[dtokenz] Add timeout to interactive auth (#4)

Originally, the "interactive" flag was only intended for foregrounded processes, so timing out the interactive authentication was intended to be done from the calling application. This isn't always desired, and if a user closes the opened tab on a background process, the background process will just hang forever, both holding the port open, and also not making any progress.

This just adds a configurable timeout with a default of two minutes, after which the process will return an error and the server will shutdown

Author: nataliejameson

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "dtokenz"
-version = "0.2.0"
+version = "0.3.0"
 edition = "2024"
 
 license = "MIT"

Cargo.toml

@@ -18,7 +18,7 @@ use base64::Engine;
 use futures::future::BoxFuture;
 use futures::{FutureExt, TryFutureExt};
 use google_cloud_auth::credentials::Credentials;
-use itertools::Itertools;
+use itertools::{Either, Itertools};
 use rand::Rng;
 use sha2::Digest;
 use std::fmt::{Debug, Formatter};
@@ -469,7 +469,31 @@ impl AuthorizedUser {
         }
 
         // Wait for the auth code
-        let auth_code = rx.await.context("Failed to receive auth code")??;
+        let timeout_handle = tokio::time::sleep(config.interactive_auth_timeout);
+
+        let callback_result = tokio::select! {
+            _ = timeout_handle => {
+                Either::Left(config.interactive_auth_timeout)
+            },
+            res = rx => {
+                Either::Right(res)
+            }
+        };
+        let auth_code = match callback_result {
+            Either::Right(res) => res.context("Failed to receive auth code")??,
+            Either::Left(timeout) => {
+                // Shutdown of the webserver is handled by the scopeguard above.
+                write_message_to_user(&format!(
+                    "Authentication operation timed out after {} seconds",
+                    timeout.as_secs()
+                ));
+
+                return Err(anyhow::anyhow!(
+                    "Authentication timed out after {} seconds",
+                    timeout.as_secs()
+                ));
+            }
+        };
 
         // Exchange the code for a token
         let client = reqwest::Client::new();

src/authorized_user.rs

@@ -19,6 +19,10 @@ pub struct DtokenzConfig {
     ///
     /// Defaults to [`crate::authorized_user::default_oauth_callback_handler`]
     pub oauth_callback_handler: OAuthCallback,
+    /// How long to wait for a user to complete the interactive authentication flow before aborting.
+    ///
+    /// Defaults to 2 minutes.
+    pub interactive_auth_timeout: std::time::Duration,
 }
 
 impl Default for DtokenzConfig {
@@ -27,6 +31,7 @@ impl Default for DtokenzConfig {
             interactive: true,
             interactive_auth_message: None,
             oauth_callback_handler: crate::authorized_user::default_oauth_callback_handler.into(),
+            interactive_auth_timeout: std::time::Duration::from_mins(2),
         }
     }
 }