rubenrosario/task_app_rust
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: replace manual OAuth with yup-oauth2 InstalledFlowAuthenticator

Browse Source
This commit is contained in:
Ruben Rosario
2026-06-21 10:03:34 +01:00
parent 469c30084d
commit f3e5ac0789
1 changed files with 63 additions and 270 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/infrastructure/api.rs
+63 -270
View File
@@ -1,221 +1,98 @@
use std::io::{BufRead, BufReader, Write};
use std::net::TcpListener;
use std::path::PathBuf; use std::path::PathBuf;
use std::sync::Arc;
use chrono::{DateTime, Utc};
use reqwest::Client; use reqwest::Client;
use serde::{Deserialize, Serialize}; use yup_oauth2::{InstalledFlowAuthenticator, InstalledFlowReturnMethod, ApplicationSecret};
use tokio::sync::Mutex;
use url::Url;
use crate::domain::models::*; use crate::domain::models::*;
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OAuthToken {
pub access_token: String,
pub refresh_token: Option<String>,
pub expires_at: Option<DateTime<Utc>>,
}
#[derive(Debug)] #[derive(Debug)]
#[allow(dead_code)]
pub enum ApiError { pub enum ApiError {
Network(String), Network(String),
Auth(String), Auth(String),
Api(String), Api(String),
} }
impl std::fmt::Display for ApiError {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
ApiError::Network(s) => write!(f, "Network error: {}", s),
ApiError::Auth(s) => write!(f, "Auth error: {}", s),
ApiError::Api(s) => write!(f, "API error: {}", s),
}
}
}
impl std::error::Error for ApiError {}
pub struct ApiClient { pub struct ApiClient {
client: Client, client: Client,
client_id: String, authenticator: InstalledFlowAuthenticator,
client_secret: String,
token: Arc<Mutex<Option<OAuthToken>>>,
token_path: PathBuf, token_path: PathBuf,
} }
const SCOPES: &str = "https://www.googleapis.com/auth/tasks"; const SCOPES: &[&str] = &["https://www.googleapis.com/auth/tasks"];
impl ApiClient { impl ApiClient {
pub fn new(client_id: String, client_secret: String) -> Self { pub async fn new(client_id: String, client_secret: String) -> Result<Self, ApiError> {
let token_path = dirs::config_dir() let token_path = dirs::config_dir()
.unwrap_or_else(|| PathBuf::from(".")) .unwrap_or_else(|| PathBuf::from("."))
.join("task_app") .join("task_app")
.join("token.json"); .join("token.json");
Self { if let Some(parent) = token_path.parent() {
client: Client::new(),
client_id,
client_secret,
token: Arc::new(Mutex::new(None)),
token_path,
}
}
pub fn token_file_exists(&self) -> bool {
self.token_path.exists()
&& std::fs::read_to_string(&self.token_path)
.ok()
.and_then(|s| serde_json::from_str::<OAuthToken>(&s).ok())
.is_some()
}
pub async fn load_token(&self) -> Option<OAuthToken> {
let content = std::fs::read_to_string(&self.token_path).ok()?;
serde_json::from_str(&content).ok()
}
pub async fn save_token(&self, token: &OAuthToken) {
if let Some(parent) = self.token_path.parent() {
std::fs::create_dir_all(parent).ok(); std::fs::create_dir_all(parent).ok();
} }
if let Ok(content) = serde_json::to_string_pretty(token) {
std::fs::write(&self.token_path, content).ok(); let secret = ApplicationSecret {
} client_id,
client_secret,
auth_uri: "https://accounts.google.com/o/oauth2/v2/auth".to_string(),
token_uri: "https://oauth2.googleapis.com/token".to_string(),
redirect_uris: vec!["http://127.0.0.1:8080/".to_string()],
client_email: String::new(),
client_x509_cert_url: String::new(),
project_id: String::new(),
..Default::default()
};
let authenticator = InstalledFlowAuthenticator::builder(
secret,
InstalledFlowReturnMethod::HTTPRedirect,
)
.persist_tokens_to_disk(token_path.clone())
.build()
.await
.map_err(|e| ApiError::Auth(format!("Failed to build authenticator: {}", e)))?;
Ok(Self {
client: Client::new(),
authenticator,
token_path,
})
} }
/// Starts the Loopback IP Redirect OAuth flow (RFC 8252). pub fn has_token(&self) -> bool {
/// Returns (auth_url, callback_port) so the app can tell the user self.token_path.exists()
/// to open the URL or open it automatically.
pub async fn start_auth_flow(&self) -> Result<(String, u16), ApiError> {
if self.client_id.is_empty() {
return Err(ApiError::Auth(
"GOOGLE_CLIENT_ID not set".to_string(),
));
}
// Find a free port
let listener = TcpListener::bind("127.0.0.1:0")
.map_err(|e| ApiError::Network(format!("Failed to bind port: {}", e)))?;
let port = listener.local_addr().unwrap().port();
let redirect_uri = format!("http://127.0.0.1:{}/", port);
// Build Google auth URL
let auth_url = format!(
"https://accounts.google.com/o/oauth2/v2/auth?\
response_type=code&\
client_id={}&\
redirect_uri={}&\
scope={}&\
access_type=offline&\
prompt=consent",
urlencoding(&self.client_id),
urlencoding(&redirect_uri),
urlencoding(SCOPES),
);
// Spawn a thread that accepts one connection and parses the code
let client_id = self.client_id.clone();
let client_secret = self.client_secret.clone();
let token = self.token.clone();
let token_path = self.token_path.clone();
std::thread::spawn(move || {
if let Err(e) = handle_oauth_callback(
listener,
&client_id,
&client_secret,
&token,
&token_path,
) {
eprintln!("OAuth callback error: {}", e);
}
});
Ok((auth_url, port))
} }
/// Opens the browser or returns the URL for manual opening pub async fn start_and_wait_for_auth(&self) -> Result<(), ApiError> {
pub fn open_browser(auth_url: &str) -> bool { self.authenticator.token(SCOPES).await.map_err(|e| {
webbrowser::open(auth_url).is_ok() ApiError::Auth(format!("Authorization failed: {}", e))
})?;
Ok(())
} }
/// Polls the in-memory token to see if auth completed async fn get_token(&self) -> Result<String, ApiError> {
pub async fn token_is_ready(&self) -> bool { let token = self
self.token.lock().await.is_some() .authenticator
} .token(SCOPES)
pub async fn refresh_access_token(&self, refresh_token: &str) -> Result<(), ApiError> {
let params = serde_json::json!({
"client_id": self.client_id,
"client_secret": self.client_secret,
"refresh_token": refresh_token,
"grant_type": "refresh_token",
});
let resp = self
.client
.post("https://oauth2.googleapis.com/token")
.json(&params)
.send()
.await .await
.map_err(|e| ApiError::Network(format!("HTTP request failed: {}", e)))?; .map_err(|e| ApiError::Auth(format!("Token error: {}", e)))?;
Ok(token.as_str().to_string())
let status = resp.status();
let data: serde_json::Value = resp
.json()
.await
.map_err(|e| ApiError::Api(format!("Invalid response (status {}): {}", status, e)))?;
if !status.is_success() {
return Err(ApiError::Api(format!(
"Token refresh failed ({}): {:?}",
status, data
)));
}
if let Some(access_token) = data["access_token"].as_str() {
let expires_in = data["expires_in"].as_i64().unwrap_or(3600);
let token = OAuthToken {
access_token: access_token.to_string(),
refresh_token: Some(refresh_token.to_string()),
expires_at: Some(Utc::now() + chrono::Duration::seconds(expires_in)),
};
self.save_token(&token).await;
let mut t = self.token.lock().await;
*t = Some(token);
Ok(())
} else {
Err(ApiError::Auth("Failed to refresh token".to_string()))
}
}
pub async fn ensure_token(&self) -> Result<String, ApiError> {
let mut token = self.token.lock().await;
if let Some(ref t) = *token {
if let Some(expires_at) = t.expires_at {
if Utc::now() < expires_at {
return Ok(t.access_token.clone());
}
}
if let Some(ref refresh) = t.refresh_token {
let refresh_token = refresh.clone();
drop(token);
self.refresh_access_token(&refresh_token).await?;
let t2 = self.token.lock().await;
if let Some(ref t) = *t2 {
return Ok(t.access_token.clone());
}
}
Err(ApiError::Auth(
"Token expired and no refresh token".to_string(),
))
} else if let Some(saved) = self.load_token().await {
*token = Some(saved);
if let Some(ref t) = *token {
Ok(t.access_token.clone())
} else {
Err(ApiError::Auth("No token available".to_string()))
}
} else {
Err(ApiError::Auth("Not authenticated".to_string()))
}
} }
pub async fn fetch_lists(&self) -> Result<Vec<TaskList>, ApiError> { pub async fn fetch_lists(&self) -> Result<Vec<TaskList>, ApiError> {
let token = self.ensure_token().await?; let token = self.get_token().await?;
let resp = self let resp = self
.client .client
@@ -244,7 +121,7 @@ impl ApiClient {
} }
pub async fn fetch_tasks(&self, list_id: &str) -> Result<Vec<Task>, ApiError> { pub async fn fetch_tasks(&self, list_id: &str) -> Result<Vec<Task>, ApiError> {
let token = self.ensure_token().await?; let token = self.get_token().await?;
let url = format!( let url = format!(
"https://tasks.googleapis.com/tasks/v1/lists/{}/tasks?showCompleted=true&showHidden=true", "https://tasks.googleapis.com/tasks/v1/lists/{}/tasks?showCompleted=true&showHidden=true",
@@ -302,7 +179,7 @@ impl ApiClient {
} }
pub async fn create_task(&self, list_id: &str, task: &Task) -> Result<(), ApiError> { pub async fn create_task(&self, list_id: &str, task: &Task) -> Result<(), ApiError> {
let token = self.ensure_token().await?; let token = self.get_token().await?;
let mut body = serde_json::json!({ let mut body = serde_json::json!({
"title": task.title, "title": task.title,
@@ -344,7 +221,7 @@ impl ApiClient {
} }
pub async fn update_task(&self, list_id: &str, task: &Task) -> Result<(), ApiError> { pub async fn update_task(&self, list_id: &str, task: &Task) -> Result<(), ApiError> {
let token = self.ensure_token().await?; let token = self.get_token().await?;
let mut body = serde_json::json!({ let mut body = serde_json::json!({
"title": task.title, "title": task.title,
@@ -387,7 +264,7 @@ impl ApiClient {
} }
pub async fn delete_task(&self, list_id: &str, task_id: &str) -> Result<(), ApiError> { pub async fn delete_task(&self, list_id: &str, task_id: &str) -> Result<(), ApiError> {
let token = self.ensure_token().await?; let token = self.get_token().await?;
let url = format!( let url = format!(
"https://tasks.googleapis.com/tasks/v1/lists/{}/tasks/{}", "https://tasks.googleapis.com/tasks/v1/lists/{}/tasks/{}",
@@ -419,7 +296,7 @@ impl ApiClient {
prev: Option<&str>, prev: Option<&str>,
sibling: Option<&str>, sibling: Option<&str>,
) -> Result<(), ApiError> { ) -> Result<(), ApiError> {
let token = self.ensure_token().await?; let token = self.get_token().await?;
let mut url = format!( let mut url = format!(
"https://tasks.googleapis.com/tasks/v1/lists/{}/tasks/{}/move", "https://tasks.googleapis.com/tasks/v1/lists/{}/tasks/{}/move",
@@ -448,87 +325,3 @@ impl ApiClient {
Ok(()) Ok(())
} }
} }
fn urlencoding(s: &str) -> String {
s.chars()
.map(|c| match c {
'A'..='Z' | 'a'..='z' | '0'..='9' | '-' | '_' | '.' | '~' => c.to_string(),
_ => format!("%{:02X}", c as u8),
})
.collect()
}
fn handle_oauth_callback(
listener: TcpListener,
client_id: &str,
client_secret: &str,
token_storage: &Arc<Mutex<Option<OAuthToken>>>,
token_path: &PathBuf,
) -> Result<(), Box<dyn std::error::Error>> {
let (stream, _) = listener.accept()?;
let mut reader = BufReader::new(&stream);
let mut request_line = String::new();
reader.read_line(&mut request_line)?;
// Parse the GET request to extract the code
let code = request_line
.split_whitespace()
.nth(1)
.and_then(|path| {
let parsed = Url::parse(&format!("http://localhost{}", path)).ok()?;
parsed.query_pairs().find(|(k, _)| k == "code")?.1.to_string().into()
});
let reply = if let Some(ref _code) = code {
// Send success response to browser
"HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n\r\n<html><body><h1>Authorized!</h1><p>You can close this tab and return to the terminal.</p></body></html>"
} else {
"HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\n\r\n<html><body><h1>Authorization failed</h1><p>No code received.</p></body></html>"
};
let mut response = stream.try_clone()?;
response.write_all(reply.as_bytes())?;
response.flush()?;
if let Some(auth_code) = code {
// Exchange code for token
let rt = tokio::runtime::Runtime::new()?;
rt.block_on(async move {
let client = Client::new();
let params = serde_json::json!({
"client_id": client_id,
"client_secret": client_secret,
"code": auth_code,
"redirect_uri": format!("http://127.0.0.1:{}/", listener.local_addr().unwrap().port()),
"grant_type": "authorization_code",
});
if let Ok(resp) = client
.post("https://oauth2.googleapis.com/token")
.json(&params)
.send()
.await
{
if let Ok(data) = resp.json::<serde_json::Value>().await {
if let Some(access_token) = data["access_token"].as_str() {
let expires_in = data["expires_in"].as_i64().unwrap_or(3600);
let oauth_token = OAuthToken {
access_token: access_token.to_string(),
refresh_token: data["refresh_token"].as_str().map(|s| s.to_string()),
expires_at: Some(Utc::now() + chrono::Duration::seconds(expires_in)),
};
if let Ok(content) = serde_json::to_string_pretty(&oauth_token) {
std::fs::write(token_path, content).ok();
}
let mut t = token_storage.lock().await;
*t = Some(oauth_token);
}
}
}
});
}
Ok(())
}