Tweak items visibility in the core crate

crates/cli/src/telemetry.rs

@@ -40,7 +40,7 @@ pub fn setup(config: &TelemetryConfig) -> anyhow::Result<Option<Tracer>> {
 
     // The CORS filter needs to know what headers it should whitelist for
     // CORS-protected requests.
-    mas_core::filters::cors::set_propagator(&propagator);
+    mas_core::set_propagator(&propagator);
     global::set_text_map_propagator(propagator);
 
     let tracer = tracer(&config.tracing.exporter)?;

crates/core/src/errors.rs

@@ -15,15 +15,15 @@
 use warp::{reject::Reject, Rejection};
 
 #[derive(Debug)]
-pub struct WrappedError(anyhow::Error);
+pub(crate) struct WrappedError(anyhow::Error);
 
 impl warp::reject::Reject for WrappedError {}
 
-pub fn wrapped_error<T: Into<anyhow::Error>>(e: T) -> impl Reject {
+pub(crate) fn wrapped_error<T: Into<anyhow::Error>>(e: T) -> impl Reject {
     WrappedError(e.into())
 }
 
-pub trait WrapError<T> {
+pub(crate) trait WrapError<T> {
     fn wrap_error(self) -> Result<T, Rejection>;
 }
 

crates/core/src/filters/authenticate.rs

@@ -55,14 +55,6 @@ pub enum AuthenticationError {
     #[error("unknown token")]
     TokenNotFound(#[source] AccessTokenLookupError),
 
-    /// The access token is no longer active
-    #[error("token is not active")]
-    TokenInactive,
-
-    /// The access token expired
-    #[error("token expired")]
-    TokenExpired,
-
     /// The `Authorization` header is missing
     #[error("missing authorization header")]
     MissingAuthorizationHeader,

crates/core/src/filters/client.rs

@@ -22,6 +22,7 @@ use jwt_compact::{
     alg::{Hs256, Hs256Key, Hs384, Hs384Key, Hs512, Hs512Key},
     Algorithm, AlgorithmExt, AlgorithmSignature, TimeOptions, Token, UntrustedToken,
 };
+use mas_config::{OAuth2ClientConfig, OAuth2Config};
 use oauth2_types::requests::ClientAuthenticationMethod;
 use serde::{de::DeserializeOwned, Deserialize, Serialize};
 use serde_with::skip_serializing_none;
@@ -29,10 +30,7 @@ use thiserror::Error;
 use warp::{reject::Reject, Filter, Rejection};
 
 use super::headers::typed_header;
-use crate::{
-    config::{OAuth2ClientConfig, OAuth2Config},
-    errors::WrapError,
-};
+use crate::errors::WrapError;
 
 /// Protect an enpoint with client authentication
 #[must_use]

crates/core/src/filters/cookies.rs

@@ -23,6 +23,7 @@ use chacha20poly1305::{
 use cookie::{Cookie, SameSite};
 use data_encoding::BASE64URL_NOPAD;
 use headers::{Header, HeaderValue, SetCookie};
+use mas_config::CookiesConfig;
 use serde::{de::DeserializeOwned, Deserialize, Serialize};
 use thiserror::Error;
 use warp::{
@@ -32,7 +33,6 @@ use warp::{
 
 use super::none_on_error;
 use crate::{
-    config::CookiesConfig,
     errors::WrapError,
     reply::{with_typed_header, WithTypedHeader},
 };

crates/core/src/filters/csrf.rs

@@ -17,13 +17,13 @@
 
 use chrono::{DateTime, Duration, Utc};
 use data_encoding::{DecodeError, BASE64URL_NOPAD};
+use mas_config::{CookiesConfig, CsrfConfig};
 use serde::{de::DeserializeOwned, Deserialize, Serialize};
 use serde_with::{serde_as, TimestampSeconds};
 use thiserror::Error;
 use warp::{reject::Reject, Filter, Rejection};
 
 use super::cookies::EncryptableCookieValue;
-use crate::config::{CookiesConfig, CsrfConfig};
 
 /// Failed to validate CSRF token
 #[derive(Debug, Error)]

crates/core/src/filters/mod.rs

@@ -28,11 +28,11 @@ pub mod session;
 
 use std::convert::Infallible;
 
+use mas_config::{KeySet, OAuth2Config};
 use mas_templates::Templates;
 use warp::{Filter, Rejection};
 
 pub use self::csrf::CsrfToken;
-use crate::config::{KeySet, OAuth2Config};
 
 /// Get the [`Templates`]
 #[must_use]

crates/core/src/filters/session.rs

@@ -14,6 +14,7 @@
 
 //! Load user sessions from the database
 
+use mas_config::CookiesConfig;
 use mas_data_model::BrowserSession;
 use serde::{Deserialize, Serialize};
 use sqlx::{pool::PoolConnection, Executor, PgPool, Postgres};
@@ -29,10 +30,7 @@ use super::{
     database::connection,
     none_on_error,
 };
-use crate::{
-    config::CookiesConfig,
-    storage::{lookup_active_session, user::ActiveSessionLookupError, PostgresqlBackend},
-};
+use crate::storage::{lookup_active_session, user::ActiveSessionLookupError, PostgresqlBackend};
 
 /// The session is missing or failed to load
 #[derive(Error, Debug)]

crates/core/src/handlers/mod.rs

@@ -14,12 +14,11 @@
 
 #![allow(clippy::unused_async)] // Some warp filters need that
 
+use mas_config::RootConfig;
 use mas_templates::Templates;
 use sqlx::PgPool;
 use warp::{filters::BoxedFilter, Filter, Reply};
 
-use crate::config::RootConfig;
-
 mod health;
 mod oauth2;
 mod views;

crates/core/src/handlers/oauth2/authorization.rs

@@ -23,6 +23,7 @@ use hyper::{
     http::uri::{Parts, PathAndQuery, Uri},
     StatusCode,
 };
+use mas_config::{CookiesConfig, OAuth2ClientConfig, OAuth2Config};
 use mas_data_model::{
     Authentication, AuthorizationCode, AuthorizationGrant, AuthorizationGrantStage, BrowserSession,
     Pkce, StorageBackend,
@@ -53,7 +54,6 @@ use warp::{
 };
 
 use crate::{
-    config::{CookiesConfig, OAuth2ClientConfig, OAuth2Config},
     errors::WrapError,
     filters::{
         database::transaction,

crates/core/src/handlers/oauth2/introspection.rs

@@ -13,6 +13,7 @@
 // limitations under the License.
 
 use hyper::Method;
+use mas_config::{OAuth2ClientConfig, OAuth2Config};
 use oauth2_types::requests::{
     ClientAuthenticationMethod, IntrospectionRequest, IntrospectionResponse, TokenTypeHint,
 };
@@ -21,7 +22,6 @@ use tracing::{info, warn};
 use warp::{Filter, Rejection, Reply};
 
 use crate::{
-    config::{OAuth2ClientConfig, OAuth2Config},
     errors::WrapError,
     filters::{client::client_authentication, cors::cors, database::connection},
     storage::oauth2::{

crates/core/src/handlers/oauth2/mod.rs

@@ -12,12 +12,11 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use mas_config::{CookiesConfig, OAuth2Config};
 use mas_templates::Templates;
 use sqlx::PgPool;
 use warp::{filters::BoxedFilter, Filter, Reply};
 
-use crate::config::{CookiesConfig, OAuth2Config};
-
 mod authorization;
 mod discovery;
 mod introspection;

crates/core/src/handlers/oauth2/token.rs

@@ -18,6 +18,7 @@ use data_encoding::BASE64URL_NOPAD;
 use headers::{CacheControl, Pragma};
 use hyper::{Method, StatusCode};
 use jwt_compact::{Claims, Header, TimeOptions};
+use mas_config::{KeySet, OAuth2ClientConfig, OAuth2Config};
 use mas_data_model::AuthorizationGrantStage;
 use oauth2_types::{
     errors::{InvalidGrant, InvalidRequest, OAuth2Error, OAuth2ErrorCode, UnauthorizedClient},
@@ -41,7 +42,6 @@ use warp::{
 };
 
 use crate::{
-    config::{KeySet, OAuth2ClientConfig, OAuth2Config},
     errors::WrapError,
     filters::{client::client_authentication, cors::cors, database::connection, with_keys},
     reply::with_typed_header,
@@ -265,7 +265,7 @@ async fn authorization_code_grant(
         })
         .set_duration_and_issuance(&options, Duration::minutes(30));
         let id_token = keys
-            .token(crate::config::Algorithm::Rs256, header, claims)
+            .token(mas_config::Algorithm::Rs256, header, claims)
             .await
             .context("could not sign ID token")
             .wrap_error()?;

crates/core/src/handlers/oauth2/userinfo.rs

@@ -13,13 +13,13 @@
 // limitations under the License.
 
 use hyper::Method;
+use mas_config::OAuth2Config;
 use mas_data_model::{AccessToken, Session};
 use serde::Serialize;
 use sqlx::PgPool;
 use warp::{Filter, Rejection, Reply};
 
 use crate::{
-    config::OAuth2Config,
     filters::{
         authenticate::{authentication, recover_unauthorized},
         cors::cors,

crates/core/src/handlers/views/index.rs

@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use mas_config::{CookiesConfig, CsrfConfig, OAuth2Config};
 use mas_data_model::BrowserSession;
 use mas_templates::{IndexContext, TemplateContext, Templates};
 use sqlx::PgPool;
@@ -19,7 +20,6 @@ use url::Url;
 use warp::{reply::html, Filter, Rejection, Reply};
 
 use crate::{
-    config::{CookiesConfig, CsrfConfig, OAuth2Config},
     filters::{
         cookies::{encrypted_cookie_saver, EncryptedCookieSaver},
         csrf::updated_csrf_token,

crates/core/src/handlers/views/login.rs

@@ -15,6 +15,7 @@
 use std::convert::TryFrom;
 
 use hyper::http::uri::{Parts, PathAndQuery, Uri};
+use mas_config::{CookiesConfig, CsrfConfig};
 use mas_data_model::{errors::WrapFormError, BrowserSession, StorageBackend};
 use mas_templates::{LoginContext, LoginFormField, TemplateContext, Templates};
 use serde::Deserialize;
@@ -23,7 +24,6 @@ use warp::{reply::html, Filter, Rejection, Reply};
 
 use super::shared::PostAuthAction;
 use crate::{
-    config::{CookiesConfig, CsrfConfig},
     errors::WrapError,
     filters::{
         cookies::{encrypted_cookie_saver, EncryptedCookieSaver},

crates/core/src/handlers/views/logout.rs

@@ -12,12 +12,12 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use mas_config::CookiesConfig;
 use mas_data_model::BrowserSession;
 use sqlx::{PgPool, Postgres, Transaction};
 use warp::{hyper::Uri, Filter, Rejection, Reply};
 
 use crate::{
-    config::CookiesConfig,
     errors::WrapError,
     filters::{csrf::protected_form, database::transaction, session::session},
     storage::{user::end_session, PostgresqlBackend},

crates/core/src/handlers/views/mod.rs

@@ -12,12 +12,11 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use mas_config::{CookiesConfig, CsrfConfig, OAuth2Config};
 use mas_templates::Templates;
 use sqlx::PgPool;
 use warp::{filters::BoxedFilter, Filter, Reply};
 
-use crate::config::{CookiesConfig, CsrfConfig, OAuth2Config};
-
 mod index;
 mod login;
 mod logout;

crates/core/src/handlers/views/reauth.rs

@@ -15,6 +15,7 @@
 use std::convert::TryFrom;
 
 use hyper::http::uri::{Parts, PathAndQuery};
+use mas_config::{CookiesConfig, CsrfConfig};
 use mas_data_model::{BrowserSession, StorageBackend};
 use mas_templates::{ReauthContext, TemplateContext, Templates};
 use serde::Deserialize;
@@ -23,7 +24,6 @@ use warp::{hyper::Uri, reply::html, Filter, Rejection, Reply};
 
 use super::PostAuthAction;
 use crate::{
-    config::{CookiesConfig, CsrfConfig},
     errors::WrapError,
     filters::{
         cookies::{encrypted_cookie_saver, EncryptedCookieSaver},

crates/core/src/handlers/views/register.rs

@@ -16,6 +16,7 @@ use std::convert::TryFrom;
 
 use argon2::Argon2;
 use hyper::http::uri::{Parts, PathAndQuery, Uri};
+use mas_config::{CookiesConfig, CsrfConfig};
 use mas_data_model::BrowserSession;
 use mas_templates::{EmptyContext, TemplateContext, Templates};
 use serde::{Deserialize, Serialize};
@@ -23,7 +24,6 @@ use sqlx::{pool::PoolConnection, PgPool, Postgres};
 use warp::{reply::html, Filter, Rejection, Reply};
 
 use crate::{
-    config::{CookiesConfig, CsrfConfig},
     errors::WrapError,
     filters::{
         cookies::{encrypted_cookie_saver, EncryptedCookieSaver},

crates/core/src/lib.rs

@@ -21,8 +21,6 @@
 #![allow(clippy::missing_errors_doc)]
 #![allow(clippy::implicit_hasher)]
 
-pub(crate) use mas_config as config;
-
 pub mod errors;
 pub mod filters;
 pub mod handlers;
@@ -30,3 +28,5 @@ pub mod reply;
 pub mod storage;
 pub mod tasks;
 pub mod tokens;
+
+pub use self::filters::cors::set_propagator;

crates/core/src/storage/mod.rs

@@ -47,8 +47,8 @@ struct IdAndCreationTime {
     created_at: DateTime<Utc>,
 }
 
-pub mod oauth2;
-pub mod user;
+pub(crate) mod oauth2;
+pub(crate) mod user;
 
 pub use self::user::{login, lookup_active_session, register_user};
 

crates/core/src/storage/oauth2/mod.rs

@@ -12,6 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-pub mod access_token;
-pub mod authorization_grant;
-pub mod refresh_token;
+pub(crate) mod access_token;
+pub(crate) mod authorization_grant;
+pub(crate) mod refresh_token;