fix warnings

Aside from style, also fix an error found by clippy:
I was not actually looping over all authorization headers
but instead only checked the first values.
Now I ignore other schemes that might also be present.

Author: jakmeier

bouncy_backend/src/auth.rs

@@ -10,10 +10,10 @@
 //!
 //! Guest users can be authenticated by a client secret included in the body as JSON.
 
-use crate::AppState;
-use axum::response::{IntoResponse, Redirect, Response};
-use axum::{extract::State, http::StatusCode};
-use axum_oidc::{EmptyAdditionalClaims, OidcClaims};
+// use crate::AppState;
+// use axum::response::{IntoResponse, Redirect, Response};
+// use axum::{extract::State, http::StatusCode};
+use axum_oidc::EmptyAdditionalClaims;
 use serde::{Deserialize, Serialize};
 
 pub(crate) type AdditionalClaims = EmptyAdditionalClaims;
@@ -26,19 +26,19 @@ struct TokenResponse {
     token_type: String,
 }
 
-/// Calling this will redirect to Keyloak, have the user log in and then
-/// redirect back to the PWA domain.
-pub async fn oauth_callback(
-    claims: OidcClaims<AdditionalClaims>,
-    State(state): State<AppState>,
-) -> Response {
-    // The main checks are done in the OIDC middleware.
-    // Here we just add additional checks.
-    if !claims.email_verified().unwrap_or_default() {
-        return (StatusCode::FORBIDDEN, "email not verified").into_response();
-    }
+// /// Calling this will redirect to Keyloak, have the user log in and then
+// /// redirect back to the PWA domain.
+// pub async fn oauth_callback(
+//     claims: OidcClaims<AdditionalClaims>,
+//     State(state): State<AppState>,
+// ) -> Response {
+//     // The main checks are done in the OIDC middleware.
+//     // Here we just add additional checks.
+//     if !claims.email_verified().unwrap_or_default() {
+//         return (StatusCode::FORBIDDEN, "email not verified").into_response();
+//     }
 
-    // Redirect to the PWA frontend if login was successful
-    // TODO: redirect to the exact same page the user was on before
-    Redirect::to(&state.app_url).into_response()
-}
+//     // Redirect to the PWA frontend if login was successful
+//     // TODO: redirect to the exact same page the user was on before
+//     Redirect::to(&state.app_url).into_response()
+// }

bouncy_backend/src/main.rs

@@ -1,19 +1,11 @@
-use auth::AdditionalClaims;
-use axum::error_handling::HandleErrorLayer;
 use axum::http::header;
-use axum::http::{HeaderValue, Method, StatusCode, Uri};
-use axum::response::IntoResponse;
+use axum::http::{HeaderValue, Method, StatusCode};
 use axum::routing::{get, post};
 use axum::{middleware, Router};
-use axum_oidc::error::MiddlewareError;
-use axum_oidc::OidcAuthLayer;
 use sqlx::PgPool;
 use tokio::net::TcpListener;
 use tower::ServiceBuilder;
 use tower_http::cors::AllowOrigin;
-use tower_sessions::cookie::time::Duration;
-use tower_sessions::cookie::SameSite;
-use tower_sessions::{Expiry, MemoryStore, SessionManagerLayer};
 
 mod auth;
 mod client_session;
@@ -29,11 +21,11 @@ struct AppState {
 
 #[tokio::main]
 async fn main() -> anyhow::Result<()> {
-    let api_url = require_env("API_URL");
+    // let api_url = require_env("API_URL");
     let app_url = require_env("CLIENT_URL");
-    let oidc_issuer = require_env("OIDC_ISSUER");
-    let oidc_client_id = require_env("OIDC_CLIENT_ID");
-    let oidc_client_secret = require_env("OIDC_CLIENT_SECRET");
+    // let oidc_issuer = require_env("OIDC_ISSUER");
+    // let oidc_client_id = require_env("OIDC_CLIENT_ID");
+    // let oidc_client_secret = require_env("OIDC_CLIENT_SECRET");
     let db_url = require_env("DATABASE_URL");
 
     let pg_db_pool = PgPool::connect(&db_url).await?;
@@ -74,7 +66,7 @@ async fn main() -> anyhow::Result<()> {
 
     let user_service = middleware::from_fn_with_state(state.clone(), user2::user_lookup);
 
-    let parsed_api_url = Uri::from_maybe_shared(api_url).expect("valid api url");
+    // let parsed_api_url = Uri::from_maybe_shared(api_url).expect("valid api url");
     let auth_service = ServiceBuilder::new()
         // .layer(HandleErrorLayer::new(|e: MiddlewareError| async {
         //     e.into_response()

bouncy_backend/src/user2.rs

@@ -26,7 +26,7 @@ pub async fn user_lookup(
     next: Next,
 ) -> Response {
     let auth_headers = &req.headers().get_all("Authorization");
-    match try_get_user(&state, &auth_headers, maybe_claims).await {
+    match try_get_user(&state, auth_headers, maybe_claims).await {
         Ok(user_id) => {
             // Attach user ID for downstream handlers
             req.extensions_mut().insert(user_id);
@@ -47,7 +47,7 @@ async fn try_get_user(
     {
         let maybe_user =
             user_lookup_by_client_secret(state, client_session_id, client_session_secret).await;
-        maybe_user.ok_or_else(|| auth_error_response::<UserId>("User not found"))
+        maybe_user.ok_or_else(|| auth_error_response("User not found"))
     } else if let Some(claims) = maybe_claims {
         // this will lazily create the user if necessary
         Ok(user_lookup_by_oidc(state, claims).await)
@@ -69,7 +69,7 @@ fn client_session_credentials_from_headers(
         };
 
         if !str_auth_value.starts_with(prefix) {
-            return auth_error("Invalid auth scheme");
+            continue;
         }
 
         let rest = &str_auth_value[prefix.len()..];
@@ -158,10 +158,10 @@ pub async fn user_info(
 }
 
 fn auth_error<T>(msg: &'static str) -> Result<T, Response> {
-    Err(auth_error_response::<T>(msg))
+    Err(auth_error_response(msg))
 }
 
-fn auth_error_response<T>(msg: &'static str) -> Response {
+fn auth_error_response(msg: &'static str) -> Response {
     Response::builder()
         .status(StatusCode::UNAUTHORIZED)
         .body(msg.into())