xevion/Pac-Man
1
0
Fork 0
mirror of https://github.com/Xevion/Pac-Man.git synced 2025-12-05 23:15:40 -06:00
Code Issues Packages Projects Releases Wiki Activity

refactor: rename Claims fields internally, maintain terse serialization with serde rename

Browse Source
This commit is contained in:
Ryan Walters
2025-09-19 11:56:02 -05:00
parent 76985f6390
commit e1b266f3b2
2 changed files with 16 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pacman-server/src/routes.rs
View File

@@ -107,7 +107,7 @@ pub async fn oauth_callback_handler(
match session::get_session_token(&cookie).and_then(|t| session::decode_jwt(&t, &app_state.jwt_decoding_key)) {
Some(c) => {
// Perform linking with current session user
let (cur_prov, cur_id) = c.sub.split_once(':').unwrap_or(("", ""));
let (cur_prov, cur_id) = c.subject.split_once(':').unwrap_or(("", ""));
let current_user = match user_repo::find_user_by_provider_id(&app_state.db, cur_prov, cur_id).await {
Ok(Some(u)) => u,
Ok(None) => {
@@ -290,7 +290,7 @@ pub async fn profile_handler(State(app_state): State<AppState>, cookie: CookieMa
return ErrorResponse::unauthorized("invalid session token").into_response();
};
// sub format: provider:provider_user_id
let (prov, prov_user_id) = match claims.sub.split_once(':') {
let (prov, prov_user_id) = match claims.subject.split_once(':') {
Some((p, id)) => (p, id),
None => {
debug!("Malformed session token subject");

25
pacman-server/src/session.rs
View File

@@ -11,10 +11,13 @@ pub const JWT_TTL_SECS: u64 = 60 * 60; // 1 hour
#[derive(Debug, serde::Serialize, serde::Deserialize)]
pub struct Claims {
pub sub: String, // format: "{provider}:{provider_user_id}"
#[serde(rename = "sub")]
pub subject: String, // format: "{provider}:{provider_user_id}"
pub name: Option<String>,
pub iat: usize,
pub exp: usize,
#[serde(rename = "iat")]
pub issued_at: usize,
#[serde(rename = "exp")]
pub expiration: usize,
// PKCE flow fields - only present during OAuth flow
#[serde(rename = "ver", skip_serializing_if = "Option::is_none")]
pub pkce_verifier: Option<String>,
@@ -28,15 +31,15 @@ pub fn create_jwt_for_user(provider: &str, user: &AuthUser, encoding_key: &Encod
.expect("time went backwards")
.as_secs() as usize;
let claims = Claims {
sub: format!("{}:{}", provider, user.id),
subject: format!("{}:{}", provider, user.id),
name: user.name.clone(),
iat: now,
exp: now + JWT_TTL_SECS as usize,
issued_at: now,
expiration: now + JWT_TTL_SECS as usize,
pkce_verifier: None,
csrf_state: None,
};
let token = encode(&Header::new(Algorithm::HS256), &claims, encoding_key).expect("jwt sign");
trace!(sub = %claims.sub, exp = claims.exp, "Created session JWT");
trace!(sub = %claims.subject, exp = claims.expiration, "Created session JWT");
token
}
@@ -47,10 +50,10 @@ pub fn create_pkce_session(pkce_verifier: &str, csrf_state: &str, encoding_key:
.expect("time went backwards")
.as_secs() as usize;
let claims = Claims {
sub: "pkce_flow".to_string(), // Special marker for PKCE flow
subject: "pkce_flow".to_string(), // Special marker for PKCE flow
name: None,
iat: now,
exp: now + JWT_TTL_SECS as usize,
issued_at: now,
expiration: now + JWT_TTL_SECS as usize,
pkce_verifier: Some(pkce_verifier.to_string()),
csrf_state: Some(csrf_state.to_string()),
};
@@ -61,7 +64,7 @@ pub fn create_pkce_session(pkce_verifier: &str, csrf_state: &str, encoding_key:
/// Checks if a session is a PKCE flow session
pub fn is_pkce_session(claims: &Claims) -> bool {
claims.sub == "pkce_flow" && claims.pkce_verifier.is_some() && claims.csrf_state.is_some()
claims.subject == "pkce_flow" && claims.pkce_verifier.is_some() && claims.csrf_state.is_some()
}
pub fn decode_jwt(token: &str, decoding_key: &DecodingKey) -> Option<Claims> {