signer-daemon 0.3.2

Signer daemon package.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222

use crate::DaemonResult as Result;
use serde::{Deserialize, Serialize};
use signer_core::{SignerJWT, SignerJWTClaims, SignerJWTHeader, SignerUser};

// 移除未使用的导入

// 定义 AuthCodeDetail 和 AuthCodeStatus,与 signer-hub 保持一致
#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq)]
pub enum AuthCodeStatus {
    Pending,
    Fetched,
    Expired,
    Completed,
}

#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct AuthCodeDetail {
    pub code: String,
    pub state: String,
    pub status: AuthCodeStatus,
    pub expire_at: i64,
    pub jwt: Option<String>,
}

#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
pub struct PostAuthRequest {
    #[serde(rename = "jwt")]
    pub jwt: String,
    #[serde(rename = "state")]
    pub state: String,
}

impl PostAuthRequest {
    pub fn new(jwt: String, state: String) -> PostAuthRequest {
        PostAuthRequest { jwt, state }
    }
}

pub struct SignerRemoteAuth {
    pub base_url: String,
}

impl SignerRemoteAuth {
    pub fn from_url(url: String) -> Self {
        Self { base_url: url }
    }

    /// 获取认证详情,包含 state 等信息
    pub async fn get_auth_detail(&self, target: &str) -> Result<AuthCodeDetail> {
        let client = reqwest::Client::new();

        let response = client.get(target).send().await?;

        if !response.status().is_success() {
            return Err(crate::DaemonError::Signer(crate::SignerError::Msg(
                format!("获取认证详情失败: {}", response.status()),
            )));
        }

        let detail: AuthCodeDetail = response.json().await?;
        Ok(detail)
    }

    pub async fn post_auth(
        &self,
        user: &SignerUser,
        target: String,
        state: String,
        expire: i64,
    ) -> Result<()> {
        let claims =
            SignerJWTClaims::default(&user, target.clone(), uuid::Uuid::new_v4().to_string())
                .with_expired_duration(chrono::Duration::milliseconds(expire));

        let jwt = SignerJWT::new(SignerJWTHeader::default(&user), claims)
            .encode(&user)
            .expect("encode jwt string failed");

        let request = PostAuthRequest::new(jwt, state);

        // 使用原生 reqwest 发送请求到 target 地址
        let client = reqwest::Client::new();

        let response = client.post(&target).json(&request).send().await?;

        if !response.status().is_success() {
            return Err(crate::DaemonError::Signer(crate::SignerError::Msg(
                format!("认证请求失败: {}", response.status()),
            )));
        }

        Ok(())
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use futures_util::StreamExt;
    use signer_core::SignerUser;
    use std::time::Duration;
    use tokio::sync::mpsc;

    #[tokio::test]
    async fn test_e2e_auth_flow() {
        // 这里是 E2E 测试的起点
        // 我们需要一个正在运行的 signer-hub 实例
        let base_url = "http://localhost:8080";

        let (tx, mut rx) = mpsc::channel::<String>(1); // 只传递 code

        // 协程一:客户端,通过 SSE 获取 code
        let client_handle = tokio::spawn(async move {
            let client = reqwest::Client::new();
            let mut stream = client
                .get(format!("{}/api/auth/new", base_url))
                .send()
                .await
                .unwrap()
                .bytes_stream();

            let mut code_received = false;
            let mut buffer = String::new();

            while let Some(item) = stream.next().await {
                let chunk = item.unwrap();
                let chunk_str = String::from_utf8(chunk.to_vec()).unwrap();
                buffer.push_str(&chunk_str);

                // 处理完整的 SSE 事件
                while let Some(event_end) = buffer.find("\n\n") {
                    let event = buffer[..event_end].to_string();
                    buffer = buffer[event_end + 2..].to_string();

                    println!("Received event: {}", event);

                    // 解析 SSE 事件
                    for line in event.lines() {
                        if line.starts_with("data:") {
                            let data = line.trim_start_matches("data:").trim();

                            // 尝试解析为 JSON
                            match serde_json::from_str::<serde_json::Value>(data) {
                                Ok(auth_code) => {
                                    if !code_received {
                                        // 第一次收到的是包含 code 的 AuthCode(status 为 Pending)
                                        if let (Some(code), Some(status)) = (
                                            auth_code.get("code").and_then(|c| c.as_str()),
                                            auth_code.get("status").and_then(|s| s.as_str()),
                                        ) {
                                            if status == "Pending" {
                                                println!(
                                                    "Received code: {}, status: {}",
                                                    code, status
                                                );
                                                tx.send(code.to_string()).await.unwrap();
                                                code_received = true;
                                            }
                                        }
                                    } else {
                                        // 后续收到的是状态更新,检查是否完成
                                        if let Some(status) =
                                            auth_code.get("status").and_then(|s| s.as_str())
                                        {
                                            if status == "Completed" {
                                                if let Some(jwt) =
                                                    auth_code.get("jwt").and_then(|j| j.as_str())
                                                {
                                                    println!(
                                                        "Received JWT: {}, status: {}",
                                                        jwt, status
                                                    );
                                                    assert!(!jwt.is_empty());
                                                    return;
                                                }
                                            }
                                        }
                                    }
                                }
                                Err(_) => {
                                    // JSON 解析失败,忽略这个事件
                                }
                            }
                        }
                    }
                }
            }
        });

        // 协程二:认证处理器,接收 code,通过 get_auth_detail 方法获取 state,发送 post_auth 请求
        let auth_handle = tokio::spawn(async move {
            if let Some(code) = rx.recv().await {
                // 使用 SignerRemoteAuth 的 get_auth_detail 方法获取认证详情
                let auth = SignerRemoteAuth::from_url(base_url.to_string());
                // 构造完整的认证详情获取URL
                let detail_url = format!("{}/api/auth/{}", base_url, code);
                let detail = auth.get_auth_detail(&detail_url).await.unwrap();

                println!("Retrieved state from detail API: {}", detail.state);
                println!(
                    "Auth detail: code={}, status={:?}, expire_at={}",
                    detail.code, detail.status, detail.expire_at
                );

                let user = SignerUser::generete("tester").unwrap();
                let target_url = format!("{}/api/auth/{}", base_url, code);
                let result = auth.post_auth(&user, target_url, detail.state, 3600).await;
                assert!(result.is_ok());
            }
        });

        // 等待两个协程完成,或者超时
        let timeout = Duration::from_secs(10);
        let _ = tokio::time::timeout(timeout, async {
            let (client_res, auth_res) = tokio::join!(client_handle, auth_handle);
            client_res.unwrap();
            auth_res.unwrap();
        })
        .await
        .expect("测试超时!");
    }
}