diff --git a/backend/server/src/handler/auth.rs b/backend/server/src/handler/auth.rs index 12fcab02..b7b4187d 100644 --- a/backend/server/src/handler/auth.rs +++ b/backend/server/src/handler/auth.rs @@ -5,8 +5,6 @@ use crate::service::auth::create_or_get_user_id; use crate::service::jwt::encode_auth_token; use axum::extract::{Query, State}; use axum::response::IntoResponse; -use axum::Extension; -use oauth2::basic::BasicClient; use oauth2::reqwest::async_http_client; use oauth2::{AuthorizationCode, TokenResponse}; @@ -16,9 +14,8 @@ use oauth2::{AuthorizationCode, TokenResponse}; pub async fn google_callback( State(state): State, Query(query): Query, - Extension(oauth_client): Extension, ) -> Result { - let token = oauth_client + let token = state.oauth2_client .exchange_code(AuthorizationCode::new(query.code)) .request_async(async_http_client) .await?; @@ -30,7 +27,7 @@ pub async fn google_callback( .send() .await?; - let profile = profile.json::().await.unwrap(); + let profile = profile.json::().await?; let user_id = create_or_get_user_id( profile.email.clone(), @@ -38,8 +35,7 @@ pub async fn google_callback( state.db, state.snowflake_generator, ) - .await - .unwrap(); + .await?; // TODO: Return JWT as set-cookie header. let token = encode_auth_token( diff --git a/backend/server/src/models/app.rs b/backend/server/src/models/app.rs index 5fd59143..14e15910 100644 --- a/backend/server/src/models/app.rs +++ b/backend/server/src/models/app.rs @@ -20,11 +20,14 @@ use snowflake::SnowflakeIdGenerator; use sqlx::postgres::PgPoolOptions; use sqlx::{Pool, Postgres}; use std::env; +use oauth2::basic::BasicClient; +use crate::service::oauth2::build_oauth_client; #[derive(Clone)] pub struct AppState { pub db: Pool, pub ctx: ReqwestClient, + pub oauth2_client: BasicClient, pub decoding_key: DecodingKey, pub encoding_key: EncodingKey, pub jwt_header: Header, @@ -59,6 +62,15 @@ pub async fn app() -> Result { // Initialise reqwest client let ctx = reqwest::Client::new(); + // Initialise oauth2 client + let client_id = env::var("GOOGLE_CLIENT_ID") + .expect("Error getting GOOGLE_CLIENT_ID") + .to_string(); + let client_secret = env::var("GOOGLE_CLIENT_SECRET") + .expect("Error getting GOOGLE_CLIENT_SECRET") + .to_string(); + let oauth2_client = build_oauth_client(client_id, client_secret); + // Initialise Snowflake Generator let snowflake_generator = SnowflakeIdGenerator::new(1, 1); @@ -69,6 +81,7 @@ pub async fn app() -> Result { let state = AppState { db: pool, ctx, + oauth2_client, encoding_key, decoding_key, jwt_header, diff --git a/backend/server/src/service/oauth2.rs b/backend/server/src/service/oauth2.rs index 43c1104c..58e56e49 100644 --- a/backend/server/src/service/oauth2.rs +++ b/backend/server/src/service/oauth2.rs @@ -7,9 +7,7 @@ use std::env; /// Client follows OAuth2 Standard (https://oauth.net/2/) to get user's email /// using OpenID Connect (https://openid.net/developers/how-connect-works/). pub fn build_oauth_client(client_id: String, client_secret: String) -> BasicClient { - let hostname = env::var("CHAOS_HOSTNAME").expect("Could not read CHAOS hostname"); - - let redirect_url = format!("{}/api/auth/callback/google", hostname); + let redirect_url = env::var("GOOGLE_REDIRECT_URI").expect("Could not read GOOGLE_REDIRECT_URI"); let auth_url = AuthUrl::new("https://accounts.google.com/o/oauth2/v2/auth".to_string()) .expect("Invalid authorization endpoint URL");