malpercio.dev / ezpds
An easy-to-host PDS on the ATProtocol, MacOS. Grandma-approved.
fork atom

fix(relay): address code review feedback for Phase 2

- [Issue 1]: Remove struct-level #[allow(dead_code)] from AppState and annotate only the two new fields (oauth_signing_keypair and dpop_nonces) individually to avoid suppressing warnings for unrelated fields

- [Issue 2]: Remove unnecessary #[allow(unused_imports)] annotation and the unused import of p256::elliptic_curve::sec1::ToEncodedPoint; the method to_encoded_point is available without explicit trait import

- [Issue 3]: Strengthen test assertions in store_and_retrieve_oauth_signing_key by replacing weak assert\!(\!is_empty()) checks with assert_eq\! using exact expected values for both public_key_jwk and private_key_encrypted

malpercio.dev c94bbb04 866dc58d

+4 -5
+2 -1
crates/relay/src/app.rs
··· 83 83 84 84 /// Shared application state cloned into every request handler via Axum's `State` extractor. 85 85 #[derive(Clone)] 86 - #[allow(dead_code)] 87 86 pub struct AppState { 88 87 pub config: Arc<Config>, 89 88 pub db: sqlx::SqlitePool, ··· 105 104 pub jwt_secret: [u8; 32], 106 105 /// Persistent ES256 keypair for signing OAuth access tokens. 107 106 /// Loaded at startup from `oauth_signing_key` table (or generated + stored on first boot). 107 + #[allow(dead_code)] 108 108 pub oauth_signing_keypair: OAuthSigningKey, 109 109 /// In-memory store for server-issued DPoP nonces. Shared across all token endpoint requests. 110 + #[allow(dead_code)] 110 111 pub dpop_nonces: DpopNonceStore, 111 112 } 112 113
-2
crates/relay/src/auth/mod.rs
··· 10 10 use sha2::{Digest, Sha256}; 11 11 12 12 use crate::app::AppState; 13 - #[allow(unused_imports)] 14 - use p256::elliptic_curve::sec1::ToEncodedPoint; 15 13 use p256::pkcs8::EncodePrivateKey; 16 14 use sqlx::SqlitePool; 17 15 use std::collections::HashMap;
+2 -2
crates/relay/src/db/oauth.rs
··· 312 312 .expect("key should exist after storage"); 313 313 314 314 assert_eq!(row.id, "test-key-uuid-01"); 315 - assert!(!row.public_key_jwk.is_empty()); 316 - assert!(!row.private_key_encrypted.is_empty()); 315 + assert_eq!(row.public_key_jwk, r#"{"kty":"EC","crv":"P-256","x":"abc","y":"def","kid":"test-key-uuid-01"}"#); 316 + assert_eq!(row.private_key_encrypted, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"); 317 317 } 318 318 319 319 #[tokio::test]