bitwarden-auth 3.0.0

Internal crate for the bitwarden crate. Do not use.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

//! Shared utilities for token renewal.

use bitwarden_api_api::apis::AuthRequired;
use bitwarden_core::auth::login::LoginError;
use reqwest_middleware::Middleware;

pub(crate) const TOKEN_RENEW_MARGIN_SECONDS: i64 = 5 * 60;

/// A wrapper that implements [reqwest_middleware::Middleware] by delegating to a [MiddlewareExt]
/// for token retrieval. We can't implement [Middleware] directly on [MiddlewareExt] because
/// [Middleware] is defined in an external crate, so we use this wrapper to bridge between them.
pub(crate) struct MiddlewareWrapper<T>(pub(crate) T);

/// Trait used to share over the token attaching middleware. This is implemented by the token
/// management structs, leaving them responsible for handling token retrieval and renewal logic. The
/// middleware simply calls [MiddlewareExt::get_token] to get the current token (renewing if
/// necessary) and attaches it to the request.
#[cfg_attr(not(target_arch = "wasm32"), async_trait::async_trait)]
#[cfg_attr(target_arch = "wasm32", async_trait::async_trait(?Send))]
pub(crate) trait MiddlewareExt: 'static + Send + Sync {
    async fn get_token(&self) -> Result<Option<String>, LoginError>;
}

/// Implements HTTP middleware that attaches authentication tokens to requests.
/// Delegates to [MiddlewareExt::get_token] to retrieve tokens (which handles renewal).
/// Only applies to requests marked with [AuthRequired].
#[cfg_attr(not(target_arch = "wasm32"), async_trait::async_trait)]
#[cfg_attr(target_arch = "wasm32", async_trait::async_trait(?Send))]
impl<T: MiddlewareExt> Middleware for MiddlewareWrapper<T> {
    async fn handle(
        &self,
        mut req: reqwest::Request,
        ext: &mut http::Extensions,
        next: reqwest_middleware::Next<'_>,
    ) -> Result<reqwest::Response, reqwest_middleware::Error> {
        match ext.get::<AuthRequired>() {
            Some(AuthRequired::Bearer) => {
                match self.0.get_token().await {
                    Ok(Some(token)) => match format!("Bearer {}", token).parse() {
                        Ok(header_value) => {
                            req.headers_mut()
                                .insert(http::header::AUTHORIZATION, header_value);
                        }
                        Err(e) => {
                            tracing::warn!("Failed to parse auth token for header: {e}");
                        }
                    },
                    Ok(None) => {
                        tracing::warn!("No token available for request requiring authentication");
                    }
                    Err(e) => {
                        tracing::warn!("Failed to get auth token: {e}");
                    }
                };
            }
            Some(auth) => {
                tracing::warn!(?auth, "Unsupported authentication method in request");
            }
            None => (),
        }

        next.run(req, ext).await
    }
}