move oauth into separate crate

Cargo.toml

@@ -25,4 +25,5 @@ serde_derive = "1.0.136"
 quote = "1.0"
 sea-orm = { version = "0.6.0", features = [ "sqlx-sqlite", "runtime-actix-native-tls", "macros" ], default-features = false }
 
-actix_admin = { path = "actix_admin" }
+actix_admin = { path = "actix_admin" }
+azure_auth = { path = "azure_auth" }

azure_auth/Cargo.toml

@@ -0,0 +1,21 @@
+[package]
+name = "azure_auth"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+actix-web = "4.0.1"
+actix-rt = "2.7.0"
+actix-session = "0.5.0"
+
+oauth2 = "4.1"
+base64 = "0.13.0"
+async-trait = "0.1.53"
+rand = "0.8.5"
+url = "2.2.2"
+http = "0.2.6"
+dotenv = "0.15"
+futures = "0.3.21"
+serde = "1.0.136"
+serde_json = "1.0.79"
+serde_derive = "1.0.136"

azure_auth/src/lib.rs

@@ -1,7 +1,11 @@
+#[macro_use]
+extern crate serde_derive;
+
 use actix_session::{Session};
 use actix_web::http::header;
 use actix_web::{web, HttpResponse};
 use http::{HeaderMap, Method};
+use oauth2::basic::BasicClient;
 use oauth2::reqwest::async_http_client;
 use oauth2::{
     AccessToken, AuthorizationCode, CsrfToken, //PkceCodeChallenge,
@@ -9,13 +13,76 @@ use oauth2::{
 };
 use std::str;
 use url::Url;
+use oauth2::{
+    AuthUrl, ClientId, ClientSecret, TokenUrl,
+};
 
-pub async fn login(data: web::Data<super::AppState>) -> HttpResponse {
+#[allow(non_snake_case)]
+#[derive(Serialize, Deserialize, Debug)]
+pub struct UserInfo {
+    mail: String,
+    userPrincipalName: String,
+    displayName: String,
+    givenName: String,
+    surname: String,
+    id: String,
+}
+
+// AppDataTrait
+pub trait AppDataTrait {
+    fn get_oauth(&self) -> &BasicClient;
+}
+
+#[derive(Clone, Debug)]
+pub struct AzureAuth {
+    auth_url: AuthUrl,
+    token_url: TokenUrl,
+    client_id: ClientId,
+    client_secret: ClientSecret
+}
+
+impl AzureAuth {
+    pub fn new(oauth2_server: &String, client_id: &String, client_secret: &String) -> Self {
+        let azure_auth = AzureAuth {
+            auth_url: AuthUrl::new(format!("https://{}/oauth2/v2.0/authorize", oauth2_server)).expect("Invalid authorization endpoint URL"),
+            token_url: TokenUrl::new(format!("https://{}/oauth2/v2.0/token", oauth2_server)).expect("Invalid token endpoint URL"),
+            client_id: ClientId::new(client_id.clone()),
+            client_secret:  ClientSecret::new(client_secret.clone())
+        };
+
+        azure_auth
+    }
+
+    pub fn get_api_base_url() -> &'static str {
+        "https://graph.microsoft.com/v1.0"
+    }
+
+    pub fn get_oauth_client(self) -> BasicClient {
+        BasicClient::new(
+            self.client_id,
+            Some(self.client_secret),
+            self.auth_url,
+            Some(self.token_url),
+        )
+    }
+
+    pub fn create_scope<T: AppDataTrait + 'static>(self, _app_state: &T) -> actix_web::Scope {
+        let scope = web::scope("/auth")
+            .route("/login", web::get().to(login::<T>))
+            .route("/logout", web::get().to(logout))
+            .route("/auth", web::get().to(auth::<T>))
+        ;
+
+        scope
+    }
+}
+
+pub async fn login<T: AppDataTrait>(data: web::Data<T>) -> HttpResponse {
     // Create a PKCE code verifier and SHA-256 encode it as a code challenge.
     // let (_pkce_code_challenge, _pkce_code_verifier) = PkceCodeChallenge::new_random_sha256();
     // Generate the authorization URL to which we'll redirect the user.
     let (auth_url, _csrf_token) = &data
-        .oauth
+        .get_oauth()
         .authorize_url(CsrfToken::new_random)
         // Set the desired scopes.
         .add_scope(Scope::new("openid".to_string()))
@@ -35,17 +102,6 @@ pub async fn logout(session: Session) -> HttpResponse {
         .finish()
 }
 
-#[allow(non_snake_case)]
-#[derive(Serialize, Deserialize, Debug)]
-pub struct UserInfo {
-    mail: String,
-    userPrincipalName: String,
-    displayName: String,
-    givenName: String,
-    surname: String,
-    id: String,
-}
-
 async fn read_user(api_base_url: &str, access_token: &AccessToken) -> UserInfo {
     let url = Url::parse(format!("{}/me", api_base_url).as_str()).unwrap();
 
@@ -79,24 +135,25 @@ pub struct AuthRequest {
     state: String,
 }
 
-pub async fn auth(
+pub async fn auth<T: AppDataTrait>(
     session: Session,
-    data: web::Data<super::AppState>,
+    data: web::Data<T>,
     params: web::Query<AuthRequest>,
 ) -> HttpResponse {
     let code = AuthorizationCode::new(params.code.clone());
     let _state = CsrfToken::new(params.state.clone());
+    let api_base_url = AzureAuth::get_api_base_url();
 
     // Exchange the code with a token.
     let token = &data
-        .oauth
+        .get_oauth()
         .exchange_code(code)
         //.set_pkce_verifier()
         .request_async(async_http_client)
         .await
         .expect("exchange_code failed");
 
-    let user_info = read_user(&data.api_base_url, token.access_token()).await;
+    let user_info = read_user(api_base_url, token.access_token()).await;
 
     session.insert("user_info", &user_info).unwrap();
 

src/entity/mod.rs

@@ -1,9 +1,6 @@
 // setup
 use sea_orm::sea_query::{ColumnDef, TableCreateStatement};
 use sea_orm::{error::*, sea_query, ConnectionTrait, DbConn, ExecResult};
-use sea_orm::{{ DatabaseConnection, ConnectOptions }};
-use sea_orm::{ entity::*, query::*, SelectorTrait, ModelTrait, ColumnTrait, PaginatorTrait, EntityTrait };
-use async_trait::async_trait;
 pub mod post;
 pub use post::Entity as Post;
 

src/main.rs

@@ -1,35 +1,30 @@
-#[macro_use]
 extern crate serde_derive;
 
 use actix_session::{Session, CookieSession};
 use actix_web::{web, App, HttpResponse, HttpServer};
 use tera::{ Tera, Context};
 use oauth2::basic::BasicClient;
-use oauth2::{
+use oauth2::{ RedirectUrl };
-    AuthUrl, ClientId, ClientSecret,
-    RedirectUrl, TokenUrl,
-};
 use std::time::{Duration};
 use std::env;
-use sea_orm::{{ DatabaseConnection, ConnectOptions, EntityName }};
-use actix_admin::{ActixAdminViewModelTrait, AppDataTrait, ActixAdminViewModel, ActixAdminModel};
 use std::collections::HashMap;
+use sea_orm::{{ DatabaseConnection, ConnectOptions }};
+
+use actix_admin::{ AppDataTrait as ActixAdminAppDataTrait, ActixAdminViewModel, ActixAdminModel};
+use azure_auth::{ AzureAuth, UserInfo, AppDataTrait as AzureAuthAppDataTrait };
 
-mod web_auth;
 mod entity;
-
 use entity::{ Post };
 
 #[derive(Debug, Clone)]
 pub struct AppState {
     pub oauth: BasicClient,
-    pub api_base_url: String,
     pub tmpl: Tera,
     pub db: DatabaseConnection,
     pub view_model_map: HashMap<&'static str, ActixAdminViewModel>
 }
 
-impl AppDataTrait for AppState {
+impl ActixAdminAppDataTrait for AppState {
     fn get_db(&self) -> &DatabaseConnection {
         &self.db
     }
@@ -39,9 +34,15 @@ impl AppDataTrait for AppState {
     }
 }
 
+impl AzureAuthAppDataTrait for AppState {
+    fn get_oauth(&self) -> &BasicClient {
+        &self.oauth
+    }
+}
+
 async fn index(session: Session, data: web::Data<AppState>) -> HttpResponse {
-    let login = session.get::<web_auth::UserInfo>("user_info").unwrap();
+    let login = session.get::<UserInfo>("user_info").unwrap();
-    let web_auth_link = if login.is_some() { "logout" } else { "login" };
+    let web_auth_link = if login.is_some() { "/auth/logout" } else { "/auth/login" };
 
     let mut ctx = Context::new();
     ctx.insert("web_auth_link", web_auth_link);
@@ -52,31 +53,13 @@ async fn index(session: Session, data: web::Data<AppState>) -> HttpResponse {
 #[actix_rt::main]
 async fn main() {
     dotenv::dotenv().ok();
-    let oauth2_client_id = ClientId::new(
+    let oauth2_client_id = env::var("OAUTH2_CLIENT_ID").expect("Missing the OAUTH2_CLIENT_ID environment variable.");
-        env::var("OAUTH2_CLIENT_ID")
+    let oauth2_client_secret = env::var("OAUTH2_CLIENT_SECRET").expect("Missing the OAUTH2_CLIENT_SECRET environment variable.");
-            .expect("Missing the OAUTH2_CLIENT_ID environment variable."),
+    let oauth2_server = env::var("OAUTH2_SERVER").expect("Missing the OAUTH2_SERVER environment variable.");
-    );
+    let azure_auth = AzureAuth::new(&oauth2_server, &oauth2_client_id, &oauth2_client_secret);
-    let oauth2_client_secret = ClientSecret::new(
-        env::var("OAUTH2_CLIENT_SECRET")
-            .expect("Missing the OAUTH2_CLIENT_SECRET environment variable."),
-    );
-    let oauth2_server =
-        env::var("OAUTH2_SERVER").expect("Missing the OAUTH2_SERVER environment variable.");
-    
-    let auth_url = AuthUrl::new(format!("https://{}/oauth2/v2.0/authorize", oauth2_server))
-        .expect("Invalid authorization endpoint URL");
-    let token_url = TokenUrl::new(format!("https://{}/oauth2/v2.0/token", oauth2_server))
-        .expect("Invalid token endpoint URL");
-    
-    let api_base_url = "https://graph.microsoft.com/v1.0".to_string();
 
     // Set up the config for the OAuth2 process.
-    let client = BasicClient::new(
+    let client = azure_auth.clone().get_oauth_client()
-        oauth2_client_id,
-        Some(oauth2_client_secret),
-        auth_url,
-        Some(token_url),
-    )
     // This example will be running its own server at 127.0.0.1:5000.
     .set_redirect_uri(
         RedirectUrl::new("http://localhost:5000/auth".to_string())
@@ -109,7 +92,6 @@ async fn main() {
 
     let app_state = AppState {
         oauth: client,
-        api_base_url,
         tmpl: tera,
         db: conn,
         view_model_map: actix_admin.get_view_model_map()
@@ -119,11 +101,9 @@ async fn main() {
         App::new()
             .app_data(web::Data::new(app_state.clone()))
             .wrap(CookieSession::signed(&[0; 32]).secure(false))
-            .service(actix_admin.clone().create_scope(&app_state))
             .route("/", web::get().to(index))
-            .route("/login", web::get().to(web_auth::login))
+            .service(actix_admin.clone().create_scope(&app_state))
-            .route("/logout", web::get().to(web_auth::logout))
+            .service(azure_auth.clone().create_scope(&app_state))
-            .route("/auth", web::get().to(web_auth::auth))
     })
     .bind("127.0.0.1:5000")
     .expect("Can not bind to port 5000")