feat: with config
All checks were successful
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/push/test Pipeline was successful

Signed-off-by: kjuulh <contact@kjuulh.io>
This commit is contained in:
Kasper Juul Hermansen 2023-11-01 21:51:09 +01:00
parent 393be43db1
commit 8711fc2a7b
Signed by: kjuulh
GPG Key ID: 57B6E1465221F912
9 changed files with 115 additions and 82 deletions

View File

@ -7,7 +7,7 @@ use oauth2::url::Url;
use crate::{
introspection::IntrospectionService,
login::{config::AuthEngine, AuthClap},
login::{auth_clap::AuthEngine, AuthClap},
oauth::{zitadel::ZitadelConfig, OAuth},
session::{SessionService, User},
};

View File

@ -12,7 +12,8 @@ mod test {
use crate::{
login::{
config::{AuthEngine, ZitadelClap},
auth_clap::{AuthEngine, ZitadelClap},
config::ConfigClap,
AuthClap,
},
session::{PostgresqlSessionClap, SessionBackend, SessionClap},
@ -35,7 +36,7 @@ mod test {
#[test]
fn test_command_parse_as_default_noop() {
let cli: Cli = Cli::parse_from(["base", "one"]);
let cli: Cli = Cli::parse_from(["base", "one", "--login-return-url=http://localhost:3001"]);
assert_eq!(
cli.command,
@ -51,6 +52,9 @@ mod test {
session_backend: SessionBackend::InMemory,
session: SessionClap {
postgresql: PostgresqlSessionClap { conn: None }
},
config: ConfigClap {
return_url: "http://localhost:3001".into()
}
}
}
@ -59,7 +63,13 @@ mod test {
#[test]
fn test_command_parse_as_noop() {
let cli: Cli = Cli::parse_from(["base", "one", "--auth-engine", "noop"]);
let cli: Cli = Cli::parse_from([
"base",
"one",
"--auth-engine",
"noop",
"--login-return-url=http://localhost:3001",
]);
assert_eq!(
cli.command,
@ -75,6 +85,9 @@ mod test {
session_backend: SessionBackend::InMemory,
session: SessionClap {
postgresql: PostgresqlSessionClap { conn: None }
},
config: ConfigClap {
return_url: "http://localhost:3001".into()
}
}
}
@ -91,6 +104,7 @@ mod test {
"--zitadel-client-secret=something",
"--zitadel-redirect-url=https://something",
"--zitadel-authority-url=https://something",
"--login-return-url=http://localhost:3001",
]);
assert_eq!(
@ -107,6 +121,9 @@ mod test {
session_backend: SessionBackend::InMemory,
session: SessionClap {
postgresql: PostgresqlSessionClap { conn: None }
},
config: ConfigClap {
return_url: "http://localhost:3001".into()
}
},
}

View File

@ -1,6 +1,9 @@
use crate::session::{SessionBackend, SessionClap};
use self::config::{AuthEngine, ZitadelClap};
use self::{
auth_clap::{AuthEngine, ZitadelClap},
config::ConfigClap,
};
#[derive(clap::Args, Clone, PartialEq, Eq, Debug)]
pub struct AuthClap {
@ -29,79 +32,10 @@ pub struct AuthClap {
#[clap(flatten)]
pub session: SessionClap,
#[clap(flatten)]
pub config: ConfigClap,
}
pub mod config {
use serde::{Deserialize, Serialize};
use crate::oauth::{zitadel::ZitadelConfig, OAuth};
use super::AuthClap;
#[derive(clap::ValueEnum, Clone, PartialEq, Eq, Debug)]
pub enum AuthEngine {
Noop,
Zitadel,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct AuthConfigFile {
zitadel: Option<ZitadelClap>,
}
#[derive(clap::Args, Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
#[group(requires_all = ["client_id", "client_secret", "redirect_url", "authority_url"])]
pub struct ZitadelClap {
#[arg(env = "ZITADEL_CLIENT_ID", long = "zitadel-client-id")]
pub client_id: Option<String>,
#[arg(env = "ZITADEL_CLIENT_SECRET", long = "zitadel-client-secret")]
pub client_secret: Option<String>,
#[arg(env = "ZITADEL_REDIRECT_URL", long = "zitadel-redirect-url")]
pub redirect_url: Option<String>,
#[arg(env = "ZITADEL_AUTHORITY_URL", long = "zitadel-authority-url")]
pub authority_url: Option<String>,
}
impl TryFrom<AuthClap> for OAuth {
type Error = anyhow::Error;
fn try_from(value: AuthClap) -> Result<Self, Self::Error> {
match value.engine {
AuthEngine::Noop => Ok(OAuth::new_noop()),
AuthEngine::Zitadel => Ok(OAuth::from(ZitadelConfig::try_from(value.zitadel)?)),
}
}
}
impl AuthClap {
pub fn merge(&mut self, config: AuthConfigFile) -> &mut Self {
if let Some(zitadel) = config.zitadel {
if let Some(client_id) = zitadel.client_id {
if self.zitadel.client_id.is_some() {
_ = self.zitadel.client_id.replace(client_id);
}
}
if let Some(client_secret) = zitadel.client_secret {
if self.zitadel.client_secret.is_some() {
_ = self.zitadel.client_secret.replace(client_secret);
}
}
if let Some(redirect_url) = zitadel.redirect_url {
if self.zitadel.redirect_url.is_some() {
_ = self.zitadel.redirect_url.replace(redirect_url);
}
}
if let Some(authority_url) = zitadel.authority_url {
if self.zitadel.authority_url.is_some() {
_ = self.zitadel.authority_url.replace(authority_url);
}
}
}
self
}
}
}
pub mod auth_clap;
pub mod config;

View File

@ -0,0 +1,72 @@
use serde::{Deserialize, Serialize};
use crate::oauth::{zitadel::ZitadelConfig, OAuth};
use super::AuthClap;
#[derive(clap::ValueEnum, Clone, PartialEq, Eq, Debug)]
pub enum AuthEngine {
Noop,
Zitadel,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct AuthConfigFile {
zitadel: Option<ZitadelClap>,
}
#[derive(clap::Args, Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
#[group(requires_all = ["client_id", "client_secret", "redirect_url", "authority_url"])]
pub struct ZitadelClap {
#[arg(env = "ZITADEL_CLIENT_ID", long = "zitadel-client-id")]
pub client_id: Option<String>,
#[arg(env = "ZITADEL_CLIENT_SECRET", long = "zitadel-client-secret")]
pub client_secret: Option<String>,
#[arg(env = "ZITADEL_REDIRECT_URL", long = "zitadel-redirect-url")]
pub redirect_url: Option<String>,
#[arg(env = "ZITADEL_AUTHORITY_URL", long = "zitadel-authority-url")]
pub authority_url: Option<String>,
}
impl TryFrom<AuthClap> for OAuth {
type Error = anyhow::Error;
fn try_from(value: AuthClap) -> Result<Self, Self::Error> {
match value.engine {
AuthEngine::Noop => Ok(OAuth::new_noop()),
AuthEngine::Zitadel => Ok(OAuth::from(ZitadelConfig::try_from(value.zitadel)?)),
}
}
}
impl AuthClap {
pub fn merge(&mut self, config: AuthConfigFile) -> &mut Self {
if let Some(zitadel) = config.zitadel {
if let Some(client_id) = zitadel.client_id {
if self.zitadel.client_id.is_some() {
_ = self.zitadel.client_id.replace(client_id);
}
}
if let Some(client_secret) = zitadel.client_secret {
if self.zitadel.client_secret.is_some() {
_ = self.zitadel.client_secret.replace(client_secret);
}
}
if let Some(redirect_url) = zitadel.redirect_url {
if self.zitadel.redirect_url.is_some() {
_ = self.zitadel.redirect_url.replace(redirect_url);
}
}
if let Some(authority_url) = zitadel.authority_url {
if self.zitadel.authority_url.is_some() {
_ = self.zitadel.authority_url.replace(authority_url);
}
}
}
self
}
}

View File

@ -0,0 +1,7 @@
use serde::{Deserialize, Serialize};
#[derive(clap::Args, Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct ConfigClap {
#[arg(env = "NEF_LOGIN_RETURN_URL", long = "login-return-url")]
pub return_url: String,
}

View File

@ -43,7 +43,7 @@ mod tests {
use clap::Parser;
use sealed_test::prelude::*;
use crate::login::config::ZitadelClap;
use crate::login::auth_clap::ZitadelClap;
#[derive(Parser)]
#[command(author, version, about, long_about = None)]

View File

@ -11,7 +11,7 @@ use oauth2::{
ClientSecret, CsrfToken, RedirectUrl, Scope, TokenResponse, TokenUrl,
};
use crate::login::config::ZitadelClap;
use crate::login::auth_clap::ZitadelClap;
use super::{OAuth, OAuthClient};

View File

@ -10,7 +10,8 @@ use nefarious_login::{
auth::AuthService,
axum::{AuthController, UserFromSession},
login::{
config::{AuthEngine, ZitadelClap},
auth_clap::{AuthEngine, ZitadelClap},
config::ConfigClap,
AuthClap,
},
session::{PostgresqlSessionClap, SessionBackend},
@ -44,6 +45,7 @@ async fn main() -> anyhow::Result<()> {
conn: Some("postgres://nefarious-test:somenotverysecurepassword@localhost:5432/nefarious-test".into()),
},
},
config: ConfigClap { return_url: "http://localhost:3001/authed".into() }
};
let auth_service = AuthService::new(&auth).await?;

View File

@ -40,6 +40,7 @@ async fn main() -> anyhow::Result<()> {
"--zitadel-client-secret=rWwDi8gjNOyuMFKoOjNSlhjcVZ1B25wDh6HsDL27f0g2Hb0xGbvEf0WXFY2akOlL",
"--session-backend=postgresql",
"--session-postgres-conn=postgres://nefarious-test:somenotverysecurepassword@localhost:5432/nafarious-test",
"--login-return-url=http://localhost:3001/authed"
]);
let auth_service = AuthService::new(&cmd.auth).await?;