Skip to content

Commit 666acff

Browse files
RandoooomRandoooom
committed
fix: error handler
1 parent d7d9a24 commit 666acff

File tree

2 files changed

+41
-1
lines changed

2 files changed

+41
-1
lines changed

src/main.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,7 @@ async fn main() {
101101
authority.spawn_refresh(Duration::from_secs(60 * 60 * 6));
102102
let authorizer = Oauth2Authorizer::new()
103103
.with_claims::<OIDCClaims>()
104-
.with_verbose_error_handler();
104+
.with_error_handler(OIDCErrorHandler::from(authority.clone()));
105105

106106
let service = FeedbackFusionV1Context {
107107
connection: connection.clone(),

src/services/oidc.rs

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ use aliri::{
3030
};
3131
use aliri_clock::UnixTime;
3232
use aliri_oauth2::{Authority, HasScope, Scope};
33+
use aliri_tower::OnJwtError;
3334
use openidconnect::{
3435
core::{CoreJwsSigningAlgorithm, CoreProviderMetadata},
3536
IssuerUrl,
@@ -38,6 +39,8 @@ use serde::{
3839
de::{MapAccess, Visitor},
3940
Deserializer,
4041
};
42+
use tokio::runtime::Handle;
43+
use tonic::{body::BoxBody, Status};
4144

4245
pub async fn authority() -> Result<Authority> {
4346
// sadly aliri does not support oidc yet, so we have to do the config stuff manually :(((((
@@ -256,3 +259,40 @@ where
256259
self.0.call(req)
257260
}
258261
}
262+
263+
#[derive(Clone)]
264+
pub struct OIDCErrorHandler {
265+
authority: Authority,
266+
}
267+
268+
impl From<Authority> for OIDCErrorHandler {
269+
fn from(authority: Authority) -> Self {
270+
Self { authority }
271+
}
272+
}
273+
274+
impl OnJwtError for OIDCErrorHandler {
275+
type Body = BoxBody;
276+
277+
fn on_jwt_invalid(
278+
&self,
279+
_error: aliri::error::JwtVerifyError,
280+
) -> opentelemetry_http::Response<Self::Body> {
281+
warn!("Received request with invalid jwt!");
282+
283+
Status::unauthenticated("unauthenticated").into_http()
284+
}
285+
286+
fn on_no_matching_jwk(&self) -> opentelemetry_http::Response<Self::Body> {
287+
warn!("No matching jwk for request found, refreshing jwks...");
288+
289+
let handle = Handle::current();
290+
handle.block_on(async { self.authority.refresh().await.ok() });
291+
292+
Status::unauthenticated("unauthenticated").into_http()
293+
}
294+
295+
fn on_missing_or_malformed(&self) -> opentelemetry_http::Response<Self::Body> {
296+
Status::unauthenticated("unauthenticated").into_http()
297+
}
298+
}

0 commit comments

Comments
 (0)