drogue-bazaar 0.3.0

A place to find tools for building your Rust application
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

use crate::{core::config::CommaSeparatedVec, reqwest::ClientFactory};
use anyhow::Context;
use core::fmt::Debug;
use drogue_client::openid::OpenIdTokenProvider;
use serde::Deserialize;
use std::time::Duration;
use url::Url;

/// All required configuration when authentication is enabled.
#[derive(Clone, Debug, Deserialize, PartialEq, Eq)]
pub struct TokenConfig {
    pub client_id: String,

    pub client_secret: String,

    pub issuer_url: Url,

    #[serde(default)]
    pub tls_insecure: bool,

    #[serde(default)]
    pub tls_ca_certificates: CommaSeparatedVec,

    #[serde(default)]
    #[serde(with = "humantime_serde")]
    pub refresh_before: Option<Duration>,
}

impl TokenConfig {
    pub async fn into_client(self, redirect: Option<String>) -> anyhow::Result<openid::Client> {
        let mut client = ClientFactory::new();
        client = client.add_ca_certs(self.tls_ca_certificates.0);

        if self.tls_insecure {
            client = client.make_insecure();
        }

        openid::Client::discover_with_client(
            client.build()?,
            self.client_id,
            self.client_secret,
            redirect,
            self.issuer_url,
        )
        .await
        .context("Discovering endpoint")
    }

    /// Create a new provider by discovering the OAuth2 client from the configuration
    pub async fn discover_from(self) -> anyhow::Result<OpenIdTokenProvider> {
        let refresh_before = self
            .refresh_before
            .and_then(|d| chrono::Duration::from_std(d).ok())
            .unwrap_or_else(|| chrono::Duration::seconds(15));

        Ok(OpenIdTokenProvider::new(
            self.into_client(None).await?,
            refresh_before,
        ))
    }
}

#[cfg(test)]
mod test {
    use super::*;
    use crate::core::config::ConfigFromEnv;
    use std::collections::HashMap;

    #[test]
    fn test_ca_certs() {
        let mut envs = HashMap::new();

        envs.insert("CLIENT_ID", "id");
        envs.insert("CLIENT_SECRET", "secret");
        envs.insert("ISSUER_URL", "http://foo.bar/baz/buz");
        envs.insert("REALM", "drogue");
        envs.insert("TLS_CA_CERTIFICATES", "/foo/bar/baz");

        let config = TokenConfig::from_set(envs).unwrap();

        assert_eq!(
            TokenConfig {
                client_id: "id".to_string(),
                client_secret: "secret".to_string(),
                issuer_url: Url::parse("http://foo.bar/baz/buz").unwrap(),
                refresh_before: None,
                tls_insecure: false,
                tls_ca_certificates: vec!["/foo/bar/baz".to_string()].into(),
            },
            config
        );
    }

    #[test]
    fn test_ca_certs_multi() {
        let mut envs = HashMap::new();

        envs.insert("CLIENT_ID", "id");
        envs.insert("CLIENT_SECRET", "secret");
        envs.insert("ISSUER_URL", "http://foo.bar/baz/buz");
        envs.insert("REALM", "drogue");
        envs.insert("TLS_CA_CERTIFICATES", "/foo/bar/baz,/foo/bar/baz2");

        let config = TokenConfig::from_set(envs).unwrap();

        assert_eq!(
            TokenConfig {
                client_id: "id".to_string(),
                client_secret: "secret".to_string(),
                issuer_url: Url::parse("http://foo.bar/baz/buz").unwrap(),
                refresh_before: None,
                tls_insecure: false,
                tls_ca_certificates: vec!["/foo/bar/baz".to_string(), "/foo/bar/baz2".to_string()]
                    .into(),
            },
            config
        );
    }
}