diff --git a/src/routes/auth/shared.rs b/src/routes/auth/shared.rs index f2c833d..193de92 100644 --- a/src/routes/auth/shared.rs +++ b/src/routes/auth/shared.rs @@ -1,9 +1,6 @@ -use crate::utility::jwt::DEFAULT_ALGORITHM; use jsonwebtoken::errors::ErrorKind; -use jsonwebtoken::{decode, DecodingKey, Validation}; +use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use serde::{Deserialize, Serialize}; -use std::env; -use std::sync::LazyLock; #[derive(Deserialize, Serialize)] struct TokenData { @@ -17,7 +14,7 @@ struct TokenData { #[derive(Debug, Serialize, Deserialize)] struct Claims { - sub: String, + sub: i32, iis: String, jti: i32, app: i32, @@ -52,17 +49,10 @@ const VK_PUBLIC_KEY: &str = concat!( "-----END PUBLIC KEY-----" ); -static VK_ID_CLIENT_ID: LazyLock = LazyLock::new(|| { - env::var("VK_ID_CLIENT_ID") - .expect("VK_ID_CLIENT_ID must be set") - .parse::() - .expect("VK_ID_CLIENT_ID must be i32") -}); - -pub fn parse_vk_id(token_str: &String) -> Result { +pub fn parse_vk_id(token_str: &String, client_id: i32) -> Result { let dkey = DecodingKey::from_rsa_pem(VK_PUBLIC_KEY.as_bytes()).unwrap(); - match decode::(&token_str, &dkey, &Validation::new(DEFAULT_ALGORITHM)) { + match decode::(&token_str, &dkey, &Validation::new(Algorithm::RS256)) { Ok(token_data) => { let claims = token_data.claims; @@ -70,13 +60,10 @@ pub fn parse_vk_id(token_str: &String) -> Result { Err(Error::UnknownIssuer(claims.iis)) } else if claims.jti != 21 { Err(Error::UnknownType(claims.jti)) - } else if claims.app != *VK_ID_CLIENT_ID { + } else if claims.app != client_id { Err(Error::UnknownClientId(claims.app)) } else { - match claims.sub.parse::() { - Ok(sub) => Ok(sub), - Err(_) => Err(Error::InvalidToken), - } + Ok(claims.sub) } } Err(err) => Err(match err.into_kind() { diff --git a/src/routes/auth/sign_in.rs b/src/routes/auth/sign_in.rs index 2a16e46..f43fbb2 100644 --- a/src/routes/auth/sign_in.rs +++ b/src/routes/auth/sign_in.rs @@ -71,7 +71,7 @@ pub async fn sign_in_vk( ) -> ServiceResponse { let data = data_json.into_inner(); - match parse_vk_id(&data.access_token) { + match parse_vk_id(&data.access_token, app_state.vk_id.client_id) { Ok(id) => sign_in_combined(Vk(id), &app_state).await.into(), Err(_) => ErrorCode::InvalidVkAccessToken.into_response(), } diff --git a/src/routes/auth/sign_up.rs b/src/routes/auth/sign_up.rs index b27d411..7bd862f 100644 --- a/src/routes/auth/sign_up.rs +++ b/src/routes/auth/sign_up.rs @@ -79,7 +79,7 @@ pub async fn sign_up_vk( ) -> ServiceResponse { let data = data_json.into_inner(); - match parse_vk_id(&data.access_token) { + match parse_vk_id(&data.access_token, app_state.vk_id.client_id) { Ok(id) => sign_up_combined( SignUpData { username: data.username, diff --git a/src/routes/vk_id/oauth.rs b/src/routes/vk_id/oauth.rs index 84c7af2..ed64929 100644 --- a/src/routes/vk_id/oauth.rs +++ b/src/routes/vk_id/oauth.rs @@ -59,13 +59,16 @@ async fn oauth(data: web::Json, app_state: web::Data) -> Serv return ErrorCode::VkIdError.into_response(); } - if let Ok(auth_data) = res.json::().await { - Ok(Response { - access_token: auth_data.id_token, - }) - .into() - } else { - ErrorCode::VkIdError.into_response() + match res.json::().await { + Ok(auth_data) => + Ok(Response { + access_token: auth_data.id_token, + }).into(), + Err(error) => { + sentry::capture_error(&error); + + ErrorCode::VkIdError.into_response() + } } } Err(_) => ErrorCode::VkIdError.into_response(),