fix: claims extractor should not panic

2025-12-11 23:50:07 +01:00 · 2023-01-23 23:10:28 +01:00 · 2023-01-23 23:10:28 +01:00 · 9101f91ad8
commit 9101f91ad8
parent 8f03e8e1b6
4 changed files with 27 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## Unreleased

+### Fixed
+
+- claims extractor (JwtClaims) without authorizer should not panic, should send a 500 error
+
 ## 0.4.0 - (2023-1-21)

 ### Added
--- a/jwt-authorizer/src/error.rs
+++ b/jwt-authorizer/src/error.rs
@ -6,7 +6,7 @@ use http::header;
 use jsonwebtoken::Algorithm;
 use thiserror::Error;

-use tracing::{log::warn, debug};
+use tracing::debug;

 #[derive(Debug, Error)]
 pub enum InitError {
--- a/jwt-authorizer/src/lib.rs
+++ b/jwt-authorizer/src/lib.rs
@ -1,6 +1,7 @@
 #![doc = include_str!("../docs/README.md")]

 use axum::{async_trait, extract::FromRequestParts, http::request::Parts};
+use http::StatusCode;
 use jsonwebtoken::TokenData;
 use serde::de::DeserializeOwned;

@ -22,13 +23,15 @@ where
    T: DeserializeOwned + Send + Sync + Clone + 'static,
    S: Send + Sync,
 {
-    type Rejection = error::AuthError;
+    type Rejection = StatusCode;

    async fn from_request_parts(parts: &mut Parts, _: &S) -> Result<Self, Self::Rejection> {
-        let claims = parts.extensions.get::<TokenData<T>>().unwrap(); // TODO: unwrap -> err
-        Ok(JwtClaims(claims.claims.clone())) // TODO: unwrap -> err
+        tracing::error!("JwtClaims extractor must be behind a jwt-authoriser layer!");
+
+        if let Some(claims) = parts.extensions.get::<TokenData<T>>() {
+            Ok(JwtClaims(claims.claims.clone()))
+        } else {
+            Err(StatusCode::INTERNAL_SERVER_ERROR)
+        }
    }
 }
-
-#[cfg(test)]
-mod tests;
--- a/jwt-authorizer/src/tests.rs
+++ b/jwt-authorizer/src/tests.rs
@ -114,4 +114,17 @@ mod tests {

        assert_eq!(response.status(), StatusCode::INTERNAL_SERVER_ERROR);
    }
+
+    #[tokio::test]
+    async fn extract_from_public_500() {
+        let app = Router::new().route("/public", 
+                get(|JwtClaims(user): JwtClaims<User>| async move {
+                    format!("hello: {}", user.sub)
+                }));
+        let response = app.oneshot(Request::builder().uri("/public").body(Body::empty()).unwrap())
+                .await
+                .unwrap();
+
+        assert_eq!(response.status(), StatusCode::INTERNAL_SERVER_ERROR);
+    }
 }