refactor: rename Claims fields internally, maintain terse serialization with serde rename

2025-12-06 11:15:46 -06:00 · 2025-09-19 11:56:02 -05:00
parent 76985f6390
commit e1b266f3b2
2 changed files with 16 additions and 13 deletions
--- a/pacman-server/src/routes.rs
+++ b/pacman-server/src/routes.rs
@@ -107,7 +107,7 @@ pub async fn oauth_callback_handler(
        match session::get_session_token(&cookie).and_then(|t| session::decode_jwt(&t, &app_state.jwt_decoding_key)) {
            Some(c) => {
                // Perform linking with current session user
-                let (cur_prov, cur_id) = c.sub.split_once(':').unwrap_or(("", ""));
+                let (cur_prov, cur_id) = c.subject.split_once(':').unwrap_or(("", ""));
                let current_user = match user_repo::find_user_by_provider_id(&app_state.db, cur_prov, cur_id).await {
                    Ok(Some(u)) => u,
                    Ok(None) => {
@@ -290,7 +290,7 @@ pub async fn profile_handler(State(app_state): State<AppState>, cookie: CookieMa
        return ErrorResponse::unauthorized("invalid session token").into_response();
    };
    // sub format: provider:provider_user_id
-    let (prov, prov_user_id) = match claims.sub.split_once(':') {
+    let (prov, prov_user_id) = match claims.subject.split_once(':') {
        Some((p, id)) => (p, id),
        None => {
            debug!("Malformed session token subject");
--- a/pacman-server/src/session.rs
+++ b/pacman-server/src/session.rs
@@ -11,10 +11,13 @@ pub const JWT_TTL_SECS: u64 = 60 * 60; // 1 hour
 #[derive(Debug, serde::Serialize, serde::Deserialize)]
 pub struct Claims {
-    pub sub: String, // format: "{provider}:{provider_user_id}"
+    #[serde(rename = "sub")]
    pub subject: String, // format: "{provider}:{provider_user_id}"
    pub name: Option<String>,
-    pub iat: usize,
+    #[serde(rename = "iat")]
-    pub exp: usize,
+    pub issued_at: usize,
    #[serde(rename = "exp")]
    pub expiration: usize,
    // PKCE flow fields - only present during OAuth flow
    #[serde(rename = "ver", skip_serializing_if = "Option::is_none")]
    pub pkce_verifier: Option<String>,
@@ -28,15 +31,15 @@ pub fn create_jwt_for_user(provider: &str, user: &AuthUser, encoding_key: &Encod
        .expect("time went backwards")
        .as_secs() as usize;
    let claims = Claims {
-        sub: format!("{}:{}", provider, user.id),
+        subject: format!("{}:{}", provider, user.id),
        name: user.name.clone(),
-        iat: now,
+        issued_at: now,
-        exp: now + JWT_TTL_SECS as usize,
+        expiration: now + JWT_TTL_SECS as usize,
        pkce_verifier: None,
        csrf_state: None,
    };
    let token = encode(&Header::new(Algorithm::HS256), &claims, encoding_key).expect("jwt sign");
-    trace!(sub = %claims.sub, exp = claims.exp, "Created session JWT");
+    trace!(sub = %claims.subject, exp = claims.expiration, "Created session JWT");
    token
 }
@@ -47,10 +50,10 @@ pub fn create_pkce_session(pkce_verifier: &str, csrf_state: &str, encoding_key:
        .expect("time went backwards")
        .as_secs() as usize;
    let claims = Claims {
-        sub: "pkce_flow".to_string(), // Special marker for PKCE flow
+        subject: "pkce_flow".to_string(), // Special marker for PKCE flow
        name: None,
-        iat: now,
+        issued_at: now,
-        exp: now + JWT_TTL_SECS as usize,
+        expiration: now + JWT_TTL_SECS as usize,
        pkce_verifier: Some(pkce_verifier.to_string()),
        csrf_state: Some(csrf_state.to_string()),
    };
@@ -61,7 +64,7 @@ pub fn create_pkce_session(pkce_verifier: &str, csrf_state: &str, encoding_key:
 /// Checks if a session is a PKCE flow session
 pub fn is_pkce_session(claims: &Claims) -> bool {
-    claims.sub == "pkce_flow" && claims.pkce_verifier.is_some() && claims.csrf_state.is_some()
+    claims.subject == "pkce_flow" && claims.pkce_verifier.is_some() && claims.csrf_state.is_some()
 }
 pub fn decode_jwt(token: &str, decoding_key: &DecodingKey) -> Option<Claims> {