+34 -7

who-am-i/src/server.rs

reviewed

··· 7 7 header::{CONTENT_SECURITY_POLICY, CONTENT_TYPE, HeaderMap, REFERER, X_FRAME_OPTIONS}, 8 8 }, 9 9 response::{IntoResponse, Json, Redirect, Response}, 10 10 - routing::get, 10 10 + routing::{get, post}, 11 11 }; 12 12 use axum_extra::extract::cookie::{Cookie, Key, SameSite, SignedCookieJar}; 13 13 use axum_template::{RenderHtml, engine::Engine}; ··· 85 85 .route("/user-info", get(user_info)) 86 86 .route("/auth", get(start_oauth)) 87 87 .route("/authorized", get(complete_oauth)) 88 88 + .route("/disconnect", post(disconnect)) 88 89 .with_state(state); 89 90 90 91 let listener = TcpListener::bind("0.0.0.0:9997") ··· 98 99 } 99 100 100 101 async fn hello( 101 101 - State(AppState { engine, .. }): State<AppState>, 102 102 + State(AppState { 103 103 + engine, 104 104 + resolve_handles, 105 105 + shutdown, 106 106 + oauth, 107 107 + .. 108 108 + }): State<AppState>, 102 109 mut jar: SignedCookieJar, 103 110 ) -> Response { 104 104 - // push expiry (or clean up) the current cookie 105 105 - if let Some(did) = jar.get(DID_COOKIE_KEY) { 111 111 + let info = if let Some(did) = jar.get(DID_COOKIE_KEY) { 106 112 if let Ok(did) = Did::new(did.value_trimmed().to_string()) { 113 113 + // push cookie expiry 107 114 jar = jar.add(cookie(&did)); 115 115 + let fetch_key = resolve_handles.dispatch( 116 116 + { 117 117 + let oauth = oauth.clone(); 118 118 + let did = did.clone(); 119 119 + async move { oauth.resolve_handle(did.clone()).await } 120 120 + }, 121 121 + shutdown.child_token(), 122 122 + ); 123 123 + json!({ 124 124 + "did": did, 125 125 + "fetch_key": fetch_key, 126 126 + }) 108 127 } else { 109 128 jar = jar.remove(DID_COOKIE_KEY); 129 129 + json!({}) 110 130 } 111 111 - } 131 131 + } else { 132 132 + json!({}) 133 133 + }; 112 134 let frame_headers = [ 113 135 (X_FRAME_OPTIONS, "deny"), 114 136 (CONTENT_SECURITY_POLICY, "frame-ancestors 'none'"), 115 137 ]; 116 116 - (frame_headers, jar, RenderHtml("hello", engine, json!({}))).into_response() 138 138 + (frame_headers, jar, RenderHtml("hello", engine, info)).into_response() 117 139 } 118 140 119 141 async fn css() -> impl IntoResponse { ··· 179 201 (X_FRAME_OPTIONS, format!("allow-from {parent_origin}")), 180 202 ( 181 203 CONTENT_SECURITY_POLICY, 182 182 - format!("frame-ancestors {parent_host}"), 204 204 + format!("frame-ancestors {parent_origin}"), 183 205 ), 184 206 ]; 185 207 ··· 362 384 }); 363 385 (jar, RenderHtml("authorized", engine, info)).into_response() 364 386 } 387 387 + 388 388 + async fn disconnect(jar: SignedCookieJar) -> impl IntoResponse { 389 389 + let jar = jar.remove(DID_COOKIE_KEY); 390 390 + (jar, Json(json!({ "ok": true }))) 391 391 + }

+5 -1

who-am-i/static/style.css

reviewed

··· 136 136 } 137 137 138 138 #connect, 139 139 - #allow { 139 139 + #allow, 140 140 + #revoke { 140 141 background: transparent; 141 142 border: none; 142 143 border-left: 1px solid #bbb; ··· 144 145 color: #375; 145 146 font: inherit; 146 147 cursor: pointer; 148 148 + } 149 149 + #revoke { 150 150 + color: #a31; 147 151 } 148 152 #action:hover #allow { 149 153 color: #285;

+68 -3

who-am-i/templates/hello.hbs

reviewed

··· 1 1 {{#*inline "description"}}A little identity-verifying auth service for microcosm demos{{/inline}} 2 2 3 3 {{#*inline "main"}} 4 4 - <div class="mini-content"> 5 5 - This is a little identity-verifying service for microcosm demos. 6 6 - </div> 4 4 + <div class="mini-content"> 5 5 + This is a little identity-verifying service for microcosm demos. 6 6 + 7 7 + {{#if did}} 8 8 + <p id="error-message" class="hidden"></p> 9 9 + 10 10 + <p id="prompt" class="detail"> 11 11 + Connected identity: 12 12 + </p> 13 13 + 14 14 + <div id="loader"> 15 15 + <span class="spinner"></span> 16 16 + </div> 17 17 + 18 18 + <div id="user-info"> 19 19 + <div id="handle-action" class="action"> 20 20 + <span id="handle-view" class="handle"></span> 21 21 + <button id="revoke">disconnect</button> 22 22 + </div> 23 23 + </div> 24 24 + <script> 25 25 + const errorEl = document.getElementById('error-message'); 26 26 + const loaderEl = document.getElementById('loader'); 27 27 + const handleViewEl = document.getElementById('handle-view'); 28 28 + const revokeEl = document.getElementById('revoke'); // for known-did 29 29 + 30 30 + function err(e, msg) { 31 31 + loaderEl.classList.add('hidden'); 32 32 + errorEl.classList.remove('hidden'); 33 33 + errorEl.textContent = msg || e; 34 34 + throw new Error(e); 35 35 + } 36 36 + 37 37 + // already-known user 38 38 + ({{{json did}}}) && (async () => { 39 39 + 40 40 + const handle = await lookUp({{{json fetch_key}}}); 41 41 + console.log('got handle', handle); 42 42 + 43 43 + loaderEl.classList.add('hidden'); 44 44 + handleViewEl.textContent = `@${handle}`; 45 45 + revokeEl.addEventListener('click', async () => { 46 46 + try { 47 47 + let res = await fetch('/disconnect', { method: 'POST', credentials: 'include' }); 48 48 + if (!res.ok) throw res; 49 49 + } catch (e) { 50 50 + err(e, 'failed to clear session, sorry'); 51 51 + } 52 52 + window.location.reload(); 53 53 + }); 54 54 + })(); 55 55 + 56 56 + async function lookUp(fetch_key) { 57 57 + const user_info = new URL('/user-info', window.location); 58 58 + user_info.searchParams.set('fetch-key', fetch_key); 59 59 + let info; 60 60 + try { 61 61 + const resp = await fetch(user_info); 62 62 + if (!resp.ok) throw resp; 63 63 + info = await resp.json(); 64 64 + } catch (e) { 65 65 + err(e, 'failed to resolve handle from DID') 66 66 + } 67 67 + return info.handle; 68 68 + } 69 69 + </script> 70 70 + {{/if}} 71 71 + </div> 7 72 {{/inline}} 8 73 9 74 {{#> base-full}}{{/base-full}}