Remove "None" variant for JWT public key

2024-04-20 11:56:36 +02:00 · 2024-04-20 11:56:36 +02:00 · 9432b3a8fd
commit 9432b3a8fd
parent c81df0e6f7
4 changed files with 11 additions and 20 deletions
--- a/virtweb_backend/src/api_tokens.rs
+++ b/virtweb_backend/src/api_tokens.rs
@ -76,8 +76,8 @@ pub struct Token {
    pub description: String,
    created: u64,
    updated: u64,
-    #[serde(skip_serializing_if = "TokenPubKey::is_invalid")]
-    pub pub_key: TokenPubKey,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub pub_key: Option<TokenPubKey>,
    pub rights: TokenRights,
    pub last_used: u64,
    pub ip_restriction: Option<ipnetwork::IpNetwork>,
@ -205,7 +205,7 @@ pub async fn create(t: &NewToken) -> anyhow::Result<(Token, TokenPrivKey)> {
        id: TokenID(uuid::Uuid::new_v4()),
        created: time(),
        updated: time(),
-        pub_key,
+        pub_key: Some(pub_key),
        rights: t.rights.clone(),
        last_used: time(),
        ip_restriction: t.ip_restriction,
--- a/virtweb_backend/src/controllers/api_tokens_controller.rs
+++ b/virtweb_backend/src/controllers/api_tokens_controller.rs
@ -10,7 +10,6 @@ use actix_web::{web, HttpResponse};
 /// Create a special module for REST token to enforce usage of constructor function
 mod rest_token {
    use crate::api_tokens::Token;
-    use crate::utils::jwt_utils::TokenPubKey;

    #[derive(serde::Serialize)]
    pub struct RestToken {
@ -20,7 +19,7 @@ mod rest_token {

    impl RestToken {
        pub fn new(mut token: Token) -> Self {
-            token.pub_key = TokenPubKey::None;
+            token.pub_key = None;
            Self { token }
        }
    }
--- a/virtweb_backend/src/extractors/api_auth_extractor.rs
+++ b/virtweb_backend/src/extractors/api_auth_extractor.rs
@ -72,7 +72,13 @@ impl FromRequest for ApiAuthExtractor {
                return Err(ErrorBadRequest("Unable to validate token!"));
            }

-            let claims = match jwt_utils::validate_jwt::<TokenClaims>(&token.pub_key, &token_jwt) {
+            let claims = match jwt_utils::validate_jwt::<TokenClaims>(
+                &token
+                    .pub_key
+                    .clone()
+                    .expect("All tokens shall have public key!"),
+                &token_jwt,
+            ) {
                Ok(c) => c,
                Err(e) => {
                    log::error!("Failed to validate JWT: {e}");
--- a/virtweb_backend/src/utils/jwt_utils.rs
+++ b/virtweb_backend/src/utils/jwt_utils.rs
@ -9,21 +9,10 @@ use serde::Serialize;
 #[derive(serde::Serialize, serde::Deserialize, Clone, Debug, Eq, PartialEq)]
 #[serde(tag = "alg")]
 pub enum TokenPubKey {
-    /// This variant DOES make crash the program. It MUST NOT used to validate JWT.
-    ///
-    /// It is a hack to hide public key when getting the list of tokens
-    None,
-
    /// ECDSA with SHA2-384 variant
    ES384 { r#pub: String },
 }

-impl TokenPubKey {
-    pub fn is_invalid(&self) -> bool {
-        self == &TokenPubKey::None
-    }
-}
-
 #[derive(serde::Serialize, serde::Deserialize, Clone, Debug)]
 #[serde(tag = "alg")]
 pub enum TokenPrivKey {
@ -71,9 +60,6 @@ pub fn validate_jwt<E: DeserializeOwned>(key: &TokenPubKey, token: &str) -> anyh
            let validation = Validation::new(Algorithm::ES384);
            Ok(jsonwebtoken::decode::<E>(token, &decoding_key, &validation)?.claims)
        }
-        TokenPubKey::None => {
-            panic!("A public key is required!")
-        }
    }
 }