composable_tower_http/authorize/authorizers/jwt/impls/
validation.rs1use std::collections::HashSet;
2
3use jsonwebtoken::{Algorithm, Validation as JsonWebTokenValidation};
4
5#[derive(Debug, Clone)]
7pub struct Validation {
8 required_spec_claims: HashSet<String>,
9 leeway: u64,
10 reject_tokens_expiring_in_less_than: u64,
11 validate_exp: bool,
12 validate_nbf: bool,
13 validate_aud: bool,
14 aud: Option<HashSet<String>>,
15 iss: Option<HashSet<String>>,
16 sub: Option<String>,
17 validate_signature: bool,
18}
19
20impl Default for Validation {
21 fn default() -> Self {
22 Self {
23 required_spec_claims: [String::from("exp")].into(),
24 leeway: 60,
25 reject_tokens_expiring_in_less_than: 0,
26 validate_exp: true,
27 validate_nbf: false,
28 validate_aud: true,
29 aud: None,
30 iss: None,
31 sub: None,
32 validate_signature: true,
33 }
34 }
35}
36
37impl Validation {
38 pub fn new() -> Self {
39 Self::default()
40 }
41
42 pub fn required_spec_claims(mut self, required_spec_claims: HashSet<String>) -> Self {
43 self.required_spec_claims = required_spec_claims;
44 self
45 }
46
47 pub fn leeway(mut self, leeway: u64) -> Self {
48 self.leeway = leeway;
49 self
50 }
51
52 pub fn reject_tokens_expiring_in_less_than(
53 mut self,
54 reject_tokens_expiring_in_less_than: u64,
55 ) -> Self {
56 self.reject_tokens_expiring_in_less_than = reject_tokens_expiring_in_less_than;
57 self
58 }
59
60 pub fn validate_exp(mut self, validate_exp: bool) -> Self {
61 self.validate_exp = validate_exp;
62 self
63 }
64
65 pub fn validate_nbf(mut self, validate_nbf: bool) -> Self {
66 self.validate_nbf = validate_nbf;
67 self
68 }
69
70 pub fn validate_aud(mut self, validate_aud: bool) -> Self {
71 self.validate_aud = validate_aud;
72 self
73 }
74
75 pub fn aud<T: ToString>(mut self, aud: &[T]) -> Self {
76 self.aud = Some(aud.iter().map(|a| a.to_string()).collect());
77 self
78 }
79
80 pub fn iss<T: ToString>(mut self, iss: &[T]) -> Self {
81 self.iss = Some(iss.iter().map(|i| i.to_string()).collect());
82 self
83 }
84
85 #[allow(clippy::should_implement_trait)]
86 pub fn sub<T: ToString>(mut self, sub: T) -> Self {
87 self.sub = Some(sub.to_string());
88 self
89 }
90
91 pub fn insecure_disable_signature_validation(mut self) -> Self {
92 self.validate_signature = false;
93 self
94 }
95
96 pub fn to_jsonwebtoken_validation(&self, algorithm: Algorithm) -> JsonWebTokenValidation {
97 let mut validation = JsonWebTokenValidation::new(algorithm);
98
99 validation.leeway = self.leeway;
100 validation.reject_tokens_expiring_in_less_than = self.reject_tokens_expiring_in_less_than;
101
102 validation.validate_exp = self.validate_exp;
103 validation.validate_nbf = self.validate_nbf;
104 validation.validate_aud = self.validate_aud;
105
106 validation.aud = self.aud.clone();
107 validation.iss = self.iss.clone();
108 validation.sub = self.sub.clone();
109
110 if !self.validate_signature {
111 validation.insecure_disable_signature_validation();
112 }
113
114 validation
115 }
116}