ci: Add code coverage

.codecov.yaml

@@ -0,0 +1,9 @@
+coverage:
+  status:
+    project:
+      default:
+        # Do not pass if PR reduces coverage by more than 5%
+        target: auto
+        threshold: 5
+comment:
+  layout: "header, diff, components, files, footer"

.config/nextest.toml

@@ -0,0 +1,6 @@
+[profile.ci]
+fail-fast = false
+[profile.ci.junit]
+path = "junit.xml"
+store-success-output = true
+store-failure-output = true

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @famedly/workflows

.github/workflows/main.yml

@@ -0,0 +1,18 @@
+name: Add issues to Product Management Project.
+
+on:
+  issues:
+    types:
+      - opened
+
+jobs:
+  add-to-project:
+    name: Add issue to project
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/[email protected]
+        with:
+          # You can target a repository in a different organization
+          # to the issue
+          project-url: https://github.com/orgs/famedly/projects/4
+          github-token: ${{ secrets.ADD_ISSUE_TO_PROJECT_PAT }}

.github/workflows/rust.yml

@@ -0,0 +1,24 @@
+name: Rust
+
+# Trigger the CI on any tags, pushes to any branch and PRs to any branch.
+on:
+  push:
+    branches: [ "main" ]
+    tags: [ "*" ]
+  pull_request:
+    branches: [ "*" ]
+
+# Make sure there is no pipeline running uselessly.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+# Environment variables for all jobs.
+env:
+  CARGO_TERM_COLOR: always
+
+# Defined CI jobs.
+jobs:
+  check:
+    uses: famedly/backend-build-workflows/.github/workflows/rust-workflow.yml@v1
+    secrets: inherit

.typos.toml

@@ -0,0 +1,7 @@
+[files]
+extend-exclude = ["data/**"]
+
+[default.extend-words]
+# Can't change the API surface
+encrypter = "encrypter"
+deriver = "deriver"

Cargo.toml

@@ -30,3 +30,97 @@ time = "0.3"
 
 [dev-dependencies]
 doc-comment = "0.3.3"
+
+
+# TODO: Start actually fixing these lints
+[lints.rust]
+dead_code = "allow"
+missing_debug_implementations = "allow"
+missing_docs = "allow"
+trivial_casts = "allow"
+trivial_numeric_casts = "allow"
+unused_extern_crates = "allow"
+unused_import_braces = "allow"
+unused_qualifications = "allow"
+
+[lints.clippy]
+# TODO: Disable
+all = "allow"
+tabs_in_doc_comments = "allow"
+branches_sharing_code = "allow"
+cast_lossless = "allow"
+cast_possible_wrap = "allow"
+checked_conversions = "allow"
+cloned_instead_of_copied = "allow"
+create_dir = "allow"
+dbg_macro = "allow"
+default_trait_access = "allow"
+expect_used = "allow"
+expl_impl_clone_on_copy = "allow"
+fallible_impl_from = "allow"
+filetype_is_file = "allow"
+filter_map_next = "allow"
+flat_map_option = "allow"
+float_cmp = "allow"
+fn_params_excessive_bools = "allow"
+fn_to_numeric_cast_any = "allow"
+future_not_send = "allow"
+if_then_some_else_none = "allow"
+implicit_clone = "allow"
+implicit_hasher = "allow"
+implicit_saturating_sub = "allow"
+imprecise_flops = "allow"
+inefficient_to_string = "allow"
+items_after_statements = "allow"
+iter_not_returning_iterator = "allow"
+large_digit_groups = "allow"
+large_stack_arrays = "allow"
+large_types_passed_by_value = "allow"
+lossy_float_literal = "allow"
+macro_use_imports = "allow"
+manual_let_else = "allow"
+manual_ok_or = "allow"
+many_single_char_names = "allow"
+map_unwrap_or = "allow"
+mem_forget = "allow"
+#missing_const_for_fn = "allow"
+missing_docs_in_private_items = "allow"
+must_use_candidate = "allow"
+mut_mut = "allow"
+mutex_atomic = "allow"
+needless_bitwise_bool = "allow"
+non_send_fields_in_send_ty = "allow"
+option_option = "allow"
+path_buf_push_overwrite = "allow"
+print_stderr = "allow"
+print_stdout = "allow"
+ptr_as_ptr = "allow"
+range_minus_one = "allow"
+range_plus_one = "allow"
+rc_buffer = "allow"
+rc_mutex = "allow"
+redundant_closure_for_method_calls = "allow"
+ref_binding_to_reference = "allow"
+ref_option_ref = "allow"
+return_self_not_must_use = "allow"
+same_functions_in_if_condition = "allow"
+same_name_method = "allow"
+semicolon_if_nothing_returned = "allow"
+str_to_string = "allow"
+string_to_string = "allow"
+suboptimal_flops = "allow"
+suspicious_operation_groupings = "allow"
+too_many_lines = "allow"
+trait_duplication_in_bounds = "allow"
+trivially_copy_pass_by_ref = "allow"
+type_repetition_in_bounds = "allow"
+undocumented_unsafe_blocks = "allow"
+unnested_or_patterns = "allow"
+unreadable_literal = "allow"
+unseparated_literal_suffix = "allow"
+unused_async = "allow"
+unused_self = "allow"
+unwrap_used = "allow"
+used_underscore_binding = "allow"
+useless_let_if_seq = "allow"
+verbose_file_reads = "allow"

README.md

@@ -25,7 +25,7 @@ cargo build --release
 ```sh
 1. Update to vX.X.X on cargo.toml and README.md.
 
-2. Run commnads
+2. Run commands
 cargo test
 cargo publish --dry-run
 git tag vX.X.X
@@ -378,7 +378,7 @@ fn main() -> Result<(), JoseError> {
     let signer = HS256.signer_from_bytes(key)?;
     let jwt = jwt::encode_with_signer(&payload, &header, &signer)?;
 
-    // Verifing JWT
+    // Verifying JWT
     let verifier = HS256.verifier_from_bytes(key)?;
     let (payload, header) = jwt::decode_with_verifier(&jwt, &verifier)?;
 
@@ -421,7 +421,7 @@ fn main() -> Result<(), JoseError> {
     let signer = RS256.signer_from_pem(&private_key)?;
     let jwt = jwt::encode_with_signer(&payload, &header, &signer)?;
 
-    // Verifing JWT
+    // Verifying JWT
     let public_key = std::fs::read(PUBLIC_KEY).unwrap();
     let verifier = RS256.verifier_from_pem(&public_key)?;
     let (payload, header) = jwt::decode_with_verifier(&jwt, &verifier)?;
@@ -475,7 +475,7 @@ fn main() -> Result<(), JoseError> {
     let signer = PS256.signer_from_pem(&private_key)?;
     let jwt = jwt::encode_with_signer(&payload, &header, &signer)?;
 
-    // Verifing JWT
+    // Verifying JWT
     let public_key = std::fs::read(PUBLIC_KEY).unwrap();
     let verifier = PS256.verifier_from_pem(&public_key)?;
     let (payload, header) = jwt::decode_with_verifier(&jwt, &verifier)?;
@@ -530,7 +530,7 @@ fn main() -> Result<(), JoseError> {
     let signer = ES256.signer_from_pem(&private_key)?;
     let jwt = jwt::encode_with_signer(&payload, &header, &signer)?;
 
-    // Verifing JWT
+    // Verifying JWT
     let public_key = std::fs::read(PUBLIC_KEY).unwrap();
     let verifier = ES256.verifier_from_pem(&public_key)?;
     let (payload, header) = jwt::decode_with_verifier(&jwt, &verifier)?;
@@ -580,7 +580,7 @@ fn main() -> Result<(), JoseError> {
     let signer = EdDSA.signer_from_pem(&private_key)?;
     let jwt = jwt::encode_with_signer(&payload, &header, &signer)?;
 
-    // Verifing JWT
+    // Verifying JWT
     let public_key = std::fs::read(PUBLIC_KEY).unwrap();
     let verifier = EdDSA.verifier_from_pem(&public_key)?;
     let (payload, header) = jwt::decode_with_verifier(&jwt, &verifier)?;

src/jwe/alg/pbes2_hmac_aeskw.rs

@@ -387,7 +387,10 @@ impl JweDecrypter for Pbes2HmacAeskwJweDecrypter {
             };
 
             if p2c > 1000000 {
-                bail!("The p2c value is too large. This is a possible DoS attack: {}", p2c);
+                bail!(
+                    "The p2c value is too large. This is a possible DoS attack: {}",
+                    p2c
+                );
             }
 
             let mut salt = Vec::with_capacity(self.algorithm().name().len() + 1 + p2s.len());
@@ -510,7 +513,9 @@ mod tests {
 
             let decrypter = alg.decrypter_from_jwk(&jwk)?;
 
-            let err = decrypter.decrypt(encrypted_key.as_deref(), &enc, &out_header).unwrap_err();
+            let err = decrypter
+                .decrypt(encrypted_key.as_deref(), &enc, &out_header)
+                .unwrap_err();
             assert_eq!(format!("{}", err), "Invalid JWE format: The p2c value is too large. This is a possible DoS attack: 1000001");
         }
 

src/jwe/enc/aescbc_hmac.rs

@@ -29,7 +29,7 @@ impl AescbcHmacJweEncryption {
         }
     }
 
-    fn calcurate_tag(
+    fn calculate_tag(
         &self,
         aad: &[u8],
         iv: Option<&[u8]>,
@@ -116,7 +116,7 @@ impl JweContentEncryption for AescbcHmacJweEncryption {
         })()
         .map_err(|err| JoseError::InvalidKeyFormat(err))?;
 
-        let tag = self.calcurate_tag(aad, iv, &encrypted_message, mac_key)?;
+        let tag = self.calculate_tag(aad, iv, &encrypted_message, mac_key)?;
 
         Ok((encrypted_message, Some(tag)))
     }
@@ -155,7 +155,7 @@ impl JweContentEncryption for AescbcHmacJweEncryption {
                 None => bail!("A tag value is required."),
             };
 
-            let calc_tag = self.calcurate_tag(aad, iv, &encrypted_message, mac_key)?;
+            let calc_tag = self.calculate_tag(aad, iv, &encrypted_message, mac_key)?;
             if calc_tag.as_slice() != tag {
                 bail!("The tag doesn't match.");
             }

src/jwe/jwe_algorithm.rs

@@ -48,7 +48,7 @@ pub trait JweEncrypter: Debug + Send + Sync {
         out_header: &mut JweHeader,
     ) -> Result<Option<Cow<[u8]>>, JoseError>;
 
-    /// Return a encypted key.
+    /// Return a encrypted key.
     ///
     /// # Arguments
     ///

src/jwe/jwe_context.rs

@@ -500,27 +500,27 @@ impl JweContext {
             let (ciphertext, tag) =
                 cencryption.encrypt(&key, iv.as_deref(), content, full_aad.as_bytes())?;
 
-            let mut writed = false;
+            let mut written = false;
             let mut json = String::new();
             if let Some(val) = protected_b64 {
                 json.push_str("{\"protected\":\"");
                 json.push_str(&val);
                 json.push_str("\"");
-                writed = true;
+                written = true;
             }
 
             if let Some(val) = header {
                 let unprotected_map = val.claims_set(false);
                 if unprotected_map.len() > 0 {
                     let unprotected = serde_json::to_string(unprotected_map)?;
-                    json.push_str(if writed { "," } else { "{" });
+                    json.push_str(if written { "," } else { "{" });
                     json.push_str("\"unprotected\":");
                     json.push_str(&unprotected);
-                    writed = true;
+                    written = true;
                 }
             }
 
-            json.push_str(if writed { "," } else { "{" });
+            json.push_str(if written { "," } else { "{" });
             json.push_str("\"recipients\":[");
             for i in 0..recipient_headers.len() {
                 if i > 0 {
@@ -751,31 +751,31 @@ impl JweContext {
 
             let (ciphertext, tag) = cencryption.encrypt(&key, iv, content, full_aad.as_bytes())?;
 
-            let mut writed = false;
+            let mut written = false;
             let mut json = String::new();
             if let Some(val) = protected_b64 {
                 json.push_str("{\"protected\":\"");
                 json.push_str(&val);
                 json.push_str("\"");
-                writed = true;
+                written = true;
             }
 
             if let Some(val) = header {
                 let unprotected_map = val.claims_set(false);
                 if unprotected_map.len() > 0 {
                     let unprotected = serde_json::to_string(unprotected_map)?;
-                    json.push_str(if writed { "," } else { "{" });
+                    json.push_str(if written { "," } else { "{" });
                     json.push_str("\"unprotected\":");
                     json.push_str(&unprotected);
-                    writed = true;
+                    written = true;
                 }
             }
 
             if let Some(val) = recipient_header {
                 let header_map = val.claims_set();
                 if header_map.len() > 0 {
                     let header = serde_json::to_string(header_map)?;
-                    json.push_str(if writed { "," } else { "{" });
+                    json.push_str(if written { "," } else { "{" });
                     json.push_str("\"header\":");
                     json.push_str(&header);
                 }