From 549d98f3b457ddfc6dffbe2fad406da4ac50ebc7 Mon Sep 17 00:00:00 2001
From: rtkay123 <dev@kanjala.com>
Date: Mon, 2 Feb 2026 13:30:25 +0200
Subject: refactor: collapse auth

---
 src/server/driver/auth.rs         | 34 ++++++++++++++++++++++++++++++++++
 src/server/driver/mod.rs          |  3 +++
 src/server/mod.rs                 | 15 +++++++++------
 src/server/routes/auth/discord.rs | 20 +++++++++++++-------
 src/server/state/mod.rs           | 10 ++++++----
 5 files changed, 65 insertions(+), 17 deletions(-)
 create mode 100644 src/server/driver/auth.rs

(limited to 'src/server')

diff --git a/src/server/driver/auth.rs b/src/server/driver/auth.rs
new file mode 100644
index 0000000..9215372
--- /dev/null
+++ b/src/server/driver/auth.rs
@@ -0,0 +1,34 @@
+use bon::Builder;
+use oauth2::{AuthUrl, ClientId, ClientSecret, EndpointNotSet, EndpointSet, RedirectUrl, TokenUrl};
+use secrecy::{ExposeSecret, SecretString};
+
+#[derive(Builder)]
+pub struct ClientOptions {
+    client_id: String,
+    client_secret: SecretString,
+    token_url: String,
+    auth_url: String,
+    redirect_url: String,
+}
+
+pub type OauthClient = oauth2::basic::BasicClient<
+    EndpointSet,
+    EndpointNotSet,
+    EndpointNotSet,
+    EndpointNotSet,
+    EndpointSet,
+>;
+
+pub fn oauth_client(opts: &ClientOptions) -> anyhow::Result<OauthClient> {
+    let redirect_url = RedirectUrl::new(opts.redirect_url.to_owned())?;
+    let client_id = ClientId::new(opts.client_id.to_owned());
+    let auth_url = AuthUrl::new(opts.auth_url.to_owned())?;
+    let token_url = TokenUrl::new(opts.token_url.to_owned())?;
+    let client_secret = ClientSecret::new(opts.client_secret.expose_secret().to_string());
+
+    Ok(oauth2::basic::BasicClient::new(client_id)
+        .set_client_secret(client_secret)
+        .set_auth_uri(auth_url)
+        .set_token_uri(token_url)
+        .set_redirect_uri(redirect_url))
+}
diff --git a/src/server/driver/mod.rs b/src/server/driver/mod.rs
index 4c540cb..c006cb0 100644
--- a/src/server/driver/mod.rs
+++ b/src/server/driver/mod.rs
@@ -1,3 +1,6 @@
+#[cfg(feature = "oauth")]
+pub mod auth;
+
 use async_trait::async_trait;
 use sqlx::PgPool;
 
diff --git a/src/server/mod.rs b/src/server/mod.rs
index 3301035..2050758 100644
--- a/src/server/mod.rs
+++ b/src/server/mod.rs
@@ -26,7 +26,6 @@ use crate::{
     config::Config,
     server::{
         middleware::request_id::{REQUEST_ID_HEADER, add_request_id},
-        routes::auth::OAuthDoc,
         state::{AppState, federation},
     },
 };
@@ -43,12 +42,16 @@ pub async fn router(config: &Config, state: AppState) -> anyhow::Result<Router<(
     let state = federation::add_federation(state, config).await?;
 
     let mut doc = ApiDoc::openapi();
-    doc.merge(OAuthDoc::openapi());
 
-    let (router, _api) = OpenApiRouter::with_openapi(doc)
-        .routes(utoipa_axum::routes!(routes::health_check))
-        .routes(utoipa_axum::routes!(routes::auth::auth))
-        .split_for_parts();
+    #[cfg(feature = "oauth")]
+    doc.merge(routes::auth::OAuthDoc::openapi());
+
+    let stubs = OpenApiRouter::with_openapi(doc).routes(utoipa_axum::routes!(routes::health_check));
+
+    #[cfg(feature = "oauth")]
+    let stubs = stubs.routes(utoipa_axum::routes!(routes::auth::auth));
+
+    let (router, _api) = stubs.split_for_parts();
 
     #[cfg(feature = "swagger")]
     let router = router.merge(
diff --git a/src/server/routes/auth/discord.rs b/src/server/routes/auth/discord.rs
index 036a35a..b141ce7 100644
--- a/src/server/routes/auth/discord.rs
+++ b/src/server/routes/auth/discord.rs
@@ -1,11 +1,17 @@
-use std::sync::Arc;
+use activitypub_federation::config::Data;
+use axum::response::IntoResponse;
+use oauth2::{CsrfToken, Scope};
 
-use axum::{extract::State, response::IntoResponse};
+use crate::server::{error::AppError, state::AppState};
 
-use crate::server::{driver::SellershutDriver, error::AppError};
+pub(super) async fn discord_auth(data: Data<AppState>) -> Result<impl IntoResponse, AppError> {
+    let data = data.app_data();
 
-async fn auth(
-    State(client): State<Arc<dyn SellershutDriver>>,
-) -> Result<impl IntoResponse, AppError> {
-    Ok(())
+    let (auth_url, csrf_token) = data
+        .oauth_discord
+        .authorize_url(CsrfToken::new_random)
+        .add_scope(Scope::new("identify".to_string()))
+        .url();
+
+    Ok(String::default())
 }
diff --git a/src/server/state/mod.rs b/src/server/state/mod.rs
index f5f731e..03e8c70 100644
--- a/src/server/state/mod.rs
+++ b/src/server/state/mod.rs
@@ -3,25 +3,25 @@ pub mod federation;
 
 use std::sync::Arc;
 
-use sellershut_auth::{ClientOptions, OauthClient};
 #[cfg(feature = "oauth-discord")]
 use url::Url;
 
 #[cfg(feature = "oauth-discord")]
-use crate::config::DiscordOauth;
+use crate::{config::DiscordOauth, server::driver::auth::OauthClient};
 use crate::{config::Config, server::driver::SellershutDriver};
 
 #[derive(Clone)]
 pub struct AppState {
     driver: Arc<dyn SellershutDriver>,
     #[cfg(feature = "oauth-discord")]
-    oauth_discord: OauthClient,
+    pub oauth_discord: OauthClient,
 }
 
 impl AppState {
     pub async fn new(config: &Config, driver: impl SellershutDriver) -> anyhow::Result<Self> {
         Ok(Self {
             driver: Arc::new(driver),
+            #[cfg(feature = "oauth-discord")]
             oauth_discord: discord_client(&config.oauth.discord, &config.oauth.oauth_redirect_url)?,
         })
     }
@@ -29,6 +29,8 @@ impl AppState {
 
 #[cfg(feature = "oauth-discord")]
 fn discord_client(disc: &DiscordOauth, redirect: &Url) -> anyhow::Result<OauthClient> {
+    use crate::server::driver::{self, auth::ClientOptions};
+
     let discord_opts = ClientOptions::builder()
         .client_id(disc.client_id.to_owned())
         .redirect_url(redirect.to_string())
@@ -37,5 +39,5 @@ fn discord_client(disc: &DiscordOauth, redirect: &Url) -> anyhow::Result<OauthCl
         .token_url(disc.token_url.to_string())
         .build();
 
-    Ok(sellershut_auth::oauth_client(&discord_opts)?)
+    Ok(driver::auth::oauth_client(&discord_opts)?)
 }
-- 
cgit v1.2.3