fix: claims extractor should not panic

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+### Fixed
+
+- claims extractor (JwtClaims) without authorizer should not panic, should send a 500 error
+
 ## 0.4.0 - (2023-1-21)
 
 ### Added

jwt-authorizer/src/error.rs

@@ -6,7 +6,7 @@ use http::header;
 use jsonwebtoken::Algorithm;
 use thiserror::Error;
 
-use tracing::{log::warn, debug};
+use tracing::debug;
 
 #[derive(Debug, Error)]
 pub enum InitError {

jwt-authorizer/src/lib.rs

@@ -1,6 +1,7 @@
 #![doc = include_str!("../docs/README.md")]
 
 use axum::{async_trait, extract::FromRequestParts, http::request::Parts};
+use http::StatusCode;
 use jsonwebtoken::TokenData;
 use serde::de::DeserializeOwned;
 
@@ -22,13 +23,15 @@ where
     T: DeserializeOwned + Send + Sync + Clone + 'static,
     S: Send + Sync,
 {
-    type Rejection = error::AuthError;
+    type Rejection = StatusCode;
 
     async fn from_request_parts(parts: &mut Parts, _: &S) -> Result<Self, Self::Rejection> {
-        let claims = parts.extensions.get::<TokenData<T>>().unwrap(); // TODO: unwrap -> err
+        tracing::error!("JwtClaims extractor must be behind a jwt-authoriser layer!");
-        Ok(JwtClaims(claims.claims.clone())) // TODO: unwrap -> err
-    }
-}
 
-#[cfg(test)]
+        if let Some(claims) = parts.extensions.get::<TokenData<T>>() {
-mod tests;
+            Ok(JwtClaims(claims.claims.clone()))
+        } else {
+            Err(StatusCode::INTERNAL_SERVER_ERROR)
+        }
+    }
+}

jwt-authorizer/src/tests.rs

@@ -114,4 +114,17 @@ mod tests {
 
         assert_eq!(response.status(), StatusCode::INTERNAL_SERVER_ERROR);
     }
+
+    #[tokio::test]
+    async fn extract_from_public_500() {
+        let app = Router::new().route("/public", 
+                get(|JwtClaims(user): JwtClaims<User>| async move {
+                    format!("hello: {}", user.sub)
+                }));
+        let response = app.oneshot(Request::builder().uri("/public").body(Body::empty()).unwrap())
+                .await
+                .unwrap();
+
+        assert_eq!(response.status(), StatusCode::INTERNAL_SERVER_ERROR);
+    }
 }