0.11.0-rc.1: added the TokenCache trait to make authentication configurable

Author: ThouCheese

CHANGELOG.md

@@ -8,3 +8,6 @@ shepmaster. Big thanks!
 Small fix to the public interface of `sync::ObjectClient` that was not properly sync.
 Fix urlencoding url paths correctly in several places.
 Update cloud storage to use the new url, `www.googleapis.com` => `storage.googleapis.com`
+
+# 0.11
+@pseguin2011: Implemented a configurable authentication layer through the `TokenCache` trait.

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cloud-storage"
-version = "0.10.3"
+version = "0.11.0-rc.1"
 authors = ["Luuk Wester <luuk.wester@gmail.com>"]
 edition = "2018"
 description = "A crate for uploading files to Google cloud storage, and for generating download urls."
@@ -10,6 +10,7 @@ documentation = "https://docs.rs/cloud-storage"
 keywords = ["google", "cloud", "storage"]
 readme = "README.md"
 categories = ["api-bindings", "web-programming"]
+resolver = "2"
 # maintenance = { status = "actively-developed" }
 
 [features]
@@ -38,7 +39,10 @@ hex =              { version = "0.4",  default-features = false, features = ["al
 tokio =            { version = "1.0",  default-features = false, features = ["macros", "rt"] }
 futures =          { version = "0.3",  default_features = false, features = ["alloc"] }
 bytes =            { version = "1.0",  default-features = false }
-async-trait =      { version = "0.1.48", default_features = false }
+async-trait =      { version = "0.1.48", default-features = false }
+
+[dev-dependencies]
+tokio =            { version = "1.0",  default-features = false, features = ["full"] }
 
 [package.metadata.docs.rs]
 features = ["global-client", "sync"]

src/client.rs

@@ -19,17 +19,13 @@ pub use object::ObjectClient;
 pub use object_access_control::ObjectAccessControlClient;
 
 /// The primary entrypoint to perform operations with Google Cloud Storage.
-pub struct Client<R: TokenCache> {
+pub struct Client {
     client: reqwest::Client,
-
     /// Static `Token` struct that caches
-    token_cache: R,
+    token_cache: Box<dyn crate::TokenCache>,
 }
 
-impl<R> fmt::Debug for Client<R>
-where
-    R: TokenCache,
-{
+impl fmt::Debug for Client {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         f.debug_struct("Client")
             .field("client", &self.client)
@@ -38,61 +34,63 @@ where
     }
 }
 
-impl<T: TokenCache + Default> Default for Client<T> {
+impl Default for Client {
     fn default() -> Self {
         Self {
             client: Default::default(),
-            token_cache: T::default(),
+            token_cache: Box::new(crate::Token::default()),
         }
     }
 }
 
-impl<T: TokenCache + Default> Client<T> {
-    /// Constructs a client
+impl Client {
+    /// Constructs a client with the default token provider, where it attemps to obtain the
+    /// credentials from the following locations:
+    /// 
+    /// 1. Checks for the environment variable `SERVICE_ACCOUNT`, and if it exists, reads the file
+    /// at the path specified there as a credentials json file.
+    /// 2. It attemps to do the same with the `GOOGLE_APPLICATION_CREDENTIALS` var.
+    /// 3. It reads the `SERVICE_ACCOUNT_JSON` environment variable directly as json and uses that
+    /// 4.It attemps to do the same with the `GOOGLE_APPLICATION_CREDENTIALS_JSON` var.
     pub fn new() -> Self {
         Default::default()
     }
-}
 
-impl<R> Client<R>
-where
-    R: TokenCache,
-{
     /// Initializer with a provided refreshable token
-    pub fn with_token_cache(token_cache: R) -> Self {
+    pub fn with_cache(token: impl TokenCache + 'static) -> Self {
         Self {
             client: Default::default(),
-            token_cache,
+            token_cache: Box::new(token),
         }
     }
 
     /// Operations on [`Bucket`](crate::bucket::Bucket)s.
-    pub fn bucket(&self) -> BucketClient<'_, R> {
+    pub fn bucket(&self) -> BucketClient<'_> {
         BucketClient(self)
     }
 
     /// Operations on [`BucketAccessControl`](crate::bucket_access_control::BucketAccessControl)s.
-    pub fn bucket_access_control(&self) -> BucketAccessControlClient<'_, R> {
+    pub fn bucket_access_control(&self) -> BucketAccessControlClient<'_> {
         BucketAccessControlClient(self)
     }
 
     /// Operations on [`DefaultObjectAccessControl`](crate::default_object_access_control::DefaultObjectAccessControl)s.
-    pub fn default_object_access_control(&self) -> DefaultObjectAccessControlClient<'_, R> {
+    pub fn default_object_access_control(&self) -> DefaultObjectAccessControlClient<'_> {
         DefaultObjectAccessControlClient(self)
     }
 
     /// Operations on [`HmacKey`](crate::hmac_key::HmacKey)s.
-    pub fn hmac_key(&self) -> HmacKeyClient<'_, R> {
+    pub fn hmac_key(&self) -> HmacKeyClient<'_> {
         HmacKeyClient(self)
     }
 
     /// Operations on [`Object`](crate::object::Object)s.
-    pub fn object(&self) -> ObjectClient<'_, R> {
+    pub fn object(&self) -> ObjectClient<'_> {
         ObjectClient(self)
     }
 
     /// Operations on [`ObjectAccessControl`](crate::object_access_control::ObjectAccessControl)s.
-    pub fn object_access_control(&self) -> ObjectAccessControlClient<'_, R> {
+    pub fn object_access_control(&self) -> ObjectAccessControlClient<'_> {
         ObjectAccessControlClient(self)
     }
 

src/client/bucket.rs

@@ -1,20 +1,16 @@
 use crate::{
     bucket::{IamPolicy, TestIamPermission},
-    object::percent_encode,
     error::GoogleResponse,
+    object::percent_encode,
     resources::common::ListResponse,
-    token::TokenCache,
     Bucket, NewBucket,
 };
 
 /// Operations on [`Bucket`]()s.
 #[derive(Debug)]
-pub struct BucketClient<'a, T: TokenCache>(pub(super) &'a super::Client<T>);
+pub struct BucketClient<'a>(pub(super) &'a super::Client);
 
-impl<'a, T> BucketClient<'a, T>
-where
-    T: TokenCache,
-{
+impl<'a> BucketClient<'a> {
     /// Creates a new `Bucket`. There are many options that you can provide for creating a new
     /// bucket, so the `NewBucket` resource contains all of them. Note that `NewBucket` implements
     /// `Default`, so you don't have to specify the fields you're not using. And error is returned
@@ -118,11 +114,7 @@ where
     /// # }
     /// ```
     pub async fn read(&self, name: &str) -> crate::Result<Bucket> {
-        let url = format!(
-            "{}/b/{}",
-            crate::BASE_URL,
-            percent_encode(name),
-        );
+        let url = format!("{}/b/{}", crate::BASE_URL, percent_encode(name),);
         let result: GoogleResponse<Bucket> = self
             .0
             .client
@@ -167,11 +159,7 @@ where
     /// # }
     /// ```
     pub async fn update(&self, bucket: &Bucket) -> crate::Result<Bucket> {
-        let url = format!(
-            "{}/b/{}",
-            crate::BASE_URL,
-            percent_encode(&bucket.name),
-        );
+        let url = format!("{}/b/{}", crate::BASE_URL, percent_encode(&bucket.name),);
         let result: GoogleResponse<Bucket> = self
             .0
             .client
@@ -346,7 +334,11 @@ where
                 "tested permission must not be `storage.buckets.list` or `storage.buckets.create`",
             ));
         }
-        let url = format!("{}/b/{}/iam/testPermissions", crate::BASE_URL, percent_encode(&bucket.name));
+        let url = format!(
+            "{}/b/{}/iam/testPermissions",
+            crate::BASE_URL,
+            percent_encode(&bucket.name)
+        );
         let result: GoogleResponse<TestIamPermission> = self
             .0
             .client

src/client/bucket_access_control.rs

@@ -1,18 +1,14 @@
 use crate::{
     bucket_access_control::{BucketAccessControl, Entity, NewBucketAccessControl},
-    object::percent_encode,
     error::GoogleResponse,
+    object::percent_encode,
     resources::common::ListResponse,
-    token::TokenCache,
 };
 
 /// Operations on [`BucketAccessControl`](BucketAccessControl)s.
-pub struct BucketAccessControlClient<'a, R: TokenCache>(pub(super) &'a super::Client<R>);
+pub struct BucketAccessControlClient<'a>(pub(super) &'a super::Client);
 
-impl<'a, R> BucketAccessControlClient<'a, R>
-where
-    R: TokenCache,
-{
+impl<'a> BucketAccessControlClient<'a> {
     /// Create a new `BucketAccessControl` using the provided `NewBucketAccessControl`, related to
     /// the `Bucket` provided by the `bucket_name` argument.
     ///
@@ -117,7 +113,12 @@ where
     /// # }
     /// ```
     pub async fn read(&self, bucket: &str, entity: &Entity) -> crate::Result<BucketAccessControl> {
-        let url = format!("{}/b/{}/acl/{}", crate::BASE_URL, percent_encode(bucket), percent_encode(&entity.to_string()));
+        let url = format!(
+            "{}/b/{}/acl/{}",
+            crate::BASE_URL,
+            percent_encode(bucket),
+            percent_encode(&entity.to_string())
+        );
         let result: GoogleResponse<BucketAccessControl> = self
             .0
             .client

src/client/default_object_access_control.rs

@@ -1,20 +1,16 @@
 use crate::{
     bucket_access_control::Entity,
-    object::percent_encode,
     default_object_access_control::{DefaultObjectAccessControl, NewDefaultObjectAccessControl},
     error::GoogleResponse,
+    object::percent_encode,
     resources::common::ListResponse,
-    token::TokenCache,
 };
 
 /// Operations on [`DefaultObjectAccessControl`](DefaultObjectAccessControl)s.
 #[derive(Debug)]
-pub struct DefaultObjectAccessControlClient<'a, T: TokenCache>(pub(super) &'a super::Client<T>);
+pub struct DefaultObjectAccessControlClient<'a>(pub(super) &'a super::Client);
 
-impl<'a, R> DefaultObjectAccessControlClient<'a, R>
-where
-    R: TokenCache,
-{
+impl<'a> DefaultObjectAccessControlClient<'a> {
     /// Create a new `DefaultObjectAccessControl` entry on the specified bucket.
     /// ### Important
     /// Important: This method fails with a `400 Bad Request` response for buckets with uniform
@@ -44,7 +40,11 @@ where
         bucket: &str,
         new_acl: &NewDefaultObjectAccessControl,
     ) -> crate::Result<DefaultObjectAccessControl> {
-        let url = format!("{}/b/{}/defaultObjectAcl", crate::BASE_URL, percent_encode(bucket));
+        let url = format!(
+            "{}/b/{}/defaultObjectAcl",
+            crate::BASE_URL,
+            percent_encode(bucket)
+        );
         let result: GoogleResponse<DefaultObjectAccessControl> = self
             .0
             .client
@@ -82,7 +82,11 @@ where
     /// # }
     /// ```
     pub async fn list(&self, bucket: &str) -> crate::Result<Vec<DefaultObjectAccessControl>> {
-        let url = format!("{}/b/{}/defaultObjectAcl", crate::BASE_URL, percent_encode(bucket));
+        let url = format!(
+            "{}/b/{}/defaultObjectAcl",
+            crate::BASE_URL,
+            percent_encode(bucket)
+        );
         let result: GoogleResponse<ListResponse<DefaultObjectAccessControl>> = self
             .0
             .client

src/client/hmac_key.rs

@@ -1,17 +1,13 @@
 use crate::{
     error::GoogleResponse,
     hmac_key::{HmacKey, HmacMeta, HmacState},
-    token::TokenCache,
 };
 
 /// Operations on [`HmacKey`](HmacKey)s.
 #[derive(Debug)]
-pub struct HmacKeyClient<'a, R: TokenCache>(pub(super) &'a super::Client<R>);
+pub struct HmacKeyClient<'a>(pub(super) &'a super::Client);
 
-impl<'a, R> HmacKeyClient<'a, R>
-where
-    R: TokenCache,
-{
+impl<'a> HmacKeyClient<'a> {
     /// Creates a new HMAC key for the specified service account.
     ///
     /// The authenticated user must have `storage.hmacKeys.create` permission for the project in

src/client/object.rs

@@ -4,7 +4,6 @@ use reqwest::StatusCode;
 use crate::{
     error::GoogleResponse,
     object::{percent_encode, ComposeRequest, ObjectList, RewriteResponse, SizedByteStream},
-    token::TokenCache,
     ListRequest, Object,
 };
 
@@ -13,12 +12,9 @@ const BASE_URL: &str = "https://storage.googleapis.com/upload/storage/v1/b";
 
 /// Operations on [`Object`](Object)s.
 #[derive(Debug)]
-pub struct ObjectClient<'a, R: TokenCache>(pub(super) &'a super::Client<R>);
+pub struct ObjectClient<'a>(pub(super) &'a super::Client);
 
-impl<'a, R> ObjectClient<'a, R>
-where
-    R: TokenCache,
-{
+impl<'a> ObjectClient<'a> {
     /// Create a new object.
     /// Upload a file as that is loaded in memory to google cloud storage, where it will be
     /// interpreted according to the mime type you specified.
@@ -569,18 +565,21 @@ where
         );
         let mut headers = self.0.get_headers().await?;
         headers.insert(CONTENT_LENGTH, "0".parse()?);
-        let result: GoogleResponse<RewriteResponse> = self
+        let s =  self
             .0
             .client
             .post(&url)
             .headers(headers)
             .send()
             .await?
-            .json()
+            .text()
             .await?;
-        match result {
-            GoogleResponse::Success(s) => Ok(s.resource),
-            GoogleResponse::Error(e) => Err(e.into()),
-        }
+
+        let result: RewriteResponse = serde_json::from_str(dbg!(&s)).unwrap();
+        Ok(result.resource)
+        // match result {
+            // GoogleResponse::Success(s) => Ok(s.resource),
+            // GoogleResponse::Error(e) => Err(e.into()),
+        // }
     }
 }

src/client/object_access_control.rs

@@ -1,20 +1,16 @@
 use crate::{
     bucket_access_control::Entity,
-    object::percent_encode,
     error::GoogleResponse,
+    object::percent_encode,
     object_access_control::{NewObjectAccessControl, ObjectAccessControl},
     resources::common::ListResponse,
-    token::TokenCache,
 };
 
 /// Operations on [`ObjectAccessControl`](ObjectAccessControl)s.
 #[derive(Debug)]
-pub struct ObjectAccessControlClient<'a, R: TokenCache>(pub(super) &'a super::Client<R>);
+pub struct ObjectAccessControlClient<'a>(pub(super) &'a super::Client);
 
-impl<'a, R> ObjectAccessControlClient<'a, R>
-where
-    R: TokenCache,
-{
+impl<'a> ObjectAccessControlClient<'a> {
     /// Creates a new ACL entry on the specified `object`.
     ///
     /// ### Important

src/lib.rs

@@ -98,6 +98,7 @@ mod error;
 mod resources;
 mod token;
 
+use crate::resources::service_account::ServiceAccount;
 pub use crate::{
     client::Client,
     error::*,
@@ -106,8 +107,8 @@ pub use crate::{
         object::{ListRequest, Object},
         *,
     },
+    token::{Token, TokenCache},
 };
-use crate::{resources::service_account::ServiceAccount, token::Token};
 pub use download_options::DownloadOptions;
 use tokio::sync::Mutex;
 
@@ -124,7 +125,7 @@ lazy_static::lazy_static! {
 
 #[cfg(feature = "global-client")]
 lazy_static::lazy_static! {
-    static ref CLOUD_CLIENT: client::Client<Token> = client::Client::default();
+    static ref CLOUD_CLIENT: client::Client = client::Client::default();
 }
 
 /// A type alias where the error is set to be `cloud_storage::Error`.

src/resources/bucket_access_control.rs

@@ -280,7 +280,9 @@ mod tests {
             entity: Entity::AllUsers,
             role: Role::Reader,
         };
-        BucketAccessControl::create(&bucket.name, &new_bucket_access_control).await.unwrap();
+        BucketAccessControl::create(&bucket.name, &new_bucket_access_control)
+            .await
+            .unwrap();
         Ok(())
     }
 

src/resources/common.rs

@@ -63,7 +63,7 @@ pub enum Role {
 pub(crate) struct ListResponse<T> {
     #[serde(default = "Vec::new")]
     pub items: Vec<T>,
-    pub next_page_token: Option<String>,
+    // pub next_page_token: Option<String>,
 }
 
 /// An entity is used to represent a user or group of users that often have some kind of permission.

src/resources/object.rs

@@ -227,11 +227,12 @@ pub struct ObjectList {
 
 #[derive(Debug, serde::Deserialize)]
 #[serde(rename_all = "camelCase")]
+#[allow(dead_code)]
 pub(crate) struct RewriteResponse {
-    pub(crate) kind: String,
-    pub(crate) total_bytes_rewritten: String,
-    pub(crate) object_size: String,
-    pub(crate) done: bool,
+    kind: String,
+    total_bytes_rewritten: String,
+    object_size: String,
+    done: bool,
     pub(crate) resource: Object,
 }
 
@@ -920,8 +921,10 @@ mod ring {
     #[cfg_attr(all(feature = "ring", feature = "openssl"), allow(dead_code))]
     #[inline(always)]
     pub fn rsa_pkcs1_sha256(message: &str) -> crate::Result<Vec<u8>> {
-        use ring::rand::SystemRandom;
-        use ring::signature::{RsaKeyPair, RSA_PKCS1_SHA256};
+        use ring::{
+            rand::SystemRandom,
+            signature::{RsaKeyPair, RSA_PKCS1_SHA256},
+        };
 
         let key_pem = pem::parse(crate::SERVICE_ACCOUNT.private_key.as_bytes())?;
         let key = RsaKeyPair::from_pkcs8(&key_pem.contents)?;

src/sync.rs

@@ -16,63 +16,64 @@ pub use hmac_key::HmacKeyClient;
 pub use object::ObjectClient;
 pub use object_access_control::ObjectAccessControlClient;
 
-use crate::token::{Token, TokenCache};
-
 /// The primary synchronous entrypoint to perform operations with Google Cloud Storage.
 #[derive(Debug)]
-pub struct Client<R: TokenCache> {
+pub struct Client {
     runtime: tokio::runtime::Runtime,
-    client: crate::client::Client<R>,
+    client: crate::client::Client,
 }
 
-impl Client<Token> {
-    /// Constructs a synchronous client
+impl Client {
+    /// Constructs a client with the default token provider, where it attemps to obtain the
+    /// credentials from the following locations:
+    /// 
+    /// 1. Checks for the environment variable `SERVICE_ACCOUNT`, and if it exists, reads the file
+    /// at the path specified there as a credentials json file.
+    /// 2. It attemps to do the same with the `GOOGLE_APPLICATION_CREDENTIALS` var.
+    /// 3. It reads the `SERVICE_ACCOUNT_JSON` environment variable directly as json and uses that
+    /// 4.It attemps to do the same with the `GOOGLE_APPLICATION_CREDENTIALS_JSON` var.
     pub fn new() -> crate::Result<Self> {
         Ok(Self {
             runtime: crate::runtime()?,
-            client: Default::default(),
+            client: crate::Client::default(),
         })
     }
-}
 
-impl<R> Client<R>
-where
-    R: TokenCache,
-{
     /// Initializer with a provided refreshable token
-    pub fn with_token_cache(token_cache: R) -> crate::Result<Self> {
+    pub fn with_cache(token_cache: impl crate::TokenCache + 'static) -> crate::Result<Self> {
         Ok(Self {
             runtime: crate::runtime()?,
-            client: crate::Client::with_token_cache(token_cache),
+            client: crate::Client::with_cache(token_cache),
         })
     }
+
     /// Synchronous operations on [`Bucket`](crate::bucket::Bucket)s.
-    pub fn bucket(&self) -> BucketClient<'_, R> {
+    pub fn bucket(&self) -> BucketClient {
         BucketClient(self)
     }
 
     /// Synchronous operations on [`BucketAccessControl`](crate::bucket_access_control::BucketAccessControl)s.
-    pub fn bucket_access_control(&self) -> BucketAccessControlClient<'_, R> {
+    pub fn bucket_access_control(&self) -> BucketAccessControlClient {
         BucketAccessControlClient(self)
     }
 
     /// Synchronous operations on [`DefaultObjectAccessControl`](crate::default_object_access_control::DefaultObjectAccessControl)s.
-    pub fn default_object_access_control(&self) -> DefaultObjectAccessControlClient<'_, R> {
+    pub fn default_object_access_control(&self) -> DefaultObjectAccessControlClient {
         DefaultObjectAccessControlClient(self)
     }
 
     /// Synchronous operations on [`HmacKey`](crate::hmac_key::HmacKey)s.
-    pub fn hmac_key(&self) -> HmacKeyClient<'_, R> {
+    pub fn hmac_key(&self) -> HmacKeyClient {
         HmacKeyClient(self)
     }
 
     /// Synchronous operations on [`Object`](crate::object::Object)s.
-    pub fn object(&self) -> ObjectClient<'_, R> {
+    pub fn object(&self) -> ObjectClient {
         ObjectClient(self)
     }
 
     /// Synchronous operations on [`ObjectAccessControl`](crate::object_access_control::ObjectAccessControl)s.
-    pub fn object_access_control(&self) -> ObjectAccessControlClient<'_, R> {
+    pub fn object_access_control(&self) -> ObjectAccessControlClient {
         ObjectAccessControlClient(self)
     }
 }

src/sync/bucket.rs

@@ -1,17 +1,13 @@
 use crate::{
     bucket::{IamPolicy, TestIamPermission},
-    token::TokenCache,
     Bucket, NewBucket,
 };
 
 /// Operations on [`Bucket`]()s.
 #[derive(Debug)]
-pub struct BucketClient<'a, R: TokenCache>(pub(super) &'a super::Client<R>);
+pub struct BucketClient<'a>(pub(super) &'a super::Client);
 
-impl<'a, R> BucketClient<'a, R>
-where
-    R: TokenCache,
-{
+impl<'a> BucketClient<'a> {
     /// Creates a new `Bucket`. There are many options that you can provide for creating a new
     /// bucket, so the `NewBucket` resource contains all of them. Note that `NewBucket` implements
     /// `Default`, so you don't have to specify the fields you're not using. And error is returned

src/sync/bucket_access_control.rs

@@ -1,16 +1,12 @@
 use crate::{
     bucket_access_control::{BucketAccessControl, Entity, NewBucketAccessControl},
-    token::TokenCache,
 };
 
 /// Operations on [`BucketAccessControl`](BucketAccessControl)s.
 #[derive(Debug)]
-pub struct BucketAccessControlClient<'a, R: TokenCache>(pub(super) &'a super::Client<R>);
+pub struct BucketAccessControlClient<'a>(pub(super) &'a super::Client);
 
-impl<'a, R> BucketAccessControlClient<'a, R>
-where
-    R: TokenCache,
-{
+impl<'a> BucketAccessControlClient<'a> {
     /// Create a new `BucketAccessControl` using the provided `NewBucketAccessControl`, related to
     /// the `Bucket` provided by the `bucket_name` argument.
     ///

src/sync/default_object_access_control.rs

@@ -1,17 +1,13 @@
 use crate::{
     bucket_access_control::Entity,
     default_object_access_control::{DefaultObjectAccessControl, NewDefaultObjectAccessControl},
-    token::TokenCache,
 };
 
 /// Operations on [`DefaultObjectAccessControl`](DefaultObjectAccessControl)s.
 #[derive(Debug)]
-pub struct DefaultObjectAccessControlClient<'a, R: TokenCache>(pub(super) &'a super::Client<R>);
+pub struct DefaultObjectAccessControlClient<'a>(pub(super) &'a super::Client);
 
-impl<'a, R> DefaultObjectAccessControlClient<'a, R>
-where
-    R: TokenCache,
-{
+impl<'a> DefaultObjectAccessControlClient<'a> {
     /// Create a new `DefaultObjectAccessControl` entry on the specified bucket.
     /// ### Important
     /// Important: This method fails with a `400 Bad Request` response for buckets with uniform

src/sync/helpers/reader_stream.rs

@@ -1,5 +1,9 @@
-use std::{io::{BufReader, Read}, pin::Pin, task::{Context, Poll}};
 use futures::Stream;
+use std::{
+    io::{BufReader, Read},
+    pin::Pin,
+    task::{Context, Poll},
+};
 
 const BUF_CAP: usize = 8 * 1024;
 
@@ -22,7 +26,7 @@ impl<R: std::io::Read + Send + Sync + Unpin + 'static> Stream for ReaderStream<R
             Ok(n) => {
                 buf.truncate(n);
                 Poll::Ready(Some(Ok(buf)))
-            },
+            }
             Err(e) => Poll::Ready(Some(Err(e.into()))),
         }
     }

src/sync/hmac_key.rs

@@ -1,16 +1,12 @@
 use crate::{
     hmac_key::{HmacKey, HmacMeta, HmacState},
-    token::TokenCache,
 };
 
 /// Operations on [`HmacKey`](HmacKey)s.
 #[derive(Debug)]
-pub struct HmacKeyClient<'a, R: TokenCache>(pub(super) &'a super::Client<R>);
+pub struct HmacKeyClient<'a>(pub(super) &'a super::Client);
 
-impl<'a, R> HmacKeyClient<'a, R>
-where
-    R: TokenCache,
-{
+impl<'a> HmacKeyClient<'a> {
     /// Creates a new HMAC key for the specified service account.
     ///
     /// The authenticated user must have `storage.hmacKeys.create` permission for the project in

src/sync/object.rs

@@ -1,18 +1,14 @@
 use crate::{
     object::{ComposeRequest, ObjectList},
-    token::TokenCache,
     ListRequest, Object,
 };
 use futures::TryStreamExt;
 
 /// Operations on [`Object`](Object)s.
 #[derive(Debug)]
-pub struct ObjectClient<'a, T: TokenCache>(pub(super) &'a super::Client<T>);
+pub struct ObjectClient<'a>(pub(super) &'a super::Client);
 
-impl<'a, T> ObjectClient<'a, T>
-where
-    T: TokenCache,
-{
+impl<'a> ObjectClient<'a> {
     /// Create a new object.
     /// Upload a file as that is loaded in memory to google cloud storage, where it will be
     /// interpreted according to the mime type you specified.

src/sync/object_access_control.rs

@@ -1,17 +1,13 @@
 use crate::{
     bucket_access_control::Entity,
     object_access_control::{NewObjectAccessControl, ObjectAccessControl},
-    token::TokenCache,
 };
 
 /// Operations on [`ObjectAccessControl`](ObjectAccessControl)s.
 #[derive(Debug)]
-pub struct ObjectAccessControlClient<'a, R: TokenCache>(pub(super) &'a super::Client<R>);
+pub struct ObjectAccessControlClient<'a>(pub(super) &'a super::Client);
 
-impl<'a, R> ObjectAccessControlClient<'a, R>
-where
-    R: TokenCache,
-{
+impl<'a> ObjectAccessControlClient<'a> {
     /// Creates a new ACL entry on the specified `object`.
     ///
     /// ### Important

src/token.rs

@@ -3,38 +3,35 @@ use std::fmt::{Display, Formatter};
 /// Trait that refreshes a token when it is expired
 #[async_trait::async_trait]
 pub trait TokenCache: Sync {
-    type TokenData: Sync + Send + Clone + Display;
-    /// Getter for the token
-    async fn get_token(&self) -> Option<Self::TokenData>;
+    /// Returns the token that is currently held within the instance of `TokenCache`, together with
+    /// the expiry of that token as a u64 in seconds sine the Unix Epoch (1 Jan 1970).
+    async fn token_and_exp(&self) -> Option<(String, u64)>;
 
-    /// Updates the token
-    async fn set_token(&self, token: Self::TokenData) -> crate::Result<()>;
+    /// Updates the token to the value `token`.
+    async fn set_token(&self, token: String, exp: u64) -> crate::Result<()>;
 
-    /// Getter for the scope
-    fn get_scope(&self) -> &str;
+    /// Returns the intended scope for the current token.
+    async fn scope(&self) -> String;
 
-    /// Returns whether the token is expired
-    fn is_expired(token: &Self::TokenData) -> bool;
-
-    /// Returns a valid, unexpired token
-    /// Otherwise updates and returns the token
-    async fn get(&self, client: &reqwest::Client) -> crate::Result<Self::TokenData> {
-        match self.get_token().await {
-            Some(token) if !Self::is_expired(&token) => Ok(token),
+    /// Returns a valid, unexpired token. If the contained token is expired, it updates and returns
+    /// the token.
+    async fn get(&self, client: &reqwest::Client) -> crate::Result<String> {
+        match self.token_and_exp().await {
+            Some((token, exp)) if now() > exp => Ok(token),
             _ => {
-                let scope = self.get_scope();
-                let token = Self::fetch_token(client, scope).await?;
-                self.set_token(token).await?;
+                let (token, exp) = self.fetch_token(client).await?;
+                self.set_token(token, exp).await?;
 
-                self.get_token()
+                self.token_and_exp()
                     .await
+                    .map(|(t, _)| t)
                     .ok_or(crate::Error::Other("Token is not set".to_string()))
             }
         }
     }
 
     /// Fetches and returns the token using the service account
-    async fn fetch_token(client: &reqwest::Client, scope: &str) -> crate::Result<Self::TokenData>;
+    async fn fetch_token(&self, client: &reqwest::Client) -> crate::Result<(String, u64)>;
 }
 
 #[derive(serde::Serialize)]
@@ -47,10 +44,11 @@ struct Claims {
 }
 
 #[derive(serde::Deserialize, Debug)]
+// #[allow(dead_code)]
 struct TokenResponse {
     access_token: String,
-    expires_in: usize,
-    token_type: String,
+    expires_in: u64,
+    // token_type: String,
 }
 
 /// This struct contains a token, an expiry, and an access scope.
@@ -63,7 +61,7 @@ pub struct Token {
 }
 
 #[derive(Debug, Clone)]
-pub struct DefaultTokenData(pub String, u64);
+pub struct DefaultTokenData(String, u64);
 
 impl Display for DefaultTokenData {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
@@ -78,40 +76,36 @@ impl Default for Token {
 }
 
 impl Token {
-    pub fn new(scope: &str) -> Self {
+    pub(crate) fn new(scope: &str) -> Self {
         Self {
             token: tokio::sync::RwLock::new(None),
             access_scope: scope.to_string(),
         }
     }
 }
+
 #[async_trait::async_trait]
 impl TokenCache for Token {
-    type TokenData = DefaultTokenData;
-
-    fn get_scope(&self) -> &str {
-        self.access_scope.as_ref()
+    async fn scope(&self) -> String {
+        self.access_scope.clone()
     }
 
-    fn is_expired(token: &Self::TokenData) -> bool {
-        token.1 > now()
+    async fn token_and_exp(&self) -> Option<(String, u64)> {
+        self.token.read().await.as_ref().map(|d| (d.0.clone(), d.1))
     }
 
-    async fn get_token(&self) -> Option<Self::TokenData> {
-        self.token.read().await.clone()
-    }
-    async fn set_token(&self, token: Self::TokenData) -> crate::Result<()> {
-        *self.token.write().await = Some(token);
+    async fn set_token(&self, token: String, exp: u64) -> crate::Result<()> {
+        *self.token.write().await = Some(DefaultTokenData(token, exp));
         Ok(())
     }
 
-    async fn fetch_token(client: &reqwest::Client, scope: &str) -> crate::Result<Self::TokenData> {
+    async fn fetch_token(&self, client: &reqwest::Client) -> crate::Result<(String, u64)> {
         let now = now();
         let exp = now + 3600;
 
         let claims = Claims {
             iss: crate::SERVICE_ACCOUNT.client_email.clone(),
-            scope: scope.into(),
+            scope: self.scope().await.into(),
             aud: "https://www.googleapis.com/oauth2/v4/token".to_string(),
             exp,
             iat: now,
@@ -134,7 +128,7 @@ impl TokenCache for Token {
             .await?
             .json()
             .await?;
-        Ok(DefaultTokenData(response.access_token, exp))
+        Ok((response.access_token, now + response.expires_in))
     }
 }
 

test.sh

@@ -0,0 +1,7 @@
+set -e
+echo && echo '--------------------------------' && echo 'Runing sync tests'
+cargo test --features sync,global-client -- --test-threads=1
+echo && echo '--------------------------------' && echo 'Runing sync tests with rustls'
+cargo test --no-default-features --features sync,rustls-tls,global-client -- --test-threads=1
+echo && echo '--------------------------------' && echo 'Runing sync tests with all features'
+cargo test --all-features -- --test-threads=1