update: using akm

Cargo.toml

@@ -4,18 +4,18 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-axum = { version = "0.8.1", features = ["multipart", "macros"] }
-axum-extra = { version = "0.10.0", features = ["cookie-private"] }
+axum = { version = "0.8.4", features = ["multipart", "macros"] }
+axum-extra = { version = "0.10.1", features = ["cookie-private"] }
 base64 = "0.22.1"
-color-eyre = "0.6.3"
-http = "1.2.0"
+color-eyre = "0.6.5"
+http = "1.3.1"
 pct-str = "2.0.0"
-rand = "0.8.5"
-reqwest = { version = "0.12.12", features = ["json", "default-tls"] }
-serde = { version = "1.0.217", features = ["derive"] }
-serde_json = "1.0.135"
-time = "0.3.37"
-tokio = { version = "1.43.0", features = ["full"] }
-tower-http = { version = "0.6.2", features = ["trace"] }
+rand = "0.9.2"
+reqwest = { version = "0.12.22", features = ["json", "default-tls"] }
+serde = { version = "1.0.219", features = ["derive"] }
+serde_json = "1.0.142"
+time = "0.3.41"
+tokio = { version = "1.47.1", features = ["full"] }
+tower-http = { version = "0.6.6", features = ["trace"] }
 tracing = "0.1.41"
 tracing-subscriber = "0.3.19"

src/main.rs

@@ -17,7 +17,7 @@ use axum::{
     Router,
 };
 use axum_extra::extract::{
-    cookie::{Cookie, Key, SameSite},
+    cookie::{Cookie, Key},
     PrivateCookieJar,
 };
 use base64::Engine;
@@ -67,28 +67,34 @@ async fn main() {
         .with_max_level(tracing::Level::DEBUG)
         .init();
     let local = tokio::task::LocalSet::new();
+    let http = reqwest::ClientBuilder::new()
+            // Following redirects opens the client up to SSRF vulnerabilities.
+            .redirect(reqwest::redirect::Policy::none())
+            .user_agent("FFTManager/1.0")
+            .tls_info(true)
+            .min_tls_version(Version::TLS_1_0)
+            .max_tls_version(Version::TLS_1_2)
+            .build()
+            .expect("Client should build");
+    let akm_endpoint =  unwrap_env!("M42_AKM_ENDPOINT");
+    let akm_secret = unwrap_env!("M42_AKM_SECRET");
+    let client_id = unwrap_env!("M42_CLIENT_ID");
+    let cookie_secret = unwrap_env!("M42_COOKIE_SECRET");
     local
         .run_until(async {
-            // initialize tracing
-            let http = reqwest::ClientBuilder::new()
-                // Following redirects opens the client up to SSRF vulnerabilities.
-                .redirect(reqwest::redirect::Policy::none())
-                .user_agent("FFTManager/1.0")
-                .tls_info(true)
-                .min_tls_version(Version::TLS_1_0)
-                .max_tls_version(Version::TLS_1_2)
-                .build()
-                .expect("Client should build");
+            let res = http.put(akm_endpoint).body(akm_secret).send().await.expect("Failed to fetch secret");
+            let res_status = res.status();
+            let body = res.text().await.expect("Failed to fetch secret: .text()");
+            assert_eq!(res_status, reqwest::StatusCode::OK, "res.status != OK: {body}");
 
-            let cookie_secret = unwrap_env!("M42_COOKIE_SECRET");
             let base64_value = base64::engine::general_purpose::URL_SAFE
                 .decode(cookie_secret)
                 .unwrap();
             let key: Key = Key::from(&base64_value);
             let oauth = oauth2::OauthClient::new(
                 http.clone(),
-                unwrap_env!("M42_CLIENT_ID"),
-                unwrap_env!("M42_CLIENT_SECRET"),
+                client_id,
+                body,
                 "https://fft.maix.me/manager/auth/callback",
             )
             .await