From a6e03943737b6092a22a931bf017c57a6538ed2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Pomp=C3=A9ry?= <ms@funkpopes.org>
Date: Mon, 15 Jul 2024 21:36:48 +0200
Subject: [PATCH] feat: use the same base URL for all kinds of endpoints (auth,
 PACT API)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously, auth-related endpoints (/auth/token), etc. were
exposed as '$HOSTNAME/2/[...]' – i.e. with `AuthSubPath` in PACT Tech Specs
lingo set to `2`.

With this change, the `AuthSubPath` – which is optional` anyways – is
removed.
---
 endpoint/src/datamodel.rs |  5 +++--
 endpoint/src/main.rs      | 24 +++++++++++++++---------
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/endpoint/src/datamodel.rs b/endpoint/src/datamodel.rs
index d074cc7..1da5f95 100644
--- a/endpoint/src/datamodel.rs
+++ b/endpoint/src/datamodel.rs
@@ -9,6 +9,7 @@
 //!
 //! See https://www.carbon-transparency.com for further details.
 use chrono::{DateTime, Utc};
+use rocket::outcome::IntoOutcome;
 use rocket::serde::{Deserialize, Serialize};
 use rust_decimal::Decimal;
 use schemars::schema::{ArrayValidation, NumberValidation, Schema, StringValidation};
@@ -866,7 +867,7 @@ impl JsonSchema for SpecVersionString {
 
 #[derive(Debug)]
 pub enum UuidError {
-    ParseError(uuid::Error),
+    ParseError,
     VersionError,
 }
 
@@ -874,7 +875,7 @@ impl<'a> rocket::request::FromParam<'a> for PfId {
     type Error = UuidError;
 
     fn from_param(param: &'a str) -> Result<Self, Self::Error> {
-        let uuid = Uuid::parse_str(param).map_err(UuidError::ParseError)?;
+        let uuid = Uuid::parse_str(param).or(Err(UuidError::ParseError))?;
         if uuid.get_version_num() != 4 {
             Err(UuidError::VersionError)
         } else {
diff --git a/endpoint/src/main.rs b/endpoint/src/main.rs
index 08415fe..d339838 100644
--- a/endpoint/src/main.rs
+++ b/endpoint/src/main.rs
@@ -58,13 +58,13 @@ const AUTH_PASSWORD: &str = "pathfinder";
 const API_URL: &str = "https://api.pathfinder.sine.dev";
 
 /// endpoint to retrieve the OpenId configuration document with the token_endpoint
-#[get("/2/.well-known/openid-configuration")]
+#[get("/.well-known/openid-configuration")]
 fn openid_configuration() -> Json<OpenIdConfiguration> {
     let openid_conf = OpenIdConfiguration {
-        token_endpoint: format!("{API_URL}/2/auth/token"),
+        token_endpoint: format!("{API_URL}/auth/token"),
         issuer: url::Url::parse(API_URL).unwrap(),
-        authorization_endpoint: format!("{API_URL}/2/auth/token"),
-        jwks_uri: format!("{API_URL}/2/jwks"),
+        authorization_endpoint: format!("{API_URL}/auth/token"),
+        jwks_uri: format!("{API_URL}/jwks"),
         response_types_supported: vec![format!("token")],
         subject_types_supported: vec![format!("public")],
         id_token_signing_alg_values_supported: vec![format!("RS256")],
@@ -73,7 +73,7 @@ fn openid_configuration() -> Json<OpenIdConfiguration> {
 }
 
 /// endpoint to retrieve the Json Web Key Set to verify the token's signature
-#[get("/2/jwks")]
+#[get("/jwks")]
 fn jwks(state: &State<KeyPair>) -> Json<JwkSet> {
     let pub_key = &state.pub_key;
 
@@ -107,6 +107,12 @@ fn oauth2_create_token(
     body: Form<auth::OAuth2ClientCredentialsBody<'_>>,
     state: &State<KeyPair>,
 ) -> Either<Json<auth::OAuth2TokenReply>, error::OAuth2ErrorMessage> {
+    if body.grant_type != "client_credentials" {
+        return Either::Right(error::OAuth2ErrorMessage {
+            error_description: "The grant type is not supported by this server",
+            error: "unsupported_grant_type",
+        });
+    }
     if req.id == AUTH_USERNAME && req.secret == AUTH_PASSWORD {
         let access_token =
             auth::encode_token(&auth::UserToken { username: req.id }, state).unwrap();
@@ -465,7 +471,7 @@ fn create_server(key_pair: KeyPair) -> rocket::Rocket<rocket::Build> {
         .mount("/", routes![index])
         .mount("/", routes![get_list, get_pcf_unauth, post_event_fallback])
         .mount("/", routes![openid_configuration, jwks])
-        .mount("/2/auth", routes![oauth2_create_token])
+        .mount("/auth", routes![oauth2_create_token])
         .mount(
             "/swagger-ui/",
             make_swagger_ui(&SwaggerUIConfig {
@@ -492,12 +498,12 @@ lazy_static! {
     static ref TEST_KEYPAIR: KeyPair = load_keys();
 }
 
-// tests the /v2/auth/token endpoint
+// tests the /auth/token endpoint
 #[test]
 fn post_auth_action_test() {
     use std::collections::HashMap;
 
-    let auth_uri = "/2/auth/token";
+    let auth_uri = "/auth/token";
 
     let client = &Client::tracked(create_server(TEST_KEYPAIR.clone())).unwrap();
 
@@ -574,7 +580,7 @@ fn verify_token_signature_test() {
 
     let jwt = auth::encode_token(&token, key_pair).ok().unwrap();
 
-    let response = client.get("/2/jwks").dispatch();
+    let response = client.get("/jwks").dispatch();
 
     let jwks: JwkSet = response.into_json().unwrap();