matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-29 22:01:14 +03:00
Code Activity

Upgrade axum to 0.6.0-rc.1

Browse Source
This commit is contained in:
Quentin Gliech
2022-09-05 12:15:51 +02:00
parent b15b2d0c21
commit fa47f6e150
37 changed files with 501 additions and 378 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
Cargo.lock generated
View File

@ -516,9 +516,9 @@ dependencies = [
[[package]]
name = "axum"
version = "0.5.15"
version = "0.6.0-rc.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9de18bc5f2e9df8f52da03856bf40e29b747de5a84e43aefff90e3dc4a21529b"
checksum = "d49958d54e0bab71947eb00a33175eb9164ccc0ea4c262d2139c5f8899a3616e"
dependencies = [
"async-trait",
"axum-core",
@ -548,9 +548,9 @@ dependencies = [
[[package]]
name = "axum-core"
version = "0.2.7"
version = "0.3.0-rc.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e4f44a0e6200e9d11a1cdc989e4b358f6e3d354fbf48478f345a17f4e43f8635"
checksum = "5e52ebadfce2f1e7fec9b2dd920952477ffeac9f07a5c492c0cbba2bb22cd294"
dependencies = [
"async-trait",
"bytes 1.2.1",
@ -562,9 +562,9 @@ dependencies = [
[[package]]
name = "axum-extra"
version = "0.3.7"
version = "0.4.0-rc.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "69034b3b0fd97923eee2ce8a47540edb21e07f48f87f67d44bb4271cec622bdb"
checksum = "090ae29ae83a40882fb99bce421d8dce4a819325a013bb301dad4cc4b74ab40c"
dependencies = [
"axum",
"bytes 1.2.1",
@ -2730,9 +2730,9 @@ checksum = "a3e378b66a060d48947b590737b30a1be76706c8dd7b8ba0f2fe3989c68a853f"
[[package]]
name = "matchit"
version = "0.5.0"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "73cbba799671b762df5a175adf59ce145165747bb891505c43d09aefbbf38beb"
checksum = "3dfc802da7b1cf80aefffa0c7b2f77247c8b32206cc83c270b61264f5b360a80"
[[package]]
name = "md-5"

4
crates/axum-utils/Cargo.toml
View File

@ -7,8 +7,8 @@ license = "Apache-2.0"
[dependencies]
async-trait = "0.1.57"
axum = { version = "0.5.15", features = ["headers"] }
axum-extra = { version = "0.3.7", features = ["cookie-private"] }
axum = { version = "0.6.0-rc.1", features = ["headers"] }
axum-extra = { version = "0.4.0-rc.1", features = ["cookie-private"] }
bincode = "1.3.3"
chrono = "0.4.22"
data-encoding = "2.3.2"

82
crates/axum-utils/src/client_authorization.rs
View File

@ -19,13 +19,13 @@ use axum::{
body::HttpBody,
extract::{
rejection::{FailedToDeserializeQueryString, FormRejection, TypedHeaderRejectionReason},
Form, FromRequest, RequestParts, TypedHeader,
Form, FromRequest, FromRequestParts, TypedHeader,
},
response::IntoResponse,
BoxError,
};
use headers::{authorization::Basic, Authorization};
use http::StatusCode;
use http::{Request, StatusCode};
use mas_data_model::{Client, JwksOrJwksUri, StorageBackend};
use mas_http::HttpServiceExt;
use mas_iana::oauth::OAuthClientAuthenticationMethod;
@ -234,18 +234,23 @@ impl IntoResponse for ClientAuthorizationError {
}
#[async_trait]
impl<B, F> FromRequest<B> for ClientAuthorization<F>
impl<S, B, F> FromRequest<S, B> for ClientAuthorization<F>
where
B: Send + HttpBody,
B::Data: Send,
B::Error: std::error::Error + Send + Sync + 'static,
F: DeserializeOwned,
B: HttpBody + Send + 'static,
B::Data: Send,
B::Error: Into<BoxError>,
S: Send + Sync,
{
type Rejection = ClientAuthorizationError;
#[allow(clippy::too_many_lines)]
async fn from_request(req: &mut RequestParts<B>) -> Result<Self, Self::Rejection> {
let header = TypedHeader::<Authorization<Basic>>::from_request(req).await;
async fn from_request(req: Request<B>, state: &S) -> Result<Self, Self::Rejection> {
// Split the request into parts so we can extract some headers
let (mut parts, body) = req.into_parts();
let header =
TypedHeader::<Authorization<Basic>>::from_request_parts(&mut parts, state).await;
// Take the Authorization header
let credentials_from_header = match header {
@ -258,6 +263,9 @@ where
},
};
// Reconstruct the request from the parts
let req = Request::from_parts(parts, body);
// Take the form value
let (
client_id_from_form,
@ -265,7 +273,7 @@ where
client_assertion_type,
client_assertion,
form,
) = match Form::<AuthorizedForm<F>>::from_request(req).await {
) = match Form::<AuthorizedForm<F>>::from_request(req, state).await {
Ok(Form(form)) => (
form.client_id,
form.client_secret,
@ -385,19 +393,17 @@ mod tests {
#[tokio::test]
async fn none_test() {
let mut req = RequestParts::new(
Request::builder()
let req = Request::builder()
.method(Method::POST)
.header(
http::header::CONTENT_TYPE,
mime::APPLICATION_WWW_FORM_URLENCODED.as_ref(),
)
.body(Full::<Bytes>::new("client_id=client-id&foo=bar".into()))
.unwrap(),
);
.unwrap();
assert_eq!(
ClientAuthorization::<serde_json::Value>::from_request(&mut req)
ClientAuthorization::<serde_json::Value>::from_request(req, &())
.await
.unwrap(),
ClientAuthorization {
@ -411,8 +417,7 @@ mod tests {
#[tokio::test]
async fn client_secret_basic_test() {
let mut req = RequestParts::new(
Request::builder()
let req = Request::builder()
.method(Method::POST)
.header(
http::header::CONTENT_TYPE,
@ -423,11 +428,10 @@ mod tests {
"Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=",
)
.body(Full::<Bytes>::new("foo=bar".into()))
.unwrap(),
);
.unwrap();
assert_eq!(
ClientAuthorization::<serde_json::Value>::from_request(&mut req)
ClientAuthorization::<serde_json::Value>::from_request(req, &())
.await
.unwrap(),
ClientAuthorization {
@ -440,8 +444,7 @@ mod tests {
);
// client_id in both header and body
let mut req = RequestParts::new(
Request::builder()
let req = Request::builder()
.method(Method::POST)
.header(
http::header::CONTENT_TYPE,
@ -452,11 +455,10 @@ mod tests {
"Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=",
)
.body(Full::<Bytes>::new("client_id=client-id&foo=bar".into()))
.unwrap(),
);
.unwrap();
assert_eq!(
ClientAuthorization::<serde_json::Value>::from_request(&mut req)
ClientAuthorization::<serde_json::Value>::from_request(req, &())
.await
.unwrap(),
ClientAuthorization {
@ -469,8 +471,7 @@ mod tests {
);
// client_id in both header and body mismatch
let mut req = RequestParts::new(
Request::builder()
let req = Request::builder()
.method(Method::POST)
.header(
http::header::CONTENT_TYPE,
@ -481,17 +482,15 @@ mod tests {
"Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=",
)
.body(Full::<Bytes>::new("client_id=mismatch-id&foo=bar".into()))
.unwrap(),
);
.unwrap();
assert!(matches!(
ClientAuthorization::<serde_json::Value>::from_request(&mut req).await,
ClientAuthorization::<serde_json::Value>::from_request(req, &()).await,
Err(ClientAuthorizationError::ClientIdMismatch { .. }),
));
// Invalid header
let mut req = RequestParts::new(
Request::builder()
let req = Request::builder()
.method(Method::POST)
.header(
http::header::CONTENT_TYPE,
@ -499,19 +498,17 @@ mod tests {
)
.header(http::header::AUTHORIZATION, "Basic invalid")
.body(Full::<Bytes>::new("foo=bar".into()))
.unwrap(),
);
.unwrap();
assert!(matches!(
ClientAuthorization::<serde_json::Value>::from_request(&mut req).await,
ClientAuthorization::<serde_json::Value>::from_request(req, &()).await,
Err(ClientAuthorizationError::InvalidHeader),
));
}
#[tokio::test]
async fn client_secret_post_test() {
let mut req = RequestParts::new(
Request::builder()
let req = Request::builder()
.method(Method::POST)
.header(
http::header::CONTENT_TYPE,
@ -520,11 +517,10 @@ mod tests {
.body(Full::<Bytes>::new(
"client_id=client-id&client_secret=client-secret&foo=bar".into(),
))
.unwrap(),
);
.unwrap();
assert_eq!(
ClientAuthorization::<serde_json::Value>::from_request(&mut req)
ClientAuthorization::<serde_json::Value>::from_request(req, &())
.await
.unwrap(),
ClientAuthorization {
@ -546,18 +542,16 @@ mod tests {
JWT_BEARER_CLIENT_ASSERTION, jwt,
));
let mut req = RequestParts::new(
Request::builder()
let req = Request::builder()
.method(Method::POST)
.header(
http::header::CONTENT_TYPE,
mime::APPLICATION_WWW_FORM_URLENCODED.as_ref(),
)
.body(Full::new(body))
.unwrap(),
);
.unwrap();
let authz = ClientAuthorization::<serde_json::Value>::from_request(&mut req)
let authz = ClientAuthorization::<serde_json::Value>::from_request(req, &())
.await
.unwrap();
assert_eq!(authz.form, Some(serde_json::json!({"foo": "bar"})));

27
crates/axum-utils/src/user_authorization.rs
View File

@ -19,12 +19,13 @@ use axum::{
body::HttpBody,
extract::{
rejection::{FailedToDeserializeQueryString, FormRejection, TypedHeaderRejectionReason},
Form, FromRequest, TypedHeader,
Form, FromRequest, FromRequestParts, TypedHeader,
},
response::{IntoResponse, Response},
BoxError,
};
use headers::{authorization::Bearer, Authorization, Header, HeaderMapExt, HeaderName};
use http::{header::WWW_AUTHENTICATE, HeaderMap, HeaderValue, StatusCode};
use http::{header::WWW_AUTHENTICATE, HeaderMap, HeaderValue, Request, StatusCode};
use mas_data_model::Session;
use mas_storage::{
oauth2::access_token::{lookup_active_access_token, AccessTokenLookupError},
@ -275,19 +276,20 @@ impl IntoResponse for AuthorizationVerificationError {
}
#[async_trait]
impl<B, F> FromRequest<B> for UserAuthorization<F>
impl<S, B, F> FromRequest<S, B> for UserAuthorization<F>
where
B: Send + HttpBody,
B::Data: Send,
B::Error: Error + Send + Sync + 'static,
F: DeserializeOwned,
B: HttpBody + Send + 'static,
B::Data: Send,
B::Error: Into<BoxError>,
S: Send + Sync,
{
type Rejection = UserAuthorizationError;
async fn from_request(
req: &mut axum::extract::RequestParts<B>,
) -> Result<Self, Self::Rejection> {
let header = TypedHeader::<Authorization<Bearer>>::from_request(req).await;
async fn from_request(req: Request<B>, state: &S) -> Result<Self, Self::Rejection> {
let (mut parts, body) = req.into_parts();
let header =
TypedHeader::<Authorization<Bearer>>::from_request_parts(&mut parts, state).await;
// Take the Authorization header
let token_from_header = match header {
@ -300,8 +302,11 @@ where
},
};
let req = Request::from_parts(parts, body);
// Take the form value
let (token_from_form, form) = match Form::<AuthorizedForm<F>>::from_request(req).await {
let (token_from_form, form) =
match Form::<AuthorizedForm<F>>::from_request(req, state).await {
Ok(Form(form)) => (form.access_token, Some(form.inner)),
// If it is not a form, continue
Err(FormRejection::InvalidFormContentType(_err)) => (None, None),

28
crates/cli/src/commands/server.rs
View File

@ -24,7 +24,7 @@ use futures::stream::{StreamExt, TryStreamExt};
use hyper::Server;
use mas_config::RootConfig;
use mas_email::Mailer;
use mas_handlers::MatrixHomeserver;
use mas_handlers::{AppState, MatrixHomeserver};
use mas_http::ServerLayer;
use mas_policy::PolicyFactory;
use mas_router::UrlBuilder;
@ -174,8 +174,6 @@ impl Options {
.key_store()
.await
.context("could not import keys from config")?;
// Wrap the key store in an Arc
let key_store = Arc::new(key_store);
let encrypter = config.secrets.encrypter();
@ -236,17 +234,19 @@ impl Options {
.context("could not watch for templates changes")?;
}
let router = mas_handlers::router(
&pool,
&templates,
&key_store,
&encrypter,
&mailer,
&url_builder,
&homeserver,
&policy_factory,
)
.fallback(static_files)
let state = AppState {
pool,
templates,
key_store,
encrypter,
url_builder,
mailer,
homeserver,
policy_factory,
};
let router = mas_handlers::router(state)
.fallback_service(static_files)
.layer(ServerLayer::default());
info!("Listening on http://{}", listener.local_addr().unwrap());

4
crates/handlers/Cargo.toml
View File

@ -20,9 +20,9 @@ anyhow = "1.0.64"
hyper = { version = "0.14.20", features = ["full"] }
tower = "0.4.13"
tower-http = { version = "0.3.4", features = ["cors"] }
axum = "0.5.15"
axum = "0.6.0-rc.1"
axum-macros = "0.2.3"
axum-extra = { version = "0.3.7", features = ["cookie-private"] }
axum-extra = { version = "0.4.0-rc.1", features = ["cookie-private"] }
# Emails
lettre = { version = "0.10.1", default-features = false, features = ["builder"] }

85
crates/handlers/src/app_state.rs Normal file
View File

@ -0,0 +1,85 @@
// Copyright 2022 The Matrix.org Foundation C.I.C.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
use std::sync::Arc;
use axum::extract::FromRef;
use mas_email::Mailer;
use mas_keystore::{Encrypter, Keystore};
use mas_policy::PolicyFactory;
use mas_router::UrlBuilder;
use mas_templates::Templates;
use sqlx::PgPool;
use crate::MatrixHomeserver;
#[derive(Clone)]
pub struct AppState {
pub pool: PgPool,
pub templates: Templates,
pub key_store: Keystore,
pub encrypter: Encrypter,
pub url_builder: UrlBuilder,
pub mailer: Mailer,
pub homeserver: MatrixHomeserver,
pub policy_factory: Arc<PolicyFactory>,
}
impl FromRef<AppState> for PgPool {
fn from_ref(input: &AppState) -> Self {
input.pool.clone()
}
}
impl FromRef<AppState> for Templates {
fn from_ref(input: &AppState) -> Self {
input.templates.clone()
}
}
impl FromRef<AppState> for Keystore {
fn from_ref(input: &AppState) -> Self {
input.key_store.clone()
}
}
impl FromRef<AppState> for Encrypter {
fn from_ref(input: &AppState) -> Self {
input.encrypter.clone()
}
}
impl FromRef<AppState> for UrlBuilder {
fn from_ref(input: &AppState) -> Self {
input.url_builder.clone()
}
}
impl FromRef<AppState> for Mailer {
fn from_ref(input: &AppState) -> Self {
input.mailer.clone()
}
}
impl FromRef<AppState> for MatrixHomeserver {
fn from_ref(input: &AppState) -> Self {
input.homeserver.clone()
}
}
impl FromRef<AppState> for Arc<PolicyFactory> {
fn from_ref(input: &AppState) -> Self {
input.policy_factory.clone()
}
}

6
crates/handlers/src/compat/login.rs
View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use axum::{response::IntoResponse, Extension, Json};
use axum::{extract::State, response::IntoResponse, Json};
use chrono::{Duration, Utc};
use hyper::StatusCode;
use mas_data_model::{CompatSession, CompatSsoLoginState, Device, TokenType};
@ -197,8 +197,8 @@ impl IntoResponse for RouteError {
#[tracing::instrument(skip_all, err)]
pub(crate) async fn post(
Extension(pool): Extension<PgPool>,
Extension(homeserver): Extension<MatrixHomeserver>,
State(pool): State<PgPool>,
State(homeserver): State<MatrixHomeserver>,
Json(input): Json<RequestBody>,
) -> Result<impl IntoResponse, RouteError> {
let mut txn = pool.begin().await?;

13
crates/handlers/src/compat/login_sso_complete.rs
View File

@ -16,9 +16,8 @@
use std::collections::HashMap;
use axum::{
extract::{Form, Path, Query},
extract::{Form, Path, Query, State},
response::{Html, IntoResponse, Redirect, Response},
Extension,
};
use axum_extra::extract::PrivateCookieJar;
use chrono::{Duration, Utc};
@ -50,8 +49,8 @@ pub struct Params {
}
pub async fn get(
Extension(pool): Extension<PgPool>,
Extension(templates): Extension<Templates>,
State(pool): State<PgPool>,
State(templates): State<Templates>,
cookie_jar: PrivateCookieJar<Encrypter>,
Path(id): Path<i64>,
Query(params): Query<Params>,
@ -114,12 +113,12 @@ pub async fn get(
}
pub async fn post(
Extension(pool): Extension<PgPool>,
Extension(templates): Extension<Templates>,
State(pool): State<PgPool>,
State(templates): State<Templates>,
cookie_jar: PrivateCookieJar<Encrypter>,
Path(id): Path<i64>,
Form(form): Form<ProtectedForm<()>>,
Query(params): Query<Params>,
Form(form): Form<ProtectedForm<()>>,
) -> Result<Response, FancyError> {
let mut txn = pool.begin().await?;

9
crates/handlers/src/compat/login_sso_redirect.rs
View File

@ -13,7 +13,10 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use axum::{extract::Query, response::IntoResponse, Extension};
use axum::{
extract::{Query, State},
response::IntoResponse,
};
use hyper::StatusCode;
use mas_router::{CompatLoginSsoAction, CompatLoginSsoComplete, UrlBuilder};
use mas_storage::compat::insert_compat_sso_login;
@ -63,8 +66,8 @@ impl IntoResponse for RouteError {
#[tracing::instrument(skip(pool, url_builder), err)]
pub async fn get(
Extension(pool): Extension<PgPool>,
Extension(url_builder): Extension<UrlBuilder>,
State(pool): State<PgPool>,
State(url_builder): State<UrlBuilder>,
Query(params): Query<Params>,
) -> Result<impl IntoResponse, RouteError> {
// Check the redirectUrl parameter

4
crates/handlers/src/compat/logout.rs
View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use axum::{response::IntoResponse, Extension, Json, TypedHeader};
use axum::{extract::State, response::IntoResponse, Json, TypedHeader};
use headers::{authorization::Bearer, Authorization};
use hyper::StatusCode;
use mas_data_model::{TokenFormatError, TokenType};
@ -64,7 +64,7 @@ impl From<TokenFormatError> for RouteError {
}
pub(crate) async fn post(
Extension(pool): Extension<PgPool>,
State(pool): State<PgPool>,
maybe_authorization: Option<TypedHeader<Authorization<Bearer>>>,
) -> Result<impl IntoResponse, RouteError> {
let mut conn = pool.acquire().await?;

4
crates/handlers/src/compat/refresh.rs
View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use axum::{response::IntoResponse, Extension, Json};
use axum::{extract::State, response::IntoResponse, Json};
use chrono::Duration;
use hyper::StatusCode;
use mas_data_model::{TokenFormatError, TokenType};
@ -96,7 +96,7 @@ pub struct ResponseBody {
}
pub(crate) async fn post(
Extension(pool): Extension<PgPool>,
State(pool): State<PgPool>,
Json(input): Json<RequestBody>,
) -> Result<impl IntoResponse, RouteError> {
let mut txn = pool.begin().await?;

8
crates/handlers/src/health.rs
View File

@ -12,12 +12,12 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use axum::{extract::Extension, response::IntoResponse};
use axum::{extract::State, response::IntoResponse};
use mas_axum_utils::FancyError;
use sqlx::PgPool;
use tracing::{info_span, Instrument};
pub async fn get(Extension(pool): Extension<PgPool>) -> Result<impl IntoResponse, FancyError> {
pub async fn get(State(pool): State<PgPool>) -> Result<impl IntoResponse, FancyError> {
let mut conn = pool.acquire().await?;
sqlx::query("SELECT $1")
@ -38,7 +38,9 @@ mod tests {
#[sqlx::test(migrator = "mas_storage::MIGRATOR")]
async fn test_get_health(pool: PgPool) -> Result<(), anyhow::Error> {
let app = crate::test_router(&pool).await?;
let state = crate::test_state(pool).await?;
let app = crate::api_router(state);
let request = Request::builder().uri("/health").body(Body::empty())?;
let response = app.oneshot(request).await?;

142
crates/handlers/src/lib.rs
View File

@ -23,7 +23,7 @@ use std::{convert::Infallible, sync::Arc, time::Duration};
use axum::{
body::HttpBody,
extract::Extension,
extract::FromRef,
response::{Html, IntoResponse},
routing::{get, on, post, MethodFilter},
Router,
@ -37,9 +37,10 @@ use mas_policy::PolicyFactory;
use mas_router::{Route, UrlBuilder};
use mas_templates::{ErrorContext, Templates};
use sqlx::PgPool;
use tower::util::ThenLayer;
use tower::util::AndThenLayer;
use tower_http::cors::{Any, CorsLayer};
mod app_state;
mod compat;
mod health;
mod oauth2;
@ -47,30 +48,24 @@ mod views;
pub use compat::MatrixHomeserver;
pub use self::app_state::AppState;
#[must_use]
#[allow(
clippy::too_many_lines,
clippy::missing_panics_doc,
clippy::too_many_arguments,
clippy::trait_duplication_in_bounds
)]
pub fn router<B>(
pool: &PgPool,
templates: &Templates,
key_store: &Keystore,
encrypter: &Encrypter,
mailer: &Mailer,
url_builder: &UrlBuilder,
homeserver: &MatrixHomeserver,
policy_factory: &Arc<PolicyFactory>,
) -> Router<B>
#[allow(clippy::trait_duplication_in_bounds)]
pub fn api_router<S, B>(state: Arc<S>) -> Router<S, B>
where
B: HttpBody + Send + 'static,
<B as HttpBody>::Data: Send,
<B as HttpBody>::Error: std::error::Error + Send + Sync,
S: Send + Sync + 'static,
Keystore: FromRef<S>,
UrlBuilder: FromRef<S>,
Arc<PolicyFactory>: FromRef<S>,
PgPool: FromRef<S>,
Encrypter: FromRef<S>,
{
// All those routes are API-like, with a common CORS layer
let api_router = Router::new()
Router::with_state_arc(state)
.route(
mas_router::ChangePasswordDiscovery::route(),
get(|| async { mas_router::AccountPassword.go() }),
@ -118,9 +113,21 @@ where
CONTENT_TYPE,
])
.max_age(Duration::from_secs(60 * 60)),
);
let compat_router = Router::new()
)
}
#[must_use]
#[allow(clippy::trait_duplication_in_bounds)]
pub fn compat_router<S, B>(state: Arc<S>) -> Router<S, B>
where
B: HttpBody + Send + 'static,
<B as HttpBody>::Data: Send,
<B as HttpBody>::Error: std::error::Error + Send + Sync,
S: Send + Sync + 'static,
UrlBuilder: FromRef<S>,
PgPool: FromRef<S>,
MatrixHomeserver: FromRef<S>,
{
Router::with_state_arc(state)
.route(
mas_router::CompatLogin::route(),
get(self::compat::login::get).post(self::compat::login::post),
@ -146,11 +153,26 @@ where
HeaderName::from_static("x-requested-with"),
])
.max_age(Duration::from_secs(60 * 60)),
);
)
}
let human_router = {
let templates = templates.clone();
Router::new()
#[must_use]
#[allow(clippy::trait_duplication_in_bounds)]
pub fn human_router<S, B>(state: Arc<S>) -> Router<S, B>
where
B: HttpBody + Send + 'static,
<B as HttpBody>::Data: Send,
<B as HttpBody>::Error: std::error::Error + Send + Sync,
S: Send + Sync + 'static,
UrlBuilder: FromRef<S>,
Arc<PolicyFactory>: FromRef<S>,
PgPool: FromRef<S>,
Encrypter: FromRef<S>,
Templates: FromRef<S>,
Mailer: FromRef<S>,
{
let templates = Templates::from_ref(&state);
Router::with_state_arc(state)
.route(mas_router::Index::route(), get(self::views::index::get))
.route(mas_router::Healthcheck::route(), get(self::health::get))
.route(
@ -207,13 +229,10 @@ where
)
.route(
mas_router::CompatLoginSsoComplete::route(),
get(self::compat::login_sso_complete::get)
.post(self::compat::login_sso_complete::post),
get(self::compat::login_sso_complete::get).post(self::compat::login_sso_complete::post),
)
.layer(ThenLayer::new(
move |result: Result<axum::response::Response, Infallible>| async move {
let response = result.unwrap();
.layer(AndThenLayer::new(
move |response: axum::response::Response| async move {
if response.status().is_server_error() {
// Error responses should have an ErrorContext attached to them
let ext = response.extensions().get::<ErrorContext>();
@ -226,26 +245,39 @@ where
}
}
Ok(response)
Ok::<_, Infallible>(response)
},
))
};
}
human_router
.merge(api_router)
.merge(compat_router)
.layer(Extension(pool.clone()))
.layer(Extension(templates.clone()))
.layer(Extension(key_store.clone()))
.layer(Extension(encrypter.clone()))
.layer(Extension(url_builder.clone()))
.layer(Extension(mailer.clone()))
.layer(Extension(homeserver.clone()))
.layer(Extension(policy_factory.clone()))
#[must_use]
#[allow(clippy::trait_duplication_in_bounds)]
pub fn router<S, B>(state: S) -> Router<S, B>
where
B: HttpBody + Send + 'static,
<B as HttpBody>::Data: Send,
<B as HttpBody>::Error: std::error::Error + Send + Sync,
S: Send + Sync + 'static,
Keystore: FromRef<S>,
UrlBuilder: FromRef<S>,
Arc<PolicyFactory>: FromRef<S>,
PgPool: FromRef<S>,
Encrypter: FromRef<S>,
Templates: FromRef<S>,
Mailer: FromRef<S>,
MatrixHomeserver: FromRef<S>,
{
let state = Arc::new(state);
let api_router = api_router(state.clone());
let compat_router = compat_router(state.clone());
let human_router = human_router(state);
human_router.merge(api_router).merge(compat_router)
}
#[cfg(test)]
async fn test_router(pool: &PgPool) -> Result<Router, anyhow::Error> {
async fn test_state(pool: PgPool) -> Result<Arc<AppState>, anyhow::Error> {
use mas_email::MailTransport;
let templates = Templates::load(None, true).await?;
@ -265,14 +297,14 @@ async fn test_router(pool: &PgPool) -> Result<Router, anyhow::Error> {
let policy_factory = PolicyFactory::load_default(serde_json::json!({})).await?;
let policy_factory = Arc::new(policy_factory);
Ok(router(
Ok(Arc::new(AppState {
pool,
&templates,
&key_store,
&encrypter,
&mailer,
&url_builder,
&homeserver,
&policy_factory,
))
templates,
key_store,
encrypter,
url_builder,
mailer,
homeserver,
policy_factory,
}))
}

9
crates/handlers/src/oauth2/authorization/complete.rs
View File

@ -16,9 +16,8 @@ use std::sync::Arc;
use anyhow::anyhow;
use axum::{
extract::Path,
extract::{Path, State},
response::{IntoResponse, Response},
Extension,
};
use axum_extra::extract::PrivateCookieJar;
use hyper::StatusCode;
@ -104,9 +103,9 @@ impl From<CallbackDestinationError> for RouteError {
}
pub(crate) async fn get(
Extension(policy_factory): Extension<Arc<PolicyFactory>>,
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
State(policy_factory): State<Arc<PolicyFactory>>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
cookie_jar: PrivateCookieJar<Encrypter>,
Path(grant_id): Path<i64>,
) -> Result<Response, RouteError> {

8
crates/handlers/src/oauth2/authorization/mod.rs
View File

@ -16,7 +16,7 @@ use std::sync::Arc;
use anyhow::{anyhow, Context};
use axum::{
extract::{Extension, Form},
extract::{Form, State},
response::{IntoResponse, Response},
};
use axum_extra::extract::PrivateCookieJar;
@ -156,9 +156,9 @@ fn resolve_response_mode(
#[allow(clippy::too_many_lines)]
pub(crate) async fn get(
Extension(policy_factory): Extension<Arc<PolicyFactory>>,
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
State(policy_factory): State<Arc<PolicyFactory>>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
cookie_jar: PrivateCookieJar<Encrypter>,
Form(params): Form<Params>,
) -> Result<Response, RouteError> {

12
crates/handlers/src/oauth2/consent.rs
View File

@ -16,7 +16,7 @@ use std::sync::Arc;
use anyhow::Context;
use axum::{
extract::{Extension, Form, Path},
extract::{Form, Path, State},
response::{Html, IntoResponse, Response},
};
use axum_extra::extract::PrivateCookieJar;
@ -50,9 +50,9 @@ impl IntoResponse for RouteError {
}
pub(crate) async fn get(
Extension(policy_factory): Extension<Arc<PolicyFactory>>,
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
State(policy_factory): State<Arc<PolicyFactory>>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
cookie_jar: PrivateCookieJar<Encrypter>,
Path(grant_id): Path<i64>,
) -> Result<Response, RouteError> {
@ -112,8 +112,8 @@ pub(crate) async fn get(
}
pub(crate) async fn post(
Extension(policy_factory): Extension<Arc<PolicyFactory>>,
Extension(pool): Extension<PgPool>,
State(policy_factory): State<Arc<PolicyFactory>>,
State(pool): State<PgPool>,
cookie_jar: PrivateCookieJar<Encrypter>,
Path(grant_id): Path<i64>,
Form(form): Form<ProtectedForm<()>>,

6
crates/handlers/src/oauth2/discovery.rs
View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use axum::{extract::Extension, response::IntoResponse, Json};
use axum::{extract::State, response::IntoResponse, Json};
use mas_iana::{
jose::JsonWebSignatureAlg,
oauth::{
@ -30,8 +30,8 @@ use oauth2_types::{
#[allow(clippy::too_many_lines)]
pub(crate) async fn get(
Extension(key_store): Extension<Keystore>,
Extension(url_builder): Extension<UrlBuilder>,
State(key_store): State<Keystore>,
State(url_builder): State<UrlBuilder>,
) -> impl IntoResponse {
// This is how clients can authenticate
let client_auth_methods_supported = Some(vec![

6
crates/handlers/src/oauth2/introspection.rs
View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use axum::{extract::Extension, response::IntoResponse, Json};
use axum::{extract::State, response::IntoResponse, Json};
use hyper::StatusCode;
use mas_axum_utils::client_authorization::{ClientAuthorization, CredentialsVerificationError};
use mas_data_model::{TokenFormatError, TokenType};
@ -154,8 +154,8 @@ const INACTIVE: IntrospectionResponse = IntrospectionResponse {
#[tracing::instrument(skip_all, err)]
pub(crate) async fn post(
Extension(pool): Extension<PgPool>,
Extension(encrypter): Extension<Encrypter>,
State(pool): State<PgPool>,
State(encrypter): State<Encrypter>,
client_authorization: ClientAuthorization<IntrospectionRequest>,
) -> Result<impl IntoResponse, RouteError> {
let mut conn = pool.acquire().await?;

4
crates/handlers/src/oauth2/keys.rs
View File

@ -12,10 +12,10 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use axum::{extract::Extension, response::IntoResponse, Json};
use axum::{extract::State, response::IntoResponse, Json};
use mas_keystore::Keystore;
pub(crate) async fn get(Extension(key_store): Extension<Keystore>) -> impl IntoResponse {
pub(crate) async fn get(State(key_store): State<Keystore>) -> impl IntoResponse {
let jwks = key_store.public_jwks();
Json(jwks)
}

6
crates/handlers/src/oauth2/registration.rs
View File

@ -14,7 +14,7 @@
use std::sync::Arc;
use axum::{response::IntoResponse, Extension, Json};
use axum::{extract::State, response::IntoResponse, Json};
use hyper::StatusCode;
use mas_policy::{PolicyFactory, Violation};
use mas_storage::oauth2::client::insert_client;
@ -105,8 +105,8 @@ impl IntoResponse for RouteError {
#[tracing::instrument(skip_all, err)]
pub(crate) async fn post(
Extension(pool): Extension<PgPool>,
Extension(policy_factory): Extension<Arc<PolicyFactory>>,
State(pool): State<PgPool>,
State(policy_factory): State<Arc<PolicyFactory>>,
Json(body): Json<ClientMetadata>,
) -> Result<impl IntoResponse, RouteError> {
info!(?body, "Client registration");

10
crates/handlers/src/oauth2/token.rs
View File

@ -15,7 +15,7 @@
use std::collections::HashMap;
use anyhow::Context;
use axum::{extract::Extension, response::IntoResponse, Json};
use axum::{extract::State, response::IntoResponse, Json};
use chrono::{DateTime, Duration, Utc};
use data_encoding::BASE64URL_NOPAD;
use headers::{CacheControl, HeaderMap, HeaderMapExt, Pragma};
@ -188,11 +188,11 @@ impl From<JwtSignatureError> for RouteError {
#[tracing::instrument(skip_all, err)]
pub(crate) async fn post(
State(key_store): State<Keystore>,
State(url_builder): State<UrlBuilder>,
State(pool): State<PgPool>,
State(encrypter): State<Encrypter>,
client_authorization: ClientAuthorization<AccessTokenRequest>,
Extension(key_store): Extension<Keystore>,
Extension(url_builder): Extension<UrlBuilder>,
Extension(pool): Extension<PgPool>,
Extension(encrypter): Extension<Encrypter>,
) -> Result<impl IntoResponse, RouteError> {
let mut txn = pool.begin().await?;

8
crates/handlers/src/oauth2/userinfo.rs
View File

@ -14,7 +14,7 @@
use anyhow::Context;
use axum::{
extract::Extension,
extract::State,
response::{IntoResponse, Response},
Json,
};
@ -48,9 +48,9 @@ struct SignedUserInfo {
}
pub async fn get(
Extension(url_builder): Extension<UrlBuilder>,
Extension(pool): Extension<PgPool>,
Extension(key_store): Extension<Keystore>,
State(url_builder): State<UrlBuilder>,
State(pool): State<PgPool>,
State(key_store): State<Keystore>,
user_authorization: UserAuthorization,
) -> Result<Response, FancyError> {
// TODO: error handling

8
crates/handlers/src/oauth2/webfinger.rs
View File

@ -12,7 +12,11 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use axum::{extract::Query, response::IntoResponse, Extension, Json, TypedHeader};
use axum::{
extract::{Query, State},
response::IntoResponse,
Json, TypedHeader,
};
use headers::ContentType;
use mas_router::UrlBuilder;
use oauth2_types::webfinger::WebFingerResponse;
@ -33,7 +37,7 @@ fn jrd() -> mime::Mime {
pub(crate) async fn get(
Query(params): Query<Params>,
Extension(url_builder): Extension<UrlBuilder>,
State(url_builder): State<UrlBuilder>,
) -> impl IntoResponse {
// TODO: should we validate the subject?
let subject = params.resource;

10
crates/handlers/src/views/account/emails/add.rs
View File

@ -13,7 +13,7 @@
// limitations under the License.
use axum::{
extract::{Extension, Form, Query},
extract::{Form, Query, State},
response::{Html, IntoResponse, Response},
};
use axum_extra::extract::PrivateCookieJar;
@ -38,8 +38,8 @@ pub struct EmailForm {
}
pub(crate) async fn get(
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
cookie_jar: PrivateCookieJar<Encrypter>,
) -> Result<Response, FancyError> {
let mut conn = pool.begin().await?;
@ -66,8 +66,8 @@ pub(crate) async fn get(
}
pub(crate) async fn post(
Extension(pool): Extension<PgPool>,
Extension(mailer): Extension<Mailer>,
State(pool): State<PgPool>,
State(mailer): State<Mailer>,
cookie_jar: PrivateCookieJar<Encrypter>,
Query(query): Query<OptionalPostAuthAction>,
Form(form): Form<ProtectedForm<EmailForm>>,

12
crates/handlers/src/views/account/emails/mod.rs
View File

@ -13,7 +13,7 @@
// limitations under the License.
use axum::{
extract::{Extension, Form},
extract::{Form, State},
response::{Html, IntoResponse, Response},
};
use axum_extra::extract::PrivateCookieJar;
@ -52,8 +52,8 @@ pub enum ManagementForm {
}
pub(crate) async fn get(
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
cookie_jar: PrivateCookieJar<Encrypter>,
) -> Result<Response, FancyError> {
let mut conn = pool.acquire().await?;
@ -118,9 +118,9 @@ async fn start_email_verification(
}
pub(crate) async fn post(
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
Extension(mailer): Extension<Mailer>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
State(mailer): State<Mailer>,
cookie_jar: PrivateCookieJar<Encrypter>,
Form(form): Form<ProtectedForm<ManagementForm>>,
) -> Result<Response, FancyError> {

8
crates/handlers/src/views/account/emails/verify.rs
View File

@ -13,7 +13,7 @@
// limitations under the License.
use axum::{
extract::{Extension, Form, Path, Query},
extract::{Form, Path, Query, State},
response::{Html, IntoResponse, Response},
};
use axum_extra::extract::PrivateCookieJar;
@ -40,8 +40,8 @@ pub struct CodeForm {
}
pub(crate) async fn get(
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
Query(query): Query<OptionalPostAuthAction>,
Path(id): Path<i64>,
cookie_jar: PrivateCookieJar<Encrypter>,
@ -78,7 +78,7 @@ pub(crate) async fn get(
}
pub(crate) async fn post(
Extension(pool): Extension<PgPool>,
State(pool): State<PgPool>,
cookie_jar: PrivateCookieJar<Encrypter>,
Query(query): Query<OptionalPostAuthAction>,
Path(id): Path<i64>,

6
crates/handlers/src/views/account/mod.rs
View File

@ -16,7 +16,7 @@ pub mod emails;
pub mod password;
use axum::{
extract::Extension,
extract::State,
response::{Html, IntoResponse, Response},
};
use axum_extra::extract::PrivateCookieJar;
@ -28,8 +28,8 @@ use mas_templates::{AccountContext, TemplateContext, Templates};
use sqlx::PgPool;
pub(crate) async fn get(
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
cookie_jar: PrivateCookieJar<Encrypter>,
) -> Result<Response, FancyError> {
let mut conn = pool.acquire().await?;

10
crates/handlers/src/views/account/password.rs
View File

@ -14,7 +14,7 @@
use argon2::Argon2;
use axum::{
extract::{Extension, Form},
extract::{Form, State},
response::{Html, IntoResponse, Response},
};
use axum_extra::extract::PrivateCookieJar;
@ -41,8 +41,8 @@ pub struct ChangeForm {
}
pub(crate) async fn get(
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
cookie_jar: PrivateCookieJar<Encrypter>,
) -> Result<Response, FancyError> {
let mut conn = pool.acquire().await?;
@ -76,8 +76,8 @@ async fn render(
}
pub(crate) async fn post(
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
cookie_jar: PrivateCookieJar<Encrypter>,
Form(form): Form<ProtectedForm<ChangeForm>>,
) -> Result<Response, FancyError> {

8
crates/handlers/src/views/index.rs
View File

@ -13,7 +13,7 @@
// limitations under the License.
use axum::{
extract::Extension,
extract::State,
response::{Html, IntoResponse},
};
use axum_extra::extract::PrivateCookieJar;
@ -24,9 +24,9 @@ use mas_templates::{IndexContext, TemplateContext, Templates};
use sqlx::PgPool;
pub async fn get(
Extension(templates): Extension<Templates>,
Extension(url_builder): Extension<UrlBuilder>,
Extension(pool): Extension<PgPool>,
State(templates): State<Templates>,
State(url_builder): State<UrlBuilder>,
State(pool): State<PgPool>,
cookie_jar: PrivateCookieJar<Encrypter>,
) -> Result<impl IntoResponse, FancyError> {
let mut conn = pool.acquire().await?;

10
crates/handlers/src/views/login.rs
View File

@ -13,7 +13,7 @@
// limitations under the License.
use axum::{
extract::{Extension, Form, Query},
extract::{Form, Query, State},
response::{Html, IntoResponse, Response},
};
use axum_extra::extract::PrivateCookieJar;
@ -44,8 +44,8 @@ impl ToFormState for LoginForm {
#[tracing::instrument(skip(templates, pool, cookie_jar))]
pub(crate) async fn get(
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
Query(query): Query<OptionalPostAuthAction>,
cookie_jar: PrivateCookieJar<Encrypter>,
) -> Result<Response, FancyError> {
@ -74,8 +74,8 @@ pub(crate) async fn get(
}
pub(crate) async fn post(
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
Query(query): Query<OptionalPostAuthAction>,
cookie_jar: PrivateCookieJar<Encrypter>,
Form(form): Form<ProtectedForm<LoginForm>>,

4
crates/handlers/src/views/logout.rs
View File

@ -13,7 +13,7 @@
// limitations under the License.
use axum::{
extract::{Extension, Form},
extract::{Form, State},
response::IntoResponse,
};
use axum_extra::extract::PrivateCookieJar;
@ -27,7 +27,7 @@ use mas_storage::user::end_session;
use sqlx::PgPool;
pub(crate) async fn post(
Extension(pool): Extension<PgPool>,
State(pool): State<PgPool>,
cookie_jar: PrivateCookieJar<Encrypter>,
Form(form): Form<ProtectedForm<Option<PostAuthAction>>>,
) -> Result<impl IntoResponse, FancyError> {

8
crates/handlers/src/views/reauth.rs
View File

@ -13,7 +13,7 @@
// limitations under the License.
use axum::{
extract::{Extension, Form, Query},
extract::{Form, Query, State},
response::{Html, IntoResponse, Response},
};
use axum_extra::extract::PrivateCookieJar;
@ -36,8 +36,8 @@ pub(crate) struct ReauthForm {
}
pub(crate) async fn get(
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
Query(query): Query<OptionalPostAuthAction>,
cookie_jar: PrivateCookieJar<Encrypter>,
) -> Result<Response, FancyError> {
@ -75,7 +75,7 @@ pub(crate) async fn get(
}
pub(crate) async fn post(
Extension(pool): Extension<PgPool>,
State(pool): State<PgPool>,
Query(query): Query<OptionalPostAuthAction>,
cookie_jar: PrivateCookieJar<Encrypter>,
Form(form): Form<ProtectedForm<ReauthForm>>,

14
crates/handlers/src/views/register.rs
View File

@ -18,7 +18,7 @@ use std::{str::FromStr, sync::Arc};
use argon2::Argon2;
use axum::{
extract::{Extension, Form, Query},
extract::{Form, Query, State},
response::{Html, IntoResponse, Response},
};
use axum_extra::extract::PrivateCookieJar;
@ -57,8 +57,8 @@ impl ToFormState for RegisterForm {
}
pub(crate) async fn get(
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
Query(query): Query<OptionalPostAuthAction>,
cookie_jar: PrivateCookieJar<Encrypter>,
) -> Result<Response, FancyError> {
@ -87,10 +87,10 @@ pub(crate) async fn get(
}
pub(crate) async fn post(
Extension(mailer): Extension<Mailer>,
Extension(policy_factory): Extension<Arc<PolicyFactory>>,
Extension(templates): Extension<Templates>,
Extension(pool): Extension<PgPool>,
State(mailer): State<Mailer>,
State(policy_factory): State<Arc<PolicyFactory>>,
State(templates): State<Templates>,
State(pool): State<PgPool>,
Query(query): Query<OptionalPostAuthAction>,
cookie_jar: PrivateCookieJar<Encrypter>,
Form(form): Form<ProtectedForm<RegisterForm>>,

2
crates/http/Cargo.toml
View File

@ -6,7 +6,7 @@ edition = "2021"
license = "Apache-2.0"
[dependencies]
axum = { version = "0.5.15", optional = true }
axum = { version = "0.6.0-rc.1", optional = true }
bytes = "1.2.1"
futures-util = "0.3.24"
headers = "0.3.8"

2
crates/router/Cargo.toml
View File

@ -6,7 +6,7 @@ edition = "2021"
license = "Apache-2.0"
[dependencies]
axum = { version = "0.5.15", default-features = false }
axum = { version = "0.6.0-rc.1", default-features = false }
serde = { version = "1.0.144", features = ["derive"] }
serde_urlencoded = "0.7.1"
serde_with = "2.0.0"

4
crates/static-files/Cargo.toml
View File

@ -9,8 +9,8 @@ license = "Apache-2.0"
dev = []
[dependencies]
axum = "0.5.15"
headers = "0.3.8"
axum = { version = "0.6.0-rc.1", features = ["headers"] }
headers = "0.3.7"
http = "0.2.8"
http-body = "0.4.5"
mime_guess = "2.0.4"