Update to oauth 5.0

Author: marlonbaeten

.github/workflows/ci.yml

@@ -12,10 +12,10 @@ jobs:
       contents: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       # build frontend
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: 22
           cache-dependency-path: frontend/package-lock.lock
@@ -24,7 +24,7 @@ jobs:
 
       # build backend
       - uses: dtolnay/rust-toolchain@stable
-      - uses: Swatinem/rust-cache@v2
+      - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
       - run: cargo fmt --check
       - run: cargo clippy --all-features -- --deny "warnings"
       - run: cargo test
@@ -45,7 +45,7 @@ jobs:
         working-directory: release
       - run: git tag $TAG
       - run: git push origin $TAG
-      - uses: softprops/action-gh-release@v2
+      - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
         with:
           body: Automatic release, commit ${{ github.sha }}
           tag_name: ${{ env.TAG }}

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "etes"
-version = "0.2.0"
+version = "0.2.1"
 edition = "2024"
 
 [dependencies]
@@ -17,7 +17,7 @@ cookie = "0.18"
 futures = "0.3"
 hyper = { version = "1.0", features = ["full"] }
 hyper-util = { version = "0.1", features = ["client-legacy"] }
-oauth2 = "4.4"
+oauth2 = "5.0"
 parking_lot = "0.12"
 rand = "0.10"
 reqwest = { version = "0.13", features = ["json"] }

src/auth.rs

@@ -10,8 +10,8 @@ use axum_extra::extract::{PrivateCookieJar, cookie::Cookie};
 use cookie::{Key, SameSite};
 use hyper::header::{ACCEPT, USER_AGENT};
 use oauth2::{
-    AuthUrl, AuthorizationCode, ClientId, ClientSecret, CsrfToken, RedirectUrl, Scope,
-    TokenResponse, TokenUrl, basic::BasicClient, reqwest::async_http_client,
+    AuthUrl, AuthorizationCode, ClientId, ClientSecret, CsrfToken, EndpointNotSet, EndpointSet,
+    RedirectUrl, Scope, TokenResponse, TokenUrl, basic::BasicClient, reqwest as oauth2_reqwest,
 };
 use serde::Deserialize;
 use std::fmt::Debug;
@@ -27,9 +27,13 @@ static GITHUB_TOKEN_URL: &str = "https://github.com/login/oauth/access_token";
 static GITHUB_USER_URL: &str = "https://api.github.com/user";
 static GITHUB_ACCEPT_TYPE: &str = "application/vnd.github+json";
 
+type GithubClient =
+    BasicClient<EndpointSet, EndpointNotSet, EndpointNotSet, EndpointNotSet, EndpointSet>;
+
 #[derive(Clone)]
 pub struct GithubOauthService {
-    oauth_client: BasicClient,
+    oauth_client: GithubClient,
+    http_client: oauth2_reqwest::Client,
     session_key: Key,
 }
 
@@ -43,18 +47,22 @@ impl GithubOauthService {
     /// Creates a new instance of `GithubOauthService`.
     /// Returns a `Result` containing the `GithubOauthService` instance or an `Error` if there was an error creating the service.
     pub fn new(config: &Config) -> anyhow::Result<Self> {
-        let oauth_client = BasicClient::new(
-            ClientId::new(config.github_client_id.clone()),
-            Some(ClientSecret::new(config.github_client_secret.clone())),
-            AuthUrl::from_url(GITHUB_AUTH_URL.parse()?),
-            Some(TokenUrl::from_url(GITHUB_TOKEN_URL.parse()?)),
-        )
-        .set_redirect_uri(RedirectUrl::from_url(config.authorize_url.parse()?));
+        let oauth_client: GithubClient =
+            BasicClient::new(ClientId::new(config.github_client_id.clone()))
+                .set_client_secret(ClientSecret::new(config.github_client_secret.clone()))
+                .set_auth_uri(AuthUrl::from_url(GITHUB_AUTH_URL.parse()?))
+                .set_token_uri(TokenUrl::from_url(GITHUB_TOKEN_URL.parse()?))
+                .set_redirect_uri(RedirectUrl::from_url(config.authorize_url.parse()?));
+
+        let http_client = oauth2_reqwest::Client::builder()
+            .redirect(oauth2_reqwest::redirect::Policy::none())
+            .build()?;
 
         let session_key: Key = Key::from(&sha512(&config.session_key));
 
         Ok(Self {
             oauth_client,
+            http_client,
             session_key,
         })
     }
@@ -111,7 +119,8 @@ pub(super) async fn login(
     let updated_jar = jar.add(csrf_cookie);
 
     // Return the updated cookie jar and a redirect response to the authorization URL
-    Ok((updated_jar, Redirect::to(auth_url.to_string().as_str())))
+    let auth_url = auth_url.to_string();
+    Ok((updated_jar, Redirect::to(&auth_url)))
 }
 
 /// Handles the logout request.
@@ -174,7 +183,7 @@ pub(super) async fn authorize(
     let token = service
         .oauth_client
         .exchange_code(AuthorizationCode::new(query.code.clone()))
-        .request_async(async_http_client)
+        .request_async(&service.http_client)
         .await
         .context("Invalid token provided")?;
 
@@ -198,21 +207,23 @@ pub(super) async fn authorize(
         return Err(AppError::Client(anyhow!("Invalid CSRF token")));
     }
 
-    // Create a new HTTP client
-    let client = reqwest::Client::new();
-
     // Fetch user data from the GitHub API
-    let user: GitHubUser = client
+    let user_response = service
+        .http_client
         .get(GITHUB_USER_URL)
         .header(ACCEPT, HeaderValue::from_static(GITHUB_ACCEPT_TYPE))
         .header(USER_AGENT, HeaderValue::from_static(USER_AGENT_VALUE))
         .bearer_auth(token.access_token().secret())
         .send()
         .await
-        .context("Failed to fetch user data")?
-        .json()
-        .await
-        .context("Failed te deserialize GitHub user data")?;
+        .context("Failed to fetch user data")?;
+    let user: GitHubUser = serde_json::from_slice(
+        &user_response
+            .bytes()
+            .await
+            .context("Failed to read GitHub user response body")?,
+    )
+    .context("Failed te deserialize GitHub user data")?;
 
     // Serialize the user data as a string
     let session_cookie_value = serde_json::to_string(&user)?;

src/github.rs

@@ -177,31 +177,34 @@ impl GitHubState {
 
         for edge in root.data.repository.pull_requests.edges {
             let node = edge.node;
-            let commit = node.status_check_rollup.commit;
 
-            let assignees = node
-                .assignees
-                .edges
-                .into_iter()
-                .map(|edge| edge.node)
-                .collect();
-
-            let pull = Pull {
-                number: node.number,
-                created_at: node.created_at,
-                is_draft: node.is_draft,
-                title: node.title,
-                status: node.status_check_rollup.state,
-                assignees,
-                commit: Commit {
-                    date: commit.authored_date,
-                    hash: commit.oid,
-                    message: None,
-                    url: None,
-                },
-            };
+            if let Some(status_check_rollup) = node.status_check_rollup {
+                let commit = status_check_rollup.commit;
+
+                let assignees = node
+                    .assignees
+                    .edges
+                    .into_iter()
+                    .map(|edge| edge.node)
+                    .collect();
+
+                let pull = Pull {
+                    number: node.number,
+                    created_at: node.created_at,
+                    is_draft: node.is_draft,
+                    title: node.title,
+                    status: status_check_rollup.state,
+                    assignees,
+                    commit: Commit {
+                        date: commit.authored_date,
+                        hash: commit.oid,
+                        message: None,
+                        url: None,
+                    },
+                };
 
-            pulls.push(pull);
+                pulls.push(pull);
+            }
         }
 
         Ok(GitHubState {
@@ -260,13 +263,13 @@ structstruck::strike! {
                                     node: Assignee,
                                 }>,
                             },
-                            status_check_rollup: pub struct StatusCheckRollup {
+                            status_check_rollup: Option<pub struct StatusCheckRollup {
                                 pub commit: struct CheckCommit {
                                     pub authored_date: DateTime<Utc>,
                                     pub oid: CommitHash,
                                 },
                                 pub state: WorkflowStatus,
-                            },
+                            }>,
                         }
                     }>,
                 }

src/main.rs

@@ -3,8 +3,7 @@ use auth::GithubOauthService;
 use axum::{
     Router,
     body::Body,
-    extract::FromRef,
-    extract::State,
+    extract::{FromRef, State},
     http::{HeaderValue, header, header::CONTENT_SECURITY_POLICY},
     middleware::{self, Next},
     routing::{any, get, put},