feat: consumes client refresh token upon login

2024-02-07 17:07:40 +08:00 · 2024-02-07 17:07:40 +08:00 · 72cea805f5
parent fa13422a05
commit 72cea805f5
4 changed files with 158 additions and 53 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -65,8 +65,8 @@ dependencies = [
 "encoding_rs",
 "flate2",
 "futures-core",
- "h2",
- "http",
+ "h2 0.3.24",
+ "http 0.2.11",
 "httparse",
 "httpdate",
 "itoa",
@ -117,7 +117,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d22475596539443685426b6bdadb926ad0ecaefdfc5fb05e5e3441f15463c511"
 dependencies = [
 "bytestring",
- "http",
+ "http 0.2.11",
 "regex",
 "serde",
 "tracing",
@ -732,7 +732,7 @@ version = "0.22.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1fcf00bc6d5abb29b5f97e3c61a90b6d3caa12f3faf897d4a3e3607c050a35a7"
 dependencies = [
- "http",
+ "http 0.2.11",
 "log",
 "native-tls",
 "rustls 0.20.9",
@ -777,18 +777,19 @@ dependencies = [

 [[package]]
 name = "axum"
-version = "0.6.20"
+version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3b829e4e32b91e643de6eafe82b1d90675f5874230191a4ffbc1b336dec4d6bf"
+checksum = "1236b4b292f6c4d6dc34604bb5120d85c3fe1d1aa596bd5cc52ca054d13e7b9e"
 dependencies = [
 "async-trait",
 "axum-core",
- "bitflags 1.3.2",
 "bytes",
 "futures-util",
- "http",
- "http-body",
- "hyper",
+ "http 1.0.0",
+ "http-body 1.0.0",
+ "http-body-util",
+ "hyper 1.1.0",
+ "hyper-util",
 "itoa",
 "matchit",
 "memchr",
@ -805,42 +806,47 @@ dependencies = [
 "tower",
 "tower-layer",
 "tower-service",
+ "tracing",
 ]

 [[package]]
 name = "axum-core"
-version = "0.3.4"
+version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "759fa577a247914fd3f7f76d62972792636412fbfd634cd452f6a385a74d2d2c"
+checksum = "a15c63fd72d41492dc4f497196f5da1fb04fb7529e631d73630d1b491e47a2e3"
 dependencies = [
 "async-trait",
 "bytes",
 "futures-util",
- "http",
- "http-body",
+ "http 1.0.0",
+ "http-body 1.0.0",
+ "http-body-util",
 "mime",
+ "pin-project-lite",
 "rustversion",
+ "sync_wrapper",
 "tower-layer",
 "tower-service",
+ "tracing",
 ]

 [[package]]
 name = "axum-extra"
-version = "0.8.0"
+version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ab90e7b70bea63a153137162affb6a0bce26b584c24a4c7885509783e2cf30b"
+checksum = "895ff42f72016617773af68fb90da2a9677d89c62338ec09162d4909d86fdd8f"
 dependencies = [
 "axum",
 "axum-core",
 "bytes",
- "cookie 0.17.0",
+ "cookie 0.18.0",
 "futures-util",
- "http",
- "http-body",
+ "http 1.0.0",
+ "http-body 1.0.0",
+ "http-body-util",
 "mime",
 "pin-project-lite",
 "serde",
- "tokio",
 "tower",
 "tower-layer",
 "tower-service",
@ -1437,9 +1443,9 @@ dependencies = [

 [[package]]
 name = "cookie"
-version = "0.17.0"
+version = "0.18.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7efb37c3e1ccb1ff97164ad95ac1606e8ccd35b3fa0a7d99a304c7f4a428cc24"
+checksum = "3cd91cf61412820176e137621345ee43b3f4423e589e7ae4e50d601d93e35ef8"
 dependencies = [
 "percent-encoding",
 "time",
@ -2258,7 +2264,26 @@ dependencies = [
 "futures-core",
 "futures-sink",
 "futures-util",
- "http",
+ "http 0.2.11",
+ "indexmap",
+ "slab",
+ "tokio",
+ "tokio-util",
+ "tracing",
+]
+
+[[package]]
+name = "h2"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "31d030e59af851932b72ceebadf4a2b5986dba4c3b99dd2493f8273a0f151943"
+dependencies = [
+ "bytes",
+ "fnv",
+ "futures-core",
+ "futures-sink",
+ "futures-util",
+ "http 1.0.0",
 "indexmap",
 "slab",
 "tokio",
@ -2386,6 +2411,17 @@ dependencies = [
 "itoa",
 ]

+[[package]]
+name = "http"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b32afd38673a8016f7c9ae69e5af41a58f81b1d31689040f2f1959594ce194ea"
+dependencies = [
+ "bytes",
+ "fnv",
+ "itoa",
+]
+
 [[package]]
 name = "http-body"
 version = "0.4.6"
@ -2393,15 +2429,38 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2"
 dependencies = [
 "bytes",
- "http",
+ "http 0.2.11",
+ "pin-project-lite",
+]
+
+[[package]]
+name = "http-body"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1cac85db508abc24a2e48553ba12a996e87244a0395ce011e62b37158745d643"
+dependencies = [
+ "bytes",
+ "http 1.0.0",
+]
+
+[[package]]
+name = "http-body-util"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41cb79eb393015dadd30fc252023adb0b2400a0caee0fa2a077e6e21a551e840"
+dependencies = [
+ "bytes",
+ "futures-util",
+ "http 1.0.0",
+ "http-body 1.0.0",
 "pin-project-lite",
 ]

 [[package]]
 name = "http-range-header"
-version = "0.3.1"
+version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "add0ab9360ddbd88cfeb3bd9574a1d85cfdfa14db10b3e21d3700dbc4328758f"
+checksum = "3ce4ef31cda248bbdb6e6820603b82dfcd9e833db65a43e997a0ccec777d11fe"

 [[package]]
 name = "httparse"
@ -2434,9 +2493,9 @@ dependencies = [
 "futures-channel",
 "futures-core",
 "futures-util",
- "h2",
- "http",
- "http-body",
+ "h2 0.3.24",
+ "http 0.2.11",
+ "http-body 0.4.6",
 "httparse",
 "httpdate",
 "itoa",
@ -2448,6 +2507,25 @@ dependencies = [
 "want",
 ]

+[[package]]
+name = "hyper"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fb5aa53871fc917b1a9ed87b683a5d86db645e23acb32c2e0785a353e522fb75"
+dependencies = [
+ "bytes",
+ "futures-channel",
+ "futures-util",
+ "h2 0.4.2",
+ "http 1.0.0",
+ "http-body 1.0.0",
+ "httparse",
+ "httpdate",
+ "itoa",
+ "pin-project-lite",
+ "tokio",
+]
+
 [[package]]
 name = "hyper-rustls"
 version = "0.24.2"
@ -2455,8 +2533,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590"
 dependencies = [
 "futures-util",
- "http",
- "hyper",
+ "http 0.2.11",
+ "hyper 0.14.28",
 "rustls 0.21.10",
 "tokio",
 "tokio-rustls",
@ -2469,12 +2547,28 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905"
 dependencies = [
 "bytes",
- "hyper",
+ "hyper 0.14.28",
 "native-tls",
 "tokio",
 "tokio-native-tls",
 ]

+[[package]]
+name = "hyper-util"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ca38ef113da30126bbff9cd1705f9273e15d45498615d138b0c20279ac7a76aa"
+dependencies = [
+ "bytes",
+ "futures-util",
+ "http 1.0.0",
+ "http-body 1.0.0",
+ "hyper 1.1.0",
+ "pin-project-lite",
+ "socket2 0.5.5",
+ "tokio",
+]
+
 [[package]]
 name = "iana-time-zone"
 version = "0.1.59"
@ -4089,10 +4183,10 @@ dependencies = [
 "encoding_rs",
 "futures-core",
 "futures-util",
- "h2",
- "http",
- "http-body",
- "hyper",
+ "h2 0.3.24",
+ "http 0.2.11",
+ "http-body 0.4.6",
+ "hyper 0.14.28",
 "hyper-rustls",
 "hyper-tls",
 "ipnet",
@ -4264,7 +4358,7 @@ dependencies = [
 "futures",
 "hex",
 "hmac",
- "http",
+ "http 0.2.11",
 "log",
 "maybe-async",
 "md5",
@ -5467,16 +5561,16 @@ dependencies = [

 [[package]]
 name = "tower-http"
-version = "0.4.4"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61c5bb1d698276a2443e5ecfabc1008bf15a36c12e6a7176e7bf089ea9131140"
+checksum = "0da193277a4e2c33e59e09b5861580c33dd0a637c3883d0fa74ba40c0374af2e"
 dependencies = [
 "bitflags 2.4.2",
 "bytes",
- "futures-core",
 "futures-util",
- "http",
- "http-body",
+ "http 1.0.0",
+ "http-body 1.0.0",
+ "http-body-util",
 "http-range-header",
 "httpdate",
 "mime",
@ -5621,7 +5715,7 @@ dependencies = [
 "byteorder",
 "bytes",
 "data-encoding",
- "http",
+ "http 0.2.11",
 "httparse",
 "log",
 "native-tls",
@ -6010,7 +6104,7 @@ version = "0.1.0"
 dependencies = [
 "futures-channel",
 "futures-util",
- "http",
+ "http 0.2.11",
 "httparse",
 "js-sys",
 "thiserror",
--- a/admin_frontend/Cargo.toml
+++ b/admin_frontend/Cargo.toml
@ -11,10 +11,10 @@ gotrue = { path = "../libs/gotrue" }
 gotrue-entity = { path = "../libs/gotrue-entity" }

 anyhow = "1.0.79"
-axum = {version = "0.6.20", features = ["json"]}
+axum = {version = "0.7", features = ["json"]}
 tokio = { version = "1.35.1", features = ["rt-multi-thread", "macros"] }
 askama = "0.12.1"
-axum-extra = { version = "0.8.0", features = ["cookie"] }
+axum-extra = { version = "0.9.2", features = ["cookie"] }
 serde.workspace = true
 serde_json.workspace = true
 redis = { version = "0.23.3", features = [ "aio", "tokio-comp", "connection-manager"] }
@ -22,7 +22,7 @@ uuid = { version = "1.6.1", features = ["v4"] }
 dotenv = "0.15.0"
 reqwest = "0.11.23"
 tower-service = "0.3.2"
-tower-http = { version = "0.4.4", features = ["cors", "fs"] }
+tower-http = { version = "0.5", features = ["cors", "fs"] }
 tower = "0.4.13"
 tracing = "0.1.40"
 tracing-subscriber = { version = "0.3.18", features = ["env-filter", "json"] }
--- a/admin_frontend/src/main.rs
+++ b/admin_frontend/src/main.rs
@ -6,13 +6,15 @@ mod templates;
 mod web_api;
 mod web_app;

+use axum::http::Method;
 use axum::{response::Redirect, routing::get, Router};
-use reqwest::Method;
+use tokio::net::TcpListener;
 use tower::ServiceBuilder;
 use tower_http::{
  cors::{Any, CorsLayer},
  services::ServeDir,
 };
+use tracing::info;

 #[tokio::main]
 async fn main() {
@ -62,10 +64,9 @@ async fn main() {
    .nest_service("/web-api", web_api_router)
    .nest_service("/assets", ServeDir::new("assets"));

-  axum::Server::bind(&"0.0.0.0:3000".parse().unwrap())
-    .serve(app.into_make_service())
-    .await
-    .unwrap();
+  let listener = TcpListener::bind("0.0.0.0:3000").await.unwrap();
+  info!("listening on: {:?}", listener);
+  axum::serve(listener, app).await.unwrap();
 }

 #[derive(Clone)]
--- a/admin_frontend/src/web_api.rs
+++ b/admin_frontend/src/web_api.rs
@ -253,6 +253,16 @@ pub async fn login_refresh_handler(
    ))
    .await?;

+  // Do another round of refresh_token to consume and invalidate the old one
+  let token = state
+    .gotrue_client
+    .token(&gotrue::grant::Grant::RefreshToken(
+      gotrue::grant::RefreshTokenGrant {
+        refresh_token: token.refresh_token,
+      },
+    ))
+    .await?;
+
  let new_session_id = uuid::Uuid::new_v4();
  let new_session = session::UserSession::new(new_session_id.to_string(), token);
  state.session_store.put_user_session(&new_session).await?;
@ -339,7 +349,7 @@ pub async fn logout_handler(

  state.session_store.del_user_session(session_id).await?;
  Ok((
-    jar.remove(Cookie::named("session_id")),
+    jar.remove(Cookie::from("session_id")),
    htmx_redirect("/web/login"),
  ))
 }