diff --git a/.env.example b/.env.example index f0c4f0e8..aab847b3 100644 --- a/.env.example +++ b/.env.example @@ -20,10 +20,6 @@ TENANT_DATABASE_URL= DEFAULT_TENANT_ID= # This has a default value and dosen't hold much impact to the running of echo-server JWT_SECRET= -# Cloud App -CLOUD_API_URL= -CLOUD_API_KEY= - # CORS CORS_ALLOWED_ORIGINS=* diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index fb6a314e..e4225d64 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -83,7 +83,6 @@ jobs: env: TF_VAR_grafana_auth: ${{ steps.grafana-get-key.outputs.key }} TF_VAR_grafana_endpoint: ${{ steps.grafana-get-details.outputs.endpoint }} - TF_VAR_cloud_api_key: ${{ secrets.CLOUD_API_KEY }} TF_VAR_jwt_secret: ${{ secrets.JWT_SECRET }} TF_VAR_image_version: ${{ inputs.image_tag }} TF_VAR_relay_public_key: ${{ secrets.RELAY_PUBLIC_KEY }} @@ -154,7 +153,6 @@ jobs: env: TF_VAR_grafana_auth: ${{ steps.grafana-get-key.outputs.key }} TF_VAR_grafana_endpoint: ${{ steps.grafana-get-details.outputs.endpoint }} - TF_VAR_cloud_api_key: ${{ secrets.CLOUD_API_KEY }} TF_VAR_jwt_secret: ${{ secrets.JWT_SECRET }} TF_VAR_image_version: ${{ inputs.image_tag }} TF_VAR_relay_public_key: ${{ secrets.RELAY_PUBLIC_KEY }} diff --git a/.github/workflows/ci_terraform.yml b/.github/workflows/ci_terraform.yml index 25e90a60..1295ff4b 100644 --- a/.github/workflows/ci_terraform.yml +++ b/.github/workflows/ci_terraform.yml @@ -124,7 +124,6 @@ jobs: env: TF_VAR_grafana_auth: ${{ steps.grafana-get-key.outputs.key }} TF_VAR_grafana_endpoint: ${{ steps.grafana-get-details.outputs.endpoint }} - TF_VAR_cloud_api_key: ${{ secrets.CLOUD_API_KEY }} TF_VAR_jwt_secret: ${{ secrets.JWT_SECRET }} TF_VAR_relay_public_key: ${{ secrets.RELAY_PUBLIC_KEY }} with: diff --git a/CHANGELOG.md b/CHANGELOG.md index e54ac195..a13f5ef1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to this project will be documented in this file. See [conventional commits](https://www.conventionalcommits.org/) for commit guidelines. - - - +## v0.38.0 - 2024-04-17 +#### Features +- refactored cloud auth (#317) - (830ad97) - Chris Smith + +- - - + ## v0.37.6 - 2024-03-25 #### Bug Fixes - APNs certificate expired error (#314) - (d5347fa) - Chris Smith diff --git a/Cargo.lock b/Cargo.lock index c3c31104..2ab15122 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -142,17 +142,6 @@ dependencies = [ "event-listener", ] -[[package]] -name = "async-recursion" -version = "1.0.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5fd55a5ba1179988837d24ab4c7cc8ed6efdeff578ede0416b4225a5fca35bd0" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.60", -] - [[package]] name = "async-stream" version = "0.3.5" @@ -907,19 +896,6 @@ dependencies = [ "libc", ] -[[package]] -name = "cerberus" -version = "0.2.0" -source = "git+https://github.com/WalletConnect/cerberus.git?tag=v0.5.0#bc1033ca9fa9d588d51237016354f69e0dcafafb" -dependencies = [ - "async-trait", - "once_cell", - "regex", - "reqwest", - "serde", - "thiserror", -] - [[package]] name = "cfg-if" version = "1.0.0" @@ -1298,10 +1274,9 @@ checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b" [[package]] name = "echo-server" -version = "0.37.6" +version = "0.38.0" dependencies = [ "a2", - "async-recursion", "async-trait", "atty", "aws-config", @@ -1311,7 +1286,6 @@ dependencies = [ "base64 0.21.4", "build-info", "build-info-build", - "cerberus", "chrono", "data-encoding", "dotenv", diff --git a/Cargo.toml b/Cargo.toml index 533426bc..761efbef 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "echo-server" -version = "0.37.6" +version = "0.38.0" edition = "2021" authors = [ "Harry Bairstow " @@ -90,8 +90,6 @@ is-variant-derive = { path = "crates/is-variant-derive" } once_cell = "1.15" pnet_datalink = "0.31" ipnet = "2.5" -cerberus = { git = "https://github.com/WalletConnect/cerberus.git", tag = "v0.5.0" } -async-recursion = "1.0.4" tap = "1.0.1" wiremock = "0.5.21" moka = { version = "0.12", features = ["future"] } diff --git a/src/config.rs b/src/config.rs index a7f3f4a8..b49446a7 100644 --- a/src/config.rs +++ b/src/config.rs @@ -83,12 +83,6 @@ pub struct Config { #[cfg(feature = "geoblock")] pub blocked_countries: Vec, - - // Cloud - #[cfg(feature = "cloud")] - pub cloud_api_url: String, - #[cfg(feature = "cloud")] - pub cloud_api_key: String, } impl Config { diff --git a/src/error.rs b/src/error.rs index 9b4be031..7ce0a3f5 100644 --- a/src/error.rs +++ b/src/error.rs @@ -166,9 +166,6 @@ pub enum Error { #[error("BatchCollector Error: {0}")] BatchCollector(String), - #[error(transparent)] - Registry(#[from] cerberus::registry::RegistryError), - #[error("Invalid Project ID: {0}")] InvalidProjectId(String), @@ -534,12 +531,6 @@ impl IntoResponse for Error { message: "Internal error monitoring the request".to_string(), }, ], vec![]), - Error::Registry(_) => crate::handlers::Response::new_failure(StatusCode::INTERNAL_SERVER_ERROR, vec![ - ResponseError { - name: "internal_api_failed".to_string(), - message: "Please check https://status.walletconnect.com as an internal API failed to resolve this request".to_string(), - }, - ], vec![]), Error::JWT(_) => crate::handlers::Response::new_failure(StatusCode::UNAUTHORIZED, vec![ ResponseError { name: "invalid_auth".to_string(), diff --git a/src/handlers/create_tenant.rs b/src/handlers/create_tenant.rs index eb3fb20c..cb91656d 100644 --- a/src/handlers/create_tenant.rs +++ b/src/handlers/create_tenant.rs @@ -1,13 +1,7 @@ -#[cfg(feature = "cloud")] -use cerberus::registry::RegistryClient; use { crate::{ - error::{Error, Error::InvalidProjectId}, - handlers::validate_tenant_request, - increment_counter, - log::prelude::*, - state::AppState, - stores::tenant::TenantUpdateParams, + error::Error, handlers::validate_tenant_request, increment_counter, log::prelude::*, + state::AppState, stores::tenant::TenantUpdateParams, }, axum::{extract::State, http::HeaderMap, Json}, serde::{Deserialize, Serialize}, @@ -34,52 +28,19 @@ pub async fn handler( Json(body): Json, ) -> Result, Error> { #[cfg(feature = "cloud")] - let (valid_id, project) = { - let project_id = body.id.clone(); - - let response = state.registry_client.project_data(&project_id).await?; - - if let Some(project) = response { - // TODO potentially more validation in future - // Project passed forwards for JWT verification later - (project.is_enabled, Some(project)) - } else { - (false, None) - } - }; - - // When not using the cloud app all Ids are valid - #[cfg(not(feature = "cloud"))] - let valid_id = true; - - if !valid_id { - return Err(InvalidProjectId(body.id)); - } - - #[cfg(feature = "cloud")] - if let Some(project) = project { - if let Err(e) = validate_tenant_request( - &state.registry_client, - &state.gotrue_client, - &headers, - body.id.clone(), - Some(project), - ) - .await - { - error!( - tenant_id = %body.id, - err = ?e, - "JWT verification failed" - ); - return Err(e); - } - } else { - return Err(InvalidProjectId(body.id)); + if let Err(e) = + validate_tenant_request(&state.jwt_validation_client, &headers, body.id.clone()).await + { + error!( + tenant_id = %body.id, + err = ?e, + "JWT verification failed" + ); + return Err(e); } #[cfg(not(feature = "cloud"))] - if let Err(e) = validate_tenant_request(&state.gotrue_client, &headers) { + if let Err(e) = validate_tenant_request(&state.jwt_validation_client, &headers) { error!( tenant_id = %body.id, err = ?e, diff --git a/src/handlers/delete_tenant.rs b/src/handlers/delete_tenant.rs index 93863834..3cdb885d 100644 --- a/src/handlers/delete_tenant.rs +++ b/src/handlers/delete_tenant.rs @@ -25,17 +25,11 @@ pub async fn handler( headers: HeaderMap, ) -> Result, Error> { #[cfg(feature = "cloud")] - let verification_res = validate_tenant_request( - &state.registry_client, - &state.gotrue_client, - &headers, - id.clone(), - None, - ) - .await; + let verification_res = + validate_tenant_request(&state.jwt_validation_client, &headers, id.clone()).await; #[cfg(not(feature = "cloud"))] - let verification_res = validate_tenant_request(&state.gotrue_client, &headers); + let verification_res = validate_tenant_request(&state.jwt_validation_client, &headers); if let Err(e) = verification_res { error!( diff --git a/src/handlers/get_tenant.rs b/src/handlers/get_tenant.rs index 77f5e300..e3e9a1fe 100644 --- a/src/handlers/get_tenant.rs +++ b/src/handlers/get_tenant.rs @@ -30,17 +30,11 @@ pub async fn handler( headers: HeaderMap, ) -> Result, Error> { #[cfg(feature = "cloud")] - let verification_res = validate_tenant_request( - &state.registry_client, - &state.gotrue_client, - &headers, - id.clone(), - None, - ) - .await; + let verification_res = + validate_tenant_request(&state.jwt_validation_client, &headers, id.clone()).await; #[cfg(not(feature = "cloud"))] - let verification_res = validate_tenant_request(&state.gotrue_client, &headers); + let verification_res = validate_tenant_request(&state.jwt_validation_client, &headers); if let Err(e) = verification_res { error!( diff --git a/src/handlers/mod.rs b/src/handlers/mod.rs index 87118057..897204f6 100644 --- a/src/handlers/mod.rs +++ b/src/handlers/mod.rs @@ -1,16 +1,7 @@ -#[cfg(feature = "cloud")] -use { - crate::error::Error::InvalidProjectId, - async_recursion::async_recursion, - cerberus::{ - project::ProjectData, - registry::{RegistryClient, RegistryHttpClient}, - }, -}; use { crate::{ error::{Error::InvalidAuthentication, Result}, - supabase::GoTrueClient, + jwt_validation::JwtValidationClient, }, axum::{ http::{header::AUTHORIZATION, HeaderMap}, @@ -164,58 +155,45 @@ impl Default for Response { } } -#[async_recursion] #[cfg(feature = "cloud")] -#[instrument(skip_all, fields(project_id = %project_id, project = ?project))] +#[instrument(skip_all, fields(project_id = %project_id))] pub async fn validate_tenant_request( - registry_client: &RegistryHttpClient, - gotrue_client: &GoTrueClient, + jwt_validation_client: &JwtValidationClient, headers: &HeaderMap, project_id: String, - project: Option, ) -> Result { - if let Some(project) = project { - if let Some(token_value) = headers.get(AUTHORIZATION) { - Ok(match gotrue_client - .is_valid_token(token_value.to_str()?.to_string().replace("Bearer ", "")) - { - Ok(token_data) => { - #[cfg(feature = "cloud")] - let valid_token = token_data.claims.sub == project.creator; - - #[cfg(not(feature = "cloud"))] - let valid_token = true; - - if !valid_token { - Err(InvalidAuthentication) - } else { - Ok(true) - } + if let Some(token_value) = headers.get(AUTHORIZATION) { + Ok(match jwt_validation_client + .is_valid_token(token_value.to_str()?.to_string().replace("Bearer ", "")) + { + Ok(token_data) => { + #[cfg(feature = "cloud")] + let valid_token = token_data.claims.sub == project_id; + + #[cfg(not(feature = "cloud"))] + let valid_token = true; + + if !valid_token { + Err(InvalidAuthentication) + } else { + Ok(true) } - Err(_) => Err(InvalidAuthentication), - }?) - } else { - Err(InvalidAuthentication) - } - } else if let Some(project_fetched) = registry_client.project_data(&project_id).await? { - validate_tenant_request( - registry_client, - gotrue_client, - headers, - project_id, - Some(project_fetched), - ) - .await + } + Err(_) => Err(InvalidAuthentication), + }?) } else { - Err(InvalidProjectId(project_id.to_string())) + Err(InvalidAuthentication) } } #[cfg(not(feature = "cloud"))] #[instrument(skip_all)] -pub fn validate_tenant_request(gotrue_client: &GoTrueClient, headers: &HeaderMap) -> Result { +pub fn validate_tenant_request( + jwt_validation_client: &JwtValidationClient, + headers: &HeaderMap, +) -> Result { if let Some(token_data) = headers.get(AUTHORIZATION) { - if gotrue_client + if jwt_validation_client .is_valid_token(token_data.to_str()?.to_string().replace("Bearer ", "")) .is_ok() { diff --git a/src/handlers/update_apns.rs b/src/handlers/update_apns.rs index 48f536dd..d01a3ae4 100644 --- a/src/handlers/update_apns.rs +++ b/src/handlers/update_apns.rs @@ -123,22 +123,13 @@ pub async fn handler( headers: HeaderMap, mut form_body: Multipart, ) -> Result, Error> { - // Ensure tenant real - let _existing_tenant = state.tenant_store.get_tenant(&id).await?; - // JWT verification #[cfg(feature = "cloud")] - let jwt_verification_result = validate_tenant_request( - &state.registry_client, - &state.gotrue_client, - &headers, - id.clone(), - None, - ) - .await; + let jwt_verification_result = + validate_tenant_request(&state.jwt_validation_client, &headers, id.clone()).await; #[cfg(not(feature = "cloud"))] - let jwt_verification_result = validate_tenant_request(&state.gotrue_client, &headers); + let jwt_verification_result = validate_tenant_request(&state.jwt_validation_client, &headers); if let Err(e) = jwt_verification_result { error!( @@ -149,6 +140,9 @@ pub async fn handler( return Err(e); } + // Ensure tenant real + let _existing_tenant = state.tenant_store.get_tenant(&id).await?; + // ---- retrieve body from form let mut body = ApnsUpdateBody { apns_topic: None, diff --git a/src/handlers/update_fcm.rs b/src/handlers/update_fcm.rs index b17995a3..f373a269 100644 --- a/src/handlers/update_fcm.rs +++ b/src/handlers/update_fcm.rs @@ -38,22 +38,13 @@ pub async fn handler( headers: HeaderMap, mut form_body: Multipart, ) -> Result, Error> { - // -- check if tenant is real - let _existing_tenant = state.tenant_store.get_tenant(&id).await?; - // JWT token verification #[cfg(feature = "cloud")] - let jwt_verification_result = validate_tenant_request( - &state.registry_client, - &state.gotrue_client, - &headers, - id.clone(), - None, - ) - .await; + let jwt_verification_result = + validate_tenant_request(&state.jwt_validation_client, &headers, id.clone()).await; #[cfg(not(feature = "cloud"))] - let jwt_verification_result = validate_tenant_request(&state.gotrue_client, &headers); + let jwt_verification_result = validate_tenant_request(&state.jwt_validation_client, &headers); if let Err(e) = jwt_verification_result { error!( @@ -64,6 +55,9 @@ pub async fn handler( return Err(e); } + // -- check if tenant is real + let _existing_tenant = state.tenant_store.get_tenant(&id).await?; + // ---- retrieve body from form let mut body = FcmUpdateBody { api_key: Default::default(), diff --git a/src/supabase/mod.rs b/src/jwt_validation/mod.rs similarity index 69% rename from src/supabase/mod.rs rename to src/jwt_validation/mod.rs index 0f18f303..7c1c9dc7 100644 --- a/src/supabase/mod.rs +++ b/src/jwt_validation/mod.rs @@ -5,28 +5,26 @@ use { }; #[derive(Serialize, Deserialize)] -pub struct GoTrueClaims { +pub struct Claims { pub sub: String, - pub aud: String, - pub role: String, } #[derive(Clone)] -pub struct GoTrueClient { +pub struct JwtValidationClient { decoding_key: DecodingKey, validation: Validation, } -impl GoTrueClient { - pub fn new(jwt_secret: String) -> GoTrueClient { - GoTrueClient { +impl JwtValidationClient { + pub fn new(jwt_secret: String) -> JwtValidationClient { + JwtValidationClient { decoding_key: DecodingKey::from_secret(jwt_secret.as_bytes()), validation: Validation::new(Algorithm::HS256), } } - pub fn is_valid_token(&self, jwt: String) -> Result> { - Ok(jsonwebtoken::decode::( + pub fn is_valid_token(&self, jwt: String) -> Result> { + Ok(jsonwebtoken::decode::( &jwt, &self.decoding_key, &self.validation, diff --git a/src/lib.rs b/src/lib.rs index 10d0549a..9897442d 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -55,6 +55,7 @@ pub mod blob; pub mod config; pub mod error; pub mod handlers; +pub mod jwt_validation; pub mod log; pub mod macros; pub mod metrics; @@ -64,7 +65,6 @@ pub mod providers; pub mod relay; pub mod state; pub mod stores; -pub mod supabase; const PG_CONNECTION_POOL_SIZE: u32 = 100; diff --git a/src/state.rs b/src/state.rs index d4341005..114f184d 100644 --- a/src/state.rs +++ b/src/state.rs @@ -1,5 +1,3 @@ -#[cfg(feature = "cloud")] -use cerberus::registry::RegistryHttpClient; use { crate::{ config::Config, @@ -18,7 +16,7 @@ use { #[cfg(feature = "analytics")] use crate::analytics::PushAnalytics; #[cfg(feature = "multitenant")] -use crate::supabase::GoTrueClient; +use crate::jwt_validation::JwtValidationClient; pub type ClientStoreArc = Arc; pub type NotificationStoreArc = Arc; @@ -31,8 +29,6 @@ pub trait State { fn notification_store(&self) -> NotificationStoreArc; fn tenant_store(&self) -> TenantStoreArc; fn relay_client(&self) -> RelayClient; - #[cfg(feature = "cloud")] - fn registry_client(&self) -> RegistryHttpClient; fn is_multitenant(&self) -> bool; fn validate_signatures(&self) -> bool; } @@ -48,10 +44,8 @@ pub struct AppState { pub notification_store: NotificationStoreArc, pub tenant_store: TenantStoreArc, pub relay_client: RelayClient, - #[cfg(feature = "cloud")] - pub registry_client: RegistryHttpClient, #[cfg(feature = "multitenant")] - pub gotrue_client: GoTrueClient, + pub jwt_validation_client: JwtValidationClient, pub public_ip: Option, is_multitenant: bool, pub geoblock: Option>>, @@ -79,9 +73,6 @@ pub fn new_state( #[cfg(not(feature = "multitenant"))] let is_multitenant = false; - #[cfg(feature = "cloud")] - let (cloud_url, cloud_api_key) = (config.cloud_api_url.clone(), config.cloud_api_key.clone()); - #[cfg(feature = "multitenant")] let jwt_secret = config.jwt_secret.clone(); @@ -101,10 +92,8 @@ pub fn new_state( notification_store, tenant_store, relay_client: RelayClient::new(config.relay_public_key)?, - #[cfg(feature = "cloud")] - registry_client: RegistryHttpClient::new(cloud_url, cloud_api_key.as_str())?, #[cfg(feature = "multitenant")] - gotrue_client: GoTrueClient::new(jwt_secret), + jwt_validation_client: JwtValidationClient::new(jwt_secret), public_ip, is_multitenant, geoblock: None, @@ -146,11 +135,6 @@ impl State for Arc { self.relay_client.clone() } - #[cfg(feature = "cloud")] - fn registry_client(&self) -> RegistryHttpClient { - self.registry_client.clone() - } - fn is_multitenant(&self) -> bool { self.is_multitenant } diff --git a/terraform/README.md b/terraform/README.md index e8d958d9..1eefb1a0 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -93,7 +93,6 @@ No outputs. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [azs](#input\_azs) | n/a | 
list(string)
| 
[
  "eu-central-1a",
  "eu-central-1b",
  "eu-central-1c"
]
| no | - | [cloud\_api\_key](#input\_cloud\_api\_key) | n/a | 
string
| 
n/a
| yes | | [geoip\_db\_key](#input\_geoip\_db\_key) | The key to the GeoIP database | 
string
| 
"GeoLite2-City.mmdb"
| no | | [grafana\_auth](#input\_grafana\_auth) | n/a | 
string
| 
n/a
| yes | | [grafana\_endpoint](#input\_grafana\_endpoint) | n/a | 
string
| 
n/a
| yes | @@ -105,4 +104,4 @@ No outputs. No outputs. - \ No newline at end of file + diff --git a/terraform/ecs/README.md b/terraform/ecs/README.md index 2435dd30..8f7ecd9a 100644 --- a/terraform/ecs/README.md +++ b/terraform/ecs/README.md @@ -31,8 +31,6 @@ No modules. | [backup\_acm\_certificate\_arn](#input\_backup\_acm\_certificate\_arn) | n/a | 
string
| 
n/a
| yes | | [backup\_fqdn](#input\_backup\_fqdn) | n/a | 
string
| 
n/a
| yes | | [backup\_route53\_zone\_id](#input\_backup\_route53\_zone\_id) | n/a | 
string
| 
n/a
| yes | - | [cloud\_api\_key](#input\_cloud\_api\_key) | n/a | 
string
| 
n/a
| yes | - | [cloud\_api\_url](#input\_cloud\_api\_url) | n/a | 
string
| 
n/a
| yes | | [cpu](#input\_cpu) | n/a | 
number
| 
n/a
| yes | | [database\_url](#input\_database\_url) | n/a | 
string
| 
n/a
| yes | | [desired\_count](#input\_desired\_count) | n/a | 
number
| 
n/a
| yes | @@ -57,4 +55,4 @@ No modules. |------|-------------| | [load\_balancer\_arn](#output\_load\_balancer\_arn) | n/a | - \ No newline at end of file + diff --git a/terraform/ecs/main.tf b/terraform/ecs/main.tf index f14ed977..29123a3b 100644 --- a/terraform/ecs/main.tf +++ b/terraform/ecs/main.tf @@ -92,9 +92,6 @@ resource "aws_ecs_task_definition" "app_task_definition" { { name = "BLOCKED_COUNTRIES", value = "KP,IR,CU,SY,RU" }, - { name = "CLOUD_API_KEY", value = var.cloud_api_key }, - { name = "CLOUD_API_URL", value = var.cloud_api_url }, - { name = "JWT_SECRET", value = var.jwt_secret }, { name = "RELAY_PUBLIC_KEY", value = var.relay_public_key } ], diff --git a/terraform/ecs/variables.tf b/terraform/ecs/variables.tf index 10e8e888..8f34719b 100644 --- a/terraform/ecs/variables.tf +++ b/terraform/ecs/variables.tf @@ -124,15 +124,6 @@ variable "autoscaling_min_capacity" { type = number } -variable "cloud_api_key" { - type = string - sensitive = true -} - -variable "cloud_api_url" { - type = string -} - variable "jwt_secret" { type = string sensitive = true diff --git a/terraform/main.tf b/terraform/main.tf index ad7b7ff6..da8e7b24 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -175,9 +175,6 @@ module "ecs" { analytics_geoip_db_bucket_name = local.geoip_db_bucket_name analytics_geoip_db_key = var.geoip_db_key - cloud_api_key = var.cloud_api_key - cloud_api_url = "https://registry.walletconnect.com/" - jwt_secret = var.jwt_secret relay_public_key = var.relay_public_key diff --git a/terraform/variables.tf b/terraform/variables.tf index 6bc29320..8f8c756f 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -32,11 +32,6 @@ variable "geoip_db_key" { default = "GeoLite2-City.mmdb" } -variable "cloud_api_key" { - type = string - sensitive = true -} - variable "jwt_secret" { type = string sensitive = true diff --git a/tests/context/mod.rs b/tests/context/mod.rs index a4d07488..9f155d32 100644 --- a/tests/context/mod.rs +++ b/tests/context/mod.rs @@ -78,10 +78,6 @@ impl TestContext for ConfigContext { analytics_export_bucket: "example-bucket".to_string(), is_test: true, cors_allowed_origins: vec!["*".to_string()], - #[cfg(feature = "cloud")] - cloud_api_url: "https://example.com".to_string(), - #[cfg(feature = "cloud")] - cloud_api_key: "n/a".to_string(), #[cfg(feature = "geoblock")] blocked_countries: vec![], }; diff --git a/tests/functional/multitenant/apns.rs b/tests/functional/multitenant/apns.rs index 6dfe74ca..f5432814 100644 --- a/tests/functional/multitenant/apns.rs +++ b/tests/functional/multitenant/apns.rs @@ -21,8 +21,6 @@ async fn tenant_update_apns_valid_token(ctx: &mut EchoServerContext) { .as_secs() as usize; let token_claims = ClaimsForValidation { sub: tenant_id.clone(), - aud: "authenticated".to_string(), - role: "authenticated".to_string(), exp: unix_timestamp + 60 * 60, // Add an hour for expiration }; let jwt_token = encode( diff --git a/tests/functional/multitenant/fcm.rs b/tests/functional/multitenant/fcm.rs index e180850f..6ecd694f 100644 --- a/tests/functional/multitenant/fcm.rs +++ b/tests/functional/multitenant/fcm.rs @@ -21,8 +21,6 @@ async fn tenant_update_fcm_valid(ctx: &mut EchoServerContext) { .as_secs() as usize; let token_claims = ClaimsForValidation { sub: random_tenant_id.clone(), - aud: "authenticated".to_string(), - role: "authenticated".to_string(), exp: unix_timestamp + 60 * 60, // Add an hour for expiration }; let jwt_token = encode( diff --git a/tests/functional/multitenant/mod.rs b/tests/functional/multitenant/mod.rs index 8df0fec2..22cb748e 100644 --- a/tests/functional/multitenant/mod.rs +++ b/tests/functional/multitenant/mod.rs @@ -10,8 +10,6 @@ mod tenancy; #[derive(Serialize)] pub struct ClaimsForValidation { sub: String, - aud: String, - role: String, exp: usize, } diff --git a/tests/functional/multitenant/tenancy.rs b/tests/functional/multitenant/tenancy.rs index 3f028d4e..e5bf7abf 100644 --- a/tests/functional/multitenant/tenancy.rs +++ b/tests/functional/multitenant/tenancy.rs @@ -21,8 +21,6 @@ async fn tenant_register_get_delete(ctx: &mut EchoServerContext) { .as_secs() as usize; let token_claims = ClaimsForValidation { sub: random_tenant_id.clone(), - aud: "authenticated".to_string(), - role: "authenticated".to_string(), exp: unix_timestamp + 60 * 60, // Add an hour for expiration }; let jwt_token = encode(