MarketTakers/arbiter
6
0
Fork 0
Code Issues 26 Pull Requests 1 Packages Projects Releases Wiki Activity

Compare commits

base: MarketTakers:303120c9ac249b0c244448e467d08d51d704a63f
Branches Tags
MarketTakers:main MarketTakers:feat-shamir MarketTakers:enforcing-integrity MarketTakers:push-wxnlsulvnrpz MarketTakers:check-uac-cerf MarketTakers:impl-useragent_delete_grant MarketTakers:Client-key-replacement-attack MarketTakers:critical-fix-CI-check-all-features MarketTakers:win-service MarketTakers:fix-proto-build-script MarketTakers:terrors-refactor MarketTakers:PoC-terrors MarketTakers:push-lspnytwuyulm MarketTakers:key-alternative MarketTakers:push-yyxvkwvyspxv MarketTakers:security-breaktrougth
...
compare: MarketTakers:main
Branches Tags
MarketTakers:main MarketTakers:feat-shamir MarketTakers:enforcing-integrity MarketTakers:push-wxnlsulvnrpz MarketTakers:check-uac-cerf MarketTakers:impl-useragent_delete_grant MarketTakers:Client-key-replacement-attack MarketTakers:critical-fix-CI-check-all-features MarketTakers:win-service MarketTakers:fix-proto-build-script MarketTakers:terrors-refactor MarketTakers:PoC-terrors MarketTakers:push-lspnytwuyulm MarketTakers:key-alternative MarketTakers:push-yyxvkwvyspxv MarketTakers:security-breaktrougth

2 Commits
303120c9ac ... main

Author SHA1 Message Date
Stas
a8e4a710f1 Merge pull request 'security(server): bind grant revocation state (revoked_at) to integrity hash' (#83) from security-hash-revoke_at into main
Some checks failed
ci/woodpecker/push/server-audit Pipeline was successful
Details
ci/woodpecker/push/server-vet Pipeline failed
Details
ci/woodpecker/push/server-lint Pipeline was successful
Details
ci/woodpecker/push/server-test Pipeline was successful
Details
ci/woodpecker/push/useragent-analyze Pipeline failed
Details 
Reviewed-on: #83
 2026-06-11 09:44:28 +00:00
CleverWild
d99c87c473 fix: lints
Some checks failed
ci/woodpecker/pr/server-audit Pipeline was successful
Details
ci/woodpecker/pr/server-vet Pipeline failed
Details
ci/woodpecker/pr/server-lint Pipeline was successful
Details
ci/woodpecker/pr/server-test Pipeline was successful
Details
2026-06-09 21:07:01 +02:00
10 changed files with 18 additions and 21 deletions
Expand all files Collapse all files

2
server/crates/arbiter-client/src/auth.rs
View File

@@ -100,7 +100,7 @@ async fn send_auth_challenge_solution(
key: &SigningKey,
challenge: AuthChallenge,
) -> Result<(), AuthError> {
let timestamp = DateTime::from_timestamp_nanos(challenge.timestamp_nanos as i64);
let timestamp = DateTime::from_timestamp_nanos(challenge.timestamp_nanos.cast_signed());
let challenge = authn::AuthChallenge {
nonce: *challenge
.random

2
server/crates/arbiter-server/src/grpc/client/auth.rs
View File

@@ -200,7 +200,7 @@ impl Convert for auth::Outbound {
.timestamp
.timestamp_nanos_opt()
.expect("timestamp within range")
as u64,
.cast_unsigned(),
random: challenge.nonce.to_vec(),
})
}

2
server/crates/arbiter-server/src/grpc/operator/auth.rs
View File

@@ -80,7 +80,7 @@ impl Sender<Result<auth::Outbound, auth::Error>> for AuthTransportAdapter<'_> {
.timestamp
.timestamp_nanos_opt()
.expect("timestamp within range")
as u64,
.cast_unsigned(),
random: challenge.nonce.to_vec(),
})
}

2
server/crates/arbiter-server/src/peers/client/auth.rs
View File

@@ -298,7 +298,7 @@ where
let signature = expect_message(transport, |req: Inbound| match req {
Inbound::AuthChallengeSolution { signature } => Some(signature),
_ => None,
Inbound::AuthChallengeRequest { .. } => None,
})
.await
.map_err(|e| {

2
server/crates/arbiter-server/src/peers/operator/auth/state.rs
View File

@@ -127,8 +127,6 @@ where
})
}
#[allow(missing_docs)]
#[allow(clippy::unused_unit)]
async fn verify_solution(
&mut self,
ChallengeContext {

3
server/crates/arbiter-server/src/peers/operator/session/handlers.rs
View File

@@ -212,8 +212,7 @@ impl OperatorSession {
&mut self,
) -> Result<Vec<EvmWalletAccess>, Error> {
let mut conn = self.props.db.get().await?;
use crate::db::schema::evm_wallet_access;
let access_entries = evm_wallet_access::table
let access_entries = crate::db::schema::evm_wallet_access::table
.select(EvmWalletAccess::as_select())
.load::<_>(&mut conn)
.await?;

2
server/crates/arbiter-server/src/peers/operator/session/mod.rs
View File

@@ -63,7 +63,7 @@ impl OperatorSession {
Self {
props,
sender,
pending_client_approvals: Default::default(),
pending_client_approvals: HashMap::default(),
}
}
}

2
server/crates/arbiter-server/tests/operator/auth.rs
View File

@@ -400,7 +400,7 @@ pub async fn challenge_auth_rejects_integrity_tag_mismatch_when_unsealed() {
let challenge = match response {
Ok(resp) => match resp {
auth::Outbound::AuthChallenge { challenge } => challenge,
other => panic!("Expected AuthChallenge, got {other:?}"),
other @ auth::Outbound::AuthSuccess => panic!("Expected AuthChallenge, got {other:?}"),
},
Err(err) => panic!("Expected Ok response, got Err({err:?})"),
};

14
server/crates/arbiter-server/tests/vault/lifecycle.rs
View File

@@ -14,7 +14,7 @@ use diesel_async::RunQueryDsl;
#[tokio::test]
#[test_log::test]
async fn test_bootstrap() {
async fn bootstrap() {
let db = db::create_test_pool().await;
let mut actor = Vault::new(db.clone(), GlobalActors::spawn_message_bus())
.await
@@ -39,7 +39,7 @@ async fn test_bootstrap() {
#[tokio::test]
#[test_log::test]
async fn test_bootstrap_rejects_double() {
async fn bootstrap_rejects_double() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_vault(&db).await;
@@ -50,7 +50,7 @@ async fn test_bootstrap_rejects_double() {
#[tokio::test]
#[test_log::test]
async fn test_create_new_before_bootstrap_fails() {
async fn create_new_before_bootstrap_fails() {
let db = db::create_test_pool().await;
let mut actor = Vault::new(db, GlobalActors::spawn_message_bus())
.await
@@ -65,7 +65,7 @@ async fn test_create_new_before_bootstrap_fails() {
#[tokio::test]
#[test_log::test]
async fn test_decrypt_before_bootstrap_fails() {
async fn decrypt_before_bootstrap_fails() {
let db = db::create_test_pool().await;
let mut actor = Vault::new(db, GlobalActors::spawn_message_bus())
.await
@@ -77,7 +77,7 @@ async fn test_decrypt_before_bootstrap_fails() {
#[tokio::test]
#[test_log::test]
async fn test_new_restores_sealed_state() {
async fn new_restores_sealed_state() {
let db = db::create_test_pool().await;
let actor = common::bootstrapped_vault(&db).await;
drop(actor);
@@ -91,7 +91,7 @@ async fn test_new_restores_sealed_state() {
#[tokio::test]
#[test_log::test]
async fn test_unseal_correct_password() {
async fn unseal_correct_password() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_vault(&db).await;
@@ -114,7 +114,7 @@ async fn test_unseal_correct_password() {
#[tokio::test]
#[test_log::test]
async fn test_unseal_wrong_then_correct_password() {
async fn unseal_wrong_then_correct_password() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_vault(&db).await;

8
server/crates/arbiter-server/tests/vault/storage.rs
View File

@@ -12,7 +12,7 @@ use std::collections::HashSet;
#[tokio::test]
#[test_log::test]
async fn test_create_decrypt_roundtrip() {
async fn create_decrypt_roundtrip() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_vault(&db).await;
@@ -28,7 +28,7 @@ async fn test_create_decrypt_roundtrip() {
#[tokio::test]
#[test_log::test]
async fn test_decrypt_nonexistent_returns_not_found() {
async fn decrypt_nonexistent_returns_not_found() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_vault(&db).await;
@@ -38,7 +38,7 @@ async fn test_decrypt_nonexistent_returns_not_found() {
#[tokio::test]
#[test_log::test]
async fn test_ciphertext_differs_across_entries() {
async fn ciphertext_differs_across_entries() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_vault(&db).await;
@@ -76,7 +76,7 @@ async fn test_ciphertext_differs_across_entries() {
#[tokio::test]
#[test_log::test]
async fn test_nonce_never_reused() {
async fn nonce_never_reused() {
let db = db::create_test_pool().await;
let mut actor = common::bootstrapped_vault(&db).await;