🐛 Fix breaking changes in actix, secrery::Secret -> secrey::SecretBox

Author: t-edzuka

src/authentication/middleware.rs

@@ -3,8 +3,8 @@ use crate::utils::{e500, see_other};
 use actix_web::body::MessageBody;
 use actix_web::dev::{ServiceRequest, ServiceResponse};
 use actix_web::error::InternalError;
+use actix_web::middleware::Next;
 use actix_web::{FromRequest, HttpMessage};
-use actix_web_lab::middleware::Next;
 use std::fmt::Display;
 use std::ops::Deref;
 use uuid::Uuid;

src/authentication/password.rs

@@ -2,7 +2,7 @@ use crate::telemetry::spawn_blocking_with_tracing;
 use anyhow::Context;
 
 use argon2::{Algorithm, Argon2, Params, PasswordHash, PasswordHasher, PasswordVerifier, Version};
-use secrecy::{ExposeSecret, Secret};
+use secrecy::{ExposeSecret, SecretString};
 use sqlx::PgPool;
 
 use argon2::password_hash::SaltString;
@@ -19,7 +19,7 @@ pub enum AuthError {
 // This user input maps this struct, which is commonly called DTO: Data Transfer Object.
 pub struct Credentials {
     pub username: String,
-    pub password: Secret<String>,
+    pub password: SecretString,
 }
 
 #[tracing::instrument(name = "Validate credentials", skip(credentials, pool))]
@@ -29,12 +29,11 @@ pub async fn validate_credentials(
 ) -> Result<Uuid, AuthError> {
     // These two lines are for forcing calculating hash in blocking task.
     let mut user_id = None;
-    let mut expected_password_hash = Secret::new(
+    let mut expected_password_hash = SecretString::new(Box::from(
         "$argon2id$v=19$m=15000,t=2,p=1$\
         gZiV/M1gPc22ElAH/Jh1Hw$\
-        CWOrkoo7oJBQ/iyh7uJ0LO2aLEfrHwTWllSAxT0zRno"
-            .to_string(),
-    );
+        CWOrkoo7oJBQ/iyh7uJ0LO2aLEfrHwTWllSAxT0zRno",
+    ));
 
     // Fetch user information from the database
     if let Some((stored_user_id, stored_hash_password)) =
@@ -60,8 +59,8 @@ pub async fn validate_credentials(
     skip(expected_password_hash, password_candidate)
 )]
 fn verify_password_hash(
-    expected_password_hash: Secret<String>,
-    password_candidate: Secret<String>,
+    expected_password_hash: SecretString,
+    password_candidate: SecretString,
 ) -> Result<(), AuthError> {
     // Calculate the password hash by using the password_hash stored in the database, following PHC string format.
     let expected_password_hash = PasswordHash::new(expected_password_hash.expose_secret())
@@ -81,7 +80,7 @@ fn verify_password_hash(
 pub async fn get_stored_credentials(
     credentials: &Credentials,
     pool: &PgPool,
-) -> Result<Option<(Uuid, Secret<String>)>, anyhow::Error> {
+) -> Result<Option<(Uuid, SecretString)>, anyhow::Error> {
     let q = sqlx::query!(
         r#"
         SELECT user_id, password_hash
@@ -95,7 +94,7 @@ pub async fn get_stored_credentials(
         .fetch_optional(pool)
         .await
         .context("Failed to perform query to validate auth credentials.")?
-        .map(|row| (row.user_id, Secret::new(row.password_hash)));
+        .map(|row| (row.user_id, SecretString::new(Box::from(row.password_hash))));
     Ok(row)
 }
 
@@ -122,7 +121,7 @@ pub async fn change_password_in_db(
     Ok(())
 }
 
-fn compute_password_hash(password: Password) -> Result<Secret<String>, anyhow::Error> {
+fn compute_password_hash(password: Password) -> Result<SecretString, anyhow::Error> {
     // 1. Generate random salt
     let salt = SaltString::generate(&mut rand::thread_rng());
     // 2. Argon2 algorithm.
@@ -134,11 +133,11 @@ fn compute_password_hash(password: Password) -> Result<Secret<String>, anyhow::E
     .hash_password(password.expose_secret().as_bytes(), &salt)?
     .to_string();
 
-    Ok(Secret::new(password_hash))
+    Ok(SecretString::new(Box::from(password_hash)))
 }
 
 #[derive(Clone)]
-pub struct Password(Secret<String>);
+pub struct Password(SecretString);
 
 impl Password {
     /// # OWASP’s a minimum set of requirements for password
@@ -163,14 +162,14 @@ impl Password {
             ));
         }
 
-        Ok(Password(Secret::new(s)))
+        Ok(Password(SecretString::new(Box::from(s))))
     }
 
-    pub fn inner_ref(&self) -> &Secret<String> {
+    pub fn inner_ref(&self) -> &SecretString {
         &self.0
     }
 
-    pub fn expose_secret(&self) -> String {
-        self.0.expose_secret().clone()
+    pub fn expose_secret(&self) -> &str {
+        self.0.expose_secret()
     }
 }

src/configuration.rs

@@ -1,4 +1,4 @@
-use secrecy::{ExposeSecret, Secret};
+use secrecy::{ExposeSecret, SecretString};
 use serde::Deserialize;
 use serde_aux::field_attributes::deserialize_number_from_string;
 use sqlx::postgres::{PgConnectOptions, PgSslMode};
@@ -16,7 +16,7 @@ pub struct Settings {
     pub database: DatabaseSettings,
     pub application: ApplicationSettings,
     pub email_client: EmailClientSettings,
-    pub redis_uri: Secret<String>,
+    pub redis_uri: SecretString,
 }
 
 #[derive(Deserialize, Clone)]
@@ -25,7 +25,7 @@ pub struct ApplicationSettings {
     #[serde(deserialize_with = "deserialize_number_from_string")]
     pub port: u16,
     pub base_url: String,
-    pub hmac_secret: Secret<String>,
+    pub hmac_secret: SecretString,
 }
 
 impl ApplicationSettings {
@@ -37,7 +37,7 @@ impl ApplicationSettings {
 #[derive(Deserialize, Clone)]
 pub struct DatabaseSettings {
     pub username: String,
-    pub password: Secret<String>,
+    pub password: SecretString,
     pub host: String,
     #[serde(deserialize_with = "deserialize_number_from_string")]
     pub port: u16,
@@ -62,15 +62,15 @@ impl DatabaseSettings {
 
     pub fn with_db(&self) -> PgConnectOptions {
         let opts = self.without_db().database(&self.database_name);
-        opts.log_statements(tracing_log::log::LevelFilter::Trace)
+        opts.log_statements(log::LevelFilter::Trace)
     }
 }
 
 #[derive(Deserialize, Clone)]
 pub struct EmailClientSettings {
     pub base_url: String,
     pub sender_email: String,
-    pub authorization_token: Secret<String>,
+    pub authorization_token: SecretString,
     pub timeout_milliseconds: u64,
 }
 

src/email_client.rs

@@ -1,4 +1,4 @@
-use secrecy::{ExposeSecret, Secret};
+use secrecy::{ExposeSecret, SecretString};
 use serde::Serialize;
 
 use crate::domain::SubscriberEmail;
@@ -11,14 +11,14 @@ pub struct EmailClient {
     // ? SubscriberEmail is a domain type, so why is it used here?
     base_url: String,
     // external service url to send email
-    authorization_token: Secret<String>,
+    authorization_token: SecretString,
 }
 
 impl EmailClient {
     pub fn new(
         base_url: String,
         sender: SubscriberEmail,
-        authorization_token: Secret<String>,
+        authorization_token: SecretString,
         time_out: std::time::Duration,
     ) -> Self {
         let http_client = reqwest::Client::builder()
@@ -102,7 +102,7 @@ mod tests {
     use fake::faker::internet::en::SafeEmail;
     use fake::faker::lorem::en::{Paragraph, Sentence};
     use fake::{Fake, Faker};
-    use secrecy::Secret;
+    use secrecy::SecretString;
     use wiremock::http::Method;
     use wiremock::matchers::{any, header, header_exists, method, path};
     use wiremock::{Mock, MockServer, Request, ResponseTemplate};
@@ -128,8 +128,8 @@ mod tests {
         SubscriberEmail::parse(SafeEmail().fake()).unwrap()
     }
 
-    fn authorization_token() -> Secret<String> {
-        Secret::new(Faker.fake())
+    fn authorization_token() -> SecretString {
+        SecretString::new(Box::from(Faker.fake::<String>()))
     }
 
     fn subject() -> String {

src/routes/admin/password/post.rs

@@ -6,15 +6,15 @@ use crate::routes::admin::dashboard::get_username;
 use crate::utils::{e500, see_other};
 use actix_web::{web, HttpResponse};
 use actix_web_flash_messages::FlashMessage;
-use secrecy::{ExposeSecret, Secret};
+use secrecy::{ExposeSecret, SecretBox};
 use serde::Deserialize;
 use sqlx::PgPool;
 
 #[derive(Deserialize)]
 pub struct FormData {
-    current_password: Secret<String>,
-    new_password: Secret<String>,
-    new_password_check: Secret<String>,
+    current_password: SecretBox<String>,
+    new_password: SecretBox<String>,
+    new_password_check: SecretBox<String>,
 }
 
 struct ValidPasswords {

src/routes/login/post.rs

@@ -3,7 +3,7 @@ use actix_web::http::header::LOCATION;
 use actix_web::http::StatusCode;
 use actix_web::{web, HttpResponse, ResponseError};
 use actix_web_flash_messages::FlashMessage;
-use secrecy::Secret;
+use secrecy::SecretString;
 use serde::Deserialize;
 use sqlx::PgPool;
 use std::fmt::{Debug, Formatter};
@@ -15,7 +15,7 @@ use crate::session_state::TypedSession;
 #[derive(Deserialize)]
 pub struct FormData {
     username: String,
-    password: Secret<String>,
+    password: SecretString,
 }
 
 #[derive(thiserror::Error)]

src/startup.rs

@@ -5,11 +5,12 @@ use std::net::TcpListener;
 use crate::authentication::reject_anonymous_user;
 use actix_web::cookie::Key;
 use actix_web::dev::Server;
+use actix_web::middleware::from_fn;
 use actix_web::{web, App, HttpServer};
 use actix_web_flash_messages::storage::CookieMessageStore;
 use actix_web_flash_messages::FlashMessagesFramework;
-use actix_web_lab::middleware::from_fn;
-use secrecy::{ExposeSecret, Secret};
+use secrecy::{ExposeSecret, SecretString};
+
 use sqlx::postgres::PgPoolOptions;
 use sqlx::PgPool;
 use tracing_actix_web::TracingLogger;
@@ -33,7 +34,10 @@ impl Application {
 
         let email_client = configuration.email_client.client();
         let listener = TcpListener::bind(configuration.application.addr())?;
-        let port = listener.local_addr().unwrap().port();
+        let port = listener
+            .local_addr()
+            .expect("Failed to get local address")
+            .port();
         let server = run(
             listener,
             connection_pool,
@@ -60,7 +64,7 @@ impl Application {
 pub struct ApplicationBaseUrl(pub String);
 
 #[derive(Clone)]
-pub struct HmacSecret(pub Secret<String>);
+pub struct HmacSecret(pub SecretString);
 
 pub fn get_connection_pool(database_settings: &DatabaseSettings) -> PgPool {
     PgPoolOptions::new()
@@ -73,8 +77,8 @@ pub async fn run(
     db_pool: PgPool,
     email_client: EmailClient,
     base_url: String,
-    hmac_secret: Secret<String>,
-    redis_uri: Secret<String>,
+    hmac_secret: SecretString,
+    redis_uri: SecretString,
 ) -> Result<Server, anyhow::Error> {
     let connection = web::Data::new(db_pool);
     let email_client = web::Data::new(email_client);