From 041b86e6e57b1b58dad4da3b70f860802bfa8829 Mon Sep 17 00:00:00 2001 From: Sam Judelson <64875465+sjud@users.noreply.github.com> Date: Mon, 15 Jan 2024 13:48:22 -0500 Subject: [PATCH 1/5] sso_auth_session example (#2117) * example draft * fmt * db delete * db * oops clippy * clippy 2 * - nightly ? * fmt * - cargo all features? --- examples/sso_auth_axum/Cargo.toml | 110 +++++++++ examples/sso_auth_axum/LICENSE | 21 ++ examples/sso_auth_axum/Makefile.toml | 11 + examples/sso_auth_axum/README.md | 83 +++++++ examples/sso_auth_axum/flake.lock | 116 ++++++++++ examples/sso_auth_axum/flake.nix | 37 ++++ .../20231217000000_create_tables.sql | 26 +++ examples/sso_auth_axum/public/favicon.ico | Bin 0 -> 15406 bytes examples/sso_auth_axum/src/auth.rs | 144 ++++++++++++ examples/sso_auth_axum/src/error_template.rs | 24 ++ examples/sso_auth_axum/src/fallback.rs | 47 ++++ examples/sso_auth_axum/src/lib.rs | 162 ++++++++++++++ examples/sso_auth_axum/src/main.rs | 137 ++++++++++++ examples/sso_auth_axum/src/sign_in_sign_up.rs | 208 ++++++++++++++++++ examples/sso_auth_axum/src/state.rs | 18 ++ examples/sso_auth_axum/sso.db | 0 examples/sso_auth_axum/style.css | 7 + 17 files changed, 1151 insertions(+) create mode 100644 examples/sso_auth_axum/Cargo.toml create mode 100644 examples/sso_auth_axum/LICENSE create mode 100644 examples/sso_auth_axum/Makefile.toml create mode 100644 examples/sso_auth_axum/README.md create mode 100644 examples/sso_auth_axum/flake.lock create mode 100644 examples/sso_auth_axum/flake.nix create mode 100644 examples/sso_auth_axum/migrations/20231217000000_create_tables.sql create mode 100644 examples/sso_auth_axum/public/favicon.ico create mode 100644 examples/sso_auth_axum/src/auth.rs create mode 100644 examples/sso_auth_axum/src/error_template.rs create mode 100644 examples/sso_auth_axum/src/fallback.rs create mode 100644 examples/sso_auth_axum/src/lib.rs create mode 100644 examples/sso_auth_axum/src/main.rs create mode 100644 examples/sso_auth_axum/src/sign_in_sign_up.rs create mode 100644 examples/sso_auth_axum/src/state.rs create mode 100644 examples/sso_auth_axum/sso.db create mode 100644 examples/sso_auth_axum/style.css diff --git a/examples/sso_auth_axum/Cargo.toml b/examples/sso_auth_axum/Cargo.toml new file mode 100644 index 0000000000..c540e5b00b --- /dev/null +++ b/examples/sso_auth_axum/Cargo.toml @@ -0,0 +1,110 @@ +[package] +name = "sso_auth_axum" +version = "0.1.0" +edition = "2021" + +[lib] +crate-type = ["cdylib", "rlib"] + +[dependencies] +oauth2 = {version="4.4.2",optional=true} +anyhow = "1.0.66" +console_log = "1.0.0" +rand = { version = "0.8.5", features = ["min_const_gen"], optional = true } +console_error_panic_hook = "0.1.7" +futures = "0.3.25" +cfg-if = "1.0.0" +leptos = { path = "../../leptos"} +leptos_meta = { path = "../../meta" } +leptos_axum = { path = "../../integrations/axum", optional = true } +leptos_router = { path = "../../router"} +log = "0.4.17" +simple_logger = "4.0.0" +serde = { version = "1.0.148", features = ["derive"] } +serde_json = {version="1.0.108", optional = true } +axum = { version = "0.6.1", optional = true, features=["macros"] } +tower = { version = "0.4.13", optional = true } +tower-http = { version = "0.4", features = ["fs"], optional = true } +tokio = { version = "1.22.0", features = ["full"], optional = true } +http = { version = "0.2.8" } +sqlx = { version = "0.6.2", features = [ + "runtime-tokio-rustls", + "sqlite", +], optional = true } +thiserror = "1.0.38" +wasm-bindgen = "0.2" +axum_session_auth = { version = "0.2.1", features = [ + "sqlite-rustls", +], optional = true } +axum_session = { version = "0.2.3", features = [ + "sqlite-rustls", +], optional = true } +async-trait = { version = "0.1.64", optional = true } +reqwest= {version="0.11",optional=true, features=["json"]} + +[features] +hydrate = ["leptos/hydrate", "leptos_meta/hydrate", "leptos_router/hydrate"] +ssr = [ + "dep:serde_json", + "dep:axum", + "dep:tower", + "dep:tower-http", + "dep:tokio", + "dep:reqwest", + "dep:oauth2", + "dep:axum_session_auth", + "dep:axum_session", + "dep:async-trait", + "dep:sqlx", + "dep:rand", + "leptos/ssr", + "leptos_meta/ssr", + "leptos_router/ssr", + "dep:leptos_axum", +] + + + +[package.metadata.leptos] +# The name used by wasm-bindgen/cargo-leptos for the JS/WASM bundle. Defaults to the crate name +output-name = "sso_auth_axum" +# The site root folder is where cargo-leptos generate all output. WARNING: all content of this folder will be erased on a rebuild. Use it in your server setup. +site-root = "target/site" +# The site-root relative folder where all compiled output (JS, WASM and CSS) is written +# Defaults to pkg +site-pkg-dir = "pkg" +# [Optional] The source CSS file. If it ends with .sass or .scss then it will be compiled by dart-sass into CSS. The CSS is optimized by Lightning CSS before being written to //app.css +style-file = "./style.css" +# [Optional] Files in the asset-dir will be copied to the site-root directory +assets-dir = "public" +# The IP and port (ex: 127.0.0.1:3000) where the server serves the content. Use it in your server setup. +site-addr = "127.0.0.1:3000" +# The port to use for automatic reload monitoring +reload-port = 3001 +# [Optional] Command to use when running end2end tests. It will run in the end2end dir. +end2end-cmd = "npx playwright test" +# The browserlist query used for optimizing the CSS. +browserquery = "defaults" +# Set by cargo-leptos watch when building with tha tool. Controls whether autoreload JS will be included in the head +watch = false +# The environment Leptos will run in, usually either "DEV" or "PROD" +env = "DEV" +# The features to use when compiling the bin target +# +# Optional. Can be over-ridden with the command line parameter --bin-features +bin-features = ["ssr"] + +# If the --no-default-features flag should be used when compiling the bin target +# +# Optional. Defaults to false. +bin-default-features = false + +# The features to use when compiling the lib target +# +# Optional. Can be over-ridden with the command line parameter --lib-features +lib-features = ["hydrate"] + +# If the --no-default-features flag should be used when compiling the lib target +# +# Optional. Defaults to false. +lib-default-features = false diff --git a/examples/sso_auth_axum/LICENSE b/examples/sso_auth_axum/LICENSE new file mode 100644 index 0000000000..77d5625cb3 --- /dev/null +++ b/examples/sso_auth_axum/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 Greg Johnston + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/examples/sso_auth_axum/Makefile.toml b/examples/sso_auth_axum/Makefile.toml new file mode 100644 index 0000000000..15fb0d6317 --- /dev/null +++ b/examples/sso_auth_axum/Makefile.toml @@ -0,0 +1,11 @@ +extend = { path = "../cargo-make/main.toml" } + +[tasks.build] +command = "cargo" +args = ["+nightly", "build-all-features"] +install_crate = "cargo-all-features" + +[tasks.check] +command = "cargo" +args = ["+nightly", "check-all-features"] +install_crate = "cargo-all-features" diff --git a/examples/sso_auth_axum/README.md b/examples/sso_auth_axum/README.md new file mode 100644 index 0000000000..45eea80140 --- /dev/null +++ b/examples/sso_auth_axum/README.md @@ -0,0 +1,83 @@ +# Leptos SSO Authenticated Email Display App with Axum + +## Overview +This project demonstrates various methods of implementing Single Sign-On (SSO) authorization using OAuth, specifically with the OAuth2 library. The primary focus is on the Authorization Code Grant flow. + +### Process Flow +1. **Initiating Sign-In:** When a user clicks the 'Sign In With {THIRD PARTY SERVICE}' button, the request is sent to a server function. This function retrieves an authorization URL from the third-party service. + +2. **CSRF Token Handling:** During the URL fetch, a CSRF_TOKEN is generated and confirmed by the service to mitigate Cross-Site Request Forgery attacks. Learn more about CSRF [here](https://en.wikipedia.org/wiki/Cross-site_request_forgery). This token is stored on our server. + +3. **User Redirection:** Post-login, users are redirected to our server with a URL formatted as follows: +`http://your-redirect-uri.com/callback?code=AUTHORIZATION_CODE&state=CSRF_TOKEN` +Note: Additional parameters like Scope and Client_ID may be included by the service. + +4. **Token Acquisition:** The 'code' parameter in the URL is not the actual service token. Instead, it's used to fetch the token. We verify the CSRF_TOKEN in the URL against our server's stored token for security. + +5. **Access Token Usage:** With a valid CSRF_TOKEN, we use the AUTHORIZATION_CODE in an HTTP Request to the third-party service. The response typically includes: +- An `access token` +- An `expires_in` value (time in seconds until token expiration) +- A `refresh token` (used to renew the access token) + +6. **Email Retrieval and Display:** The access token allows us to retrieve the user's email. This email is then displayed in our Email Display App. + +7. **Session Management:** The `expires_in` value is sent to the client. The client uses this to set a timeout, ensuring that if the session is still active (the window hasn't been closed), it automatically triggers a token refresh when required. + + + +## Client Side Rendering +This example cannot be built as a trunk standalone CSR-only app. Only the server may directly connect to the database. + +## Server Side Rendering with cargo-leptos +cargo-leptos is now the easiest and most featureful way to build server side rendered apps with hydration. It provides automatic recompilation of client and server code, wasm optimisation, CSS minification, and more! Check out more about it [here](https://github.com/akesson/cargo-leptos) + +## Env Vars +Commands that run the program, cargo leptos watch, cargo leptos serve, cargo run etc... All need the following Environment variables +G_AUTH_CLIENT_ID : This is the client ID given to you by google. +G_AUTH_SECRET : This is the secret given to you by google. +NGROK : this is the ngrok endpoint you get when you run ngrok http 3000 + +## Ngrok Google Set Up +After running your app, run +```bash +ngrok http 3000 +``` +Then use google api's and services, go to credentials, create credentials, add your app name, and use the ngrok url as the origin +and use the ngrok url with /g_auth as the redirect url. That will look like this `https://362b-24-34-20-189.ngrok-free.app/g_auth` +Save you client ID and secret given to you by google. Use them as Envars when you run the program as below +```bash +REDIRECT_URL={ngrok_redirect_url} G_AUTH_CLIENT_ID={google_credential_client_id} G_AUTH_SECRET={google_credential_secret} {your command here...} +``` + +1. Install cargo-leptos +```bash +cargo install --locked cargo-leptos +``` +2. Build the site in watch mode, recompiling on file changes +```bash +cargo leptos watch +``` + +Open browser on [http://localhost:3000/](http://localhost:3000/) + +3. When ready to deploy, run +```bash +cargo leptos build --release +``` + +## Server Side Rendering without cargo-leptos +To run it as a server side app with hydration, you'll need to have wasm-pack installed. + +0. Edit the `[package.metadata.leptos]` section and set `site-root` to `"."`. You'll also want to change the path of the `` component in the root component to point towards the CSS file in the root. This tells leptos that the WASM/JS files generated by wasm-pack are available at `./pkg` and that the CSS files are no longer processed by cargo-leptos. Building to alternative folders is not supported at this time. You'll also want to edit the call to `get_configuration()` to pass in `Some(Cargo.toml)`, so that Leptos will read the settings instead of cargo-leptos. If you do so, your file/folder names cannot include dashes. +1. Install wasm-pack +```bash +cargo install wasm-pack +``` +2. Build the Webassembly used to hydrate the HTML from the server +```bash +wasm-pack build --target=web --debug --no-default-features --features=hydrate +``` +3. Run the server to serve the Webassembly, JS, and HTML +```bash +cargo run --no-default-features --features=ssr +``` diff --git a/examples/sso_auth_axum/flake.lock b/examples/sso_auth_axum/flake.lock new file mode 100644 index 0000000000..18fbbc6d61 --- /dev/null +++ b/examples/sso_auth_axum/flake.lock @@ -0,0 +1,116 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1672580127, + "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0874168639713f547c05947c76124f78441ea46c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1681525152, + "narHash": "sha256-KzI+ILcmU03iFWtB+ysPqtNmp8TP8v1BBReTuPP8MJY=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "b6f8d87208336d7cb85003b2e439fc707c38f92a", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/examples/sso_auth_axum/flake.nix b/examples/sso_auth_axum/flake.nix new file mode 100644 index 0000000000..a70dca4db1 --- /dev/null +++ b/examples/sso_auth_axum/flake.nix @@ -0,0 +1,37 @@ +{ + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05"; + inputs.rust-overlay.url = "github:oxalica/rust-overlay"; + inputs.rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.url = "github:numtide/flake-utils"; + + outputs = { self, nixpkgs, rust-overlay, flake-utils }: + flake-utils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ (import rust-overlay) ]; + }; + in + with pkgs; rec { + devShells.default = mkShell { + + shellHook = '' + export PKG_CONFIG_PATH="${pkgs.openssl.dev}/lib/pkgconfig"; + ''; + + nativeBuildInputs = [ + pkg-config + ]; + buildInputs = [ + trunk + sqlite + sass + openssl + (rust-bin.nightly.latest.default.override { + extensions = [ "rust-src" ]; + targets = [ "wasm32-unknown-unknown" ]; + }) + ]; + }; + }); +} \ No newline at end of file diff --git a/examples/sso_auth_axum/migrations/20231217000000_create_tables.sql b/examples/sso_auth_axum/migrations/20231217000000_create_tables.sql new file mode 100644 index 0000000000..3ccb685692 --- /dev/null +++ b/examples/sso_auth_axum/migrations/20231217000000_create_tables.sql @@ -0,0 +1,26 @@ +PRAGMA foreign_keys = ON; + +CREATE TABLE IF NOT EXISTS users ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + email TEXT NOT NULL UNIQUE, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP +); + +CREATE TABLE IF NOT EXISTS user_permissions ( + user_id INTEGER NOT NULL, + token TEXT NOT NULL +); + +CREATE TABLE IF NOT EXISTS csrf_tokens ( + csrf_token TEXT NOT NULL PRIMARY KEY UNIQUE +); + +CREATE TABLE IF NOT EXISTS google_tokens ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + user_id INTEGER NOT NULL UNIQUE, + access_secret TEXT NOT NULL, + refresh_secret TEXT NOT NULL, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (user_id) REFERENCES users(id) CONFLICT REPLACE +); + diff --git a/examples/sso_auth_axum/public/favicon.ico b/examples/sso_auth_axum/public/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..2ba8527cb12f5f28f331b8d361eef560492d4c77 GIT binary patch literal 15406 zcmeHOd3aPs5`TblWD*3D%tXPJ#q(n!z$P=3gCjvf#a)E}a;Uf>h{pmVih!a-5LVO` zB?JrzEFicD0wRLo0iPfO372xnkvkzFlRHB)lcTnNZ}KK@US{UKN#b8?e_zkLy1RZ= zT~*y(-6IICgf>E_P6A)M3(wvl2qr-gx_5Ux-_uzT*6_Q&ee1v9B?vzS3&K5IhO2N5 z$9ukLN<`G>$$|GLnga~y%>f}*j%+w@(ixVUb^1_Gjoc;(?TrD3m2)RduFblVN)uy; zQAEd^T{5>-YYH%|Kv{V^cxHMBr1Ik7Frht$imC`rqx@5*| z+OqN!xAjqmaU=qR$uGDMa7p!W9oZ+64($4xDk^FyFQ<_9Z`(;DLnB<;LLJD1<&vnZ zo0(>zIkQTse}qNMb6+i`th54(3pKm8;UAJ<_BULR*Z=m5FU7jiW(&#l+}WkHZ|e@1 z`pm;Q^pCuLUQUrnQ(hPM10pSSHQS=Bf8DqG1&!-B!oQQ|FuzLruL1w(+g<8&znyI? zzX-}?SwUvNjEuT?7uUOy{Fb@xKklpj+jdYM^IK9}NxvLRZd{l9FHEQJ4IO~q%4I0O zAN|*8x^nIU4Giw?f*tmNx=7H)2-Zn?J^B6SgpcW3ZXV_57Sn%Mtfr_=w|sYpAhdJT zcKo6Z*oIOU(az~3$LOEWm9Q)dYWMA}T7L23MVGqrcA%4H)+^`+=j+Hh8CTCnnG2Rh zgcXVW%F8$R9)6}f=NQiLPt8qt3xNUQI>Q*)H1lzk<&n?XR-f}tc&9V0H0lhGqHJ^N zN%h(9-Of2_)!Xk{qdIkU>1%mk%I_Id1!MU*yq&&>)Q+!L^t&-2mW9Xq7g9C@* zl&PKJ&su2L+iku?Te?Pf?k3tUK){Bj_gb&aPo8Ago^XI~mRTd(5{&^tf1)!-lSMha z@$~ae!r(~`=p&|mMxy2EiZQ6FvXb(1avS*`Pj%$)*?vwceGKHmHnl`v&fEQ_Wh+G) zEPQ^3&oV%}%;zF`AM|S%d>pM@1}33PN5*4SewROk_K$n^i8QjaYiRzwG8#OvVIF|{x85wH+?*P*%)woI zR538k@=(E`V;p1UwA|fqSh`$n_t;Sz4T)`_s~pRR4lbmWWSdxa-FqLZ%fLT)Bh?iye?COx~mO1wkn5)HNMg7`8~ z25VJhz&3Z7`M>6luJrEw$Jikft+6SxyIh?)PU1?DfrKMGC z=3T;;omE4H`PWqF8?0*dOA3o9y@~WK`S}{?tIHquEw?v`M^D%Lobpdrp%3}1=-&qk zqAtb1px-1Fy6}E8IUg4s%8B0~P<P5C;de%@n~XnDKF@fr$a+^@$^P|>vlw($aSK2lRtLt~8tRb`I0 znfI!G?K|<5ry*gk>y56rZy0NkK6)))6Mg1=K?7yS9p+#1Ij=W*%5Rt-mlc;#MOnE9 zoi`-+6oj@)`gq2Af!B+9%J#K9V=ji2dj2<_qaLSXOCeqQ&<0zMSb$5mAi;HU=v`v<>NYk}MbD!ewYVB+N-ctzn=l&bTwv)*7 zmY<+Y@SBbtl9PPk$HTR?ln@(T92XjTRj0Mx|Mzl;lW>Su_y^~fh?8(L?oz8h!cCpb zZG-OY=NJ3{>r*`U<(J%#zjFT-a9>u6+23H{=d(utkgqt7@^)C;pkb)fQ|Q=*8*SyT z;otKe+f8fEp)ZacKZDn3TNzs>_Kx+g*c_mr8LBhr8GnoEmAQk#%sR52`bdbW8Ms$!0u2bdt=T-lK3JbDW`F(Urt%Ob2seiN>7U`YN}aOdIiCC;eeufJC#m3S z9#|l2c?G@t*hH5y^76jkv)rs4H+;oiTuY5FQwRMN_7NUqeiD|b&RyxPXQz|3qC(_> zZJMwjC4F!1m2INXqzisQ4X^w=>&(+Ecdu&~IWEMn7f*YcYI&eWI(6hI#f114%aymM zyhlG6{q>XN7(LyGiMAS&qijR%d2rV|>AUT_sE&EKUSTCM26>aKzNxk0?K|utOcxl# zxIOwM#O!!H+QzbX*&p=QuKe4y;bS>&StQOE5AEGg_ubk8{;1yOVAJfE_Js-lL7rr9 z)CEuFIlkApj~uV^zJK7KocjT=4B zJP(}0x}|A7C$$5gIp>KBPZ|A#2Ew;$#g9Fk)r;Q~?G$>x<+JM)J3u>j zi68K=I;ld`JJ?Nq+^_B?C+Q%+x#m{9JF$tbaDeNIep%=^#>KHGtg=L)>m z_J&vaZTs2{qP!4Gdw5u5Kcf}5R4(q}Lebx%(J$7l*Q`Il#pCTM%!`y5y*-~zIVs}D z9;t+(xmV~R65^ZQXe+<5{$QW0O8MT~a{kdFLR)nfRMA9L(YU>x*DTltN#m-2km zC;T`cfb{c`mcx(z7o_a8bYJn8_^dz4Cq!DZ37{P6uF{@#519UWK1{>(9sZB1I^6MmNc39MJ-_|)!S8vO+O3&$MulU3Gc z_W{N*B(yneyl-oN_MKaJ{CZ6dv-~^8uPbLSh&0jfV@EfA{2Dc!_rOyfx`R0T@LonA z<*%O?-aa_Wm-z$s@K(ex7UhM0-?9C=PkYdk&d2n((E4>&(f4D`fOQY%CURMMyJyU` zVeJBAId&StHjw76tnwSqZs3e0683`L{a3k9JYdg#(ZVw4J`&CkV-2LFaDE1Z?CehVy%vZx$tM3tTax8E@2;N^QTrPcI?Ob8uK!DM0_sfE6ks2M?iw zPS4{(k-PF*-oY>S!d9;L+|xdTtLen9B2LvpL4k;#ScB< z$NP_7j~7)5eXuoYEk*dK_rSz9yT_C4B{r~^#^o}-VQI=Y?01|$aa!a7=UEm$|DsQQ zfLK1qmho2@)nwA?$1%T6jwO2HZ({6&;`s|OQOxI4S8*Hw=Qp!b(gNJR%SAj&wGa>^&2@x)Vj zhd^WfzJ^b0O{E^q82Pw({uT`E`MT2WnZ02{E%t*yRPN>?W>0vU^4@Vyh4;mLj918c z*s*papo?<}cQM{5lcgZScx}?usg{mS!KkH9U%@|^_33?{FI{1ss+8kXyFY&5M-e~f zM$){FF;_+z3sNJ)Er~{Beux$fEl{R4|7WKcpEsGtK57f+H0DJ$hI;U;JtF>+lG@sV zQI_;bQ^7XIJ>Bs?C32b1v;am;P4GUqAJ#zOHv}4SmV|xXX6~O9&e_~YCCpbT>s$`! k<4FtN!5; +}} + +#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)] +pub struct User { + pub id: i64, + pub email: String, + pub permissions: HashSet, +} + +impl Default for User { + fn default() -> Self { + let permissions = HashSet::new(); + + Self { + id: -1, + email: "example@example.com".into(), + permissions, + } + } +} + +cfg_if! { +if #[cfg(feature = "ssr")] { + use async_trait::async_trait; + + impl User { + pub async fn get(id: i64, pool: &SqlitePool) -> Option { + let sqluser = sqlx::query_as::<_, SqlUser>("SELECT * FROM users WHERE id = ?") + .bind(id) + .fetch_one(pool) + .await + .ok()?; + + //lets just get all the tokens the user can use, we will only use the full permissions if modifing them. + let sql_user_perms = sqlx::query_as::<_, SqlPermissionTokens>( + "SELECT token FROM user_permissions WHERE user_id = ?;", + ) + .bind(id) + .fetch_all(pool) + .await + .ok()?; + + Some(sqluser.into_user(Some(sql_user_perms))) + } + + pub async fn get_from_email(email: &str, pool: &SqlitePool) -> Option { + let sqluser = sqlx::query_as::<_, SqlUser>("SELECT * FROM users WHERE email = ?") + .bind(email) + .fetch_one(pool) + .await + .ok()?; + + //lets just get all the tokens the user can use, we will only use the full permissions if modifing them. + let sql_user_perms = sqlx::query_as::<_, SqlPermissionTokens>( + "SELECT token FROM user_permissions WHERE user_id = ?;", + ) + .bind(sqluser.id) + .fetch_all(pool) + .await + .ok()?; + + Some(sqluser.into_user(Some(sql_user_perms))) + } + } + + #[derive(sqlx::FromRow, Clone)] + pub struct SqlPermissionTokens { + pub token: String, + } + + #[derive(sqlx::FromRow, Clone)] + pub struct SqlCsrfToken { + pub csrf_token: String, + } + + #[async_trait] + impl Authentication for User { + async fn load_user(userid: i64, pool: Option<&SqlitePool>) -> Result { + let pool = pool.unwrap(); + + User::get(userid, pool) + .await + .ok_or_else(|| anyhow::anyhow!("Cannot get user")) + } + + fn is_authenticated(&self) -> bool { + true + } + + fn is_active(&self) -> bool { + true + } + + fn is_anonymous(&self) -> bool { + false + } + } + + #[async_trait] + impl HasPermission for User { + async fn has(&self, perm: &str, _pool: &Option<&SqlitePool>) -> bool { + self.permissions.contains(perm) + } + } + + #[derive(sqlx::FromRow, Clone)] + pub struct SqlUser { + pub id: i64, + pub email: String, + } + + #[derive(sqlx::FromRow, Clone)] + pub struct SqlRefreshToken { + pub secret: String, + } + + + impl SqlUser { + pub fn into_user(self, sql_user_perms: Option>) -> User { + User { + id: self.id, + email: self.email, + permissions: if let Some(user_perms) = sql_user_perms { + user_perms + .into_iter() + .map(|x| x.token) + .collect::>() + } else { + HashSet::::new() + }, + } + } + } +} +} diff --git a/examples/sso_auth_axum/src/error_template.rs b/examples/sso_auth_axum/src/error_template.rs new file mode 100644 index 0000000000..9635f45d04 --- /dev/null +++ b/examples/sso_auth_axum/src/error_template.rs @@ -0,0 +1,24 @@ +use leptos::{view, Errors, For, IntoView, RwSignal, SignalGet, View}; + +// A basic function to display errors served by the error boundaries. Feel free to do more complicated things +// here than just displaying them +pub fn error_template(errors: RwSignal) -> View { + view! { +

"Errors"

+ "Error: " {error_string}

+ } + } + /> + } + .into_view() +} diff --git a/examples/sso_auth_axum/src/fallback.rs b/examples/sso_auth_axum/src/fallback.rs new file mode 100644 index 0000000000..2ac8e1c38b --- /dev/null +++ b/examples/sso_auth_axum/src/fallback.rs @@ -0,0 +1,47 @@ +use cfg_if::cfg_if; + +cfg_if! { +if #[cfg(feature = "ssr")] { + use axum::{ + body::{boxed, Body, BoxBody}, + extract::State, + response::IntoResponse, + http::{Request, Response, StatusCode, Uri}, + }; + use axum::response::Response as AxumResponse; + use tower::ServiceExt; + use tower_http::services::ServeDir; + use leptos::*; + use crate::error_template::error_template; + + pub async fn file_and_error_handler(uri: Uri, State(options): State, req: Request) -> AxumResponse { + let root = options.site_root.clone(); + let res = get_static_file(uri.clone(), &root).await.unwrap(); + + if res.status() == StatusCode::OK { + res.into_response() + } else { + leptos::logging::log!("{:?}:{}",res.status(),uri); + let handler = leptos_axum::render_app_to_stream( + options.to_owned(), + || error_template(create_rw_signal(leptos::Errors::default()) + ) + ); + handler(req).await.into_response() + } + } + + async fn get_static_file(uri: Uri, root: &str) -> Result, (StatusCode, String)> { + let req = Request::builder().uri(uri.clone()).body(Body::empty()).unwrap(); + // `ServeDir` implements `tower::Service` so we can call it with `tower::ServiceExt::oneshot` + // This path is relative to the cargo root + match ServeDir::new(root).oneshot(req).await { + Ok(res) => Ok(res.map(boxed)), + Err(err) => Err(( + StatusCode::INTERNAL_SERVER_ERROR, + format!("Something went wrong: {}", err), + )), + } + } + } +} diff --git a/examples/sso_auth_axum/src/lib.rs b/examples/sso_auth_axum/src/lib.rs new file mode 100644 index 0000000000..61ebb0dce8 --- /dev/null +++ b/examples/sso_auth_axum/src/lib.rs @@ -0,0 +1,162 @@ +use cfg_if::cfg_if; + +pub mod auth; +pub mod error_template; +pub mod fallback; +pub mod sign_in_sign_up; +pub mod state; +use leptos::{leptos_dom::helpers::TimeoutHandle, *}; +use leptos_meta::*; +use leptos_router::*; +use sign_in_sign_up::*; + +cfg_if! { + if #[cfg(feature = "ssr")] { + use crate::{ + state::AppState, + auth::{AuthSession,User,SqlRefreshToken} + }; + use oauth2::{ + reqwest::async_http_client, + TokenResponse + }; + use sqlx::SqlitePool; + + pub fn pool() -> Result { + use_context::() + .ok_or_else(|| ServerFnError::ServerError("Pool missing.".into())) + } + + pub fn auth() -> Result { + use_context::() + .ok_or_else(|| ServerFnError::ServerError("Auth session missing.".into())) + } + } +} + +#[derive(Clone, Debug)] +pub struct Email(RwSignal>); +#[derive(Clone, Debug)] +pub struct ExpiresIn(RwSignal); +#[server] +pub async fn refresh_token(email: String) -> Result { + let pool = pool()?; + let oauth_client = expect_context::().client; + let user = User::get_from_email(&email, &pool) + .await + .ok_or(ServerFnError::ServerError("User not found".to_string()))?; + + let refresh_secret = sqlx::query_as::<_, SqlRefreshToken>( + "SELECT secret FROM google_refresh_tokens WHERE user_id = ?", + ) + .bind(user.id) + .fetch_one(&pool) + .await? + .secret; + + let token_response = oauth_client + .exchange_refresh_token(&oauth2::RefreshToken::new(refresh_secret)) + .request_async(async_http_client) + .await?; + + let access_token = token_response.access_token().secret(); + let expires_in = token_response.expires_in().unwrap().as_secs(); + let refresh_secret = token_response.refresh_token().unwrap().secret(); + sqlx::query("DELETE FROM google_tokens WHERE user_id == ?") + .bind(user.id) + .execute(&pool) + .await?; + sqlx::query( + "INSERT INTO google_tokens (user_id,access_secret,refresh_secret) \ + VALUES (?,?,?)", + ) + .bind(user.id) + .bind(access_token) + .bind(refresh_secret) + .execute(&pool) + .await?; + Ok(expires_in) +} +#[component] +pub fn App() -> impl IntoView { + provide_meta_context(); + let email = create_rw_signal(None::); + let rw_expires_in = create_rw_signal(0); + provide_context(Email(email)); + provide_context(ExpiresIn(rw_expires_in)); + + let display_email = + move || email.get().unwrap_or(String::from("No email to display")); + let refresh_token = create_server_action::(); + + create_effect(move |handle: Option>| { + // If this effect is called, try to cancel the previous handle. + if let Some(prev_handle) = handle.flatten() { + prev_handle.clear(); + }; + // if expires_in isn't 0, then set a timeout that rerfresh a minute short of the refresh. + let expires_in = rw_expires_in.get(); + if expires_in != 0 && email.get_untracked().is_some() { + let handle = set_timeout_with_handle( + move || { + refresh_token.dispatch(RefreshToken { + email: email.get_untracked().unwrap(), + }) + }, + std::time::Duration::from_secs( + // Google tokens last 3599 seconds, so we'll get a refresh token every 14 seconds. + expires_in.checked_sub(3545).unwrap_or_default(), + ), + ) + .unwrap(); + Some(handle) + } else { + None + } + }); + + create_effect(move |_| { + if let Some(Ok(expires_in)) = refresh_token.value().get() { + rw_expires_in.set(expires_in); + } + }); + + view! { + + + + <Router> + <main> + <Routes> + <Route path="" view=move || { + view!{ + {display_email} + <Show when=move||email.get().is_some() fallback=||view!{<SignIn/>}> + <LogOut/> + </Show> + } + }/> + <Route path="g_auth" view=||view!{<HandleGAuth/>}/> + </Routes> + </main> + </Router> + } +} + +// Needs to be in lib.rs AFAIK because wasm-bindgen needs us to be compiling a lib. I may be wrong. +cfg_if! { + if #[cfg(feature = "hydrate")] { + use wasm_bindgen::prelude::wasm_bindgen; + use leptos::view; + + #[wasm_bindgen] + pub fn hydrate() { + _ = console_log::init_with_level(log::Level::Debug); + console_error_panic_hook::set_once(); + + leptos::mount_to_body(|| { + view! { <App/> } + }); + } + } +} diff --git a/examples/sso_auth_axum/src/main.rs b/examples/sso_auth_axum/src/main.rs new file mode 100644 index 0000000000..1a01555643 --- /dev/null +++ b/examples/sso_auth_axum/src/main.rs @@ -0,0 +1,137 @@ +use cfg_if::cfg_if; + +// boilerplate to run in different modes +cfg_if! { +if #[cfg(feature = "ssr")] { + use axum::{ + response::{IntoResponse}, + routing::get, + extract::{Path, State, RawQuery}, + http::{Request, header::HeaderMap}, + body::Body as AxumBody, + Router, + }; + use sso_auth_axum::auth::*; + use sso_auth_axum::state::AppState; + use sso_auth_axum::fallback::file_and_error_handler; + use leptos_axum::{generate_route_list, handle_server_fns_with_context, LeptosRoutes}; + use leptos::{logging::log, view, provide_context, get_configuration}; + use sqlx::{SqlitePool, sqlite::SqlitePoolOptions}; + use axum_session::{SessionConfig, SessionLayer, SessionStore,Key, SecurityMode}; + use axum_session_auth::{AuthSessionLayer, AuthConfig, SessionSqlitePool}; + + async fn server_fn_handler(State(app_state): State<AppState>, auth_session: AuthSession, path: Path<String>, headers: HeaderMap, raw_query: RawQuery, + request: Request<AxumBody>) -> impl IntoResponse { + + log!("{:?}", path); + + handle_server_fns_with_context(path, headers, raw_query, move || { + provide_context(app_state.clone()); + provide_context(auth_session.clone()); + provide_context(app_state.pool.clone()); + }, request).await + } + + pub async fn leptos_routes_handler( + auth_session: AuthSession, + State(app_state): State<AppState>, + axum::extract::State(option): axum::extract::State<leptos::LeptosOptions>, + request: Request<AxumBody>, + ) -> axum::response::Response { + let handler = leptos_axum::render_app_async_with_context( + option.clone(), + move || { + provide_context(app_state.clone()); + provide_context(auth_session.clone()); + provide_context(app_state.pool.clone()); + }, + move || view! { <sso_auth_axum::App/> }, + ); + + handler(request).await.into_response() + } + + + #[tokio::main] + async fn main() { + simple_logger::init_with_level(log::Level::Info).expect("couldn't initialize logging"); + + let pool = SqlitePoolOptions::new() + .connect("sqlite:sso.db") + .await + .expect("Could not make pool."); + + // Auth section + let session_config = SessionConfig::default() + .with_table_name("sessions_table") + .with_key(Key::generate()) + .with_database_key(Key::generate()) + .with_security_mode(SecurityMode::PerSession); + + let auth_config = AuthConfig::<i64>::default(); + let session_store = SessionStore::<SessionSqlitePool>::new(Some(pool.clone().into()), session_config); + session_store.initiate().await.unwrap(); + + sqlx::migrate!() + .run(&pool) + .await + .expect("could not run SQLx migrations"); + + + + // Setting this to None means we'll be using cargo-leptos and its env vars + let conf = get_configuration(None).await.unwrap(); + let leptos_options = conf.leptos_options; + let addr = leptos_options.site_addr; + let routes = generate_route_list(sso_auth_axum::App); + + // We create our client using provided environment variables. + let client = oauth2::basic::BasicClient::new( + oauth2::ClientId::new(std::env::var("G_AUTH_CLIENT_ID").expect("G_AUTH_CLIENT Env var to be set.")), + Some(oauth2::ClientSecret::new(std::env::var("G_AUTH_SECRET").expect("G_AUTH_SECRET Env var to be set"))), + oauth2::AuthUrl::new( + "https://accounts.google.com/o/oauth2/v2/auth".to_string(), + ) + .unwrap(), + Some( + oauth2::TokenUrl::new("https://oauth2.googleapis.com/token".to_string()) + .unwrap(), + ), + ) + .set_redirect_uri(oauth2::RedirectUrl::new(std::env::var("REDIRECT_URL").expect("REDIRECT_URL Env var to be set")).unwrap()); + + + let app_state = AppState{ + leptos_options, + pool: pool.clone(), + client, + }; + + // build our application with a route + let app = Router::new() + .route("/api/*fn_name", get(server_fn_handler).post(server_fn_handler)) + .leptos_routes_with_handler(routes, get(leptos_routes_handler) ) + .fallback(file_and_error_handler) + .layer(AuthSessionLayer::<User, i64, SessionSqlitePool, SqlitePool>::new(Some(pool.clone())) + .with_config(auth_config)) + .layer(SessionLayer::new(session_store)) + .with_state(app_state); + + // run our app with hyper + // `axum::Server` is a re-export of `hyper::Server` + log!("listening on http://{}", &addr); + axum::Server::bind(&addr) + .serve(app.into_make_service()) + .await + .unwrap(); + } +} + + // client-only stuff for Trunk + else { + pub fn main() { + // This example cannot be built as a trunk standalone CSR-only app. + // Only the server may directly connect to the database. + } + } +} diff --git a/examples/sso_auth_axum/src/sign_in_sign_up.rs b/examples/sso_auth_axum/src/sign_in_sign_up.rs new file mode 100644 index 0000000000..1ce73e1ece --- /dev/null +++ b/examples/sso_auth_axum/src/sign_in_sign_up.rs @@ -0,0 +1,208 @@ +use super::*; + +cfg_if! { + if #[cfg(feature="ssr")]{ + use oauth2::{ + AuthorizationCode, + TokenResponse, + reqwest::async_http_client, + CsrfToken, + Scope, + }; + use serde_json::Value; + use crate::{ + auth::{User,SqlCsrfToken}, + state::AppState + }; + } +} +#[server] +pub async fn google_sso() -> Result<String, ServerFnError> { + let oauth_client = expect_context::<AppState>().client; + let pool = pool()?; + + // We get the authorization URL and CSRF_TOKEN + let (authorize_url, csrf_token) = oauth_client + .authorize_url(CsrfToken::new_random) + .add_scope(Scope::new("openid".to_string())) + .add_scope(Scope::new("email".to_string())) + // required for google auth refresh token to be part of the response. + .add_extra_param("access_type", "offline") + .add_extra_param("prompt", "consent") + .url(); + let url = authorize_url.to_string(); + leptos::logging::log!("{url:?}"); + // Store the CSRF_TOKEN in our sqlite db. + sqlx::query("INSERT INTO csrf_tokens (csrf_token) VALUES (?)") + .bind(csrf_token.secret()) + .execute(&pool) + .await + .map(|_| ())?; + + // Send the url to the client. + Ok(url) +} + +#[component] +pub fn SignIn() -> impl IntoView { + let g_auth = Action::<GoogleSso, _>::server(); + + create_effect(move |_| { + if let Some(Ok(redirect)) = g_auth.value().get() { + window().location().set_href(&redirect).unwrap(); + } + }); + + view! { + <div style=" + display:flex; + flex-direction: column; + justify-content: center; + align-items: center; + "> + <div> {"Sign Up Sign In"} </div> + <button style="display:flex;" on:click=move|_| g_auth.dispatch(GoogleSso{})> + <svg style="width:2rem;" version="1.1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 48 48" xmlns:xlink="http://www.w3.org/1999/xlink" style="display: block;"> + <path fill="#EA4335" d="M24 9.5c3.54 0 6.71 1.22 9.21 3.6l6.85-6.85C35.9 2.38 30.47 0 24 0 14.62 0 6.51 5.38 2.56 13.22l7.98 6.19C12.43 13.72 17.74 9.5 24 9.5z"></path> + <path fill="#4285F4" d="M46.98 24.55c0-1.57-.15-3.09-.38-4.55H24v9.02h12.94c-.58 2.96-2.26 5.48-4.78 7.18l7.73 6c4.51-4.18 7.09-10.36 7.09-17.65z"></path> + <path fill="#FBBC05" d="M10.53 28.59c-.48-1.45-.76-2.99-.76-4.59s.27-3.14.76-4.59l-7.98-6.19C.92 16.46 0 20.12 0 24c0 3.88.92 7.54 2.56 10.78l7.97-6.19z"></path> + <path fill="#34A853" d="M24 48c6.48 0 11.93-2.13 15.89-5.81l-7.73-6c-2.15 1.45-4.92 2.3-8.16 2.3-6.26 0-11.57-4.22-13.47-9.91l-7.98 6.19C6.51 42.62 14.62 48 24 48z"></path> + <path fill="none" d="M0 0h48v48H0z"></path> + </svg> + <span style="margin-left:0.5rem;">"Sign in with Google"</span> + </button> + </div> + } +} + +#[server] +pub async fn handle_g_auth_redirect( + provided_csrf: String, + code: String, +) -> Result<(String, u64), ServerFnError> { + let oauth_client = expect_context::<AppState>().client; + let pool = pool()?; + let auth_session = auth()?; + // If there's no match we'll return an error. + let _ = sqlx::query_as::<_, SqlCsrfToken>( + "SELECT csrf_token FROM csrf_tokens WHERE csrf_token = ?", + ) + .bind(provided_csrf) + .fetch_one(&pool) + .await + .map_err(|err| { + ServerFnError::ServerError(format!("CSRF_TOKEN error : {err:?}")) + })?; + + let token_response = oauth_client + .exchange_code(AuthorizationCode::new(code.clone())) + .request_async(async_http_client) + .await?; + leptos::logging::log!("{:?}", &token_response); + let access_token = token_response.access_token().secret(); + let expires_in = token_response.expires_in().unwrap().as_secs(); + let refresh_secret = token_response.refresh_token().unwrap().secret(); + let user_info_url = "https://www.googleapis.com/oauth2/v3/userinfo"; + let client = reqwest::Client::new(); + let response = client + .get(user_info_url) + .bearer_auth(access_token) + .send() + .await?; + + let email = if response.status().is_success() { + let response_json: Value = response.json().await?; + leptos::logging::log!("{response_json:?}"); + response_json["email"] + .as_str() + .expect("email to parse to string") + .to_string() + } else { + return Err(ServerFnError::ServerError(format!( + "Response from google has status of {}", + response.status() + ))); + }; + + let user = if let Some(user) = User::get_from_email(&email, &pool).await { + user + } else { + sqlx::query("INSERT INTO users (email) VALUES (?)") + .bind(&email) + .execute(&pool) + .await?; + User::get_from_email(&email, &pool).await.unwrap() + }; + + auth_session.login_user(user.id); + + sqlx::query("DELETE FROM google_tokens WHERE user_id == ?") + .bind(user.id) + .execute(&pool) + .await?; + + sqlx::query( + "INSERT INTO google_tokens (user_id,access_secret,refresh_secret) \ + VALUES (?,?,?)", + ) + .bind(user.id) + .bind(access_token) + .bind(refresh_secret) + .execute(&pool) + .await?; + + Ok((user.email, expires_in as u64)) +} + +#[derive(Params, Debug, PartialEq, Clone)] +pub struct OAuthParams { + pub code: Option<String>, + pub state: Option<String>, +} + +#[component] +pub fn HandleGAuth() -> impl IntoView { + let handle_g_auth_redirect = Action::<HandleGAuthRedirect, _>::server(); + + let query = use_query::<OAuthParams>(); + let navigate = leptos_router::use_navigate(); + let rw_email = expect_context::<Email>().0; + let rw_expires_in = expect_context::<ExpiresIn>().0; + create_effect(move |_| { + if let Some(Ok((email, expires_in))) = + handle_g_auth_redirect.value().get() + { + rw_email.set(Some(email)); + rw_expires_in.set(expires_in); + navigate("/", NavigateOptions::default()); + } + }); + + create_effect(move |_| { + if let Ok(OAuthParams { code, state }) = query.get_untracked() { + handle_g_auth_redirect.dispatch(HandleGAuthRedirect { + provided_csrf: state.unwrap(), + code: code.unwrap(), + }); + } else { + leptos::logging::log!("error parsing oauth params"); + } + }); + view! {} +} + +#[server] +pub async fn logout() -> Result<(), ServerFnError> { + let auth = auth()?; + auth.logout_user(); + leptos_axum::redirect("/"); + Ok(()) +} + +#[component] +pub fn LogOut() -> impl IntoView { + let log_out = create_server_action::<Logout>(); + view! { + <button on:click=move|_|log_out.dispatch(Logout{})>{"log out"}</button> + } +} diff --git a/examples/sso_auth_axum/src/state.rs b/examples/sso_auth_axum/src/state.rs new file mode 100644 index 0000000000..27bad673b1 --- /dev/null +++ b/examples/sso_auth_axum/src/state.rs @@ -0,0 +1,18 @@ +use cfg_if::cfg_if; + +cfg_if! { + if #[cfg(feature = "ssr")] { +use leptos::LeptosOptions; +use sqlx::SqlitePool; +use axum::extract::FromRef; + +/// This takes advantage of Axum's SubStates feature by deriving FromRef. This is the only way to have more than one +/// item in Axum's State. Leptos requires you to have leptosOptions in your State struct for the leptos route handlers +#[derive(FromRef, Debug, Clone)] +pub struct AppState{ + pub leptos_options: LeptosOptions, + pub pool: SqlitePool, + pub client:oauth2::basic::BasicClient, +} + } +} diff --git a/examples/sso_auth_axum/sso.db b/examples/sso_auth_axum/sso.db new file mode 100644 index 0000000000..e69de29bb2 diff --git a/examples/sso_auth_axum/style.css b/examples/sso_auth_axum/style.css new file mode 100644 index 0000000000..853278d988 --- /dev/null +++ b/examples/sso_auth_axum/style.css @@ -0,0 +1,7 @@ +.pending { + color: purple; +} + +a { + color: black; +} \ No newline at end of file From 3a5730800ca1a962dd89460cca1b72239ab46656 Mon Sep 17 00:00:00 2001 From: Greg Johnston <greg.johnston@gmail.com> Date: Mon, 15 Jan 2024 17:10:49 -0500 Subject: [PATCH 2/5] `v0.5.5` --- Cargo.toml | 28 ++++++++++++++-------------- integrations/axum/src/lib.rs | 2 +- meta/Cargo.toml | 2 +- router/Cargo.toml | 2 +- 4 files changed, 17 insertions(+), 17 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index c044ac8cce..d73eab9b81 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -26,22 +26,22 @@ members = [ exclude = ["benchmarks", "examples"] [workspace.package] -version = "0.5.4" +version = "0.5.5" [workspace.dependencies] -leptos = { path = "./leptos", version = "0.5.4" } -leptos_dom = { path = "./leptos_dom", version = "0.5.4" } -leptos_hot_reload = { path = "./leptos_hot_reload", version = "0.5.4" } -leptos_macro = { path = "./leptos_macro", version = "0.5.4" } -leptos_reactive = { path = "./leptos_reactive", version = "0.5.4" } -leptos_server = { path = "./leptos_server", version = "0.5.4" } -server_fn = { path = "./server_fn", version = "0.5.4" } -server_fn_macro = { path = "./server_fn_macro", version = "0.5.4" } -server_fn_macro_default = { path = "./server_fn/server_fn_macro_default", version = "0.5.4" } -leptos_config = { path = "./leptos_config", version = "0.5.4" } -leptos_router = { path = "./router", version = "0.5.4" } -leptos_meta = { path = "./meta", version = "0.5.4" } -leptos_integration_utils = { path = "./integrations/utils", version = "0.5.4" } +leptos = { path = "./leptos", version = "0.5.5" } +leptos_dom = { path = "./leptos_dom", version = "0.5.5" } +leptos_hot_reload = { path = "./leptos_hot_reload", version = "0.5.5" } +leptos_macro = { path = "./leptos_macro", version = "0.5.5" } +leptos_reactive = { path = "./leptos_reactive", version = "0.5.5" } +leptos_server = { path = "./leptos_server", version = "0.5.5" } +server_fn = { path = "./server_fn", version = "0.5.5" } +server_fn_macro = { path = "./server_fn_macro", version = "0.5.5" } +server_fn_macro_default = { path = "./server_fn/server_fn_macro_default", version = "0.5.5" } +leptos_config = { path = "./leptos_config", version = "0.5.5" } +leptos_router = { path = "./router", version = "0.5.5" } +leptos_meta = { path = "./meta", version = "0.5.5" } +leptos_integration_utils = { path = "./integrations/utils", version = "0.5.5" } [profile.release] codegen-units = 1 diff --git a/integrations/axum/src/lib.rs b/integrations/axum/src/lib.rs index 7a953b2780..841e1555a8 100644 --- a/integrations/axum/src/lib.rs +++ b/integrations/axum/src/lib.rs @@ -7,7 +7,7 @@ //! To run in this environment, you need to disable the default feature set and enable //! the `wasm` feature on `leptos_axum` in your `Cargo.toml`. //! ```toml -//! leptos_axum = { version = "0.5.4", default-features = false, features = ["wasm"] } +//! leptos_axum = { version = "0.5.5", default-features = false, features = ["wasm"] } //! ``` //! //! ## Features diff --git a/meta/Cargo.toml b/meta/Cargo.toml index 29e4882bef..ca8bad4e77 100644 --- a/meta/Cargo.toml +++ b/meta/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "leptos_meta" -version = "0.5.4" +version = "0.5.5" edition = "2021" authors = ["Greg Johnston"] license = "MIT" diff --git a/router/Cargo.toml b/router/Cargo.toml index 4a6d0c4fd0..af32723ddf 100644 --- a/router/Cargo.toml +++ b/router/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "leptos_router" -version = "0.5.4" +version = "0.5.5" edition = "2021" authors = ["Greg Johnston"] license = "MIT" From 44db400f6bd1bc6a196f372e101c38567bf9e7ac Mon Sep 17 00:00:00 2001 From: Greg Johnston <greg.johnston@gmail.com> Date: Mon, 15 Jan 2024 17:11:50 -0500 Subject: [PATCH 3/5] chore: fix spin-sdk dependency --- leptos_reactive/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/leptos_reactive/Cargo.toml b/leptos_reactive/Cargo.toml index 981fde5742..6abd639344 100644 --- a/leptos_reactive/Cargo.toml +++ b/leptos_reactive/Cargo.toml @@ -26,7 +26,7 @@ bytecheck = { version = "0.7", features = [ rustc-hash = "1" serde-wasm-bindgen = "0.5" serde_json = "1" -spin-sdk = { git = "https://github.com/fermyon/spin", tag = "v2.0.1", optional = true } +spin-sdk = { version = "2", optional = true } base64 = "0.21" thiserror = "1" tokio = { version = "1", features = [ From 3f34d9bb23a180abd083b059d7d796994442682c Mon Sep 17 00:00:00 2001 From: Greg Johnston <greg.johnston@gmail.com> Date: Tue, 16 Jan 2024 15:31:29 -0500 Subject: [PATCH 4/5] fix: doc comments breaking server functions (closes #2190) (#2191) --- server_fn_macro/src/lib.rs | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/server_fn_macro/src/lib.rs b/server_fn_macro/src/lib.rs index 949ff2a0cb..18f8a36d29 100644 --- a/server_fn_macro/src/lib.rs +++ b/server_fn_macro/src/lib.rs @@ -351,6 +351,7 @@ pub fn server_macro_impl( } struct ServerFnName { + _attrs: Vec<Attribute>, struct_name: Ident, _comma: Option<Token![,]>, prefix: Option<Literal>, @@ -362,6 +363,7 @@ struct ServerFnName { impl Parse for ServerFnName { fn parse(input: ParseStream) -> syn::Result<Self> { + let _attrs: Vec<Attribute> = input.call(Attribute::parse_outer)?; let struct_name = input.parse()?; let _comma = input.parse()?; let prefix = input.parse()?; @@ -382,6 +384,7 @@ impl Parse for ServerFnName { let fn_path = input.parse()?; Ok(Self { + _attrs, struct_name, _comma, prefix, @@ -412,7 +415,7 @@ struct ServerFnBody { /// The custom rusty variant of parsing rsx! impl Parse for ServerFnBody { fn parse(input: ParseStream) -> Result<Self> { - let attrs: Vec<Attribute> = input.call(Attribute::parse_outer)?; + let mut attrs: Vec<Attribute> = input.call(Attribute::parse_outer)?; let vis: Visibility = input.parse()?; let async_token = input.parse()?; @@ -452,6 +455,12 @@ impl Parse for ServerFnBody { Some((value.unwrap_or_default(), attr.path.span())) }) .collect(); + attrs.retain(|attr| { + let Meta::NameValue(attr) = &attr.meta else { + return true; + }; + !attr.path.is_ident("doc") + }); Ok(Self { vis, From 98f18e7c314de699aa3225d54334a052a22f67b8 Mon Sep 17 00:00:00 2001 From: benwis <ben@celcyon.com> Date: Tue, 16 Jan 2024 16:57:07 -0800 Subject: [PATCH 5/5] release: version 0.5.6 --- .gitignore | 3 ++- Cargo.toml | 28 ++++++++++++++-------------- integrations/axum/src/lib.rs | 2 +- meta/Cargo.toml | 2 +- router/Cargo.toml | 2 +- 5 files changed, 19 insertions(+), 18 deletions(-) diff --git a/.gitignore b/.gitignore index fe4ef4e5f4..8f263967ba 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,5 @@ Cargo.lock .direnv .envrc -.vscode \ No newline at end of file +.vscode +vendor \ No newline at end of file diff --git a/Cargo.toml b/Cargo.toml index d73eab9b81..a700ed41c8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -26,22 +26,22 @@ members = [ exclude = ["benchmarks", "examples"] [workspace.package] -version = "0.5.5" +version = "0.5.6" [workspace.dependencies] -leptos = { path = "./leptos", version = "0.5.5" } -leptos_dom = { path = "./leptos_dom", version = "0.5.5" } -leptos_hot_reload = { path = "./leptos_hot_reload", version = "0.5.5" } -leptos_macro = { path = "./leptos_macro", version = "0.5.5" } -leptos_reactive = { path = "./leptos_reactive", version = "0.5.5" } -leptos_server = { path = "./leptos_server", version = "0.5.5" } -server_fn = { path = "./server_fn", version = "0.5.5" } -server_fn_macro = { path = "./server_fn_macro", version = "0.5.5" } -server_fn_macro_default = { path = "./server_fn/server_fn_macro_default", version = "0.5.5" } -leptos_config = { path = "./leptos_config", version = "0.5.5" } -leptos_router = { path = "./router", version = "0.5.5" } -leptos_meta = { path = "./meta", version = "0.5.5" } -leptos_integration_utils = { path = "./integrations/utils", version = "0.5.5" } +leptos = { path = "./leptos", version = "0.5.6" } +leptos_dom = { path = "./leptos_dom", version = "0.5.6" } +leptos_hot_reload = { path = "./leptos_hot_reload", version = "0.5.6" } +leptos_macro = { path = "./leptos_macro", version = "0.5.6" } +leptos_reactive = { path = "./leptos_reactive", version = "0.5.6" } +leptos_server = { path = "./leptos_server", version = "0.5.6" } +server_fn = { path = "./server_fn", version = "0.5.6" } +server_fn_macro = { path = "./server_fn_macro", version = "0.5.6" } +server_fn_macro_default = { path = "./server_fn/server_fn_macro_default", version = "0.5.6" } +leptos_config = { path = "./leptos_config", version = "0.5.6" } +leptos_router = { path = "./router", version = "0.5.6" } +leptos_meta = { path = "./meta", version = "0.5.6" } +leptos_integration_utils = { path = "./integrations/utils", version = "0.5.6" } [profile.release] codegen-units = 1 diff --git a/integrations/axum/src/lib.rs b/integrations/axum/src/lib.rs index 841e1555a8..26baee5b08 100644 --- a/integrations/axum/src/lib.rs +++ b/integrations/axum/src/lib.rs @@ -7,7 +7,7 @@ //! To run in this environment, you need to disable the default feature set and enable //! the `wasm` feature on `leptos_axum` in your `Cargo.toml`. //! ```toml -//! leptos_axum = { version = "0.5.5", default-features = false, features = ["wasm"] } +//! leptos_axum = { version = "", default-features = false, features = ["wasm"] } //! ``` //! //! ## Features diff --git a/meta/Cargo.toml b/meta/Cargo.toml index ca8bad4e77..839556fb5c 100644 --- a/meta/Cargo.toml +++ b/meta/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "leptos_meta" -version = "0.5.5" +version = "0.5.6" edition = "2021" authors = ["Greg Johnston"] license = "MIT" diff --git a/router/Cargo.toml b/router/Cargo.toml index af32723ddf..eac94b1959 100644 --- a/router/Cargo.toml +++ b/router/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "leptos_router" -version = "0.5.5" +version = "0.5.6" edition = "2021" authors = ["Greg Johnston"] license = "MIT"