Skip to content

Commit

Permalink
feat: update general dependencies and axum to v0.7 (#521)
Browse files Browse the repository at this point in the history
* feat: update general dependencies and axum to v0.7

Closes #514.
Closes #519.
Closes #518.

* ignore marvin attack for now. there is no fix

* fix doctest
  • Loading branch information
buehler authored Jan 23, 2024
1 parent a94b889 commit 8c51b37
Show file tree
Hide file tree
Showing 7 changed files with 37 additions and 30 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/security-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@ jobs:
- uses: rustsec/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
ignore: RUSTSEC-2020-0071
ignore: RUSTSEC-2020-0071, RUSTSEC-2023-0071
24 changes: 12 additions & 12 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -53,35 +53,35 @@ rocket = ["credentials", "oidc", "dep:rocket"]

[dependencies]
async-trait = { version = "0.1.74", optional = true }
axum = { version = "0.6.20", optional = true, features = ["headers", "macros"] }
axum-extra = { version = "0.8.0", optional = true }
axum = { version = "0.7", optional = true, features = ["macros"] }
axum-extra = { version = "0.9", optional = true, features = ["typed-header"] }
base64-compat = { version = "1", optional = true }
custom_error = "1.9.2"
document-features = { version = "0.2", optional = true }
jsonwebtoken = { version = "9.1.0", optional = true }
jsonwebtoken = { version = "9.2.0", optional = true }
openidconnect = { version = "3.4.0", optional = true }
pbjson-types = { version = "0.5.1", optional = true }
prost = { version = "0.11", optional = true }
prost-types = { version = "0.11", optional = true }
reqwest = { version = "0.11.22", features = ["json", "rustls-tls"], default-features = false, optional = true }
rocket = { version = "0.5.0-rc.3", optional = true }
pbjson-types = { version = "0.6", optional = true }
prost = { version = "0.12", optional = true }
prost-types = { version = "0.12", optional = true }
reqwest = { version = "0.11.23", features = ["json", "rustls-tls"], default-features = false, optional = true }
rocket = { version = "0.5.0", optional = true }
serde = { version = "1.0", features = ["derive"], optional = true }
serde_json = { version = "1.0", optional = true }
serde_urlencoded = { version = "0.7.1", optional = true }
time = { version = "0.3.30", optional = true }
time = { version = "0.3.31", optional = true }
tokio = { version = "1", optional = true, features = [
"macros",
"rt-multi-thread",
] }
tonic = { version = "0.9", features = [
tonic = { version = "0.10", features = [
"tls",
"tls-roots",
"tls-roots-common",
], optional = true }
tonic-types = { version = "0.9", optional = true }
tonic-types = { version = "0.10", optional = true }

[dev-dependencies]
chrono = "0.4.31"
chrono = "0.4.32"
tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
tower = { version = "0.4.13" }

Expand Down
8 changes: 7 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,12 @@
This repository contains the gRPC service clients and helpers/credentials/other utilities
for [ZITADEL](https://github.com/zitadel/zitadel).

The following features are present:
- API clients for communication with the ZITADEL API (calling gRPC methods)
- Credentials support for the API clients (access token and service account interceptors)
- OIDC Introspection support for [rocket](https://rocket.rs)
- OIDC Introspection support for [axum](https://github.com/tokio-rs/axum)

### Example

There exist a few examples in the `examples` directory.
Expand All @@ -11,7 +17,7 @@ Go there to see the library in action, or head over to the

### Development

After you checkout the repository, you need ["just"](https://just.systems) to run
After you clone the repository, you need ["just"](https://just.systems) to run
certain tasks. Generating the gRPC clients is done via `just generate-grpc` or `just`
(as it is configured to be the default action for just).

Expand Down
5 changes: 3 additions & 2 deletions examples/axum_webapi_oauth_interception_basic.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ use std::net::SocketAddr;
use axum::response::IntoResponse;
use axum::routing::get;
use axum::Router;
use tokio::net::TcpListener;
use zitadel::axum::introspection::{IntrospectedUser, IntrospectionStateBuilder};

async fn unauthed() -> String {
Expand Down Expand Up @@ -35,8 +36,8 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {

let addr = SocketAddr::from(([127, 0, 0, 1], 3001));
println!("listening on: {addr}");
axum::Server::bind(&addr)
.serve(app.into_make_service())
let listener = TcpListener::bind(addr).await?;
axum::serve(listener, app.into_make_service())
.await
.unwrap();

Expand Down
5 changes: 3 additions & 2 deletions src/axum/introspection/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
//! # use axum::response::IntoResponse;
//! # use axum::routing::get;
//! # use axum::Router;
//! # use tokio::net::TcpListener;
//! # use tokio::runtime::Builder;
//! # use std::net::SocketAddr;
//! #
Expand All @@ -32,8 +33,8 @@
//!
//! let addr = SocketAddr::from(([127, 0, 0, 1], 3001));
//! println!("listening on: {addr}");
//! axum::Server::bind(&addr)
//! .serve(app.into_make_service())
//! let listener = TcpListener::bind(addr).await.unwrap();
//! axum::serve(listener, app.into_make_service())
//! .await
//! .unwrap();
//! # }
Expand Down
12 changes: 7 additions & 5 deletions src/axum/introspection/user.rs
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
use axum::http::StatusCode;
use axum::{
async_trait,
extract::{FromRef, FromRequestParts},
headers::{authorization::Bearer, Authorization},
http::request::Parts,
response::IntoResponse,
Json, RequestPartsExt, TypedHeader,
Json, RequestPartsExt,
};
use axum_extra::headers::authorization::Bearer;
use axum_extra::headers::Authorization;
use axum_extra::TypedHeader;
use custom_error::custom_error;
use openidconnect::TokenIntrospectionResponse;
use reqwest::StatusCode;
use serde_json::json;

use crate::oidc::introspection::{introspect, IntrospectionError, ZitadelIntrospectionResponse};
Expand Down Expand Up @@ -51,7 +53,7 @@ impl IntoResponse for IntrospectionGuardError {
}
}

/// struct for the extracted user. The extracted user will always be valid, when fetched in a
/// Struct for the extracted user. The extracted user will always be valid, when fetched in a
/// request function arguments. If not the api will return with an appropriate error.
#[derive(Debug)]
pub struct IntrospectedUser {
Expand Down Expand Up @@ -132,10 +134,10 @@ mod tests {
use axum::routing::get;
use axum::Router;
use tokio::runtime::Builder;
use tower::ServiceExt;

use crate::axum::introspection::{IntrospectionState, IntrospectionStateBuilder};
use crate::credentials::Application;
use tower::ServiceExt;

use super::*;

Expand Down
11 changes: 4 additions & 7 deletions src/rocket/introspection/guard.rs
Original file line number Diff line number Diff line change
Expand Up @@ -60,17 +60,14 @@ impl<'request> FromRequest<'request> for &'request IntrospectedUser {
async fn from_request(request: &'request Request<'_>) -> Outcome<Self, Self::Error> {
let auth: Vec<_> = request.headers().get("authorization").collect();
if auth.len() > 1 {
return Outcome::Failure((Status::BadRequest, &IntrospectionGuardError::InvalidHeader));
return Outcome::Error((Status::BadRequest, &IntrospectionGuardError::InvalidHeader));
} else if auth.is_empty() {
return Outcome::Failure((
Status::Unauthorized,
&IntrospectionGuardError::Unauthorized,
));
return Outcome::Error((Status::Unauthorized, &IntrospectionGuardError::Unauthorized));
}

let token = auth[0];
if !token.starts_with("Bearer ") {
return Outcome::Failure((Status::Unauthorized, &IntrospectionGuardError::WrongScheme));
return Outcome::Error((Status::Unauthorized, &IntrospectionGuardError::WrongScheme));
}

let result = request
Expand Down Expand Up @@ -140,7 +137,7 @@ impl<'request> FromRequest<'request> for &'request IntrospectedUser {

match result {
Ok(user) => Outcome::Success(user),
Err((status, error)) => Outcome::Failure((*status, error)),
Err((status, error)) => Outcome::Error((*status, error)),
}
}
}
Expand Down

0 comments on commit 8c51b37

Please sign in to comment.