1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
use std::fmt;
use axum::{
extract::FromRequestParts,
http::request::Parts,
response::{IntoResponseParts, ResponseParts},
};
use axum_extra::extract::cookie::{Cookie, CookieJar};
use crate::token::Secret;
// The usage pattern here - receive the extractor as an argument, return it in
// the response - is heavily modelled after CookieJar's own intended usage.
#[derive(Clone)]
pub struct IdentityToken {
cookies: CookieJar,
}
impl fmt::Debug for IdentityToken {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.debug_struct("IdentityToken")
.field("identity", &self.secret())
.finish()
}
}
impl IdentityToken {
// Creates a new, unpopulated identity token store.
#[cfg(test)]
pub fn new() -> Self {
Self {
cookies: CookieJar::new(),
}
}
// Get the identity secret sent in the request, if any. If the identity
// was not sent, or if it has previously been [clear]ed, then this will
// return [None]. If the identity has previously been [set], then this
// will return that secret, regardless of what the request originally
// included.
pub fn secret(&self) -> Option<Secret> {
self.cookies
.get(IDENTITY_COOKIE)
.map(Cookie::value)
.map(Secret::from)
}
// Positively set the identity secret, and ensure that it will be sent
// back to the client when this extractor is included in a response.
pub fn set(self, secret: impl Into<Secret>) -> Self {
let secret = secret.into().reveal();
let identity_cookie = Cookie::build((IDENTITY_COOKIE, secret))
.http_only(true)
.path("/")
.permanent()
.build();
Self {
cookies: self.cookies.add(identity_cookie),
}
}
// Remove the identity secret and ensure that it will be cleared when this
// extractor is included in a response.
pub fn clear(self) -> Self {
Self {
cookies: self.cookies.remove(IDENTITY_COOKIE),
}
}
}
const IDENTITY_COOKIE: &str = "identity";
#[async_trait::async_trait]
impl<S> FromRequestParts<S> for IdentityToken
where
S: Send + Sync,
{
type Rejection = <CookieJar as FromRequestParts<S>>::Rejection;
async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
let cookies = CookieJar::from_request_parts(parts, state).await?;
Ok(Self { cookies })
}
}
impl IntoResponseParts for IdentityToken {
type Error = <CookieJar as IntoResponseParts>::Error;
fn into_response_parts(self, res: ResponseParts) -> Result<ResponseParts, Self::Error> {
let Self { cookies } = self;
cookies.into_response_parts(res)
}
}
|
