Skip to content

Commit

Permalink
refactor: cache FxA OAuth client
Browse files Browse the repository at this point in the history
Closes #1209
  • Loading branch information
Ethan Donowitz committed Feb 4, 2022
1 parent aa93312 commit a99050c
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 22 deletions.
7 changes: 4 additions & 3 deletions src/tokenserver/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,10 @@ impl ServerState {

oauth_verifier
} else {
Box::new(OAuthVerifier {
fxa_oauth_server_url: settings.fxa_oauth_server_url.clone(),
})
Box::new(
OAuthVerifier::new(settings.fxa_oauth_server_url.clone())
.expect("failed to create Tokenserver OAuth verifier"),
)
};
let use_test_transactions = false;

Expand Down
38 changes: 28 additions & 10 deletions src/tokenserver/support.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
use actix_web::Error;
use pyo3::prelude::{IntoPy, PyAny, PyErr, PyModule, PyObject, Python};
use pyo3::prelude::{IntoPy, Py, PyAny, PyErr, PyModule, PyObject, Python};
use pyo3::types::{IntoPyDict, PyString};
use serde::{Deserialize, Serialize};

Expand Down Expand Up @@ -119,27 +119,45 @@ impl Clone for Box<dyn VerifyToken> {
#[derive(Clone)]
/// An adapter to the PyFxA Python library.
pub struct OAuthVerifier {
pub fxa_oauth_server_url: Option<String>,
inner: Py<PyAny>,
}

impl OAuthVerifier {
const FILENAME: &'static str = "verify.py";

pub fn new(fxa_oauth_server_url: Option<String>) -> Result<Self, Error> {
let inner: Py<PyAny> = Python::with_gil::<_, Result<Py<PyAny>, PyErr>>(|py| {
let code = include_str!("verify.py");
let module = PyModule::from_code(py, code, Self::FILENAME, Self::FILENAME)?;
let kwargs = fxa_oauth_server_url
.clone()
.map(|url| [("server_url", url)].into_py_dict(py));
let object: Py<PyAny> = module
.getattr("FxaOAuthClient")?
.call((), kwargs)
.map_err(|e| {
e.print_and_set_sys_last_vars(py);
e
})?
.into();

Ok(object)
})
.map_err(pyerr_to_actix_error)?;

Ok(Self { inner })
}
}

impl VerifyToken for OAuthVerifier {
/// Verifies an OAuth token. Returns `TokenData` for valid tokens and an `Error` for invalid
/// tokens.
fn verify_token(&self, token: &str) -> Result<TokenData, TokenserverError> {
let maybe_token_data_string = Python::with_gil(|py| {
let code = include_str!("verify.py");
let module = PyModule::from_code(py, code, Self::FILENAME, Self::FILENAME)?;
let kwargs = self
.fxa_oauth_server_url
.clone()
.map(|url| [("server_url", url)].into_py_dict(py));
let result: &PyAny = module
let client = self.inner.as_ref(py);
let result: &PyAny = client
.getattr("verify_token")?
.call((token,), kwargs)
.call((token,), None)
.map_err(|e| {
e.print_and_set_sys_last_vars(py);
e
Expand Down
19 changes: 10 additions & 9 deletions src/tokenserver/verify.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,15 @@

DEFAULT_OAUTH_SCOPE = 'https://identity.mozilla.com/apps/oldsync'

class FxaOAuthClient:
def __init__(self, server_url=None):
self._client = Client(server_url=server_url)

def verify_token(token, server_url=None):
client = Client(server_url=server_url)
def verify_token(self, token):
try:
token_data = self._client.verify_token(token, DEFAULT_OAUTH_SCOPE)

try:
token_data = client.verify_token(token, DEFAULT_OAUTH_SCOPE)

# Serialize the data to make it easier to parse in Rust
return json.dumps(token_data)
except (ClientError, TrustError):
return None
# Serialize the data to make it easier to parse in Rust
return json.dumps(token_data)
except (ClientError, TrustError):
return None

0 comments on commit a99050c

Please sign in to comment.