jwt-authorizer/demo-server/src/main.rs

use axum::{routing::get, Router};
use jwt_authorizer::{
    error::InitError, AuthError, Authorizer, IntoLayer, JwtAuthorizer, JwtClaims, Refresh, RefreshStrategy,
};
use serde::Deserialize;
use tokio::net::TcpListener;
use tower_http::trace::TraceLayer;
use tracing::info;
use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt};

mod oidc_provider;

/// Object representing claims
/// (a subset of deserialized claims)
#[derive(Debug, Deserialize, Clone)]
struct User {
    sub: String,
}

#[tokio::main]
async fn main() -> Result<(), InitError> {
    tracing_subscriber::registry()
        .with(tracing_subscriber::EnvFilter::new(
            std::env::var("RUST_LOG").unwrap_or_else(|_| "info,jwt_authorizer=debug,tower_http=debug".into()),
        ))
        .with(tracing_subscriber::fmt::layer())
        .init();

    // claims checker function
    fn claim_checker(u: &User) -> bool {
        info!("checking claims: {} -> {}", u.sub, u.sub.contains('@'));

        u.sub.contains('@') // must be an email
    }

    // starting oidc provider (discovery is needed by from_oidc())
    let issuer_uri = oidc_provider::run_server();

    // First let's create an authorizer builder from a Oidc Discovery
    // User is a struct deserializable from JWT claims representing the authorized user
    // let jwt_auth: JwtAuthorizer<User> = JwtAuthorizer::from_oidc("https://accounts.google.com/")
    let auth: Authorizer<User> = JwtAuthorizer::from_oidc(issuer_uri)
        // .no_refresh()
        .refresh(Refresh {
            strategy: RefreshStrategy::Interval,
            ..Default::default()
        })
        .check(claim_checker)
        .build()
        .await?;

    // actual router demo
    let api = Router::new()
        .route("/protected", get(protected))
        // adding the authorizer layer
        .layer(auth.into_layer());

    let app = Router::new()
        // public endpoint
        .route("/public", get(public_handler))
        // protected APIs
        .nest("/api", api)
        .layer(TraceLayer::new_for_http());

    let listener = TcpListener::bind("127.0.0.1:3000").await.unwrap();
    tracing::info!("listening on {:?}", listener.local_addr());

    axum::serve(listener, app.into_make_service()).await.unwrap();

    Ok(())
}

/// handler with injected claims object
async fn protected(JwtClaims(user): JwtClaims<User>) -> Result<String, AuthError> {
    // Send the protected data to the user
    Ok(format!("Welcome: {}", user.sub))
}

// public url handler
async fn public_handler() -> &'static str {
    "Public URL!"
}
feat: oidc issuer 2023-01-28 21:20:56 +01:00			`use axum::{routing::get, Router};`
refactor: JwtAuthorizer::IntoLayer -> Authorizer::IntoLayer - better error management (avoids composite errors when transforming multiple builder into layer) 2023-08-14 11:26:49 +02:00			`use jwt_authorizer::{`
			`error::InitError, AuthError, Authorizer, IntoLayer, JwtAuthorizer, JwtClaims, Refresh, RefreshStrategy,`
			`};`
chore: fmt 2023-01-08 13:45:21 +01:00			`use serde::Deserialize;`
update hyperium crates to `1.0`, axum to `0.7` 2023-12-01 12:37:13 -05:00			`use tokio::net::TcpListener;`
chore: fmt 2023-01-08 13:45:21 +01:00			`use tower_http::trace::TraceLayer;`
			`use tracing::info;`
			`use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt};`

			`mod oidc_provider;`

refactor: demo server (clean, refactor, docs) 2023-01-30 23:44:25 +01:00			`/// Object representing claims`
			`/// (a subset of deserialized claims)`
			`#[derive(Debug, Deserialize, Clone)]`
			`struct User {`
			`sub: String,`
			`}`

chore: fmt 2023-01-08 13:45:21 +01:00			`#[tokio::main]`
feat: oidc issuer 2023-01-28 21:20:56 +01:00			`async fn main() -> Result<(), InitError> {`
chore: fmt 2023-01-08 13:45:21 +01:00			`tracing_subscriber::registry()`
			`.with(tracing_subscriber::EnvFilter::new(`
feat: integration tests 2023-02-06 23:41:45 +01:00			`std::env::var("RUST_LOG").unwrap_or_else(\|_\| "info,jwt_authorizer=debug,tower_http=debug".into()),`
chore: fmt 2023-01-08 13:45:21 +01:00			`))`
			`.with(tracing_subscriber::fmt::layer())`
			`.init();`

refactor: demo server (clean, refactor, docs) 2023-01-30 23:44:25 +01:00			`// claims checker function`
chore: fmt 2023-01-08 13:45:21 +01:00			`fn claim_checker(u: &User) -> bool {`
			`info!("checking claims: {} -> {}", u.sub, u.sub.contains('@'));`

			`u.sub.contains('@') // must be an email`
			`}`

feat: oidc issuer 2023-01-28 21:20:56 +01:00			`// starting oidc provider (discovery is needed by from_oidc())`
refactor: demo server (clean, refactor, docs) 2023-01-30 23:44:25 +01:00			`let issuer_uri = oidc_provider::run_server();`
feat: oidc issuer 2023-01-28 21:20:56 +01:00
refactor: demo server (clean, refactor, docs) 2023-01-30 23:44:25 +01:00			`// First let's create an authorizer builder from a Oidc Discovery`
chore: fmt 2023-01-08 13:45:21 +01:00			`// User is a struct deserializable from JWT claims representing the authorized user`
feat: oidc issuer 2023-01-28 21:20:56 +01:00			`// let jwt_auth: JwtAuthorizer<User> = JwtAuthorizer::from_oidc("https://accounts.google.com/")`
refactor: JwtAuthorizer::IntoLayer -> Authorizer::IntoLayer - better error management (avoids composite errors when transforming multiple builder into layer) 2023-08-14 11:26:49 +02:00			`let auth: Authorizer<User> = JwtAuthorizer::from_oidc(issuer_uri)`
chore: fmt 2023-01-28 08:43:51 +01:00			`// .no_refresh()`
			`.refresh(Refresh {`
			`strategy: RefreshStrategy::Interval,`
			`..Default::default()`
			`})`
refactor: JwtAuthorizer::IntoLayer -> Authorizer::IntoLayer - better error management (avoids composite errors when transforming multiple builder into layer) 2023-08-14 11:26:49 +02:00			`.check(claim_checker)`
			`.build()`
			`.await?;`
chore: fmt 2023-01-08 13:45:21 +01:00
feat: oidc issuer 2023-01-28 21:20:56 +01:00			`// actual router demo`
chore: fmt 2023-01-08 13:45:21 +01:00			`let api = Router::new()`
			`.route("/protected", get(protected))`
feat: oidc issuer 2023-01-28 21:20:56 +01:00			`// adding the authorizer layer`
refactor: JwtAuthorizer::IntoLayer -> Authorizer::IntoLayer - better error management (avoids composite errors when transforming multiple builder into layer) 2023-08-14 11:26:49 +02:00			`.layer(auth.into_layer());`
chore: fmt 2023-01-08 13:45:21 +01:00
			`let app = Router::new()`
refactor: demo server (clean, refactor, docs) 2023-01-30 23:44:25 +01:00			`// public endpoint`
			`.route("/public", get(public_handler))`
			`// protected APIs`
chore: fmt 2023-01-08 13:45:21 +01:00			`.nest("/api", api)`
			`.layer(TraceLayer::new_for_http());`

update hyperium crates to `1.0`, axum to `0.7` 2023-12-01 12:37:13 -05:00			`let listener = TcpListener::bind("127.0.0.1:3000").await.unwrap();`
			`tracing::info!("listening on {:?}", listener.local_addr());`
chore: fmt 2023-01-08 13:45:21 +01:00
update hyperium crates to `1.0`, axum to `0.7` 2023-12-01 12:37:13 -05:00			`axum::serve(listener, app.into_make_service()).await.unwrap();`
feat: oidc issuer 2023-01-28 21:20:56 +01:00
			`Ok(())`
chore: fmt 2023-01-08 13:45:21 +01:00			`}`

refactor: demo server (clean, refactor, docs) 2023-01-30 23:44:25 +01:00			`/// handler with injected claims object`
chore: fmt 2023-01-08 13:45:21 +01:00			`async fn protected(JwtClaims(user): JwtClaims<User>) -> Result<String, AuthError> {`
			`// Send the protected data to the user`
			`Ok(format!("Welcome: {}", user.sub))`
			`}`

refactor: demo server (clean, refactor, docs) 2023-01-30 23:44:25 +01:00			`// public url handler`
			`async fn public_handler() -> &'static str {`
			`"Public URL!"`
chore: fmt 2023-01-08 13:45:21 +01:00			`}`