From 521c4e32e63ec20094df128c17d24e8e1dcb17c0 Mon Sep 17 00:00:00 2001 From: rtkay123 Date: Wed, 23 Jul 2025 19:27:32 +0200 Subject: feat(auth): redirect uri --- crates/auth/Cargo.toml | 1 + crates/auth/src/main.rs | 1 - crates/auth/src/server.rs | 11 +++++++---- crates/auth/src/server/csrf_token_validation.rs | 11 +---------- crates/auth/src/server/routes.rs | 2 +- crates/auth/src/server/routes/authorised.rs | 11 +++++------ crates/auth/src/server/routes/discord/discord_auth.rs | 3 +-- 7 files changed, 16 insertions(+), 24 deletions(-) (limited to 'crates') diff --git a/crates/auth/Cargo.toml b/crates/auth/Cargo.toml index b6ad707..ccd18f3 100644 --- a/crates/auth/Cargo.toml +++ b/crates/auth/Cargo.toml @@ -15,6 +15,7 @@ base64.workspace = true clap = { workspace = true, features = ["derive"] } config = { workspace = true, features = ["convert-case", "toml"] } futures-util.workspace = true +jsonwebtoken = "9.3.1" nanoid.workspace = true oauth2 = "5.0.0" reqwest = { workspace = true, features = ["json", "rustls-tls"] } diff --git a/crates/auth/src/main.rs b/crates/auth/src/main.rs index ef8a358..a1883ad 100644 --- a/crates/auth/src/main.rs +++ b/crates/auth/src/main.rs @@ -40,7 +40,6 @@ async fn main() -> Result<(), AppError> { }; let mut config: Configuration = config.build()?.try_deserialize()?; - dbg!(&config); config.application.name = env!("CARGO_CRATE_NAME").into(); config.application.version = env!("CARGO_PKG_VERSION").into(); diff --git a/crates/auth/src/server.rs b/crates/auth/src/server.rs index d724d68..2892412 100644 --- a/crates/auth/src/server.rs +++ b/crates/auth/src/server.rs @@ -1,20 +1,23 @@ use axum::{Router, routing::get}; use tower_http::trace::TraceLayer; -use crate::{server::routes::health_check, state::AppHandle}; +use crate::{ + server::routes::{authorised::login_authorised, health_check}, + state::AppHandle, +}; pub mod csrf_token_validation; pub mod routes; const CSRF_TOKEN: &str = "csrf_token"; -const COOKIE_NAME: &str = "SESSION"; const OAUTH_CSRF_COOKIE: &str = "SESSION"; pub fn router(state: AppHandle) -> Router { Router::new() - .merge(routes::discord::discord_router(state.clone())) + .route("/auth/authorised", get(login_authorised)) .route("/", get(health_check)) - .route("/auth/authorised", get(health_check)) + .with_state(state.clone()) + .merge(routes::discord::discord_router(state)) .layer(TraceLayer::new_for_http()) } diff --git a/crates/auth/src/server/csrf_token_validation.rs b/crates/auth/src/server/csrf_token_validation.rs index c9a627c..94424c8 100644 --- a/crates/auth/src/server/csrf_token_validation.rs +++ b/crates/auth/src/server/csrf_token_validation.rs @@ -1,23 +1,14 @@ use anyhow::{Context, anyhow}; -use axum_extra::headers; use oauth2::CsrfToken; -use time::OffsetDateTime; use tower_sessions::{CachingSessionStore, SessionStore, session::Id}; use tower_sessions_moka_store::MokaStore; use tower_sessions_sqlx_store::PostgresStore; use crate::{ error::AppError, - server::{COOKIE_NAME, CSRF_TOKEN, routes::authorised::AuthRequest}, - state::AppHandle, + server::{CSRF_TOKEN, routes::authorised::AuthRequest}, }; -pub struct Session { - id: String, - expires_at: OffsetDateTime, - user_id: String, -} - pub async fn csrf_token_validation_workflow( auth_request: &AuthRequest, store: &CachingSessionStore, diff --git a/crates/auth/src/server/routes.rs b/crates/auth/src/server/routes.rs index 7a25e70..1ab012c 100644 --- a/crates/auth/src/server/routes.rs +++ b/crates/auth/src/server/routes.rs @@ -34,7 +34,7 @@ mod tests { #[sqlx::test] async fn health_check(pool: PgPool) { let services = Services { postgres: pool }; - let state = AppState::create(services, &test_config()).await.unwrap(); + let (state, _) = AppState::create(services, &test_config()).await.unwrap(); let app = server::router(state); let response = app diff --git a/crates/auth/src/server/routes/authorised.rs b/crates/auth/src/server/routes/authorised.rs index 42bbde2..d493db5 100644 --- a/crates/auth/src/server/routes/authorised.rs +++ b/crates/auth/src/server/routes/authorised.rs @@ -43,7 +43,7 @@ struct User { const SESSION_COOKIE: &str = "info"; const SESSION_DATA_KEY: &str = "data"; -async fn login_authorized( +pub async fn login_authorised( Query(query): Query, State(state): State, TypedHeader(cookies): TypedHeader, @@ -52,8 +52,7 @@ async fn login_authorized( cookies .get(OAUTH_CSRF_COOKIE) .context("missing session cookie")?, - ) - .unwrap(); + )?; csrf_token_validation_workflow(&query, &state.session_store, oauth_session_id).await?; let client = state.http_client.clone(); @@ -65,7 +64,7 @@ async fn login_authorized( .exchange_code(AuthorizationCode::new(query.code.clone())) .request_async(&client) .await - .context("failed in sending request request to authorization server")?; + .context("failed in sending request request to authorisation server")?; let user_data: User = client // https://discord.com/developers/docs/resources/user#get-current-user @@ -76,7 +75,7 @@ async fn login_authorized( .context("failed in sending request to target Url")? .json::() .await - .context("failed to deserialize response as JSON")?; + .context("failed to deserialise response as JSON")?; // Create a new session filled with user data let session_id = Id(i128::from_le_bytes(uuid::Uuid::new_v4().to_bytes_le())); @@ -92,7 +91,7 @@ async fn login_authorized( + Duration::from_secs(state.local_config.oauth.session_lifespan), }) .await - .context("failed in inserting serialized value into session")?; + .context("failed in inserting serialised value into session")?; // Store session and get corresponding cookie. let cookie = format!("{SESSION_COOKIE}={session_id}; SameSite=Lax; HttpOnly; Secure; Path=/"); diff --git a/crates/auth/src/server/routes/discord/discord_auth.rs b/crates/auth/src/server/routes/discord/discord_auth.rs index 5257a33..a45de86 100644 --- a/crates/auth/src/server/routes/discord/discord_auth.rs +++ b/crates/auth/src/server/routes/discord/discord_auth.rs @@ -43,8 +43,7 @@ pub async fn discord_auth(State(state): State) -> Result