fn from_parts(nonce: &[u8], timestamp: i64) -> Result<Self, InvalidLength> {
let random_nonce = nonce.as_array().ok_or(())?; let random_nonce = nonce.as_array().ok_or(InvalidLength {
expected: NONCE_SIZE,
actual: nonce.len(),
})?;
Ok(AuthChallenge { Ok(AuthChallenge {
nonce: *random_nonce, nonce: *random_nonce,
timestamp: DateTime::from_timestamp_nanos(timestamp), timestamp: DateTime::from_timestamp_nanos(timestamp),

52
server/crates/arbiter-server/src/grpc/user_agent/vault_gate.rs
View File

@@ -15,37 +15,35 @@ mod outbound;
#[async_trait] #[async_trait]
impl Receiver<vault_gate::Inbound> for AuthTransportAdapter<'_> { impl Receiver<vault_gate::Inbound> for AuthTransportAdapter<'_> {
async fn recv(&mut self) -> Option<vault_gate::Inbound> { async fn recv(&mut self) -> Option<vault_gate::Inbound> {
loop { let request = match self.bi_mut().recv().await? {
let request = match self.bi_mut().recv().await? { Ok(request) => request,
Ok(request) => request, Err(error) => {
Err(error) => { warn!(
warn!( ?error,
?error, "Failed to receive user agent request during vault gate"
"Failed to receive user agent request during vault gate" );
);
return None;
}
};
if let Err(err) = self.tracker_mut().request(request.id) {
let _ = self.bi_mut().send(Err(err)).await;
return None; return None;
} }
};
let Some(payload) = request.payload else { if let Err(err) = self.tracker_mut().request(request.id) {
let _ = self let _ = self.bi_mut().send(Err(err)).await;
.bi_mut() return None;
.send(Err(Status::invalid_argument("Missing request payload"))) }
.await;
return None;
};
match payload.try_convert() { let Some(payload) = request.payload else {
Ok(inbound) => return Some(inbound), let _ = self
Err(status) => { .bi_mut()
let _ = self.bi_mut().send(Err(status)).await; .send(Err(Status::invalid_argument("Missing request payload")))
return None; .await;
} return None;
};
match payload.try_convert() {
Ok(inbound) => Some(inbound),
Err(status) => {
let _ = self.bi_mut().send(Err(status)).await;
None
} }
} }
} }

2
server/crates/arbiter-server/src/peers/user_agent/mod.rs
View File

@@ -81,7 +81,7 @@ async fn verify_integrity(
.get() .get()
.await .await
.map_err(|_| Error::Internal("DB unavailable".into()))?; .map_err(|_| Error::Internal("DB unavailable".into()))?;
match integrity::verify_entity(&mut conn, &vault, credentials, credentials.id).await { match integrity::verify_entity(&mut conn, vault, credentials, credentials.id).await {
Ok(AttestationStatus::Attested) => Ok(()), Ok(AttestationStatus::Attested) => Ok(()),
Ok(AttestationStatus::Unavailable) => { Ok(AttestationStatus::Unavailable) => {
Err(Error::Internal("Vault sealed during promotion".into())) Err(Error::Internal("Vault sealed during promotion".into()))

4
server/crates/arbiter-server/src/peers/user_agent/vault_gate/mod.rs
View File

@@ -132,7 +132,7 @@ impl VaultGate {
let secret = ephemeral_secret.diffie_hellman(&client_pubkey); let secret = ephemeral_secret.diffie_hellman(&client_pubkey);
self.state = State::ReadyForExchange { self.state = State::ReadyForExchange {
server_key: public_key.clone(), server_key: public_key,
secret, secret,
}; };
@@ -179,7 +179,7 @@ impl VaultGate {
} }
Err(err) => { Err(err) => {
error!(?err, "Failed to send unseal request to vault"); error!(?err, "Failed to send unseal request to vault");
Err(Error::internal("Vault actor error").into()) Err(Error::internal("Vault actor error"))
} }
} }
} }