/
auth.rs
36 lines (32 loc) · 1.28 KB
/
auth.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
use super::Result;
use alcoholic_jwt::{token_kid, validate, Validation, JWKS};
use serde::{Deserialize, Serialize};
use hyper::{Request, Client, body};
use hyper_tls::HttpsConnector;
#[derive(Debug, Serialize, Deserialize)]
struct Claims {
sub: String,
company: String,
exp: usize,
}
pub async fn validate_token(token: &str) -> Result<bool> {
let authority = std::env::var("AUTHORITY").expect("AUTHORITY must be set");
let jwks = fetch_jwks(&format!("{}{}", authority.as_str(), ".well-known/jwks.json")).await?;
let validations = vec![Validation::Issuer(authority), Validation::SubjectPresent];
let kid = match token_kid(&token) {
Ok(res) => res.expect("failed to decode kid"),
Err(_) => return Err("JWKS fetch error".into()),
};
let jwk = jwks.find(&kid).expect("Specified key not found in set");
let res = validate(token, jwk, validations);
Ok(res.is_ok())
}
async fn fetch_jwks(uri: &str) -> Result<JWKS> {
let https = HttpsConnector::new();
let client = Client::builder().build::<_, hyper::Body>(https);
let req = Request::get(uri).body("".into()).unwrap();
let res = client.request(req).await?;
let bytes = body::to_bytes(res.into_body()).await?;
let val: JWKS = serde_json::from_slice(&bytes)?;
return Ok(val);
}