2023-08-19 15:42:29 +02:00
|
|
|
use async_trait::async_trait;
|
|
|
|
|
use oauth2::{basic::BasicClient, AuthUrl, ClientId, ClientSecret, RedirectUrl, TokenUrl};
|
2023-08-19 16:15:17 +02:00
|
|
|
use std::ops::Deref;
|
|
|
|
|
use std::sync::Arc;
|
|
|
|
|
|
2023-08-19 23:59:33 +02:00
|
|
|
#[derive(Clone, clap::Args, Debug, PartialEq, Eq)]
|
2023-08-19 16:15:17 +02:00
|
|
|
pub struct OAuthClientClap {
|
|
|
|
|
#[clap(flatten)]
|
2023-08-19 16:43:50 +02:00
|
|
|
zitadel: ZitadelClap,
|
2023-08-19 16:15:17 +02:00
|
|
|
|
|
|
|
|
#[clap(flatten)]
|
2023-08-19 16:43:50 +02:00
|
|
|
noop: NoopConfig,
|
2023-08-19 16:15:17 +02:00
|
|
|
}
|
|
|
|
|
|
2023-08-19 23:59:33 +02:00
|
|
|
#[derive(Clone, clap::Args, Debug, PartialEq, Eq)]
|
2023-08-19 16:15:17 +02:00
|
|
|
pub struct NoopConfig {
|
2023-08-20 00:23:27 +02:00
|
|
|
#[arg(env = "OAUTH_NOOP", long = "oauth-noop", group = "auth")]
|
2023-08-19 16:15:17 +02:00
|
|
|
pub oauth_noop: Option<bool>,
|
|
|
|
|
}
|
2023-08-19 15:42:29 +02:00
|
|
|
|
2023-08-19 16:43:50 +02:00
|
|
|
#[derive(clap::Args, Clone, Debug, PartialEq, Eq)]
|
2023-08-19 23:59:33 +02:00
|
|
|
#[group(requires_all = ["auth_url", "client_id", "client_secret", "redirect_url", "token_url"])]
|
2023-08-19 16:24:08 +02:00
|
|
|
pub struct ZitadelClap {
|
2023-08-19 23:59:33 +02:00
|
|
|
#[arg(env = "ZITADEL_AUTH_URL", long = "zitadel-auth-url", group = "auth")]
|
2023-08-19 16:24:08 +02:00
|
|
|
pub auth_url: Option<String>,
|
|
|
|
|
|
2023-08-19 23:59:33 +02:00
|
|
|
#[arg(env = "ZITADEL_CLIENT_ID", long = "zitadel-client-id")]
|
2023-08-19 16:24:08 +02:00
|
|
|
pub client_id: Option<String>,
|
|
|
|
|
|
2023-08-19 23:59:33 +02:00
|
|
|
#[arg(env = "ZITADEL_CLIENT_SECRET", long = "zitadel-client-secret")]
|
2023-08-19 16:24:08 +02:00
|
|
|
pub client_secret: Option<String>,
|
|
|
|
|
|
2023-08-19 23:59:33 +02:00
|
|
|
#[arg(env = "ZITADEL_REDIRECT_URL", long = "zitadel-redirect-url")]
|
2023-08-19 16:24:08 +02:00
|
|
|
pub redirect_url: Option<String>,
|
|
|
|
|
|
2023-08-19 23:59:33 +02:00
|
|
|
#[arg(env = "ZITADEL_TOKEN_URL", long = "zitadel-token-url")]
|
2023-08-19 16:24:08 +02:00
|
|
|
pub token_url: Option<String>,
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-19 15:42:29 +02:00
|
|
|
#[async_trait]
|
|
|
|
|
pub trait OAuthClient {
|
|
|
|
|
async fn get_token(&self) -> anyhow::Result<()>;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub struct OAuth(Arc<dyn OAuthClient + Send + Sync + 'static>);
|
|
|
|
|
|
|
|
|
|
impl OAuth {
|
|
|
|
|
pub fn new_zitadel(config: ZitadelConfig) -> Self {
|
|
|
|
|
Self(Arc::new(ZitadelOAuthClient::from(config)))
|
|
|
|
|
}
|
|
|
|
|
pub fn new_noop() -> Self {
|
|
|
|
|
Self(Arc::new(NoopOAuthClient {}))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-19 16:15:17 +02:00
|
|
|
#[derive(Clone)]
|
2023-08-19 15:42:29 +02:00
|
|
|
pub enum OAuthConfig {
|
|
|
|
|
Zitadel(ZitadelConfig),
|
|
|
|
|
Noop,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl From<OAuthConfig> for OAuth {
|
|
|
|
|
fn from(value: OAuthConfig) -> Self {
|
|
|
|
|
match value {
|
|
|
|
|
OAuthConfig::Zitadel(c) => c.into(),
|
|
|
|
|
OAuthConfig::Noop => Self::new_noop(),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl Deref for OAuth {
|
|
|
|
|
type Target = Arc<dyn OAuthClient + Send + Sync + 'static>;
|
|
|
|
|
|
|
|
|
|
fn deref(&self) -> &Self::Target {
|
|
|
|
|
&self.0
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl From<ZitadelConfig> for OAuth {
|
|
|
|
|
fn from(value: ZitadelConfig) -> Self {
|
|
|
|
|
Self::new_zitadel(value)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// -- Noop
|
2023-08-19 16:15:17 +02:00
|
|
|
#[derive(clap::Args, Clone)]
|
2023-08-19 15:42:29 +02:00
|
|
|
pub struct NoopOAuthClient;
|
|
|
|
|
#[async_trait]
|
|
|
|
|
impl OAuthClient for NoopOAuthClient {
|
|
|
|
|
async fn get_token(&self) -> anyhow::Result<()> {
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// -- Zitadel
|
|
|
|
|
|
2023-08-19 16:15:17 +02:00
|
|
|
#[derive(clap::Args, Clone)]
|
2023-08-19 16:24:08 +02:00
|
|
|
#[group(conflicts_with = "NoopConfig", required = false)]
|
2023-08-19 15:42:29 +02:00
|
|
|
pub struct ZitadelConfig {
|
2023-08-19 16:15:17 +02:00
|
|
|
#[clap(env = "ZITADEL_AUTH_URL", long = "zitadel-auth-url")]
|
|
|
|
|
auth_url: String,
|
|
|
|
|
#[clap(env = "ZITADEL_CLIENT_ID", long = "zitadel-client-id")]
|
2023-08-19 15:42:29 +02:00
|
|
|
client_id: String,
|
2023-08-19 16:15:17 +02:00
|
|
|
#[clap(env = "ZITADEL_CLIENT_SECRET", long = "zitadel-client-secret")]
|
2023-08-19 15:42:29 +02:00
|
|
|
client_secret: String,
|
2023-08-19 16:15:17 +02:00
|
|
|
#[clap(env = "ZITADEL_REDIRECT_URL", long = "zitadel-redirect-url")]
|
2023-08-19 15:42:29 +02:00
|
|
|
redirect_url: String,
|
2023-08-19 16:15:17 +02:00
|
|
|
#[clap(env = "ZITADEL_TOKEN_URL", long = "zitadel-token-url")]
|
2023-08-19 15:42:29 +02:00
|
|
|
token_url: String,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub struct ZitadelOAuthClient {
|
|
|
|
|
client: BasicClient,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl ZitadelOAuthClient {
|
|
|
|
|
pub fn new(
|
|
|
|
|
client_id: impl Into<String>,
|
|
|
|
|
client_secret: impl Into<String>,
|
|
|
|
|
redirect_url: impl Into<String>,
|
|
|
|
|
auth_url: impl Into<String>,
|
|
|
|
|
token_url: impl Into<String>,
|
|
|
|
|
) -> Self {
|
|
|
|
|
Self {
|
|
|
|
|
client: Self::oauth_client(ZitadelConfig {
|
|
|
|
|
client_id: client_id.into(),
|
|
|
|
|
client_secret: client_secret.into(),
|
|
|
|
|
redirect_url: redirect_url.into(),
|
|
|
|
|
auth_url: auth_url.into(),
|
|
|
|
|
token_url: token_url.into(),
|
|
|
|
|
}),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn oauth_client(config: ZitadelConfig) -> BasicClient {
|
|
|
|
|
BasicClient::new(
|
|
|
|
|
ClientId::new(config.client_id),
|
|
|
|
|
Some(ClientSecret::new(config.client_secret)),
|
|
|
|
|
AuthUrl::new(config.auth_url).unwrap(),
|
|
|
|
|
Some(TokenUrl::new(config.token_url).unwrap()),
|
|
|
|
|
)
|
|
|
|
|
.set_redirect_uri(RedirectUrl::new(config.redirect_url).unwrap())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl From<ZitadelConfig> for ZitadelOAuthClient {
|
|
|
|
|
fn from(value: ZitadelConfig) -> Self {
|
|
|
|
|
Self::new(
|
|
|
|
|
value.client_id,
|
|
|
|
|
value.client_secret,
|
|
|
|
|
value.redirect_url,
|
|
|
|
|
value.auth_url,
|
|
|
|
|
value.token_url,
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[async_trait]
|
|
|
|
|
impl OAuthClient for ZitadelOAuthClient {
|
|
|
|
|
async fn get_token(&self) -> anyhow::Result<()> {
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
mod tests {
|
2023-08-19 23:59:33 +02:00
|
|
|
use crate::oauth::{
|
|
|
|
|
NoopConfig, OAuth, OAuthClientClap, OAuthConfig, ZitadelClap, ZitadelConfig,
|
|
|
|
|
};
|
2023-08-19 16:15:17 +02:00
|
|
|
use clap::Parser;
|
2023-08-19 23:59:33 +02:00
|
|
|
use sealed_test::prelude::*;
|
2023-08-19 16:15:17 +02:00
|
|
|
|
|
|
|
|
#[derive(Parser)]
|
2023-08-19 16:43:50 +02:00
|
|
|
#[command(author, version, about, long_about = None)]
|
2023-08-19 16:15:17 +02:00
|
|
|
pub struct Cli {
|
|
|
|
|
#[clap(flatten)]
|
|
|
|
|
options: OAuthClientClap,
|
2023-08-19 23:59:33 +02:00
|
|
|
}
|
2023-08-19 16:43:50 +02:00
|
|
|
|
2023-08-19 23:59:33 +02:00
|
|
|
#[derive(Parser, Debug)]
|
|
|
|
|
#[command(author, version, about, long_about = None)]
|
|
|
|
|
pub struct CliSubCommand {
|
2023-08-19 16:43:50 +02:00
|
|
|
#[command(subcommand)]
|
|
|
|
|
command: Commands,
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-19 23:59:33 +02:00
|
|
|
#[derive(clap::Subcommand, Clone, Debug, Eq, PartialEq)]
|
2023-08-19 16:43:50 +02:00
|
|
|
pub enum Commands {
|
2023-08-19 23:59:33 +02:00
|
|
|
One {
|
|
|
|
|
#[clap(flatten)]
|
|
|
|
|
options: OAuthClientClap,
|
|
|
|
|
},
|
2023-08-19 16:15:17 +02:00
|
|
|
}
|
2023-08-19 15:42:29 +02:00
|
|
|
|
|
|
|
|
#[tokio::test]
|
|
|
|
|
async fn test_noop() {
|
|
|
|
|
OAuth::from(OAuthConfig::Noop).get_token().await.unwrap();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[tokio::test]
|
|
|
|
|
async fn test_zitadel() {
|
|
|
|
|
OAuth::from(OAuthConfig::Zitadel(ZitadelConfig {
|
|
|
|
|
client_id: "something".into(),
|
|
|
|
|
client_secret: "something".into(),
|
|
|
|
|
redirect_url: "https://something".into(),
|
|
|
|
|
auth_url: "https://something".into(),
|
|
|
|
|
token_url: "https://something".into(),
|
|
|
|
|
}))
|
|
|
|
|
.get_token()
|
|
|
|
|
.await
|
|
|
|
|
.unwrap();
|
|
|
|
|
}
|
2023-08-19 16:15:17 +02:00
|
|
|
|
|
|
|
|
#[tokio::test]
|
2023-08-19 16:43:50 +02:00
|
|
|
async fn test_parse_clap_noop() {
|
2023-08-19 23:59:33 +02:00
|
|
|
let cli: Cli = Cli::parse_from(&["base", "--oauth-noop=true"]);
|
2023-08-19 16:43:50 +02:00
|
|
|
|
|
|
|
|
assert_eq!(cli.options.noop.oauth_noop, Some(true));
|
|
|
|
|
|
|
|
|
|
println!("{:?}", cli.options);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[tokio::test]
|
|
|
|
|
async fn test_parse_clap_zitadel() {
|
|
|
|
|
let cli: Cli = Cli::parse_from(&[
|
|
|
|
|
"base",
|
|
|
|
|
"--zitadel-client-id=something",
|
|
|
|
|
"--zitadel-client-secret=something",
|
|
|
|
|
"--zitadel-auth-url=https://something",
|
|
|
|
|
"--zitadel-redirect-url=https://something",
|
|
|
|
|
"--zitadel-token-url=https://something",
|
|
|
|
|
]);
|
2023-08-19 23:59:33 +02:00
|
|
|
println!("{:?}", cli.options);
|
2023-08-19 16:43:50 +02:00
|
|
|
|
|
|
|
|
pretty_assertions::assert_eq!(
|
|
|
|
|
cli.options.zitadel,
|
|
|
|
|
ZitadelClap {
|
|
|
|
|
auth_url: Some("https://something".into()),
|
|
|
|
|
client_id: Some("something".into()),
|
|
|
|
|
client_secret: Some("something".into()),
|
|
|
|
|
redirect_url: Some("https://something".into()),
|
|
|
|
|
token_url: Some("https://something".into())
|
|
|
|
|
}
|
|
|
|
|
);
|
2023-08-19 23:59:33 +02:00
|
|
|
}
|
2023-08-19 16:43:50 +02:00
|
|
|
|
2023-08-19 23:59:33 +02:00
|
|
|
#[test]
|
|
|
|
|
fn test_parse_clap_zitadel_fails_require_all() {
|
|
|
|
|
let cli = CliSubCommand::try_parse_from(&[
|
|
|
|
|
"base",
|
|
|
|
|
"one",
|
|
|
|
|
// "--zitadel-client-id=something", // We want to trigger missing variable
|
|
|
|
|
"--zitadel-client-secret=something",
|
|
|
|
|
"--zitadel-auth-url=https://something",
|
|
|
|
|
"--zitadel-redirect-url=https://something",
|
|
|
|
|
"--zitadel-token-url=https://something",
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
pretty_assertions::assert_eq!(cli.is_err(), true);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[sealed_test]
|
|
|
|
|
fn test_parse_clap_env_zitadel() {
|
|
|
|
|
std::env::set_var("ZITADEL_CLIENT_ID", "something");
|
|
|
|
|
std::env::set_var("ZITADEL_CLIENT_SECRET", "something");
|
|
|
|
|
std::env::set_var("ZITADEL_AUTH_URL", "https://something");
|
|
|
|
|
std::env::set_var("ZITADEL_REDIRECT_URL", "https://something");
|
|
|
|
|
std::env::set_var("ZITADEL_TOKEN_URL", "https://something");
|
|
|
|
|
|
|
|
|
|
let cli = CliSubCommand::parse_from(&["base", "one"]);
|
|
|
|
|
|
|
|
|
|
pretty_assertions::assert_eq!(
|
|
|
|
|
cli.command,
|
|
|
|
|
Commands::One {
|
|
|
|
|
options: OAuthClientClap {
|
|
|
|
|
zitadel: ZitadelClap {
|
|
|
|
|
auth_url: Some("https://something".into()),
|
|
|
|
|
client_id: Some("something".into()),
|
|
|
|
|
client_secret: Some("something".into()),
|
|
|
|
|
redirect_url: Some("https://something".into()),
|
|
|
|
|
token_url: Some("https://something".into())
|
|
|
|
|
},
|
|
|
|
|
noop: NoopConfig { oauth_noop: None }
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_parse_clap_defaults_to_noop() {
|
|
|
|
|
let cli = CliSubCommand::parse_from(&["base", "one"]);
|
|
|
|
|
|
|
|
|
|
pretty_assertions::assert_eq!(
|
|
|
|
|
cli.command,
|
|
|
|
|
Commands::One {
|
|
|
|
|
options: OAuthClientClap {
|
|
|
|
|
zitadel: ZitadelClap {
|
|
|
|
|
auth_url: None,
|
|
|
|
|
client_id: None,
|
|
|
|
|
client_secret: None,
|
|
|
|
|
redirect_url: None,
|
|
|
|
|
token_url: None
|
|
|
|
|
},
|
|
|
|
|
noop: NoopConfig { oauth_noop: None }
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
);
|
2023-08-19 16:15:17 +02:00
|
|
|
}
|
2023-08-19 15:42:29 +02:00
|
|
|
}
|
