Merge branch 'release/v0.3.2'

v0.3.1

.gitignore

@@ -4,3 +4,4 @@ simple-auth
 
 tests/python/__pycache__
 tests/bash/response.txt
+tests/data/*.ini

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "simple-auth"
-version = "0.1.0"
+version = "0.3.2"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
@@ -12,6 +12,12 @@ regex = "1"
 tokio = { version = "1.21.1", features = ["full"] }
 async-trait = "0.1.57"
 jwt-simple = "0.11.1"
+simple_logger = "4.0.0"
+log = "0.4.17"
+base64 = "0.13.1"
+serde_json = "1.0"
+
+http = { git = "https://gitea.thegux.fr/rmanach/http", version = "0.1.6" }
 
 # useful for tests (embedded files should be delete in release ?)
 #rust-embed="6.4.1"
@@ -27,3 +33,7 @@ features = ["derive"]
 [dependencies.async-std]
 version = "1.6"
 features = ["attributes"]
+
+[dependencies.serde]
+version = "1.0"
+features = ["derive"]

README.md

@@ -1,6 +1,6 @@
 # simple-auth
 
-A little web server providing JWT token for auth auser.
+A little web server providing JWT token for auth user.
 
 ## Build
 ```bash
@@ -8,12 +8,11 @@ cargo build --release
 ```
 
 ## Configuration
-
 ### Store
 The store represents the credentials. For now, this a `.txt` file with plain passwords. You have to create one like:
 ```txt
 # acts as a comment (only on a start line)
-<username>:<password>
+<email>:<password>
 ```
 **WARN**: the file should have a chmod to **600**.
 
@@ -45,9 +44,19 @@ expiration_time = 2 # in hours
 ```bash
 ./simple-auth <ini_path>
 
-curl http://<ip>:<port>/get/ -d '{"username":"<user>", "password":"<password>"}'
+# get a JWT
+curl http://<ip>:<port>/get/ -d '{"email":"<email>", "password":"<password>"}'
 # should returned
 {"token":"<header>.<payload>.<signature>"}
+
+# validate a JWT
+curl http://<ip>:<port>/validate/ -d '{"token":"<header>.<payload>.<signature>"}'
+# should returned (if valid)
+{"valid":"true"}
+
+# get the public key for local validation
+curl http://<ip>:<port>/pubkey/
+{"pubkey":"<b64_encoded_public_key>"}
 ```
 
 ## Test
@@ -58,28 +67,34 @@ cargo test
 ```
 
 ### integration tests
-* run the server locally or remotly (the URL must be changed if needed in `curling.bash` and `test_requests.py`)
+* do the **configuration** step for your env tests
+* set the following env variables:
+```bash
+export SIMPLE_AUTH_URL="http://<url>:<port>"
+export SIMPLE_AUTH_PUB_KEY="<path_to_pem_pub_key>" # DO NOT USE THIS ONE IN PRODUCTION !
+```
+* run the server (if no one is running remotly)
 * run curl tests
 ```bash
 cd tests/bash/
 ./curling.bash && echo "passed"
 ```
-* run python requests tests
+* run python tests
 ```bash
 # create a python venv
 cd tests/python
 python3 -m venv venv
 source venv/bin/activate
 
-# intall the requirements
+# install the requirements
 pip install -r requirements
 
 # launch the tests
-python -m unitest
+python -m unittest
 ```
 
 ## Documentation
 ```bash
 # add the '--open' arg to open the doc on a browser
-cargo doc --no-deps
+cargo doc -r --no-deps
 ```

src/config/config.rs

@@ -0,0 +1,130 @@
+use configparser::ini::Ini;
+use std::str::FromStr;
+
+#[derive(Clone)]
+pub struct Config {
+    pub jwt_exp_time: u64,
+    pub jwt_issuer: String,
+    pub jwt_priv_key: String,
+    pub jwt_pub_key: String,
+    pub filestore_path: String,
+}
+
+impl Default for Config {
+    fn default() -> Self {
+        Config {
+            jwt_exp_time: 0,
+            jwt_issuer: "".to_string(),
+            jwt_priv_key: "".to_string(),
+            jwt_pub_key: "".to_string(),
+            filestore_path: "".to_string(),
+        }
+    }
+}
+
+impl TryFrom<Ini> for Config {
+    type Error = String;
+    fn try_from(config: Ini) -> Result<Self, Self::Error> {
+        let exp_time = config
+            .get("jwt", "expiration_time")
+            .unwrap_or("".to_string());
+        let jwt_exp_time = {
+            match u64::from_str(&exp_time) {
+                Ok(v) => v,
+                Err(e) => {
+                    log::error!(
+                        "unable to convert JWT expiration time into u64 details={}",
+                        e
+                    );
+                    0
+                }
+            }
+        };
+        let config = Config {
+            jwt_exp_time,
+            jwt_issuer: config.get("jwt", "issuer").unwrap_or("".to_string()),
+            jwt_pub_key: config.get("jwt", "public_key").unwrap_or("".to_string()),
+            jwt_priv_key: config.get("jwt", "private_key").unwrap_or("".to_string()),
+            filestore_path: config.get("store", "path").unwrap_or("".to_string()),
+        };
+
+        if !config.validate() {
+            return Err("ini file configuration validation failed".to_string());
+        }
+
+        Ok(config)
+    }
+}
+
+impl Config {
+    /// validates config ini file
+    fn validate(&self) -> bool {
+        if self.jwt_exp_time <= 0 {
+            log::error!("invalid config parameter: JWT expiration time is negative or equals to 0");
+            return false;
+        }
+
+        if self.jwt_issuer == "" {
+            log::error!("invalid config parameter: JWT issuer is empty");
+            return false;
+        }
+
+        if self.jwt_pub_key == "" {
+            log::error!("invalid config parameter: JWT public key file path is empty");
+            return false;
+        }
+
+        if self.jwt_priv_key == "" {
+            log::error!("invalid config parameter: JWT private key file path is empty");
+            return false;
+        }
+
+        if self.filestore_path == "" {
+            log::error!("invalid config parameter: filestore path is empty");
+            return false;
+        }
+
+        true
+    }
+}
+
+#[test]
+fn test_config() {
+    use std::env;
+
+    let root_path = env::var("CARGO_MANIFEST_DIR").unwrap();
+
+    let config_path = format!("{}/{}/{}/{}", root_path, "tests", "data", "config.ini");
+    let mut config = Ini::new();
+    let _r = config.load(config_path);
+
+    let router_config = Config::try_from(config);
+    assert!(router_config.is_ok());
+}
+
+#[test]
+fn test_bad_config() {
+    use std::env;
+
+    let root_path = env::var("CARGO_MANIFEST_DIR").unwrap();
+
+    let config_path = format!("{}/{}/{}/{}", root_path, "tests", "data", "bad_config.ini");
+    let mut config = Ini::new();
+    let _r = config.load(config_path);
+
+    let router_config = Config::try_from(config);
+    assert!(router_config.is_err());
+}
+
+#[test]
+fn test_bad_config_path() {
+    use std::env;
+
+    let root_path = env::var("CARGO_MANIFEST_DIR").unwrap();
+
+    let config_path = format!("{}/{}/{}/{}", root_path, "tests", "data", "con.ini");
+    let mut config = Ini::new();
+
+    let result = config.load(config_path);
+    assert!(result.is_err());
+}

src/config/mod.rs

@@ -0,0 +1,5 @@
+//! **config** module provides `Config` struct to load and validate `.ini` file.
+
+mod config;
+
+pub use config::Config;

src/http/mod.rs

@@ -1,9 +0,0 @@
-//! http module includes tools to parse an HTTP request and build and HTTP response
-
-pub mod request;
-pub mod response;
-pub mod router;
-
-pub use request::HTTPRequest;
-pub use response::{HTTPResponse, HTTPStatusCode};
-pub use router::{Config, ROUTER};

src/http/request.rs

@@ -1,370 +0,0 @@
-//! request handles properly the incoming request
-//! it will parse the request according to the HTTP message specifications
-//! see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages
-//! NOTE: only few parts of the specification has been implemented
-
-use json;
-use lazy_static::lazy_static;
-use regex::Regex;
-use std::collections::VecDeque;
-
-type RequestParts = (String, VecDeque<String>, String);
-
-const HTTP_REQUEST_SEPARATOR: &'static str = "\r\n";
-const NULL_CHAR: &'static str = "\0";
-
-lazy_static! {
-    static ref HTTP_VERSION_REGEX: Regex = Regex::new("^HTTP/(1.1|1.0|2)$").unwrap();
-}
-
-#[derive(Debug, Copy, Clone)]
-pub enum HTTPVersion {
-    Http1_0,
-    Http1_1,
-    Http2,
-    Unknown,
-}
-
-impl Into<String> for HTTPVersion {
-    fn into(self) -> String {
-        match self {
-            Self::Http1_0 => "HTTP/1.0".to_string(),
-            Self::Http1_1 => "HTTP/1.1".to_string(),
-            Self::Http2 => "HTTP/2".to_string(),
-            Self::Unknown => "UNKNOWN".to_string(),
-        }
-    }
-}
-
-// TODO: not really satifying... could accept `String` too
-impl From<&String> for HTTPVersion {
-    fn from(http_version: &String) -> Self {
-        match http_version.as_str() {
-            "HTTP/1.0" => Self::Http1_0,
-            "HTTP/1.1" => Self::Http1_1,
-            "HTTP/2" => Self::Http2,
-            _ => Self::Unknown,
-        }
-    }
-}
-
-#[derive(Debug)]
-pub struct HTTPStartLine {
-    method: String,
-    target: String,
-    version: HTTPVersion,
-}
-
-impl HTTPStartLine {
-    fn new(method: String, target: String, version: HTTPVersion) -> Self {
-        HTTPStartLine {
-            method,
-            target,
-            version,
-        }
-    }
-
-    fn parse(start_line: &str) -> Result<Self, &str> {
-        // declare a new `start_line` var to borrow to &str `start_line`
-        let start_line = start_line.to_string();
-
-        let parts: Vec<&str> = start_line.split(" ").collect();
-        if parts.len() < 3 {
-            return Err("unable to parse the start correctly");
-        }
-
-        let method = parts[0].to_string();
-        let target = parts[1].to_string();
-        let version = parts[2].to_string();
-
-        if !Self::check_version(&version) {
-            return Err("http version validation failed, unknown version");
-        }
-
-        Ok(HTTPStartLine::new(
-            method,
-            target,
-            HTTPVersion::from(&version),
-        ))
-    }
-
-    fn check_version(version: &String) -> bool {
-        HTTP_VERSION_REGEX.is_match(version)
-    }
-
-    pub fn is_valid(&self) -> bool {
-        return self.method != "" && self.target != "";
-    }
-
-    pub fn get_target(&self) -> String {
-        self.target.clone()
-    }
-}
-
-impl Default for HTTPStartLine {
-    fn default() -> Self {
-        HTTPStartLine {
-            method: "".to_string(),
-
-            target: "".to_string(),
-            version: HTTPVersion::Unknown,
-        }
-    }
-}
-
-impl Into<String> for HTTPStartLine {
-    fn into(self) -> String {
-        let version: String = self.version.into();
-        return format!("{} {} {}", self.method, self.target, version);
-    }
-}
-
-/// represents an HTTP request body
-/// for simplicity, only json body is accepted
-#[derive(Debug)]
-pub struct HTTPBody {
-    data: json::JsonValue,
-}
-
-impl HTTPBody {
-    fn new(data: json::JsonValue) -> HTTPBody {
-        HTTPBody { data }
-    }
-
-    pub fn get_data(&self) -> &json::JsonValue {
-        &self.data
-    }
-}
-
-impl TryFrom<String> for HTTPBody {
-    type Error = String;
-    fn try_from(body: String) -> Result<HTTPBody, Self::Error> {
-        let body = body.replace(NULL_CHAR, "");
-        match json::parse(&body) {
-            Ok(v) => Ok(HTTPBody::new(v)),
-            Err(e) => Err(format!(
-                "error occurred during request body parsing err={}",
-                e
-            )),
-        }
-    }
-}
-
-/// Represents an HTTP request (headers are not parsed)
-#[derive(Debug)]
-pub struct HTTPRequest {
-    pub start_line: HTTPStartLine,
-    pub body: Option<HTTPBody>,
-}
-
-impl HTTPRequest {
-    /// split correctly the incoming request in order to get :
-    /// * start_line
-    /// * headers
-    /// * data (if exists)
-    fn get_request_parts(request: &str) -> Result<RequestParts, String> {
-        // separate the body part from the start_line and the headers
-        let mut request_parts: VecDeque<String> = request
-            .split(HTTP_REQUEST_SEPARATOR)
-            .map(|r| r.to_string())
-            .collect();
-
-        if request_parts.len() < 3 {
-            return Err("request has no enough informations to be correctly parsed".to_string());
-        }
-        let start_line = request_parts.pop_front().unwrap();
-        let body = request_parts.pop_back().unwrap();
-
-        Ok((start_line, request_parts, body))
-    }
-
-    /// parse the request by spliting the incoming request with the separator `\r\n`
-    fn parse(request: &str) -> Result<HTTPRequest, String> {
-        let request = request.to_string();
-
-        match HTTPRequest::get_request_parts(&request) {
-            Ok(rp) => {
-                let mut request = HTTPRequest::default();
-
-                let start_line = HTTPStartLine::parse(&rp.0);
-                match start_line {
-                    Ok(v) => request.start_line = v,
-                    Err(e) => eprintln!("error occurred while parsing start_line err={}", e),
-                }
-
-                let body = HTTPBody::try_from(rp.2);
-                match body {
-                    Ok(v) => request.body = Some(v),
-                    Err(e) => eprintln!("error occurred during body parsing err={}", e),
-                }
-
-                return Ok(request);
-            }
-            Err(e) => {
-                return Err(format!("error occurred getting request parts err={}", e));
-            }
-        }
-    }
-
-    #[allow(dead_code)]
-    pub fn is_valid(&self) -> bool {
-        return self.start_line.is_valid();
-    }
-}
-
-impl Default for HTTPRequest {
-    fn default() -> Self {
-        HTTPRequest {
-            start_line: HTTPStartLine::default(),
-            body: None,
-        }
-    }
-}
-
-impl From<&str> for HTTPRequest {
-    fn from(request: &str) -> Self {
-        match Self::parse(request) {
-            Ok(v) => v,
-            Err(v) => {
-                eprintln!("{}", format!("[ERR]: {v}"));
-                return HTTPRequest::default();
-            }
-        }
-    }
-}
-
-#[test]
-fn test_request() {
-    struct Expect {
-        start_line: String,
-        body: Option<String>,
-        is_valid: bool,
-    }
-
-    let test_cases: [(String, Expect); 11] = [
-        (
-            "POST /get/ HTTP/1.1\r\n\r\n".to_string(),
-            Expect {
-                start_line: "POST /get/ HTTP/1.1".to_string(),
-                body: None,
-                is_valid: true,
-            },
-        ),
-        (
-            "POST /refresh/ HTTP/2\r\n\r\n".to_string(),
-            Expect {
-                start_line: "POST /refresh/ HTTP/2".to_string(),
-                body: None,
-                is_valid: true,
-            },
-        ),
-        (
-            "POST /validate/ HTTP/1.0\r\n\r\n".to_string(),
-            Expect {
-                start_line: "POST /validate/ HTTP/1.0".to_string(),
-                body: None,
-                is_valid: true,
-            },
-        ),
-        (
-            "GET / HTTP/1.1\r\n\r\n".to_string(),
-            Expect {
-                start_line: "GET / HTTP/1.1".to_string(),
-                body: None,
-                is_valid: true,
-            },
-        ),
-        // intentionally add HTTP with no version number
-        (
-            "OPTIONS /admin/2 HTTP/\r\nContent-Type: application/json\r\n".to_string(),
-            Expect {
-                start_line: "  UNKNOWN".to_string(),
-                body: None,
-                is_valid: false,
-            },
-        ),
-        (
-            "POST HTTP".to_string(),
-            Expect {
-                start_line: "  UNKNOWN".to_string(),
-                body: None,
-                is_valid: false,
-            }
-        ),
-        (
-            "".to_string(),
-            Expect {
-                start_line: "  UNKNOWN".to_string(),
-                body: None,
-                is_valid: false,
-            }
-        ),
-        (
-            "fjlqskjd /oks?id=65 HTTP/2\r\n\r\n".to_string(),
-            Expect {
-                start_line: "fjlqskjd /oks?id=65 HTTP/2".to_string(),
-                body: None,
-                is_valid: true,
-            }
-        ),
-        (
-            "   ".to_string(),
-            Expect {
-                start_line: "  UNKNOWN".to_string(),
-                body: None,
-                is_valid: false,
-            }
-        ),
-        (
-            r#"lm //// skkss\r\ndkldklkdl\r\n"{"access_token":"AAAAAAAAAAAA.BBBBBBBBBB.CCCCCCCCCC","refresh_token": "DDDDDDDDDDD.EEEEEEEEEEE.FFFFF"}""#.to_string(),
-            Expect {
-                start_line: "  UNKNOWN".to_string(),
-                body: Some(r#"{"access_token":"AAAAAAAAAAAA.BBBBBBBBBB.CCCCCCCCCC","refresh_token": "DDDDDDDDDDD.EEEEEEEEEEE.FFFFF"}"#.to_string()),
-                is_valid: false,
-            }
-        ),
-        (
-            format!("{}\r\nuselessheaders\r\n{}", "POST /refresh/ HTTP/1.1", r#"{"access_token": "toto", "refresh_token": "tutu"}"#),
-            Expect {
-                start_line: "POST /refresh/ HTTP/1.1".to_string(),
-                body: Some(r#"{"access_token":"toto","refresh_token":"tutu"}"#.to_string()),
-                is_valid: true,
-            }
-        ),
-    ];
-
-    for (request, expect) in test_cases {
-        let http_request = HTTPRequest::from(request.as_str());
-        println!("{:?}", http_request);
-        assert_eq!(expect.is_valid, http_request.is_valid());
-
-        let start_line: String = http_request.start_line.into();
-        assert_eq!(expect.start_line, start_line);
-
-        match http_request.body {
-            Some(v) => {
-                assert_eq!(expect.body.unwrap(), v.data.dump())
-            }
-            None => continue,
-        }
-    }
-}
-
-#[test]
-fn test_http_body() {
-    let test_cases: [(&str, bool); 3] = [
-        ("hello, how are you ?", false),
-        ("qsdfqsdffqsdffsq", false),
-        (
-            r#"{"access_token":"AAAAAAAAAAAA.BBBBBBBBBB.CCCCCCCCCC","refresh_token": "DDDDDDDDDDD.EEEEEEEEEEE.FFFFF"}"#,
-            true,
-        ),
-    ];
-
-    for (body, is_valid) in test_cases {
-        match HTTPBody::try_from(body.to_string()) {
-            Ok(_) => assert!(is_valid),
-            Err(_) => assert!(!is_valid),
-        }
-    }
-}

src/http/response.rs

@@ -1,145 +0,0 @@
-//! response handles the incoming request parsed `HTTPRequest`
-//! it will build an HTTPResponse corresponding to the HTTP message specs. see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages
-//! NOTE: only few parts of the specification has been implemented
-
-use crate::http::request::HTTPVersion;
-use json;
-
-#[derive(Debug, PartialEq, Clone)]
-pub enum HTTPStatusCode {
-    Http200,
-    Http400,
-    Http403,
-    Http404,
-    Http500,
-}
-
-impl Into<String> for HTTPStatusCode {
-    fn into(self) -> String {
-        match self {
-            Self::Http200 => "200".to_string(),
-            Self::Http400 => "400".to_string(),
-            Self::Http404 => "404".to_string(),
-            Self::Http403 => "403".to_string(),
-            Self::Http500 => "500".to_string(),
-        }
-    }
-}
-
-pub struct HTTPStatusLine {
-    version: HTTPVersion,
-    status_code: HTTPStatusCode,
-}
-
-impl Default for HTTPStatusLine {
-    fn default() -> HTTPStatusLine {
-        HTTPStatusLine {
-            version: HTTPVersion::Http1_1,
-            status_code: HTTPStatusCode::Http400,
-        }
-    }
-}
-
-impl Into<String> for HTTPStatusLine {
-    fn into(self) -> String {
-        let version: String = self.version.into();
-        let status_code: String = self.status_code.into();
-        format! {"{} {}", version, status_code}
-    }
-}
-
-impl HTTPStatusLine {
-    pub fn set_status_code(&mut self, code: HTTPStatusCode) {
-        self.status_code = code;
-    }
-
-    #[allow(dead_code)]
-    pub fn get_status_code(&self) -> HTTPStatusCode {
-        self.status_code.clone()
-    }
-}
-
-/// represents an HTTP response (headers are not parsed)
-/// NOTE: for simplicity, only JSON body are accepted
-pub struct HTTPResponse {
-    pub status_line: HTTPStatusLine,
-    body: json::JsonValue,
-}
-
-impl Default for HTTPResponse {
-    fn default() -> Self {
-        HTTPResponse {
-            status_line: HTTPStatusLine::default(),
-            body: json::parse(r#"{"error": "the incoming request is not valid"}"#).unwrap(),
-        }
-    }
-}
-
-impl Into<String> for HTTPResponse {
-    fn into(self) -> String {
-        // move `self.body` into a new var
-        let b = self.body;
-        let body: String = json::stringify(b);
-
-        let status_line: String = self.status_line.into();
-        format!(
-            "{}\r\nContent-Type: application/json\r\nContent-Length: {}\r\n\r\n{}",
-            status_line,
-            body.len(),
-            body
-        )
-    }
-}
-
-impl HTTPResponse {
-    pub fn as_500() -> Self {
-        let mut response = Self::default();
-
-        response
-            .status_line
-            .set_status_code(HTTPStatusCode::Http500);
-        response.body = json::parse(r#"{"error": "unexpected error occurred"}"#).unwrap();
-
-        response
-    }
-
-    pub fn as_404() -> Self {
-        let mut response = Self::default();
-
-        response
-            .status_line
-            .set_status_code(HTTPStatusCode::Http404);
-        response.body = json::parse(r#"{"error": "the url requested does not exist"}"#).unwrap();
-
-        response
-    }
-
-    pub fn as_403() -> Self {
-        let mut response = HTTPResponse {
-            status_line: HTTPStatusLine::default(),
-            body: json::parse(r#"{"error": "invalid credentials"}"#).unwrap(),
-        };
-        response
-            .status_line
-            .set_status_code(HTTPStatusCode::Http403);
-        response
-    }
-
-    /// wrap the `Self::default()` associated func (not really clear)
-    pub fn as_400() -> Self {
-        Self::default()
-    }
-
-    // TODO: need to be adjust to accept `json::JsonValue`
-    pub fn as_200(token: String) -> Self {
-        let mut response = Self::default();
-
-        response
-            .status_line
-            .set_status_code(HTTPStatusCode::Http200);
-
-        response.body = json::parse(format!(r#"{{"token": "{}"}}"#, token).as_str()).unwrap();
-
-        response
-    }
-}

src/http/router.rs

@@ -1,251 +0,0 @@
-//! router aims to handle correctly the request corresponding to the target
-//! it implements all the logic to build an `HTTPResponse`
-
-use super::{HTTPRequest, HTTPResponse};
-use crate::stores::FileStore;
-use crate::stores::Store;
-use configparser::ini::Ini;
-use jwt_simple::prelude::*;
-use lazy_static::lazy_static;
-use std::collections::HashMap;
-use std::future::Future;
-use std::pin::Pin;
-use std::str::FromStr;
-
-type FuturePinned<HTTPResponse> = Pin<Box<dyn Future<Output = HTTPResponse>>>;
-type Handler = fn(HTTPRequest, Config) -> FuturePinned<HTTPResponse>;
-
-#[derive(Clone)]
-pub struct Config {
-    jwt_exp_time: u64,
-    jwt_issuer: String,
-    jwt_priv_key: String,
-    jwt_pub_key: String,
-    filestore_path: String,
-}
-
-impl Default for Config {
-    fn default() -> Self {
-        Config {
-            jwt_exp_time: 0,
-            jwt_issuer: "".to_string(),
-            jwt_priv_key: "".to_string(),
-            jwt_pub_key: "".to_string(),
-            filestore_path: "".to_string(),
-        }
-    }
-}
-
-impl TryFrom<Ini> for Config {
-    type Error = String;
-    fn try_from(config: Ini) -> Result<Self, Self::Error> {
-        let exp_time = config
-            .get("jwt", "expiration_time")
-            .unwrap_or("".to_string());
-        let jwt_exp_time = {
-            match u64::from_str(&exp_time) {
-                Ok(v) => v,
-                Err(e) => {
-                    eprintln!("unable to convert JWT expiration time into u64 err={}", e);
-                    0
-                }
-            }
-        };
-        let config = Config {
-            jwt_exp_time,
-            jwt_issuer: config.get("jwt", "issuer").unwrap_or("".to_string()),
-            jwt_pub_key: config.get("jwt", "public_key").unwrap_or("".to_string()),
-            jwt_priv_key: config.get("jwt", "private_key").unwrap_or("".to_string()),
-            filestore_path: config.get("store", "path").unwrap_or("".to_string()),
-        };
-
-        if !config.validate() {
-            return Err("ini file configuration validation failed".to_string());
-        }
-
-        Ok(config)
-    }
-}
-
-impl Config {
-    /// validates config ini file
-    fn validate(&self) -> bool {
-        if self.jwt_exp_time <= 0 {
-            eprintln!("invalid config parameter: JWT expiration time is negative or equals to 0");
-            return false;
-        }
-
-        if self.jwt_issuer == "" {
-            eprintln!("invalid config parameter: JWT issuer is empty");
-            return false;
-        }
-
-        // TODO: check if the file exists and rights are ok
-        if self.jwt_pub_key == "" {
-            eprintln!("invalid config parameter: JWT public key file path is empty");
-            return false;
-        }
-
-        // TODO: check if the file exists and rights are ok
-        if self.jwt_priv_key == "" {
-            eprintln!("invalid config parameter: JWT private key file path is empty");
-            return false;
-        }
-
-        if self.filestore_path == "" {
-            eprintln!("invalid config parameter: filestore path is empty");
-            return false;
-        }
-
-        true
-    }
-}
-
-fn handle_get(request: HTTPRequest, config: Config) -> FuturePinned<HTTPResponse> {
-    Box::pin(async move {
-        let mut store = FileStore::new(config.filestore_path);
-        match &request.body {
-            Some(ref b) => {
-                let is_auth = store.is_auth(&b.get_data()).await;
-                if !is_auth {
-                    return HTTPResponse::as_403();
-                }
-
-                let priv_key_content = {
-                    match std::fs::read_to_string(config.jwt_priv_key) {
-                        Ok(c) => c,
-                        Err(e) => {
-                            eprintln!("error while reading JWT priv key content err={}", e);
-                            "".to_string()
-                        }
-                    }
-                };
-                let jwt_key = {
-                    match RS384KeyPair::from_pem(priv_key_content.as_str()) {
-                        Ok(k) => k,
-                        // TODO: set error in the message body
-                        Err(e) => {
-                            eprintln!("error occurred while getting private key err={}", e);
-                            return HTTPResponse::as_500();
-                        }
-                    }
-                };
-                let mut claims = Claims::create(Duration::from_hours(config.jwt_exp_time));
-                claims.issuer = Some(config.jwt_issuer);
-
-                match jwt_key.sign(claims) {
-                    Ok(token) => HTTPResponse::as_200(token),
-                    // TODO: set the error in the message body
-                    Err(e) => {
-                        eprintln!("error occurred while signing the token err={}", e);
-                        return HTTPResponse::as_500();
-                    }
-                }
-            }
-            None => HTTPResponse::as_400(),
-        }
-    })
-}
-
-/// validates the token by checking:
-/// * expiration time
-fn handle_validate(request: HTTPRequest, _config: Config) -> FuturePinned<HTTPResponse> {
-    Box::pin(async move {
-        match &request.body {
-            Some(ref _b) => {
-                // TODO: impl the JWT validation
-                HTTPResponse::as_200("header.payload.signature".to_string())
-            }
-            None => HTTPResponse::as_400(),
-        }
-    })
-}
-
-lazy_static! {
-    /// defines the map between the URL and its associated callback
-    /// each authorized targets must implement a function returning `FuturePinned<HTTPResponse>`
-    // TODO: a macro should be implemented to mask the implementation details
-    static ref HTTP_METHODS: HashMap<&'static str, Handler> =
-        HashMap::from(
-            [
-                ("/get/", handle_get as Handler),
-                ("/validate/", handle_validate as Handler)
-            ]
-        );
-}
-
-pub struct Router;
-
-impl Router {
-    pub async fn route(&self, request_str: &str, config: Config) -> HTTPResponse {
-        let request = HTTPRequest::from(request_str);
-        let target = request.start_line.get_target();
-
-        match HTTP_METHODS.get(target.as_str()) {
-            Some(f) => f(request, config).await,
-            None => HTTPResponse::as_404(),
-        }
-    }
-}
-
-// this MUST be used like a Singleton
-pub const ROUTER: Router = Router {};
-
-#[tokio::test]
-async fn test_route() {
-    use super::HTTPStatusCode;
-
-    let router: &Router = &ROUTER;
-    let config: Config = Config::default();
-    let request_str = "POST /get/ HTTP/1.1\r\n\r\n";
-
-    let response: HTTPResponse = router.route(request_str, config).await;
-    assert_eq!(
-        HTTPStatusCode::Http400,
-        response.status_line.get_status_code()
-    );
-}
-
-#[test]
-fn test_config() {
-    use std::env;
-
-    let root_path = env::var("CARGO_MANIFEST_DIR").unwrap();
-
-    // TODO: path::Path should be better
-    let config_path = format!("{}/{}/{}/{}", root_path, "tests", "data", "config.ini");
-    let mut config = Ini::new();
-    let _r = config.load(config_path);
-
-    let router_config = Config::try_from(config);
-    assert!(router_config.is_ok());
-}
-
-#[test]
-fn test_bad_config() {
-    use std::env;
-
-    let root_path = env::var("CARGO_MANIFEST_DIR").unwrap();
-
-    // TODO: path::Path should be better
-    let config_path = format!("{}/{}/{}/{}", root_path, "tests", "data", "bad_config.ini");
-    let mut config = Ini::new();
-    let _r = config.load(config_path);
-
-    let router_config = Config::try_from(config);
-    assert!(router_config.is_err());
-}
-
-#[test]
-fn test_bad_config_path() {
-    use std::env;
-
-    let root_path = env::var("CARGO_MANIFEST_DIR").unwrap();
-
-    // TODO: path::Path should be better
-    let config_path = format!("{}/{}/{}/{}", root_path, "tests", "data", "con.ini");
-    let mut config = Ini::new();
-
-    let result = config.load(config_path);
-    assert!(result.is_err());
-}

src/jwt/jwt.rs

@@ -0,0 +1,132 @@
+use crate::config::Config;
+use jwt_simple::common::VerificationOptions;
+use jwt_simple::prelude::*;
+use serde::{Deserialize, Serialize};
+use std::collections::HashSet;
+use tokio::fs;
+
+use crate::message::JWTMessage;
+use crate::stores::Credentials;
+
+#[derive(Serialize, Deserialize)]
+struct JWTCustomClaims {
+    email: String,
+}
+
+pub struct JWTSigner {
+    private_key: String,
+    public_key: String,
+    issuer: String,
+    exp_time: u64,
+}
+
+impl JWTSigner {
+    // NOTE: could be included in a Trait: `TryFrom` but difficult to handle with async
+    pub async fn new(config: Config) -> Result<Self, String> {
+        let mut jwt_signer = JWTSigner {
+            private_key: "".to_string(),
+            public_key: "".to_string(),
+            issuer: config.jwt_issuer,
+            exp_time: config.jwt_exp_time,
+        };
+
+        match fs::read_to_string(config.jwt_priv_key).await {
+            Ok(c) => {
+                jwt_signer.private_key = c;
+            }
+            Err(e) => {
+                return Err(format!("unable to read the private key details={}", e));
+            }
+        }
+
+        match fs::read_to_string(config.jwt_pub_key).await {
+            Ok(c) => {
+                jwt_signer.public_key = c;
+            }
+            Err(e) => {
+                return Err(format!("unable to read the public key details={}", e));
+            }
+        }
+
+        Ok(jwt_signer)
+    }
+
+    fn get_verification_options(&self) -> VerificationOptions {
+        let mut verification_options = VerificationOptions::default();
+
+        let mut issuers: HashSet<String> = HashSet::new();
+        issuers.insert(self.issuer.clone());
+        verification_options.allowed_issuers = Some(issuers);
+
+        verification_options
+    }
+
+    /// sign builds and signs the token
+    pub fn sign(&self, credentials: Credentials) -> Result<String, String> {
+        let jwt_key = {
+            match RS384KeyPair::from_pem(&self.private_key) {
+                Ok(k) => k,
+                Err(e) => {
+                    return Err(format!("unable to load the private key details={}", e));
+                }
+            }
+        };
+        let mut claims = Claims::with_custom_claims(
+            JWTCustomClaims {
+                email: credentials.get_email(),
+            },
+            Duration::from_hours(self.exp_time),
+        );
+        claims.issuer = Some(self.issuer.clone());
+
+        match jwt_key.sign(claims) {
+            Ok(token) => {
+                // TODO: need to generate the refresh token
+                return Ok(serde_json::to_string(&JWTMessage::with_access(token)).unwrap());
+            }
+            Err(e) => {
+                return Err(format!("unable to sign the token details={}", e));
+            }
+        }
+    }
+
+    pub fn validate(&self, token: &str) -> Result<(), String> {
+        let verification_options = self.get_verification_options();
+        match RS384PublicKey::from_pem(&self.public_key) {
+            Ok(key) => {
+                if let Err(e) =
+                    key.verify_token::<NoCustomClaims>(token, Some(verification_options))
+                {
+                    return Err(format!("token validation failed details={}", e));
+                }
+                Ok(())
+            }
+            Err(e) => Err(format!(
+                "token validation failed, can't read the public key details={}",
+                e
+            )),
+        }
+    }
+
+    pub fn get_public_key(&self) -> String {
+        self.public_key.clone()
+    }
+}
+
+#[tokio::test]
+async fn test_signer() {
+    use configparser::ini::Ini;
+    use std::env;
+
+    let root_path = env::var("CARGO_MANIFEST_DIR").unwrap();
+
+    let config_path = format!("{}/{}/{}/{}", root_path, "tests", "data", "config.ini");
+    let mut config = Ini::new();
+    let _r = config.load(config_path);
+
+    let router_config = Config::try_from(config);
+    assert!(router_config.is_ok());
+
+    let jwt_signer = JWTSigner::new(router_config.unwrap());
+    assert!(jwt_signer.await.is_ok());
+}

src/jwt/mod.rs

@@ -0,0 +1,5 @@
+//! **jwt** module aims to read `.pem` files and sign/validate the token.
+
+mod jwt;
+
+pub use jwt::JWTSigner;

src/main.rs

@@ -1,4 +1,7 @@
-mod http;
+mod config;
+mod jwt;
+mod message;
+mod router;
 mod stores;
 
 use clap::Parser;
@@ -6,9 +9,11 @@ use configparser::ini::Ini;
 use tokio::{
     io::{AsyncReadExt, AsyncWriteExt},
     net::{TcpListener, TcpStream},
+    time::{timeout, Duration},
 };
 
-use http::{Config, ROUTER};
+use crate::router::ROUTER;
+use config::Config;
 
 #[derive(Parser)]
 #[clap(author, version, about, long_about = None)]
@@ -19,13 +24,14 @@ struct Cli {
 
 #[tokio::main]
 async fn main() {
+    simple_logger::init_with_level(log::Level::Info).unwrap();
     let args = Cli::parse();
 
     let mut config = Ini::new();
     match config.load(args.config) {
         Ok(c) => c,
         Err(e) => {
-            eprintln!("error while loading the config file, err={}", e);
+            log::error!("error while loading the config file details={}", e);
             std::process::exit(1);
         }
     };
@@ -34,37 +40,61 @@ async fn main() {
     let listener = {
         match TcpListener::bind(&server_url).await {
             Ok(t) => {
-                println!("server is listening on '{}'", server_url);
+                log::info!("server is listening on '{}'", server_url);
                 t
             }
             Err(e) => {
-                eprintln!("error occurred while initializing tcp listener err={}", e);
+                log::error!("while initializing tcp listener details={}", e);
                 std::process::exit(1);
             }
         }
     };
 
-    let router_config: Config = if let Ok(c) = Config::try_from(config) {
+    let router_config: Config = {
-        c
+        match Config::try_from(config) {
-    } else {
+            Ok(c) => c,
+            Err(e) => {
+                log::error!("unable to load the configuration details={}", e);
                 std::process::exit(1);
+            }
+        }
     };
 
     loop {
-        let (stream, _) = listener.accept().await.unwrap();
+        let (stream, addr) = listener.accept().await.unwrap();
-        handle_connection(stream, router_config.clone()).await;
+        let conf = router_config.clone();
+        tokio::spawn(handle_connection(stream, addr.to_string(), conf.clone()));
     }
 }
 
-/// parses the incoming request (partial spec implementation) and build an HTTP response
+/// handle_connection parses the incoming request and builds an HTTP response
-async fn handle_connection(mut stream: TcpStream, config: Config) {
+async fn handle_connection(mut stream: TcpStream, addr: String, config: Config) {
-    let mut buffer: [u8; 1024] = [0; 1024];
+    log::info!("client connected: {}", addr);
-    let n = stream.read(&mut buffer).await.unwrap();
 
-    let request_string = std::str::from_utf8(&buffer[0..n]).unwrap();
+    let mut message = vec![];
+    let mut buffer: [u8; 1024] = [0; 1024];
+
+    let duration = Duration::from_millis(5);
+
+    // loop until the message is read
+    // the stream can be fragmented so, using a timeout (5ms should be far enough) for the future for completion
+    // after the timeout, the message is "considered" as entirely read
+    loop {
+        match timeout(duration, stream.read(&mut buffer)).await {
+            Ok(v) => {
+                let n = v.unwrap();
+                message.extend_from_slice(&buffer[0..n]);
+            }
+            Err(_e) => break,
+        }
+    }
+
+    let request_string = std::str::from_utf8(&message).unwrap();
     let response = ROUTER.route(request_string, config).await;
     let response_str: String = response.into();
 
     stream.write(response_str.as_bytes()).await.unwrap();
     stream.flush().await.unwrap();
+
+    log::info!("connection closed: {}", addr);
 }

src/message/message.rs

@@ -0,0 +1,48 @@
+use serde::Serialize;
+
+#[derive(Serialize)]
+/// JWTMessage aims to have a generic struct to build JSON HTTP response message with JWT informations
+pub struct JWTMessage {
+    #[serde(skip_serializing_if = "String::is_empty")]
+    access_token: String,
+    #[serde(skip_serializing_if = "String::is_empty")]
+    refresh_token: String,
+    #[serde(skip_serializing_if = "String::is_empty")]
+    pubkey: String,
+}
+
+impl JWTMessage {
+    pub fn with_access(access_token: String) -> Self {
+        JWTMessage {
+            access_token: access_token,
+            refresh_token: "".to_string(),
+            pubkey: "".to_string(),
+        }
+    }
+
+    pub fn with_pubkey(pubkey: String) -> Self {
+        JWTMessage {
+            access_token: "".to_string(),
+            refresh_token: "".to_string(),
+            pubkey: base64::encode(pubkey),
+        }
+    }
+}
+
+#[derive(Serialize, Default)]
+/// ValidationMessage aims to build a JSON HTTP response body for JWT validation
+pub struct ValidationMessage {
+    valid: bool,
+    #[serde(skip_serializing_if = "String::is_empty")]
+    reason: String,
+}
+
+impl ValidationMessage {
+    pub fn set_valid(&mut self, valid: bool) {
+        self.valid = valid;
+    }
+
+    pub fn set_reason(&mut self, reason: &str) {
+        self.reason = reason.to_string();
+    }
+}

src/message/mod.rs

@@ -0,0 +1,5 @@
+//! **message** module holds all structs to manage JSON response body for the authentication.
+
+mod message;
+
+pub use message::{JWTMessage, ValidationMessage};

src/router/mod.rs

@@ -0,0 +1,4 @@
+//! **router** module includes all the handlers to get and validate JWT.
+
+mod router;
+pub use router::ROUTER;

src/router/router.rs

@@ -0,0 +1,162 @@
+use http::{HTTPRequest, HTTPResponse, JSONMessage};
+use json::JsonValue;
+
+use crate::config::Config;
+use crate::jwt::JWTSigner;
+use crate::message::{JWTMessage, ValidationMessage};
+use crate::stores::{Credentials, FileStore, Store};
+
+// TODO: must be mapped with corresponding handler
+const GET_ROUTE: &'static str = "/get/";
+const VALIDATE_ROUTE: &'static str = "/validate/";
+const PUBKEY_ROUTE: &'static str = "/pubkey/";
+
+async fn handle_get(request: HTTPRequest<'_>, config: Config, method: &str) -> HTTPResponse {
+    if method.trim().to_lowercase() != "post" {
+        return HTTPResponse::as_400();
+    }
+
+    let mut store = FileStore::new(config.filestore_path.clone());
+
+    match request.get_body() {
+        Some(d) => {
+            let credentials = Credentials::from(d);
+            if credentials.is_empty() {
+                log::error!("unable to parse the credentials correctly from the incoming request");
+                return HTTPResponse::as_400();
+            }
+
+            if !store.is_auth(&credentials).await {
+                return HTTPResponse::as_403();
+            }
+
+            let jwt_signer = {
+                match JWTSigner::new(config).await {
+                    Ok(s) => s,
+                    Err(e) => {
+                        let message = JSONMessage::error(&e);
+                        return HTTPResponse::as_500(message);
+                    }
+                }
+            };
+
+            match jwt_signer.sign(credentials) {
+                Ok(t) => send_token(&t),
+                Err(e) => {
+                    let message = JSONMessage::error(&e);
+                    return HTTPResponse::as_500(message);
+                }
+            }
+        }
+        None => HTTPResponse::as_400(),
+    }
+}
+
+/// handle_validate validates the token by checking:
+/// * expiration time
+/// * signature
+async fn handle_validate(request: HTTPRequest<'_>, config: Config, method: &str) -> HTTPResponse {
+    if request.get_method().trim().to_lowercase() != method {
+        return HTTPResponse::as_400();
+    }
+
+    let token = {
+        match request.get_body_value("token") {
+            Some(t) => t,
+            None => {
+                let mut message = ValidationMessage::default();
+                message.set_reason("no token provided in the request body");
+
+                let json = json::parse(&serde_json::to_string(&message).unwrap()).unwrap();
+                return HTTPResponse::as_200(Some(json));
+            }
+        }
+    };
+
+    let jwt_signer = {
+        match JWTSigner::new(config).await {
+            Ok(s) => s,
+            Err(e) => {
+                let message = JSONMessage::error(&e);
+                let json = message.try_into().unwrap();
+                return HTTPResponse::as_500(Some(json));
+            }
+        }
+    };
+
+    let mut message = ValidationMessage::default();
+    match jwt_signer.validate(&token) {
+        Ok(()) => {
+            message.set_valid(true);
+        }
+        Err(e) => {
+            message.set_reason(&e);
+        }
+    }
+
+    let json: JsonValue = json::parse(&serde_json::to_string(&message).unwrap()).unwrap();
+    HTTPResponse::as_200(Some(json))
+}
+
+/// handle_public_key returns the JWT public key in base64 encoded
+async fn handle_public_key(request: HTTPRequest<'_>, config: Config, method: &str) -> HTTPResponse {
+    if request.get_method().trim().to_lowercase() != method {
+        return HTTPResponse::as_400();
+    }
+
+    let jwt_signer = {
+        match JWTSigner::new(config).await {
+            Ok(s) => s,
+            Err(e) => {
+                let message = JSONMessage::error(&e);
+                let json = message.try_into().unwrap();
+                return HTTPResponse::as_500(Some(json));
+            }
+        }
+    };
+
+    let public_key = jwt_signer.get_public_key();
+    let message = serde_json::to_string(&JWTMessage::with_pubkey(public_key)).unwrap();
+
+    HTTPResponse::as_200(Some(json::parse(&message).unwrap()))
+}
+
+pub struct Router;
+
+impl Router {
+    /// route routes the request to the corresponding handler
+    pub async fn route(&self, request_str: &str, config: Config) -> HTTPResponse {
+        let request = HTTPRequest::from(request_str);
+        match request.get_target() {
+            GET_ROUTE => handle_get(request, config, "post").await,
+            VALIDATE_ROUTE => handle_validate(request, config, "post").await,
+            PUBKEY_ROUTE => handle_public_key(request, config, "get").await,
+            _ => HTTPResponse::as_404(),
+        }
+    }
+}
+
+/// send_token generates an HTTPResponse with the new token
+pub fn send_token(jwt_message: &str) -> HTTPResponse {
+    let message = if jwt_message != "" {
+        jwt_message
+    } else {
+        r#"{"token": "error.generation.token"}"#
+    };
+    HTTPResponse::as_200(Some(json::parse(message).unwrap()))
+}
+
+// this **MUST** be used like a Singleton
+pub const ROUTER: Router = Router {};
+
+#[tokio::test]
+async fn test_route() {
+    use http::HTTPStatusCode;
+
+    let router: &Router = &ROUTER;
+    let config: Config = Config::default();
+    let request_str = "POST /get/ HTTP/1.1\r\n\r\n";
+
+    let response: HTTPResponse = router.route(request_str, config).await;
+    assert_eq!(HTTPStatusCode::Http400, response.get_status_code());
+}

src/stores/file.rs

@@ -1,10 +1,9 @@
 use async_trait::async_trait;
-use json;
 use std::path::Path;
 
 use super::store::{Credentials, Store};
 
-/// references a credentials store file
+/// FileStore references a credentials store file
 pub struct FileStore {
     path: String,
     credentials: Vec<Credentials>,
@@ -18,8 +17,9 @@ impl FileStore {
         }
     }
 
-    /// loads and reads the file asynchonously
+    /// parse_contents loads and reads the file asynchonously
-    /// parses the file line by line to retrieve the credentials
+    ///
+    /// It parses the file line by line to retrieve the credentials
     async fn parse_contents(&mut self) {
         let contents = tokio::fs::read_to_string(&self.path).await;
         let mut credentials: Vec<Credentials> = vec![];
@@ -41,21 +41,18 @@ impl FileStore {
                 }
             }
             Err(e) => {
-                eprintln!(
+                log::error!("while reading store file: {}, details={:?}", self.path, e);
-                    "error occurred while reading store file: {}, err={:?}",
-                    self.path, e
-                );
             }
         }
         self.credentials = credentials;
     }
 
-    /// checks if the credentials exist in the `FileStore`
+    /// auth checks if the credentials exist in the `FileStore`
-    fn auth(&self, username: String, password: String) -> bool {
+    fn auth(&self, email: String, password: String) -> bool {
         let credentials: Vec<&Credentials> = self
             .credentials
             .iter()
-            .filter(|x| x.username == username && x.password == password)
+            .filter(|x| *x.get_email() == email && *x.get_password() == password)
             .collect();
         if credentials.len() == 1 {
             return true;
@@ -66,21 +63,15 @@ impl FileStore {
 
 #[async_trait]
 impl Store for FileStore {
-    async fn is_auth(&mut self, data: &json::JsonValue) -> bool {
+    async fn is_auth(&mut self, credentials: &Credentials) -> bool {
         // ensure that the store file already exists even after its instanciation
         if !Path::new(&self.path).is_file() {
-            eprintln!("{} path referencing file store does not exist", self.path);
+            log::error!("{} path referencing file store does not exist", self.path);
-            return false;
-        }
-
-        let credentials = Credentials::from(data);
-        if credentials.is_empty() {
-            eprintln!("unable to parse the credentials correctly from the incoming request");
             return false;
         }
 
         self.parse_contents().await;
-        self.auth(credentials.username, credentials.password)
+        self.auth(credentials.get_email(), credentials.get_password())
     }
 }
 
@@ -89,11 +80,14 @@ async fn test_store() {
     use std::env;
 
     let root_path = env::var("CARGO_MANIFEST_DIR").unwrap();
-    // TODO: path::Path should be better
     let store_path = format!("{}/{}/{}/{}", root_path, "tests", "data", "store.txt");
 
     let mut store = FileStore::new(store_path);
 
-    let data = json::parse(r#"{"username": "toto", "password": "tata"}"#).unwrap();
+    let data = json::parse(r#"{"email": "toto@toto.fr", "password": "tata"}"#).unwrap();
-    assert_eq!(store.is_auth(&data).await, true);
+    let credentials = Credentials::from(&data);
+    assert_eq!(credentials.get_email(), "toto@toto.fr");
+
+    let is_auth = store.is_auth(&credentials).await;
+    assert_eq!(true, is_auth);
 }

src/stores/mod.rs

@@ -1,11 +1,10 @@
-//! store module lists interfaces available to check request credentials
+//! **store** module lists interfaces available to check credentials. Each store must implement the trait `is_auth`.
-//! each store must implement the trait `is_auth`
+//!
-//! two stores are available :
+//! For now one store is available:
 //! * `FileStore`: credentials stored in a text file (like **/etc/passwd**)
-//! * `DBStore`: credentials stored in a database (TODO)
 
 mod file;
 mod store;
 
 pub use file::FileStore;
-pub use store::Store;
+pub use store::{Credentials, Store};

src/stores/store.rs

@@ -1,57 +1,55 @@
 use async_trait::async_trait;
-use json;
+use json::JsonValue;
-use json::object::Object;
+use serde::Deserialize;
 
 #[async_trait]
 pub trait Store {
-    async fn is_auth(&mut self, data: &json::JsonValue) -> bool;
+    async fn is_auth(&mut self, data: &Credentials) -> bool;
 }
 
-/// extracts `String` json value from a key
+#[derive(Default, Debug, Deserialize)]
-fn extract_json_value(data: &Object, key: &str) -> String {
-    if let Some(u) = data.get(key) {
-        match u.as_str() {
-            Some(s) => return s.to_string(),
-            None => return "".to_string(),
-        }
-    };
-    "".to_string()
-}
-
-#[derive(Default, Debug)]
 pub struct Credentials {
-    pub username: String,
+    email: String,
-    pub password: String,
+    password: String,
 }
 
+/// Credentials represents the incoming user credentials for authentication checking
 impl Credentials {
-    pub fn new(username: String, password: String) -> Self {
+    pub fn new(email: String, password: String) -> Self {
-        Credentials { username, password }
+        Credentials { email, password }
+    }
+
+    pub fn get_email(&self) -> String {
+        self.email.clone()
+    }
+
+    pub fn get_password(&self) -> String {
+        self.password.clone()
     }
 
     pub fn is_empty(&self) -> bool {
-        self.username == "" || self.password == ""
+        self.email == "" || self.password == ""
     }
 }
 
-impl From<&json::JsonValue> for Credentials {
+// TODO: could be less restrictive with `From<&str>`
-    fn from(data: &json::JsonValue) -> Self {
+impl From<&JsonValue> for Credentials {
-        let mut credentials = Credentials::default();
+    fn from(data: &JsonValue) -> Self {
-        match data {
+        let res = serde_json::from_str(&data.dump());
-            json::JsonValue::Object(ref d) => {
+        match res {
-                credentials.username = extract_json_value(&d, "username");
+            Ok(c) => c,
-                credentials.password = extract_json_value(&d, "password");
+            Err(e) => {
+                log::warn!("unable to deserialize credentials: {}", e);
+                return Credentials::default();
             }
-            _ => return credentials,
         }
-        credentials
     }
 }
 
 #[test]
 fn test_credentials() {
     struct Expect {
-        data: json::JsonValue,
+        data: JsonValue,
         is_empty: bool,
     }
     let test_cases: [Expect; 2] = [
@@ -60,7 +58,7 @@ fn test_credentials() {
             is_empty: true
         },
         Expect {
-            data: json::parse(r#"{"username":"toto","password": "tata"}"#).unwrap(),
+            data: json::parse(r#"{"email":"toto@toto.fr","password": "tata"}"#).unwrap(),
             is_empty: false
         }
     ];

tests/bash/curling.bash

@@ -6,20 +6,41 @@
 #
 #######################################
 
-URL="https://dev.thegux.fr"
+URL=${SIMPLE_AUTH_URL}
+if [ -z ${URL} ]
+then
+	echo "[WARN]: SIMPLE_AUTH_URL is empty, set to http://localhost:5555"
+	URL="http://localhost:5555"
+fi
 
 for i in {0..10}
 do
 	http_response=$(curl -s -o response.txt -w "%{http_code}" ${URL}/get/ -d '{"username":"toto", "password":"tutu"}')
-	if [ $http_response != "403" ]
+	if [ $http_response != "400" ]
 	then
-		echo "bad http status code : ${http_response}, expect 200"
+		echo "bad http status code : ${http_response}, expect 400"
 		exit 1
 	fi
 
-	if [ "$(cat response.txt | jq -r '.error')" != "invalid credentials" ]
+	if [ "$(cat response.txt | jq -r '.error')" != "bad request" ]
 	then
-		echo "bad data returned, expect : invalid credentials"
+		echo "bad data returned, expect : bad request"
+		exit 1
+	fi
+done
+
+for i in {0..10}
+do
+	http_response=$(curl -s -o response.txt -w "%{http_code}" ${URL}/get/ -d '{"email":"toto", "password":"tutu"}')
+	if [ $http_response != "403" ]
+	then
+		echo "bad http status code : ${http_response}, expect 403"
+		exit 1
+	fi
+
+	if [ "$(cat response.txt | jq -r '.error')" != "url forbidden" ]
+	then
+		echo "bad data returned, expect : url forbidden"
 		exit 1
 	fi
 done
@@ -30,7 +51,18 @@ do
 	http_response=$(curl -s -o response.txt -w "%{http_code}" ${URL}/ge/ -d '{"username":"toto", "password":"tutu"}')
 	if [ $http_response != "404" ]
 	then
-		echo "bad http status code : ${http_response}, expect 400"
+		echo "bad http status code : ${http_response}, expect 404"
+		exit 1
+	fi
+done
+
+
+for i in {0..10}
+do
+	http_response=$(curl -s -o response.txt -w "%{http_code}" ${URL}/pubkey/)
+	if [ $http_response != "200" ]
+	then
+		echo "bad http status code : ${http_response}, expect 200"
 		exit 1
 	fi
 done

tests/data/store.txt

@@ -1,4 +1,4 @@
 # this a test password storage with password in clear
 # need to be updated in the future to encrypt or hash the password
-# <username>:<password>
+# <email>:<password>
-toto:tata
+toto@toto.fr:tata

tests/python/requirements.txt

@@ -1,8 +1,10 @@
 attrs==22.1.0
 black==22.8.0
 certifi==2022.9.14
+cffi==1.15.1
 charset-normalizer==2.1.1
 click==8.1.3
+cryptography==38.0.1
 idna==3.4
 iniconfig==1.1.1
 mypy-extensions==0.4.3
@@ -11,7 +13,10 @@ pathspec==0.10.1
 platformdirs==2.5.2
 pluggy==1.0.0
 py==1.11.0
+pycparser==2.21
+PyJWT==2.5.0
 pyparsing==3.0.9
 requests==2.28.1
 tomli==2.0.1
+types-cryptography==3.3.23
 urllib3==1.26.12

tests/python/test_requests.py

@@ -1,41 +1,75 @@
+import base64
 import jwt
+import os
 import requests
 
 from datetime import datetime
-
 from unittest import TestCase
 
-URL = "https://dev.thegux.fr"
+URL = os.getenv("SIMPLE_AUTH_URL", "http://127.0.0.1:5555")
+PUB_KEY_PATH = os.getenv("SIMPLE_AUTH_PUB_KEY", "")
 
 
 class TestResponse(TestCase):
-    def test_get_target(self):
+    def setUp(self):
+        with open(PUB_KEY_PATH, "r") as f:
+            self.pub_key = f.read()
+
+    def test_get_target(self, pubkey=None):
         resp = requests.post(
-            URL + "/get/", json={"username": "toto", "password": "tata"}
+            URL + "/get/", json={"email": "toto@toto.fr", "password": "tata"}
         )
         self.assertEqual(resp.status_code, 200, "bad status code returned")
         self.assertIsNotNone(resp.json(), "response data can't be empty")
 
-        token = resp.json()["token"]
+        token = resp.json()["access_token"]
-        jwt_decoded = jwt.decode(token, options={"verify_signature": False})
+        jwt_decoded = jwt.decode(
+            token,
+            pubkey or self.pub_key,
+            algorithms=["RS384"],
+            options={
+                "verify_signature": True,
+                "verify_claims": True,
+                "verify_iss": True,
+            },
+        )
         self.assertEqual("thegux.fr", jwt_decoded["iss"])
+        self.assertEqual("toto@toto.fr", jwt_decoded["email"])
 
         jwt_exp = datetime.fromtimestamp(jwt_decoded["exp"])
         jwt_iat = datetime.fromtimestamp(jwt_decoded["iat"])
         date_exp = datetime.strptime(str(jwt_exp - jwt_iat), "%H:%M:%S")
         self.assertEqual(2, date_exp.hour)
+        return token
 
-    def test_validate_target(self):
+    def test_validate_target_no_token(self):
         resp = requests.post(
-            URL + "/validate/", json={"username": "toto", "password": "tata"}
+            URL + "/validate/", json={"username": "toto@toto.fr", "password": "tata"}
         )
         self.assertEqual(resp.status_code, 200, "bad status code returned")
         self.assertIsNotNone(resp.json(), "response data can't be empty")
+        self.assertEqual(resp.json()["valid"], False, "bad status returned")
+        self.assertEqual(resp.json()["reason"], "no token provided in the request body")
+
+    def test_validate_target_empty_token(self):
+        resp = requests.post(URL + "/validate/", json={"tutu": "tutu", "token": ""})
+        self.assertEqual(resp.status_code, 200, "bad status code returned")
+        self.assertIsNotNone(resp.json(), "response data can't be empty")
+        self.assertEqual(resp.json()["valid"], False, "bad status returned")
         self.assertEqual(
-            resp.json()["token"], "header.payload.signature", "bad status returned"
+            resp.json()["reason"],
+            "token validation failed details=JWT compact encoding error",
         )
 
-    # TODO: must be updated after implmenting `/refresh/` url handler
+    def test_validate_target(self):
+        token = self.test_get_target()
+
+        resp = requests.post(URL + "/validate/", json={"token": token})
+        self.assertEqual(resp.status_code, 200, "bad status code returned")
+        self.assertIsNotNone(resp.json(), "response data can't be empty")
+        self.assertEqual(resp.json()["valid"], True, "bad status returned")
+
+    # TODO: must be updated after implementing `/refresh/` url handler
     def test_refresh_target(self):
         resp = requests.post(
             URL + "/refresh/", json={"username": "toto", "password": "tata"}
@@ -44,7 +78,7 @@ class TestResponse(TestCase):
         self.assertIsNotNone(resp.json(), "response data can't be empty")
         self.assertEqual(
             resp.json()["error"],
-            "the url requested does not exist",
+            "url not found",
             "bad status returned",
         )
 
@@ -54,19 +88,17 @@ class TestResponse(TestCase):
         self.assertIsNotNone(resp.json(), "response data must not be empty")
         self.assertEqual(
             resp.json()["error"],
-            "the incoming request is not valid",
+            "bad request",
             "invalid error message returned",
         )
 
     def test_bad_credentials(self):
-        resp = requests.post(
+        resp = requests.post(URL + "/get/", json={"email": "tutu", "password": "titi"})
-            URL + "/get/", json={"username": "tutu", "password": "titi"}
+        self.assertEqual(resp.status_code, 403, "bad status code returned")
-        )
-        self.assertEqual(resp.status_code, 403, "bas status code returned")
         self.assertIsNotNone(resp.json(), "response data must not be empty")
         self.assertEqual(
             resp.json()["error"],
-            "invalid credentials",
+            "url forbidden",
             "invalid error message returned",
         )
 
@@ -78,6 +110,29 @@ class TestResponse(TestCase):
         self.assertIsNotNone(resp.json(), "response data must not be empty")
         self.assertEqual(
             resp.json()["error"],
-            "the url requested does not exist",
+            "url not found",
+            "invalid error message returned",
+        )
+
+    def test_get_pubkey(self):
+        resp = requests.get(URL + "/pubkey/")
+        self.assertEqual(resp.status_code, 200, "bad status code returned")
+        self.assertIsNotNone(resp.json(), "response data must not be empty")
+        self.assertIsNotNone(resp.json()["pubkey"], "invalid error message returned")
+
+        b64_pubkey = base64.b64decode(resp.json()["pubkey"])
+        self.assertIsNotNone(b64_pubkey, "public key b64 decoded can't be empty")
+        b64_pubkey_decoded = b64_pubkey.decode()
+        self.assertIn("-BEGIN PUBLIC KEY-", b64_pubkey_decoded)
+
+        self.test_get_target(b64_pubkey_decoded)
+
+    def test_get_pubkey_bad_method(self):
+        resp = requests.post(URL + "/pubkey/", json={"tutu": "toto"})
+        self.assertEqual(resp.status_code, 400, "bad status code returned")
+        self.assertIsNotNone(resp.json(), "response data must not be empty")
+        self.assertEqual(
+            resp.json()["error"],
+            "bad request",
             "invalid error message returned",
         )