style: use cargo fmt for formatting

Co-authored-by: tronghn <[email protected]>
Co-authored-by: kimtore <[email protected]>

Author: 3 people

src/handlers.rs

@@ -6,6 +6,7 @@ use crate::identity_provider::*;
 use crate::types;
 use crate::types::{IdentityProvider, IntrospectRequest, TokenRequest, TokenResponse};
 use axum::extract::State;
+use axum::http::header::CONTENT_TYPE;
 use axum::http::StatusCode;
 use axum::response::{IntoResponse, Response};
 use axum::Json;
@@ -14,52 +15,65 @@ use jsonwebtoken::Algorithm::RS512;
 use jsonwebtoken::DecodingKey;
 use log::error;
 use std::sync::Arc;
-use axum::http::header::CONTENT_TYPE;
 use thiserror::Error;
 use tokio::sync::RwLock;
 
 #[axum::debug_handler]
-pub async fn token(State(state): State<HandlerState>, JsonOrForm(request): JsonOrForm<TokenRequest>) -> Result<impl IntoResponse, ApiError> {
+pub async fn token(
+    State(state): State<HandlerState>,
+    JsonOrForm(request): JsonOrForm<TokenRequest>,
+) -> Result<impl IntoResponse, ApiError> {
     let endpoint = state.token_endpoint(&request.identity_provider).await;
-    let params = state.token_request(&request.identity_provider, request.target).await;
+    let params = state
+        .token_request(&request.identity_provider, request.target)
+        .await;
 
     let client = reqwest::Client::new();
-    let request_builder = client.post(endpoint)
+    let request_builder = client
+        .post(endpoint)
         .header("accept", "application/json")
         .form(&params);
 
     let response = request_builder
         .send()
         .await
-        .map_err(ApiError::UpstreamRequest)?
-        ;
+        .map_err(ApiError::UpstreamRequest)?;
 
     if response.status() >= StatusCode::BAD_REQUEST {
         let err: types::ErrorResponse = response.json().await.map_err(ApiError::JSON)?;
         return Err(ApiError::Upstream(err));
     }
 
     let res: TokenResponse = response
-        .json().await
-        .inspect_err(|err| {
-            error!("Identity provider returned invalid JSON: {:?}", err)
-        })
-        .map_err(ApiError::JSON)?
-        ;
+        .json()
+        .await
+        .inspect_err(|err| error!("Identity provider returned invalid JSON: {:?}", err))
+        .map_err(ApiError::JSON)?;
 
     Ok((StatusCode::OK, Json(res)))
 }
 
-pub async fn introspection(State(state): State<HandlerState>, Json(request): Json<IntrospectRequest>) -> Result<impl IntoResponse, ApiError> {
+pub async fn introspection(
+    State(state): State<HandlerState>,
+    Json(request): Json<IntrospectRequest>,
+) -> Result<impl IntoResponse, ApiError> {
     // Need to decode the token to get the issuer before we actually validate it.
     let mut validation = jwt::Validation::new(RS512);
     validation.validate_exp = false;
     validation.insecure_disable_signature_validation();
     let key = DecodingKey::from_secret(&[]);
-    let token_data = jwt::decode::<Claims>(&request.token, &key, &validation).map_err(ApiError::Validate)?;
+    let token_data =
+        jwt::decode::<Claims>(&request.token, &key, &validation).map_err(ApiError::Validate)?;
 
     let claims = match token_data.claims.iss {
-        s if s == state.cfg.maskinporten_issuer => state.maskinporten.write().await.introspect(request.token).await,
+        s if s == state.cfg.maskinporten_issuer => {
+            state
+                .maskinporten
+                .write()
+                .await
+                .introspect(request.token)
+                .await
+        }
         _ => panic!("Unknown issuer: {}", token_data.claims.iss),
     };
 
@@ -74,7 +88,11 @@ pub struct HandlerState {
 }
 
 impl HandlerState {
-    async fn token_request(&self, identity_provider: &IdentityProvider, target: String) -> Box<dyn erased_serde::Serialize + Send> {
+    async fn token_request(
+        &self,
+        identity_provider: &IdentityProvider,
+        target: String,
+    ) -> Box<dyn erased_serde::Serialize + Send> {
         match identity_provider {
             IdentityProvider::EntraID => todo!(),
             IdentityProvider::TokenX => todo!(),
@@ -88,9 +106,7 @@ impl HandlerState {
         match identity_provider {
             IdentityProvider::EntraID => todo!(),
             IdentityProvider::TokenX => todo!(),
-            IdentityProvider::Maskinporten => {
-                self.maskinporten.read().await.token_endpoint()
-            }
+            IdentityProvider::Maskinporten => self.maskinporten.read().await.token_endpoint(),
         }
     }
 }
@@ -113,19 +129,15 @@ pub enum ApiError {
 impl IntoResponse for ApiError {
     fn into_response(self) -> Response {
         match &self {
-            ApiError::UpstreamRequest(err) => {
-                (err.status().unwrap_or(StatusCode::INTERNAL_SERVER_ERROR), self.to_string())
-            }
-            ApiError::JSON(_) => {
-                (StatusCode::INTERNAL_SERVER_ERROR, self.to_string())
-            }
-            ApiError::Upstream(_err) => {
-                (StatusCode::INTERNAL_SERVER_ERROR, self.to_string())
-            }
-            ApiError::Validate(_) => {
-                (StatusCode::BAD_REQUEST, self.to_string())
-            }
-        }.into_response()
+            ApiError::UpstreamRequest(err) => (
+                err.status().unwrap_or(StatusCode::INTERNAL_SERVER_ERROR),
+                self.to_string(),
+            ),
+            ApiError::JSON(_) => (StatusCode::INTERNAL_SERVER_ERROR, self.to_string()),
+            ApiError::Upstream(_err) => (StatusCode::INTERNAL_SERVER_ERROR, self.to_string()),
+            ApiError::Validate(_) => (StatusCode::BAD_REQUEST, self.to_string()),
+        }
+        .into_response()
     }
 }
 

src/identity_provider.rs

@@ -9,7 +9,10 @@ use std::collections::HashMap;
 pub trait Provider<T: Serialize> {
     fn token_request(&self, target: String) -> T;
     fn token_endpoint(&self) -> String;
-    fn introspect(&mut self, token: String) -> impl std::future::Future<Output=HashMap<String, Value>> + Send;
+    fn introspect(
+        &mut self,
+        token: String,
+    ) -> impl std::future::Future<Output = HashMap<String, Value>> + Send;
 }
 
 #[derive(Clone)]
@@ -68,7 +71,10 @@ pub struct MaskinportenTokenRequest {
 
 impl Provider<MaskinportenTokenRequest> for Maskinporten {
     fn token_request(&self, target: String) -> MaskinportenTokenRequest {
-        let now = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).unwrap().as_secs();
+        let now = std::time::SystemTime::now()
+            .duration_since(std::time::UNIX_EPOCH)
+            .unwrap()
+            .as_secs();
         let jti = uuid::Uuid::new_v4();
 
         let claims = AssertionClaims {
@@ -80,11 +86,7 @@ impl Provider<MaskinportenTokenRequest> for Maskinporten {
             aud: self.cfg.maskinporten_issuer.to_string(),
         };
 
-        let token = jwt::encode(
-            &self.client_assertion_header,
-            &claims,
-            &self.private_jwk,
-        ).unwrap();
+        let token = jwt::encode(&self.client_assertion_header, &claims, &self.private_jwk).unwrap();
 
         MaskinportenTokenRequest {
             grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer".to_string(),
@@ -97,15 +99,17 @@ impl Provider<MaskinportenTokenRequest> for Maskinporten {
     }
 
     async fn introspect(&mut self, token: String) -> HashMap<String, Value> {
-        self.upstream_jwks.validate(&token).await
+        self.upstream_jwks
+            .validate(&token)
+            .await
             .map(|mut hashmap| {
                 hashmap.insert("active".to_string(), Value::Bool(true));
                 hashmap
             })
             .unwrap_or_else(|err| {
                 HashMap::from([
                     ("active".to_string(), Value::Bool(false)),
-                    ("error".to_string(), Value::String(format!("{:?}", err)))
+                    ("error".to_string(), Value::String(format!("{:?}", err))),
                 ])
             })
     }

src/jwks.rs

@@ -30,15 +30,15 @@ impl Jwks {
         }
 
         let client = reqwest::Client::new();
-        let request_builder = client.get(endpoint)
-            .header("accept", "application/json");
+        let request_builder = client.get(endpoint).header("accept", "application/json");
 
         let response: Response = request_builder
-            .send().await
+            .send()
+            .await
             .map_err(Error::Fetch)?
-            .json().await
-            .map_err(Error::JsonDecode)?
-            ;
+            .json()
+            .await
+            .map_err(Error::JsonDecode)?;
 
         let mut keys: HashMap<String, jwk::JsonWebKey> = HashMap::new();
         for key in response.keys {
@@ -61,10 +61,7 @@ impl Jwks {
 
     /// Check a JWT against a JWKS.
     /// Returns the JWT's claims on success.
-    pub async fn validate(
-        &mut self,
-        token: &str,
-    ) -> Result<HashMap<String, Value>, Error> {
+    pub async fn validate(&mut self, token: &str) -> Result<HashMap<String, Value>, Error> {
         let alg = jwt::Algorithm::RS256;
         let mut validation = jwt::Validation::new(alg);
         validation.set_required_spec_claims(&["iss", "exp", "iat"]);
@@ -73,8 +70,8 @@ impl Jwks {
 
         let key_id = jwt::decode_header(token)
             .map_err(Error::InvalidTokenHeader)?
-            .kid.ok_or(Error::MissingKeyID)?
-            ;
+            .kid
+            .ok_or(Error::MissingKeyID)?;
 
         // Refresh key store if needed before validating.
         let signing_key = match self.keys.get(&key_id) {
@@ -85,9 +82,12 @@ impl Jwks {
             Some(key) => key,
         };
 
-        Ok(jwt::decode::<HashMap<String, Value>>(token, &signing_key.key.to_decoding_key(), &validation)
-            .map_err(InvalidToken)?
-            .claims
+        Ok(jwt::decode::<HashMap<String, Value>>(
+            token,
+            &signing_key.key.to_decoding_key(),
+            &validation,
         )
+        .map_err(InvalidToken)?
+        .claims)
     }
 }

src/main.rs

@@ -1,15 +1,15 @@
+pub mod handlers;
 pub mod identity_provider;
 pub mod jwks;
-pub mod handlers;
 pub mod types;
 
-use std::sync::Arc;
 use crate::config::Config;
 use axum::routing::post;
-use axum::{Router};
+use axum::Router;
 use clap::Parser;
 use dotenv::dotenv;
 use log::{info, LevelFilter};
+use std::sync::Arc;
 use tokio::sync::RwLock;
 
 pub mod config {
@@ -52,7 +52,9 @@ fn print_texas_logo() {
 
 #[tokio::main]
 async fn main() {
-    env_logger::builder().filter_level(LevelFilter::Debug).init();
+    env_logger::builder()
+        .filter_level(LevelFilter::Debug)
+        .init();
 
     print_texas_logo();
 
@@ -62,7 +64,9 @@ async fn main() {
 
     let maskinporten = identity_provider::Maskinporten::new(
         cfg.clone(),
-        jwks::Jwks::new(&cfg.maskinporten_issuer, &cfg.maskinporten_jwks_uri).await.unwrap(),
+        jwks::Jwks::new(&cfg.maskinporten_issuer, &cfg.maskinporten_jwks_uri)
+            .await
+            .unwrap(),
     );
 
     let state = handlers::HandlerState {
@@ -71,14 +75,18 @@ async fn main() {
     };
 
     let app = Router::new()
-        .route("/token", post(handlers::token)).with_state(state.clone())
-        .route("/introspection", post(handlers::introspection).with_state(state.clone()));
+        .route("/token", post(handlers::token))
+        .with_state(state.clone())
+        .route(
+            "/introspection",
+            post(handlers::introspection).with_state(state.clone()),
+        );
 
-    let listener = tokio::net::TcpListener::bind(cfg.bind_address).await.unwrap();
+    let listener = tokio::net::TcpListener::bind(cfg.bind_address)
+        .await
+        .unwrap();
 
     info!("Serving on {:?}", listener.local_addr().unwrap());
 
     axum::serve(listener, app).await.unwrap();
 }
-
-

src/types.rs

@@ -35,7 +35,7 @@ pub struct ClientTokenRequest {
 /// but this might change in the future.
 #[derive(Deserialize, Serialize)]
 pub enum TokenType {
-    Bearer
+    Bearer,
 }
 
 /// This is a token request that comes from the application we are serving.