mirrors/attic
1
0
Fork 0
mirror of https://github.com/zhaofengli/attic.git synced 2024-12-14 11:57:30 +00:00
Code Activity

server/config: Fail fast on token decoding errors

Browse source
This commit is contained in:
Zhaofeng Li 2024-10-06 11:19:03 -06:00
parent dcadbec66b
commit 3d10425b6a
1 changed files with 31 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
server/src/config.rs
View file

@ -369,28 +369,46 @@ fn load_jwt_signing_config_from_env() -> JWTSigningConfig {
config config
} }
fn load_token_hs256_secret_from_env() -> Option<JWTSigningConfig> { fn read_non_empty_var(key: &str) -> Result<Option<String>> {
let s = env::var(ENV_TOKEN_HS256_SECRET_BASE64).ok()?; let value = match env::var(key) {
Err(env::VarError::NotPresent) => {
return Ok(None);
}
r => r?,
};
decode_token_hs256_secret_base64(&s) if value.is_empty() {
.ok() Ok(None)
.map(JWTSigningConfig::HS256SignAndVerify) } else {
Ok(Some(value))
}
}
fn load_token_hs256_secret_from_env() -> Option<JWTSigningConfig> {
let s = read_non_empty_var(ENV_TOKEN_HS256_SECRET_BASE64)
.expect("HS256 environment cannot be read")?;
let secret = decode_token_hs256_secret_base64(&s).expect("HS256 secret cannot be decoded");
Some(JWTSigningConfig::HS256SignAndVerify(secret))
} }
fn load_token_rs256_secret_from_env() -> Option<JWTSigningConfig> { fn load_token_rs256_secret_from_env() -> Option<JWTSigningConfig> {
let s = env::var(ENV_TOKEN_RS256_SECRET_BASE64).ok()?; let s = read_non_empty_var(ENV_TOKEN_RS256_SECRET_BASE64)
.expect("RS256 environment cannot be read")?;
decode_token_rs256_secret_base64(&s) let secret = decode_token_rs256_secret_base64(&s).expect("RS256 cannot be decoded");
.ok()
.map(JWTSigningConfig::RS256SignAndVerify) Some(JWTSigningConfig::RS256SignAndVerify(secret))
} }
fn load_token_rs256_pubkey_from_env() -> Option<JWTSigningConfig> { fn load_token_rs256_pubkey_from_env() -> Option<JWTSigningConfig> {
let s = env::var(ENV_TOKEN_RS256_PUBKEY_BASE64).ok()?; let s = read_non_empty_var(ENV_TOKEN_RS256_PUBKEY_BASE64)
.expect("RS256 pubkey environment cannot be read")?;
decode_token_rs256_pubkey_base64(&s) let pubkey = decode_token_rs256_pubkey_base64(&s).expect("RS256 pubkey cannot be decoded");
.ok()
.map(JWTSigningConfig::RS256VerifyOnly) Some(JWTSigningConfig::RS256VerifyOnly(pubkey))
} }
fn load_database_url_from_env() -> String { fn load_database_url_from_env() -> String {