Merge pull request #539 from sebadob/536-api-casing

fix API routes case differences

CHANGELOG.md

@@ -1,6 +1,6 @@
 # Changelog
 
-## NIGHTLY 0.25.0-20240805
+## UNRELEASED
 
 ### Changes
 
@@ -23,7 +23,30 @@ application. If so, you can disable the authentication on this endpoint with
 DANGER_DISABLE_INTROSPECT_AUTH=true
 ```
 
-[]()
+[2e84ceb](https://github.com/sebadob/rauthy/commit/2e84ceb062c677e863f5ad524c7fe8b2af21449b)
+[7087a59](https://github.com/sebadob/rauthy/commit/7087a5998f5c687c6b7bd90a0771451ddec9068e)
+
+#### API Routes Normalization
+
+In preparation for a clean v1.0.0, some older API routes have been fixed regarding their casing and naming.
+The "current" or old routes and names will be available for exactly one release and will be phased out afterward
+to have a smooth migration, just in case someone uses these renamed routes.
+
+- `/oidc/tokenInfo` -> `/oidc/introspect`
+- `/oidc/rotateJwk` -> `/oidc/rotate_jwk`
+
+Since I don't like `kebab-case`, most API routes are written in `snake_case`, with 2 exceptions that follow RFC namings:
+
+- `openid-configuration`
+- `web-identity`
+
+All the `*info` routes like `userinfo` or `sessioninfo` are not `kebab_case` on purpose, just to match other IdPs and
+RFCs a bit more.
+
+There is not a single `camelCase` anymore in the API routes to avoid confusion and issues in situations where you could
+mistake an uppercase `I` as a lowercase `l`. The current `camelCase` endpoints only exist for a smoother migration and
+will be phased out with the next bigger release.
+
 []()
 
 #### Config Read

Cargo.toml

@@ -4,7 +4,7 @@ members = ["src/*"]
 exclude = ["rauthy-client"]
 
 [workspace.package]
-version = "0.25.0-20240809"
+version = "0.25.0-20240824"
 edition = "2021"
 authors = ["Sebastian Dobe <sebastiandobe@mailbox.org>"]
 license = "Apache-2.0"
@@ -25,7 +25,7 @@ actix-multipart = "0.7.2"
 actix-service = "2"
 actix-web = { version = "4", features = ["rustls-0_23"] }
 actix-web-actors = "4"
-actix-web-lab = "0.20"
+actix-web-lab = "0.22"
 actix-web-prom = "0.8.0"
 actix-web-validator = "6"
 anyhow = "1"
@@ -42,7 +42,7 @@ cidr = "0.2.2"
 cron = "0.12"
 cryptr = { version = "0.5.1", features = ["s3", "streaming"] }
 css-color = "0.2"
-derive_more = "0.99"
+derive_more = "1"
 dotenvy = "0.15"
 ed25519-compact = { version = "2.0.4", features = ["ed25519"] }
 flume = "0.11"

frontend/src/utils/dataFetchingAdmin.js

@@ -292,7 +292,7 @@ export async function postProviderLookup(data) {
 }
 
 export async function postRotateJwk() {
-    const res = await fetch(`/auth/v1/oidc/rotateJwk`, {
+    const res = await fetch(`/auth/v1/oidc/rotate_jwk`, {
         method: 'POST',
         headers: getHeaders(),
     });

frontend/vite.config.js

@@ -31,7 +31,7 @@ const config = {
             '/auth/v1/oidc/certs': backend,
             '/auth/v1/oidc/device': backend,
             '/auth/v1/oidc/logout': backend,
-            '/auth/v1/oidc/rotateJwk': backend,
+            '/auth/v1/oidc/rotate_jwk': backend,
             '/auth/v1/oidc/sessioninfo': backend,
             '/auth/v1/oidc/token': backend,
             '/auth/v1/clients': backend,

src/api/src/oidc.rs

@@ -699,14 +699,14 @@ pub async fn post_logout(
 /// - rauthy_admin
 #[utoipa::path(
     post,
-    path = "/oidc/rotateJwk",
+    path = "/oidc/rotate_jwk",
     tag = "oidc",
     responses(
         (status = 200, description = "Ok"),
         (status = 401, description = "Unauthorized", body = ErrorResponse),
     ),
 )]
-#[post("/oidc/rotateJwk")]
+#[post("/oidc/rotate_jwk")]
 pub async fn rotate_jwk(
     data: web::Data<AppState>,
     principal: ReqPrincipal,
@@ -718,6 +718,18 @@ pub async fn rotate_jwk(
         .map(|_| HttpResponse::Ok().finish())
 }
 
+#[post("/oidc/rotateJwk")]
+pub async fn rotate_jwk_deprecated(
+    data: web::Data<AppState>,
+    principal: ReqPrincipal,
+) -> Result<HttpResponse, ErrorResponse> {
+    principal.validate_api_key_or_admin_session(AccessGroup::Secrets, AccessRights::Update)?;
+
+    JWKS::rotate(&data)
+        .await
+        .map(|_| HttpResponse::Ok().finish())
+}
+
 /// Create a new session
 ///
 /// You can use this endpoint to create a new session outside the `/authorize` page when logging

src/bin/src/main.rs

@@ -545,6 +545,7 @@ async fn actix_main(app_state: web::Data<AppState>) -> std::io::Result<()> {
                             .service(oidc::get_logout)
                             .service(oidc::post_logout)
                             .service(oidc::rotate_jwk)
+                            .service(oidc::rotate_jwk_deprecated)
                             .service(oidc::post_session)
                             .service(oidc::get_session_info)
                             .service(oidc::get_session_xsrf)

src/bin/tests/handler_auth.rs

@@ -52,7 +52,7 @@ async fn test_certs() -> Result<(), Box<dyn Error>> {
     //     aw!(reqwest::get(&url)).unwrap();
     // }
     // rotate JWKs
-    let url_rotate = format!("{}/oidc/rotateJwk", backend_url);
+    let url_rotate = format!("{}/oidc/rotate_jwk", backend_url);
     let res = reqwest::Client::new()
         .post(&url_rotate)
         .headers(auth_headers.clone())

src/error/src/lib.rs

@@ -1,7 +1,7 @@
 use derive_more::Display;
 use serde::{Deserialize, Serialize};
 use std::borrow::Cow;
-use std::fmt::{Display, Formatter};
+use std::fmt::Formatter;
 use utoipa::ToSchema;
 
 pub mod error_impls;
@@ -45,7 +45,7 @@ impl Display for ErrorResponseType {
 // Except for input validations, every error will have this format and every possible error in the
 // backend will be converted to this.
 #[derive(Debug, Clone, Display, Serialize, Deserialize, PartialEq, Eq, ToSchema)]
-#[display(fmt = "error: {} message: {}", error, message)]
+#[display("error: {} message: {}", error, message)]
 pub struct ErrorResponse {
     pub timestamp: i64,
     pub error: ErrorResponseType,