ezidam: request guards: jwt admin, jwt user, verify jwt

crates/jwt/src/error.rs

@@ -23,4 +23,7 @@ pub enum Error {
 
     #[error("Failed to create JWT: `{0}`")]
     JwtCreation(#[from] jwt_compact::CreationError),
+
+    #[error("Failed to validate JWT: `{0}`")]
+    JwtValidation(#[from] jwt_compact::ValidationError),
 }

crates/jwt/src/key/private.rs

@@ -1,7 +1,7 @@
 use crate::{Error, JwtClaims};
 use id::KeyID;
 use jwt_compact::alg::{Rsa, RsaPrivateKey, StrongKey};
-use jwt_compact::{AlgorithmExt, Claims, Header};
+use jwt_compact::{AlgorithmExt, Claims, Header, TimeOptions, Token, UntrustedToken};
 use rsa::pkcs8::der::zeroize::Zeroizing;
 use rsa::pkcs8::{DecodePrivateKey, EncodePrivateKey};
 
@@ -40,6 +40,23 @@ impl PrivateKey {
     ) -> Result<String, Error> {
         Ok(Rsa::ps256().token(header, &claims, &self.key)?)
     }
+
+    pub fn validate_jwt_extract_claims(&self, token: &UntrustedToken) -> Result<JwtClaims, Error> {
+        // Verify signature
+        let token: Token<JwtClaims> = Rsa::ps256()
+            .validate_integrity(token, &self.key)
+            .map_err(Error::JwtValidation)?;
+
+        // Validate additional conditions
+        let time_options = TimeOptions::default();
+        token
+            .claims()
+            .validate_expiration(&time_options)
+            .map_err(Error::JwtValidation)?;
+
+        // Return claims
+        Ok(token.claims().custom.clone())
+    }
 }
 
 #[cfg(test)]

crates/jwt/src/lib.rs

@@ -12,3 +12,4 @@ pub use claims::JwtClaims;
 pub use error::Error;
 pub use key::generate;
 pub use key::{PrivateKey, PublicKey};
+pub use token::parse;