fix lints

2026-05-28 18:40:38 +00:00 · 2024-08-12 08:05:43 +01:00
parent 0e8a848937
commit c6b36d8171
1 changed files with 12 additions and 6 deletions
--- a/proxy/src/auth/backend/jwt.rs
+++ b/proxy/src/auth/backend/jwt.rs
@@ -49,12 +49,15 @@ pub trait FetchAuthRules: Clone + Send + Sync + 'static {
 }

 #[derive(Clone)]
-struct FetchAuthFromCplane(EndpointIdInt);
+struct FetchAuthFromCplane {
+    #[allow(dead_code)]
+    endpoint: EndpointIdInt,
+}

 #[async_trait]
 impl FetchAuthRules for FetchAuthFromCplane {
    async fn fetch_auth_rules(&self) -> anyhow::Result<AuthRules> {
-        bail!("not yet implemented")
+        Err(anyhow::anyhow!("not yet implemented"))
    }
 }

@@ -198,9 +201,7 @@ impl JWKCacheEntryLock {
                .key_sets
                .values()
                .flat_map(|jwks| &jwks.keys)
-                .find(|jwk| {
-                    jwk.prm.kid.as_deref() == Some(kid) && jwk.key.is_supported(&header.alg)
-                });
+                .find(|jwk| jwk.prm.kid.as_deref() == Some(kid));

            match jwk {
                Some(jwk) => break jwk,
@@ -214,6 +215,11 @@ impl JWKCacheEntryLock {
            }
        };

+        ensure!(
+            jwk.is_supported(&header.alg),
+            "signature algorithm not supported"
+        );
+
        let sig = base64::decode_config(signature, base64::URL_SAFE_NO_PAD)
            .context("not a valid compact JWT encoding")?;
        match &jwk.key {
@@ -252,7 +258,7 @@ impl JWKCache {
            }
        };

-        let fetch = FetchAuthFromCplane(endpoint);
+        let fetch = FetchAuthFromCplane { endpoint };
        entry.check_jwt(jwt, &self.client, &fetch).await
    }
 }