mirror of https://github.com/LemmyNet/lemmy
move claims.rs back to utils
parent
48918f362d
commit
43b0371775
@ -1,63 +0,0 @@
|
||||
use crate::blocking;
|
||||
use chrono::Utc;
|
||||
use diesel::PgConnection;
|
||||
use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, TokenData, Validation};
|
||||
use lazy_static::lazy_static;
|
||||
use lemmy_db_queries::{source::secrets::Secrets_, DbPool};
|
||||
use lemmy_db_schema::source::secrets::Secrets;
|
||||
use lemmy_utils::{settings::structs::Settings, LemmyError};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use std::{ops::Deref, sync::RwLock};
|
||||
|
||||
type Jwt = String;
|
||||
|
||||
#[derive(Debug, Serialize, Deserialize)]
|
||||
pub struct Claims {
|
||||
/// local_user_id, standard claim by RFC 7519.
|
||||
pub sub: i32,
|
||||
pub iss: String,
|
||||
/// Time when this token was issued as UNIX-timestamp in seconds
|
||||
pub iat: i64,
|
||||
}
|
||||
|
||||
impl Claims {
|
||||
pub async fn decode(jwt: &str, pool: &DbPool) -> Result<TokenData<Claims>, LemmyError> {
|
||||
let v = Validation {
|
||||
validate_exp: false,
|
||||
..Validation::default()
|
||||
};
|
||||
let secret = blocking(pool, move |conn| get_jwt_secret(conn)).await??;
|
||||
let key = DecodingKey::from_secret(secret.as_ref());
|
||||
Ok(decode::<Claims>(jwt, &key, &v)?)
|
||||
}
|
||||
|
||||
pub async fn jwt(local_user_id: i32, pool: &DbPool) -> Result<Jwt, LemmyError> {
|
||||
let my_claims = Claims {
|
||||
sub: local_user_id,
|
||||
iss: Settings::get().hostname,
|
||||
iat: Utc::now().timestamp(),
|
||||
};
|
||||
|
||||
let secret = blocking(pool, move |conn| get_jwt_secret(conn)).await??;
|
||||
let key = EncodingKey::from_secret(secret.as_ref());
|
||||
Ok(encode(&Header::default(), &my_claims, &key)?)
|
||||
}
|
||||
}
|
||||
|
||||
lazy_static! {
|
||||
static ref JWT_SECRET: RwLock<Option<String>> = RwLock::new(None);
|
||||
}
|
||||
|
||||
fn get_jwt_secret(conn: &PgConnection) -> Result<String, LemmyError> {
|
||||
let jwt_option: Option<String> = JWT_SECRET.read().unwrap().deref().clone();
|
||||
match jwt_option {
|
||||
Some(j) => Ok(j),
|
||||
None => {
|
||||
let jwt = Secrets::read(conn)?;
|
||||
let jwt_static = JWT_SECRET.write();
|
||||
let mut jwt_static = jwt_static.unwrap();
|
||||
*jwt_static = Some(jwt.clone());
|
||||
Ok(jwt)
|
||||
}
|
||||
}
|
||||
}
|
@ -1,13 +1,31 @@
|
||||
use diesel::{result::Error, *};
|
||||
use crate::{diesel::RunQueryDsl, lazy_static::__Deref};
|
||||
use diesel::PgConnection;
|
||||
use lemmy_db_schema::source::secrets::Secrets;
|
||||
use lemmy_utils::LemmyError;
|
||||
use std::sync::RwLock;
|
||||
|
||||
pub trait Secrets_ {
|
||||
fn read(conn: &PgConnection) -> Result<String, Error>;
|
||||
fn read_jwt_secret(conn: &PgConnection) -> Result<String, LemmyError>;
|
||||
}
|
||||
|
||||
// TODO: thread_local! might be better in terms of performance, but i couldnt get it to work
|
||||
lazy_static! {
|
||||
static ref JWT_SECRET: RwLock<Option<String>> = RwLock::new(None);
|
||||
}
|
||||
|
||||
impl Secrets_ for Secrets {
|
||||
fn read(conn: &PgConnection) -> Result<String, Error> {
|
||||
fn read_jwt_secret(conn: &PgConnection) -> Result<String, LemmyError> {
|
||||
use lemmy_db_schema::schema::secrets::dsl::*;
|
||||
secrets.first::<Self>(conn).map(|s| s.jwt_secret)
|
||||
let jwt_option: Option<String> = JWT_SECRET.read().unwrap().deref().clone();
|
||||
match jwt_option {
|
||||
Some(j) => Ok(j),
|
||||
None => {
|
||||
let jwt = secrets.first::<Self>(conn).map(|s| s.jwt_secret)?;
|
||||
let jwt_static = JWT_SECRET.write();
|
||||
let mut jwt_static = jwt_static.unwrap();
|
||||
*jwt_static = Some(jwt.clone());
|
||||
Ok(jwt)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,37 @@
|
||||
use crate::{settings::structs::Settings, LemmyError};
|
||||
use chrono::Utc;
|
||||
use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, TokenData, Validation};
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
type Jwt = String;
|
||||
|
||||
#[derive(Debug, Serialize, Deserialize)]
|
||||
pub struct Claims {
|
||||
/// local_user_id, standard claim by RFC 7519.
|
||||
pub sub: i32,
|
||||
pub iss: String,
|
||||
/// Time when this token was issued as UNIX-timestamp in seconds
|
||||
pub iat: i64,
|
||||
}
|
||||
|
||||
impl Claims {
|
||||
pub fn decode(jwt: &str, jwt_secret: &[u8]) -> Result<TokenData<Claims>, LemmyError> {
|
||||
let v = Validation {
|
||||
validate_exp: false,
|
||||
..Validation::default()
|
||||
};
|
||||
let key = DecodingKey::from_secret(jwt_secret);
|
||||
Ok(decode::<Claims>(jwt, &key, &v)?)
|
||||
}
|
||||
|
||||
pub fn jwt(local_user_id: i32, jwt_secret: &[u8]) -> Result<Jwt, LemmyError> {
|
||||
let my_claims = Claims {
|
||||
sub: local_user_id,
|
||||
iss: Settings::get().hostname,
|
||||
iat: Utc::now().timestamp(),
|
||||
};
|
||||
|
||||
let key = EncodingKey::from_secret(jwt_secret);
|
||||
Ok(encode(&Header::default(), &my_claims, &key)?)
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue