matrix-authentication-service/Cargo.toml

# Copyright 2025 New Vector Ltd.
#
# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
# Please see LICENSE files in the repository root for full details.

[workspace]
default-members = ["crates/cli"]
members = ["crates/*"]
resolver = "2"

# Updated in the CI with a `sed` command
package.version = "1.14.0"
package.license = "AGPL-3.0-only OR LicenseRef-Element-Commercial"
package.authors = ["Element Backend Team"]
package.edition = "2024"
package.homepage = "https://element-hq.github.io/matrix-authentication-service/"
package.repository = "https://github.com/element-hq/matrix-authentication-service/"
package.publish = false

[workspace.lints.rust]
unsafe_code = "deny"

[workspace.lints.clippy]
# We use groups as good defaults, but with a lower priority so that we can override them
all = { level = "deny", priority = -1 }
pedantic = { level = "warn", priority = -1 }

str_to_string = "deny"
too_many_lines = "allow"

[workspace.lints.rustdoc]
broken_intra_doc_links = "deny"

[workspace.dependencies]

# Workspace crates
mas-axum-utils = { path = "./crates/axum-utils/", version = "=1.14.0" }
mas-cli = { path = "./crates/cli/", version = "=1.14.0" }
mas-config = { path = "./crates/config/", version = "=1.14.0" }
mas-context = { path = "./crates/context/", version = "=1.14.0" }
mas-data-model = { path = "./crates/data-model/", version = "=1.14.0" }
mas-email = { path = "./crates/email/", version = "=1.14.0" }
mas-graphql = { path = "./crates/graphql/", version = "=1.14.0" }
mas-handlers = { path = "./crates/handlers/", version = "=1.14.0" }
mas-http = { path = "./crates/http/", version = "=1.14.0" }
mas-i18n = { path = "./crates/i18n/", version = "=1.14.0" }
mas-i18n-scan = { path = "./crates/i18n-scan/", version = "=1.14.0" }
mas-iana = { path = "./crates/iana/", version = "=1.14.0" }
mas-iana-codegen = { path = "./crates/iana-codegen/", version = "=1.14.0" }
mas-jose = { path = "./crates/jose/", version = "=1.14.0" }
mas-keystore = { path = "./crates/keystore/", version = "=1.14.0" }
mas-listener = { path = "./crates/listener/", version = "=1.14.0" }
mas-matrix = { path = "./crates/matrix/", version = "=1.14.0" }
mas-matrix-synapse = { path = "./crates/matrix-synapse/", version = "=1.14.0" }
mas-oidc-client = { path = "./crates/oidc-client/", version = "=1.14.0" }
mas-policy = { path = "./crates/policy/", version = "=1.14.0" }
mas-router = { path = "./crates/router/", version = "=1.14.0" }
mas-spa = { path = "./crates/spa/", version = "=1.14.0" }
mas-storage = { path = "./crates/storage/", version = "=1.14.0" }
mas-storage-pg = { path = "./crates/storage-pg/", version = "=1.14.0" }
mas-tasks = { path = "./crates/tasks/", version = "=1.14.0" }
mas-templates = { path = "./crates/templates/", version = "=1.14.0" }
mas-tower = { path = "./crates/tower/", version = "=1.14.0" }
oauth2-types = { path = "./crates/oauth2-types/", version = "=1.14.0" }
syn2mas = { path = "./crates/syn2mas", version = "=1.14.0" }

# OpenAPI schema generation and validation
[workspace.dependencies.aide]
version = "0.15.1"
features = ["axum", "axum-extra", "axum-extra-query", "axum-json", "macros"]

# An `Arc` that can be atomically updated
[workspace.dependencies.arc-swap]
version = "1.8.1"

# GraphQL server
[workspace.dependencies.async-graphql]
version = "7.0.17"
default-features = false
features = ["chrono", "url", "tracing", "playground"]

[workspace.dependencies.async-stream]
version = "0.3.6"

# Utility to write and implement async traits
[workspace.dependencies.async-trait]
version = "0.1.89"

# High-level error handling
[workspace.dependencies.anyhow]
version = "1.0.102"

# Assert that a value matches a pattern
[workspace.dependencies.assert_matches]
version = "1.5.0"

# HTTP router
[workspace.dependencies.axum]
version = "0.8.6"

# Extra utilities for Axum
[workspace.dependencies.axum-extra]
version = "0.10.3"
features = ["cookie-private", "cookie-key-expansion", "typed-header", "query"]

# Axum macros
[workspace.dependencies.axum-macros]
version = "0.5.0"

# AEAD (Authenticated Encryption with Associated Data)
[workspace.dependencies.aead]
version = "0.5.2"
features = ["std"]

# Argon2 password hashing
[workspace.dependencies.argon2]
version = "0.5.3"
features = ["password-hash", "std"]

# Constant-time base64
[workspace.dependencies.base64ct]
version = "1.8.0"
features = ["std"]

# Bcrypt password hashing
[workspace.dependencies.bcrypt]
version = "0.18.0"
default-features = true

# Packed bitfields
[workspace.dependencies.bitflags]
version = "2.10.0"

# Bytes
[workspace.dependencies.bytes]
version = "1.10.1"

# UTF-8 paths
[workspace.dependencies.camino]
version = "1.2.1"
features = ["serde1"]

# ChaCha20Poly1305 AEAD
[workspace.dependencies.chacha20poly1305]
version = "0.10.1"
features = ["std"]

# Memory optimisation for short strings
[workspace.dependencies.compact_str]
version = "0.9.0"

# Terminal formatting
[workspace.dependencies.console]
version = "0.15.11"

# Cookie store
[workspace.dependencies.cookie_store]
version = "0.22.0"
default-features = false
features = ["serde_json"]

# Time utilities
[workspace.dependencies.chrono]
version = "0.4.42"
default-features = false
features = ["serde", "clock"]

# CLI argument parsing
[workspace.dependencies.clap]
version = "4.5.50"
features = ["derive"]

# Object Identifiers (OIDs) as constants
[workspace.dependencies.const-oid]
version = "0.9.6"
features = ["std"]

# Utility for converting between different cases
[workspace.dependencies.convert_case]
version = "0.9.0"

# CRC calculation
[workspace.dependencies.crc]
version = "3.3.0"

# Cron expressions
[workspace.dependencies.cron]
version = "0.15.0"

# CSV parsing and writing
[workspace.dependencies.csv]
version = "1.4.0"

# DER encoding
[workspace.dependencies.der]
version = "0.7.10"
features = ["std"]

# Interactive CLI dialogs
[workspace.dependencies.dialoguer]
version = "0.11.0"
default-features = false
features = ["fuzzy-select", "password"]

# Cryptographic digest algorithms
[workspace.dependencies.digest]
version = "0.10.7"

# Load environment variables from .env files
[workspace.dependencies.dotenvy]
version = "0.15.7"

# ECDSA algorithms
[workspace.dependencies.ecdsa]
version = "0.16.9"
features = ["signing", "verifying"]

# Elliptic curve cryptography
[workspace.dependencies.elliptic-curve]
version = "0.13.8"
features = ["std", "pem", "sec1"]

# Configuration loading
[workspace.dependencies.figment]
version = "0.10.19"
features = ["env", "yaml", "test"]

# URL form encoding
[workspace.dependencies.form_urlencoded]
version = "1.2.2"

# Utilities for dealing with futures
[workspace.dependencies.futures-util]
version = "0.3.31"

# Fixed-size arrays with trait implementations
[workspace.dependencies.generic-array]
version = "0.14.7"

# Rate-limiting
[workspace.dependencies.governor]
version = "0.10.1"
default-features = false
features = ["std", "dashmap", "quanta"]

# HMAC calculation
[workspace.dependencies.hmac]
version = "0.12.1"

# HTTP headers
[workspace.dependencies.headers]
version = "0.4.1"

# Hex encoding and decoding
[workspace.dependencies.hex]
version = "0.4.3"

# HTTP request/response
[workspace.dependencies.http]
version = "1.3.1"

# HTTP body trait
[workspace.dependencies.http-body]
version = "1.0.1"

# http-body utilities
[workspace.dependencies.http-body-util]
version = "0.1.3"

# HTTP client and server
[workspace.dependencies.hyper]
version = "1.7.0"
features = ["client", "server", "http1", "http2"]

# Additional Hyper utilties
[workspace.dependencies.hyper-util]
version = "0.1.18"
features = [
    "client",
    "server",
    "server-auto",
    "service",
    "http1",
    "http2",
    "tokio",
]

# Hyper Rustls support
[workspace.dependencies.hyper-rustls]
version = "0.27.7"
features = ["http1", "http2"]
default-features = false

# ICU libraries for internationalization
[workspace.dependencies.icu_calendar]
version = "1.5.2"
features = ["compiled_data", "std"]
[workspace.dependencies.icu_datetime]
version = "1.5.1"
features = ["compiled_data", "std"]
[workspace.dependencies.icu_experimental]
version = "0.1.0"
features = ["compiled_data", "std"]
[workspace.dependencies.icu_locid]
version = "1.5.0"
features = ["std"]
[workspace.dependencies.icu_locid_transform]
version = "1.5.0"
features = ["compiled_data", "std"]
[workspace.dependencies.icu_normalizer]
version = "1.5.0"
[workspace.dependencies.icu_plurals]
version = "1.5.0"
features = ["compiled_data", "std"]
[workspace.dependencies.icu_provider]
version = "1.5.0"
features = ["std", "sync"]
[workspace.dependencies.icu_provider_adapters]
version = "1.5.0"
features = ["std"]

# HashMap which preserves insertion order
[workspace.dependencies.indexmap]
version = "2.11.4"
features = ["serde"]

# Indented string literals
[workspace.dependencies.indoc]
version = "2.0.6"

# Snapshot testing
[workspace.dependencies.insta]
version = "1.46.3"
features = ["yaml", "json"]

# IP network address types
[workspace.dependencies.ipnetwork]
version = "0.20.0"
features = ["serde"]

# Iterator utilities
[workspace.dependencies.itertools]
version = "0.14.0"

# K256 elliptic curve
[workspace.dependencies.k256]
version = "0.13.4"
features = ["std"]

# RFC 5646 language tags
[workspace.dependencies.language-tags]
version = "0.3.2"
features = ["serde"]

# Email sending
[workspace.dependencies.lettre]
version = "0.11.19"
default-features = false
features = [
    "tokio1-rustls",
    "rustls-platform-verifier",
    "aws-lc-rs",
    "hostname",
    "builder",
    "tracing",
    "pool",
    "smtp-transport",
    "sendmail-transport",
]

# Listening on passed FDs
[workspace.dependencies.listenfd]
version = "1.0.2"

# MIME type support
[workspace.dependencies.mime]
version = "0.3.17"

# Templates
[workspace.dependencies.minijinja]
version = "2.15.1"
features = ["urlencode", "loader", "json", "speedups", "unstable_machinery"]

# Additional filters for minijinja
[workspace.dependencies.minijinja-contrib]
version = "2.12.0"
features = ["pycompat"]

# Utilities to deal with non-zero values
[workspace.dependencies.nonzero_ext]
version = "0.3.0"

# Open Policy Agent support through WASM
[workspace.dependencies.opa-wasm]
version = "0.1.9"

# OpenTelemetry
[workspace.dependencies.opentelemetry]
version = "0.31.0"
features = ["trace", "metrics"]
[workspace.dependencies.opentelemetry-http]
version = "0.31.0"
features = ["reqwest"]
[workspace.dependencies.opentelemetry-instrumentation-process]
version = "0.1.2"
[workspace.dependencies.opentelemetry-instrumentation-tokio]
version = "0.1.2"
[workspace.dependencies.opentelemetry-jaeger-propagator]
version = "0.31.0"
[workspace.dependencies.opentelemetry-otlp]
version = "0.31.0"
default-features = false
features = ["trace", "metrics", "http-proto"]
[workspace.dependencies.opentelemetry-prometheus-text-exporter]
version = "0.2.1"
[workspace.dependencies.opentelemetry-resource-detectors]
version = "0.10.0"
[workspace.dependencies.opentelemetry-semantic-conventions]
version = "0.31.0"
features = ["semconv_experimental"]
[workspace.dependencies.opentelemetry-stdout]
version = "0.31.0"
features = ["trace", "metrics"]
[workspace.dependencies.opentelemetry_sdk]
version = "0.31.0"
features = [
    "experimental_trace_batch_span_processor_with_async_runtime",
    "experimental_metrics_periodicreader_with_async_runtime",
    "rt-tokio",
]
[workspace.dependencies.tracing-opentelemetry]
version = "0.32.0"
default-features = false

# P256 elliptic curve
[workspace.dependencies.p256]
version = "0.13.2"
features = ["std"]

# P384 elliptic curve
[workspace.dependencies.p384]
version = "0.13.1"
features = ["std"]

# Text padding utilities
[workspace.dependencies.pad]
version = "0.1.6"

# PBKDF2 password hashing
[workspace.dependencies.pbkdf2]
version = "0.12.2"
features = ["password-hash", "std", "simple", "parallel"]

# PEM encoding/decoding
[workspace.dependencies.pem-rfc7468]
version = "0.7.0"
features = ["std"]

# Parser generator
[workspace.dependencies.pest]
version = "2.8.3"

# Pest derive macros
[workspace.dependencies.pest_derive]
version = "2.8.3"

# Pin projection
[workspace.dependencies.pin-project-lite]
version = "0.2.16"

# PKCS#1 encoding
[workspace.dependencies.pkcs1]
version = "0.7.5"
features = ["std"]

# PKCS#8 encoding
[workspace.dependencies.pkcs8]
version = "0.10.2"
features = ["std", "pkcs5", "encryption"]

# Public Suffix List
[workspace.dependencies.psl]
version = "2.1.162"

# High-precision clock
[workspace.dependencies.quanta]
version = "0.12.6"

# Random values
[workspace.dependencies.rand]
version = "0.8.5"
[workspace.dependencies.rand_chacha]
version = "0.3.1"
[workspace.dependencies.rand_core]
version = "0.6.4"

# Regular expressions
[workspace.dependencies.regex]
version = "1.12.2"

# High-level HTTP client
[workspace.dependencies.reqwest]
version = "0.12.24"
default-features = false
features = [
    "http2",
    "rustls-tls-manual-roots-no-provider",
    "charset",
    "json",
    "socks",
    "system-proxy",
]

# RSA cryptography
[workspace.dependencies.rsa]
version = "0.9.10"
features = ["std", "pem"]

# Fast hash algorithm for HashMap
[workspace.dependencies.rustc-hash]
version = "2.1.1"

# Matrix-related types
[workspace.dependencies.ruma-common]
version = "0.16.0"

# TLS stack
[workspace.dependencies.rustls]
version = "0.23.35"

# PKI types for rustls
[workspace.dependencies.rustls-pki-types]
version = "1.13.0"

# Use platform-specific verifier for TLS
[workspace.dependencies.rustls-platform-verifier]
version = "0.6.1"

# systemd service status notification
[workspace.dependencies.sd-notify]
version = "0.4.5"

# JSON Schema generation
[workspace.dependencies.schemars]
version = "0.9.0"
features = ["url2", "chrono04", "preserve_order"]

# SEC1 encoding format
[workspace.dependencies.sec1]
version = "0.7.3"
features = ["std"]

# Query builder
[workspace.dependencies.sea-query]
version = "0.32.7"
features = ["derive", "attr", "with-uuid", "with-chrono", "postgres-array"]

# Query builder
[workspace.dependencies.sea-query-binder]
version = "0.7.0"
features = [
    "sqlx",
    "sqlx-postgres",
    "with-uuid",
    "with-chrono",
    "postgres-array",
]

# Sentry error tracking
[workspace.dependencies.sentry]
version = "0.46.2"
default-features = false
features = ["backtrace", "contexts", "panic", "tower", "reqwest"]

# Sentry tower layer
[workspace.dependencies.sentry-tower]
version = "0.46.0"
features = ["http", "axum-matched-path"]

# Sentry tracing integration
[workspace.dependencies.sentry-tracing]
version = "0.46.0"

# Serialization and deserialization
[workspace.dependencies.serde]
version = "1.0.228"
features = ["derive"] # Most of the time, if we need serde, we need derive

# JSON serialization and deserialization
[workspace.dependencies.serde_json]
version = "1.0.145"
features = ["preserve_order"]

# URL encoded form serialization
[workspace.dependencies.serde_urlencoded]
version = "0.7.1"

# Custom serialization helpers
[workspace.dependencies.serde_with]
version = "3.14.0"
features = ["hex", "chrono"]

# YAML serialization
[workspace.dependencies.serde_yaml]
version = "0.9.34"

# SHA-2 cryptographic hash algorithm
[workspace.dependencies.sha2]
version = "0.10.9"
features = ["oid"]

# Digital signature traits
[workspace.dependencies.signature]
version = "2.2.0"

# Low-level socket manipulation
[workspace.dependencies.socket2]
version = "0.6.2"

# Subject Public Key Info
[workspace.dependencies.spki]
version = "0.7.3"
features = ["std"]

# SQL database support
[workspace.dependencies.sqlx]
version = "0.8.6"
features = [
    "runtime-tokio",
    "tls-rustls-aws-lc-rs",
    "postgres",
    "migrate",
    "chrono",
    "json",
    "uuid",
    "ipnetwork",
]

# Custom error types
[workspace.dependencies.thiserror]
version = "2.0.17"

[workspace.dependencies.thiserror-ext]
version = "0.3.0"

# Async runtime
[workspace.dependencies.tokio]
version = "1.48.0"
features = ["full"]

[workspace.dependencies.tokio-stream]
version = "0.1.17"

# Tokio rustls integration
[workspace.dependencies.tokio-rustls]
version = "0.26.4"

# Tokio test utilities
[workspace.dependencies.tokio-test]
version = "0.4.4"

# Useful async utilities
[workspace.dependencies.tokio-util]
version = "0.7.16"
features = ["rt"]

# Tower services
[workspace.dependencies.tower]
version = "0.5.2"
features = ["util"]

# Tower service trait
[workspace.dependencies.tower-service]
version = "0.3.3"

# Tower layer trait
[workspace.dependencies.tower-layer]
version = "0.3.3"

# Tower HTTP layers
[workspace.dependencies.tower-http]
version = "0.6.6"
features = ["cors", "fs", "add-extension", "set-header"]

# Logging and tracing
[workspace.dependencies.tracing]
version = "0.1.41"
[workspace.dependencies.tracing-subscriber]
version = "0.3.22"
features = ["env-filter"]
[workspace.dependencies.tracing-appender]
version = "0.2.4"

# URL manipulation
[workspace.dependencies.url]
version = "2.5.7"
features = ["serde"]

# URL encoding
[workspace.dependencies.urlencoding]
version = "2.1.3"

# ULID support
[workspace.dependencies.ulid]
version = "=1.1.4"           # Pinned to the latest version which used rand 0.8
features = ["serde", "uuid"]

# UUID support
[workspace.dependencies.uuid]
version = "1.18.1"

# HTML escaping
[workspace.dependencies.v_htmlescape]
version = "0.15.8"

# Version information generation
[workspace.dependencies.vergen-gitcl]
version = "1.0.8"
features = ["rustc"]

# Directory traversal
[workspace.dependencies.walkdir]
version = "2.5.0"

# HTTP mock server
[workspace.dependencies.wiremock]
version = "0.6.5"

# User-agent parser
[workspace.dependencies.woothee]
version = "0.13.0"

# String writing interface
[workspace.dependencies.writeable]
version = "0.5.5"

# Zero memory after use
[workspace.dependencies.zeroize]
version = "1.8.2"

# Password strength estimation
[workspace.dependencies.zxcvbn]
version = "3.1.0"

[profile.release]
codegen-units = 1 # Reduce the number of codegen units to increase optimizations
lto = true        # Enable fat LTO

# A few profile opt-level tweaks to make the test suite run faster
[profile.dev.package]
argon2.opt-level = 3
bcrypt.opt-level = 3
block-buffer.opt-level = 3
cranelift-codegen.opt-level = 3
digest.opt-level = 3
hmac.opt-level = 3
generic-array.opt-level = 3
num-bigint-dig.opt-level = 3
pbkdf2.opt-level = 3
rayon.opt-level = 3
regalloc2.opt-level = 3
sha2.opt-level = 3
sqlx-macros.opt-level = 3