burn_p2p_auth_github 0.21.0-pre.3

Optional GitHub auth connector for burn_p2p.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

//! GitHub-backed identity connector implementations for burn_p2p.
#![forbid(unsafe_code)]

use std::collections::BTreeMap;

use burn_p2p_auth_external::ProviderMappedIdentityConnector;
use burn_p2p_core::{AuthProvider, PrincipalId};
use burn_p2p_security::{
    AuthError, CallbackPayload, IdentityConnector, LoginRequest, LoginStart, PrincipalClaims,
    PrincipalSession, StaticPrincipalRecord,
};
use chrono::Duration;

#[derive(Debug)]
/// Represents a git hub identity connector.
pub struct GitHubIdentityConnector(ProviderMappedIdentityConnector);

impl GitHubIdentityConnector {
    /// Creates a new value.
    pub fn new(
        session_ttl: Duration,
        principals: BTreeMap<PrincipalId, StaticPrincipalRecord>,
        authorize_base_url: Option<String>,
    ) -> Self {
        Self(ProviderMappedIdentityConnector::new(
            AuthProvider::GitHub,
            session_ttl,
            principals,
            authorize_base_url.or_else(|| Some("https://github.com/login/oauth/authorize".into())),
        ))
    }

    /// Returns a copy configured with the exchange URL.
    pub fn with_exchange_url(mut self, exchange_url: Option<String>) -> Self {
        self.0 = self.0.with_exchange_url(exchange_url);
        self
    }

    /// Returns a copy configured with the token URL.
    pub fn with_token_url(mut self, token_url: Option<String>) -> Self {
        self.0 = self.0.with_token_url(token_url);
        self
    }

    /// Returns a copy configured with the client credentials.
    pub fn with_client_credentials(
        mut self,
        client_id: Option<String>,
        client_secret: Option<String>,
    ) -> Self {
        self.0 = self.0.with_client_credentials(client_id, client_secret);
        self
    }

    /// Returns a copy configured with the userinfo URL.
    pub fn with_userinfo_url(mut self, userinfo_url: Option<String>) -> Self {
        self.0 = self.0.with_userinfo_url(userinfo_url);
        self
    }

    /// Returns a copy configured with the refresh URL.
    pub fn with_refresh_url(mut self, refresh_url: Option<String>) -> Self {
        self.0 = self.0.with_refresh_url(refresh_url);
        self
    }

    /// Returns a copy configured with the revoke URL.
    pub fn with_revoke_url(mut self, revoke_url: Option<String>) -> Self {
        self.0 = self.0.with_revoke_url(revoke_url);
        self
    }
}

impl IdentityConnector for GitHubIdentityConnector {
    fn begin_login(&self, req: LoginRequest) -> Result<LoginStart, AuthError> {
        self.0.begin_login(req)
    }

    fn complete_login(&self, callback: CallbackPayload) -> Result<PrincipalSession, AuthError> {
        self.0.complete_login(callback)
    }

    fn refresh(&self, session: &PrincipalSession) -> Result<PrincipalSession, AuthError> {
        self.0.refresh(session)
    }

    fn fetch_claims(&self, session: &PrincipalSession) -> Result<PrincipalClaims, AuthError> {
        self.0.fetch_claims(session)
    }

    fn revoke(&self, session: &PrincipalSession) -> Result<(), AuthError> {
        self.0.revoke(session)
    }
}

#[cfg(test)]
mod tests {
    use std::collections::{BTreeMap, BTreeSet};

    use burn_p2p_core::{
        AuthProvider, ExperimentScope, NetworkId, PeerRole, PeerRoleSet, PrincipalId,
    };
    use burn_p2p_security::{
        CallbackPayload, IdentityConnector, LoginRequest, PrincipalClaims, StaticPrincipalRecord,
    };
    use chrono::{Duration, Utc};

    use crate::GitHubIdentityConnector;

    #[test]
    fn github_connector_issues_github_sessions() {
        let now = Utc::now();
        let connector = GitHubIdentityConnector::new(
            Duration::minutes(10),
            BTreeMap::from([(
                PrincipalId::new("alice"),
                StaticPrincipalRecord {
                    claims: PrincipalClaims {
                        principal_id: PrincipalId::new("alice"),
                        provider: AuthProvider::GitHub,
                        display_name: "Alice".into(),
                        org_memberships: BTreeSet::new(),
                        group_memberships: BTreeSet::from(["contributors".into()]),
                        granted_roles: PeerRoleSet::new([PeerRole::TrainerGpu]),
                        granted_scopes: BTreeSet::from([ExperimentScope::Connect]),
                        custom_claims: BTreeMap::new(),
                        issued_at: now,
                        expires_at: now + Duration::hours(1),
                    },
                    allowed_networks: BTreeSet::from([NetworkId::new("network-a")]),
                },
            )]),
            Some("https://github.example/authorize".into()),
        );

        let login = connector
            .begin_login(LoginRequest {
                network_id: NetworkId::new("network-a"),
                principal_hint: Some("alice".into()),
                requested_scopes: BTreeSet::from([ExperimentScope::Connect]),
            })
            .expect("login");
        assert_eq!(login.provider, AuthProvider::GitHub);

        let session = connector
            .complete_login(CallbackPayload {
                login_id: login.login_id,
                state: login.state,
                principal_id: Some(PrincipalId::new("alice")),
                provider_code: None,
            })
            .expect("session");
        assert_eq!(session.claims.provider, AuthProvider::GitHub);
    }
}