cloud-storage 0.3.1

A crate for uploading files to Google cloud storage, and for generating download urls.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

use crate::error::Error;
use openssl::{pkey::PKey, rsa::Rsa};
use serde::{Deserialize, Serialize};

/// This struct contains contains a token, an expiry, and an access scope.
pub struct Token {
    // this field contains the JWT and the expiry thereof. They are in the same Option because if
    // one of them is `Some`, we require that the other be `Some` as well.
    token: Option<(String, u64)>,
    // store the access scope for later use if we need to refresh the token
    access_scope: String,
}

#[derive(Serialize)]
struct Claims {
    iss: String,
    scope: String,
    aud: String,
    exp: u64,
    iat: u64,
}

#[derive(Deserialize, Debug)]
struct TokenResponse {
    access_token: String,
    expires_in: usize,
    token_type: String,
}

impl Token {
    pub fn new(scope: &str) -> Self {
        Self {
            token: None,
            access_scope: scope.to_string(),
        }
    }

    pub fn get<'a>(&'a mut self) -> Result<String, Error> {
        match self.token {
            Some((ref token, exp)) if exp > now() => Ok(token.clone()),
            _ => self.retrieve(),
        }
    }

    fn retrieve(&mut self) -> Result<String, Error> {
        self.token = Some(Self::get_token(&self.access_scope)?);
        match self.token {
            Some(ref token) => Ok(token.0.clone()),
            None => unreachable!(),
        }
    }

    fn get_token(scope: &str) -> Result<(String, u64), Error> {
        let now = now();
        let exp = now + 3600;

        let claims = Claims {
            iss: crate::SERVICE_ACCOUNT.client_email.clone(),
            scope: scope.into(),
            aud: "https://www.googleapis.com/oauth2/v4/token".to_string(),
            exp,
            iat: now,
        };
        let mut header = jsonwebtoken::Header::default();
        header.alg = jsonwebtoken::Algorithm::RS256;
        let rsa = Rsa::private_key_from_pem(crate::SERVICE_ACCOUNT.private_key.as_bytes())?;
        let private_key = PKey::from_rsa(rsa)?;
        let private_key = &private_key.private_key_to_der().unwrap();
        let jwt = jsonwebtoken::encode(&header, &claims, private_key)?;
        let body = [
            ("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer"),
            ("assertion", &jwt),
        ];
        let client = reqwest::blocking::Client::new();
        let response: TokenResponse = client
            .post("https://www.googleapis.com/oauth2/v4/token")
            .form(&body)
            .send()?
            .json()?;
        Ok((response.access_token, exp))
    }
}

fn now() -> u64 {
    std::time::SystemTime::now()
        .duration_since(std::time::SystemTime::UNIX_EPOCH)
        .unwrap()
        .as_secs()
}