Support Authentication with SCRAM (#26)

* auth message parsing and scrambling

* extract handler into module

* add require_tls option to server config

* read_message_with_timeout

* PasswordMessage and SASLinitialresponse

* Passthrough SCRAM_SHA_256 auth

* add postgres-protocol

* Pull log into module

* Add dev option to disable database tls

* remove unused tests

* rename dataset to encrypt_config

* rename test config files to disambiguate

* add channel binding to tlsconfig on init

* Improve error message on db connect failure

* channelbinding for asyncstream

* Auth module & SASL messages

* read_auth_message

* cleanup

* SASL & MD5 Auth actually working

* Do not require_tls by default

* Handle database Md5 and cleartext auth

* disable mapping

* SASLMechanism as enum

* log targets

* Use correct sasl mechanism

* updated cargo

* Cleanup

* psql tests

* Maybe integration tests

* README on int tests

* Ignore cipherstash-proxy.local.toml

* just enough shutdown for tests

* attempt integration test in ci

* clippy cleanup

* Filter integration tests

* Install latest stable rust

* Explain what this config is for

* Bump to latest mise, in attempt to work around bug

* Do something unholy to make the command execute correctly

* Fix use ordering to satisfy the `cargo fmt` gods

* Move the test tasks to a more discoverable place

* Explicitly call nextest tests unit tests

* Run the integration tests as part of the CI tests

* option to disable mapping

* More logging

* Fix bug introduced by bad merge conflict

* Add a task for testing if Proxy has started

* Make nc work on GNU-based systems

* Try and determine if the wait is working

* Report when successful

* Disable running up a container

Because we do that later in the integration tests

* Test for the right port t 🤦

* wtf is going on

* GitHub: tell me how can you fuck up a loop

* Remove debugging. Fuck you GitHub

* setup proxy env from secrets

* setup proxy env from secrets

* un-silent proxy run in tests

* Install rust via mise

* more clippy

---------

Co-authored-by: Lindsay Holmwood <[email protected]>
Co-authored-by: Lindsay Holmwood <[email protected]>

Author: tobyhede

.github/workflows/test.yml

@@ -12,19 +12,29 @@ jobs:
     runs-on: buildjet-16vcpu-ubuntu-2204
     steps:
       - uses: actions/checkout@v4
+      - name: Install rust
+        shell: /bin/bash -l {0}
+        run: rustup toolchain install stable --profile minimal --no-self-update
       - name: Setup Rust cache
         uses: Swatinem/rust-cache@v2
         with:
           cache-provider: buildjet
           cache-all-crates: true
       - uses: jdx/mise-action@v2
         with:
-          version: 2024.12.0 # [default: latest] mise version to install
+          version: 2024.12.11 # [default: latest] mise version to install
           install: true # [default: true] run `mise install`
           cache: true # [default: true] cache mise using GitHub's cache
       - run: |
           mise run up --extra-args "--detach --wait"
       - run: |
           mise run setup
-      - run: |
-          mise run test
+      - name: ci
+        env:
+          CS_AUTH__WORKSPACE_ID: ${{ secrets.CS_AUTH__WORKSPACE_ID }}
+          CS_AUTH__CLIENT_ACCESS_KEY: ${{ secrets.CS_AUTH__CLIENT_ACCESS_KEY }}
+          CS_ENCRYPT__DATASET_ID: ${{ secrets.CS_ENCRYPT__DATASET_ID }}
+          CS_ENCRYPT__CLIENT_ID: ${{ secrets.CS_ENCRYPT__CLIENT_ID }}
+          CS_ENCRYPT__CLIENT_KEY: ${{ secrets.CS_ENCRYPT__CLIENT_KEY }}
+        run: |
+          mise run ci

.gitignore

@@ -1,6 +1,7 @@
 /target
 .DS_Store
 /cipherstash-proxy.toml
+/cipherstash-proxy.local.toml
 mise.local.toml
 tests/pg/data**
 tests/sql/cipherstash-encrypt.sql

.mise/tasks/test/run

@@ -0,0 +1 @@
+rust stable