Added documentation and reformatted files

src/auth.rs

@@ -1,16 +1,14 @@
-pub(crate) mod token;
 pub mod auth_extractor;
+pub(crate) mod token;
 
-use axum::Router;
 use crate::auth::token::*;
 use crate::storage::DbPool;
+use axum::Router;
 
-// route prefix: `/auth/token/`
+/// Authentication routes
-// mod token;
-
-// use self::token::token_auth_router;
-
 pub fn auth_router(pool: DbPool) -> Router<DbPool> {
-    Router::new().nest("/token", token_auth_router(pool.clone())).with_state(pool)
+    // The token auth router handles all token-related authentication routes
-    // .nest("/token", token_auth_router())
+    Router::new()
+        .nest("/token", token_auth_router(pool.clone()))
+        .with_state(pool)
 }

src/auth/auth_extractor.rs

@@ -6,12 +6,14 @@ use axum::http::request::Parts;
 use axum::http::{HeaderMap, Request, StatusCode, header};
 use std::fmt::Debug;
 
+/// AuthInfo is an extractor that retrieves authentication information from the request.
 #[derive(Debug)]
 pub struct AuthInfo {
     token: TokenDTO,
     roles: Vec<String>,
 }
 
+/// Extracts authentication information from the request parts.
 impl FromRequestParts<DbPool> for AuthInfo {
     type Rejection = StatusCode;
 
@@ -25,11 +27,15 @@ impl FromRequestParts<DbPool> for AuthInfo {
     }
 }
 
+/// Extracts the headers from request and returns the result from inspect_with_header function.
 pub async fn inspect_req(state: &DbPool, req: &Request<Body>) -> Result<AuthInfo, StatusCode> {
     let header = req.headers();
     inspect_with_header(state, header).await
 }
 
+/// Inspects the request headers and extracts authentication information.
+/// Returns an `AuthInfo` struct containing the token and roles if successful.
+/// If the authorization header is missing or invalid, it returns a `StatusCode::UNAUTHORIZED`.
 pub async fn inspect_with_header(
     state: &DbPool,
     header: &HeaderMap,

src/auth/token.rs

@@ -1,26 +1,22 @@
-use std::ops::Index;
+use crate::storage::DbPool;
 use axum::extract::{Path, Query, State};
-use axum::{Json, Router};
+use axum::http::StatusCode;
 use axum::response::{IntoResponse, NoContent, Response};
 use axum::routing::post;
+use axum::{Json, Router};
 use log::error;
-use serde::Deserialize;
+use rand::{Rng, distributions::Alphanumeric};
+use serde::{Deserialize, Serialize};
 use sqlx::Error;
-use rand::{distributions::Alphanumeric, Rng};
+use std::ops::Index;
 use uuid::Uuid;
-use crate::storage::DbPool;
 
-enum TokenType {
+#[derive(Debug, Serialize)]
-
-}
-
-#[derive(Debug)]
 pub struct IdentityDTO {
     id: String,
-    name: String
+    name: String,
 }
 
-
 #[derive(Debug)]
 pub struct TokenDTO {
     key: String,
@@ -36,11 +32,27 @@ pub struct TokenRoleMembershipDTO {
     token_id: String,
 }
 
+/// Represents a request body for the `/auth/token/lookup` endpoint.
 #[derive(Deserialize)]
 struct RequestBodyPostLookup {
     token: String,
 }
 
+/// Represents the response body for the `/auth/token/lookup` endpoint.
+#[derive(Serialize)]
+struct TokenLookupResponse {
+    id: String,
+    type_name: String,
+    roles: Vec<String>,
+}
+
+/// Represents an error response for the API.
+#[derive(Serialize)]
+struct ErrorResponse {
+    error: String,
+}
+
+/// Generates a random string of the specified length using alphanumeric characters.
 // TODO: Make string generation secure
 fn get_random_string(len: usize) -> String {
     rand::thread_rng()
@@ -50,47 +62,62 @@ fn get_random_string(len: usize) -> String {
         .collect()
 }
 
-// Returns if a token was created or not. Prints out the created token to the console.
+/// Creates a root token if none exists in the database.
+/// Returns true if a new root token was created, false if one already exists.
 pub async fn create_root_token_if_none_exist(pool: &DbPool) -> bool {
+    // Check if a root token already exists
     let exists = sqlx::query!(
         r#"SELECT service_token.* FROM service_token, service_token_role_membership
                           WHERE service_token.id = service_token_role_membership.token_id AND
                                 service_token_role_membership.role_name = 'root'
-                          LIMIT 1"#).fetch_one(pool).await
+                          LIMIT 1"#
+    )
+    .fetch_one(pool)
+    .await
     .is_ok();
     if exists {
         return false;
     }
+    // If no root token exists, create one
     let result = create_root_token(pool).await;
     if result.is_err() {
         let error = result.err().unwrap();
+        // Log the error and panic
         error!("create_root_token failed: {:?}", error);
         panic!("create_root_token failed: {:?}", error);
     }
+    // If successful, print the root token. This will only happen once.
     println!("\n\nYour root token is: {}", result.unwrap());
     println!("It will only be displayed once!\n\n");
     true
 }
 
-// Return the token key if successful
+/// Creates a root token in the database.
 async fn create_root_token(pool: &DbPool) -> Result<String, Error> {
     let id = Uuid::new_v4().to_string();
     let key = "s.".to_string() + &get_random_string(24);
+    // Insert the root token into the database
     let result = sqlx::query!(r#"
                     INSERT INTO service_token (id, key) VALUES ($1, $2);
                     INSERT INTO service_token_role_membership (token_id, role_name) VALUES ($3, 'root');
             "#, id, key, id).execute(pool).await;
+    // If the insert was successful, return the key
     if result.is_ok() {
         return Ok(key);
     }
+    // Else, return the error
     Err(result.unwrap_err())
 }
 
-// Gets the current time in seconds since unix epoch
+/// Gets the current time in seconds since unix epoch
 fn get_time_as_int() -> i64 {
-    std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).unwrap().as_secs() as i64
+    std::time::SystemTime::now()
+        .duration_since(std::time::UNIX_EPOCH)
+        .unwrap()
+        .as_secs() as i64
 }
 
+/// Gets the type of token. (The first character of the key always specifies the type)
 fn get_token_type(token: &TokenDTO) -> Result<String, &str> {
     Ok(match token.key.clone().chars().next().unwrap_or('?') {
         's' => "service",
@@ -100,9 +127,13 @@ fn get_token_type(token: &TokenDTO) -> Result<String, &str> {
             error!("Unsupported token type");
             return Err("Unsupported token type");
         }
-    }.to_string())
+    }
+    .to_string())
 }
 
+/// Retrieves a token from the database using its key.
+/// If the token is found and not expired, it returns the token.
+/// Else, it returns an error.
 pub async fn get_token_from_key(token_key: &str, pool: &DbPool) -> Result<TokenDTO, Error> {
     let time = get_time_as_int();
     sqlx::query_as!(
@@ -111,29 +142,66 @@ pub async fn get_token_from_key(token_key: &str, pool: &DbPool) -> Result<TokenD
             token_key, time).fetch_one(pool).await
 }
 
+/// Retrieves the roles associated with a given token from the database.
+/// If the token does not exist, it returns an empty vector.
 pub async fn get_roles_from_token(token: &TokenDTO, pool: &DbPool) -> Vec<String> {
     let result = sqlx::query_as!(
         TokenRoleMembershipDTO,
         r#"SELECT * FROM 'service_token_role_membership' WHERE token_id = $1"#,
-            token.id).fetch_all(pool).await;
+        token.id
-    result.unwrap_or(Vec::new()).iter().map(|r| r.role_name.to_string()).collect()
+    )
+    .fetch_all(pool)
+    .await;
+    result
+        .unwrap_or(Vec::new())
+        .iter()
+        .map(|r| r.role_name.to_string())
+        .collect()
 }
 
+/// Return a router, that may be used to route traffic to the corresponding handlers
 pub fn token_auth_router(pool: DbPool) -> Router<DbPool> {
     Router::new()
         .route("/lookup", post(post_lookup))
         .with_state(pool)
 }
 
-
+/// Handles the `/auth/token/lookup` endpoint.
+/// Retrieves the token and its associated roles from the database using the provided token key.
+/// The output format does not yet match the openBao specification and is for testing only!
 async fn post_lookup(
     State(pool): State<DbPool>,
-    Json(body): Json<RequestBodyPostLookup>
+    Json(body): Json<RequestBodyPostLookup>,
-) -> Result<Response, ()> {
+) -> Response {
-    let token = body.token;
+    let token_str = body.token;
-
+    // Validate the token string
-    Ok(IntoResponse::into_response(token))
+    match get_token_from_key(&token_str, &pool).await {
+        // If the token is found, retrieve its type and roles
+        Ok(token) => {
+            let type_name = get_token_type(&token).unwrap_or_else(|_| String::from("Unknown"));
+            let roles = get_roles_from_token(&token, &pool).await;
+            let resp = TokenLookupResponse {
+                id: token.id,
+                type_name,
+                roles,
+            };
+            // Return the token information as a JSON response
+            (StatusCode::OK, axum::Json(resp)).into_response()
         }
+        // If the token is not found, return a 404 Not Found error
+        Err(e) => {
+            error!("Failed to retrieve token: {:?}", e);
+            let err = ErrorResponse {
+                error: "Failed to retrieve token".to_string(),
+            };
+            (StatusCode::NOT_FOUND, axum::Json(err)).into_response()
+        }
+    }
+}
+
+//
+// The following functions are placeholders for the various token-related operations.
+//
 
 async fn get_accessors() {}
 
@@ -145,7 +213,6 @@ async fn post_create_role() {}
 
 async fn get_lookup() {}
 
-
 async fn get_lookup_self() {}
 
 async fn post_lookup_self() {}

src/main.rs

@@ -1,19 +1,19 @@
 #![forbid(unsafe_code)]
 
+use crate::auth::auth_extractor::AuthInfo;
+use crate::common::HttpError;
 use axum::{
     extract::Request,
     http::StatusCode,
     middleware::{self, Next},
     response::{IntoResponse, Response},
     routing::get,
-    Router
+    Router,
 };
 use log::*;
 use std::{env, net::SocketAddr, str::FromStr};
 use storage::DbPool;
 use tokio::{net::TcpListener, signal};
-use crate::auth::auth_extractor::AuthInfo;
-use crate::common::HttpError;
 
 mod auth;
 mod common;