docs: Neaten up docstrings

Author: sidrubs

src/crypto/hmac.rs

@@ -1,3 +1,6 @@
+//! Implementations of the [`JwtSigner`] and [`JwtVerifier`] traits for the
+//! HMAC family of algorithms.
+
 use base64::{engine::general_purpose::STANDARD, Engine};
 use hmac::{Hmac, Mac};
 use sha2::{Sha256, Sha384, Sha512};
@@ -12,8 +15,9 @@ type HmacSha256 = Hmac<Sha256>;
 type HmacSha384 = Hmac<Sha384>;
 type HmacSha512 = Hmac<Sha512>;
 
+/// The shared secret used for the HMAC family of algorithms.
 #[derive(Debug)]
-pub(crate) struct HmacSecret(Vec<u8>);
+pub struct HmacSecret(Vec<u8>);
 
 impl HmacSecret {
     /// If you're using an HMAC secret that is not base64, use that.

src/crypto/mod.rs

@@ -1,12 +1,13 @@
+//! The cryptography of the `jsonwebtoken` crate is decoupled behind
+//! [`JwtSigner`] and [`JwtVerifier`] traits. These make use of `RustCrypto`'s
+//! [`Signer`] and [`Verifier`] traits respectively.
+
 use crate::algorithms::Algorithm;
-// use crate::decoding::{DecodingKey, DecodingKeyKind};
-// use crate::encoding::EncodingKey;
-// use crate::errors::Result;
 
-pub(crate) mod ecdsa;
-pub(crate) mod eddsa;
+// pub(crate) mod ecdsa;
+// pub(crate) mod eddsa;
 pub(crate) mod hmac;
-pub(crate) mod rsa;
+// pub(crate) mod rsa;
 
 use signature::{Signer, Verifier};
 
@@ -25,61 +26,3 @@ pub trait JwtVerifier: Verifier<Vec<u8>> {
     /// Return the [`Algorithm`] corresponding to the signing module.
     fn algorithm(&self) -> Algorithm;
 }
-
-// /// Take the payload of a JWT, sign it using the algorithm given and return
-// /// the base64 url safe encoded of the result.
-// ///
-// /// If you just want to encode a JWT, use `encode` instead.
-// pub fn sign(message: &[u8], key: &EncodingKey, algorithm: Algorithm) -> Result<String> {
-//     match algorithm {
-//         Algorithm::ES256 | Algorithm::ES384 => ecdsa::sign(algorithm, key.inner(), message),
-//         Algorithm::EdDSA => eddsa::sign(key.inner(), message),
-//         Algorithm::HS256 | Algorithm::HS384 | Algorithm::HS512 => {
-//             hmac::sign_hmac(algorithm, key.inner(), message)
-//         }
-//         Algorithm::RS256
-//         | Algorithm::RS384
-//         | Algorithm::RS512
-//         | Algorithm::PS256
-//         | Algorithm::PS384
-//         | Algorithm::PS512 => rsa::sign(algorithm, key.inner(), message),
-//     }
-// }
-
-// /// Compares the signature given with a re-computed signature for HMAC or using the public key
-// /// for RSA/EC.
-// ///
-// /// If you just want to decode a JWT, use `decode` instead.
-// ///
-// /// `signature` is the signature part of a jwt (text after the second '.')
-// ///
-// /// `message` is base64(header) + "." + base64(claims)
-// pub fn verify(
-//     signature: &str,
-//     message: &[u8],
-//     key: &DecodingKey,
-//     algorithm: Algorithm,
-// ) -> Result<bool> {
-//     match algorithm {
-//         Algorithm::HS256 | Algorithm::HS384 | Algorithm::HS512 => {
-//             hmac::hmac_verify(algorithm, signature, key.as_bytes(), message)
-//         }
-//         Algorithm::ES256 | Algorithm::ES384 => {
-//             ecdsa::verify(algorithm, signature, message, key.as_bytes())
-//         }
-//         Algorithm::EdDSA => eddsa::verify(signature, message, key.as_bytes()),
-//         Algorithm::RS256
-//         | Algorithm::RS384
-//         | Algorithm::RS512
-//         | Algorithm::PS256
-//         | Algorithm::PS384
-//         | Algorithm::PS512 => match &key.kind {
-//             DecodingKeyKind::SecretOrDer(bytes) => {
-//                 rsa::verify_der(algorithm, signature, message, bytes)
-//             }
-//             DecodingKeyKind::RsaModulusExponent { n, e } => {
-//                 rsa::verify_from_components(algorithm, signature, message, (n, e))
-//             }
-//         },
-//     }
-// }

src/decoding.rs

@@ -194,13 +194,6 @@ impl DecodingKey {
             }
         }
     }
-
-    pub(crate) fn as_bytes(&self) -> &[u8] {
-        match &self.kind {
-            DecodingKeyKind::SecretOrDer(b) => b,
-            DecodingKeyKind::RsaModulusExponent { .. } => unreachable!(),
-        }
-    }
 }
 
 /// Decode and validate a JWT
@@ -238,6 +231,7 @@ pub fn decode<T: DeserializeOwned>(
     decoder.decode(token)
 }
 
+/// Return the correct decoder based on the `algorithm`.
 fn decoder_factory(algorithm: &Algorithm, key: &DecodingKey) -> Result<JwtDecoder> {
     let jwt_encoder = match algorithm {
         Algorithm::HS256 => JwtDecoder::hs_256(key.try_into()?)?,
@@ -287,26 +281,64 @@ pub fn decode_header(token: &str) -> Result<Header> {
     Header::from_encoded(header)
 }
 
-/// Todo
+/// A builder style JWT decoder
+///
+/// # Examples
+///
+/// ```
+/// use jsonwebtoken::{JwtDecoder, HmacSecret};
+/// use serde::{Serialize, Deserialize};
+///
+/// #[derive(Debug, Serialize, Deserialize)]
+/// struct Claims {
+///    sub: String,
+///    company: String,
+///    exp: usize,
+/// }
+///
+/// let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUiLCJleHAiOjI1MzI1MjQ4OTF9.9r56oF7ZliOBlOAyiOFperTGxBtPykRQiWNFxhDCW98";
+///
+/// let hmac_secret = HmacSecret::from_secret(b"secret");
+///
+/// let claims = JwtDecoder::hs_256(hmac_secret)
+///     .unwrap()
+///     .decode::<Claims>(&token)
+///     .unwrap();
+/// ```
 pub struct JwtDecoder {
     verifying_provider: Box<dyn JwtVerifier>,
     validation: Validation,
 }
 
 impl JwtDecoder {
-    /// Todo
+    /// Create a new [`JwtDecoder`] with any `verifying_provider` that implements the [`JwtVerifier`] trait.
     pub fn from_verifier<V: JwtVerifier + 'static>(verifying_provider: V) -> Self {
         Self::from_boxed_verifiyer(Box::new(verifying_provider))
     }
 
-    /// Todo
+    /// Create a new [`JwtDecoder`] with any `verifying_provider` implements the [`JwtVerifier`] trait.
     pub fn from_boxed_verifiyer(verifying_provider: Box<dyn JwtVerifier>) -> Self {
         let validation = Validation::new(verifying_provider.algorithm());
 
         Self { verifying_provider, validation }
     }
 
-    /// Todo
+    /// Provide custom a custom validation configuration.
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use jsonwebtoken::{JwtDecoder, HmacSecret, Validation, Algorithm};
+    ///
+    /// let hmac_secret = HmacSecret::from_secret(b"secret");
+    /// let mut validation = Validation::new(Algorithm::HS256);
+    /// validation.leeway = 5;
+    ///
+    /// let jwt_decoder = JwtDecoder::hs_256(hmac_secret)
+    ///     .unwrap()
+    ///     .with_validation(&validation)
+    ///     .unwrap();
+    /// ```
     pub fn with_validation(mut self, validation: &Validation) -> Result<Self> {
         // Check that the validation contains the correct algorithm
         if validation.validate_signature
@@ -319,7 +351,7 @@ impl JwtDecoder {
         Ok(self)
     }
 
-    /// Todo
+    /// Decode and verify a JWT `token` using the `verifying_provider` and `validation` of the [`JwtDecoder`]
     pub fn decode<T: DeserializeOwned>(&self, token: &str) -> Result<TokenData<T>> {
         let (header, claims) = self.verify_signature(token)?;
 

src/encoding.rs

@@ -2,7 +2,7 @@ use base64::{engine::general_purpose::STANDARD, Engine};
 use serde::ser::Serialize;
 
 use crate::algorithms::AlgorithmFamily;
-use crate::crypto::hmac::{HmacSecret, Hs256, Hs384};
+use crate::crypto::hmac::{HmacSecret, Hs256, Hs384, Hs512};
 use crate::crypto::JwtSigner;
 use crate::errors::{new_error, ErrorKind, Result};
 use crate::header::Header;
@@ -130,12 +130,12 @@ pub fn encode<T: Serialize>(header: &Header, claims: &T, key: &EncodingKey) -> R
     jwt_encoder.encode(claims)
 }
 
+/// Return the correct [`JwtEncoder`] based on the `algorithm`.
 fn encoder_factory(algorithm: &Algorithm, key: &EncodingKey) -> Result<JwtEncoder> {
     let jwt_encoder = match algorithm {
-        // Todo: Need to implement `TryInto<HmacSecret> for &EncodingKey`
-        Algorithm::HS256 => JwtEncoder::hs_256(HmacSecret::from_secret(&key.content))?,
-        Algorithm::HS384 => JwtEncoder::hs_384(HmacSecret::from_secret(&key.content))?,
-        Algorithm::HS512 => todo!(),
+        Algorithm::HS256 => JwtEncoder::hs_256(key.into())?,
+        Algorithm::HS384 => JwtEncoder::hs_384(key.into())?,
+        Algorithm::HS512 => JwtEncoder::hs_512(key.into())?,
         Algorithm::ES256 => todo!(),
         Algorithm::ES384 => todo!(),
         Algorithm::RS256 => todo!(),
@@ -150,21 +150,51 @@ fn encoder_factory(algorithm: &Algorithm, key: &EncodingKey) -> Result<JwtEncode
     Ok(jwt_encoder)
 }
 
-/// # Todo
+/// Convert an [`&EncodingKey`] to an [`HmacSecret`].
+impl From<&EncodingKey> for HmacSecret {
+    fn from(key: &EncodingKey) -> Self {
+        HmacSecret::from_secret(&key.content)
+    }
+}
+
+/// A builder style JWT encoder.
+///
+/// # Examples
+///
+/// ```
+/// use serde::{Deserialize, Serialize};
+/// use jsonwebtoken::{JwtEncoder, HmacSecret};
+///
+/// #[derive(Debug, Serialize, Deserialize)]
+/// struct Claims {
+///    sub: String,
+///    company: String
+/// }
+///
+/// let my_claims = Claims {
+///     sub: "b@b.com".to_owned(),
+///     company: "ACME".to_owned()
+/// };
 ///
-/// - Documentation
+/// let hmac_secret = HmacSecret::from_secret(b"secret");
+///
+/// let token = JwtEncoder::hs_256(hmac_secret)
+///     .unwrap()
+///     .encode(&my_claims)
+///     .unwrap();
+/// ```
 pub struct JwtEncoder {
     signing_provider: Box<dyn JwtSigner>,
     header: Header,
 }
 
 impl JwtEncoder {
-    /// Todo
+    /// Create a new [`JwtEncoder`] with any `signing_provider` that implements the [`JwtSigner`] trait.
     pub fn from_signer<S: JwtSigner + 'static>(signing_provider: S) -> Self {
         Self::from_boxed_signer(Box::new(signing_provider))
     }
 
-    /// Create a new [`JwtEncoder`] with any crypto provider that implements the [`CryptoProvider`] trait.
+    /// Create a new [`JwtEncoder`] with any `signing_provider` that implements the [`JwtSigner`] trait.
     pub fn from_boxed_signer(signing_provider: Box<dyn JwtSigner>) -> Self {
         // Determine a default header
         let mut header = Header::new(signing_provider.algorithm());
@@ -177,9 +207,34 @@ impl JwtEncoder {
     ///
     /// This would be used in the rare cases that fields other than `algorithm` and `type` need to be populated.
     ///
-    /// # Todo
+    /// # Examples
+    ///
+    /// ```
+    /// use serde::{Deserialize, Serialize};
+    /// use jsonwebtoken::{JwtEncoder, HmacSecret, Header, Algorithm};
+    ///
+    /// #[derive(Debug, Serialize, Deserialize)]
+    /// struct Claims {
+    ///    sub: String,
+    ///    company: String
+    /// }
+    ///
+    /// let my_claims = Claims {
+    ///     sub: "b@b.com".to_owned(),
+    ///     company: "ACME".to_owned()
+    /// };
     ///
-    /// - Test the the error checking works
+    /// let hmac_secret = HmacSecret::from_secret(b"secret");
+    /// let mut header = Header::new(Algorithm::HS256);
+    /// header.cty = Some("content-type".to_owned());
+    ///
+    /// let token = JwtEncoder::hs_256(hmac_secret)
+    ///     .unwrap()
+    ///     .with_header(&header)
+    ///     .unwrap()
+    ///     .encode(&my_claims)
+    ///     .unwrap();
+    /// ```
     pub fn with_header(mut self, header: &Header) -> Result<Self> {
         // Check that the header makes use of the correct algorithm
         if header.alg != self.signing_provider.algorithm() {
@@ -190,11 +245,7 @@ impl JwtEncoder {
         Ok(self)
     }
 
-    /// Encode and sign the `claims` as a JWT.
-    ///
-    /// # Todo
-    ///
-    /// - Put in example usage.
+    /// Encode and sign the `claims` as a JWT using the `signing_provider` of the [`JwtEncoder`].
     pub fn encode<T: Serialize>(&self, claims: &T) -> Result<String> {
         let encoded_header = b64_encode_part(&self.header)?;
         let encoded_claims = b64_encode_part(claims)?;
@@ -218,4 +269,11 @@ impl JwtEncoder {
 
         Ok(JwtEncoder::from_boxed_signer(signing_provider))
     }
+
+    /// Create new [`JwtEncoder`] with the `HS512` algorithm.
+    pub fn hs_512(secret: HmacSecret) -> Result<JwtEncoder> {
+        let signing_provider = Box::new(Hs512::new(secret)?);
+
+        Ok(JwtEncoder::from_boxed_signer(signing_provider))
+    }
 }

src/lib.rs

@@ -4,8 +4,9 @@
 #![deny(missing_docs)]
 
 pub use algorithms::Algorithm;
-pub use decoding::{decode, decode_header, DecodingKey, TokenData};
-pub use encoding::{encode, EncodingKey};
+pub use crypto::hmac::HmacSecret;
+pub use decoding::{decode, decode_header, DecodingKey, JwtDecoder, TokenData};
+pub use encoding::{encode, EncodingKey, JwtEncoder};
 pub use header::Header;
 pub use validation::{get_current_timestamp, Validation};