Skip to content

Commit 91b763f

Browse files
committed
trustpub/exchange: Save JWT claims subset in the trustpub_data column
1 parent be5f0a0 commit 91b763f

File tree

2 files changed

+10
-2
lines changed
  • crates/crates_io_trustpub/src/github
  • src/controllers/trustpub/tokens/exchange

2 files changed

+10
-2
lines changed

crates/crates_io_trustpub/src/github/claims.rs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,8 @@ pub struct GitHubClaims {
2525
pub repository: String,
2626
pub workflow_ref: String,
2727
pub environment: Option<String>,
28+
pub run_id: String,
29+
pub sha: String,
2830
}
2931

3032
impl GitHubClaims {

src/controllers/trustpub/tokens/exchange/mod.rs

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ use super::json;
22
use crate::app::AppState;
33
use crate::util::errors::{AppResult, bad_request, server_error};
44
use axum::Json;
5-
use crates_io_database::models::trustpub::{NewToken, NewUsedJti};
5+
use crates_io_database::models::trustpub::{NewToken, NewUsedJti, TrustpubData};
66
use crates_io_database::schema::trustpub_configs_github;
77
use crates_io_diesel_helpers::lower;
88
use crates_io_trustpub::access_token::AccessToken;
@@ -130,11 +130,17 @@ pub async fn exchange_trustpub_token(
130130

131131
let new_token = AccessToken::generate();
132132

133+
let trustpub_data = TrustpubData::GitHub {
134+
repository: signed_claims.repository,
135+
run_id: signed_claims.run_id,
136+
sha: signed_claims.sha,
137+
};
138+
133139
let new_token_model = NewToken {
134140
expires_at: chrono::Utc::now() + chrono::Duration::minutes(30),
135141
hashed_token: &new_token.sha256(),
136142
crate_ids: &crate_ids,
137-
trustpub_data: None,
143+
trustpub_data: Some(&trustpub_data),
138144
};
139145

140146
new_token_model.insert(conn).await?;

0 commit comments

Comments
 (0)