mirror of
https://github.com/getnora-io/nora.git
synced 2026-04-12 11:30:32 +00:00
DevITWay | Pavel Volkov
432e8d35af
* docs: add DCO, governance model, roles, vulnerability credit policy * security: migrate token hashing from SHA256 to Argon2id - Replace unsalted SHA256 with Argon2id (salted) for API token hashing - Fix TOCTOU race: replace exists()+read() with read()+match on error - Set chmod 600 on token files and 700 on token storage directory - Auto-migrate legacy SHA256 tokens to Argon2id on first verification - Add regression tests: argon2 format, legacy migration, file permissions
58 lines
1.5 KiB
TOML
58 lines
1.5 KiB
TOML
[package]
|
|
name = "nora-registry"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
authors.workspace = true
|
|
repository.workspace = true
|
|
homepage.workspace = true
|
|
description = "Cloud-Native Artifact Registry - Fast, lightweight, multi-protocol"
|
|
keywords = ["registry", "docker", "artifacts", "cloud-native", "devops"]
|
|
categories = ["command-line-utilities", "development-tools", "web-programming"]
|
|
|
|
[lib]
|
|
name = "nora_registry"
|
|
path = "src/lib.rs"
|
|
|
|
[[bin]]
|
|
name = "nora"
|
|
path = "src/main.rs"
|
|
|
|
[dependencies]
|
|
tokio.workspace = true
|
|
axum.workspace = true
|
|
serde.workspace = true
|
|
serde_json.workspace = true
|
|
tracing.workspace = true
|
|
tracing-subscriber.workspace = true
|
|
reqwest.workspace = true
|
|
sha2.workspace = true
|
|
async-trait.workspace = true
|
|
hmac.workspace = true
|
|
hex.workspace = true
|
|
toml = "1.0"
|
|
uuid = { version = "1", features = ["v4"] }
|
|
bcrypt = "0.19"
|
|
base64 = "0.22"
|
|
prometheus = "0.14"
|
|
lazy_static = "1.5"
|
|
httpdate = "1"
|
|
utoipa = { version = "5", features = ["axum_extras"] }
|
|
utoipa-swagger-ui = { version = "9", features = ["axum", "reqwest"] }
|
|
clap = { version = "4", features = ["derive"] }
|
|
tar = "0.4"
|
|
flate2 = "1.1"
|
|
indicatif = "0.18"
|
|
chrono = { version = "0.4", features = ["serde"] }
|
|
thiserror = "2"
|
|
tower_governor = "0.8"
|
|
governor = "0.10"
|
|
parking_lot = "0.12"
|
|
zeroize = { version = "1.8", features = ["derive"] }
|
|
argon2 = { version = "0.5", features = ["std", "rand"] }
|
|
tower-http = { version = "0.6", features = ["set-header"] }
|
|
|
|
[dev-dependencies]
|
|
tempfile = "3"
|
|
wiremock = "0.6"
|