phoenix/icarus_auth
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 46 Wiki Activity
Files
eb1e2990f9327f57e59304ff1d3bb290c25dbbdb
icarus_auth/src/token_stuff/mod.rs
phoenix eb1e2990f9
All checks were successful
Rust Build / Check (push) Successful in 46s
Details
Rust Build / Test Suite (push) Successful in 57s
Details
Release Tagging / release (push) Successful in 59s
Details
Rust Build / Rustfmt (push) Successful in 37s
Details
Rust Build / Clippy (push) Successful in 48s
Details
Rust Build / Check (pull_request) Successful in 45s
Details
Rust Build / build (push) Successful in 59s
Details
Rust Build / Rustfmt (pull_request) Successful in 38s
Details
Rust Build / Clippy (pull_request) Successful in 43s
Details
Rust Build / Test Suite (pull_request) Successful in 54s
Details
Rust Build / build (pull_request) Successful in 59s
Details
tsk-51: Refresh token endpoint (#54) 
Closes #51

Reviewed-on: #54
Co-authored-by: phoenix <kundeng00@pm.me>
Co-committed-by: phoenix <kundeng00@pm.me>
2025-08-11 22:15:17 +00:00

140 lines
4.4 KiB
Rust
Raw Blame History

use josekit::{
self,
jws::alg::hmac::HmacJwsAlgorithm::Hs256,
jwt::{self},
};
use time;
pub const KEY_ENV: &str = "SECRET_KEY";
pub const MESSAGE: &str = "Something random";
pub const ISSUER: &str = "icarus_auth";
pub const AUDIENCE: &str = "icarus";
pub fn get_issued() -> time::Result<time::OffsetDateTime> {
Ok(time::OffsetDateTime::now_utc())
}
pub fn get_expiration(issued: &time::OffsetDateTime) -> Result<time::OffsetDateTime, time::Error> {
let duration_expire = time::Duration::hours(4);
Ok(*issued + duration_expire)
}
pub fn create_token(
provided_key: &String,
id: &uuid::Uuid,
) -> Result<(String, i64), josekit::JoseError> {
let resource = icarus_models::token::TokenResource {
message: String::from(MESSAGE),
issuer: String::from(ISSUER),
audiences: vec![String::from(AUDIENCE)],
id: *id,
};
icarus_models::token::create_token(provided_key, &resource, time::Duration::hours(4))
}
pub fn create_service_token(
provided: &String,
id: &uuid::Uuid,
) -> Result<(String, i64), josekit::JoseError> {
let resource = icarus_models::token::TokenResource {
message: String::from(SERVICE_SUBJECT),
issuer: String::from(ISSUER),
audiences: vec![String::from(AUDIENCE)],
id: *id,
};
icarus_models::token::create_token(provided, &resource, time::Duration::hours(1))
}
pub fn create_service_refresh_token(
key: &String,
id: &uuid::Uuid,
) -> Result<(String, i64), josekit::JoseError> {
let resource = icarus_models::token::TokenResource {
message: String::from(SERVICE_SUBJECT),
issuer: String::from(ISSUER),
audiences: vec![String::from(AUDIENCE)],
id: *id,
};
icarus_models::token::create_token(key, &resource, time::Duration::hours(4))
}
pub fn verify_token(key: &String, token: &String) -> bool {
match get_payload(key, token) {
Ok((payload, _header)) => match payload.subject() {
Some(_sub) => true,
None => false,
},
Err(_err) => false,
}
}
pub fn extract_id_from_token(key: &String, token: &String) -> Result<uuid::Uuid, std::io::Error> {
match get_payload(key, token) {
Ok((payload, _header)) => match payload.claim("id") {
Some(id) => match uuid::Uuid::parse_str(id.as_str().unwrap()) {
Ok(extracted) => Ok(extracted),
Err(err) => Err(std::io::Error::other(err.to_string())),
},
None => Err(std::io::Error::other("No claim found")),
},
Err(err) => Err(std::io::Error::other(err.to_string())),
}
}
pub const APP_TOKEN_TYPE: &str = "Icarus_App";
pub const APP_SUBJECT: &str = "Something random";
pub const SERVICE_TOKEN_TYPE: &str = "Icarus_Service";
pub const SERVICE_SUBJECT: &str = "Service random";
pub fn get_token_type(key: &String, token: &String) -> Result<String, std::io::Error> {
match get_payload(key, token) {
Ok((payload, _header)) => match payload.subject() {
Some(subject) => {
if subject == APP_SUBJECT {
Ok(String::from(APP_TOKEN_TYPE))
} else if subject == SERVICE_SUBJECT {
Ok(String::from(SERVICE_TOKEN_TYPE))
} else {
Err(std::io::Error::other(String::from("Invalid subject")))
}
}
None => Err(std::io::Error::other(String::from("Invalid payload"))),
},
Err(err) => Err(std::io::Error::other(err.to_string())),
}
}
pub fn is_token_type_valid(token_type: &String) -> bool {
token_type == SERVICE_TOKEN_TYPE
}
fn get_payload(
key: &String,
token: &String,
) -> Result<(josekit::jwt::JwtPayload, josekit::jws::JwsHeader), josekit::JoseError> {
let ver = Hs256.verifier_from_bytes(key.as_bytes()).unwrap();
jwt::decode_with_verifier(token, &ver)
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_tokenize() {
let rt = tokio::runtime::Runtime::new().unwrap();
let special_key = rt.block_on(icarus_envy::environment::get_secret_key());
let id = uuid::Uuid::new_v4();
match create_token(&special_key, &id) {
Ok((token, _duration)) => {
let result = verify_token(&special_key, &token);
assert!(result, "Token not verified");
}
Err(err) => {
assert!(false, "Error: {:?}", err.to_string());
}
};
}
}
Reference in New Issue View Git Blame Copy Permalink