feat: Remove builder style implementation

Author: sidrubs

src/decoding.rs

@@ -232,17 +232,34 @@ pub fn decode<T: DeserializeOwned>(
         return Err(new_error(ErrorKind::InvalidAlgorithm));
     }
 
-    let decoder = decoder_factory(&header.alg, key)?.with_validation(validation)?;
+    let verifying_provider = jwt_verifier_factory(&header.alg, key)?;
 
-    decoder.decode(token)
+    _decode(token, validation, verifying_provider)
 }
 
-/// Return the correct decoder based on the `algorithm`.
-fn decoder_factory(algorithm: &Algorithm, key: &DecodingKey) -> Result<JwtDecoder> {
+/// # Todo
+///
+/// - Documentation
+pub fn _decode<T: DeserializeOwned>(
+    token: &str,
+    validation: &Validation,
+    verifying_provider: Box<dyn JwtVerifier>,
+) -> Result<TokenData<T>> {
+    let (header, claims) = verify_signature(token, validation, verifying_provider)?;
+
+    let decoded_claims = DecodedJwtPartClaims::from_jwt_part_claims(claims)?;
+    let claims = decoded_claims.deserialize()?;
+    validate(decoded_claims.deserialize()?, validation)?;
+
+    Ok(TokenData { header, claims })
+}
+
+/// Return the correct [`JwtVerifier`] based on the `algorithm`.
+fn jwt_verifier_factory(algorithm: &Algorithm, key: &DecodingKey) -> Result<Box<dyn JwtVerifier>> {
     let jwt_encoder = match algorithm {
-        Algorithm::HS256 => JwtDecoder::hs_256(key.try_into()?)?,
-        Algorithm::HS384 => JwtDecoder::hs_384(key.try_into()?)?,
-        Algorithm::HS512 => JwtDecoder::hs_512(key.try_into()?)?,
+        Algorithm::HS256 => Box::new(Hs256::new(key.try_into()?)?) as Box<dyn JwtVerifier>,
+        Algorithm::HS384 => Box::new(Hs384::new(key.try_into()?)?) as Box<dyn JwtVerifier>,
+        Algorithm::HS512 => Box::new(Hs512::new(key.try_into()?)?) as Box<dyn JwtVerifier>,
         Algorithm::ES256 => todo!(),
         Algorithm::ES384 => todo!(),
         Algorithm::RS256 => todo!(),
@@ -287,139 +304,40 @@ pub fn decode_header(token: &str) -> Result<Header> {
     Header::from_encoded(header)
 }
 
-/// A builder style JWT decoder
-///
-/// # Examples
-///
-/// ```
-/// use jsonwebtoken::{JwtDecoder, HmacSecret};
-/// use serde::{Serialize, Deserialize};
+/// Verify signature of a JWT, and return header object and raw payload
 ///
-/// #[derive(Debug, Serialize, Deserialize)]
-/// struct Claims {
-///    sub: String,
-///    company: String,
-///    exp: usize,
-/// }
-///
-/// let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUiLCJleHAiOjI1MzI1MjQ4OTF9.9r56oF7ZliOBlOAyiOFperTGxBtPykRQiWNFxhDCW98";
-///
-/// let hmac_secret = HmacSecret::from_secret(b"secret");
-///
-/// let claims = JwtDecoder::hs_256(hmac_secret)
-///     .unwrap()
-///     .decode::<Claims>(&token)
-///     .unwrap();
-/// ```
-pub struct JwtDecoder {
+/// If the token or its signature is invalid, it will return an error.
+fn verify_signature<'a>(
+    token: &'a str,
+    validation: &Validation,
     verifying_provider: Box<dyn JwtVerifier>,
-    validation: Validation,
-}
-
-impl JwtDecoder {
-    /// Create a new [`JwtDecoder`] with any `verifying_provider` that implements the [`JwtVerifier`] trait.
-    pub fn from_verifier<V: JwtVerifier + 'static>(verifying_provider: V) -> Self {
-        Self::from_boxed_verifiyer(Box::new(verifying_provider))
+) -> Result<(Header, &'a str)> {
+    if validation.validate_signature && validation.algorithms.is_empty() {
+        return Err(new_error(ErrorKind::MissingAlgorithm));
     }
 
-    /// Create a new [`JwtDecoder`] with any `verifying_provider` implements the [`JwtVerifier`] trait.
-    pub fn from_boxed_verifiyer(verifying_provider: Box<dyn JwtVerifier>) -> Self {
-        let validation = Validation::new(verifying_provider.algorithm());
+    // Todo: This behaviour is currently not captured anywhere.
+    // if validation.validate_signature {
+    //     for alg in &validation.algorithms {
+    //         if key.family != alg.family() {
+    //             return Err(new_error(ErrorKind::InvalidAlgorithm));
+    //         }
+    //     }
+    // }
 
-        Self { verifying_provider, validation }
-    }
-
-    /// Provide custom a custom validation configuration.
-    ///
-    /// # Examples
-    ///
-    /// ```
-    /// use jsonwebtoken::{JwtDecoder, HmacSecret, Validation, Algorithm};
-    ///
-    /// let hmac_secret = HmacSecret::from_secret(b"secret");
-    /// let mut validation = Validation::new(Algorithm::HS256);
-    /// validation.leeway = 5;
-    ///
-    /// let jwt_decoder = JwtDecoder::hs_256(hmac_secret)
-    ///     .unwrap()
-    ///     .with_validation(&validation)
-    ///     .unwrap();
-    /// ```
-    pub fn with_validation(mut self, validation: &Validation) -> Result<Self> {
-        // Check that the validation contains the correct algorithm
-        if validation.validate_signature
-            && !validation.algorithms.contains(&self.verifying_provider.algorithm())
-        {
-            return Err(new_error(crate::errors::ErrorKind::InvalidAlgorithm));
-        }
-
-        self.validation = validation.clone();
-        Ok(self)
-    }
-
-    /// Decode and verify a JWT `token` using the `verifying_provider` and `validation` of the [`JwtDecoder`]
-    pub fn decode<T: DeserializeOwned>(&self, token: &str) -> Result<TokenData<T>> {
-        let (header, claims) = self.verify_signature(token)?;
-
-        let decoded_claims = DecodedJwtPartClaims::from_jwt_part_claims(claims)?;
-        let claims = decoded_claims.deserialize()?;
-        validate(decoded_claims.deserialize()?, &self.validation)?;
-
-        Ok(TokenData { header, claims })
-    }
-
-    /// Verify signature of a JWT, and return header object and raw payload
-    ///
-    /// If the token or its signature is invalid, it will return an error.
-    fn verify_signature<'a>(&self, token: &'a str) -> Result<(Header, &'a str)> {
-        if self.validation.validate_signature && self.validation.algorithms.is_empty() {
-            return Err(new_error(ErrorKind::MissingAlgorithm));
-        }
+    let (signature, message) = expect_two!(token.rsplitn(2, '.'));
+    let (payload, header) = expect_two!(message.rsplitn(2, '.'));
+    let header = Header::from_encoded(header)?;
 
-        // Todo: This behaviour is currently not captured anywhere.
-        // if validation.validate_signature {
-        //     for alg in &validation.algorithms {
-        //         if key.family != alg.family() {
-        //             return Err(new_error(ErrorKind::InvalidAlgorithm));
-        //         }
-        //     }
-        // }
-
-        let (signature, message) = expect_two!(token.rsplitn(2, '.'));
-        let (payload, header) = expect_two!(message.rsplitn(2, '.'));
-        let header = Header::from_encoded(header)?;
-
-        if self.validation.validate_signature && !self.validation.algorithms.contains(&header.alg) {
-            return Err(new_error(ErrorKind::InvalidAlgorithm));
-        }
-
-        if self.validation.validate_signature
-            && self.verifying_provider.verify(message.as_bytes(), &b64_decode(signature)?).is_err()
-        {
-            return Err(new_error(ErrorKind::InvalidSignature));
-        }
-
-        Ok((header, payload))
-    }
-
-    /// Create new [`JwtDecoder`] with the `HS256` algorithm.
-    pub fn hs_256(secret: HmacSecret) -> Result<JwtDecoder> {
-        let verifying_provider = Box::new(Hs256::new(secret)?);
-
-        Ok(JwtDecoder::from_boxed_verifiyer(verifying_provider))
+    if validation.validate_signature && !validation.algorithms.contains(&header.alg) {
+        return Err(new_error(ErrorKind::InvalidAlgorithm));
     }
 
-    /// Create new [`JwtDecoder`] with the `HS384` algorithm.
-    pub fn hs_384(secret: HmacSecret) -> Result<JwtDecoder> {
-        let verifying_provider = Box::new(Hs384::new(secret)?);
-
-        Ok(JwtDecoder::from_boxed_verifiyer(verifying_provider))
+    if validation.validate_signature
+        && verifying_provider.verify(message.as_bytes(), &b64_decode(signature)?).is_err()
+    {
+        return Err(new_error(ErrorKind::InvalidSignature));
     }
 
-    /// Create new [`JwtDecoder`] with the `HS512` algorithm.
-    pub fn hs_512(secret: HmacSecret) -> Result<JwtDecoder> {
-        let verifying_provider = Box::new(Hs512::new(secret)?);
-
-        Ok(JwtDecoder::from_boxed_verifiyer(verifying_provider))
-    }
+    Ok((header, payload))
 }

src/encoding.rs

@@ -131,17 +131,38 @@ pub fn encode<T: Serialize>(header: &Header, claims: &T, key: &EncodingKey) -> R
         return Err(new_error(ErrorKind::InvalidAlgorithm));
     }
 
-    let jwt_encoder = encoder_factory(&header.alg, key)?.with_header(header)?;
+    let signing_provider = jwt_signer_factory(&header.alg, key)?;
 
-    jwt_encoder.encode(claims)
+    _encode(header, claims, signing_provider)
 }
 
-/// Return the correct [`JwtEncoder`] based on the `algorithm`.
-fn encoder_factory(algorithm: &Algorithm, key: &EncodingKey) -> Result<JwtEncoder> {
-    let jwt_encoder = match algorithm {
-        Algorithm::HS256 => JwtEncoder::hs_256(key.into())?,
-        Algorithm::HS384 => JwtEncoder::hs_384(key.into())?,
-        Algorithm::HS512 => JwtEncoder::hs_512(key.into())?,
+/// # Todo
+///
+/// - Documentation
+pub fn _encode<T: Serialize>(
+    header: &Header,
+    claims: &T,
+    signing_provider: Box<dyn JwtSigner>,
+) -> Result<String> {
+    if signing_provider.algorithm() != header.alg {
+        return Err(new_error(ErrorKind::InvalidAlgorithm));
+    }
+
+    let encoded_header = b64_encode_part(&header)?;
+    let encoded_claims = b64_encode_part(claims)?;
+    let message = [encoded_header, encoded_claims].join(".");
+
+    let signature = b64_encode(&signing_provider.sign(message.as_bytes()));
+
+    Ok([message, signature].join("."))
+}
+
+/// Return the correct [`JwtSigner`] based on the `algorithm`.
+fn jwt_signer_factory(algorithm: &Algorithm, key: &EncodingKey) -> Result<Box<dyn JwtSigner>> {
+    let jwt_signer = match algorithm {
+        Algorithm::HS256 => Box::new(Hs256::new(key.into())?) as Box<dyn JwtSigner>,
+        Algorithm::HS384 => Box::new(Hs384::new(key.into())?) as Box<dyn JwtSigner>,
+        Algorithm::HS512 => Box::new(Hs512::new(key.into())?) as Box<dyn JwtSigner>,
         Algorithm::ES256 => todo!(),
         Algorithm::ES384 => todo!(),
         Algorithm::RS256 => todo!(),
@@ -153,7 +174,7 @@ fn encoder_factory(algorithm: &Algorithm, key: &EncodingKey) -> Result<JwtEncode
         Algorithm::EdDSA => todo!(),
     };
 
-    Ok(jwt_encoder)
+    Ok(jwt_signer)
 }
 
 /// Convert an [`&EncodingKey`] to an [`HmacSecret`].
@@ -162,124 +183,3 @@ impl From<&EncodingKey> for HmacSecret {
         HmacSecret::from_secret(&key.content)
     }
 }
-
-/// A builder style JWT encoder.
-///
-/// # Examples
-///
-/// ```
-/// use serde::{Deserialize, Serialize};
-/// use jsonwebtoken::{JwtEncoder, HmacSecret};
-///
-/// #[derive(Debug, Serialize, Deserialize)]
-/// struct Claims {
-///    sub: String,
-///    company: String
-/// }
-///
-/// let my_claims = Claims {
-///     sub: "[email protected]".to_owned(),
-///     company: "ACME".to_owned()
-/// };
-///
-/// let hmac_secret = HmacSecret::from_secret(b"secret");
-///
-/// let token = JwtEncoder::hs_256(hmac_secret)
-///     .unwrap()
-///     .encode(&my_claims)
-///     .unwrap();
-/// ```
-pub struct JwtEncoder {
-    signing_provider: Box<dyn JwtSigner>,
-    header: Header,
-}
-
-impl JwtEncoder {
-    /// Create a new [`JwtEncoder`] with any `signing_provider` that implements the [`JwtSigner`] trait.
-    pub fn from_signer<S: JwtSigner + 'static>(signing_provider: S) -> Self {
-        Self::from_boxed_signer(Box::new(signing_provider))
-    }
-
-    /// Create a new [`JwtEncoder`] with any `signing_provider` that implements the [`JwtSigner`] trait.
-    pub fn from_boxed_signer(signing_provider: Box<dyn JwtSigner>) -> Self {
-        // Determine a default header
-        let mut header = Header::new(signing_provider.algorithm());
-        header.typ = Some("JWT".to_owned());
-
-        Self { signing_provider, header }
-    }
-
-    /// Provide a custom header.
-    ///
-    /// This would be used in the rare cases that fields other than `algorithm` and `type` need to be populated.
-    ///
-    /// # Examples
-    ///
-    /// ```
-    /// use serde::{Deserialize, Serialize};
-    /// use jsonwebtoken::{JwtEncoder, HmacSecret, Header, Algorithm};
-    ///
-    /// #[derive(Debug, Serialize, Deserialize)]
-    /// struct Claims {
-    ///    sub: String,
-    ///    company: String
-    /// }
-    ///
-    /// let my_claims = Claims {
-    ///     sub: "[email protected]".to_owned(),
-    ///     company: "ACME".to_owned()
-    /// };
-    ///
-    /// let hmac_secret = HmacSecret::from_secret(b"secret");
-    /// let mut header = Header::new(Algorithm::HS256);
-    /// header.cty = Some("content-type".to_owned());
-    ///
-    /// let token = JwtEncoder::hs_256(hmac_secret)
-    ///     .unwrap()
-    ///     .with_header(&header)
-    ///     .unwrap()
-    ///     .encode(&my_claims)
-    ///     .unwrap();
-    /// ```
-    pub fn with_header(mut self, header: &Header) -> Result<Self> {
-        // Check that the header makes use of the correct algorithm
-        if header.alg != self.signing_provider.algorithm() {
-            return Err(new_error(crate::errors::ErrorKind::InvalidAlgorithm));
-        }
-
-        self.header = header.clone();
-        Ok(self)
-    }
-
-    /// Encode and sign the `claims` as a JWT using the `signing_provider` of the [`JwtEncoder`].
-    pub fn encode<T: Serialize>(&self, claims: &T) -> Result<String> {
-        let encoded_header = b64_encode_part(&self.header)?;
-        let encoded_claims = b64_encode_part(claims)?;
-        let message = [encoded_header, encoded_claims].join(".");
-
-        let signature = b64_encode(&self.signing_provider.sign(message.as_bytes()));
-
-        Ok([message, signature].join("."))
-    }
-
-    /// Create new [`JwtEncoder`] with the `HS256` algorithm.
-    pub fn hs_256(secret: HmacSecret) -> Result<JwtEncoder> {
-        let signing_provider = Box::new(Hs256::new(secret)?);
-
-        Ok(JwtEncoder::from_boxed_signer(signing_provider))
-    }
-
-    /// Create new [`JwtEncoder`] with the `HS384` algorithm.
-    pub fn hs_384(secret: HmacSecret) -> Result<JwtEncoder> {
-        let signing_provider = Box::new(Hs384::new(secret)?);
-
-        Ok(JwtEncoder::from_boxed_signer(signing_provider))
-    }
-
-    /// Create new [`JwtEncoder`] with the `HS512` algorithm.
-    pub fn hs_512(secret: HmacSecret) -> Result<JwtEncoder> {
-        let signing_provider = Box::new(Hs512::new(secret)?);
-
-        Ok(JwtEncoder::from_boxed_signer(signing_provider))
-    }
-}

src/lib.rs

@@ -10,8 +10,8 @@ compile_error!(
 
 pub use algorithms::Algorithm;
 pub use crypto::hmac::HmacSecret;
-pub use decoding::{decode, decode_header, DecodingKey, JwtDecoder, TokenData};
-pub use encoding::{encode, EncodingKey, JwtEncoder};
+pub use decoding::{decode, decode_header, DecodingKey, TokenData, _decode};
+pub use encoding::{encode, EncodingKey, _encode};
 pub use header::Header;
 pub use validation::{get_current_timestamp, Validation};