Use freestanding structs for `App` components.

A "component" is a struct that provides domain-specific operations on the service. `App` largely acts as a way to obtain components for domain-specific operations: for example, given `let app: App = todo!();`, then `app.tokens()` provides a component (`Tokens`) that supports operations on authentication tokens, and `app.conversations()` provides a component (`Conversations`) that supports operations on conversations.

This has been a major piece of the server's internal organization for a long time. Historically, these components have been built as short-lived view structs, which hold onto their functional dependencies by reference. A given component was therefore bound to its source `App`, and had a lifetime bounded by the life of that `App` instance or reference.

This change turns components into freestanding structs - that is, they can outlive the `App` that provided them. They hold their dependencies by value, not by reference; `App` provides clones when creating a component, instead of borrowing its own state. For the functional dependencies we have today, cloning is a supported and cheap way to share access; details are documented in the individual commits.

I'm making this change because we're working on web push, and we discovered while prototyping that it will be useful to be able to support multiple distinct types of web push client. A running Pilcrow server would use a "real" client (which sends real HTTP requests to deliver push messages), while tests would use a client stub (which doesn't). However, to make that work, we'll need to make `App` generic over the client, and the resulting type parameter would then end up in every handler and in most other things that touch the `App` type. This refactoring dramatically reduces the number of places we mention the `App` type, by making most uses rely on specific components instead of relying on `App` generally.

There are still a few places that work on `App` generally, rather than on specific components, because an operation requires the use of two or more components.

I don't love all this cloning, even if I know in my head that it's fine. The alternatives that we looked at include:

* Provider traits, as we have for `Transaction`, that allow endpoints to specify that they want any type that can provide a `Tokens` or a `Conversation` instead of specifically an `App` (`App<PushClient>`). This is wordy enough that we've opted to punt on that approach for now.
* Accept the type parameter as the cost of doing business. This is still an open alternative.
* Use `dyn` dispatch instead of a type parameter for the push client. This is still an open alternative, though not one I love as we'd be incurring function call indirection without getting any generality out of it.

Merges freestanding-app-components into main.

6 files changed, 38 insertions, 28 deletions

diff --git a/src/login/handlers/login/mod.rs b/src/login/handlers/login/mod.rs
index 6591984..2ce8a67 100644
--- a/src/login/handlers/login/mod.rs
+++ b/src/login/handlers/login/mod.rs
@@ -5,21 +5,25 @@ use axum::{
 };
 
 use crate::{
-    app::App, clock::RequestedAt, empty::Empty, error::Internal, login::app, name::Name,
-    password::Password, token::extract::IdentityCookie,
+    clock::RequestedAt,
+    empty::Empty,
+    error::Internal,
+    login::{app, app::Logins},
+    name::Name,
+    password::Password,
+    token::extract::IdentityCookie,
 };
 
 #[cfg(test)]
 mod test;
 
 pub async fn handler(
-    State(app): State<App>,
+    State(logins): State<Logins>,
     RequestedAt(now): RequestedAt,
     identity: IdentityCookie,
     Json(request): Json<Request>,
 ) -> Result<(IdentityCookie, Empty), Error> {
-    let secret = app
-        .logins()
+    let secret = logins
         .with_password(&request.name, &request.password, &now)
         .await
         .map_err(Error)?;
diff --git a/src/login/handlers/login/test.rs b/src/login/handlers/login/test.rs
index f3911d0..7bb56b6 100644
--- a/src/login/handlers/login/test.rs
+++ b/src/login/handlers/login/test.rs
@@ -22,7 +22,7 @@ async fn correct_credentials() {
         password,
     };
     let (identity, Empty) =
-        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+        super::handler(State(app.logins()), logged_in_at, identity, Json(request))
             .await
             .expect("logged in with valid credentials");
 
@@ -52,7 +52,7 @@ async fn invalid_name() {
         password,
     };
     let super::Error(error) =
-        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+        super::handler(State(app.logins()), logged_in_at, identity, Json(request))
             .await
             .expect_err("logged in with an incorrect password fails");
 
@@ -77,7 +77,7 @@ async fn incorrect_password() {
         password: fixtures::user::propose_password(),
     };
     let super::Error(error) =
-        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+        super::handler(State(app.logins()), logged_in_at, identity, Json(request))
             .await
             .expect_err("logged in with an incorrect password");
 
@@ -98,7 +98,7 @@ async fn token_expires() {
     let logged_in_at = fixtures::ancient();
     let identity = fixtures::cookie::not_logged_in();
     let request = super::Request { name, password };
-    let (identity, _) = super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+    let (identity, _) = super::handler(State(app.logins()), logged_in_at, identity, Json(request))
         .await
         .expect("logged in with valid credentials");
     let secret = identity.secret().expect("logged in with valid credentials");
diff --git a/src/login/handlers/logout/mod.rs b/src/login/handlers/logout/mod.rs
index 73efe73..ce4cb1a 100644
--- a/src/login/handlers/logout/mod.rs
+++ b/src/login/handlers/logout/mod.rs
@@ -4,25 +4,24 @@ use axum::{
 };
 
 use crate::{
-    app::App,
     clock::RequestedAt,
     empty::Empty,
     error::{Internal, Unauthorized},
-    token::{app, extract::IdentityCookie},
+    token::{app, app::Tokens, extract::IdentityCookie},
 };
 
 #[cfg(test)]
 mod test;
 
 pub async fn handler(
-    State(app): State<App>,
+    State(tokens): State<Tokens>,
     RequestedAt(now): RequestedAt,
     identity: IdentityCookie,
     Json(_): Json<Request>,
 ) -> Result<(IdentityCookie, Empty), Error> {
     if let Some(secret) = identity.secret() {
-        let identity = app.tokens().validate(&secret, &now).await?;
-        app.tokens().logout(&identity.token).await?;
+        let identity = tokens.validate(&secret, &now).await?;
+        tokens.logout(&identity.token).await?;
     }
 
     let identity = identity.clear();
diff --git a/src/login/handlers/logout/test.rs b/src/login/handlers/logout/test.rs
index e7b7dd4..18744ed 100644
--- a/src/login/handlers/logout/test.rs
+++ b/src/login/handlers/logout/test.rs
@@ -18,7 +18,7 @@ async fn successful() {
     // Call the endpoint
 
     let (response_identity, Empty) = super::handler(
-        State(app.clone()),
+        State(app.tokens()),
         fixtures::now(),
         identity.clone(),
         Json::default(),
@@ -42,9 +42,14 @@ async fn no_identity() {
     // Call the endpoint
 
     let identity = fixtures::cookie::not_logged_in();
-    let (identity, Empty) = super::handler(State(app), fixtures::now(), identity, Json::default())
-        .await
-        .expect("logged out with no token succeeds");
+    let (identity, Empty) = super::handler(
+        State(app.tokens()),
+        fixtures::now(),
+        identity,
+        Json::default(),
+    )
+    .await
+    .expect("logged out with no token succeeds");
 
     // Verify the return value's basic structure
 
@@ -60,10 +65,14 @@ async fn invalid_token() {
     // Call the endpoint
 
     let identity = fixtures::cookie::fictitious();
-    let super::Error(error) =
-        super::handler(State(app), fixtures::now(), identity, Json::default())
-            .await
-            .expect_err("logged out with an invalid token fails");
+    let super::Error(error) = super::handler(
+        State(app.tokens()),
+        fixtures::now(),
+        identity,
+        Json::default(),
+    )
+    .await
+    .expect_err("logged out with an invalid token fails");
 
     // Verify the return value's basic structure
 
diff --git a/src/login/handlers/password/mod.rs b/src/login/handlers/password/mod.rs
index 94c7fb4..8b82605 100644
--- a/src/login/handlers/password/mod.rs
+++ b/src/login/handlers/password/mod.rs
@@ -5,11 +5,10 @@ use axum::{
 };
 
 use crate::{
-    app::App,
     clock::RequestedAt,
     empty::Empty,
     error::Internal,
-    login::app,
+    login::{app, app::Logins},
     password::Password,
     token::extract::{Identity, IdentityCookie},
 };
@@ -18,14 +17,13 @@ use crate::{
 mod test;
 
 pub async fn handler(
-    State(app): State<App>,
+    State(logins): State<Logins>,
     RequestedAt(now): RequestedAt,
     identity: Identity,
     cookie: IdentityCookie,
     Json(request): Json<Request>,
 ) -> Result<(IdentityCookie, Empty), Error> {
-    let secret = app
-        .logins()
+    let secret = logins
         .change_password(&identity.login, &request.password, &request.to, &now)
         .await
         .map_err(Error)?;
diff --git a/src/login/handlers/password/test.rs b/src/login/handlers/password/test.rs
index ba2f28f..61d5b5a 100644
--- a/src/login/handlers/password/test.rs
+++ b/src/login/handlers/password/test.rs
@@ -21,7 +21,7 @@ async fn password_change() {
         to: to.clone(),
     };
     let (new_cookie, Empty) = super::handler(
-        State(app.clone()),
+        State(app.logins()),
         fixtures::now(),
         identity.clone(),
         cookie.clone(),