Skip to content

Commit

Permalink
Restructure OIDC service (#404)
Browse files Browse the repository at this point in the history
* create oidc crate

* finish refactor

* add async-trait

* remove unused dependencies

* fix key formatting

* add lints

* up
  • Loading branch information
aumetra authored Oct 29, 2023
1 parent 2fd9880 commit b0f1aa5
Show file tree
Hide file tree
Showing 20 changed files with 363 additions and 172 deletions.
41 changes: 31 additions & 10 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ members = [
"crates/kitsune-language",
"crates/kitsune-messaging",
"crates/kitsune-observability",
"crates/kitsune-oidc",
"crates/kitsune-retry-policies",
"crates/kitsune-search",
"crates/kitsune-storage",
Expand Down
1 change: 0 additions & 1 deletion crates/kitsune-cache/src/redis.rs
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ impl<K, V> Redis<K, V>
where
K: ?Sized,
{
#[allow(clippy::missing_panics_doc)] // All invariants covered. Won't panic.
pub fn new<P>(redis_conn: deadpool_redis::Pool, prefix: P, ttl: Duration) -> Self
where
P: Into<String>,
Expand Down
16 changes: 15 additions & 1 deletion crates/kitsune-config/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ pub struct MCaptchaConfiguration {
}

#[derive(Clone, Deserialize, Serialize)]
#[serde(rename_all = "camelCase", tag = "type")]
#[serde(rename_all = "lowercase", tag = "type")]
pub enum CaptchaConfiguration {
HCaptcha(HCaptchaConfiguration),
MCaptcha(MCaptchaConfiguration),
Expand Down Expand Up @@ -93,9 +93,23 @@ pub struct JobQueueConfiguration {
pub num_workers: NonZeroUsize,
}

#[derive(Clone, Deserialize, Serialize)]
#[serde(rename_all = "kebab-case")]
pub struct OidcRedisStoreConfiguration {
pub url: SmolStr,
}

#[derive(Clone, Deserialize, Serialize)]
#[serde(rename_all = "kebab-case", tag = "type")]
pub enum OidcStoreConfiguration {
InMemory,
Redis(OidcRedisStoreConfiguration),
}

#[derive(Clone, Deserialize, Serialize)]
#[serde(rename_all = "kebab-case")]
pub struct OidcConfiguration {
pub store: OidcStoreConfiguration,
pub server_url: SmolStr,
pub client_id: SmolStr,
pub client_secret: SmolStr,
Expand Down
2 changes: 1 addition & 1 deletion crates/kitsune-core/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ autometrics = { version = "0.6.0", default-features = false, features = [
base64-simd = "0.8.0"
bytes = "1.5.0"
const_format = "0.2.32"
deadpool-redis = { version = "0.13.0", default-features = false }
deadpool-redis = "0.13.0"
derive_builder = "0.12.0"
diesel = "2.1.3"
diesel-async = { version = "0.4.1", features = ["postgres"] }
Expand Down
2 changes: 1 addition & 1 deletion crates/kitsune-embed/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ iso8601-timestamp = "0.2.12"
kitsune-db = { path = "../kitsune-db" }
kitsune-http-client = { path = "../kitsune-http-client" }
once_cell = "1.18.0"
scraper = { version = "0.18.0", default-features = false }
scraper = { version = "0.18.1", default-features = false }
smol_str = "0.2.0"
thiserror = "1.0.50"
typed-builder = "0.18.0"
26 changes: 26 additions & 0 deletions crates/kitsune-oidc/Cargo.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
[package]
name = "kitsune-oidc"
edition.workspace = true
version.workspace = true

[dependencies]
async-trait = "0.1.74"
deadpool-redis = "0.13.0"
enum_dispatch = "0.3.12"
http = "0.2.9"
hyper = "0.14.27"
kitsune-config = { path = "../kitsune-config" }
kitsune-http-client = { path = "../kitsune-http-client" }
moka = { version = "0.12.1", features = ["sync"] }
once_cell = "1.18.0"
openidconnect = { version = "3.4.0", default-features = false, features = [
# Accept these two, per specification invalid, cases to increase compatibility
"accept-rfc3339-timestamps",
"accept-string-booleans",
] }
redis = "0.23.3"
serde = { version = "1.0.190", features = ["derive"] }
simd-json = "0.13.4"
speedy-uuid = { path = "../../lib/speedy-uuid", features = ["serde"] }
thiserror = "1.0.50"
url = "2.4.1"
61 changes: 61 additions & 0 deletions crates/kitsune-oidc/src/error.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
use openidconnect::{
core::CoreErrorResponseType, ClaimsVerificationError, DiscoveryError, RequestTokenError,
SigningError, StandardErrorResponse,
};
use thiserror::Error;

pub type Result<T, E = Error> = std::result::Result<T, E>;

#[derive(Debug, Error)]
pub enum Error {
#[error(transparent)]
ClaimsVerification(#[from] ClaimsVerificationError),

#[error(transparent)]
CreateRedisPool(#[from] deadpool_redis::CreatePoolError),

#[error(transparent)]
Discovery(#[from] DiscoveryError<kitsune_http_client::Error>),

#[error(transparent)]
JsonParse(#[from] simd_json::Error),

#[error("Missing Email address")]
MissingEmail,

#[error("Mismatching hash")]
MismatchingHash,

#[error("Missing ID token")]
MissingIdToken,

#[error("Missing login state")]
MissingLoginState,

#[error("Missing username")]
MissingUsername,

#[error(transparent)]
Redis(#[from] redis::RedisError),

#[error(transparent)]
RedisPool(#[from] deadpool_redis::PoolError),

#[error(transparent)]
RequestToken(
#[from]
RequestTokenError<
kitsune_http_client::Error,
StandardErrorResponse<CoreErrorResponseType>,
>,
),

#[error(transparent)]
Signing(#[from] SigningError),

#[error("Unknown CSRF token")]
UnknownCsrfToken,

#[error(transparent)]
UrlParse(#[from] url::ParseError),
}
20 changes: 20 additions & 0 deletions crates/kitsune-oidc/src/http.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
use http::Request;
use hyper::Body;
use kitsune_http_client::Client as HttpClient;
use once_cell::sync::Lazy;
use openidconnect::{HttpRequest, HttpResponse};

static HTTP_CLIENT: Lazy<HttpClient> = Lazy::new(HttpClient::default);

pub async fn async_client(req: HttpRequest) -> Result<HttpResponse, kitsune_http_client::Error> {
let mut request = Request::builder().method(req.method).uri(req.url.as_str());
*request.headers_mut().unwrap() = req.headers;
let request = request.body(Body::from(req.body)).unwrap();
let response = HTTP_CLIENT.execute(request).await?;

Ok(HttpResponse {
status_code: response.status(),
headers: response.headers().clone(),
body: response.bytes().await?.to_vec(),
})
}
Loading

0 comments on commit b0f1aa5

Please sign in to comment.