Initial commit

.dockerignore

@@ -0,0 +1 @@
+target/

.env

@@ -0,0 +1,14 @@
+DATABASE_URL="postgresql://defguard:defguard@localhost/defguard"
+DEFGUARD_JWT_SECRET=orion-secret
+DEFGUARD_LDAP_URL=ldap://localhost:389
+DEFGUARD_LDAP_SERVICE_PASSWORD=adminpassword
+DEFGUARD_LDAP_USER_SEARCH_BASE="ou=users,dc=example,dc=org"
+DEFGUARD_LDAP_GROUP_SEARCH_BASE="ou=groups,dc=example,dc=org"
+DEFGUARD_LDAP_DEVICE_SEARCH_BASE="ou=devices,dc=example,dc=org"
+DEFGUARD_OAUTH_ENABLED=true
+DEFGUARD_DB_HOST="localhost"
+DEFGUARD_DB_PORT=5432
+DEFGUARD_DB_NAME="defguard"
+DEFGUARD_DB_USER="defguard"
+DEFGUARD_DB_PASSWORD="defguard"
+DEFGUARD_DATABASE_URL="postgresql://defguard:defguard@localhost/defguard"

.github/workflows/ci.yml

@@ -0,0 +1,62 @@
+name: Continuous integration
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    container: rust:latest
+
+    services:
+      postgres:
+        image: postgres:14-alpine
+        env:
+          POSTGRES_DB: defguard
+          POSTGRES_USER: defguard
+          POSTGRES_PASSWORD: defguard
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - name: Debug
+        run: echo ${{ github.ref_name }}
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+      - name: Cache
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+      - name: Set database URL
+        run: sed -i -e 's,localhost,postgres,' .env
+      - name: Install protoc
+        run: apt-get update && apt-get -y install protobuf-compiler
+      - name: Run tests
+        env:
+          DEFGUARD_DB_HOST: postgres
+          DEFGUARD_DB_PORT: 5432
+          DEFGUARD_DB_NAME: defguard
+          DEFGUARD_DB_USER: defguard
+          DEFGUARD_DB_PASSWORD: defguard
+          DEFGUARD_LICENSE: BwAAAAAAAAB0ZW9uaXRlCgAAAAAAAAAyMDUwLTEwLTEwAAAAAAFiayfBptq8pZXjPo4FV3VnmmwR/ipZHLriVPTW3AFyRq4c2wR+DzWC4BUACu3YMS27kX116JVKWB3/edYKNELFSiqYc6vsfoOrXnnQQJDI8RoyAQB6MpLv/EcgRZh47iI4L+tp44jKFQZ+EqqvMNt3G41u13P72HdkUv8yzQ7dmm3BrYQGJSCh/xiLna+mtQ9IQdqXOmYVInPXiWtIvi157Utfnow3gS0Ak45jci0DhtH+RWmFfiMOQCc4Qx0kEF9PsHl6Hn9Ay4oRTAnSYEPdWfQlVh5Rp276bLqnHDdyJ3/o2RSNK+QUXR7V2iuN1M3sWyW1rCGXtV5miHGI97CS
+          SQLX_OFFLINE: true
+        run: cargo test --locked --no-fail-fast --features mock-license-key

.github/workflows/release.yml

@@ -0,0 +1,51 @@
+name: Publish to Docker Registry
+on:
+  push:
+    tags:
+      - v*.*.*
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Cache
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            DefGuard/core
+            ghcr.io/DefGuard/core
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+      - name: Login to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build container
+        uses: docker/build-push-action@v3
+        with:
+          # platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.gitignore

@@ -0,0 +1,3 @@
+target/
+defguard.db*
+.volumes

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "proto"]
+	path = proto
+	url = ../proto.git

CONTRIBUTING.md

@@ -0,0 +1,53 @@
+# Contributing
+
+1. Sqlx offline build
+
+Requires `sqlx-data.json` to be present in the root directory of the project. Create the file using:
+
+```
+cargo sqlx prepare -- --lib
+```
+
+2. Build docker image
+
+```
+docker-compose build
+```
+
+3. Run
+
+```
+docker-compose up
+```
+
+## Configuration
+
+Following environment variables can be set to configure orion core service:
+
+* **DEFGUARD_ADMIN_GROUPNAME**: groupname that give a user privileged access
+
+### Authorization
+
+* **DEFGUARD_JWT_SECRET**: Json Web Token secret, used to encode/decode JWT tokens
+
+### LDAP
+
+* **DEFGUARD_LDAP_URL**: URL to read users and devices data (e.g. `http://localhost:389`)
+* **DEFGUARD_LDAP_GROUP_SEARCH_BASE**: group search base, default: `ou=groups,dc=example,dc=org`
+* **DEFGUARD_LDAP_USER_SEARCH_BASE**: user search base, default: `dc=example,dc=org`
+* **DEFGUARD_LDAP_USER_OBJ_CLASS**: user object class, default: `inetOrgPerson`
+* **DEFGUARD_LDAP_GROUP_OBJ_CLASS**: group object class, default: `groupOfUniqueNames`
+* **DEFGUARD_LDAP_USERNAME_ATTR**: naming attribute for users, should be `cn` or `uid`, default: `cn` 
+* **DEFGUARD_LDAP_GROUPNAME_ATTR**: naming attribute for groups, default: `cn`
+* **DEFGUARD_LDAP_MEMBER_ATTR**: user attribute for group membership
+* **DEFGUARD_LDAP_GROUP_MEMBER_ATTR**: group attibute for memebers
+
+### gRPC
+
+* **DEFGUARD_GRPC_PORT**: gRPC services bind port, default = `50055`
+
+### HTTP server
+
+* **DEFGUARD_WEB_PORT**: web services bind port, default = `8000`
+* **DEFGUARD_OAUTH_ENABLED**: enable OAuth 2.0 support
+* **DEFGUARD_WG_SERVICE_URL**: WireGuard service instance to connect to