26540494363

pub(crate) mod account_bearer_token;
#[cfg(assets)]
pub(crate) mod assets;
pub(crate) mod cors;
pub(crate) mod custom_mime_types;
pub(crate) mod error;
pub(crate) mod extract;
pub(crate) mod http_metrics;
pub(crate) mod oauth2;
pub(crate) mod session_store;

use crate::{
    clients::{Auth0Client, HttpClient},
    routes::{axum_routes, health_check},
    Config, Crypter, Db, FeatureFlags,
};
use axum::{
    body::Body,
    extract::{DefaultBodyLimit, FromRef},
    http::{header, HeaderValue, Request},
    routing,
};
use cors::axum_cors_layer;
use http_metrics::HttpMetrics;
use oauth2::OauthClient;
use session_store::axum_session_layer;
use std::sync::Arc;
use tower::ServiceBuilder;
use tower_http::{
    compression::CompressionLayer, set_header::SetResponseHeaderLayer, trace::TraceLayer,
};

pub use error::Error;

/// Shared state for the Axum application.
#[derive(Clone, Debug)]
pub struct AxumAppState {
    pub(crate) db: Db,
    pub(crate) config: Arc<Config>,
    pub(crate) auth0_client: Auth0Client,
    pub(crate) oauth_client: OauthClient,
    pub(crate) crypter: Crypter,
    pub(crate) feature_flags: FeatureFlags,
    pub(crate) client: HttpClient,
}

impl FromRef<AxumAppState> for Db {
    fn from_ref(state: &AxumAppState) -> Self {
        state.db.clone()
    }
}

impl FromRef<AxumAppState> for Arc<Config> {
    fn from_ref(state: &AxumAppState) -> Self {
        state.config.clone()
    }
}

impl FromRef<AxumAppState> for Auth0Client {
    fn from_ref(state: &AxumAppState) -> Self {
        state.auth0_client.clone()
    }
}

impl FromRef<AxumAppState> for OauthClient {
    fn from_ref(state: &AxumAppState) -> Self {
        state.oauth_client.clone()
    }
}

impl FromRef<AxumAppState> for Crypter {
    fn from_ref(state: &AxumAppState) -> Self {
        state.crypter.clone()
    }
}

impl FromRef<AxumAppState> for FeatureFlags {
    fn from_ref(state: &AxumAppState) -> Self {
        state.feature_flags
    }
}

impl FromRef<AxumAppState> for HttpClient {
    fn from_ref(state: &AxumAppState) -> Self {
        state.client.clone()
    }
}

/// 1 MiB — this JSON API never needs bodies larger than this under normal operation.
const MAX_REQUEST_BODY_SIZE: usize = 1024 * 1024;

/// The result of [`build_app`]: an Axum router ready to serve, plus the
/// shared state that callers (e.g. the queue) need.
#[derive(Debug)]
pub struct BuiltApp {
    pub router: axum::Router,
    pub db: Db,
    pub config: Arc<Config>,
}

/// Build the Axum application router and connect to the database.
pub async fn build_app(config: Config) -> BuiltApp {
    let config = Arc::new(config);
    let db = Db::connect(config.database_url.as_ref()).await;

    let auth0_client = Auth0Client::new(&config);
    let axum_state = AxumAppState {
        db: db.clone(),
        config: config.clone(),
        auth0_client,
        oauth_client: OauthClient::new(&config.oauth_config()),
        crypter: config.crypter.clone(),
        feature_flags: config.feature_flags(),
        client: config.client.clone(),
    };

    let middleware = ServiceBuilder::new()
        .layer(axum::middleware::from_fn_with_state(
            HttpMetrics::new(), // instruments are registered once here, then cloned per request
            http_metrics::http_metrics_middleware,
        ))
        .layer(
            TraceLayer::new_for_http().make_span_with(|request: &Request<Body>| {
                let client_ip = request
                    .headers()
                    .get("x-forwarded-for")
                    .and_then(|v| v.to_str().ok())
                    .and_then(|s| s.rsplit(',').next())
                    .map(str::trim);
                let span = tracing::debug_span!(
                    "request",
                    method = %request.method(),
                    uri = %request.uri(),
                    version = ?request.version(),
                    client.address = tracing::field::Empty,
                );
                if let Some(ip) = client_ip {
                    span.record("client.address", ip);
                }
                span
            }),
        )
        .layer(DefaultBodyLimit::max(MAX_REQUEST_BODY_SIZE))
        .layer(CompressionLayer::new())
        .layer(SetResponseHeaderLayer::if_not_present(
            header::CACHE_CONTROL,
            HeaderValue::from_static("private, must-revalidate"),
        ))
        .layer(axum_cors_layer(&config))
        .layer(axum_session_layer(db.clone(), &config.session_secrets));

    #[cfg(feature = "integration-testing")]
    let middleware = middleware.layer(axum::middleware::from_fn(inject_integration_testing_user));

    #[cfg(assets)]
    let middleware = middleware.layer(axum::middleware::from_fn_with_state(
        assets::AssetConfig::new(&config.api_url, &config.app_url),
        assets::serve_assets,
    ));

    let router = axum::Router::new()
        .route("/health", routing::get(health_check))
        .route("/login", routing::get(oauth2::redirect))
        .route("/logout", routing::get(oauth2::logout))
        .route("/callback", routing::get(oauth2::callback))
        .nest("/api", axum_routes::api_router(&axum_state))
        .layer(middleware)
        .with_state(axum_state);

    BuiltApp { router, db, config }
}

/// Axum middleware that injects an admin [`User`](crate::User) into every
/// request that doesn't already have one in extensions.
///
/// Only compiled under `--features integration-testing` (enabled by
/// `compose.dev.override.yaml`). Never compiled into deployed builds.
#[cfg(feature = "integration-testing")]
async fn inject_integration_testing_user(
    mut request: axum::extract::Request,
    next: axum::middleware::Next,
) -> axum::response::Response {
    if request.extensions().get::<crate::User>().is_none() {
        request
            .extensions_mut()
            .insert(crate::User::for_integration_testing());
    }
    next.run(request).await
}

1	pub(crate) mod account_bearer_token;
2	#[cfg(assets)]
3	pub(crate) mod assets;
4	pub(crate) mod cors;
5	pub(crate) mod custom_mime_types;
6	pub(crate) mod error;
7	pub(crate) mod extract;
8	pub(crate) mod http_metrics;
9	pub(crate) mod oauth2;
10	pub(crate) mod session_store;
11
12	use crate::{
13	clients::{Auth0Client, HttpClient},
14	routes::{axum_routes, health_check},
15	Config, Crypter, Db, FeatureFlags,
16	};
17	use axum::{
18	body::Body,
19	extract::{DefaultBodyLimit, FromRef},
20	http::{header, HeaderValue, Request},
21	routing,
22	};
23	use cors::axum_cors_layer;
24	use http_metrics::HttpMetrics;
25	use oauth2::OauthClient;
26	use session_store::axum_session_layer;
27	use std::sync::Arc;
28	use tower::ServiceBuilder;
29	use tower_http::{
30	compression::CompressionLayer, set_header::SetResponseHeaderLayer, trace::TraceLayer,
31	};
32
33	pub use error::Error;
34
35	/// Shared state for the Axum application.
36	#[derive(Clone, Debug)]
37	pub struct AxumAppState {
38	pub(crate) db: Db,
39	pub(crate) config: Arc<Config>,
40	pub(crate) auth0_client: Auth0Client,
41	pub(crate) oauth_client: OauthClient,
42	pub(crate) crypter: Crypter,
43	pub(crate) feature_flags: FeatureFlags,
44	pub(crate) client: HttpClient,
45	}
46
47	impl FromRef<AxumAppState> for Db {
48	fn from_ref(state: &AxumAppState) -> Self {	776✔
49	state.db.clone()	776✔
50	}	776✔
51	}
52
53	impl FromRef<AxumAppState> for Arc<Config> {
54	fn from_ref(state: &AxumAppState) -> Self {	3✔
55	state.config.clone()	3✔
56	}	3✔
57	}
58
59	impl FromRef<AxumAppState> for Auth0Client {
60	fn from_ref(state: &AxumAppState) -> Self {	×
61	state.auth0_client.clone()	×
62	}	×
63	}
64
65	impl FromRef<AxumAppState> for OauthClient {
66	fn from_ref(state: &AxumAppState) -> Self {	2✔
67	state.oauth_client.clone()	2✔
68	}	2✔
69	}
70
71	impl FromRef<AxumAppState> for Crypter {
72	fn from_ref(state: &AxumAppState) -> Self {	65✔
73	state.crypter.clone()	65✔
74	}	65✔
75	}
76
77	impl FromRef<AxumAppState> for FeatureFlags {
78	fn from_ref(state: &AxumAppState) -> Self {	20✔
79	state.feature_flags	20✔
80	}	20✔
81	}
82
83	impl FromRef<AxumAppState> for HttpClient {
84	fn from_ref(state: &AxumAppState) -> Self {	65✔
85	state.client.clone()	65✔
86	}	65✔
87	}
88
89	/// 1 MiB — this JSON API never needs bodies larger than this under normal operation.
90	const MAX_REQUEST_BODY_SIZE: usize = 1024 * 1024;
91
92	/// The result of [`build_app`]: an Axum router ready to serve, plus the
93	/// shared state that callers (e.g. the queue) need.
94	#[derive(Debug)]
95	pub struct BuiltApp {
96	pub router: axum::Router,
97	pub db: Db,
98	pub config: Arc<Config>,
99	}
100
101	/// Build the Axum application router and connect to the database.
102	pub async fn build_app(config: Config) -> BuiltApp {	277✔
103	let config = Arc::new(config);	277✔
104	let db = Db::connect(config.database_url.as_ref()).await;	277✔
105
106	let auth0_client = Auth0Client::new(&config);	277✔
107	let axum_state = AxumAppState {	277✔
108	db: db.clone(),	277✔
109	config: config.clone(),	277✔
110	auth0_client,	277✔
111	oauth_client: OauthClient::new(&config.oauth_config()),	277✔
112	crypter: config.crypter.clone(),	277✔
113	feature_flags: config.feature_flags(),	277✔
114	client: config.client.clone(),	277✔
115	};	277✔
116
117	let middleware = ServiceBuilder::new()	277✔
118	.layer(axum::middleware::from_fn_with_state(	277✔
119	HttpMetrics::new(), // instruments are registered once here, then cloned per request	277✔
120	http_metrics::http_metrics_middleware,
121	))
122	.layer(	277✔
123	TraceLayer::new_for_http().make_span_with(\|request: &Request<Body>\| {	278✔
124	let client_ip = request	278✔
125	.headers()	278✔
126	.get("x-forwarded-for")	278✔
127	.and_then(\|v\| v.to_str().ok())	278✔
128	.and_then(\|s\| s.rsplit(',').next())	278✔
129	.map(str::trim);	278✔
130	let span = tracing::debug_span!(	278✔
131	"request",
NEW 132	method = %request.method(),	×
NEW 133	uri = %request.uri(),	×
NEW 134	version = ?request.version(),	×
135	client.address = tracing::field::Empty,
136	);
137	if let Some(ip) = client_ip {	278✔
NEW 138	span.record("client.address", ip);	×
139	}	278✔
140	span	278✔
141	}),	278✔
142	)
143	.layer(DefaultBodyLimit::max(MAX_REQUEST_BODY_SIZE))	277✔
144	.layer(CompressionLayer::new())	277✔
145	.layer(SetResponseHeaderLayer::if_not_present(	277✔
146	header::CACHE_CONTROL,	277✔
147	HeaderValue::from_static("private, must-revalidate"),	277✔
148	))
149	.layer(axum_cors_layer(&config))	277✔
150	.layer(axum_session_layer(db.clone(), &config.session_secrets));	277✔
151
152	#[cfg(feature = "integration-testing")]
153	let middleware = middleware.layer(axum::middleware::from_fn(inject_integration_testing_user));
154
155	#[cfg(assets)]
156	let middleware = middleware.layer(axum::middleware::from_fn_with_state(	277✔
157	assets::AssetConfig::new(&config.api_url, &config.app_url),	277✔
158	assets::serve_assets,
159	));
160
161	let router = axum::Router::new()	277✔
162	.route("/health", routing::get(health_check))	277✔
163	.route("/login", routing::get(oauth2::redirect))	277✔
164	.route("/logout", routing::get(oauth2::logout))	277✔
165	.route("/callback", routing::get(oauth2::callback))	277✔
166	.nest("/api", axum_routes::api_router(&axum_state))	277✔
167	.layer(middleware)	277✔
168	.with_state(axum_state);	277✔
169
170	BuiltApp { router, db, config }	277✔
171	}	277✔
172
173	/// Axum middleware that injects an admin [`User`](crate::User) into every
174	/// request that doesn't already have one in extensions.
175	///
176	/// Only compiled under `--features integration-testing` (enabled by
177	/// `compose.dev.override.yaml`). Never compiled into deployed builds.
178	#[cfg(feature = "integration-testing")]
179	async fn inject_integration_testing_user(
180	mut request: axum::extract::Request,
181	next: axum::middleware::Next,
182	) -> axum::response::Response {
183	if request.extensions().get::<crate::User>().is_none() {
184	request
185	.extensions_mut()
186	.insert(crate::User::for_integration_testing());
187	}
188	next.run(request).await
189	}

divviup / divviup-api / 26540494363

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous