Echo
83c97aa2b1
Some checks failed
CI Pipeline / Rust Format Check (push) Failing after 36s
CI Pipeline / Clippy Lints (push) Successful in 45s
CI Pipeline / Rust Unit Tests (push) Successful in 1m1s
CI Pipeline / Security Audit (push) Successful in 4s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 11s
CI Pipeline / Build .deb & Release (push) Has been skipped
BUG-6: Add TLS support via axum-server + rustls
- Added axum-server with tls-rustls feature to workspace and pm-web
- pm-web now serves HTTPS when TLS certs exist, falls back to HTTP with warning
- setup.sh generates self-signed ECDSA P-256 TLS cert with SANs
- Config already had web_tls_cert_path/web_tls_key_path fields
BUG-7: Fix audit chain integrity errors
- Migration 005 now TRUNCATEs audit_log after adding prev_hash column
- Existing rows had broken hash chains (inserted before prev_hash existed)
BUG-8: Disable WatchdogSec in patch-manager-web.service
- pm-web does not implement sd_notify, causing systemd to kill the service
BUG-9: Disable WatchdogSec in patch-manager-worker.service
- Same issue as BUG-8, worker does not implement sd_notify
Previous fixes (BUG-1 through BUG-5) also included:
- setup.sh: PostgreSQL 15+ schema GRANTs
- Axum route syntax :param → {param} (19 routes)
- DbUser struct role: String → UserRole enum mapping
- UserRole/AuthProvider Display trait implementations
- Seed admin password hash (Argon2id)
83 lines
2.1 KiB
TOML
83 lines
2.1 KiB
TOML
[workspace]
|
|
resolver = "2"
|
|
members = [
|
|
"crates/pm-web",
|
|
"crates/pm-worker",
|
|
"crates/pm-core",
|
|
"crates/pm-agent-client",
|
|
"crates/pm-auth",
|
|
"crates/pm-ca",
|
|
"crates/pm-reports",
|
|
]
|
|
|
|
[workspace.package]
|
|
version = "0.1.0"
|
|
edition = "2021"
|
|
authors = ["Echo <echo@moon-dragon.us>"]
|
|
license = "MIT"
|
|
|
|
[workspace.dependencies]
|
|
# Async runtime
|
|
tokio = { version = "1", features = ["full"] }
|
|
|
|
# Web framework
|
|
axum = { version = "0.8", features = ["ws", "macros"] }
|
|
axum-server = { version = "0.7", features = ["tls-rustls"] }
|
|
axum-extra = { version = "0.10", features = ["typed-header"] }
|
|
tower = { version = "0.5" }
|
|
tower-http = { version = "0.6", features = ["fs", "trace", "cors", "request-id"] }
|
|
|
|
# Database
|
|
sqlx = { version = "0.8", features = ["runtime-tokio-rustls", "postgres", "macros", "migrate", "uuid", "chrono", "json"] }
|
|
|
|
# Serialization
|
|
serde = { version = "1", features = ["derive"] }
|
|
serde_json = { version = "1" }
|
|
toml = { version = "0.8" }
|
|
|
|
# Error handling
|
|
thiserror = { version = "2" }
|
|
anyhow = { version = "1" }
|
|
|
|
# Logging / Tracing
|
|
tracing = { version = "0.1" }
|
|
tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
|
|
|
|
# UUID / ULID
|
|
uuid = { version = "1", features = ["v4", "serde"] }
|
|
ulid = { version = "1", features = ["serde"] }
|
|
|
|
# Time
|
|
chrono = { version = "0.4", features = ["serde"] }
|
|
|
|
# HTTP client
|
|
reqwest = { version = "0.12", features = ["rustls-tls", "json"] }
|
|
|
|
# TLS
|
|
rustls = { version = "0.23" }
|
|
tokio-rustls = { version = "0.26" }
|
|
rustls-pemfile = { version = "2" }
|
|
|
|
# Certificate Authority
|
|
rcgen = { version = "0.13", features = ["pem", "x509-parser"] }
|
|
pem = { version = "3" }
|
|
time = { version = "0.3", features = ["std"] }
|
|
|
|
# Config
|
|
config = { version = "0.15" }
|
|
|
|
# Misc
|
|
bytes = { version = "1" }
|
|
futures = { version = "0.3" }
|
|
|
|
# Authentication & Security
|
|
argon2 = { version = "0.5", features = ["std"] }
|
|
jsonwebtoken = { version = "9" }
|
|
rand = { version = "0.8", features = ["std"] }
|
|
totp-rs = { version = "5", features = ["gen_secret", "otpauth"] }
|
|
base64 = { version = "0.22" }
|
|
hex = { version = "0.4" }
|
|
sha2 = { version = "0.10" }
|
|
ipnet = { version = "2" }
|
|
url = { version = "2" }
|