use ulid::Ulid;
use url::Url;
use crate::traits::Route;
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct UrlBuilder {
http_base: Url,
prefix: String,
assets_base: String,
issuer: Url,
}
impl UrlBuilder {
#[must_use]
pub fn absolute_url_for<U>(&self, destination: &U) -> Url
where
U: Route,
{
destination.absolute_url(&self.http_base)
}
#[must_use]
pub fn relative_url_for<U>(&self, destination: &U) -> String
where
U: Route,
{
format!(
"{prefix}{destination}",
prefix = self.prefix,
destination = destination.path_and_query()
)
}
#[must_use]
pub fn prefix(&self) -> Option<&str> {
if self.prefix.is_empty() {
None
} else {
Some(&self.prefix)
}
}
pub fn redirect<U>(&self, destination: &U) -> axum::response::Redirect
where
U: Route,
{
let uri = self.relative_url_for(destination);
axum::response::Redirect::to(&uri)
}
pub fn absolute_redirect<U>(&self, destination: &U) -> axum::response::Redirect
where
U: Route,
{
let uri = self.absolute_url_for(destination);
axum::response::Redirect::to(uri.as_str())
}
#[must_use]
pub fn new(base: Url, issuer: Option<Url>, assets_base: Option<String>) -> Self {
assert!(
base.scheme() == "http" || base.scheme() == "https",
"base URL must be HTTP/HTTPS"
);
assert_eq!(base.query(), None, "base URL must not contain a query");
assert_eq!(
base.fragment(),
None,
"base URL must not contain a fragment"
);
assert_eq!(base.username(), "", "base URL must not contain credentials");
assert_eq!(
base.password(),
None,
"base URL must not contain credentials"
);
let issuer = issuer.unwrap_or_else(|| base.clone());
let prefix = base.path().trim_end_matches('/').to_owned();
let assets_base = assets_base.unwrap_or_else(|| format!("{prefix}/assets/"));
Self {
http_base: base,
prefix,
assets_base,
issuer,
}
}
#[must_use]
pub fn public_hostname(&self) -> &str {
self.http_base
.host_str()
.expect("base URL must have a host")
}
#[must_use]
pub fn http_base(&self) -> Url {
self.http_base.clone()
}
#[must_use]
pub fn oidc_issuer(&self) -> Url {
self.issuer.clone()
}
#[must_use]
pub fn oidc_discovery(&self) -> Url {
crate::endpoints::OidcConfiguration.absolute_url(&self.issuer)
}
#[must_use]
pub fn oauth_authorization_endpoint(&self) -> Url {
self.absolute_url_for(&crate::endpoints::OAuth2AuthorizationEndpoint)
}
#[must_use]
pub fn oauth_token_endpoint(&self) -> Url {
self.absolute_url_for(&crate::endpoints::OAuth2TokenEndpoint)
}
#[must_use]
pub fn oauth_introspection_endpoint(&self) -> Url {
self.absolute_url_for(&crate::endpoints::OAuth2Introspection)
}
#[must_use]
pub fn oauth_revocation_endpoint(&self) -> Url {
self.absolute_url_for(&crate::endpoints::OAuth2Revocation)
}
#[must_use]
pub fn oauth_registration_endpoint(&self) -> Url {
self.absolute_url_for(&crate::endpoints::OAuth2RegistrationEndpoint)
}
#[must_use]
pub fn oauth_device_authorization_endpoint(&self) -> Url {
self.absolute_url_for(&crate::endpoints::OAuth2DeviceAuthorizationEndpoint)
}
#[must_use]
pub fn device_code_link(&self) -> Url {
self.absolute_url_for(&crate::endpoints::DeviceCodeLink::default())
}
#[must_use]
pub fn device_code_link_full(&self, code: String) -> Url {
self.absolute_url_for(&crate::endpoints::DeviceCodeLink::with_code(code))
}
#[must_use]
pub fn oidc_userinfo_endpoint(&self) -> Url {
self.absolute_url_for(&crate::endpoints::OidcUserinfo)
}
#[must_use]
pub fn jwks_uri(&self) -> Url {
self.absolute_url_for(&crate::endpoints::OAuth2Keys)
}
#[must_use]
pub fn static_asset(&self, path: String) -> Url {
self.absolute_url_for(&crate::endpoints::StaticAsset::new(path))
}
#[must_use]
pub fn assets_base(&self) -> &str {
&self.assets_base
}
#[must_use]
pub fn graphql_endpoint(&self) -> Url {
self.absolute_url_for(&crate::endpoints::GraphQL)
}
#[must_use]
pub fn upstream_oauth_callback(&self, id: Ulid) -> Url {
self.absolute_url_for(&crate::endpoints::UpstreamOAuth2Callback::new(id))
}
#[must_use]
pub fn upstream_oauth_authorize(&self, id: Ulid) -> Url {
self.absolute_url_for(&crate::endpoints::UpstreamOAuth2Authorize::new(id))
}
#[must_use]
pub fn account_management_uri(&self) -> Url {
self.absolute_url_for(&crate::endpoints::Account::default())
}
#[must_use]
pub fn account_recovery_link(&self, ticket: String) -> Url {
self.absolute_url_for(&crate::endpoints::AccountRecoveryFinish::new(ticket))
}
}
#[cfg(test)]
mod tests {
#[test]
#[should_panic(expected = "base URL must be HTTP/HTTPS")]
fn test_invalid_base_url_scheme() {
let _ = super::UrlBuilder::new(url::Url::parse("file:///tmp/").unwrap(), None, None);
}
#[test]
#[should_panic(expected = "base URL must not contain a query")]
fn test_invalid_base_url_query() {
let _ = super::UrlBuilder::new(
url::Url::parse("https://example.com/?foo=bar").unwrap(),
None,
None,
);
}
#[test]
#[should_panic(expected = "base URL must not contain a fragment")]
fn test_invalid_base_url_fragment() {
let _ = super::UrlBuilder::new(
url::Url::parse("https://example.com/#foo").unwrap(),
None,
None,
);
}
#[test]
#[should_panic(expected = "base URL must not contain credentials")]
fn test_invalid_base_url_credentials() {
let _ = super::UrlBuilder::new(
url::Url::parse("https://foo@example.com/").unwrap(),
None,
None,
);
}
#[test]
fn test_url_prefix() {
let builder = super::UrlBuilder::new(
url::Url::parse("https://example.com/foo/").unwrap(),
None,
None,
);
assert_eq!(builder.prefix, "/foo");
let builder =
super::UrlBuilder::new(url::Url::parse("https://example.com/").unwrap(), None, None);
assert_eq!(builder.prefix, "");
}
#[test]
fn test_absolute_uri_prefix() {
let builder = super::UrlBuilder::new(
url::Url::parse("https://example.com/foo/").unwrap(),
None,
None,
);
let uri = builder.absolute_url_for(&crate::endpoints::OAuth2AuthorizationEndpoint);
assert_eq!(uri.as_str(), "https://example.com/foo/authorize");
}
}