From e04e8ceeeb5d81d20d1662e563b49765bd825dca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hannes=20K=C3=B6rber?= <hannes@hkoerber.de>
Date: Sat, 28 May 2022 22:20:53 +0200
Subject: [PATCH] Use opaque type for auth token

So we cannot accidentially output it, as it does not implement
`Display`.
---
 src/auth.rs            | 14 ++++++++++++--
 src/provider/github.rs | 10 +++++-----
 src/provider/gitlab.rs | 10 +++++-----
 src/provider/mod.rs    | 13 ++++++-------
 4 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/src/auth.rs b/src/auth.rs
index d4a79a7..7c1490b 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -1,6 +1,16 @@
 use std::process;
 
-pub fn get_token_from_command(command: &str) -> Result<String, String> {
+#[derive(Clone)]
+pub struct AuthToken(String);
+
+impl AuthToken {
+    pub fn access(&self) -> &str {
+        &self.0
+    }
+
+}
+
+pub fn get_token_from_command(command: &str) -> Result<AuthToken, String> {
     let output = process::Command::new("/usr/bin/env")
         .arg("sh")
         .arg("-c")
@@ -32,5 +42,5 @@ pub fn get_token_from_command(command: &str) -> Result<String, String> {
         .next()
         .ok_or_else(|| String::from("Output did not contain any newline"))?;
 
-    Ok(token.to_string())
+    Ok(AuthToken(token.to_string()))
 }
diff --git a/src/provider/github.rs b/src/provider/github.rs
index e721ca3..8c05c53 100644
--- a/src/provider/github.rs
+++ b/src/provider/github.rs
@@ -6,7 +6,7 @@ use super::Filter;
 use super::JsonError;
 use super::Project;
 use super::Provider;
-use super::SecretToken;
+use super::auth;
 
 const PROVIDER_NAME: &str = "github";
 const ACCEPT_HEADER_JSON: &str = "application/vnd.github.v3+json";
@@ -67,7 +67,7 @@ impl JsonError for GithubApiErrorResponse {
 
 pub struct Github {
     filter: Filter,
-    secret_token: SecretToken,
+    secret_token: auth::AuthToken,
 }
 
 impl Provider for Github {
@@ -76,7 +76,7 @@ impl Provider for Github {
 
     fn new(
         filter: Filter,
-        secret_token: SecretToken,
+        secret_token: auth::AuthToken,
         api_url_override: Option<String>,
     ) -> Result<Self, String> {
         if api_url_override.is_some() {
@@ -96,8 +96,8 @@ impl Provider for Github {
         self.filter.clone()
     }
 
-    fn secret_token(&self) -> SecretToken {
-        self.secret_token.clone()
+    fn secret_token(&self) -> &auth::AuthToken {
+        &self.secret_token
     }
 
     fn auth_header_key() -> String {
diff --git a/src/provider/gitlab.rs b/src/provider/gitlab.rs
index 4f9853e..bbbfa99 100644
--- a/src/provider/gitlab.rs
+++ b/src/provider/gitlab.rs
@@ -6,7 +6,7 @@ use super::Filter;
 use super::JsonError;
 use super::Project;
 use super::Provider;
-use super::SecretToken;
+use super::auth;
 
 const PROVIDER_NAME: &str = "gitlab";
 const ACCEPT_HEADER_JSON: &str = "application/json";
@@ -75,7 +75,7 @@ impl JsonError for GitlabApiErrorResponse {
 
 pub struct Gitlab {
     filter: Filter,
-    secret_token: SecretToken,
+    secret_token: auth::AuthToken,
     api_url_override: Option<String>,
 }
 
@@ -95,7 +95,7 @@ impl Provider for Gitlab {
 
     fn new(
         filter: Filter,
-        secret_token: SecretToken,
+        secret_token: auth::AuthToken,
         api_url_override: Option<String>,
     ) -> Result<Self, String> {
         Ok(Self {
@@ -113,8 +113,8 @@ impl Provider for Gitlab {
         self.filter.clone()
     }
 
-    fn secret_token(&self) -> SecretToken {
-        self.secret_token.clone()
+    fn secret_token(&self) -> &auth::AuthToken {
+        &self.secret_token
     }
 
     fn auth_header_key() -> String {
diff --git a/src/provider/mod.rs b/src/provider/mod.rs
index edfc74d..27c1e29 100644
--- a/src/provider/mod.rs
+++ b/src/provider/mod.rs
@@ -10,6 +10,7 @@ pub use github::Github;
 pub use gitlab::Gitlab;
 
 use super::repo;
+use super::auth;
 
 use std::collections::HashMap;
 
@@ -69,8 +70,6 @@ pub trait Project {
     fn private(&self) -> bool;
 }
 
-type SecretToken = String;
-
 #[derive(Clone)]
 pub struct Filter {
     users: Vec<String>,
@@ -117,7 +116,7 @@ pub trait Provider {
 
     fn new(
         filter: Filter,
-        secret_token: SecretToken,
+        secret_token: auth::AuthToken,
         api_url_override: Option<String>,
     ) -> Result<Self, String>
     where
@@ -125,7 +124,7 @@ pub trait Provider {
 
     fn name(&self) -> String;
     fn filter(&self) -> Filter;
-    fn secret_token(&self) -> SecretToken;
+    fn secret_token(&self) -> &auth::AuthToken;
     fn auth_header_key() -> String;
 
     fn get_user_projects(
@@ -167,7 +166,7 @@ pub trait Provider {
             .header("accept", accept_header.unwrap_or("application/json"))
             .header(
                 "authorization",
-                format!("{} {}", Self::auth_header_key(), &self.secret_token()),
+                format!("{} {}", Self::auth_header_key(), &self.secret_token().access()),
             )
             .body(())
             .map_err(|error| error.to_string())?;
@@ -308,7 +307,7 @@ pub trait Provider {
 fn call<T, U>(
     uri: &str,
     auth_header_key: &str,
-    secret_token: &str,
+    secret_token: &auth::AuthToken,
     accept_header: Option<&str>,
 ) -> Result<T, ApiErrorResponse<U>>
 where
@@ -322,7 +321,7 @@ where
         .header("accept", accept_header.unwrap_or("application/json"))
         .header(
             "authorization",
-            format!("{} {}", &auth_header_key, &secret_token),
+            format!("{} {}", &auth_header_key, &secret_token.access()),
         )
         .body(())
         .map_err(|error| ApiErrorResponse::String(error.to_string()))?;