add tchap configuration

Author: mcalinghee

Cargo.lock

@@ -9,7 +9,7 @@ use std::{convert::Infallible, net::IpAddr, sync::Arc};
 use axum::extract::{FromRef, FromRequestParts};
 use ipnetwork::IpNetwork;
 use mas_context::LogContext;
-use mas_data_model::SiteConfig;
+use mas_data_model::{SiteConfig, TchapConfig};
 use mas_handlers::{
     ActivityTracker, BoundActivityTracker, CookieManager, ErrorWrapper, GraphQLSchema, Limiter,
     MetadataCache, RequesterFingerprint, passwords::PasswordManager,
@@ -49,6 +49,7 @@ pub struct AppState {
     pub activity_tracker: ActivityTracker,
     pub trusted_proxies: Vec<IpNetwork>,
     pub limiter: Limiter,
+    pub tchap_config: TchapConfig,
 }
 
 impl AppState {
@@ -216,6 +217,12 @@ impl FromRef<AppState> for Arc<dyn HomeserverConnection> {
     }
 }
 
+impl FromRef<AppState> for TchapConfig {
+    fn from_ref(input: &AppState) -> Self {
+        input.tchap_config.clone()
+    }
+}
+
 impl FromRequestParts<AppState> for BoxClock {
     type Rejection = Infallible;
 

crates/cli/src/app_state.rs

@@ -11,9 +11,11 @@ use clap::Parser;
 use figment::Figment;
 use itertools::Itertools;
 use mas_config::{
-    AppConfig, ClientsConfig, ConfigurationSection, ConfigurationSectionExt, UpstreamOAuth2Config,
+    AppConfig, ClientsConfig, ConfigurationSection, ConfigurationSectionExt, TchapAppConfig,
+    UpstreamOAuth2Config,
 };
 use mas_context::LogContext;
+use mas_data_model::TchapConfig;
 use mas_handlers::{ActivityTracker, CookieManager, Limiter, MetadataCache};
 use mas_listener::server::Server;
 use mas_router::UrlBuilder;
@@ -59,6 +61,8 @@ impl Options {
         let span = info_span!("cli.run.init").entered();
         let mut shutdown = LifecycleManager::new()?;
         let config = AppConfig::extract(figment).map_err(anyhow::Error::from_boxed)?;
+        let tchap_app_config =
+            TchapAppConfig::extract(figment).map_err(anyhow::Error::from_boxed)?;
 
         info!(version = crate::VERSION, "Starting up");
 
@@ -159,6 +163,8 @@ impl Options {
             &config.captcha,
         )?;
 
+        let tchap_config = tchap_config_from_tchap_app_config(&tchap_app_config);
+
         // Load and compile the templates
         let templates =
             templates_from_config(&config.templates, &site_config, &url_builder).await?;
@@ -246,6 +252,7 @@ impl Options {
                 activity_tracker,
                 trusted_proxies,
                 limiter,
+                tchap_config,
             };
             s.init_metrics();
             s.init_metadata_cache();
@@ -334,3 +341,9 @@ impl Options {
         Ok(exit_code)
     }
 }
+
+fn tchap_config_from_tchap_app_config(tchap_app_config: &TchapAppConfig) -> TchapConfig {
+    TchapConfig {
+        identity_server_url: tchap_app_config.identity_server_url.clone(),
+    }
+}

crates/cli/src/commands/server.rs

@@ -21,6 +21,7 @@ mod passwords;
 mod policy;
 mod rate_limiting;
 mod secrets;
+mod tchap;
 mod telemetry;
 mod templates;
 mod upstream_oauth2;
@@ -44,6 +45,7 @@ pub use self::{
     policy::PolicyConfig,
     rate_limiting::RateLimitingConfig,
     secrets::SecretsConfig,
+    tchap::TchapAppConfig,
     telemetry::{
         MetricsConfig, MetricsExporterKind, Propagator, TelemetryConfig, TracingConfig,
         TracingExporterKind,

crates/config/src/sections/mod.rs

@@ -0,0 +1,90 @@
+//
+// MIT License
+//
+// Copyright (c) 2025, Direction interministérielle du numérique - Gouvernement
+// Français
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to
+// deal in the Software without restriction, including without limitation the
+// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+// sell copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+use schemars::JsonSchema;
+use serde::{Deserialize, Serialize};
+use serde_with::serde_as;
+use url::Url;
+
+use super::ConfigurationSection;
+
+fn default_identity_server_url() -> Url {
+    Url::parse("http://localhost:8090/").unwrap()
+}
+
+/// Tchap specific configuration
+#[serde_as]
+#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
+pub struct TchapAppConfig {
+    /// Identity Server Url
+    #[serde(default = "default_identity_server_url")]
+    pub identity_server_url: Url,
+}
+
+impl ConfigurationSection for TchapAppConfig {
+    const PATH: Option<&'static str> = Some("tchap");
+
+    // NOTE: implement this function to perform validation on config
+    fn validate(
+        &self,
+        _figment: &figment::Figment,
+    ) -> Result<(), Box<dyn std::error::Error + Send + Sync + 'static>> {
+        Ok(())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use figment::{
+        Figment, Jail,
+        providers::{Format, Yaml},
+    };
+
+    use super::*;
+
+    #[test]
+    fn load_config() {
+        Jail::expect_with(|jail| {
+            jail.create_file(
+                "config.yaml",
+                r"
+                    tchap:
+                      identity_server_url: http://localhost:8091
+                ",
+            )?;
+
+            let config = Figment::new()
+                .merge(Yaml::file("config.yaml"))
+                .extract_inner::<TchapAppConfig>("tchap")?;
+
+            assert_eq!(
+                &config.identity_server_url.as_str().to_owned(),
+                "http://localhost:8091/"
+            );
+
+            Ok(())
+        });
+    }
+}

crates/config/src/sections/tchap.rs

@@ -12,6 +12,7 @@ pub(crate) mod compat;
 pub mod oauth2;
 pub(crate) mod policy_data;
 mod site_config;
+pub(crate) mod tchap_config;
 pub(crate) mod tokens;
 pub(crate) mod upstream_oauth2;
 pub(crate) mod user_agent;
@@ -35,6 +36,7 @@ pub use self::{
     },
     policy_data::PolicyData,
     site_config::{CaptchaConfig, CaptchaService, SessionExpirationConfig, SiteConfig},
+    tchap_config::*,
     tokens::{
         AccessToken, AccessTokenState, RefreshToken, RefreshTokenState, TokenFormatError, TokenType,
     },

crates/data-model/src/lib.rs

@@ -0,0 +1,34 @@
+//
+// MIT License
+//
+// Copyright (c) 2025, Direction interministérielle du numérique - Gouvernement
+// Français
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to
+// deal in the Software without restriction, including without limitation the
+// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+// sell copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+use url::Url;
+
+/// Random tchap configuration we want accessible in various places.
+#[allow(clippy::struct_excessive_bools)]
+#[derive(Debug, Clone)]
+pub struct TchapConfig {
+    /// Identity Server Url
+    pub identity_server_url: Url,
+}

crates/data-model/src/tchap_config.rs

@@ -36,7 +36,7 @@ use hyper::{
     },
 };
 use mas_axum_utils::{InternalError, cookies::CookieJar};
-use mas_data_model::SiteConfig;
+use mas_data_model::{SiteConfig, TchapConfig};
 use mas_http::CorsLayerExt;
 use mas_keystore::{Encrypter, Keystore};
 use mas_matrix::HomeserverConnection;
@@ -349,6 +349,7 @@ where
     BoxClock: FromRequestParts<S>,
     BoxRng: FromRequestParts<S>,
     Policy: FromRequestParts<S>,
+    TchapConfig: FromRef<S>,
 {
     Router::new()
         // XXX: hard-coded redirect from /account to /account/

crates/handlers/src/lib.rs

@@ -28,7 +28,7 @@ use mas_axum_utils::{
     cookies::{CookieJar, CookieManager},
 };
 use mas_config::RateLimitingConfig;
-use mas_data_model::SiteConfig;
+use mas_data_model::{SiteConfig, TchapConfig};
 use mas_email::{MailTransport, Mailer};
 use mas_i18n::Translator;
 use mas_keystore::{Encrypter, JsonWebKey, JsonWebKeySet, Keystore, PrivateKey};
@@ -115,6 +115,7 @@ pub(crate) struct TestState {
     pub rng: Arc<Mutex<ChaChaRng>>,
     pub http_client: reqwest::Client,
     pub task_tracker: TaskTracker,
+    pub tchap_config: TchapConfig,
     queue_worker: Arc<tokio::sync::Mutex<QueueWorker>>,
 
     #[allow(dead_code)] // It is used, as it will cancel the CancellationToken when dropped
@@ -259,6 +260,8 @@ impl TestState {
 
         let queue_worker = Arc::new(tokio::sync::Mutex::new(queue_worker));
 
+        let tchap_config = tchap::test_tchap_config();
+
         Ok(Self {
             repository_factory: PgRepositoryFactory::new(pool),
             templates,
@@ -280,6 +283,7 @@ impl TestState {
             task_tracker,
             queue_worker,
             cancellation_drop_guard: Arc::new(shutdown_token.drop_guard()),
+            tchap_config,
         })
     }
 
@@ -578,6 +582,12 @@ impl FromRef<TestState> for reqwest::Client {
     }
 }
 
+impl FromRef<TestState> for TchapConfig {
+    fn from_ref(input: &TestState) -> Self {
+        input.tchap_config.clone()
+    }
+}
+
 impl FromRequestParts<TestState> for ActivityTracker {
     type Rejection = Infallible;
 

crates/handlers/src/test_utils.rs

@@ -19,7 +19,7 @@ use mas_axum_utils::{
     csrf::{CsrfExt, ProtectedForm},
     record_error,
 };
-use mas_data_model::UpstreamOAuthProviderOnConflict;
+use mas_data_model::{TchapConfig, UpstreamOAuthProviderOnConflict};
 use mas_jose::jwt::Jwt;
 use mas_matrix::HomeserverConnection;
 use mas_policy::Policy;
@@ -231,6 +231,7 @@ pub(crate) async fn get(
     State(templates): State<Templates>,
     State(url_builder): State<UrlBuilder>,
     State(homeserver): State<Arc<dyn HomeserverConnection>>,
+    State(tchap_config): State<TchapConfig>,
     cookie_jar: CookieJar,
     activity_tracker: BoundActivityTracker,
     user_agent: Option<TypedHeader<headers::UserAgent>>,
@@ -450,7 +451,8 @@ pub(crate) async fn get(
                     Some(value) => {
                         //:tchap:
                         let server_name = homeserver.homeserver();
-                        let email_result = check_email_allowed(&value, server_name).await;
+                        let email_result =
+                            check_email_allowed(&value, server_name, &tchap_config).await;
 
                         match email_result {
                             EmailAllowedResult::Allowed => {
@@ -1052,12 +1054,20 @@ pub(crate) async fn post(
 //:tchap:
 ///real function used when not testing
 #[cfg(not(test))]
-async fn check_email_allowed(email: &str, server_name: &str) -> EmailAllowedResult {
-    tchap::is_email_allowed(email, server_name).await
+async fn check_email_allowed(
+    email: &str,
+    server_name: &str,
+    tchap_config: &TchapConfig,
+) -> EmailAllowedResult {
+    tchap::is_email_allowed(email, server_name, tchap_config).await
 }
 ///mock function used when testing
 #[cfg(test)]
-async fn check_email_allowed(_email: &str, _server_name: &str) -> EmailAllowedResult {
+async fn check_email_allowed(
+    _email: &str,
+    _server_name: &str,
+    _tchap_config: &TchapConfig,
+) -> EmailAllowedResult {
     EmailAllowedResult::Allowed
 }
 //:tchap:end