diff --git a/CHANGELOG.md b/CHANGELOG.md index 238328e..e7b3582 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +### Changed + +- JwtAuthorizer creation simplified: + + - JwtAuthorizer::from_* creates an instance, new() is not necessary anymore + ### Fixed - claims extractor (JwtClaims) without authorizer should not panic, should send a 500 error diff --git a/demo-server/src/main.rs b/demo-server/src/main.rs index 80acba4..a135189 100644 --- a/demo-server/src/main.rs +++ b/demo-server/src/main.rs @@ -28,8 +28,8 @@ async fn main() { // First let's create an authorizer builder from a JWKS Endpoint // User is a struct deserializable from JWT claims representing the authorized user - let jwt_auth: JwtAuthorizer = JwtAuthorizer::new() - .from_jwks_url("http://localhost:3000/oidc/jwks") + let jwt_auth: JwtAuthorizer = JwtAuthorizer:: + from_jwks_url("http://localhost:3000/oidc/jwks") .with_check(claim_checker); let oidc = Router::new() diff --git a/jwt-authorizer/docs/README.md b/jwt-authorizer/docs/README.md index 5e84851..f97ae42 100644 --- a/jwt-authorizer/docs/README.md +++ b/jwt-authorizer/docs/README.md @@ -16,8 +16,8 @@ Example: } // let's create an authorizer builder from a JWKS Endpoint - let jwt_auth: JwtAuthorizer = JwtAuthorizer::new() - .from_jwks_url("http://localhost:3000/oidc/jwks"); + let jwt_auth: JwtAuthorizer = + JwtAuthorizer::from_jwks_url("http://localhost:3000/oidc/jwks"); // adding the authorization layer let app = Router::new().route("/protected", get(protected)) @@ -54,8 +54,7 @@ Example: sub: String, } - let authorizer = JwtAuthorizer::new() - .from_rsa_pem("../config/jwtRS256.key.pub") + let authorizer = JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub") .with_check( |claims: &User| claims.sub.contains('@') // must be an email ); diff --git a/jwt-authorizer/src/layer.rs b/jwt-authorizer/src/layer.rs index 2649396..2b770f0 100644 --- a/jwt-authorizer/src/layer.rs +++ b/jwt-authorizer/src/layer.rs @@ -35,46 +35,44 @@ impl JwtAuthorizer where C: Clone + DeserializeOwned + Send + Sync, { - pub fn new() -> Self { + /// Build Authorizer Layer from a JWKS endpoint + pub fn from_jwks_url(url: &'static str) -> JwtAuthorizer { JwtAuthorizer { - key_source_type: None, + key_source_type: Some(KeySourceType::Jwks(url.to_owned())), claims_checker: None, } } - /// Build Authorizer Layer from a JWKS endpoint - pub fn from_jwks_url(mut self, url: &'static str) -> JwtAuthorizer { - self.key_source_type = Some(KeySourceType::Jwks(url.to_owned())); - - self - } - /// Build Authorizer Layer from a RSA PEM file - pub fn from_rsa_pem(mut self, path: &'static str) -> JwtAuthorizer { - self.key_source_type = Some(KeySourceType::RSA(path.to_owned())); - - self + pub fn from_rsa_pem(path: &'static str) -> JwtAuthorizer { + JwtAuthorizer { + key_source_type: Some(KeySourceType::RSA(path.to_owned())), + claims_checker: None, + } } /// Build Authorizer Layer from a EC PEM file - pub fn from_ec_pem(mut self, path: &'static str) -> JwtAuthorizer { - self.key_source_type = Some(KeySourceType::EC(path.to_owned())); - - self + pub fn from_ec_pem(path: &'static str) -> JwtAuthorizer { + JwtAuthorizer { + key_source_type: Some(KeySourceType::EC(path.to_owned())), + claims_checker: None, + } } /// Build Authorizer Layer from a EC PEM file - pub fn from_ed_pem(mut self, path: &'static str) -> JwtAuthorizer { - self.key_source_type = Some(KeySourceType::ED(path.to_owned())); - - self + pub fn from_ed_pem(path: &'static str) -> JwtAuthorizer { + JwtAuthorizer { + key_source_type: Some(KeySourceType::ED(path.to_owned())), + claims_checker: None, + } } /// Build Authorizer Layer from a secret phrase - pub fn from_secret(mut self, secret: &'static str) -> JwtAuthorizer { - self.key_source_type = Some(KeySourceType::Secret(secret)); - - self + pub fn from_secret(secret: &'static str) -> JwtAuthorizer { + JwtAuthorizer { + key_source_type: Some(KeySourceType::Secret(secret)), + claims_checker: None, + } } /// layer that checks token validity and claim constraints (custom function) diff --git a/jwt-authorizer/src/tests.rs b/jwt-authorizer/src/tests.rs index 5a4e79c..b980765 100644 --- a/jwt-authorizer/src/tests.rs +++ b/jwt-authorizer/src/tests.rs @@ -40,8 +40,7 @@ mod tests { #[tokio::test] async fn protected_without_jwt() { - let jwt_auth: JwtAuthorizer = JwtAuthorizer::new() - .from_rsa_pem("../config/jwtRS256.key.pub"); + let jwt_auth: JwtAuthorizer = JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub"); let response = app(jwt_auth) .oneshot(Request::builder().uri("/protected").body(Body::empty()).unwrap()) @@ -58,7 +57,7 @@ mod tests { async fn protected_with_jwt() { let response = make_proteced_request( - JwtAuthorizer::new().from_rsa_pem("../config/jwtRS256.key.pub"), + JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub"), JWT_RSA_OK ).await; @@ -72,7 +71,7 @@ mod tests { async fn protected_with_bad_jwt() { let response = make_proteced_request( - JwtAuthorizer::new().from_rsa_pem("../config/jwtRS256.key.pub"), + JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub"), "xxx.xxx.xxx" ).await; @@ -84,14 +83,14 @@ mod tests { async fn protected_with_claims_check() { let rsp_ok = make_proteced_request( - JwtAuthorizer::new().from_rsa_pem("../config/jwtRS256.key.pub").with_check(|_|true), + JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub").with_check(|_|true), JWT_RSA_OK ).await; assert_eq!(rsp_ok.status(), StatusCode::OK); let rsp_ko = make_proteced_request( - JwtAuthorizer::new().from_rsa_pem("../config/jwtRS256.key.pub").with_check(|_|false), + JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub").with_check(|_|false), JWT_RSA_OK ).await; @@ -108,7 +107,7 @@ mod tests { async fn protected_with_bad_jwks_url() { let response = make_proteced_request( - JwtAuthorizer::new().from_jwks_url("http://bad-url/xxx/yyy"), + JwtAuthorizer::from_jwks_url("http://bad-url/xxx/yyy"), JWT_RSA_OK ).await;