Auth refactor and token reuse fix

Refactors a lot of the auth package and a bug in token reuse checking.
vercel · Oct 11, 2023 · d200204 · d200204
1 parent e0e444b
commit d200204
Show file tree

Hide file tree

Showing 17 changed files with 1,022 additions and 479 deletions.
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -21,5 +21,8 @@
   },
   "search.exclude": {
     "crates/turbopack-tests/tests/snapshot/**": true
-  }
+  },
+  "rust-analyzer.linkedProjects": [
+    "./crates/turborepo-auth/Cargo.toml"
+  ]
 }
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/turborepo-api-client/Cargo.toml b/crates/turborepo-api-client/Cargo.toml
@@ -15,6 +15,7 @@ turborepo-vercel-api-mock = { workspace = true }
 
 [dependencies]
 anyhow = { workspace = true }
+async-trait.workspace = true
 chrono = { workspace = true, features = ["serde"] }
 lazy_static = { workspace = true }
 regex = { workspace = true }

diff --git a/crates/turborepo-api-client/src/lib.rs b/crates/turborepo-api-client/src/lib.rs
@@ -4,6 +4,7 @@
 
 use std::{backtrace::Backtrace, env};
 
+use async_trait::async_trait;
 use lazy_static::lazy_static;
 use regex::Regex;
 pub use reqwest::Response;
@@ -26,6 +27,66 @@ lazy_static! {
         Regex::new(r"(?i)(?:^|,) *authorization *(?:,|$)").unwrap();
 }
 
+#[async_trait]
+pub trait Client {
+    async fn get_user(&self, token: &str) -> Result<UserResponse>;
+    async fn get_teams(&self, token: &str) -> Result<TeamsResponse>;
+    async fn get_team(&self, token: &str, team_id: &str) -> Result<Option<Team>>;
+    fn add_ci_header(request_builder: RequestBuilder) -> RequestBuilder;
+    fn add_team_params(
+        request_builder: RequestBuilder,
+        team_id: &str,
+        team_slug: Option<&str>,
+    ) -> RequestBuilder;
+    async fn get_caching_status(
+        &self,
+        token: &str,
+        team_id: &str,
+        team_slug: Option<&str>,
+    ) -> Result<CachingStatusResponse>;
+    async fn get_spaces(&self, token: &str, team_id: Option<&str>) -> Result<SpacesResponse>;
+    async fn verify_sso_token(&self, token: &str, token_name: &str) -> Result<VerifiedSsoUser>;
+    async fn put_artifact(
+        &self,
+        hash: &str,
+        artifact_body: &[u8],
+        duration: u64,
+        tag: Option<&str>,
+        token: &str,
+    ) -> Result<()>;
+    async fn handle_403(response: Response) -> Error;
+    async fn fetch_artifact(
+        &self,
+        hash: &str,
+        token: &str,
+        team_id: &str,
+        team_slug: Option<&str>,
+    ) -> Result<Response>;
+    async fn artifact_exists(
+        &self,
+        hash: &str,
+        token: &str,
+        team_id: &str,
+        team_slug: Option<&str>,
+    ) -> Result<Response>;
+    async fn get_artifact(
+        &self,
+        hash: &str,
+        token: &str,
+        team_id: &str,
+        team_slug: Option<&str>,
+        method: Method,
+    ) -> Result<Response>;
+    async fn do_preflight(
+        &self,
+        token: &str,
+        request_url: &str,
+        request_method: &str,
+        request_headers: &str,
+    ) -> Result<PreflightResponse>;
+    fn make_url(&self, endpoint: &str) -> String;
+}
+
 pub struct APIClient {
     client: reqwest::Client,
     base_url: String,
@@ -39,8 +100,9 @@ pub struct APIAuth {
     pub team_slug: Option<String>,
 }
 
-impl APIClient {
-    pub async fn get_user(&self, token: &str) -> Result<UserResponse> {
+#[async_trait]
+impl Client for APIClient {
+    async fn get_user(&self, token: &str) -> Result<UserResponse> {
         let url = self.make_url("/v2/user");
         let request_builder = self
             .client
@@ -55,7 +117,7 @@ impl APIClient {
         Ok(response.json().await?)
     }
 
-    pub async fn get_teams(&self, token: &str) -> Result<TeamsResponse> {
+    async fn get_teams(&self, token: &str) -> Result<TeamsResponse> {
         let request_builder = self
             .client
             .get(self.make_url("/v2/teams?limit=100"))
@@ -70,7 +132,7 @@ impl APIClient {
         Ok(response.json().await?)
     }
 
-    pub async fn get_team(&self, token: &str, team_id: &str) -> Result<Option<Team>> {
+    async fn get_team(&self, token: &str, team_id: &str) -> Result<Option<Team>> {
         let response = self
             .client
             .get(self.make_url("/v2/team"))
@@ -84,7 +146,6 @@ impl APIClient {
 
         Ok(response.json().await?)
     }
-
     fn add_ci_header(mut request_builder: RequestBuilder) -> RequestBuilder {
         if is_ci() {
             if let Some(vendor_constant) = Vendor::get_constant() {
@@ -110,7 +171,7 @@ impl APIClient {
         request_builder
     }
 
-    pub async fn get_caching_status(
+    async fn get_caching_status(
         &self,
         token: &str,
         team_id: &str,
@@ -132,7 +193,7 @@ impl APIClient {
         Ok(response.json().await?)
     }
 
-    pub async fn get_spaces(&self, token: &str, team_id: Option<&str>) -> Result<SpacesResponse> {
+    async fn get_spaces(&self, token: &str, team_id: Option<&str>) -> Result<SpacesResponse> {
         // create url with teamId if provided
         let endpoint = match team_id {
             Some(team_id) => format!("/v0/spaces?limit=100&teamId={}", team_id),
@@ -153,7 +214,7 @@ impl APIClient {
         Ok(response.json().await?)
     }
 
-    pub async fn verify_sso_token(&self, token: &str, token_name: &str) -> Result<VerifiedSsoUser> {
+    async fn verify_sso_token(&self, token: &str, token_name: &str) -> Result<VerifiedSsoUser> {
         let request_builder = self
             .client
             .get(self.make_url("/registration/verify"))
@@ -172,7 +233,7 @@ impl APIClient {
         })
     }
 
-    pub async fn put_artifact(
+    async fn put_artifact(
         &self,
         hash: &str,
         artifact_body: &[u8],
@@ -258,7 +319,7 @@ impl APIClient {
         }
     }
 
-    pub async fn fetch_artifact(
+    async fn fetch_artifact(
         &self,
         hash: &str,
         token: &str,
@@ -269,7 +330,7 @@ impl APIClient {
             .await
     }
 
-    pub async fn artifact_exists(
+    async fn artifact_exists(
         &self,
         hash: &str,
         token: &str,
@@ -320,7 +381,7 @@ impl APIClient {
         }
     }
 
-    pub async fn do_preflight(
+    async fn do_preflight(
         &self,
         token: &str,
         request_url: &str,
@@ -364,20 +425,25 @@ impl APIClient {
         })
     }
 
+    fn make_url(&self, endpoint: &str) -> String {
+        format!("{}{}", self.base_url, endpoint)
+    }
+}
+
+impl APIClient {
     pub fn new(
         base_url: impl AsRef<str>,
         timeout: u64,
         version: &str,
         use_preflight: bool,
-    ) -> Result<Self> {
-        let builder_result = if timeout != 0 {
+    ) -> Result<APIClient> {
+        let client = if timeout != 0 {
             reqwest::Client::builder()
                 .timeout(std::time::Duration::from_secs(timeout))
-                .build()
+                .build()?
         } else {
-            reqwest::Client::builder().build()
+            reqwest::Client::builder().build()?
         };
-        let client = builder_result.map_err(Error::TlsError)?;
 
         let user_agent = format!(
             "turbo {} {} {} {}",
@@ -393,10 +459,6 @@ impl APIClient {
             use_preflight,
         })
     }
-
-    fn make_url(&self, endpoint: &str) -> String {
-        format!("{}{}", self.base_url, endpoint)
-    }
 }
 
 #[cfg(test)]

diff --git a/crates/turborepo-auth/Cargo.toml b/crates/turborepo-auth/Cargo.toml
@@ -18,6 +18,7 @@ turborepo-api-client = { workspace = true }
 turborepo-ui.workspace = true
 turborepo-vercel-api-mock = { workspace = true }
 webbrowser = { workspace = true }
+async-trait.workspace = true
 
 [dev-dependencies]
 port_scanner = { workspace = true }