diff --git a/crates/cli/src/telemetry.rs b/crates/cli/src/telemetry.rs index 40f67e88..bcae30be 100644 --- a/crates/cli/src/telemetry.rs +++ b/crates/cli/src/telemetry.rs @@ -40,7 +40,7 @@ pub fn setup(config: &TelemetryConfig) -> anyhow::Result> { // The CORS filter needs to know what headers it should whitelist for // CORS-protected requests. - mas_core::filters::cors::set_propagator(&propagator); + mas_core::set_propagator(&propagator); global::set_text_map_propagator(propagator); let tracer = tracer(&config.tracing.exporter)?; diff --git a/crates/core/src/errors.rs b/crates/core/src/errors.rs index 5eb7d5ba..70f94c5e 100644 --- a/crates/core/src/errors.rs +++ b/crates/core/src/errors.rs @@ -15,15 +15,15 @@ use warp::{reject::Reject, Rejection}; #[derive(Debug)] -pub struct WrappedError(anyhow::Error); +pub(crate) struct WrappedError(anyhow::Error); impl warp::reject::Reject for WrappedError {} -pub fn wrapped_error>(e: T) -> impl Reject { +pub(crate) fn wrapped_error>(e: T) -> impl Reject { WrappedError(e.into()) } -pub trait WrapError { +pub(crate) trait WrapError { fn wrap_error(self) -> Result; } diff --git a/crates/core/src/filters/authenticate.rs b/crates/core/src/filters/authenticate.rs index e19482d8..d125f6f3 100644 --- a/crates/core/src/filters/authenticate.rs +++ b/crates/core/src/filters/authenticate.rs @@ -55,14 +55,6 @@ pub enum AuthenticationError { #[error("unknown token")] TokenNotFound(#[source] AccessTokenLookupError), - /// The access token is no longer active - #[error("token is not active")] - TokenInactive, - - /// The access token expired - #[error("token expired")] - TokenExpired, - /// The `Authorization` header is missing #[error("missing authorization header")] MissingAuthorizationHeader, diff --git a/crates/core/src/filters/client.rs b/crates/core/src/filters/client.rs index 5a77707d..25140bb6 100644 --- a/crates/core/src/filters/client.rs +++ b/crates/core/src/filters/client.rs @@ -22,6 +22,7 @@ use jwt_compact::{ alg::{Hs256, Hs256Key, Hs384, Hs384Key, Hs512, Hs512Key}, Algorithm, AlgorithmExt, AlgorithmSignature, TimeOptions, Token, UntrustedToken, }; +use mas_config::{OAuth2ClientConfig, OAuth2Config}; use oauth2_types::requests::ClientAuthenticationMethod; use serde::{de::DeserializeOwned, Deserialize, Serialize}; use serde_with::skip_serializing_none; @@ -29,10 +30,7 @@ use thiserror::Error; use warp::{reject::Reject, Filter, Rejection}; use super::headers::typed_header; -use crate::{ - config::{OAuth2ClientConfig, OAuth2Config}, - errors::WrapError, -}; +use crate::errors::WrapError; /// Protect an enpoint with client authentication #[must_use] diff --git a/crates/core/src/filters/cookies.rs b/crates/core/src/filters/cookies.rs index f23d1bb6..c547816b 100644 --- a/crates/core/src/filters/cookies.rs +++ b/crates/core/src/filters/cookies.rs @@ -23,6 +23,7 @@ use chacha20poly1305::{ use cookie::{Cookie, SameSite}; use data_encoding::BASE64URL_NOPAD; use headers::{Header, HeaderValue, SetCookie}; +use mas_config::CookiesConfig; use serde::{de::DeserializeOwned, Deserialize, Serialize}; use thiserror::Error; use warp::{ @@ -32,7 +33,6 @@ use warp::{ use super::none_on_error; use crate::{ - config::CookiesConfig, errors::WrapError, reply::{with_typed_header, WithTypedHeader}, }; diff --git a/crates/core/src/filters/csrf.rs b/crates/core/src/filters/csrf.rs index 2cf84af5..289a905d 100644 --- a/crates/core/src/filters/csrf.rs +++ b/crates/core/src/filters/csrf.rs @@ -17,13 +17,13 @@ use chrono::{DateTime, Duration, Utc}; use data_encoding::{DecodeError, BASE64URL_NOPAD}; +use mas_config::{CookiesConfig, CsrfConfig}; use serde::{de::DeserializeOwned, Deserialize, Serialize}; use serde_with::{serde_as, TimestampSeconds}; use thiserror::Error; use warp::{reject::Reject, Filter, Rejection}; use super::cookies::EncryptableCookieValue; -use crate::config::{CookiesConfig, CsrfConfig}; /// Failed to validate CSRF token #[derive(Debug, Error)] diff --git a/crates/core/src/filters/mod.rs b/crates/core/src/filters/mod.rs index 60a24ec8..864f7027 100644 --- a/crates/core/src/filters/mod.rs +++ b/crates/core/src/filters/mod.rs @@ -28,11 +28,11 @@ pub mod session; use std::convert::Infallible; +use mas_config::{KeySet, OAuth2Config}; use mas_templates::Templates; use warp::{Filter, Rejection}; pub use self::csrf::CsrfToken; -use crate::config::{KeySet, OAuth2Config}; /// Get the [`Templates`] #[must_use] diff --git a/crates/core/src/filters/session.rs b/crates/core/src/filters/session.rs index 49e87dac..0e395923 100644 --- a/crates/core/src/filters/session.rs +++ b/crates/core/src/filters/session.rs @@ -14,6 +14,7 @@ //! Load user sessions from the database +use mas_config::CookiesConfig; use mas_data_model::BrowserSession; use serde::{Deserialize, Serialize}; use sqlx::{pool::PoolConnection, Executor, PgPool, Postgres}; @@ -29,10 +30,7 @@ use super::{ database::connection, none_on_error, }; -use crate::{ - config::CookiesConfig, - storage::{lookup_active_session, user::ActiveSessionLookupError, PostgresqlBackend}, -}; +use crate::storage::{lookup_active_session, user::ActiveSessionLookupError, PostgresqlBackend}; /// The session is missing or failed to load #[derive(Error, Debug)] diff --git a/crates/core/src/handlers/mod.rs b/crates/core/src/handlers/mod.rs index 4ae0090a..09567c54 100644 --- a/crates/core/src/handlers/mod.rs +++ b/crates/core/src/handlers/mod.rs @@ -14,12 +14,11 @@ #![allow(clippy::unused_async)] // Some warp filters need that +use mas_config::RootConfig; use mas_templates::Templates; use sqlx::PgPool; use warp::{filters::BoxedFilter, Filter, Reply}; -use crate::config::RootConfig; - mod health; mod oauth2; mod views; diff --git a/crates/core/src/handlers/oauth2/authorization.rs b/crates/core/src/handlers/oauth2/authorization.rs index dc62db6c..b4ff6795 100644 --- a/crates/core/src/handlers/oauth2/authorization.rs +++ b/crates/core/src/handlers/oauth2/authorization.rs @@ -23,6 +23,7 @@ use hyper::{ http::uri::{Parts, PathAndQuery, Uri}, StatusCode, }; +use mas_config::{CookiesConfig, OAuth2ClientConfig, OAuth2Config}; use mas_data_model::{ Authentication, AuthorizationCode, AuthorizationGrant, AuthorizationGrantStage, BrowserSession, Pkce, StorageBackend, @@ -53,7 +54,6 @@ use warp::{ }; use crate::{ - config::{CookiesConfig, OAuth2ClientConfig, OAuth2Config}, errors::WrapError, filters::{ database::transaction, diff --git a/crates/core/src/handlers/oauth2/introspection.rs b/crates/core/src/handlers/oauth2/introspection.rs index e8a6316e..b5d5c91c 100644 --- a/crates/core/src/handlers/oauth2/introspection.rs +++ b/crates/core/src/handlers/oauth2/introspection.rs @@ -13,6 +13,7 @@ // limitations under the License. use hyper::Method; +use mas_config::{OAuth2ClientConfig, OAuth2Config}; use oauth2_types::requests::{ ClientAuthenticationMethod, IntrospectionRequest, IntrospectionResponse, TokenTypeHint, }; @@ -21,7 +22,6 @@ use tracing::{info, warn}; use warp::{Filter, Rejection, Reply}; use crate::{ - config::{OAuth2ClientConfig, OAuth2Config}, errors::WrapError, filters::{client::client_authentication, cors::cors, database::connection}, storage::oauth2::{ diff --git a/crates/core/src/handlers/oauth2/mod.rs b/crates/core/src/handlers/oauth2/mod.rs index 19b771b6..9631caf4 100644 --- a/crates/core/src/handlers/oauth2/mod.rs +++ b/crates/core/src/handlers/oauth2/mod.rs @@ -12,12 +12,11 @@ // See the License for the specific language governing permissions and // limitations under the License. +use mas_config::{CookiesConfig, OAuth2Config}; use mas_templates::Templates; use sqlx::PgPool; use warp::{filters::BoxedFilter, Filter, Reply}; -use crate::config::{CookiesConfig, OAuth2Config}; - mod authorization; mod discovery; mod introspection; diff --git a/crates/core/src/handlers/oauth2/token.rs b/crates/core/src/handlers/oauth2/token.rs index e84a4bcd..dc02f0af 100644 --- a/crates/core/src/handlers/oauth2/token.rs +++ b/crates/core/src/handlers/oauth2/token.rs @@ -18,6 +18,7 @@ use data_encoding::BASE64URL_NOPAD; use headers::{CacheControl, Pragma}; use hyper::{Method, StatusCode}; use jwt_compact::{Claims, Header, TimeOptions}; +use mas_config::{KeySet, OAuth2ClientConfig, OAuth2Config}; use mas_data_model::AuthorizationGrantStage; use oauth2_types::{ errors::{InvalidGrant, InvalidRequest, OAuth2Error, OAuth2ErrorCode, UnauthorizedClient}, @@ -41,7 +42,6 @@ use warp::{ }; use crate::{ - config::{KeySet, OAuth2ClientConfig, OAuth2Config}, errors::WrapError, filters::{client::client_authentication, cors::cors, database::connection, with_keys}, reply::with_typed_header, @@ -265,7 +265,7 @@ async fn authorization_code_grant( }) .set_duration_and_issuance(&options, Duration::minutes(30)); let id_token = keys - .token(crate::config::Algorithm::Rs256, header, claims) + .token(mas_config::Algorithm::Rs256, header, claims) .await .context("could not sign ID token") .wrap_error()?; diff --git a/crates/core/src/handlers/oauth2/userinfo.rs b/crates/core/src/handlers/oauth2/userinfo.rs index bf3a2a1c..084a42b8 100644 --- a/crates/core/src/handlers/oauth2/userinfo.rs +++ b/crates/core/src/handlers/oauth2/userinfo.rs @@ -13,13 +13,13 @@ // limitations under the License. use hyper::Method; +use mas_config::OAuth2Config; use mas_data_model::{AccessToken, Session}; use serde::Serialize; use sqlx::PgPool; use warp::{Filter, Rejection, Reply}; use crate::{ - config::OAuth2Config, filters::{ authenticate::{authentication, recover_unauthorized}, cors::cors, diff --git a/crates/core/src/handlers/views/index.rs b/crates/core/src/handlers/views/index.rs index 889cad56..0b14d9aa 100644 --- a/crates/core/src/handlers/views/index.rs +++ b/crates/core/src/handlers/views/index.rs @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +use mas_config::{CookiesConfig, CsrfConfig, OAuth2Config}; use mas_data_model::BrowserSession; use mas_templates::{IndexContext, TemplateContext, Templates}; use sqlx::PgPool; @@ -19,7 +20,6 @@ use url::Url; use warp::{reply::html, Filter, Rejection, Reply}; use crate::{ - config::{CookiesConfig, CsrfConfig, OAuth2Config}, filters::{ cookies::{encrypted_cookie_saver, EncryptedCookieSaver}, csrf::updated_csrf_token, diff --git a/crates/core/src/handlers/views/login.rs b/crates/core/src/handlers/views/login.rs index ffa25ffc..681e8916 100644 --- a/crates/core/src/handlers/views/login.rs +++ b/crates/core/src/handlers/views/login.rs @@ -15,6 +15,7 @@ use std::convert::TryFrom; use hyper::http::uri::{Parts, PathAndQuery, Uri}; +use mas_config::{CookiesConfig, CsrfConfig}; use mas_data_model::{errors::WrapFormError, BrowserSession, StorageBackend}; use mas_templates::{LoginContext, LoginFormField, TemplateContext, Templates}; use serde::Deserialize; @@ -23,7 +24,6 @@ use warp::{reply::html, Filter, Rejection, Reply}; use super::shared::PostAuthAction; use crate::{ - config::{CookiesConfig, CsrfConfig}, errors::WrapError, filters::{ cookies::{encrypted_cookie_saver, EncryptedCookieSaver}, diff --git a/crates/core/src/handlers/views/logout.rs b/crates/core/src/handlers/views/logout.rs index 6dc06760..c1ed5269 100644 --- a/crates/core/src/handlers/views/logout.rs +++ b/crates/core/src/handlers/views/logout.rs @@ -12,12 +12,12 @@ // See the License for the specific language governing permissions and // limitations under the License. +use mas_config::CookiesConfig; use mas_data_model::BrowserSession; use sqlx::{PgPool, Postgres, Transaction}; use warp::{hyper::Uri, Filter, Rejection, Reply}; use crate::{ - config::CookiesConfig, errors::WrapError, filters::{csrf::protected_form, database::transaction, session::session}, storage::{user::end_session, PostgresqlBackend}, diff --git a/crates/core/src/handlers/views/mod.rs b/crates/core/src/handlers/views/mod.rs index 293dbc79..8ad59530 100644 --- a/crates/core/src/handlers/views/mod.rs +++ b/crates/core/src/handlers/views/mod.rs @@ -12,12 +12,11 @@ // See the License for the specific language governing permissions and // limitations under the License. +use mas_config::{CookiesConfig, CsrfConfig, OAuth2Config}; use mas_templates::Templates; use sqlx::PgPool; use warp::{filters::BoxedFilter, Filter, Reply}; -use crate::config::{CookiesConfig, CsrfConfig, OAuth2Config}; - mod index; mod login; mod logout; diff --git a/crates/core/src/handlers/views/reauth.rs b/crates/core/src/handlers/views/reauth.rs index e8dd8d1f..377ba526 100644 --- a/crates/core/src/handlers/views/reauth.rs +++ b/crates/core/src/handlers/views/reauth.rs @@ -15,6 +15,7 @@ use std::convert::TryFrom; use hyper::http::uri::{Parts, PathAndQuery}; +use mas_config::{CookiesConfig, CsrfConfig}; use mas_data_model::{BrowserSession, StorageBackend}; use mas_templates::{ReauthContext, TemplateContext, Templates}; use serde::Deserialize; @@ -23,7 +24,6 @@ use warp::{hyper::Uri, reply::html, Filter, Rejection, Reply}; use super::PostAuthAction; use crate::{ - config::{CookiesConfig, CsrfConfig}, errors::WrapError, filters::{ cookies::{encrypted_cookie_saver, EncryptedCookieSaver}, diff --git a/crates/core/src/handlers/views/register.rs b/crates/core/src/handlers/views/register.rs index 8a7daa4f..3af36ae9 100644 --- a/crates/core/src/handlers/views/register.rs +++ b/crates/core/src/handlers/views/register.rs @@ -16,6 +16,7 @@ use std::convert::TryFrom; use argon2::Argon2; use hyper::http::uri::{Parts, PathAndQuery, Uri}; +use mas_config::{CookiesConfig, CsrfConfig}; use mas_data_model::BrowserSession; use mas_templates::{EmptyContext, TemplateContext, Templates}; use serde::{Deserialize, Serialize}; @@ -23,7 +24,6 @@ use sqlx::{pool::PoolConnection, PgPool, Postgres}; use warp::{reply::html, Filter, Rejection, Reply}; use crate::{ - config::{CookiesConfig, CsrfConfig}, errors::WrapError, filters::{ cookies::{encrypted_cookie_saver, EncryptedCookieSaver}, diff --git a/crates/core/src/lib.rs b/crates/core/src/lib.rs index b62fa9d7..fa139dbf 100644 --- a/crates/core/src/lib.rs +++ b/crates/core/src/lib.rs @@ -21,8 +21,6 @@ #![allow(clippy::missing_errors_doc)] #![allow(clippy::implicit_hasher)] -pub(crate) use mas_config as config; - pub mod errors; pub mod filters; pub mod handlers; @@ -30,3 +28,5 @@ pub mod reply; pub mod storage; pub mod tasks; pub mod tokens; + +pub use self::filters::cors::set_propagator; diff --git a/crates/core/src/storage/mod.rs b/crates/core/src/storage/mod.rs index 633e7d24..5e2dfd9b 100644 --- a/crates/core/src/storage/mod.rs +++ b/crates/core/src/storage/mod.rs @@ -47,8 +47,8 @@ struct IdAndCreationTime { created_at: DateTime, } -pub mod oauth2; -pub mod user; +pub(crate) mod oauth2; +pub(crate) mod user; pub use self::user::{login, lookup_active_session, register_user}; diff --git a/crates/core/src/storage/oauth2/mod.rs b/crates/core/src/storage/oauth2/mod.rs index 46d9d516..8d86161f 100644 --- a/crates/core/src/storage/oauth2/mod.rs +++ b/crates/core/src/storage/oauth2/mod.rs @@ -12,6 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -pub mod access_token; -pub mod authorization_grant; -pub mod refresh_token; +pub(crate) mod access_token; +pub(crate) mod authorization_grant; +pub(crate) mod refresh_token;