Refactor dependencies to reduce code base size (#111)
All checks were successful
continuous-integration/drone/push Build is passing

Use crates to reduce code base size :

* `actix-remote-ip` to safely determine user IP location
* `light-openid` for the OpenID primitives & as client to handle federation

Reviewed-on: #111
This commit is contained in:
2023-04-29 11:11:24 +00:00
parent f262e6f183
commit 6cc9f4c54c
18 changed files with 112 additions and 525 deletions

View File

@ -7,6 +7,7 @@ use actix_web::error::ErrorUnauthorized;
use actix_web::{web, HttpRequest, HttpResponse, Responder};
use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
use base64::Engine as _;
use light_openid::primitives::{OpenIDConfig, OpenIDTokenResponse, OpenIDUserInfo};
use crate::actors::openid_sessions_actor::{OpenIDSessionsActor, Session, SessionID};
use crate::actors::users_actor::UsersActor;
@ -20,7 +21,7 @@ use crate::data::code_challenge::CodeChallenge;
use crate::data::current_user::CurrentUser;
use crate::data::id_token::IdToken;
use crate::data::jwt_signer::{JWTSigner, JsonWebKey};
use crate::data::openid_primitive::{OpenIDConfig, OpenIDUserInfo, TokenResponse};
use crate::data::session_identity::SessionIdentity;
use crate::data::user::User;
use crate::utils::string_utils::rand_str;
@ -51,15 +52,32 @@ pub async fn get_configuration(req: HttpRequest) -> impl Responder {
issuer: AppConfig::get().website_origin.clone(),
authorization_endpoint: AppConfig::get().full_url(AUTHORIZE_URI),
token_endpoint: curr_origin.clone() + TOKEN_URI,
userinfo_endpoint: curr_origin.clone() + USERINFO_URI,
userinfo_endpoint: Some(curr_origin.clone() + USERINFO_URI),
jwks_uri: curr_origin + CERT_URI,
scopes_supported: vec!["openid", "profile", "email"],
response_types_supported: vec!["code", "id_token", "token id_token"],
subject_types_supported: vec!["public"],
id_token_signing_alg_values_supported: vec!["RS256"],
token_endpoint_auth_methods_supported: vec!["client_secret_post", "client_secret_basic"],
claims_supported: vec!["sub", "name", "given_name", "family_name", "email"],
code_challenge_methods_supported: vec!["plain", "S256"],
scopes_supported: Some(vec![
"openid".to_string(),
"profile".to_string(),
"email".to_string(),
]),
response_types_supported: vec![
"code".to_string(),
"id_token".to_string(),
"token id_token".to_string(),
],
subject_types_supported: vec!["public".to_string()],
id_token_signing_alg_values_supported: vec!["RS256".to_string()],
token_endpoint_auth_methods_supported: Some(vec![
"client_secret_post".to_string(),
"client_secret_basic".to_string(),
]),
claims_supported: Some(vec![
"sub".to_string(),
"name".to_string(),
"given_name".to_string(),
"family_name".to_string(),
"email".to_string(),
]),
code_challenge_methods_supported: Some(vec!["plain".to_string(), "S256".to_string()]),
})
}
@ -438,7 +456,7 @@ pub async fn token(
email: user.email,
};
TokenResponse {
OpenIDTokenResponse {
access_token: session.access_token.expect("Missing access token!"),
token_type: "Bearer".to_string(),
refresh_token: Some(session.refresh_token),
@ -488,7 +506,7 @@ pub async fn token(
.await
.unwrap();
TokenResponse {
OpenIDTokenResponse {
access_token: session.access_token.expect("Missing access token!"),
token_type: "Bearer".to_string(),
refresh_token: Some(session.refresh_token),