From 6c65e97e49d1d56380aa7d71abb0394b08ff60ca Mon Sep 17 00:00:00 2001 From: Owen Jacobson Date: Sun, 24 Aug 2025 16:00:45 -0400 Subject: Return an identity, rather than the parts of an identity, when validating an identity token. This is a small refactoring that's been possible for a while, and we only just noticed. --- src/token/app.rs | 5 +++-- src/token/extract/identity.rs | 12 +++++++----- 2 files changed, 10 insertions(+), 7 deletions(-) (limited to 'src/token') diff --git a/src/token/app.rs b/src/token/app.rs index 56c0e21..8ec61c5 100644 --- a/src/token/app.rs +++ b/src/token/app.rs @@ -7,6 +7,7 @@ use sqlx::sqlite::SqlitePool; use super::{ Broadcaster, Event as TokenEvent, Id, Secret, + extract::Identity, repo::{self, Provider as _, auth::Provider as _}, }; use crate::{ @@ -104,7 +105,7 @@ impl<'a> Tokens<'a> { &self, secret: &Secret, used_at: &DateTime, - ) -> Result<(Id, User), ValidateError> { + ) -> Result { let mut tx = self.db.begin().await?; let (token, user) = tx .tokens() @@ -115,7 +116,7 @@ impl<'a> Tokens<'a> { let user = user.as_snapshot().ok_or(ValidateError::LoginDeleted)?; - Ok((token, user)) + Ok(Identity { token, user }) } pub async fn limit_stream( diff --git a/src/token/extract/identity.rs b/src/token/extract/identity.rs index d1c0334..4d076d7 100644 --- a/src/token/extract/identity.rs +++ b/src/token/extract/identity.rs @@ -30,11 +30,13 @@ impl FromRequestParts for Identity { let secret = cookie.secret().ok_or(LoginError::Unauthorized)?; let app = State::::from_request_parts(parts, state).await?; - match app.tokens().validate(&secret, &used_at).await { - Ok((token, user)) => Ok(Identity { token, user }), - Err(ValidateError::InvalidToken) => Err(LoginError::Unauthorized), - Err(other) => Err(other.into()), - } + app.tokens() + .validate(&secret, &used_at) + .await + .map_err(|err| match err { + ValidateError::InvalidToken => LoginError::Unauthorized, + other => other.into(), + }) } } -- cgit v1.2.3