feat: with config
Signed-off-by: kjuulh <contact@kjuulh.io>
This commit is contained in:
parent
393be43db1
commit
8711fc2a7b
@ -7,7 +7,7 @@ use oauth2::url::Url;
|
||||
|
||||
use crate::{
|
||||
introspection::IntrospectionService,
|
||||
login::{config::AuthEngine, AuthClap},
|
||||
login::{auth_clap::AuthEngine, AuthClap},
|
||||
oauth::{zitadel::ZitadelConfig, OAuth},
|
||||
session::{SessionService, User},
|
||||
};
|
||||
|
@ -12,7 +12,8 @@ mod test {
|
||||
|
||||
use crate::{
|
||||
login::{
|
||||
config::{AuthEngine, ZitadelClap},
|
||||
auth_clap::{AuthEngine, ZitadelClap},
|
||||
config::ConfigClap,
|
||||
AuthClap,
|
||||
},
|
||||
session::{PostgresqlSessionClap, SessionBackend, SessionClap},
|
||||
@ -35,7 +36,7 @@ mod test {
|
||||
|
||||
#[test]
|
||||
fn test_command_parse_as_default_noop() {
|
||||
let cli: Cli = Cli::parse_from(["base", "one"]);
|
||||
let cli: Cli = Cli::parse_from(["base", "one", "--login-return-url=http://localhost:3001"]);
|
||||
|
||||
assert_eq!(
|
||||
cli.command,
|
||||
@ -51,6 +52,9 @@ mod test {
|
||||
session_backend: SessionBackend::InMemory,
|
||||
session: SessionClap {
|
||||
postgresql: PostgresqlSessionClap { conn: None }
|
||||
},
|
||||
config: ConfigClap {
|
||||
return_url: "http://localhost:3001".into()
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -59,7 +63,13 @@ mod test {
|
||||
|
||||
#[test]
|
||||
fn test_command_parse_as_noop() {
|
||||
let cli: Cli = Cli::parse_from(["base", "one", "--auth-engine", "noop"]);
|
||||
let cli: Cli = Cli::parse_from([
|
||||
"base",
|
||||
"one",
|
||||
"--auth-engine",
|
||||
"noop",
|
||||
"--login-return-url=http://localhost:3001",
|
||||
]);
|
||||
|
||||
assert_eq!(
|
||||
cli.command,
|
||||
@ -75,6 +85,9 @@ mod test {
|
||||
session_backend: SessionBackend::InMemory,
|
||||
session: SessionClap {
|
||||
postgresql: PostgresqlSessionClap { conn: None }
|
||||
},
|
||||
config: ConfigClap {
|
||||
return_url: "http://localhost:3001".into()
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -91,6 +104,7 @@ mod test {
|
||||
"--zitadel-client-secret=something",
|
||||
"--zitadel-redirect-url=https://something",
|
||||
"--zitadel-authority-url=https://something",
|
||||
"--login-return-url=http://localhost:3001",
|
||||
]);
|
||||
|
||||
assert_eq!(
|
||||
@ -107,6 +121,9 @@ mod test {
|
||||
session_backend: SessionBackend::InMemory,
|
||||
session: SessionClap {
|
||||
postgresql: PostgresqlSessionClap { conn: None }
|
||||
},
|
||||
config: ConfigClap {
|
||||
return_url: "http://localhost:3001".into()
|
||||
}
|
||||
},
|
||||
}
|
||||
|
@ -1,6 +1,9 @@
|
||||
use crate::session::{SessionBackend, SessionClap};
|
||||
|
||||
use self::config::{AuthEngine, ZitadelClap};
|
||||
use self::{
|
||||
auth_clap::{AuthEngine, ZitadelClap},
|
||||
config::ConfigClap,
|
||||
};
|
||||
|
||||
#[derive(clap::Args, Clone, PartialEq, Eq, Debug)]
|
||||
pub struct AuthClap {
|
||||
@ -29,79 +32,10 @@ pub struct AuthClap {
|
||||
|
||||
#[clap(flatten)]
|
||||
pub session: SessionClap,
|
||||
|
||||
#[clap(flatten)]
|
||||
pub config: ConfigClap,
|
||||
}
|
||||
|
||||
pub mod config {
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
use crate::oauth::{zitadel::ZitadelConfig, OAuth};
|
||||
|
||||
use super::AuthClap;
|
||||
|
||||
#[derive(clap::ValueEnum, Clone, PartialEq, Eq, Debug)]
|
||||
pub enum AuthEngine {
|
||||
Noop,
|
||||
Zitadel,
|
||||
}
|
||||
|
||||
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
|
||||
pub struct AuthConfigFile {
|
||||
zitadel: Option<ZitadelClap>,
|
||||
}
|
||||
|
||||
#[derive(clap::Args, Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
|
||||
#[group(requires_all = ["client_id", "client_secret", "redirect_url", "authority_url"])]
|
||||
pub struct ZitadelClap {
|
||||
#[arg(env = "ZITADEL_CLIENT_ID", long = "zitadel-client-id")]
|
||||
pub client_id: Option<String>,
|
||||
|
||||
#[arg(env = "ZITADEL_CLIENT_SECRET", long = "zitadel-client-secret")]
|
||||
pub client_secret: Option<String>,
|
||||
|
||||
#[arg(env = "ZITADEL_REDIRECT_URL", long = "zitadel-redirect-url")]
|
||||
pub redirect_url: Option<String>,
|
||||
|
||||
#[arg(env = "ZITADEL_AUTHORITY_URL", long = "zitadel-authority-url")]
|
||||
pub authority_url: Option<String>,
|
||||
}
|
||||
|
||||
impl TryFrom<AuthClap> for OAuth {
|
||||
type Error = anyhow::Error;
|
||||
|
||||
fn try_from(value: AuthClap) -> Result<Self, Self::Error> {
|
||||
match value.engine {
|
||||
AuthEngine::Noop => Ok(OAuth::new_noop()),
|
||||
AuthEngine::Zitadel => Ok(OAuth::from(ZitadelConfig::try_from(value.zitadel)?)),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl AuthClap {
|
||||
pub fn merge(&mut self, config: AuthConfigFile) -> &mut Self {
|
||||
if let Some(zitadel) = config.zitadel {
|
||||
if let Some(client_id) = zitadel.client_id {
|
||||
if self.zitadel.client_id.is_some() {
|
||||
_ = self.zitadel.client_id.replace(client_id);
|
||||
}
|
||||
}
|
||||
if let Some(client_secret) = zitadel.client_secret {
|
||||
if self.zitadel.client_secret.is_some() {
|
||||
_ = self.zitadel.client_secret.replace(client_secret);
|
||||
}
|
||||
}
|
||||
if let Some(redirect_url) = zitadel.redirect_url {
|
||||
if self.zitadel.redirect_url.is_some() {
|
||||
_ = self.zitadel.redirect_url.replace(redirect_url);
|
||||
}
|
||||
}
|
||||
if let Some(authority_url) = zitadel.authority_url {
|
||||
if self.zitadel.authority_url.is_some() {
|
||||
_ = self.zitadel.authority_url.replace(authority_url);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
self
|
||||
}
|
||||
}
|
||||
}
|
||||
pub mod auth_clap;
|
||||
pub mod config;
|
||||
|
72
crates/nefarious-login/src/login/auth_clap.rs
Normal file
72
crates/nefarious-login/src/login/auth_clap.rs
Normal file
@ -0,0 +1,72 @@
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
use crate::oauth::{zitadel::ZitadelConfig, OAuth};
|
||||
|
||||
use super::AuthClap;
|
||||
|
||||
#[derive(clap::ValueEnum, Clone, PartialEq, Eq, Debug)]
|
||||
pub enum AuthEngine {
|
||||
Noop,
|
||||
Zitadel,
|
||||
}
|
||||
|
||||
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
|
||||
pub struct AuthConfigFile {
|
||||
zitadel: Option<ZitadelClap>,
|
||||
}
|
||||
|
||||
#[derive(clap::Args, Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
|
||||
#[group(requires_all = ["client_id", "client_secret", "redirect_url", "authority_url"])]
|
||||
pub struct ZitadelClap {
|
||||
#[arg(env = "ZITADEL_CLIENT_ID", long = "zitadel-client-id")]
|
||||
pub client_id: Option<String>,
|
||||
|
||||
#[arg(env = "ZITADEL_CLIENT_SECRET", long = "zitadel-client-secret")]
|
||||
pub client_secret: Option<String>,
|
||||
|
||||
#[arg(env = "ZITADEL_REDIRECT_URL", long = "zitadel-redirect-url")]
|
||||
pub redirect_url: Option<String>,
|
||||
|
||||
#[arg(env = "ZITADEL_AUTHORITY_URL", long = "zitadel-authority-url")]
|
||||
pub authority_url: Option<String>,
|
||||
}
|
||||
|
||||
impl TryFrom<AuthClap> for OAuth {
|
||||
type Error = anyhow::Error;
|
||||
|
||||
fn try_from(value: AuthClap) -> Result<Self, Self::Error> {
|
||||
match value.engine {
|
||||
AuthEngine::Noop => Ok(OAuth::new_noop()),
|
||||
AuthEngine::Zitadel => Ok(OAuth::from(ZitadelConfig::try_from(value.zitadel)?)),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl AuthClap {
|
||||
pub fn merge(&mut self, config: AuthConfigFile) -> &mut Self {
|
||||
if let Some(zitadel) = config.zitadel {
|
||||
if let Some(client_id) = zitadel.client_id {
|
||||
if self.zitadel.client_id.is_some() {
|
||||
_ = self.zitadel.client_id.replace(client_id);
|
||||
}
|
||||
}
|
||||
if let Some(client_secret) = zitadel.client_secret {
|
||||
if self.zitadel.client_secret.is_some() {
|
||||
_ = self.zitadel.client_secret.replace(client_secret);
|
||||
}
|
||||
}
|
||||
if let Some(redirect_url) = zitadel.redirect_url {
|
||||
if self.zitadel.redirect_url.is_some() {
|
||||
_ = self.zitadel.redirect_url.replace(redirect_url);
|
||||
}
|
||||
}
|
||||
if let Some(authority_url) = zitadel.authority_url {
|
||||
if self.zitadel.authority_url.is_some() {
|
||||
_ = self.zitadel.authority_url.replace(authority_url);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
self
|
||||
}
|
||||
}
|
7
crates/nefarious-login/src/login/config.rs
Normal file
7
crates/nefarious-login/src/login/config.rs
Normal file
@ -0,0 +1,7 @@
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
#[derive(clap::Args, Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
|
||||
pub struct ConfigClap {
|
||||
#[arg(env = "NEF_LOGIN_RETURN_URL", long = "login-return-url")]
|
||||
pub return_url: String,
|
||||
}
|
@ -43,7 +43,7 @@ mod tests {
|
||||
use clap::Parser;
|
||||
use sealed_test::prelude::*;
|
||||
|
||||
use crate::login::config::ZitadelClap;
|
||||
use crate::login::auth_clap::ZitadelClap;
|
||||
|
||||
#[derive(Parser)]
|
||||
#[command(author, version, about, long_about = None)]
|
||||
|
@ -11,7 +11,7 @@ use oauth2::{
|
||||
ClientSecret, CsrfToken, RedirectUrl, Scope, TokenResponse, TokenUrl,
|
||||
};
|
||||
|
||||
use crate::login::config::ZitadelClap;
|
||||
use crate::login::auth_clap::ZitadelClap;
|
||||
|
||||
use super::{OAuth, OAuthClient};
|
||||
|
||||
|
@ -10,7 +10,8 @@ use nefarious_login::{
|
||||
auth::AuthService,
|
||||
axum::{AuthController, UserFromSession},
|
||||
login::{
|
||||
config::{AuthEngine, ZitadelClap},
|
||||
auth_clap::{AuthEngine, ZitadelClap},
|
||||
config::ConfigClap,
|
||||
AuthClap,
|
||||
},
|
||||
session::{PostgresqlSessionClap, SessionBackend},
|
||||
@ -44,6 +45,7 @@ async fn main() -> anyhow::Result<()> {
|
||||
conn: Some("postgres://nefarious-test:somenotverysecurepassword@localhost:5432/nefarious-test".into()),
|
||||
},
|
||||
},
|
||||
config: ConfigClap { return_url: "http://localhost:3001/authed".into() }
|
||||
};
|
||||
|
||||
let auth_service = AuthService::new(&auth).await?;
|
||||
|
@ -40,6 +40,7 @@ async fn main() -> anyhow::Result<()> {
|
||||
"--zitadel-client-secret=rWwDi8gjNOyuMFKoOjNSlhjcVZ1B25wDh6HsDL27f0g2Hb0xGbvEf0WXFY2akOlL",
|
||||
"--session-backend=postgresql",
|
||||
"--session-postgres-conn=postgres://nefarious-test:somenotverysecurepassword@localhost:5432/nafarious-test",
|
||||
"--login-return-url=http://localhost:3001/authed"
|
||||
]);
|
||||
|
||||
let auth_service = AuthService::new(&cmd.auth).await?;
|
||||
|
Loading…
Reference in New Issue
Block a user