Move all rest-api code out of libsplinter

This commit moves all actix-web and supporting rest-api code into the
actix-web-1 and common crates.

The main discriminant is 'does this have actix-web-1 stuff in it' =>
actix-web-1 else common.

Below is an accounting of where things moved from
libsplinter/src/rest_api. This commit encompasses these moves as well as
updating everything in the rest_api and splinterd crates to import
structs from the right places.

1 auth
======

1.1 identity => rest_api/common/auth/identity
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1.1.1 biome.rs
--------------

1.1.2 cylinder.rs
-----------------

1.1.3 mod.rs
------------

1.1.4 oauth.rs
--------------

1.2 mod.rs => rest_api/common/auth/{authorization_result, authorization_header, bearer_token}.mod.rs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1.3 actix.rs => rest_api/actix_web_1/auth/{transform,middleware}.rs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1.4 authorization
~~~~~~~~~~~~~~~~~

1.4.1 permission_map.rs => Split between common/auth/permission_map.rs and  actix_web_1/auth/method.rs
------------------------------------------------------------------------------------------------------

1.4.2 rbac
----------

* 1.4.2.1 handler.rs => common/auth/rbac/handler.rs

* 1.4.2.2 mod.rs

* 1.4.2.3 rest_api

  + 1.4.2.3.1 resources => common/auth/rbac/resources

    - 1.4.2.3.1.1 roles.rs

    - 1.4.2.3.1.2 mod.rs

    - 1.4.2.3.1.3 assignments.rs

  + 1.4.2.3.2 mod.rs => delete

  + 1.4.2.3.3 actix_web_1 => actix_web_1/auth/rbac

    - 1.4.2.3.3.1 error.rs => common/auth/rbac/error.rs

    - 1.4.2.3.3.2 roles.rs

    - 1.4.2.3.3.3 mod.rs

    - 1.4.2.3.3.4 assignments.rs

1.4.3 mod.rs => common/auth/{permission,authorization_handler_result,authorization_handler}.rs
----------------------------------------------------------------------------------------------

* 1.4.3.1 Split

* 1.4.3.2 Move

1.4.4 maintenance
-----------------

* 1.4.4.1 mod.rs => split common/auth/maintenance/{maintenance_mode_authorization_handler,mod}.rs

  + 1.4.4.1.1 Split

  + 1.4.4.1.2 Move

* 1.4.4.2 routes

  + 1.4.4.2.1 actix.rs => actix-web-1/auth/maintenance/routes.rs

  + 1.4.4.2.2 mod.rs => actix-web-1/auth/maintenance/mod.rs

  + 1.4.4.2.3 resources.rs => common/auth/maintenance/

1.4.5 allow_keys.rs => common/auth/allow_keys.rs
------------------------------------------------

1.4.6 routes
------------

* 1.4.6.1 mod.rs => actix-web/actix-web-1/routes/resource_provider.rs

* 1.4.6.2 actix.rs => actix-web/actix-web/routes/make_permissions_resource.rs

* 1.4.6.3 resources.rs => common/auth/routes?/resources.rs

2 secrets => common/auth/secrets
================================

2.1 error.rs
~~~~~~~~~~~~

2.2 mod.rs
~~~~~~~~~~

2.3 auto_secret_manager.rs
~~~~~~~~~~~~~~~~~~~~~~~~~~

3 cors.rs => actix-web-1/auth/cors.rs
=====================================

4 response_models.rs => common/response_models.rs
=================================================

5 paging.rs => delete, already exists in common
===============================================

6 mod.rs => Split common/{OauthConfig,bind_config,mod}.rs
=========================================================

7 sessions => common/sessions/
==============================

7.1 claims.rs
~~~~~~~~~~~~~

7.2 token_issuer.rs
~~~~~~~~~~~~~~~~~~~

7.3 error.rs
~~~~~~~~~~~~

7.4 mod.rs
~~~~~~~~~~

8 errors.rs => common/auth/error.rs
===================================

Signed-off-by: Caleb Hill <hill@bitwise.io>

Author: Caleb-Hill

libsplinter/Cargo.toml

@@ -27,10 +27,7 @@ description = """\
 repository = "https://github.com/cargill/splinter"
 
 [dependencies]
-actix = { version = "0.8", optional = true, default-features = false }
 actix-http = { version = "0.2", optional = true, default-features = false }
-actix-web = { version = "1.0", optional = true, default-features = false }
-actix-web-actors = { version = "1.0", optional = true }
 awc = { version = "0.2", optional = true, default-features = false }
 base64 = { version = "0.13", optional = true }
 bcrypt = {version = "0.10", optional = true}
@@ -158,7 +155,7 @@ admin-service-event-subscriber-glob = ["admin-service"]
 authorization-handler-allow-keys = ["authorization"]
 authorization-handler-maintenance = ["authorization"]
 authorization = ["rest-api-actix-web-1"]
-authorization-handler-rbac = ["authorization", "store"]
+authorization-handler-rbac = ["store"]
 biome = []
 biome-client = ["biome"]
 biome-client-reqwest = ["biome", "reqwest"]
@@ -171,7 +168,7 @@ client-reqwest = ["reqwest"]
 cylinder-jwt = ["cylinder/jwt", "rest-api"]
 deferred-send = []
 events = ["actix-http", "futures", "hyper", "tokio", "awc"]
-https-bind = ["actix-web/ssl"]
+https-bind = []
 memory = ["sqlite"]
 node-id-store = ["store"]
 oauth = ["biome", "base64", "oauth2", "reqwest", "rest-api", "store"]
@@ -182,10 +179,7 @@ registry-client-reqwest = ["registry-client", "reqwest", "rest-api"]
 registry-remote = ["reqwest", "registry"]
 rest-api = ["jsonwebtoken", "percent-encoding"]
 rest-api-actix-web-1 = [
-    "actix",
     "actix-http",
-    "actix-web",
-    "actix-web-actors",
     "futures",
     "rest-api",
 ]

libsplinter/src/admin/service/messages/v1/mod.rs

@@ -17,6 +17,7 @@ pub mod builder;
 use std::convert::TryFrom;
 
 use protobuf::{self, RepeatedField};
+use serde::{self, Deserialize, Serialize};
 
 use crate::admin::error::MarshallingError;
 use crate::admin::store;

libsplinter/src/biome/credentials/mod.rs

@@ -15,6 +15,4 @@
 //! Defines a basic API to register and authenticate a User using a username and a password.
 //! Not recommended for use in production.
 
-#[cfg(feature = "rest-api-actix-web-1")]
-pub mod rest_api;
 pub mod store;

libsplinter/src/biome/credentials/rest_api/mod.rs

@@ -14,6 +14,4 @@
 
 //! Biome functionality to support user profiles.
 
-#[cfg(feature = "rest-api-actix-web-1")]
-pub mod rest_api;
 pub mod store;

libsplinter/src/biome/profile/mod.rs

@@ -12,13 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-mod actix_web_1;
-
-#[cfg(feature = "authorization")]
-use crate::rest_api::auth::authorization::Permission;
-
-pub use actix_web_1::BiomeProfileRestResourceProvider;
-
 #[cfg(feature = "authorization")]
 const BIOME_PROFILE_READ_PERMISSION: Permission = Permission::Check {
     permission_id: "biome.profile.read",

libsplinter/src/biome/profile/rest_api/mod.rs

@@ -17,11 +17,12 @@
 
 #[macro_use]
 extern crate log;
-#[cfg(any(feature = "admin-service", feature = "rest-api", feature = "registry"))]
+#[cfg(any(feature = "admin-service", feature = "registry"))]
 #[macro_use]
+#[cfg(any(feature = "admin-service"))]
 extern crate serde_derive;
 #[macro_use]
-#[cfg(feature = "rest-api-actix-web-1")]
+#[cfg(feature = "biome-client")]
 extern crate serde_json;
 #[macro_use]
 #[cfg(all(
@@ -108,11 +109,7 @@ pub mod peer;
 pub mod protocol;
 pub mod protos;
 pub mod public_key;
-#[cfg(all(
-    feature = "rest-api",
-    feature = "authorization",
-    feature = "authorization-handler-rbac"
-))]
+#[cfg(all(feature = "authorization", feature = "authorization-handler-rbac"))]
 pub mod rbac;
 #[cfg(feature = "registry")]
 pub mod registry;

libsplinter/src/lib.rs

@@ -13,6 +13,7 @@
 // limitations under the License.
 
 use reqwest::blocking::Client;
+use serde::Deserialize;
 
 use crate::error::{InternalError, InvalidStateError};
 use crate::oauth::OpenIdProfileProvider;

libsplinter/src/oauth/builder/openid.rs

@@ -17,8 +17,6 @@
 mod builder;
 mod error;
 mod profile;
-#[cfg(feature = "rest-api-actix-web-1")]
-pub(crate) mod rest_api;
 pub mod store;
 mod subject;
 

libsplinter/src/oauth/mod.rs

@@ -122,210 +122,3 @@ impl From<OpenIdProfileResponse> for Profile {
         }
     }
 }
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    use std::sync::mpsc::channel;
-    use std::thread::JoinHandle;
-
-    use actix::System;
-    use actix_web::{dev::Server, web, App, HttpRequest, HttpResponse, HttpServer};
-    use futures::Future;
-
-    const USERINFO_ENDPOINT: &str = "/userinfo";
-    const ALL_DETAILS_TOKEN: &str = "all_details";
-    const ONLY_SUB_TOKEN: &str = "only_sub";
-    const UNEXPECTED_RESPONSE_CODE_TOKEN: &str = "unexpected_response_code";
-    const INVALID_RESPONSE_TOKEN: &str = "invalid_response";
-    const SUB: &str = "sub";
-    const NAME: &str = "name";
-    const GIVEN_NAME: &str = "given_name";
-    const FAMILY_NAME: &str = "family_name";
-    const EMAIL: &str = "email";
-    const PICTURE: &str = "picture";
-
-    /// Verifies that the OpenID profile provider correctly returns all relevant profile information
-    /// when it's provided.
-    ///
-    /// 1. Start the mock OpenID server
-    /// 2. Get the profile for a user with all details filled out
-    /// 3. Verify that all profile details are correct
-    /// 4. Shutdown the OpenID server
-    #[test]
-    fn all_details() {
-        let (shutdown_handle, address) = run_mock_openid_server("all_details");
-
-        let profile = OpenIdProfileProvider::new(format!("{}{}", address, USERINFO_ENDPOINT))
-            .get_profile(ALL_DETAILS_TOKEN)
-            .expect("Failed to get profile")
-            .expect("Profile not found");
-
-        assert_eq!(&profile.subject, SUB);
-        assert_eq!(profile.name.as_deref(), Some(NAME));
-        assert_eq!(profile.given_name.as_deref(), Some(GIVEN_NAME));
-        assert_eq!(profile.family_name.as_deref(), Some(FAMILY_NAME));
-        assert_eq!(profile.email.as_deref(), Some(EMAIL));
-        assert_eq!(profile.picture.as_deref(), Some(PICTURE));
-
-        shutdown_handle.shutdown();
-    }
-
-    /// Verifies that the OpenID profile provider correctly returns the profile when only the
-    /// subject is provided
-    ///
-    /// 1. Start the mock OpenID server
-    /// 2. Get the profile for a user with only the subject filled out
-    /// 3. Verify that the `subject` field is correct and all other fields are empty
-    /// 4. Shutdown the OpenID server
-    #[test]
-    fn only_sub() {
-        let (shutdown_handle, address) = run_mock_openid_server("only_sub");
-
-        let profile = OpenIdProfileProvider::new(format!("{}{}", address, USERINFO_ENDPOINT))
-            .get_profile(ONLY_SUB_TOKEN)
-            .expect("Failed to get profile")
-            .expect("Profile not found");
-
-        assert_eq!(&profile.subject, SUB);
-        assert!(profile.name.is_none());
-        assert!(profile.given_name.is_none());
-        assert!(profile.family_name.is_none());
-        assert!(profile.email.is_none());
-        assert!(profile.picture.is_none());
-
-        shutdown_handle.shutdown();
-    }
-
-    /// Verifies that the OpenID profile provider correctly returns `Ok(None)` when receiving a
-    /// `401 Unauthorized` response from the OpenID server (which means the token is unknown).
-    ///
-    /// 1. Start the mock OpenID server
-    /// 2. Attempt to get the profile for an unknown token
-    /// 3. Verify that the profile provider returns the correct value
-    /// 4. Shutdown the OpenID server
-    #[test]
-    fn unauthorized_token() {
-        let (shutdown_handle, address) = run_mock_openid_server("unauthorized_token");
-
-        let profile_opt = OpenIdProfileProvider::new(format!("{}{}", address, USERINFO_ENDPOINT))
-            .get_profile("unknown_token")
-            .expect("Failed to get profile");
-
-        assert!(profile_opt.is_none());
-
-        shutdown_handle.shutdown();
-    }
-
-    /// Verifies that the OpenID profile provider correctly returns an error when receiving an
-    /// unexpected response code from the OpenID server.
-    ///
-    /// 1. Start the mock OpenID server
-    /// 2. Attempt to get the profile for a token that the server will return a non-200 and non-401
-    ///    response for
-    /// 3. Verify that the profile provider returns an error
-    /// 4. Shutdown the OpenID server
-    #[test]
-    fn unexpected_response_code() {
-        let (shutdown_handle, address) = run_mock_openid_server("unauthorized_token");
-
-        let profile_res = OpenIdProfileProvider::new(format!("{}{}", address, USERINFO_ENDPOINT))
-            .get_profile(UNEXPECTED_RESPONSE_CODE_TOKEN);
-
-        assert!(profile_res.is_err());
-
-        shutdown_handle.shutdown();
-    }
-
-    /// Verifies that the OpenID profile provider correctly returns an error when receiving a
-    /// response that doesn't contain the `sub` field.
-    ///
-    /// 1. Start the mock OpenID server
-    /// 2. Attempt to get the profile for a token that the server will return an invalid response
-    ///    for
-    /// 3. Verify that the profile provider returns an error
-    /// 4. Shutdown the OpenID server
-    #[test]
-    fn invalid_response() {
-        let (shutdown_handle, address) = run_mock_openid_server("unauthorized_token");
-
-        let profile_res = OpenIdProfileProvider::new(format!("{}{}", address, USERINFO_ENDPOINT))
-            .get_profile(INVALID_RESPONSE_TOKEN);
-
-        assert!(profile_res.is_err());
-
-        shutdown_handle.shutdown();
-    }
-
-    /// Runs a mock OAuth OpenID server and returns its shutdown handle along with the address the
-    /// server is running on.
-    fn run_mock_openid_server(test_name: &str) -> (OpenIDServerShutdownHandle, String) {
-        let (tx, rx) = channel();
-
-        let instance_name = format!("OpenID-Server-{}", test_name);
-        let join_handle = std::thread::Builder::new()
-            .name(instance_name.clone())
-            .spawn(move || {
-                let sys = System::new(instance_name);
-                let server = HttpServer::new(|| {
-                    App::new().service(web::resource(USERINFO_ENDPOINT).to(userinfo_endpoint))
-                })
-                .bind("127.0.0.1:0")
-                .expect("Failed to bind OpenID server");
-                let address = format!("http://127.0.0.1:{}", server.addrs()[0].port());
-                let server = server.disable_signals().system_exit().start();
-                tx.send((server, address)).expect("Failed to send server");
-                sys.run().expect("OpenID server runtime failed");
-            })
-            .expect("Failed to spawn OpenID server thread");
-
-        let (server, address) = rx.recv().expect("Failed to receive server");
-
-        (OpenIDServerShutdownHandle(server, join_handle), address)
-    }
-
-    /// The handler for the OpenID server's user info endpoint.
-    fn userinfo_endpoint(req: HttpRequest) -> HttpResponse {
-        match req
-            .headers()
-            .get("Authorization")
-            .and_then(|auth| auth.to_str().ok())
-            .and_then(|auth_str| auth_str.strip_prefix("Bearer "))
-        {
-            Some(token) if token == ALL_DETAILS_TOKEN => HttpResponse::Ok()
-                .content_type("application/json")
-                .json(json!({
-                    "sub": SUB,
-                    "name": NAME,
-                    "given_name": GIVEN_NAME,
-                    "family_name": FAMILY_NAME,
-                    "email": EMAIL,
-                    "picture": PICTURE,
-                })),
-            Some(token) if token == ONLY_SUB_TOKEN => HttpResponse::Ok()
-                .content_type("application/json")
-                .json(json!({
-                    "sub": SUB,
-                })),
-            Some(token) if token == UNEXPECTED_RESPONSE_CODE_TOKEN => {
-                HttpResponse::BadRequest().finish()
-            }
-            Some(token) if token == INVALID_RESPONSE_TOKEN => HttpResponse::Ok().finish(),
-            Some(_) => HttpResponse::Unauthorized().finish(),
-            None => HttpResponse::BadRequest().finish(),
-        }
-    }
-
-    struct OpenIDServerShutdownHandle(Server, JoinHandle<()>);
-
-    impl OpenIDServerShutdownHandle {
-        pub fn shutdown(self) {
-            self.0
-                .stop(false)
-                .wait()
-                .expect("Failed to stop OpenID server");
-            self.1.join().expect("OpenID server thread failed");
-        }
-    }
-}