handlers: remove most usage of anyhow

crates/handlers/src/compat/login.rs

@@ -129,9 +129,6 @@ pub enum RouteError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
 
-    #[error(transparent)]
-    Anyhow(#[from] anyhow::Error),
-
     #[error("unsupported login method")]
     Unsupported,
 
@@ -151,7 +148,7 @@ impl_from_error_for_route!(mas_storage::DatabaseError);
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {
         match self {
-            Self::Internal(_) | Self::Anyhow(_) => MatrixError {
+            Self::Internal(_) => MatrixError {
                 errcode: "M_UNKNOWN",
                 error: "Internal server error",
                 status: StatusCode::INTERNAL_SERVER_ERROR,
@@ -187,7 +184,7 @@ pub(crate) async fn post(
     State(homeserver): State<MatrixHomeserver>,
     Json(input): Json<RequestBody>,
 ) -> Result<impl IntoResponse, RouteError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut txn = pool.begin().await?;
     let session = match input.credentials {
         Credentials::Password {
@@ -302,7 +299,7 @@ async fn user_password_login(
     username: String,
     password: String,
 ) -> Result<CompatSession, RouteError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
 
     let device = Device::generate(&mut rng);
     let session = compat_login(txn, &mut rng, &clock, &username, &password, device)

crates/handlers/src/compat/login_sso_complete.rs

@@ -56,7 +56,7 @@ pub async fn get(
     Path(id): Path<Ulid>,
     Query(params): Query<Params>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut conn = pool.acquire().await?;
 
     let (session_info, cookie_jar) = cookie_jar.session_info();
@@ -124,7 +124,7 @@ pub async fn post(
     Query(params): Query<Params>,
     Form(form): Form<ProtectedForm<()>>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut txn = pool.begin().await?;
 
     let (session_info, cookie_jar) = cookie_jar.session_info();

crates/handlers/src/compat/login_sso_redirect.rs

@@ -27,6 +27,8 @@ use sqlx::PgPool;
 use thiserror::Error;
 use url::Url;
 
+use crate::impl_from_error_for_route;
+
 #[derive(Debug, Deserialize)]
 pub struct Params {
     #[serde(rename = "redirectUrl")]
@@ -39,9 +41,6 @@ pub enum RouteError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
 
-    #[error(transparent)]
-    Anyhow(#[from] anyhow::Error),
-
     #[error("missing redirect_url")]
     MissingRedirectUrl,
 
@@ -49,11 +48,7 @@ pub enum RouteError {
     InvalidRedirectUrl,
 }
 
-impl From<sqlx::Error> for RouteError {
-    fn from(e: sqlx::Error) -> Self {
-        Self::Internal(Box::new(e))
-    }
-}
+impl_from_error_for_route!(sqlx::Error);
 
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {
@@ -67,7 +62,7 @@ pub async fn get(
     State(url_builder): State<UrlBuilder>,
     Query(params): Query<Params>,
 ) -> Result<impl IntoResponse, RouteError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
 
     // Check the redirectUrl parameter
     let redirect_url = params.redirect_url.ok_or(RouteError::MissingRedirectUrl)?;

crates/handlers/src/compat/logout.rs

@@ -15,19 +15,34 @@
 use axum::{extract::State, response::IntoResponse, Json, TypedHeader};
 use headers::{authorization::Bearer, Authorization};
 use hyper::StatusCode;
-use mas_data_model::{TokenFormatError, TokenType};
-use mas_storage::{compat::compat_logout, Clock};
+use mas_data_model::TokenType;
+use mas_storage::{compat::compat_logout, Clock, LookupError};
 use sqlx::PgPool;
+use thiserror::Error;
 
 use super::MatrixError;
+use crate::impl_from_error_for_route;
 
+#[derive(Error, Debug)]
 pub enum RouteError {
+    #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
+
+    #[error("Missing access token")]
     MissingAuthorization,
+
+    #[error("Invalid token format")]
+    TokenFormat(#[from] mas_data_model::TokenFormatError),
+
+    #[error("Invalid access token")]
     InvalidAuthorization,
+
+    #[error("Logout failed")]
     LogoutFailed,
 }
 
+impl_from_error_for_route!(sqlx::Error);
+
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {
         match self {
@@ -41,7 +56,7 @@ impl IntoResponse for RouteError {
                 error: "Missing access token",
                 status: StatusCode::UNAUTHORIZED,
             },
-            Self::InvalidAuthorization | Self::LogoutFailed => MatrixError {
+            Self::InvalidAuthorization | Self::LogoutFailed | Self::TokenFormat(_) => MatrixError {
                 errcode: "M_UNKNOWN_TOKEN",
                 error: "Invalid access token",
                 status: StatusCode::UNAUTHORIZED,
@@ -51,18 +66,6 @@ impl IntoResponse for RouteError {
     }
 }
 
-impl From<sqlx::Error> for RouteError {
-    fn from(e: sqlx::Error) -> Self {
-        Self::Internal(Box::new(e))
-    }
-}
-
-impl From<TokenFormatError> for RouteError {
-    fn from(_e: TokenFormatError) -> Self {
-        Self::InvalidAuthorization
-    }
-}
-
 pub(crate) async fn post(
     State(pool): State<PgPool>,
     maybe_authorization: Option<TypedHeader<Authorization<Bearer>>>,
@@ -79,9 +82,13 @@ pub(crate) async fn post(
         return Err(RouteError::InvalidAuthorization);
     }
 
-    compat_logout(&mut conn, &clock, token)
-        .await
-        .map_err(|_| RouteError::LogoutFailed)?;
+    compat_logout(&mut conn, &clock, token).await.map_err(|e| {
+        if e.not_found() {
+            RouteError::LogoutFailed
+        } else {
+            RouteError::Internal(Box::new(e))
+        }
+    })?;
 
     Ok(Json(serde_json::json!({})))
 }

crates/handlers/src/compat/refresh.rs

@@ -38,9 +38,6 @@ pub enum RouteError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
 
-    #[error(transparent)]
-    Anyhow(#[from] anyhow::Error),
-
     #[error("invalid token")]
     InvalidToken,
 }
@@ -48,7 +45,7 @@ pub enum RouteError {
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {
         match self {
-            Self::Internal(_) | Self::Anyhow(_) => MatrixError {
+            Self::Internal(_) => MatrixError {
                 errcode: "M_UNKNOWN",
                 error: "Internal error",
                 status: StatusCode::INTERNAL_SERVER_ERROR,
@@ -85,7 +82,7 @@ pub(crate) async fn post(
     State(pool): State<PgPool>,
     Json(input): Json<RequestBody>,
 ) -> Result<impl IntoResponse, RouteError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut txn = pool.begin().await?;
 
     let token_type = TokenType::check(&input.refresh_token)?;

crates/handlers/src/lib.rs

@@ -26,7 +26,6 @@
 
 use std::{convert::Infallible, sync::Arc, time::Duration};
 
-use anyhow::Context;
 use axum::{
     body::{Bytes, HttpBody},
     extract::FromRef,
@@ -402,13 +401,14 @@ async fn test_state(pool: PgPool) -> Result<AppState, anyhow::Error> {
 }
 
 // XXX: that should be moved somewhere else
-fn rng_and_clock() -> Result<(mas_storage::Clock, rand_chacha::ChaChaRng), anyhow::Error> {
+fn clock_and_rng() -> (mas_storage::Clock, rand_chacha::ChaChaRng) {
     let clock = mas_storage::Clock::default();
 
     // This rng is used to source the local rng
     #[allow(clippy::disallowed_methods)]
     let rng = rand::thread_rng();
 
-    let rng = rand_chacha::ChaChaRng::from_rng(rng).context("Failed to seed RNG")?;
-    Ok((clock, rng))
+    let rng = rand_chacha::ChaChaRng::from_rng(rng).expect("Failed to seed RNG");
+
+    (clock, rng)
 }

crates/handlers/src/oauth2/authorization/complete.rs

@@ -44,6 +44,7 @@ pub enum RouteError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
 
+    // TODO: remove this one: needed because mas_policy returns errors from anyhow
     #[error(transparent)]
     Anyhow(#[from] anyhow::Error),
 
@@ -160,7 +161,7 @@ pub(crate) async fn complete(
     policy_factory: &PolicyFactory,
     mut txn: Transaction<'_, Postgres>,
 ) -> Result<AuthorizationResponse<Option<AccessTokenResponse>>, GrantCompletionError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
 
     // Verify that the grant is in a pending stage
     if !grant.stage.is_pending() {

crates/handlers/src/oauth2/authorization/mod.rs

@@ -52,6 +52,7 @@ pub enum RouteError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
 
+    // TODO: remove this one
     #[error(transparent)]
     Anyhow(#[from] anyhow::Error),
 
@@ -135,7 +136,7 @@ pub(crate) async fn get(
     cookie_jar: PrivateCookieJar<Encrypter>,
     Form(params): Form<Params>,
 ) -> Result<Response, RouteError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut txn = pool.begin().await?;
 
     // First, figure out what client it is

crates/handlers/src/oauth2/consent.rs

@@ -44,6 +44,7 @@ pub enum RouteError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync>),
 
+    // TODO: remove this one, needed because of mas_policy
     #[error(transparent)]
     Anyhow(#[from] anyhow::Error),
 
@@ -77,7 +78,7 @@ pub(crate) async fn get(
     cookie_jar: PrivateCookieJar<Encrypter>,
     Path(grant_id): Path<Ulid>,
 ) -> Result<Response, RouteError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut conn = pool.acquire().await?;
 
     let (session_info, cookie_jar) = cookie_jar.session_info();
@@ -130,7 +131,7 @@ pub(crate) async fn post(
     Path(grant_id): Path<Ulid>,
     Form(form): Form<ProtectedForm<()>>,
 ) -> Result<Response, RouteError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut txn = pool.begin().await?;
 
     cookie_jar.verify_form(clock.now(), form)?;

crates/handlers/src/oauth2/registration.rs

@@ -32,11 +32,14 @@ use thiserror::Error;
 use tracing::info;
 use ulid::Ulid;
 
+use crate::impl_from_error_for_route;
+
 #[derive(Debug, Error)]
 pub(crate) enum RouteError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync>),
 
+    // TODO: remove this, needed because of mas_policy
     #[error(transparent)]
     Anyhow(#[from] anyhow::Error),
 
@@ -50,11 +53,7 @@ pub(crate) enum RouteError {
     PolicyDenied(Vec<Violation>),
 }
 
-impl From<sqlx::Error> for RouteError {
-    fn from(e: sqlx::Error) -> Self {
-        Self::Internal(Box::new(e))
-    }
-}
+impl_from_error_for_route!(sqlx::Error);
 
 impl From<ClientMetadataVerificationError> for RouteError {
     fn from(e: ClientMetadataVerificationError) -> Self {
@@ -113,7 +112,7 @@ pub(crate) async fn post(
     State(encrypter): State<Encrypter>,
     Json(body): Json<ClientMetadata>,
 ) -> Result<impl IntoResponse, RouteError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     info!(?body, "Client registration");
 
     // Validate the body

crates/handlers/src/oauth2/token.rs

@@ -14,7 +14,6 @@
 
 use std::collections::HashMap;
 
-use anyhow::Context;
 use axum::{extract::State, response::IntoResponse, Json};
 use chrono::{DateTime, Duration, Utc};
 use headers::{CacheControl, HeaderMap, HeaderMapExt, Pragma};
@@ -32,14 +31,11 @@ use mas_jose::{
 };
 use mas_keystore::{Encrypter, Keystore};
 use mas_router::UrlBuilder;
-use mas_storage::{
-    oauth2::{
-        access_token::{add_access_token, revoke_access_token},
-        authorization_grant::{exchange_grant, lookup_grant_by_code},
-        end_oauth_session,
-        refresh_token::{add_refresh_token, consume_refresh_token, lookup_active_refresh_token},
-    },
-    DatabaseInconsistencyError,
+use mas_storage::oauth2::{
+    access_token::{add_access_token, revoke_access_token},
+    authorization_grant::{exchange_grant, lookup_grant_by_code},
+    end_oauth_session,
+    refresh_token::{add_refresh_token, consume_refresh_token, lookup_active_refresh_token},
 };
 use oauth2_types::{
     errors::{ClientError, ClientErrorCode},
@@ -80,9 +76,6 @@ pub(crate) enum RouteError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
 
-    #[error(transparent)]
-    Anyhow(#[from] anyhow::Error),
-
     #[error("bad request")]
     BadRequest,
 
@@ -106,12 +99,15 @@ pub(crate) enum RouteError {
 
     #[error("unauthorized client")]
     UnauthorizedClient,
+
+    #[error("no suitable key found for signing")]
+    InvalidSigningKey,
 }
 
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {
         match self {
-            Self::Internal(_) | Self::Anyhow(_) => (
+            Self::Internal(_) | Self::InvalidSigningKey => (
                 StatusCode::INTERNAL_SERVER_ERROR,
                 Json(ClientError::from(ClientErrorCode::ServerError)),
             ),
@@ -206,7 +202,7 @@ async fn authorization_code_grant(
     url_builder: &UrlBuilder,
     mut txn: Transaction<'_, Postgres>,
 ) -> Result<AccessTokenResponse, RouteError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
 
     // TODO: there is a bunch of unnecessary cloning here
     // TODO: handle "not found" cases
@@ -255,10 +251,7 @@ async fn authorization_code_grant(
     };
 
     // This should never happen, since we looked up in the database using the code
-    let code = authz_grant
-        .code
-        .as_ref()
-        .ok_or_else(|| anyhow::anyhow!(DatabaseInconsistencyError))?;
+    let code = authz_grant.code.as_ref().ok_or(RouteError::InvalidGrant)?;
 
     if client.client_id != session.client.client_id {
         return Err(RouteError::UnauthorizedClient);
@@ -322,14 +315,14 @@ async fn authorization_code_grant(
             .unwrap_or(JsonWebSignatureAlg::Rs256);
         let key = key_store
             .signing_key_for_algorithm(&alg)
-            .context("no suitable key found")?;
+            .ok_or(RouteError::InvalidSigningKey)?;
 
         claims::AT_HASH.insert(&mut claims, hash_token(&alg, &access_token_str)?)?;
         claims::C_HASH.insert(&mut claims, hash_token(&alg, &grant.code)?)?;
 
         let signer = key.params().signing_key_for_alg(&alg)?;
         let header = JsonWebSignatureHeader::new(alg)
-            .with_kid(key.kid().context("key has no `kid` for some reason")?);
+            .with_kid(key.kid().ok_or(RouteError::InvalidSigningKey)?);
         let id_token = Jwt::sign_with_rng(&mut rng, header, claims, &signer)?;
 
         Some(id_token.as_str().to_owned())
@@ -358,7 +351,7 @@ async fn refresh_token_grant(
     client: &Client,
     mut txn: Transaction<'_, Postgres>,
 ) -> Result<AccessTokenResponse, RouteError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
 
     let (refresh_token, session) = lookup_active_refresh_token(&mut txn, &grant.refresh_token)
         .await?

crates/handlers/src/oauth2/userinfo.rs

@@ -12,7 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use anyhow::Context;
 use axum::{
     extract::State,
     response::{IntoResponse, Response},
@@ -35,6 +34,8 @@ use serde_with::skip_serializing_none;
 use sqlx::PgPool;
 use thiserror::Error;
 
+use crate::impl_from_error_for_route;
+
 #[skip_serializing_none]
 #[derive(Serialize)]
 struct UserInfo {
@@ -57,48 +58,35 @@ pub enum RouteError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
 
-    #[error(transparent)]
-    Anyhow(#[from] anyhow::Error),
-
     #[error("failed to authenticate")]
     AuthorizationVerificationError(#[from] AuthorizationVerificationError),
+
+    #[error("no suitable key found for signing")]
+    InvalidSigningKey,
 }
 
+impl_from_error_for_route!(sqlx::Error);
+impl_from_error_for_route!(mas_keystore::WrongAlgorithmError);
+impl_from_error_for_route!(mas_jose::jwt::JwtSignatureError);
+
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {
         match self {
-            Self::Internal(e) => (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response(),
-            Self::Anyhow(e) => (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response(),
+            Self::Internal(_) | Self::InvalidSigningKey => {
+                (StatusCode::INTERNAL_SERVER_ERROR, self.to_string()).into_response()
+            }
             Self::AuthorizationVerificationError(_e) => StatusCode::UNAUTHORIZED.into_response(),
         }
     }
 }
 
-impl From<sqlx::Error> for RouteError {
-    fn from(e: sqlx::Error) -> Self {
-        Self::Internal(Box::new(e))
-    }
-}
-
-impl From<mas_keystore::WrongAlgorithmError> for RouteError {
-    fn from(e: mas_keystore::WrongAlgorithmError) -> Self {
-        Self::Internal(Box::new(e))
-    }
-}
-
-impl From<mas_jose::jwt::JwtSignatureError> for RouteError {
-    fn from(e: mas_jose::jwt::JwtSignatureError) -> Self {
-        Self::Internal(Box::new(e))
-    }
-}
-
 pub async fn get(
     State(url_builder): State<UrlBuilder>,
     State(pool): State<PgPool>,
     State(key_store): State<Keystore>,
     user_authorization: UserAuthorization,
 ) -> Result<Response, RouteError> {
-    let (_clock, mut rng) = crate::rng_and_clock()?;
+    let (_clock, mut rng) = crate::clock_and_rng();
     let mut conn = pool.acquire().await?;
 
     let session = user_authorization.protected(&mut conn).await?;
@@ -121,11 +109,11 @@ pub async fn get(
     if let Some(alg) = session.client.userinfo_signed_response_alg {
         let key = key_store
             .signing_key_for_algorithm(&alg)
-            .context("no suitable key found")?;
+            .ok_or(RouteError::InvalidSigningKey)?;
 
         let signer = key.params().signing_key_for_alg(&alg)?;
         let header = JsonWebSignatureHeader::new(alg)
-            .with_kid(key.kid().context("key has no `kid` for some reason")?);
+            .with_kid(key.kid().ok_or(RouteError::InvalidSigningKey)?);
 
         let user_info = SignedUserInfo {
             iss: url_builder.oidc_issuer().to_string(),

crates/handlers/src/upstream_oauth2/authorize.rs

@@ -37,9 +37,6 @@ pub(crate) enum RouteError {
 
     #[error(transparent)]
     Internal(Box<dyn std::error::Error>),
-
-    #[error(transparent)]
-    Anyhow(#[from] anyhow::Error),
 }
 
 impl_from_error_for_route!(sqlx::Error);
@@ -53,9 +50,6 @@ impl IntoResponse for RouteError {
         match self {
             Self::ProviderNotFound => (StatusCode::NOT_FOUND, "Provider not found").into_response(),
             Self::Internal(e) => (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response(),
-            Self::Anyhow(e) => {
-                (StatusCode::INTERNAL_SERVER_ERROR, format!("{e:?}")).into_response()
-            }
         }
     }
 }
@@ -68,7 +62,7 @@ pub(crate) async fn get(
     Path(provider_id): Path<Ulid>,
     Query(query): Query<OptionalPostAuthAction>,
 ) -> Result<impl IntoResponse, RouteError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
 
     let mut txn = pool.begin().await?;
 

crates/handlers/src/upstream_oauth2/callback.rs

@@ -90,9 +90,6 @@ pub(crate) enum RouteError {
 
     #[error(transparent)]
     Internal(Box<dyn std::error::Error>),
-
-    #[error(transparent)]
-    Anyhow(#[from] anyhow::Error),
 }
 
 impl_from_error_for_route!(mas_storage::DatabaseError);
@@ -109,9 +106,6 @@ impl IntoResponse for RouteError {
         match self {
             Self::SessionNotFound => (StatusCode::NOT_FOUND, "Session not found").into_response(),
             Self::Internal(e) => (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response(),
-            Self::Anyhow(e) => {
-                (StatusCode::INTERNAL_SERVER_ERROR, format!("{e:?}")).into_response()
-            }
             e => (StatusCode::BAD_REQUEST, e.to_string()).into_response(),
         }
     }
@@ -128,7 +122,7 @@ pub(crate) async fn get(
     Path(provider_id): Path<Ulid>,
     Query(params): Query<QueryParams>,
 ) -> Result<impl IntoResponse, RouteError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
 
     let mut txn = pool.begin().await?;
 

crates/handlers/src/upstream_oauth2/link.rs

@@ -67,9 +67,6 @@ pub(crate) enum RouteError {
 
     #[error(transparent)]
     Internal(Box<dyn std::error::Error>),
-
-    #[error(transparent)]
-    Anyhow(#[from] anyhow::Error),
 }
 
 impl_from_error_for_route!(sqlx::Error);
@@ -84,9 +81,6 @@ impl IntoResponse for RouteError {
         match self {
             Self::LinkNotFound => (StatusCode::NOT_FOUND, "Link not found").into_response(),
             Self::Internal(e) => (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response(),
-            Self::Anyhow(e) => {
-                (StatusCode::INTERNAL_SERVER_ERROR, format!("{e:?}")).into_response()
-            }
             e => (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response(),
         }
     }
@@ -107,7 +101,7 @@ pub(crate) async fn get(
     Path(link_id): Path<Ulid>,
 ) -> Result<impl IntoResponse, RouteError> {
     let mut txn = pool.begin().await?;
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
 
     let sessions_cookie = UpstreamSessionsCookie::load(&cookie_jar);
     let (session_id, _post_auth_action) = sessions_cookie
@@ -204,7 +198,7 @@ pub(crate) async fn post(
     Form(form): Form<ProtectedForm<FormData>>,
 ) -> Result<impl IntoResponse, RouteError> {
     let mut txn = pool.begin().await?;
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let form = cookie_jar.verify_form(clock.now(), form)?;
 
     let sessions_cookie = UpstreamSessionsCookie::load(&cookie_jar);

crates/handlers/src/views/account/emails/add.rs

@@ -42,7 +42,7 @@ pub(crate) async fn get(
     State(pool): State<PgPool>,
     cookie_jar: PrivateCookieJar<Encrypter>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut conn = pool.begin().await?;
 
     let (csrf_token, cookie_jar) = cookie_jar.csrf_token(clock.now(), &mut rng);
@@ -73,7 +73,7 @@ pub(crate) async fn post(
     Query(query): Query<OptionalPostAuthAction>,
     Form(form): Form<ProtectedForm<EmailForm>>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut txn = pool.begin().await?;
 
     let form = cookie_jar.verify_form(clock.now(), form)?;

crates/handlers/src/views/account/emails/mod.rs

@@ -57,7 +57,7 @@ pub(crate) async fn get(
     State(pool): State<PgPool>,
     cookie_jar: PrivateCookieJar<Encrypter>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
 
     let mut conn = pool.acquire().await?;
 
@@ -139,7 +139,7 @@ pub(crate) async fn post(
     cookie_jar: PrivateCookieJar<Encrypter>,
     Form(form): Form<ProtectedForm<ManagementForm>>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut txn = pool.begin().await?;
 
     let (session_info, cookie_jar) = cookie_jar.session_info();

crates/handlers/src/views/account/emails/verify.rs

@@ -50,7 +50,7 @@ pub(crate) async fn get(
     Path(id): Path<Ulid>,
     cookie_jar: PrivateCookieJar<Encrypter>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut conn = pool.acquire().await?;
 
     let (csrf_token, cookie_jar) = cookie_jar.csrf_token(clock.now(), &mut rng);

crates/handlers/src/views/account/mod.rs

@@ -32,7 +32,7 @@ pub(crate) async fn get(
     State(pool): State<PgPool>,
     cookie_jar: PrivateCookieJar<Encrypter>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut conn = pool.acquire().await?;
 
     let (csrf_token, cookie_jar) = cookie_jar.csrf_token(clock.now(), &mut rng);

crates/handlers/src/views/account/password.rs

@@ -46,7 +46,7 @@ pub(crate) async fn get(
     State(pool): State<PgPool>,
     cookie_jar: PrivateCookieJar<Encrypter>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut conn = pool.acquire().await?;
 
     let (session_info, cookie_jar) = cookie_jar.session_info();
@@ -85,7 +85,7 @@ pub(crate) async fn post(
     cookie_jar: PrivateCookieJar<Encrypter>,
     Form(form): Form<ProtectedForm<ChangeForm>>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut txn = pool.begin().await?;
 
     let form = cookie_jar.verify_form(clock.now(), form)?;

crates/handlers/src/views/index.rs

@@ -29,7 +29,7 @@ pub async fn get(
     State(pool): State<PgPool>,
     cookie_jar: PrivateCookieJar<Encrypter>,
 ) -> Result<impl IntoResponse, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut conn = pool.acquire().await?;
 
     let (csrf_token, cookie_jar) = cookie_jar.csrf_token(clock.now(), &mut rng);

crates/handlers/src/views/login.rs

@@ -47,7 +47,7 @@ pub(crate) async fn get(
     Query(query): Query<OptionalPostAuthAction>,
     cookie_jar: PrivateCookieJar<Encrypter>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut conn = pool.acquire().await?;
 
     let (csrf_token, cookie_jar) = cookie_jar.csrf_token(clock.now(), &mut rng);
@@ -80,7 +80,7 @@ pub(crate) async fn post(
     cookie_jar: PrivateCookieJar<Encrypter>,
     Form(form): Form<ProtectedForm<LoginForm>>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut conn = pool.acquire().await?;
 
     let form = cookie_jar.verify_form(clock.now(), form)?;

crates/handlers/src/views/reauth.rs

@@ -41,7 +41,7 @@ pub(crate) async fn get(
     Query(query): Query<OptionalPostAuthAction>,
     cookie_jar: PrivateCookieJar<Encrypter>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut conn = pool.acquire().await?;
 
     let (csrf_token, cookie_jar) = cookie_jar.csrf_token(clock.now(), &mut rng);
@@ -81,7 +81,7 @@ pub(crate) async fn post(
     cookie_jar: PrivateCookieJar<Encrypter>,
     Form(form): Form<ProtectedForm<ReauthForm>>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut txn = pool.begin().await?;
 
     let form = cookie_jar.verify_form(clock.now(), form)?;

crates/handlers/src/views/register.rs

@@ -63,7 +63,7 @@ pub(crate) async fn get(
     Query(query): Query<OptionalPostAuthAction>,
     cookie_jar: PrivateCookieJar<Encrypter>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut conn = pool.acquire().await?;
 
     let (csrf_token, cookie_jar) = cookie_jar.csrf_token(clock.now(), &mut rng);
@@ -98,7 +98,7 @@ pub(crate) async fn post(
     cookie_jar: PrivateCookieJar<Encrypter>,
     Form(form): Form<ProtectedForm<RegisterForm>>,
 ) -> Result<Response, FancyError> {
-    let (clock, mut rng) = crate::rng_and_clock()?;
+    let (clock, mut rng) = crate::clock_and_rng();
     let mut txn = pool.begin().await?;
 
     let form = cookie_jar.verify_form(clock.now(), form)?;