policy: define custom errors and ditch anyhow

crates/handlers/src/oauth2/authorization/complete.rs

@@ -14,7 +14,6 @@
 
 use std::sync::Arc;
 
-use anyhow::anyhow;
 use axum::{
     extract::{Path, State},
     response::{IntoResponse, Response},
@@ -44,10 +43,6 @@ pub enum RouteError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
 
-    // TODO: remove this one: needed because mas_policy returns errors from anyhow
-    #[error(transparent)]
-    Anyhow(#[from] anyhow::Error),
-
     #[error("authorization grant was not found")]
     NotFound,
 
@@ -67,9 +62,6 @@ impl IntoResponse for RouteError {
                 "authorization grant not in a pending state",
             )
                 .into_response(),
-            RouteError::Anyhow(e) => {
-                (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response()
-            }
             RouteError::Internal(e) => {
                 (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response()
             }
@@ -79,6 +71,9 @@ impl IntoResponse for RouteError {
 
 impl_from_error_for_route!(sqlx::Error);
 impl_from_error_for_route!(mas_storage::DatabaseError);
+impl_from_error_for_route!(mas_policy::LoadError);
+impl_from_error_for_route!(mas_policy::InstanciateError);
+impl_from_error_for_route!(mas_policy::EvaluationError);
 impl_from_error_for_route!(super::callback::IntoCallbackDestinationError);
 impl_from_error_for_route!(super::callback::CallbackDestinationError);
 
@@ -126,7 +121,6 @@ pub(crate) async fn get(
         }
         Err(GrantCompletionError::NotPending) => Err(RouteError::NotPending),
         Err(GrantCompletionError::Internal(e)) => Err(RouteError::Internal(e)),
-        Err(GrantCompletionError::Anyhow(e)) => Err(RouteError::Anyhow(e)),
     }
 }
 
@@ -135,9 +129,6 @@ pub enum GrantCompletionError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
 
-    #[error(transparent)]
-    Anyhow(#[from] anyhow::Error),
-
     #[error("authorization grant is not in a pending state")]
     NotPending,
 
@@ -154,6 +145,9 @@ pub enum GrantCompletionError {
 impl_from_error_for_route!(GrantCompletionError: sqlx::Error);
 impl_from_error_for_route!(GrantCompletionError: mas_storage::DatabaseError);
 impl_from_error_for_route!(GrantCompletionError: super::callback::IntoCallbackDestinationError);
+impl_from_error_for_route!(GrantCompletionError: mas_policy::LoadError);
+impl_from_error_for_route!(GrantCompletionError: mas_policy::InstanciateError);
+impl_from_error_for_route!(GrantCompletionError: mas_policy::EvaluationError);
 
 pub(crate) async fn complete(
     grant: AuthorizationGrant,
@@ -214,7 +208,9 @@ pub(crate) async fn complete(
     // Did they request an ID token?
     if grant.response_type_id_token {
         // TODO
-        return Err(anyhow!("id tokens are not implemented yet").into());
+        return Err(GrantCompletionError::Internal(
+            "ID tokens are not implemented yet".into(),
+        ));
     }
 
     txn.commit().await?;

crates/handlers/src/oauth2/authorization/mod.rs

@@ -14,7 +14,6 @@
 
 use std::sync::Arc;
 
-use anyhow::{anyhow, Context};
 use axum::{
     extract::{Form, State},
     response::{IntoResponse, Response},
@@ -52,13 +51,12 @@ pub enum RouteError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
 
-    // TODO: remove this one
-    #[error(transparent)]
-    Anyhow(#[from] anyhow::Error),
-
     #[error("could not find client")]
     ClientNotFound,
 
+    #[error("invalid response mode")]
+    InvalidResponseMode,
+
     #[error("invalid parameters")]
     IntoCallbackDestination(#[from] self::callback::IntoCallbackDestinationError),
 
@@ -73,12 +71,12 @@ impl IntoResponse for RouteError {
             RouteError::Internal(e) => {
                 (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response()
             }
-            RouteError::Anyhow(e) => {
-                (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response()
-            }
             RouteError::ClientNotFound => {
                 (StatusCode::BAD_REQUEST, "could not find client").into_response()
             }
+            RouteError::InvalidResponseMode => {
+                (StatusCode::BAD_REQUEST, "invalid response mode").into_response()
+            }
             RouteError::IntoCallbackDestination(e) => {
                 (StatusCode::BAD_REQUEST, e.to_string()).into_response()
             }
@@ -94,6 +92,9 @@ impl IntoResponse for RouteError {
 impl_from_error_for_route!(sqlx::Error);
 impl_from_error_for_route!(mas_storage::DatabaseError);
 impl_from_error_for_route!(self::callback::CallbackDestinationError);
+impl_from_error_for_route!(mas_policy::LoadError);
+impl_from_error_for_route!(mas_policy::InstanciateError);
+impl_from_error_for_route!(mas_policy::EvaluationError);
 
 #[derive(Deserialize)]
 pub(crate) struct Params {
@@ -110,7 +111,7 @@ pub(crate) struct Params {
 fn resolve_response_mode(
     response_type: &ResponseType,
     suggested_response_mode: Option<ResponseMode>,
-) -> anyhow::Result<ResponseMode> {
+) -> Result<ResponseMode, RouteError> {
     use ResponseMode as M;
 
     // If the response type includes either "token" or "id_token", the default
@@ -119,7 +120,7 @@ fn resolve_response_mode(
     if response_type.has_token() || response_type.has_id_token() {
         match suggested_response_mode {
             None => Ok(M::Fragment),
-            Some(M::Query) => Err(anyhow!("invalid response mode")),
+            Some(M::Query) => Err(RouteError::InvalidResponseMode),
             Some(mode) => Ok(mode),
         }
     } else {
@@ -166,10 +167,7 @@ pub(crate) async fn get(
         let templates = templates.clone();
         let callback_destination = callback_destination.clone();
         async move {
-            let maybe_session = session_info
-                .load_session(&mut txn)
-                .await
-                .context("failed to load browser session")?;
+            let maybe_session = session_info.load_session(&mut txn).await?;
             let prompt = params.auth.prompt.as_deref().unwrap_or_default();
 
             // Check if the request/request_uri/registration params are used. If so, reply
@@ -356,13 +354,12 @@ pub(crate) async fn get(
                                 .go(&templates, ClientError::from(ClientErrorCode::AccessDenied))
                                 .await?
                         }
-                        Err(GrantCompletionError::Anyhow(a)) => return Err(RouteError::Anyhow(a)),
                         Err(GrantCompletionError::Internal(e)) => {
                             return Err(RouteError::Internal(e))
                         }
-                        Err(GrantCompletionError::NotPending) => {
+                        Err(e @ GrantCompletionError::NotPending) => {
                             // This should never happen
-                            return Err(anyhow!("authorization grant is not pending").into());
+                            return Err(RouteError::Internal(Box::new(e)));
                         }
                     }
                 }
@@ -387,13 +384,12 @@ pub(crate) async fn get(
                                 .go()
                                 .into_response()
                         }
-                        Err(GrantCompletionError::Anyhow(a)) => return Err(RouteError::Anyhow(a)),
                         Err(GrantCompletionError::Internal(e)) => {
                             return Err(RouteError::Internal(e))
                         }
-                        Err(GrantCompletionError::NotPending) => {
+                        Err(e @ GrantCompletionError::NotPending) => {
                             // This should never happen
-                            return Err(anyhow!("authorization grant is not pending").into());
+                            return Err(RouteError::Internal(Box::new(e)));
                         }
                     }
                 }

crates/handlers/src/oauth2/consent.rs

@@ -44,10 +44,6 @@ pub enum RouteError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync>),
 
-    // TODO: remove this one, needed because of mas_policy
-    #[error(transparent)]
-    Anyhow(#[from] anyhow::Error),
-
     #[error(transparent)]
     Csrf(#[from] mas_axum_utils::csrf::CsrfError),
 
@@ -64,6 +60,9 @@ pub enum RouteError {
 impl_from_error_for_route!(sqlx::Error);
 impl_from_error_for_route!(mas_templates::TemplateError);
 impl_from_error_for_route!(mas_storage::DatabaseError);
+impl_from_error_for_route!(mas_policy::LoadError);
+impl_from_error_for_route!(mas_policy::InstanciateError);
+impl_from_error_for_route!(mas_policy::EvaluationError);
 
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {

crates/handlers/src/oauth2/registration.rs

@@ -39,10 +39,6 @@ pub(crate) enum RouteError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync>),
 
-    // TODO: remove this, needed because of mas_policy
-    #[error(transparent)]
-    Anyhow(#[from] anyhow::Error),
-
     #[error("invalid redirect uri")]
     InvalidRedirectUri,
 
@@ -54,6 +50,10 @@ pub(crate) enum RouteError {
 }
 
 impl_from_error_for_route!(sqlx::Error);
+impl_from_error_for_route!(mas_policy::LoadError);
+impl_from_error_for_route!(mas_policy::InstanciateError);
+impl_from_error_for_route!(mas_policy::EvaluationError);
+impl_from_error_for_route!(mas_keystore::aead::Error);
 
 impl From<ClientMetadataVerificationError> for RouteError {
     fn from(e: ClientMetadataVerificationError) -> Self {
@@ -70,7 +70,7 @@ impl From<ClientMetadataVerificationError> for RouteError {
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {
         match self {
-            Self::Internal(_) | Self::Anyhow(_) => (
+            Self::Internal(_) => (
                 StatusCode::INTERNAL_SERVER_ERROR,
                 Json(ClientError::from(ClientErrorCode::ServerError)),
             )