feat: use the same base URL for all kinds of endpoints (auth, PACT API)

Previously, auth-related endpoints (/auth/token), etc. were exposed as '$HOSTNAME/2/[...]' – i.e. with `AuthSubPath` in PACT Tech Specs lingo set to `2`. With this change, the `AuthSubPath` – which is optional` anyways – is removed.
sine-fdn · Jul 15, 2024 · a6e0394 · a6e0394
1 parent 4833b94
commit a6e0394
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 11 deletions.
diff --git a/endpoint/src/datamodel.rs b/endpoint/src/datamodel.rs
@@ -9,6 +9,7 @@
 //!
 //! See https://www.carbon-transparency.com for further details.
 use chrono::{DateTime, Utc};
+use rocket::outcome::IntoOutcome;
 use rocket::serde::{Deserialize, Serialize};
 use rust_decimal::Decimal;
 use schemars::schema::{ArrayValidation, NumberValidation, Schema, StringValidation};
@@ -866,15 +867,15 @@ impl JsonSchema for SpecVersionString {
 
 #[derive(Debug)]
 pub enum UuidError {
-    ParseError(uuid::Error),
+    ParseError,
     VersionError,
 }
 
 impl<'a> rocket::request::FromParam<'a> for PfId {
     type Error = UuidError;
 
     fn from_param(param: &'a str) -> Result<Self, Self::Error> {
-        let uuid = Uuid::parse_str(param).map_err(UuidError::ParseError)?;
+        let uuid = Uuid::parse_str(param).or(Err(UuidError::ParseError))?;
         if uuid.get_version_num() != 4 {
             Err(UuidError::VersionError)
         } else {

diff --git a/endpoint/src/main.rs b/endpoint/src/main.rs
@@ -58,13 +58,13 @@ const AUTH_PASSWORD: &str = "pathfinder";
 const API_URL: &str = "https://api.pathfinder.sine.dev";
 
 /// endpoint to retrieve the OpenId configuration document with the token_endpoint
-#[get("/2/.well-known/openid-configuration")]
+#[get("/.well-known/openid-configuration")]
 fn openid_configuration() -> Json<OpenIdConfiguration> {
     let openid_conf = OpenIdConfiguration {
-        token_endpoint: format!("{API_URL}/2/auth/token"),
+        token_endpoint: format!("{API_URL}/auth/token"),
         issuer: url::Url::parse(API_URL).unwrap(),
-        authorization_endpoint: format!("{API_URL}/2/auth/token"),
-        jwks_uri: format!("{API_URL}/2/jwks"),
+        authorization_endpoint: format!("{API_URL}/auth/token"),
+        jwks_uri: format!("{API_URL}/jwks"),
         response_types_supported: vec![format!("token")],
         subject_types_supported: vec![format!("public")],
         id_token_signing_alg_values_supported: vec![format!("RS256")],
@@ -73,7 +73,7 @@ fn openid_configuration() -> Json<OpenIdConfiguration> {
 }
 
 /// endpoint to retrieve the Json Web Key Set to verify the token's signature
-#[get("/2/jwks")]
+#[get("/jwks")]
 fn jwks(state: &State<KeyPair>) -> Json<JwkSet> {
     let pub_key = &state.pub_key;
 
@@ -107,6 +107,12 @@ fn oauth2_create_token(
     body: Form<auth::OAuth2ClientCredentialsBody<'_>>,
     state: &State<KeyPair>,
 ) -> Either<Json<auth::OAuth2TokenReply>, error::OAuth2ErrorMessage> {
+    if body.grant_type != "client_credentials" {
+        return Either::Right(error::OAuth2ErrorMessage {
+            error_description: "The grant type is not supported by this server",
+            error: "unsupported_grant_type",
+        });
+    }
     if req.id == AUTH_USERNAME && req.secret == AUTH_PASSWORD {
         let access_token =
             auth::encode_token(&auth::UserToken { username: req.id }, state).unwrap();
@@ -465,7 +471,7 @@ fn create_server(key_pair: KeyPair) -> rocket::Rocket<rocket::Build> {
         .mount("/", routes![index])
         .mount("/", routes![get_list, get_pcf_unauth, post_event_fallback])
         .mount("/", routes![openid_configuration, jwks])
-        .mount("/2/auth", routes![oauth2_create_token])
+        .mount("/auth", routes![oauth2_create_token])
         .mount(
             "/swagger-ui/",
             make_swagger_ui(&SwaggerUIConfig {
@@ -492,12 +498,12 @@ lazy_static! {
     static ref TEST_KEYPAIR: KeyPair = load_keys();
 }
 
-// tests the /v2/auth/token endpoint
+// tests the /auth/token endpoint
 #[test]
 fn post_auth_action_test() {
     use std::collections::HashMap;
 
-    let auth_uri = "/2/auth/token";
+    let auth_uri = "/auth/token";
 
     let client = &Client::tracked(create_server(TEST_KEYPAIR.clone())).unwrap();
 
@@ -574,7 +580,7 @@ fn verify_token_signature_test() {
 
     let jwt = auth::encode_token(&token, key_pair).ok().unwrap();
 
-    let response = client.get("/2/jwks").dispatch();
+    let response = client.get("/jwks").dispatch();
 
     let jwks: JwkSet = response.into_json().unwrap();