matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-29 22:01:14 +03:00
Code Activity

Move secrets and oauth2 clients config

Browse Source
This commit is contained in:
Quentin Gliech
2022-02-01 09:34:18 +01:00
parent c0e5b66ea4
commit 7e24cd0948
30 changed files with 462 additions and 454 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
crates/handlers/Cargo.toml
View File

@ -42,7 +42,6 @@ argon2 = { version = "0.3.2", features = ["password-hash"] }
rsa = { git = "https://github.com/RustCrypto/RSA.git" }
pkcs8 = { version = "0.8.0", features = ["pem"] }
elliptic-curve = { version = "0.11.7", features = ["pem"] }
chacha20poly1305 = { version = "0.9.0", features = ["std"] }
sha2 = "0.10.1"
crc = "2.1.0"

9
crates/handlers/src/lib.rs
View File

@ -24,7 +24,7 @@
use std::sync::Arc;
use mas_config::RootConfig;
use mas_config::{Encrypter, RootConfig};
use mas_email::Mailer;
use mas_jose::StaticKeystore;
use mas_static_files::filter as static_files;
@ -43,6 +43,7 @@ pub fn root(
pool: &PgPool,
templates: &Templates,
key_store: &Arc<StaticKeystore>,
encrypter: &Encrypter,
mailer: &Mailer,
config: &RootConfig,
) -> BoxedFilter<(impl Reply,)> {
@ -51,17 +52,17 @@ pub fn root(
pool,
templates,
key_store,
&config.oauth2,
encrypter,
&config.clients,
&config.http,
&config.cookies,
);
let views = views(
pool,
templates,
mailer,
encrypter,
&config.http,
&config.csrf,
&config.cookies,
);
let static_files = static_files(config.http.web_root.clone());

32
crates/handlers/src/oauth2/authorization.rs
View File

@ -20,7 +20,7 @@ use hyper::{
http::uri::{Parts, PathAndQuery, Uri},
StatusCode,
};
use mas_config::{CookiesConfig, OAuth2ClientConfig, OAuth2Config};
use mas_config::{ClientsConfig, Encrypter};
use mas_data_model::{
Authentication, AuthorizationCode, AuthorizationGrant, AuthorizationGrantStage, BrowserSession,
Pkce, StorageBackend, TokenType,
@ -215,33 +215,34 @@ fn resolve_response_mode(
pub fn filter(
pool: &PgPool,
templates: &Templates,
oauth2_config: &OAuth2Config,
cookies_config: &CookiesConfig,
encrypter: &Encrypter,
clients_config: &ClientsConfig,
) -> BoxedFilter<(Box<dyn Reply>,)> {
let clients = oauth2_config.clients.clone();
let clients_config = clients_config.clone();
let clients_config_2 = clients_config.clone();
let authorize = warp::path!("oauth2" / "authorize")
.and(warp::get())
.map(move || clients.clone())
.map(move || clients_config.clone())
.and(warp::query())
.and(optional_session(pool, cookies_config))
.and(optional_session(pool, encrypter))
.and(transaction(pool))
.and_then(get);
let step = warp::path!("oauth2" / "authorize" / "step")
.and(warp::get())
.and(warp::query())
.and(session(pool, cookies_config))
.and(session(pool, encrypter))
.and(transaction(pool))
.and_then(step);
let clients = oauth2_config.clients.clone();
authorize
.or(step)
.unify()
.recover(recover)
.unify()
.and(warp::query())
.and(warp::any().map(move || clients.clone()))
.and(warp::any().map(move || clients_config_2.clone()))
.and(with_templates(templates))
.and_then(actually_reply)
.boxed()
@ -258,7 +259,7 @@ async fn recover(rejection: Rejection) -> Result<ReplyOrBackToClient, Rejection>
async fn actually_reply(
rep: ReplyOrBackToClient,
q: PartialParams,
clients: Vec<OAuth2ClientConfig>,
clients: ClientsConfig,
templates: Templates,
) -> Result<Box<dyn Reply>, Rejection> {
let (redirect_uri, response_mode, state, params) = match rep {
@ -278,11 +279,8 @@ async fn actually_reply(
} = q;
// First, disover the client
let client = client_id.and_then(|client_id| {
clients
.into_iter()
.find(|client| client.client_id == client_id)
});
let client = client_id
.and_then(|client_id| clients.iter().find(|client| client.client_id == client_id));
let client = match client {
Some(client) => client,
@ -314,7 +312,7 @@ async fn actually_reply(
}
async fn get(
clients: Vec<OAuth2ClientConfig>,
clients: ClientsConfig,
params: Params,
maybe_session: Option<BrowserSession<PostgresqlBackend>>,
mut txn: Transaction<'_, Postgres>,
@ -337,7 +335,7 @@ async fn get(
// First, find out what client it is
let client = clients
.into_iter()
.iter()
.find(|client| client.client_id == params.auth.client_id)
.ok_or_else(|| anyhow::anyhow!("could not find client"))
.wrap_error()?;

8
crates/handlers/src/oauth2/introspection.rs
View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use mas_config::{HttpConfig, OAuth2ClientConfig, OAuth2Config};
use mas_config::{ClientConfig, ClientsConfig, HttpConfig};
use mas_data_model::TokenType;
use mas_iana::oauth::{OAuthClientAuthenticationMethod, OAuthTokenTypeHint};
use mas_storage::oauth2::{
@ -29,7 +29,7 @@ use warp::{filters::BoxedFilter, Filter, Rejection, Reply};
pub fn filter(
pool: &PgPool,
oauth2_config: &OAuth2Config,
clients_config: &ClientsConfig,
http_config: &HttpConfig,
) -> BoxedFilter<(Box<dyn Reply>,)> {
let audience = UrlBuilder::from(http_config)
@ -40,7 +40,7 @@ pub fn filter(
.and(
warp::post()
.and(connection(pool))
.and(client_authentication(oauth2_config, audience))
.and(client_authentication(clients_config, audience))
.and_then(introspect)
.recover(recover)
.unify(),
@ -66,7 +66,7 @@ const INACTIVE: IntrospectionResponse = IntrospectionResponse {
async fn introspect(
mut conn: PoolConnection<Postgres>,
auth: OAuthClientAuthenticationMethod,
client: OAuth2ClientConfig,
client: ClientConfig,
params: IntrospectionRequest,
) -> Result<Box<dyn Reply>, Rejection> {
// Token introspection is only allowed by confidential clients

14
crates/handlers/src/oauth2/mod.rs
View File

@ -15,7 +15,7 @@
use std::sync::Arc;
use hyper::Method;
use mas_config::{CookiesConfig, HttpConfig, OAuth2Config};
use mas_config::{ClientsConfig, Encrypter, HttpConfig};
use mas_jose::StaticKeystore;
use mas_templates::Templates;
use mas_warp_utils::filters::cors::cors;
@ -40,16 +40,16 @@ pub fn filter(
pool: &PgPool,
templates: &Templates,
key_store: &Arc<StaticKeystore>,
oauth2_config: &OAuth2Config,
encrypter: &Encrypter,
clients_config: &ClientsConfig,
http_config: &HttpConfig,
cookies_config: &CookiesConfig,
) -> BoxedFilter<(impl Reply,)> {
let discovery = discovery(key_store.as_ref(), http_config);
let keys = keys(key_store);
let authorization = authorization(pool, templates, oauth2_config, cookies_config);
let userinfo = userinfo(pool, oauth2_config);
let introspection = introspection(pool, oauth2_config, http_config);
let token = token(pool, key_store, oauth2_config, http_config);
let authorization = authorization(pool, templates, encrypter, clients_config);
let userinfo = userinfo(pool);
let introspection = introspection(pool, clients_config, http_config);
let token = token(pool, key_store, clients_config, http_config);
let filter = discovery
.or(keys)

12
crates/handlers/src/oauth2/token.rs
View File

@ -19,7 +19,7 @@ use chrono::{DateTime, Duration, Utc};
use data_encoding::BASE64URL_NOPAD;
use headers::{CacheControl, Pragma};
use hyper::StatusCode;
use mas_config::{HttpConfig, OAuth2ClientConfig, OAuth2Config};
use mas_config::{ClientConfig, ClientsConfig, HttpConfig};
use mas_data_model::{AuthorizationGrantStage, TokenType};
use mas_iana::{jose::JsonWebSignatureAlg, oauth::OAuthClientAuthenticationMethod};
use mas_jose::{
@ -98,7 +98,7 @@ where
pub fn filter(
pool: &PgPool,
key_store: &Arc<StaticKeystore>,
oauth2_config: &OAuth2Config,
clients_config: &ClientsConfig,
http_config: &HttpConfig,
) -> BoxedFilter<(Box<dyn Reply>,)> {
let key_store = key_store.clone();
@ -110,7 +110,7 @@ pub fn filter(
warp::path!("oauth2" / "token")
.and(
warp::post()
.and(client_authentication(oauth2_config, audience))
.and(client_authentication(clients_config, audience))
.and(warp::any().map(move || key_store.clone()))
.and(warp::any().map(move || issuer.clone()))
.and(connection(pool))
@ -131,7 +131,7 @@ async fn recover(rejection: Rejection) -> Result<Box<dyn Reply>, Rejection> {
async fn token(
_auth: OAuthClientAuthenticationMethod,
client: OAuth2ClientConfig,
client: ClientConfig,
req: AccessTokenRequest,
key_store: Arc<StaticKeystore>,
issuer: Url,
@ -171,7 +171,7 @@ fn hash<H: Digest>(mut hasher: H, token: &str) -> anyhow::Result<String> {
#[allow(clippy::too_many_lines)]
async fn authorization_code_grant(
grant: &AuthorizationCodeGrant,
client: &OAuth2ClientConfig,
client: &ClientConfig,
key_store: &StaticKeystore,
issuer: Url,
conn: &mut PoolConnection<Postgres>,
@ -328,7 +328,7 @@ async fn authorization_code_grant(
async fn refresh_token_grant(
grant: &RefreshTokenGrant,
client: &OAuth2ClientConfig,
client: &ClientConfig,
conn: &mut PoolConnection<Postgres>,
) -> Result<AccessTokenResponse, Rejection> {
let mut txn = conn.begin().await.wrap_error()?;

3
crates/handlers/src/oauth2/userinfo.rs
View File

@ -12,7 +12,6 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use mas_config::OAuth2Config;
use mas_data_model::{AccessToken, Session};
use mas_storage::PostgresqlBackend;
use mas_warp_utils::filters::authenticate::{authentication, recover_unauthorized};
@ -26,7 +25,7 @@ struct UserInfo {
username: String,
}
pub(super) fn filter(pool: &PgPool, _config: &OAuth2Config) -> BoxedFilter<(Box<dyn Reply>,)> {
pub(super) fn filter(pool: &PgPool) -> BoxedFilter<(Box<dyn Reply>,)> {
warp::path!("oauth2" / "userinfo")
.and(
warp::get()

18
crates/handlers/src/views/account/emails.rs
View File

@ -13,7 +13,7 @@
// limitations under the License.
use lettre::{message::Mailbox, Address};
use mas_config::{CookiesConfig, CsrfConfig, HttpConfig};
use mas_config::{CsrfConfig, Encrypter, HttpConfig};
use mas_data_model::{BrowserSession, User, UserEmail};
use mas_email::Mailer;
use mas_storage::{
@ -45,27 +45,27 @@ pub(super) fn filter(
pool: &PgPool,
templates: &Templates,
mailer: &Mailer,
encrypter: &Encrypter,
http_config: &HttpConfig,
csrf_config: &CsrfConfig,
cookies_config: &CookiesConfig,
) -> BoxedFilter<(Box<dyn Reply>,)> {
let mailer = mailer.clone();
let get = with_templates(templates)
.and(encrypted_cookie_saver(cookies_config))
.and(updated_csrf_token(cookies_config, csrf_config))
.and(session(pool, cookies_config))
.and(encrypted_cookie_saver(encrypter))
.and(updated_csrf_token(encrypter, csrf_config))
.and(session(pool, encrypter))
.and(connection(pool))
.and_then(get);
let post = with_templates(templates)
.and(warp::any().map(move || mailer.clone()))
.and(url_builder(http_config))
.and(encrypted_cookie_saver(cookies_config))
.and(updated_csrf_token(cookies_config, csrf_config))
.and(session(pool, cookies_config))
.and(encrypted_cookie_saver(encrypter))
.and(updated_csrf_token(encrypter, csrf_config))
.and(session(pool, encrypter))
.and(transaction(pool))
.and(protected_form(cookies_config))
.and(protected_form(encrypter))
.and_then(post);
let get = warp::get().and(get);

21
crates/handlers/src/views/account/mod.rs
View File

@ -15,7 +15,7 @@
mod emails;
mod password;
use mas_config::{CookiesConfig, CsrfConfig, HttpConfig};
use mas_config::{CsrfConfig, Encrypter, HttpConfig};
use mas_data_model::BrowserSession;
use mas_email::Mailer;
use mas_storage::{
@ -42,28 +42,21 @@ pub(super) fn filter(
pool: &PgPool,
templates: &Templates,
mailer: &Mailer,
encrypter: &Encrypter,
http_config: &HttpConfig,
csrf_config: &CsrfConfig,
cookies_config: &CookiesConfig,
) -> BoxedFilter<(Box<dyn Reply>,)> {
let get = warp::get()
.and(with_templates(templates))
.and(encrypted_cookie_saver(cookies_config))
.and(updated_csrf_token(cookies_config, csrf_config))
.and(session(pool, cookies_config))
.and(encrypted_cookie_saver(encrypter))
.and(updated_csrf_token(encrypter, csrf_config))
.and(session(pool, encrypter))
.and(connection(pool))
.and_then(get);
let index = warp::path::end().and(get);
let password = password(pool, templates, csrf_config, cookies_config);
let emails = emails(
pool,
templates,
mailer,
http_config,
csrf_config,
cookies_config,
);
let password = password(pool, templates, encrypter, csrf_config);
let emails = emails(pool, templates, mailer, encrypter, http_config, csrf_config);
let filter = index.or(password).unify().or(emails).unify();

18
crates/handlers/src/views/account/password.rs
View File

@ -13,7 +13,7 @@
// limitations under the License.
use argon2::Argon2;
use mas_config::{CookiesConfig, CsrfConfig};
use mas_config::{CsrfConfig, Encrypter};
use mas_data_model::BrowserSession;
use mas_storage::{
user::{authenticate_session, set_password},
@ -37,21 +37,21 @@ use warp::{filters::BoxedFilter, reply::html, Filter, Rejection, Reply};
pub(super) fn filter(
pool: &PgPool,
templates: &Templates,
encrypter: &Encrypter,
csrf_config: &CsrfConfig,
cookies_config: &CookiesConfig,
) -> BoxedFilter<(Box<dyn Reply>,)> {
let get = with_templates(templates)
.and(encrypted_cookie_saver(cookies_config))
.and(updated_csrf_token(cookies_config, csrf_config))
.and(session(pool, cookies_config))
.and(encrypted_cookie_saver(encrypter))
.and(updated_csrf_token(encrypter, csrf_config))
.and(session(pool, encrypter))
.and_then(get);
let post = with_templates(templates)
.and(encrypted_cookie_saver(cookies_config))
.and(updated_csrf_token(cookies_config, csrf_config))
.and(session(pool, cookies_config))
.and(encrypted_cookie_saver(encrypter))
.and(updated_csrf_token(encrypter, csrf_config))
.and(session(pool, encrypter))
.and(transaction(pool))
.and(protected_form(cookies_config))
.and(protected_form(encrypter))
.and_then(post);
let get = warp::get().and(get);

10
crates/handlers/src/views/index.rs
View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use mas_config::{CookiesConfig, CsrfConfig, HttpConfig};
use mas_config::{CsrfConfig, Encrypter, HttpConfig};
use mas_data_model::BrowserSession;
use mas_storage::PostgresqlBackend;
use mas_templates::{IndexContext, TemplateContext, Templates};
@ -29,17 +29,17 @@ use warp::{filters::BoxedFilter, reply::html, Filter, Rejection, Reply};
pub(super) fn filter(
pool: &PgPool,
templates: &Templates,
encrypter: &Encrypter,
http_config: &HttpConfig,
csrf_config: &CsrfConfig,
cookies_config: &CookiesConfig,
) -> BoxedFilter<(Box<dyn Reply>,)> {
warp::path::end()
.and(warp::get())
.and(url_builder(http_config))
.and(with_templates(templates))
.and(encrypted_cookie_saver(cookies_config))
.and(updated_csrf_token(cookies_config, csrf_config))
.and(optional_session(pool, cookies_config))
.and(encrypted_cookie_saver(encrypter))
.and(updated_csrf_token(encrypter, csrf_config))
.and(optional_session(pool, encrypter))
.and_then(get)
.boxed()
}

16
crates/handlers/src/views/login.rs
View File

@ -15,7 +15,7 @@
#![allow(clippy::trait_duplication_in_bounds)]
use hyper::http::uri::{Parts, PathAndQuery, Uri};
use mas_config::{CookiesConfig, CsrfConfig};
use mas_config::{CsrfConfig, Encrypter};
use mas_data_model::{errors::WrapFormError, BrowserSession};
use mas_storage::{user::login, PostgresqlBackend};
use mas_templates::{LoginContext, LoginFormField, TemplateContext, Templates};
@ -86,24 +86,24 @@ struct LoginForm {
pub(super) fn filter(
pool: &PgPool,
templates: &Templates,
encrypter: &Encrypter,
csrf_config: &CsrfConfig,
cookies_config: &CookiesConfig,
) -> BoxedFilter<(Box<dyn Reply>,)> {
let get = warp::get()
.and(with_templates(templates))
.and(connection(pool))
.and(encrypted_cookie_saver(cookies_config))
.and(updated_csrf_token(cookies_config, csrf_config))
.and(encrypted_cookie_saver(encrypter))
.and(updated_csrf_token(encrypter, csrf_config))
.and(warp::query())
.and(optional_session(pool, cookies_config))
.and(optional_session(pool, encrypter))
.and_then(get);
let post = warp::post()
.and(with_templates(templates))
.and(connection(pool))
.and(encrypted_cookie_saver(cookies_config))
.and(updated_csrf_token(cookies_config, csrf_config))
.and(protected_form(cookies_config))
.and(encrypted_cookie_saver(encrypter))
.and(updated_csrf_token(encrypter, csrf_config))
.and(protected_form(encrypter))
.and(warp::query())
.and_then(post);

11
crates/handlers/src/views/logout.rs
View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use mas_config::CookiesConfig;
use mas_config::Encrypter;
use mas_data_model::BrowserSession;
use mas_storage::{user::end_session, PostgresqlBackend};
use mas_warp_utils::{
@ -22,15 +22,12 @@ use mas_warp_utils::{
use sqlx::{PgPool, Postgres, Transaction};
use warp::{filters::BoxedFilter, hyper::Uri, Filter, Rejection, Reply};
pub(super) fn filter(
pool: &PgPool,
cookies_config: &CookiesConfig,
) -> BoxedFilter<(Box<dyn Reply>,)> {
pub(super) fn filter(pool: &PgPool, encrypter: &Encrypter) -> BoxedFilter<(Box<dyn Reply>,)> {
warp::path!("logout")
.and(warp::post())
.and(session(pool, cookies_config))
.and(session(pool, encrypter))
.and(transaction(pool))
.and(protected_form(cookies_config))
.and(protected_form(encrypter))
.and_then(post)
.boxed()
}

25
crates/handlers/src/views/mod.rs
View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use mas_config::{CookiesConfig, CsrfConfig, HttpConfig};
use mas_config::{CsrfConfig, Encrypter, HttpConfig};
use mas_email::Mailer;
use mas_templates::Templates;
use sqlx::PgPool;
@ -40,24 +40,17 @@ pub(super) fn filter(
pool: &PgPool,
templates: &Templates,
mailer: &Mailer,
encrypter: &Encrypter,
http_config: &HttpConfig,
csrf_config: &CsrfConfig,
cookies_config: &CookiesConfig,
) -> BoxedFilter<(Box<dyn Reply>,)> {
let index = index(pool, templates, http_config, csrf_config, cookies_config);
let account = account(
pool,
templates,
mailer,
http_config,
csrf_config,
cookies_config,
);
let login = login(pool, templates, csrf_config, cookies_config);
let register = register(pool, templates, csrf_config, cookies_config);
let logout = logout(pool, cookies_config);
let reauth = reauth(pool, templates, csrf_config, cookies_config);
let verify = verify(pool, templates, csrf_config, cookies_config);
let index = index(pool, templates, encrypter, http_config, csrf_config);
let account = account(pool, templates, mailer, encrypter, http_config, csrf_config);
let login = login(pool, templates, encrypter, csrf_config);
let register = register(pool, templates, encrypter, csrf_config);
let logout = logout(pool, encrypter);
let reauth = reauth(pool, templates, encrypter, csrf_config);
let verify = verify(pool, templates, encrypter, csrf_config);
index
.or(account)

14
crates/handlers/src/views/reauth.rs
View File

@ -13,7 +13,7 @@
// limitations under the License.
use hyper::http::uri::{Parts, PathAndQuery};
use mas_config::{CookiesConfig, CsrfConfig};
use mas_config::{CsrfConfig, Encrypter};
use mas_data_model::BrowserSession;
use mas_storage::{user::authenticate_session, PostgresqlBackend};
use mas_templates::{ReauthContext, TemplateContext, Templates};
@ -83,22 +83,22 @@ struct ReauthForm {
pub(super) fn filter(
pool: &PgPool,
templates: &Templates,
encrypter: &Encrypter,
csrf_config: &CsrfConfig,
cookies_config: &CookiesConfig,
) -> BoxedFilter<(Box<dyn Reply>,)> {
let get = warp::get()
.and(with_templates(templates))
.and(connection(pool))
.and(encrypted_cookie_saver(cookies_config))
.and(updated_csrf_token(cookies_config, csrf_config))
.and(session(pool, cookies_config))
.and(encrypted_cookie_saver(encrypter))
.and(updated_csrf_token(encrypter, csrf_config))
.and(session(pool, encrypter))
.and(warp::query())
.and_then(get);
let post = warp::post()
.and(session(pool, cookies_config))
.and(session(pool, encrypter))
.and(transaction(pool))
.and(protected_form(cookies_config))
.and(protected_form(encrypter))
.and(warp::query())
.and_then(post);

14
crates/handlers/src/views/register.rs
View File

@ -16,7 +16,7 @@
use argon2::Argon2;
use hyper::http::uri::{Parts, PathAndQuery, Uri};
use mas_config::{CookiesConfig, CsrfConfig};
use mas_config::{CsrfConfig, Encrypter};
use mas_data_model::BrowserSession;
use mas_storage::{
user::{register_user, start_session},
@ -92,22 +92,22 @@ struct RegisterForm {
pub(super) fn filter(
pool: &PgPool,
templates: &Templates,
encrypter: &Encrypter,
csrf_config: &CsrfConfig,
cookies_config: &CookiesConfig,
) -> BoxedFilter<(Box<dyn Reply>,)> {
let get = warp::get()
.and(with_templates(templates))
.and(connection(pool))
.and(encrypted_cookie_saver(cookies_config))
.and(updated_csrf_token(cookies_config, csrf_config))
.and(encrypted_cookie_saver(encrypter))
.and(updated_csrf_token(encrypter, csrf_config))
.and(warp::query())
.and(optional_session(pool, cookies_config))
.and(optional_session(pool, encrypter))
.and_then(get);
let post = warp::post()
.and(transaction(pool))
.and(encrypted_cookie_saver(cookies_config))
.and(protected_form(cookies_config))
.and(encrypted_cookie_saver(encrypter))
.and(protected_form(encrypter))
.and(warp::query())
.and_then(post);

10
crates/handlers/src/views/verify.rs
View File

@ -13,7 +13,7 @@
// limitations under the License.
use chrono::Duration;
use mas_config::{CookiesConfig, CsrfConfig};
use mas_config::{CsrfConfig, Encrypter};
use mas_data_model::BrowserSession;
use mas_storage::{
user::{
@ -39,15 +39,15 @@ use warp::{filters::BoxedFilter, reply::html, Filter, Rejection, Reply};
pub(super) fn filter(
pool: &PgPool,
templates: &Templates,
encrypter: &Encrypter,
csrf_config: &CsrfConfig,
cookies_config: &CookiesConfig,
) -> BoxedFilter<(Box<dyn Reply>,)> {
warp::path!("verify" / String)
.and(warp::get())
.and(with_templates(templates))
.and(encrypted_cookie_saver(cookies_config))
.and(updated_csrf_token(cookies_config, csrf_config))
.and(optional_session(pool, cookies_config))
.and(encrypted_cookie_saver(encrypter))
.and(updated_csrf_token(encrypter, csrf_config))
.and(optional_session(pool, encrypter))
.and(transaction(pool))
.and_then(get)
.boxed()