barycenter/Cargo.toml

[package]
name = "barycenter"
version = "0.2.0-alpha.15"
edition = "2021"
license = "MIT OR Apache-2.0"
description = "OpenID Connect IdP with federation, property storage, and auto-registration the center of gravity between multiple objects."
repository = "https://github.com/CloudNebulaProject/barycenter"
homepage = "https://github.com/CloudNebulaProject/barycenter"
documentation = "https://github.com/CloudNebulaProject/barycenter/blob/main/README.md"
keywords = ["openid", "oauth2", "identity", "authentication", "oidc"]
categories = ["authentication", "web-programming"]

[dependencies]
axum = { version = "0.8", features = ["json", "form"] }
tokio = { version = "1", features = ["full"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter", "fmt"] }
clap = { version = "4", features = ["derive"] }
miette = { version = "7", features = ["fancy"] }
thiserror = "1"
config = "0.14"
serde = { version = "1", features = ["derive"] }
serde_json = "1"
serde_with = "3"

# SeaORM for SQLite and PostgreSQL
sea-orm = { version = "1", default-features = false, features = ["sqlx-sqlite", "sqlx-postgres", "runtime-tokio-rustls", "macros"] }
sea-orm-migration = { version = "1", features = ["sqlx-sqlite", "sqlx-postgres", "runtime-tokio-rustls"] }
migration = { path = "migration" }

# JOSE / JWKS & JWT
josekit = "0.10"

chrono = { version = "0.4", features = ["serde", "clock"] }
time = "0.3"
rand = "0.8"
base64ct = { version = "1", features = ["alloc"] }
anyhow = "1"
sha2 = "0.10"
serde_urlencoded = "0.7"

# Password hashing
argon2 = "0.5"

# Rate limiting
tower = "0.5"
tower_governor = "0.4"

# Validation
regex = "1"
url = "2"

# GraphQL Admin API
seaography = { version = "1", features = ["with-decimal", "with-chrono", "with-uuid"] }
async-graphql = "7"
async-graphql-axum = "7"

# Background job scheduler
tokio-cron-scheduler = "0.13"

[dev-dependencies]
openidconnect = { version = "4", features = ["reqwest-blocking"] }
oauth2 = "5"
reqwest = { version = "0.12", features = ["blocking", "json", "cookies"] }
urlencoding = "2"

[profile.release]
debug = 1

# cargo-release configuration
[package.metadata.release]
# Skip publishing to crates.io
publish = false
# Ensure version is updated in Cargo.toml
pre-release-commit-message = "chore: release {{version}}"
# Create a git tag
tag-message = "chore: release {{version}}"
tag-name = "v{{version}}"
# Push changes and tags
push = true
# Require branch to be main
allow-branch = ["main"]
# Run tests before releasing
pre-release-replacements = [
  { file = "CHANGELOG.md", search = "## \\[Unreleased\\]", replace = "## [Unreleased]\n\n## [{{version}}] - {{date}}", exactly = 1 },
  { file = "deploy/helm/barycenter/Chart.yaml", search = "version: .*", replace = "version: {{version}}" },
  { file = "deploy/helm/barycenter/Chart.yaml", search = "appVersion: .*", replace = "appVersion: \"{{version}}\"" },
]
Initial commit: Barycenter OpenID Connect Identity Provider Barycenter is an OpenID Connect Identity Provider (IdP) implementing OAuth 2.0 Authorization Code flow with PKCE. Written in Rust using axum, SeaORM, and josekit. Features: - Authorization Code flow with PKCE (S256) - Dynamic client registration - Token endpoint with multiple auth methods - ID Token signing (RS256) - UserInfo endpoint - Discovery and JWKS publication 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-29 12:17:01 +01:00			`[package]`
			`name = "barycenter"`
chore: release 0.2.0-alpha.15 2025-12-02 21:47:11 +01:00			`version = "0.2.0-alpha.15"`
Initial commit: Barycenter OpenID Connect Identity Provider Barycenter is an OpenID Connect Identity Provider (IdP) implementing OAuth 2.0 Authorization Code flow with PKCE. Written in Rust using axum, SeaORM, and josekit. Features: - Authorization Code flow with PKCE (S256) - Dynamic client registration - Token endpoint with multiple auth methods - ID Token signing (RS256) - UserInfo endpoint - Discovery and JWKS publication 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-29 12:17:01 +01:00			`edition = "2021"`
			`license = "MIT OR Apache-2.0"`
			`description = "OpenID Connect IdP with federation, property storage, and auto-registration the center of gravity between multiple objects."`
chore: add repository metadata to Cargo.toml for cargo-release 2025-11-29 16:01:15 +01:00			`repository = "https://github.com/CloudNebulaProject/barycenter"`
			`homepage = "https://github.com/CloudNebulaProject/barycenter"`
			`documentation = "https://github.com/CloudNebulaProject/barycenter/blob/main/README.md"`
			`keywords = ["openid", "oauth2", "identity", "authentication", "oidc"]`
			`categories = ["authentication", "web-programming"]`
Initial commit: Barycenter OpenID Connect Identity Provider Barycenter is an OpenID Connect Identity Provider (IdP) implementing OAuth 2.0 Authorization Code flow with PKCE. Written in Rust using axum, SeaORM, and josekit. Features: - Authorization Code flow with PKCE (S256) - Dynamic client registration - Token endpoint with multiple auth methods - ID Token signing (RS256) - UserInfo endpoint - Discovery and JWKS publication 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-29 12:17:01 +01:00
			`[dependencies]`
			`axum = { version = "0.8", features = ["json", "form"] }`
			`tokio = { version = "1", features = ["full"] }`
			`tracing = "0.1"`
			`tracing-subscriber = { version = "0.3", features = ["env-filter", "fmt"] }`
			`clap = { version = "4", features = ["derive"] }`
			`miette = { version = "7", features = ["fancy"] }`
			`thiserror = "1"`
			`config = "0.14"`
			`serde = { version = "1", features = ["derive"] }`
			`serde_json = "1"`
			`serde_with = "3"`

feat: add admin GraphQL API, background jobs, and user sync CLI Major Features: - Admin GraphQL API with dual endpoints (Seaography + custom) - Background job scheduler with execution tracking - Idempotent user sync CLI for Kubernetes deployments - Secure PUT /properties endpoint with Bearer token auth Admin GraphQL API: - Entity CRUD via Seaography at /admin/graphql - Custom job management API at /admin/jobs - Mutations: triggerJob - Queries: jobLogs, availableJobs - GraphiQL playgrounds for both endpoints Background Jobs: - tokio-cron-scheduler integration - Automated cleanup of expired sessions (hourly) - Automated cleanup of expired refresh tokens (hourly) - Job execution tracking in database - Manual job triggering via GraphQL User Sync CLI: - Command: barycenter sync-users --file users.json - Idempotent user synchronization from JSON - Creates new users with hashed passwords - Updates existing users (enabled, email_verified, email) - Syncs custom properties per user - Perfect for Kubernetes init containers Security Enhancements: - PUT /properties endpoint requires Bearer token - Users can only modify their own properties - Public registration disabled by default - Admin API on separate port for network isolation Database: - New job_executions table for job tracking - User update functions (update_user, update_user_email) - PostgreSQL + SQLite support maintained Configuration: - allow_public_registration setting (default: false) - admin_port setting (default: main port + 1) Documentation: - Comprehensive Kubernetes deployment guide - User sync JSON schema and examples - Init container and CronJob examples - Production deployment patterns Files Added: - src/admin_graphql.rs - GraphQL schema builders - src/admin_mutations.rs - Custom mutations and queries - src/jobs.rs - Job scheduler and tracking - src/user_sync.rs - User sync logic - src/entities/ - SeaORM entities (8 entities) - docs/kubernetes-deployment.md - K8s deployment guide - users.json.example - User sync example Dependencies: - tokio-cron-scheduler 0.13 - seaography 1.1.4 - async-graphql 7.0 - async-graphql-axum 7.0 🤖 Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-30 18:06:50 +01:00			`# SeaORM for SQLite and PostgreSQL`
			`sea-orm = { version = "1", default-features = false, features = ["sqlx-sqlite", "sqlx-postgres", "runtime-tokio-rustls", "macros"] }`
feat: migrate from raw SQL to SeaORM migrations Replace raw SQL CREATE TABLE statements with proper SeaORM migration system. This eliminates verbose SQL logs on startup and provides proper migration tracking and rollback support. Changes: - Add sea-orm-migration dependency and migration crate - Create initial migration (m20250101_000001) with all 8 tables - Update storage::init() to only connect to database - Run migrations automatically in main.rs on startup - Remove unused detect_backend() function and imports The migration system properly handles both SQLite and PostgreSQL backends with appropriate type handling (e.g., BIGSERIAL vs INTEGER for auto-increment columns). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-12-02 21:42:58 +01:00			`sea-orm-migration = { version = "1", features = ["sqlx-sqlite", "sqlx-postgres", "runtime-tokio-rustls"] }`
			`migration = { path = "migration" }`
Initial commit: Barycenter OpenID Connect Identity Provider Barycenter is an OpenID Connect Identity Provider (IdP) implementing OAuth 2.0 Authorization Code flow with PKCE. Written in Rust using axum, SeaORM, and josekit. Features: - Authorization Code flow with PKCE (S256) - Dynamic client registration - Token endpoint with multiple auth methods - ID Token signing (RS256) - UserInfo endpoint - Discovery and JWKS publication 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-29 12:17:01 +01:00
			`# JOSE / JWKS & JWT`
			`josekit = "0.10"`

			`chrono = { version = "0.4", features = ["serde", "clock"] }`
			`time = "0.3"`
			`rand = "0.8"`
			`base64ct = { version = "1", features = ["alloc"] }`
			`anyhow = "1"`
			`sha2 = "0.10"`
			`serde_urlencoded = "0.7"`

			`# Password hashing`
			`argon2 = "0.5"`

			`# Rate limiting`
			`tower = "0.5"`
			`tower_governor = "0.4"`

			`# Validation`
			`regex = "1"`
			`url = "2"`
feat: add admin GraphQL API, background jobs, and user sync CLI Major Features: - Admin GraphQL API with dual endpoints (Seaography + custom) - Background job scheduler with execution tracking - Idempotent user sync CLI for Kubernetes deployments - Secure PUT /properties endpoint with Bearer token auth Admin GraphQL API: - Entity CRUD via Seaography at /admin/graphql - Custom job management API at /admin/jobs - Mutations: triggerJob - Queries: jobLogs, availableJobs - GraphiQL playgrounds for both endpoints Background Jobs: - tokio-cron-scheduler integration - Automated cleanup of expired sessions (hourly) - Automated cleanup of expired refresh tokens (hourly) - Job execution tracking in database - Manual job triggering via GraphQL User Sync CLI: - Command: barycenter sync-users --file users.json - Idempotent user synchronization from JSON - Creates new users with hashed passwords - Updates existing users (enabled, email_verified, email) - Syncs custom properties per user - Perfect for Kubernetes init containers Security Enhancements: - PUT /properties endpoint requires Bearer token - Users can only modify their own properties - Public registration disabled by default - Admin API on separate port for network isolation Database: - New job_executions table for job tracking - User update functions (update_user, update_user_email) - PostgreSQL + SQLite support maintained Configuration: - allow_public_registration setting (default: false) - admin_port setting (default: main port + 1) Documentation: - Comprehensive Kubernetes deployment guide - User sync JSON schema and examples - Init container and CronJob examples - Production deployment patterns Files Added: - src/admin_graphql.rs - GraphQL schema builders - src/admin_mutations.rs - Custom mutations and queries - src/jobs.rs - Job scheduler and tracking - src/user_sync.rs - User sync logic - src/entities/ - SeaORM entities (8 entities) - docs/kubernetes-deployment.md - K8s deployment guide - users.json.example - User sync example Dependencies: - tokio-cron-scheduler 0.13 - seaography 1.1.4 - async-graphql 7.0 - async-graphql-axum 7.0 🤖 Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-30 18:06:50 +01:00
			`# GraphQL Admin API`
			`seaography = { version = "1", features = ["with-decimal", "with-chrono", "with-uuid"] }`
			`async-graphql = "7"`
			`async-graphql-axum = "7"`

			`# Background job scheduler`
			`tokio-cron-scheduler = "0.13"`
Initial commit: Barycenter OpenID Connect Identity Provider Barycenter is an OpenID Connect Identity Provider (IdP) implementing OAuth 2.0 Authorization Code flow with PKCE. Written in Rust using axum, SeaORM, and josekit. Features: - Authorization Code flow with PKCE (S256) - Dynamic client registration - Token endpoint with multiple auth methods - ID Token signing (RS256) - UserInfo endpoint - Discovery and JWKS publication 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-29 12:17:01 +01:00
			`[dev-dependencies]`
			`openidconnect = { version = "4", features = ["reqwest-blocking"] }`
			`oauth2 = "5"`
			`reqwest = { version = "0.12", features = ["blocking", "json", "cookies"] }`
			`urlencoding = "2"`

			`[profile.release]`
			`debug = 1`
ci: add automated release workflow with Docker image publishing Add comprehensive release automation: GitHub Actions Release Workflow: - Triggers on version tags (v..) - Builds multi-platform Docker images (amd64, arm64) - Publishes to GitHub Container Registry (ghcr.io) - Creates GitHub Releases with auto-generated changelogs - Generates build provenance attestations for supply chain security - Semantic versioning with tag variants (v1.0.0, 1.0, 1) cargo-release Configuration:* - Automated version bumping in Cargo.toml - Updates CHANGELOG.md with version and date - Syncs Helm chart versions (Chart.yaml) - Creates git tags and commits - Pushes to remote automatically - Enforces main branch releases Release Documentation: - RELEASE.md with complete release process guide - CHANGELOG.md following Keep a Changelog format - Updated README.md with deployment and release sections - Instructions for patch, minor, and major releases - Dry-run support for testing - Hotfix and rollback procedures Usage: To create a release, simply run: cargo install cargo-release cargo release minor --execute This will: 1. Bump version in all relevant files 2. Update changelog 3. Create git tag 4. Trigger Docker image build and publish 5. Create GitHub Release with notes Docker images will be available at: ghcr.io/[owner]/barycenter:v1.0.0 ghcr.io/[owner]/barycenter:1.0 ghcr.io/[owner]/barycenter:1 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-29 15:49:52 +01:00
			`# cargo-release configuration`
			`[package.metadata.release]`
chore: disable crates.io publishing in cargo-release config 2025-11-29 16:02:23 +01:00			`# Skip publishing to crates.io`
			`publish = false`
ci: add automated release workflow with Docker image publishing Add comprehensive release automation: GitHub Actions Release Workflow: - Triggers on version tags (v..) - Builds multi-platform Docker images (amd64, arm64) - Publishes to GitHub Container Registry (ghcr.io) - Creates GitHub Releases with auto-generated changelogs - Generates build provenance attestations for supply chain security - Semantic versioning with tag variants (v1.0.0, 1.0, 1) cargo-release Configuration:* - Automated version bumping in Cargo.toml - Updates CHANGELOG.md with version and date - Syncs Helm chart versions (Chart.yaml) - Creates git tags and commits - Pushes to remote automatically - Enforces main branch releases Release Documentation: - RELEASE.md with complete release process guide - CHANGELOG.md following Keep a Changelog format - Updated README.md with deployment and release sections - Instructions for patch, minor, and major releases - Dry-run support for testing - Hotfix and rollback procedures Usage: To create a release, simply run: cargo install cargo-release cargo release minor --execute This will: 1. Bump version in all relevant files 2. Update changelog 3. Create git tag 4. Trigger Docker image build and publish 5. Create GitHub Release with notes Docker images will be available at: ghcr.io/[owner]/barycenter:v1.0.0 ghcr.io/[owner]/barycenter:1.0 ghcr.io/[owner]/barycenter:1 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-29 15:49:52 +01:00			`# Ensure version is updated in Cargo.toml`
			`pre-release-commit-message = "chore: release {{version}}"`
			`# Create a git tag`
			`tag-message = "chore: release {{version}}"`
			`tag-name = "v{{version}}"`
			`# Push changes and tags`
			`push = true`
			`# Require branch to be main`
			`allow-branch = ["main"]`
			`# Run tests before releasing`
			`pre-release-replacements = [`
			`{ file = "CHANGELOG.md", search = "## \\[Unreleased\\]", replace = "## [Unreleased]\n\n## [{{version}}] - {{date}}", exactly = 1 },`
			`{ file = "deploy/helm/barycenter/Chart.yaml", search = "version: .*", replace = "version: {{version}}" },`
			`{ file = "deploy/helm/barycenter/Chart.yaml", search = "appVersion: .*", replace = "appVersion: \"{{version}}\"" },`
			`]`