Add a global HTTP client factory

crates/handlers/src/upstream_oauth2/authorize.rs

@@ -18,6 +18,7 @@ use axum::{
 };
 use axum_extra::extract::{cookie::Cookie, PrivateCookieJar};
 use hyper::StatusCode;
+use mas_axum_utils::http_client_factory::HttpClientFactory;
 use mas_http::ClientInitError;
 use mas_keystore::Encrypter;
 use mas_oidc_client::{
@@ -30,8 +31,6 @@ use sqlx::PgPool;
 use thiserror::Error;
 use ulid::Ulid;
 
-use super::http_service;
-
 #[derive(Debug, Error)]
 pub(crate) enum RouteError {
     #[error("Provider not found")]
@@ -89,6 +88,7 @@ impl IntoResponse for RouteError {
 }
 
 pub(crate) async fn get(
+    State(http_client_factory): State<HttpClientFactory>,
     State(pool): State<PgPool>,
     State(url_builder): State<UrlBuilder>,
     cookie_jar: PrivateCookieJar<Encrypter>,
@@ -103,7 +103,9 @@ pub(crate) async fn get(
         .to_option()?
         .ok_or(RouteError::ProviderNotFound)?;
 
-    let http_service = http_service("upstream-discover").await?;
+    let http_service = http_client_factory
+        .http_service("upstream-discover")
+        .await?;
 
     // First, discover the provider
     let metadata =

crates/handlers/src/upstream_oauth2/callback.rs

@@ -19,6 +19,7 @@ use axum::{
 };
 use axum_extra::extract::PrivateCookieJar;
 use hyper::StatusCode;
+use mas_axum_utils::http_client_factory::HttpClientFactory;
 use mas_http::ClientInitError;
 use mas_keystore::{Encrypter, Keystore};
 use mas_oidc_client::{
@@ -33,7 +34,7 @@ use sqlx::PgPool;
 use thiserror::Error;
 use ulid::Ulid;
 
-use super::{client_credentials_for_provider, http_service, ProviderCredentialsError};
+use super::{client_credentials_for_provider, ProviderCredentialsError};
 
 #[derive(Deserialize)]
 pub struct QueryParams {
@@ -144,8 +145,9 @@ impl IntoResponse for RouteError {
     }
 }
 
-#[allow(clippy::too_many_lines)]
+#[allow(clippy::too_many_lines, clippy::too_many_arguments)]
 pub(crate) async fn get(
+    State(http_client_factory): State<HttpClientFactory>,
     State(pool): State<PgPool>,
     State(url_builder): State<UrlBuilder>,
     State(encrypter): State<Encrypter>,
@@ -195,13 +197,19 @@ pub(crate) async fn get(
         CodeOrError::Code { code } => code,
     };
 
-    let http_service = http_service("upstream-code-exchange").await?;
+    let http_service = http_client_factory
+        .http_service("upstream-discover")
+        .await?;
 
     // XXX: we shouldn't discover on-the-fly
     // Discover the provider
     let metadata =
         mas_oidc_client::requests::discovery::discover(&http_service, &provider.issuer).await?;
 
+    let http_service = http_client_factory
+        .http_service("upstream-fetch-jwks")
+        .await?;
+
     // Fetch the JWKS
     let jwks =
         mas_oidc_client::requests::jose::fetch_jwks(&http_service, metadata.jwks_uri()).await?;
@@ -231,6 +239,10 @@ pub(crate) async fn get(
         client_id: &provider.client_id,
     };
 
+    let http_service = http_client_factory
+        .http_service("upstream-exchange-code")
+        .await?;
+
     let (response, _id_token) =
         mas_oidc_client::requests::authorization_code::access_token_with_authorization_code(
             &http_service,

crates/handlers/src/upstream_oauth2/mod.rs

@@ -13,17 +13,11 @@
 // limitations under the License.
 
 use anyhow::Context;
-use axum::body::Full;
 use mas_data_model::UpstreamOAuthProvider;
-use mas_http::{BodyToBytesResponseLayer, ClientInitError, ClientLayer, HttpService};
 use mas_iana::{jose::JsonWebSignatureAlg, oauth::OAuthClientAuthenticationMethod};
 use mas_keystore::{Encrypter, Keystore};
 use mas_oidc_client::types::client_credentials::{ClientCredentials, JwtSigningMethod};
 use thiserror::Error;
-use tower::{
-    util::{MapErrLayer, MapRequestLayer},
-    BoxError, Layer,
-};
 use url::Url;
 
 pub(crate) mod authorize;
@@ -101,15 +95,3 @@ fn client_credentials_for_provider(
 
     Ok(client_credentials)
 }
-
-async fn http_service(operation: &'static str) -> Result<HttpService, ClientInitError> {
-    let client = (
-        MapErrLayer::new(BoxError::from),
-        MapRequestLayer::new(|req: hyper::Request<_>| req.map(Full::new)),
-        BodyToBytesResponseLayer::default(),
-        ClientLayer::new(operation),
-    )
-        .layer(mas_http::make_untraced_client().await?);
-
-    Ok(HttpService::new(client))
-}