Update dependencies, fix invalid error logs (#1429)

iggy-rs · Jan 11, 2025 · bd29365 · bd29365
1 parent 07bf86b
commit bd29365
Show file tree

Hide file tree

Showing 11 changed files with 319 additions and 196 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/integration/tests/examples/mod.rs b/integration/tests/examples/mod.rs
@@ -141,7 +141,7 @@ impl<'a> IggyExampleTest<'a> {
     }
 }
 
-impl<'a> IggyExampleTest<'a> {
+impl IggyExampleTest<'_> {
     async fn spawn_executables(&mut self, tcp_server_address: Vec<String>) -> (String, String) {
         let mut producer_cmd = Command::cargo_bin(format!("examples/{}-producer", self.module))
             .unwrap_or_else(|_| panic!("Failed to find {}-producer", self.module));

diff --git a/sdk/src/http/client.rs b/sdk/src/http/client.rs
@@ -16,7 +16,7 @@ use std::ops::Deref;
 use std::str::FromStr;
 use std::sync::Arc;
 
-const UNAUTHORIZED_PATHS: &[&str] = &[
+const PUBLIC_PATHS: &[&str] = &[
     "/",
     "/metrics",
     "/ping",
@@ -278,7 +278,7 @@ impl HttpClient {
     }
 
     async fn fail_if_not_authenticated(&self, path: &str) -> Result<(), IggyError> {
-        if UNAUTHORIZED_PATHS.contains(&path) {
+        if PUBLIC_PATHS.contains(&path) {
             return Ok(());
         }
         if !self.is_authenticated().await {

diff --git a/server/Cargo.toml b/server/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "server"
-version = "0.4.100"
+version = "0.4.101"
 edition = "2021"
 build = "src/build.rs"
 

diff --git a/server/src/configs/displays.rs b/server/src/configs/displays.rs
@@ -41,7 +41,7 @@ impl Display for HttpJwtConfig {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
         write!(
             f,
-            "{{ algorithm: {}, audience: {}, expiry: {}, use_base64_secret: {} }}",
+            "{{ algorithm: {}, audience: {}, access_token_expiry: {}, use_base64_secret: {} }}",
             self.algorithm, self.audience, self.access_token_expiry, self.use_base64_secret
         )
     }

diff --git a/server/src/http/error.rs b/server/src/http/error.rs
@@ -38,6 +38,9 @@ impl IntoResponse for CustomError {
                     IggyError::ConsumerGroupMemberNotFound(_, _, _) => StatusCode::NOT_FOUND,
                     IggyError::ResourceNotFound(_) => StatusCode::NOT_FOUND,
                     IggyError::Unauthenticated => StatusCode::UNAUTHORIZED,
+                    IggyError::AccessTokenMissing => StatusCode::UNAUTHORIZED,
+                    IggyError::InvalidAccessToken => StatusCode::UNAUTHORIZED,
+                    IggyError::InvalidPersonalAccessToken => StatusCode::UNAUTHORIZED,
                     IggyError::Unauthorized => StatusCode::FORBIDDEN,
                     _ => StatusCode::BAD_REQUEST,
                 };

diff --git a/server/src/http/jwt/jwt_manager.rs b/server/src/http/jwt/jwt_manager.rs
@@ -185,6 +185,7 @@ impl JwtManager {
         })
     }
 
+    // The access token can be refreshed only once and if it is not expired
     pub async fn refresh_token(&self, token: &str) -> Result<GeneratedToken, IggyError> {
         if token.is_empty() {
             return Err(IggyError::InvalidAccessToken);
@@ -212,7 +213,7 @@ impl JwtManager {
             })
             .await
             .with_error_context(|_| {
-                format!("{COMPONENT} - failed to save revoked access token: {}", id)
+                format!("{COMPONENT} - failed to save revoked access token: {id}")
             })?;
         self.generate(jwt_claims.claims.sub)
     }

diff --git a/server/src/http/jwt/middleware.rs b/server/src/http/jwt/middleware.rs
@@ -10,11 +10,12 @@ use axum::{
 use error_set::ErrContext;
 use std::sync::Arc;
 
+const COMPONENT: &str = "JWT_MIDDLEWARE";
 const AUTHORIZATION: &str = "authorization";
 const BEARER: &str = "Bearer ";
 const UNAUTHORIZED: StatusCode = StatusCode::UNAUTHORIZED;
 
-const UNAUTHORIZED_PATHS: &[&str] = &[
+const PUBLIC_PATHS: &[&str] = &[
     "/",
     "/metrics",
     "/ping",
@@ -29,17 +30,19 @@ pub async fn jwt_auth(
     mut request: Request<Body>,
     next: Next,
 ) -> Result<Response, StatusCode> {
-    if UNAUTHORIZED_PATHS.contains(&request.uri().path()) {
+    if PUBLIC_PATHS.contains(&request.uri().path()) {
         return Ok(next.run(request).await);
     }
 
     let bearer = request
         .headers()
         .get(AUTHORIZATION)
         .ok_or(UNAUTHORIZED)
-        .with_error_context(|_| "{COMPONENT} - missing or inaccessible Authorization header")?
+        .with_error_context(|_| {
+            format!("{COMPONENT} - missing or inaccessible Authorization header")
+        })?
         .to_str()
-        .with_error_context(|_| "{COMPONENT} - invalid authorization header format")
+        .with_error_context(|_| format!("{COMPONENT} - invalid authorization header format"))
         .map_err(|_| UNAUTHORIZED)?;
 
     if !bearer.starts_with(BEARER) {
@@ -48,12 +51,14 @@ pub async fn jwt_auth(
 
     let jwt_token = &bearer[BEARER.len()..];
     let token_header = jsonwebtoken::decode_header(jwt_token)
-        .with_error_context(|_| "{COMPONENT} - failed to decode JWT header")
+        .with_error_context(|_| format!("{COMPONENT} - failed to decode JWT header"))
         .map_err(|_| UNAUTHORIZED)?;
     let jwt_claims = state
         .jwt_manager
         .decode(jwt_token, token_header.alg)
-        .with_error_context(|_| "{COMPONENT} - failed to decode JWT with provided algorithm")
+        .with_error_context(|_| {
+            format!("{COMPONENT} - failed to decode JWT with provided algorithm")
+        })
         .map_err(|_| UNAUTHORIZED)?;
     if state
         .jwt_manager

diff --git a/server/src/http/jwt/storage.rs b/server/src/http/jwt/storage.rs
@@ -104,7 +104,9 @@ impl TokenStorage {
         let tokens = self
             .load_all_revoked_access_tokens()
             .await
-            .with_error_context(|_| "{COMPONENT} - failed to load revoked access tokens")?;
+            .with_error_context(|_| {
+                format!("{COMPONENT} - failed to load revoked access tokens")
+            })?;
         if tokens.is_empty() {
             return Ok(());
         }

diff --git a/server/src/http/personal_access_tokens.rs b/server/src/http/personal_access_tokens.rs
@@ -152,7 +152,9 @@ async fn login_with_personal_access_token(
     let user = system
         .login_with_personal_access_token(&command.token, None)
         .await
-        .with_error_context(|_| "{COMPONENT} - failed to login with personal access token")?;
+        .with_error_context(|_| {
+            format!("{COMPONENT} - failed to login with personal access token")
+        })?;
     let tokens = state.jwt_manager.generate(user.id)?;
     Ok(Json(map_generated_access_token_to_identity_info(tokens)))
 }
diff --git a/server/src/http/users.rs b/server/src/http/users.rs
@@ -354,7 +354,7 @@ async fn refresh_token(
         .jwt_manager
         .refresh_token(&command.token)
         .await
-        .with_error_context(|_| "{COMPONENT} - failed to refresh token")?;
+        .with_error_context(|_| format!("{COMPONENT} - failed to refresh token"))?;
     Ok(Json(map_generated_access_token_to_identity_info(token)))
 }