Merge pull request #63 from shield-auth/develop

Develop

.circleci/config.yml

@@ -1,26 +1,48 @@
-# Use the latest 2.1 version of CircleCI pipeline process engine.
-# See: https://circleci.com/docs/configuration-reference
 version: 2.1
 
-# Define a job to be invoked later in a workflow.
-# See: https://circleci.com/docs/configuration-reference/#jobs
 jobs:
-  say-hello:
-    # Specify the execution environment. You can specify an image from Docker Hub or use one of our convenience images from CircleCI's Developer Hub.
-    # See: https://circleci.com/docs/configuration-reference/#executor-job
+  rust-checks:
     docker:
-      - image: cimg/base:stable
-    # Add steps to the job
-    # See: https://circleci.com/docs/configuration-reference/#steps
+      - image: cimg/rust:1.75 # Using CircleCI's Rust image
     steps:
       - checkout
+
+      # Cache dependencies to speed up builds
+      - restore_cache:
+          keys:
+            - cargo-cache-{{ checksum "Cargo.lock" }}
+            - cargo-cache-
+
+      # Install rustfmt and clippy
       - run:
-          name: "Say hello"
-          command: "echo Hello, World!"
+          name: Install Rust Components
+          command: |
+            rustup component add rustfmt
+            rustup component add clippy
+
+      # Check formatting
+      - run:
+          name: Check Formatting
+          command: cargo fmt -- --check
+
+      # Run clippy
+      - run:
+          name: Run Clippy
+          command: cargo clippy -- -D warnings
+
+      # Build project
+      - run:
+          name: Build Project
+          command: cargo build --release
+
+      # Save cache
+      - save_cache:
+          key: cargo-cache-{{ checksum "Cargo.lock" }}
+          paths:
+            - ~/.cargo
+            - target
 
-# Orchestrate jobs using workflows
-# See: https://circleci.com/docs/configuration-reference/#workflows
 workflows:
-  say-hello-workflow:
+  rust-workflow:
     jobs:
-      - say-hello
+      - rust-checks

README.md

@@ -15,9 +15,6 @@
   <a href="https://docs.rs/rust-shield">
     <img alt="crate-docs" src="https://img.shields.io/badge/docs-docs.rs-orange?logo=rust">
   </a>
-  <a href="https://circleci.com/gh/AutomationTank/shield">
-    <img alt="build status" src="https://circleci.com/gh/AutomationTank/shield.svg?style=shield"/>
-  </a>
 </p>
 <p align="center">
   <a href="https://crates.io/crates/rust-shield">
@@ -30,9 +27,16 @@
     <img alt="Twitter Follow" src="https://img.shields.io/twitter/follow/shield_auth">
   </a>
 </p>
+<p align="center">
+  <a href="https://dl.circleci.com/status-badge/redirect/circleci/PKLAPqiFRA5ffRQTi5dtfY/HvBHutnD43T9HBYcqAWgD4/tree/trunk">
+    <img src="https://img.shields.io/circleci/build/gh/shield-auth/shield/trunk?label=CircleCi:+trunk" alt="CircleCI">
+  </a>
+  <a href="https://dl.circleci.com/status-badge/redirect/circleci/PKLAPqiFRA5ffRQTi5dtfY/HvBHutnD43T9HBYcqAWgD4/tree/develop">
+    <img src="https://img.shields.io/circleci/build/gh/shield-auth/shield/develop?label=CircleCi:+develop" alt="CircleCI">
+  </a>
+</p>
 <!-- markdownlint-restore -->
 
-
 <p align="center">
   <img src="https://raw.githubusercontent.com/AutomationTank/shield/trunk/assets/images/shield-hero.png" alt="Shield Hero" style="border-radius: 16px;"/>
 </p>

entity/src/middlewares/client.rs

@@ -38,11 +38,8 @@ impl ActiveModelBehavior for client::ActiveModel {
                 .unwrap_or(0);
 
             // Add the new/updated client's max_concurrent_sessions to the total
-            match self.max_concurrent_sessions {
-                ActiveValue::Set(max_concurrent_sessions) => {
-                    total_sessions += max_concurrent_sessions;
-                }
-                _ => {}
+            if let ActiveValue::Set(max_concurrent_sessions) = self.max_concurrent_sessions {
+                total_sessions += max_concurrent_sessions;
             }
 
             // Check if total exceeds the realm's max_concurrent_sessions
@@ -55,45 +52,36 @@ impl ActiveModelBehavior for client::ActiveModel {
         }
 
         // Check session_lifetime
-        match self.session_lifetime {
-            ActiveValue::Set(session_lifetime) => {
-                if session_lifetime > realm.session_lifetime {
-                    return Err(DbErr::Custom(format!(
-                        "Client session_lifetime ({}) exceeds the realm's limit ({})",
-                        self.session_lifetime.as_ref(),
-                        &realm.session_lifetime
-                    )));
-                }
+        if let ActiveValue::Set(session_lifetime) = self.session_lifetime {
+            if session_lifetime > realm.session_lifetime {
+                return Err(DbErr::Custom(format!(
+                    "Client session_lifetime ({}) exceeds the realm's limit ({})",
+                    self.session_lifetime.as_ref(),
+                    &realm.session_lifetime
+                )));
             }
-            _ => {}
         }
 
         // // Check refresh_token_lifetime
-        match self.refresh_token_lifetime {
-            ActiveValue::Set(refresh_token_lifetime) => {
-                if refresh_token_lifetime > realm.refresh_token_lifetime {
-                    return Err(DbErr::Custom(format!(
-                        "Client refresh_token_lifetime ({}) exceeds the realm's limit ({})",
-                        self.refresh_token_lifetime.as_ref(),
-                        &realm.refresh_token_lifetime
-                    )));
-                }
+        if let ActiveValue::Set(refresh_token_lifetime) = self.refresh_token_lifetime {
+            if refresh_token_lifetime > realm.refresh_token_lifetime {
+                return Err(DbErr::Custom(format!(
+                    "Client refresh_token_lifetime ({}) exceeds the realm's limit ({})",
+                    self.refresh_token_lifetime.as_ref(),
+                    &realm.refresh_token_lifetime
+                )));
             }
-            _ => {}
         }
 
         // // Check refresh_token_reuse_limit
-        match self.refresh_token_reuse_limit {
-            ActiveValue::Set(refresh_token_reuse_limit) => {
-                if refresh_token_reuse_limit > realm.refresh_token_reuse_limit {
-                    return Err(DbErr::Custom(format!(
-                        "Client refresh_token_reuse_limit ({}) exceeds the realm's limit ({})",
-                        self.refresh_token_reuse_limit.as_ref(),
-                        &realm.refresh_token_reuse_limit
-                    )));
-                }
+        if let ActiveValue::Set(refresh_token_reuse_limit) = self.refresh_token_reuse_limit {
+            if refresh_token_reuse_limit > realm.refresh_token_reuse_limit {
+                return Err(DbErr::Custom(format!(
+                    "Client refresh_token_reuse_limit ({}) exceeds the realm's limit ({})",
+                    self.refresh_token_reuse_limit.as_ref(),
+                    &realm.refresh_token_reuse_limit
+                )));
             }
-            _ => {}
         }
 
         Ok(self)

entity/src/utils/mod.rs

@@ -10,5 +10,5 @@ pub fn check_locked_at_constraint(locked_at: &Option<sea_orm::sqlx::types::chron
             return Err(DbErr::Custom("Cannot lock the client".to_owned()));
         }
     }
-    return Ok(());
+    Ok(())
 }

src/handlers/auth.rs

@@ -153,7 +153,7 @@ pub async fn register(
         let user = insert_user(&state.db, realm_id, client_id, payload).await?;
         Ok(Json(user))
     } else {
-        return Err(Error::Authenticate(AuthenticateError::ActionForbidden));
+        Err(Error::Authenticate(AuthenticateError::ActionForbidden))
     }
 }
 

src/handlers/client/mod.rs

@@ -46,7 +46,7 @@ pub async fn get_client(
         let client = get_client_by_id(&state.db, client_id).await?;
         match client {
             Some(client) => Ok(Json(client)),
-            None => return Err(Error::Authenticate(AuthenticateError::NoResource)),
+            None => Err(Error::Authenticate(AuthenticateError::NoResource)),
         }
     } else {
         Err(Error::Authenticate(AuthenticateError::ActionForbidden))

src/handlers/realm.rs

@@ -30,20 +30,18 @@ pub async fn get_realms(user: TokenUser, Extension(state): Extension<Arc<AppStat
         return Ok(Json(realms));
     }
 
-    return Err(Error::Authenticate(AuthenticateError::NoResource));
+    Err(Error::Authenticate(AuthenticateError::NoResource))
 }
 
 pub async fn get_realm(user: TokenUser, Extension(state): Extension<Arc<AppState>>, Path(realm_id): Path<Uuid>) -> Result<Json<realm::Model>, Error> {
     if is_master_realm_admin(&user) || is_current_realm_admin(&user, &realm_id.to_string()) {
         let fetched_realm = get_realm_by_id(&state.db, realm_id).await?;
         match fetched_realm {
             Some(fetched_realm) => Ok(Json(fetched_realm)),
-            None => {
-                return Err(Error::not_found());
-            }
+            None => Err(Error::not_found()),
         }
     } else {
-        return Err(Error::Authenticate(AuthenticateError::NoResource));
+        Err(Error::Authenticate(AuthenticateError::NoResource))
     }
 }
 

src/handlers/user.rs

@@ -45,7 +45,7 @@ pub async fn get_user(
         let user = user::Entity::find_by_id(user_id).one(&state.db).await?;
         match user {
             Some(user) => Ok(Json(user)),
-            None => return Err(Error::Authenticate(AuthenticateError::NoResource)),
+            None => Err(Error::Authenticate(AuthenticateError::NoResource)),
         }
     } else {
         Err(Error::Authenticate(AuthenticateError::NoResource))
@@ -100,7 +100,7 @@ pub async fn get_resource_group(
         let resource_group = resource_group::Entity::find_by_id(resource_group_id).one(&state.db).await?;
         match resource_group {
             Some(resource_group) => Ok(Json(resource_group)),
-            None => return Err(Error::not_found()),
+            None => Err(Error::not_found()),
         }
     } else {
         Err(Error::Authenticate(AuthenticateError::ActionForbidden))

src/packages/admin.rs

@@ -21,10 +21,8 @@ use super::{db::AppState, errors::Error};
 
 pub async fn setup(state: &AppState) -> Result<bool, TransactionError<Error>> {
     info!("Checking ADMIN availability!");
-    let is_admin_user_exists = user::Entity::find()
-        .filter(user::Column::Email.eq(&SETTINGS.read().admin.email))
-        .one(&state.db)
-        .await?;
+    let admin_email = SETTINGS.read().admin.email.clone();
+    let is_admin_user_exists = user::Entity::find().filter(user::Column::Email.eq(admin_email)).one(&state.db).await?;
 
     if is_admin_user_exists.is_some() {
         info!("DB has been already initialized!");

src/packages/api_token.rs

@@ -57,13 +57,10 @@ impl ApiTokenUser {
             return Err(Error::Authenticate(AuthenticateError::InvalidApiCredentials));
         }
 
-        match api_user.locked_at {
-            Some(locked_at) => {
-                if locked_at.timestamp() <= chrono::Local::now().timestamp() {
-                    return Err(Error::Authenticate(AuthenticateError::InvalidApiCredentials));
-                }
+        if let Some(locked_at) = api_user.locked_at {
+            if locked_at.timestamp() <= chrono::Local::now().timestamp() {
+                return Err(Error::Authenticate(AuthenticateError::InvalidApiCredentials));
             }
-            None => {}
         }
 
         if api_user.secret != secret {

src/packages/db.rs

@@ -11,8 +11,8 @@ pub struct AppState {
 }
 
 pub async fn get_db_connection_pool() -> Result<AppState, DbErr> {
-    let uri = &SETTINGS.read().database.uri;
-    let db_name = &SETTINGS.read().database.name;
+    let uri = SETTINGS.read().database.uri.clone();
+    let db_name = SETTINGS.read().database.name.clone();
     let connection_string = format!("{}/{}", uri, db_name);
 
     let mut opts = ConnectOptions::new(&connection_string);