MarketTakers/arbiter
5
0
Fork 0
Code Issues 27 Pull Requests 5 Packages Projects Releases Wiki Activity

refactor(server): moved shared module crypto into arbiter-crypto

Browse Source
This commit is contained in:
hdbg
2026-04-07 15:41:50 +02:00
parent a845181ef6
commit d22ab49e3d
40 changed files with 319 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/crates/arbiter-server/Cargo.toml
View File

@@ -17,6 +17,7 @@ diesel-async = { version = "0.8.0", features = [
"tokio",
] }
arbiter-proto.path = "../arbiter-proto"
arbiter-crypto.path = "../arbiter-crypto"
tracing.workspace = true
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
tonic.workspace = true
@@ -35,7 +36,6 @@ dashmap = "6.1.0"
rand.workspace = true
rcgen.workspace = true
chrono.workspace = true
memsafe = "0.4.0"
zeroize = { version = "1.8.2", features = ["std", "simd"] }
kameo.workspace = true
chacha20poly1305 = { version = "0.10.1", features = ["std"] }

11
server/crates/arbiter-server/src/actors/client/auth.rs
View File

@@ -1,5 +1,6 @@
use arbiter_crypto::authn::{self, CLIENT_CONTEXT};
use arbiter_proto::{
CLIENT_CONTEXT, ClientMetadata,
ClientMetadata,
transport::{Bi, expect_message},
};
use chrono::Utc;
@@ -17,7 +18,6 @@ use crate::{
flow_coordinator::{self, RequestClientApproval},
keyholder::KeyHolder,
},
crypto::authn,
crypto::integrity::{self, AttestationStatus},
db::{
self,
@@ -26,8 +26,6 @@ use crate::{
},
};
#[derive(thiserror::Error, Debug, Clone, PartialEq, Eq)]
pub enum Error {
#[error("Database pool unavailable")]
@@ -355,7 +353,10 @@ where
T: Bi<Inbound, Result<Outbound, Error>> + ?Sized,
{
transport
.send(Ok(Outbound::AuthChallenge { pubkey: pubkey.clone(), nonce }))
.send(Ok(Outbound::AuthChallenge {
pubkey: pubkey.clone(),
nonce,
}))
.await
.map_err(|e| {
error!(error = ?e, "Failed to send auth challenge");

7
server/crates/arbiter-server/src/actors/client/mod.rs
View File

@@ -1,10 +1,10 @@
use arbiter_crypto::authn;
use arbiter_proto::{ClientMetadata, transport::Bi};
use kameo::actor::Spawn;
use tracing::{error, info};
use crate::{
actors::{GlobalActors, client::session::ClientSession},
crypto::authn,
crypto::integrity::{Integrable, hashing::Hashable},
db,
};
@@ -50,10 +50,7 @@ where
T: Bi<auth::Inbound, Result<auth::Outbound, auth::Error>> + Send + ?Sized,
{
let fut = auth::authenticate(&mut props, transport);
println!(
"authenticate future size: {}",
std::mem::size_of_val(&fut)
);
println!("authenticate future size: {}", std::mem::size_of_val(&fut));
match fut.await {
Ok(client_id) => {
ClientSession::spawn(ClientSession::new(props, client_id));

3
server/crates/arbiter-server/src/actors/evm/mod.rs
View File

@@ -21,8 +21,9 @@ use crate::{
ether_transfer::EtherTransfer, token_transfers::TokenTransfer,
},
},
safe_cell::{SafeCell, SafeCellHandle as _},
};
use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
pub use crate::evm::safe_signer;

5
server/crates/arbiter-server/src/actors/keyholder/mod.rs
View File

@@ -15,7 +15,6 @@ use crate::{
encryption::v1::{self, Nonce},
integrity::v1::HmacSha256,
},
safe_cell::SafeCell,
};
use crate::{
db::{
@@ -23,8 +22,8 @@ use crate::{
models::{self, RootKeyHistory},
schema::{self},
},
safe_cell::SafeCellHandle as _,
};
use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
#[derive(Default, EnumDiscriminants)]
#[strum_discriminants(derive(Reply), vis(pub), name(KeyHolderState))]
@@ -402,8 +401,8 @@ mod tests {
use crate::{
db::{self},
safe_cell::SafeCell,
};
use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
use super::*;

3
server/crates/arbiter-server/src/actors/user_agent/auth.rs
View File

@@ -1,3 +1,4 @@
use arbiter_crypto::authn;
use arbiter_proto::transport::Bi;
use tracing::error;
@@ -5,8 +6,6 @@ use crate::actors::user_agent::{
UserAgentConnection,
auth::state::{AuthContext, AuthStateMachine},
};
use crate::crypto::authn;
mod state;
use state::*;

4
server/crates/arbiter-server/src/actors/user_agent/auth/state.rs
View File

@@ -1,4 +1,5 @@
use arbiter_proto::{USERAGENT_CONTEXT, transport::Bi};
use arbiter_crypto::authn::{self, USERAGENT_CONTEXT};
use arbiter_proto::{transport::Bi};
use diesel::{ExpressionMethods as _, OptionalExtension as _, QueryDsl, update};
use diesel_async::{AsyncConnection, RunQueryDsl};
use kameo::actor::ActorRef;
@@ -11,7 +12,6 @@ use crate::{
keyholder::KeyHolder,
user_agent::{UserAgentConnection, UserAgentCredentials, auth::Outbound},
},
crypto::authn,
crypto::integrity,
db::{DatabasePool, schema::useragent_client},
};

3
server/crates/arbiter-server/src/actors/user_agent/mod.rs
View File

@@ -1,9 +1,10 @@
use crate::{
actors::{GlobalActors, client::ClientProfile},
crypto::authn,
crypto::integrity::Integrable,
db,
};
use arbiter_crypto::authn;
#[derive(Debug)]
pub struct UserAgentCredentials {

19
server/crates/arbiter-server/src/actors/user_agent/session.rs
View File

@@ -1,3 +1,5 @@
use arbiter_crypto::authn;
use std::{borrow::Cow, collections::HashMap};
use arbiter_proto::transport::Sender;
@@ -11,8 +13,6 @@ use crate::actors::{
flow_coordinator::{RegisterUserAgent, client_connect_approval::ClientApprovalController},
user_agent::{OutOfBand, UserAgentConnection},
};
use crate::crypto::authn;
mod state;
use state::{DummyContext, UserAgentEvents, UserAgentStateMachine};
@@ -119,14 +119,13 @@ impl UserAgentSession {
return;
}
self.pending_client_approvals
.insert(
client.pubkey.to_bytes(),
PendingClientApproval {
pubkey: client.pubkey,
controller,
},
);
self.pending_client_approvals.insert(
client.pubkey.to_bytes(),
PendingClientApproval {
pubkey: client.pubkey,
controller,
},
);
}
}

9
server/crates/arbiter-server/src/actors/user_agent/session/connection.rs
View File

@@ -1,6 +1,7 @@
use std::sync::Mutex;
use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature};
use arbiter_crypto::{authn, safecell::{SafeCell, SafeCellHandle as _}};
use chacha20poly1305::{AeadInPlace, XChaCha20Poly1305, XNonce, aead::KeyInit};
use diesel::{ExpressionMethods as _, QueryDsl as _, SelectableHelper};
use diesel_async::{AsyncConnection, RunQueryDsl};
@@ -13,12 +14,10 @@ use x25519_dalek::{EphemeralSecret, PublicKey};
use crate::actors::flow_coordinator::client_connect_approval::ClientApprovalAnswer;
use crate::actors::keyholder::KeyHolderState;
use crate::actors::user_agent::session::Error;
use crate::crypto::authn;
use crate::db::models::{
EvmWalletAccess, NewEvmWalletAccess, ProgramClient, ProgramClientMetadata,
};
use crate::evm::policies::{Grant, SpecificGrant};
use crate::safe_cell::SafeCell;
use crate::{
actors::{
evm::{
@@ -31,7 +30,6 @@ use crate::{
state::{UnsealContext, UserAgentEvents, UserAgentStates},
},
},
safe_cell::SafeCellHandle as _,
};
impl UserAgentSession {
@@ -477,10 +475,7 @@ impl UserAgentSession {
pubkey: authn::PublicKey,
ctx: &mut Context<Self, Result<(), Error>>,
) -> Result<(), Error> {
let pending_approval = match self
.pending_client_approvals
.remove(&pubkey.to_bytes())
{
let pending_approval = match self.pending_client_approvals.remove(&pubkey.to_bytes()) {
Some(approval) => approval,
None => {
error!("Received client connection response for unknown client");

3
server/crates/arbiter-server/src/crypto/authn/mod.rs
View File

@@ -1,3 +0,0 @@
pub mod v1;
pub use v1::*;

110
server/crates/arbiter-server/src/crypto/authn/v1/mod.rs
View File

@@ -1,110 +0,0 @@
use ml_dsa::{
EncodedVerifyingKey, MlDsa87, Signature as MlDsaSignature, VerifyingKey as MlDsaVerifyingKey,
};
pub type KeyParams = MlDsa87;
#[derive(Clone, Debug, PartialEq)]
pub struct PublicKey(Box<MlDsaVerifyingKey<KeyParams>>);
#[derive(Clone, Debug, PartialEq)]
pub struct Signature(Box<MlDsaSignature<KeyParams>>);
impl PublicKey {
pub fn to_bytes(&self) -> Vec<u8> {
self.0.encode().to_vec()
}
pub fn verify(&self, nonce: i32, context: &[u8], signature: &Signature) -> bool {
self.0.verify_with_context(&format_challenge(nonce, self), context, &signature.0)
}
}
impl Signature {
pub fn to_bytes(&self) -> Vec<u8> {
self.0.encode().to_vec()
}
}
impl From<MlDsaVerifyingKey<KeyParams>> for PublicKey {
fn from(value: MlDsaVerifyingKey<KeyParams>) -> Self {
Self(Box::new(value))
}
}
impl From<MlDsaSignature<KeyParams>> for Signature {
fn from(value: MlDsaSignature<KeyParams>) -> Self {
Self(Box::new(value))
}
}
impl TryFrom<&'_ [u8]> for PublicKey {
type Error = ();
fn try_from(value: &[u8]) -> Result<Self, Self::Error> {
let encoded = EncodedVerifyingKey::<KeyParams>::try_from(value).map_err(|_| ())?;
Ok(Self(Box::new(MlDsaVerifyingKey::decode(&encoded))))
}
}
impl TryFrom<&'_ [u8]> for Signature {
type Error = ();
fn try_from(value: &[u8]) -> Result<Self, Self::Error> {
MlDsaSignature::try_from(value)
.map(|sig| Self(Box::new(sig)))
.map_err(|_| ())
}
}
pub fn format_challenge(nonce: i32, pubkey: &PublicKey) -> Vec<u8> {
arbiter_proto::format_challenge(nonce, &pubkey.to_bytes())
}
#[cfg(test)]
mod tests {
use ml_dsa::{KeyGen, MlDsa87, signature::Keypair as _};
use super::{PublicKey, Signature};
#[test]
fn public_key_round_trip_decodes() {
let key = MlDsa87::key_gen(&mut rand::rng());
let encoded = PublicKey::from(key.verifying_key()).to_bytes();
let decoded = PublicKey::try_from(encoded.as_slice()).expect("public key should decode");
assert_eq!(decoded, PublicKey::from(key.verifying_key()));
}
#[test]
fn signature_round_trip_decodes() {
let key = MlDsa87::key_gen(&mut rand::rng());
let challenge = b"challenge";
let signature = key
.signing_key()
.sign_deterministic(challenge, arbiter_proto::CLIENT_CONTEXT)
.expect("signature should be created");
let decoded = Signature::try_from(signature.encode().to_vec().as_slice()).expect("signature should decode");
assert_eq!(decoded, Signature::from(signature));
}
#[test]
fn challenge_verification_uses_context_and_canonical_key_bytes() {
let key = MlDsa87::key_gen(&mut rand::rng());
let public_key = PublicKey::from(key.verifying_key());
let nonce = 17;
let challenge =
arbiter_proto::format_challenge(nonce, &public_key.to_bytes());
let signature = key
.signing_key()
.sign_deterministic(&challenge, arbiter_proto::CLIENT_CONTEXT)
.expect("signature should be created")
.into();
assert!(public_key.verify(nonce, arbiter_proto::CLIENT_CONTEXT, &signature));
assert!(!public_key.verify(nonce, arbiter_proto::USERAGENT_CONTEXT, &signature));
}
}

4
server/crates/arbiter-server/src/crypto/encryption/v1.rs
View File

@@ -60,9 +60,9 @@ mod tests {
use super::*;
use crate::{
crypto::derive_key,
safe_cell::{SafeCell, SafeCellHandle as _},
crypto::derive_key
};
use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
#[test]
pub fn derive_seal_key_deterministic() {

6
server/crates/arbiter-server/src/crypto/integrity/v1.rs
View File

@@ -1,6 +1,7 @@
use crate::{
actors::keyholder, crypto::integrity::hashing::Hashable, safe_cell::SafeCellHandle as _,
actors::keyholder, crypto::integrity::hashing::Hashable
};
use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
use hmac::{Hmac, Mac as _};
use sha2::Sha256;
@@ -212,8 +213,9 @@ mod tests {
use crate::{
actors::keyholder::{Bootstrap, KeyHolder},
db::{self, schema},
safe_cell::{SafeCell, SafeCellHandle as _},
};
use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
use super::{Error, Integrable, sign_entity, verify_entity};
use super::{hashing::Hashable, payload_hash};

5
server/crates/arbiter-server/src/crypto/mod.rs
View File

@@ -10,9 +10,8 @@ use rand::{
rngs::{StdRng, SysRng},
};
use crate::safe_cell::{SafeCell, SafeCellHandle as _};
use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
pub mod authn;
pub mod encryption;
pub mod integrity;
@@ -142,7 +141,7 @@ mod tests {
derive_key,
encryption::v1::{Nonce, generate_salt},
};
use crate::safe_cell::{SafeCell, SafeCellHandle as _};
use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
#[test]
pub fn encrypt_decrypt() {

2
server/crates/arbiter-server/src/evm/safe_signer.rs
View File

@@ -1,6 +1,6 @@
use std::sync::Mutex;
use crate::safe_cell::{SafeCell, SafeCellHandle as _};
use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
use alloy::{
consensus::SignableTransaction,
network::{TxSigner, TxSignerSync},

2
server/crates/arbiter-server/src/grpc/client/auth.rs
View File

@@ -1,3 +1,4 @@
use arbiter_crypto::authn;
use arbiter_proto::{
ClientMetadata,
proto::{
@@ -22,7 +23,6 @@ use tracing::warn;
use crate::{
actors::client::{self, ClientConnection, auth},
crypto::authn,
grpc::request_tracker::RequestTracker,
};

2
server/crates/arbiter-server/src/grpc/user_agent/auth.rs
View File

@@ -1,3 +1,4 @@
use arbiter_crypto::authn;
use arbiter_proto::{
proto::user_agent::{
UserAgentRequest, UserAgentResponse,
@@ -18,7 +19,6 @@ use tracing::warn;
use crate::{
actors::user_agent::{UserAgentConnection, auth},
crypto::authn,
grpc::request_tracker::RequestTracker,
};

2
server/crates/arbiter-server/src/grpc/user_agent/sdk_client.rs
View File

@@ -1,3 +1,4 @@
use arbiter_crypto::authn;
use arbiter_proto::proto::{
shared::ClientInfo as ProtoClientMetadata,
user_agent::{
@@ -27,7 +28,6 @@ use crate::{
HandleRevokeEvmWalletAccess, HandleSdkClientList,
},
},
crypto::authn,
db::models::NewEvmWalletAccess,
grpc::Convert,
};

1
server/crates/arbiter-server/src/lib.rs
View File

@@ -7,7 +7,6 @@ pub mod crypto;
pub mod db;
pub mod evm;
pub mod grpc;
pub mod safe_cell;
pub mod utils;
pub struct Server {

111
server/crates/arbiter-server/src/safe_cell.rs
View File

@@ -1,111 +0,0 @@
use std::ops::{Deref, DerefMut};
use std::{any::type_name, fmt};
use memsafe::MemSafe;
pub trait SafeCellHandle<T> {
type CellRead<'a>: Deref<Target = T>
where
Self: 'a,
T: 'a;
type CellWrite<'a>: Deref<Target = T> + DerefMut<Target = T>
where
Self: 'a,
T: 'a;
fn new(value: T) -> Self
where
Self: Sized;
fn read(&mut self) -> Self::CellRead<'_>;
fn write(&mut self) -> Self::CellWrite<'_>;
fn new_inline<F>(f: F) -> Self
where
Self: Sized,
T: Default,
F: for<'a> FnOnce(&'a mut T),
{
let mut cell = Self::new(T::default());
{
let mut handle = cell.write();
f(handle.deref_mut());
}
cell
}
#[inline(always)]
fn read_inline<F, R>(&mut self, f: F) -> R
where
F: FnOnce(&T) -> R,
{
f(&*self.read())
}
#[inline(always)]
fn write_inline<F, R>(&mut self, f: F) -> R
where
F: FnOnce(&mut T) -> R,
{
f(&mut *self.write())
}
}
pub struct MemSafeCell<T>(MemSafe<T>);
impl<T> fmt::Debug for MemSafeCell<T> {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.debug_struct("MemSafeCell")
.field("inner", &format_args!("<protected {}>", type_name::<T>()))
.finish()
}
}
impl<T> SafeCellHandle<T> for MemSafeCell<T> {
type CellRead<'a>
= memsafe::MemSafeRead<'a, T>
where
Self: 'a,
T: 'a;
type CellWrite<'a>
= memsafe::MemSafeWrite<'a, T>
where
Self: 'a,
T: 'a;
fn new(value: T) -> Self {
match MemSafe::new(value) {
Ok(inner) => Self(inner),
Err(err) => {
// If protected memory cannot be allocated, process integrity is compromised.
abort_memory_breach("safe cell allocation", &err)
}
}
}
#[inline(always)]
fn read(&mut self) -> Self::CellRead<'_> {
match self.0.read() {
Ok(inner) => inner,
Err(err) => abort_memory_breach("safe cell read", &err),
}
}
#[inline(always)]
fn write(&mut self) -> Self::CellWrite<'_> {
match self.0.write() {
Ok(inner) => inner,
Err(err) => {
// If protected memory becomes unwritable here, treat it as a fatal memory breach.
abort_memory_breach("safe cell write", &err)
}
}
}
}
fn abort_memory_breach(action: &str, err: &memsafe::error::MemoryError) -> ! {
eprintln!("fatal {action}: {err}");
std::process::abort();
}
pub type SafeCell<T> = MemSafeCell<T>;

10
server/crates/arbiter-server/tests/client/auth.rs
View File

@@ -1,3 +1,7 @@
use arbiter_crypto::{
authn::{self, CLIENT_CONTEXT, format_challenge},
safecell::{SafeCell, SafeCellHandle as _},
};
use arbiter_proto::ClientMetadata;
use arbiter_proto::transport::{Receiver, Sender};
use arbiter_server::{
@@ -6,10 +10,8 @@ use arbiter_server::{
client::{ClientConnection, ClientCredentials, auth, connect_client},
keyholder::Bootstrap,
},
crypto::authn,
crypto::integrity,
db::{self, schema},
safe_cell::{SafeCell, SafeCellHandle as _},
};
use diesel::{ExpressionMethods as _, NullableExpressionMethods as _, QueryDsl as _, insert_into};
use diesel_async::RunQueryDsl;
@@ -72,9 +74,9 @@ fn sign_client_challenge(
nonce: i32,
pubkey: &authn::PublicKey,
) -> authn::Signature {
let challenge = arbiter_proto::format_challenge(nonce, &pubkey.to_bytes());
let challenge = format_challenge(nonce, &pubkey.to_bytes());
key.signing_key()
.sign_deterministic(&challenge, arbiter_proto::CLIENT_CONTEXT)
.sign_deterministic(&challenge, CLIENT_CONTEXT)
.unwrap()
.into()
}

3
server/crates/arbiter-server/tests/common/mod.rs
View File

@@ -2,8 +2,9 @@ use arbiter_proto::transport::{Bi, Error, Receiver, Sender};
use arbiter_server::{
actors::keyholder::KeyHolder,
db::{self, schema},
safe_cell::{SafeCell, SafeCellHandle as _},
};
use arbiter_crypto::{authn::{self, format_challenge, CLIENT_CONTEXT}, safecell::{SafeCell, SafeCellHandle as _}};
use async_trait::async_trait;
use diesel::QueryDsl;
use diesel_async::RunQueryDsl;

4
server/crates/arbiter-server/tests/keyholder/concurrency.rs
View File

@@ -3,8 +3,10 @@ use std::collections::{HashMap, HashSet};
use arbiter_server::{
actors::keyholder::{CreateNew, Error, KeyHolder},
db::{self, models, schema},
safe_cell::{SafeCell, SafeCellHandle as _},
};
use arbiter_crypto::{authn::{self, format_challenge, CLIENT_CONTEXT}, safecell::{SafeCell, SafeCellHandle as _}};
use diesel::{ExpressionMethods as _, QueryDsl, SelectableHelper, dsl::sql_query};
use diesel_async::RunQueryDsl;
use kameo::actor::{ActorRef, Spawn as _};

3
server/crates/arbiter-server/tests/keyholder/lifecycle.rs
View File

@@ -2,8 +2,9 @@ use arbiter_server::{
actors::keyholder::{Error, KeyHolder},
crypto::encryption::v1::{Nonce, ROOT_KEY_TAG},
db::{self, models, schema},
safe_cell::{SafeCell, SafeCellHandle as _},
};
use arbiter_crypto::{authn::{self, format_challenge, CLIENT_CONTEXT}, safecell::{SafeCell, SafeCellHandle as _}};
use diesel::{QueryDsl, SelectableHelper};
use diesel_async::RunQueryDsl;

4
server/crates/arbiter-server/tests/keyholder/storage.rs
View File

@@ -4,8 +4,10 @@ use arbiter_server::{
actors::keyholder::Error,
crypto::encryption::v1::Nonce,
db::{self, models, schema},
safe_cell::{SafeCell, SafeCellHandle as _},
};
use arbiter_crypto::{authn::{self, format_challenge, CLIENT_CONTEXT}, safecell::{SafeCell, SafeCellHandle as _}};
use diesel::{ExpressionMethods as _, QueryDsl, SelectableHelper, dsl::update};
use diesel_async::RunQueryDsl;

8
server/crates/arbiter-server/tests/user_agent/auth.rs
View File

@@ -1,3 +1,5 @@
use arbiter_crypto::{authn::{self, format_challenge, USERAGENT_CONTEXT}, safecell::{SafeCell, SafeCellHandle as _}};
use arbiter_proto::transport::{Receiver, Sender};
use arbiter_server::{
actors::{
@@ -6,10 +8,8 @@ use arbiter_server::{
keyholder::Bootstrap,
user_agent::{UserAgentConnection, UserAgentCredentials, auth},
},
crypto::authn,
crypto::integrity,
db::{self, schema},
safe_cell::{SafeCell, SafeCellHandle as _},
};
use diesel::{ExpressionMethods as _, QueryDsl, insert_into};
use diesel_async::RunQueryDsl;
@@ -22,9 +22,9 @@ fn sign_useragent_challenge(
nonce: i32,
pubkey_bytes: &[u8],
) -> authn::Signature {
let challenge = arbiter_proto::format_challenge(nonce, pubkey_bytes);
let challenge = format_challenge(nonce, pubkey_bytes);
key.signing_key()
.sign_deterministic(&challenge, arbiter_proto::USERAGENT_CONTEXT)
.sign_deterministic(&challenge, USERAGENT_CONTEXT)
.unwrap()
.into()
}

4
server/crates/arbiter-server/tests/user_agent/unseal.rs
View File

@@ -8,8 +8,10 @@ use arbiter_server::{
},
},
db,
safe_cell::{SafeCell, SafeCellHandle as _},
};
use arbiter_crypto::{authn::{self, format_challenge, CLIENT_CONTEXT}, safecell::{SafeCell, SafeCellHandle as _}};
use chacha20poly1305::{AeadInPlace, XChaCha20Poly1305, XNonce, aead::KeyInit};
use diesel::{ExpressionMethods as _, QueryDsl as _, insert_into};
use diesel_async::RunQueryDsl;