From 3864345cbbf454997ad57191e51a1034937a0461 Mon Sep 17 00:00:00 2001
From: Andeya <andeyalee@outlook.com>
Date: Wed, 23 Oct 2024 21:35:54 +0800
Subject: [PATCH] chore: Improved code

---
 {workflows => .github/workflows}/ci.yml       |  0
 {workflows => .github/workflows}/coverage.yml |  0
 {workflows => .github/workflows}/release.yml  |  2 +-
 Cargo.toml                                    | 12 ++---
 README.md                                     |  2 +-
 src/authn/mod.rs                              | 17 ++-----
 src/authn/types.rs                            | 11 +++--
 src/config.rs                                 | 19 +++++---
 src/lib.rs                                    | 48 +++++++++++++++++++
 src/service.rs                                |  9 ++++
 src/user/mod.rs                               |  1 +
 11 files changed, 92 insertions(+), 29 deletions(-)
 rename {workflows => .github/workflows}/ci.yml (100%)
 rename {workflows => .github/workflows}/coverage.yml (100%)
 rename {workflows => .github/workflows}/release.yml (97%)

diff --git a/workflows/ci.yml b/.github/workflows/ci.yml
similarity index 100%
rename from workflows/ci.yml
rename to .github/workflows/ci.yml
diff --git a/workflows/coverage.yml b/.github/workflows/coverage.yml
similarity index 100%
rename from workflows/coverage.yml
rename to .github/workflows/coverage.yml
diff --git a/workflows/release.yml b/.github/workflows/release.yml
similarity index 97%
rename from workflows/release.yml
rename to .github/workflows/release.yml
index fc1d00f..d7ed59d 100644
--- a/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -25,7 +25,7 @@ jobs:
         run: cargo login ${{ secrets.CARGO_TOKEN }}
 
       - name: Cargo Publish
-        run: ./publish.sh
+        run: cargo publish
 
       - name: GitHub Release
         id: create_release
diff --git a/Cargo.toml b/Cargo.toml
index 2d2275b..e1a9cf9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "casdoor-rs-sdk"
-version = "2.0.0"
+version = "2.0.1"
 edition = "2021"
 license = "Apache-2.0"
 description = "A Casdoor SDK with more complete interfaces and better usability."
@@ -18,9 +18,9 @@ serde = { version = "1", features = ["derive"] }
 reqwest = { version = "0.12", features = ["json"] }
 tokio = { version = "1", features = ["full"] }
 serde_json = "1.0"
-jsonwebtoken = "9.3"
+jsonwebtoken = "9.3.0"
 http = "1.1"
-urlencoding = "2.1.0"
+urlencoding = "2.1"
 oauth2 = "4.1"
 toml = "0.8"
 getset2 = "0.2"
@@ -28,8 +28,8 @@ anyhow = "1"
 salvo = { version = "0.73", default-features = false, features = [
     "oapi",
 ], optional = true }
-
+jwt-claims = "1.0.1"
 
 [features]
-default = ["salvo"]
-salvo = ["dep:salvo"]
+default = []
+salvo = ["dep:salvo", "jwt-claims/salvo"]
diff --git a/README.md b/README.md
index 4fdd582..f5f06e8 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 A [Casdoor](https://github.com/casdoor/casdoor) SDK with more complete interfaces and better usability.
 
-[![GitHub last commit](https://img.shields.io/github/last-commit/andeya/casdoor-rs-sdk)](https://github.com/andeya/casdoor-rs-sdk/commits/master)
+[![GitHub last commit](https://img.shields.io/github/last-commit/andeya/casdoor-rs-sdk)](https://github.com/andeya/casdoor-rs-sdk/commits/main)
 [![Crates.io](https://img.shields.io/crates/v/casdoor-rs-sdk.svg)](https://crates.io/crates/casdoor-rs-sdk)
 [![Docs](https://docs.rs/casdoor-rs-sdk/badge.svg)](https://docs.rs/casdoor-rs-sdk)
 
diff --git a/src/authn/mod.rs b/src/authn/mod.rs
index 64f7797..438a8b2 100644
--- a/src/authn/mod.rs
+++ b/src/authn/mod.rs
@@ -62,18 +62,11 @@ impl AuthService {
     }
 
     pub fn parse_jwt_token(&self, token: &str) -> anyhow::Result<Claims> {
-        let v: TokenData<serde_json::Value> = jsonwebtoken::decode(
-            token,
-            &DecodingKey::from_rsa_pem(self.service.certificate().as_bytes())?,
-            &Validation::new(Algorithm::RS256),
-        )?;
-        println!("parse_jwt_token = {}", v.claims);
-        let res: TokenData<Claims> = jsonwebtoken::decode(
-            token,
-            &DecodingKey::from_rsa_pem(self.service.certificate().as_bytes())?,
-            &Validation::new(Algorithm::RS256),
-        )?;
-        Ok(res.claims)
+        let mut validation = Validation::new(Algorithm::RS256);
+        validation.set_audience(&[self.service.client_id()]);
+
+        let td: TokenData<Claims> = jsonwebtoken::decode(token, &DecodingKey::from_rsa_pem(self.service.certificate().as_bytes())?, &validation)?;
+        Ok(td.claims)
     }
 
     pub fn get_signin_url(&self, redirect_url: String) -> String {
diff --git a/src/authn/types.rs b/src/authn/types.rs
index 94ce61a..d14e86b 100644
--- a/src/authn/types.rs
+++ b/src/authn/types.rs
@@ -1,15 +1,20 @@
+use jwt_claims::RegisteredClaims;
 pub use oauth2::TokenResponse;
 use serde::{Deserialize, Serialize};
 
 use crate::User;
 
 #[cfg_attr(feature = "salvo", derive(salvo::prelude::ToSchema))]
-#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
+#[derive(Debug, Clone, Serialize, Deserialize, Default)]
 #[serde(rename_all = "camelCase", default)]
 pub struct Claims {
     #[serde(flatten)]
     pub user: User,
     pub access_token: String,
-    pub token_type: String,
-    pub refresh_token_type: String,
+    pub tag: String,
+    pub token_type: Option<String>,
+    pub nonce: Option<String>,
+    pub scope: Option<String>,
+    #[serde(flatten)]
+    pub reg_claims: RegisteredClaims,
 }
diff --git a/src/config.rs b/src/config.rs
index c979a6b..3f503ab 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -23,13 +23,20 @@ pub struct Config {
 
 impl Config {
     /// Create a new Config.
-    pub fn new(endpoint: String, client_id: String, client_secret: String, certificate: String, org_name: String, app_name: Option<String>) -> Self {
+    pub fn new(
+        endpoint: impl Into<String>,
+        client_id: impl Into<String>,
+        client_secret: impl Into<String>,
+        certificate: impl Into<String>,
+        org_name: impl Into<String>,
+        app_name: Option<String>,
+    ) -> Self {
         Config {
-            endpoint,
-            client_id,
-            client_secret,
-            certificate: Self::replace_cert_to_pub_key(certificate),
-            org_name,
+            endpoint: endpoint.into(),
+            client_id: client_id.into(),
+            client_secret: client_secret.into(),
+            certificate: Self::replace_cert_to_pub_key(certificate.into()),
+            org_name: org_name.into(),
             app_name,
         }
     }
diff --git a/src/lib.rs b/src/lib.rs
index bb3ceca..a6051da 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -10,3 +10,51 @@ pub use authn::*;
 pub use config::*;
 pub use service::*;
 pub use user::*;
+
+#[cfg(test)]
+mod tests {
+    use crate::*;
+    #[test]
+    fn example() {
+        let endpoint = "http://localhost:8000";
+        let client_id = "0e6ad201d317fb74fe9d";
+        let client_secret = "1fc847b0fdb3cb3f067c15ee383dee6213bd3fde";
+        let certificate = r###"
+-----BEGIN CERTIFICATE-----
+MIIE+TCCAuGgAwIBAgIDAeJAMA0GCSqGSIb3DQEBCwUAMDYxHTAbBgNVBAoTFENh
+c2Rvb3IgT3JnYW5pemF0aW9uMRUwEwYDVQQDEwxDYXNkb29yIENlcnQwHhcNMjEx
+MDE1MDgxMTUyWhcNNDExMDE1MDgxMTUyWjA2MR0wGwYDVQQKExRDYXNkb29yIE9y
+Z2FuaXphdGlvbjEVMBMGA1UEAxMMQ2FzZG9vciBDZXJ0MIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAsInpb5E1/ym0f1RfSDSSE8IR7y+lw+RJjI74e5ej
+rq4b8zMYk7HeHCyZr/hmNEwEVXnhXu1P0mBeQ5ypp/QGo8vgEmjAETNmzkI1NjOQ
+CjCYwUrasO/f/MnI1C0j13vx6mV1kHZjSrKsMhYY1vaxTEP3+VB8Hjg3MHFWrb07
+uvFMCJe5W8+0rKErZCKTR8+9VB3janeBz//zQePFVh79bFZate/hLirPK0Go9P1g
+OvwIoC1A3sarHTP4Qm/LQRt0rHqZFybdySpyWAQvhNaDFE7mTstRSBb/wUjNCUBD
+PTSLVjC04WllSf6Nkfx0Z7KvmbPstSj+btvcqsvRAGtvdsB9h62Kptjs1Yn7GAuo
+I3qt/4zoKbiURYxkQJXIvwCQsEftUuk5ew5zuPSlDRLoLByQTLbx0JqLAFNfW3g/
+pzSDjgd/60d6HTmvbZni4SmjdyFhXCDb1Kn7N+xTojnfaNkwep2REV+RMc0fx4Gu
+hRsnLsmkmUDeyIZ9aBL9oj11YEQfM2JZEq+RVtUx+wB4y8K/tD1bcY+IfnG5rBpw
+IDpS262boq4SRSvb3Z7bB0w4ZxvOfJ/1VLoRftjPbLIf0bhfr/AeZMHpIKOXvfz4
+yE+hqzi68wdF0VR9xYc/RbSAf7323OsjYnjjEgInUtRohnRgCpjIk/Mt2Kt84Kb0
+wn8CAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAn2lf
+DKkLX+F1vKRO/5gJ+Plr8P5NKuQkmwH97b8CS2gS1phDyNgIc4/LSdzuf4Awe6ve
+C06lVdWSIis8UPUPdjmT2uMPSNjwLxG3QsrimMURNwFlLTfRem/heJe0Zgur9J1M
+8haawdSdJjH2RgmFoDeE2r8NVRfhbR8KnCO1ddTJKuS1N0/irHz21W4jt4rxzCvl
+2nR42Fybap3O/g2JXMhNNROwZmNjgpsF7XVENCSuFO1jTywLaqjuXCg54IL7XVLG
+omKNNNcc8h1FCeKj/nnbGMhodnFWKDTsJcbNmcOPNHo6ixzqMy/Hqc+mWYv7maAG
+Jtevs3qgMZ8F9Qzr3HpUc6R3ZYYWDY/xxPisuKftOPZgtH979XC4mdf0WPnOBLqL
+2DJ1zaBmjiGJolvb7XNVKcUfDXYw85ZTZQ5b9clI4e+6bmyWqQItlwt+Ati/uFEV
+XzCj70B4lALX6xau1kLEpV9O1GERizYRz5P9NJNA7KoO5AVMp9w0DQTkt+LbXnZE
+HHnWKy8xHQKZF9sR7YBPGLs/Ac6tviv5Ua15OgJ/8dLRZ/veyFfGo2yZsI+hKVU5
+nCCJHBcAyFnm1hdvdwEdH33jDBjNB6ciotJZrf/3VYaIWSalADosHAgMWfXuWP+h
+8XKXmzlxuHbTMQYtZPDgspS5aK+S4Q9wb8RRAYo=
+-----END CERTIFICATE-----
+"###;
+        let org_name = "built-in";
+        let app_name = "myapp";
+
+        let service = Config::new(endpoint, client_id, client_secret, certificate, org_name, Some(app_name.to_owned())).into_service();
+        println!("{:?}", service.authn());
+        println!("{:?}", service.user());
+    }
+}
diff --git a/src/service.rs b/src/service.rs
index f5ab18c..07615a9 100644
--- a/src/service.rs
+++ b/src/service.rs
@@ -21,9 +21,18 @@ impl Deref for Service {
     }
 }
 
+impl Config {
+    pub fn into_service(self) -> Service {
+        Service::new(self)
+    }
+}
+
 pub const NONE_BODY: Option<&()> = None::<&()>;
 
 impl Service {
+    pub fn new(config: Config) -> Self {
+        Self { config: Arc::new(config) }
+    }
     pub async fn request<Data, Data2>(
         &self,
         method: Method,
diff --git a/src/user/mod.rs b/src/user/mod.rs
index 615e6f2..c101108 100644
--- a/src/user/mod.rs
+++ b/src/user/mod.rs
@@ -11,6 +11,7 @@ impl Service {
     }
 }
 
+#[derive(Debug, Clone)]
 pub struct UserService {
     service: Service,
 }