More permission rework

oxidecomputer · Mar 23, 2024 · e8442cf · e8442cf
1 parent 7f9032e
commit e8442cf
Show file tree

Hide file tree

Showing 26 changed files with 1,283 additions and 1,173 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,7 +1,7 @@
 [workspace]
 members = [
-  "v-api", "v-api-installer",
-  "v-api-permissions",
+  "v-api",
+  "v-api-installer",
   "v-model",
 ]
 resolver = "2"
@@ -40,6 +40,7 @@ md-5 = "0.10.6"
 mime_guess = "2.0.4"
 mockall = "0.12.1"
 newline-converter = "0.3.0"
+newtype-uuid = { version = "1.0.1", features = ["schemars08", "serde", "v4"] }
 oauth2 = "4.4.2"
 owo-colors = "3.5.0"
 partial-struct = { git = "https://github.com/oxidecomputer/partial-struct" }

diff --git a/v-api-permissions/Cargo.toml b/v-api-permissions/Cargo.toml
diff --git a/v-api/Cargo.toml b/v-api/Cargo.toml
@@ -23,6 +23,7 @@ hyper = { workspace = true }
 hyper-rustls = { workspace = true, features = ["http2"] }
 jsonwebtoken = { workspace = true }
 oauth2 = { workspace = true }
+newtype-uuid = { workspace = true }
 partial-struct = { workspace = true }
 rand = { workspace = true, features = ["std"] }
 rand_core = { workspace = true, features = ["std"] }
@@ -49,7 +50,6 @@ tracing-bunyan-formatter = { workspace = true }
 tracing-slog = { workspace = true }
 tracing-subscriber = { workspace = true, features = ["env-filter", "fmt", "json"] }
 uuid = { workspace = true, features = ["v4", "serde"]  }
-v-api-permissions = { path = "../v-api-permissions" }
 v-model = { path = "../v-model" }
 yup-oauth2 = { workspace = true }
 

diff --git a/v-api/src/authn/jwt.rs b/v-api/src/authn/jwt.rs
@@ -14,13 +14,14 @@ use jsonwebtoken::{
     },
     Algorithm, DecodingKey, Header, Validation,
 };
+use newtype_uuid::TypedUuid;
 use rsa::traits::PublicKeyParts;
 use serde::{Deserialize, Serialize};
 use thiserror::Error;
 use tracing::instrument;
-use uuid::Uuid;
-use v_api_permissions::Permission;
-use v_model::{ApiUser, ApiUserProvider};
+use v_model::{
+    permissions::Permission, AccessTokenId, ApiUser, ApiUserProvider, UserId, UserProviderId,
+};
 
 use crate::{
     config::AsymmetricKey,
@@ -55,12 +56,12 @@ pub struct Jwt {
 pub struct Claims {
     pub iss: String,
     pub aud: String,
-    pub sub: Uuid,
-    pub prv: Uuid,
+    pub sub: TypedUuid<UserId>,
+    pub prv: TypedUuid<UserProviderId>,
     pub scp: Option<Vec<String>>,
     pub exp: i64,
     pub nbf: i64,
-    pub jti: Uuid,
+    pub jti: TypedUuid<AccessTokenId>,
 }
 
 impl Claims {
@@ -82,7 +83,7 @@ impl Claims {
             scp: scope,
             exp: expires_at.timestamp(),
             nbf: Utc::now().timestamp(),
-            jti: Uuid::new_v4(),
+            jti: TypedUuid::new_v4(),
         }
     }
 }