Supporting JWT token

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "corgea"
-version = "1.8.5"
+version = "1.8.6"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

src/inspect.rs

@@ -19,7 +19,7 @@ pub fn run(
     println!();
     if *issues {
         let show_everything = !*summary && !*fix_explanation && !*fix_diff;
-        let issue_details = match utils::api::get_issue(&config.get_url(), &config.get_token(), id) {
+        let issue_details = match utils::api::get_issue(&config.get_url(), id) {
             Ok(issue) => issue,
             Err(e) => {
                 eprintln!("Failed to fetch issue details for issue ID {} with error:\n{}", id, e);
@@ -69,7 +69,7 @@ pub fn run(
             }
         }
     } else {
-        let scan_details = match utils::api::get_scan(&config.get_url(), &config.get_token(), id) {
+        let scan_details = match utils::api::get_scan(&config.get_url(), id) {
             Ok(details) => details,
             Err(e) => {
                 eprintln!("Failed to fetch scan details for scan ID {}: {}", id, e);
@@ -92,7 +92,7 @@ pub fn run(
         print_section("Engine", &scan_details.engine);
         let created_at = chrono::DateTime::<chrono::Utc>::from(SystemTime::now()).format("%Y-%m-%d %H:%M:%S").to_string();
         print_section("Created At", &created_at);
-        match scanners::blast::fetch_and_group_scan_issues(&config.get_url(), &config.get_token(), &scan_details.project) {
+        match scanners::blast::fetch_and_group_scan_issues(&config.get_url(), &scan_details.project) {
             Ok(counts) => {
                 let total_issues = counts.values().sum::<usize>();
                 let order = vec!["CR", "HI", "ME", "LO"];

src/list.rs

@@ -8,7 +8,7 @@ pub fn run(config: &Config, issues: &bool, sca_issues: &bool, json: &bool, page:
     let project_name = utils::generic::get_current_working_directory().unwrap_or("unknown".to_string());
     println!("");
     if *sca_issues {
-        let sca_issues_response = match utils::api::get_sca_issues(&config.get_url(), &config.get_token(), Some((*page).unwrap_or(1)), *page_size, scan_id.clone()) {
+        let sca_issues_response = match utils::api::get_sca_issues(&config.get_url(), Some((*page).unwrap_or(1)), *page_size, scan_id.clone()) {
             Ok(response) => response,
             Err(e) => {
                 debug(&format!("Error Sending Request: {}", e.to_string()));
@@ -87,7 +87,7 @@ pub fn run(config: &Config, issues: &bool, sca_issues: &bool, json: &bool, page:
 
         utils::terminal::print_table(table, Some(sca_issues_response.page), Some(sca_issues_response.total_pages));
     } else if *issues {
-        let issues_response = match utils::api::get_scan_issues(&config.get_url(), &config.get_token(), &project_name, Some((*page).unwrap_or(1)), *page_size, scan_id.clone()) {
+        let issues_response = match utils::api::get_scan_issues(&config.get_url(), &project_name, Some((*page).unwrap_or(1)), *page_size, scan_id.clone()) {
             Ok(response) => response,
             Err(e) => {
                 debug(&format!("Error Sending Request: {}", e.to_string()));
@@ -115,7 +115,7 @@ pub fn run(config: &Config, issues: &bool, sca_issues: &bool, json: &bool, page:
         if scan_id.is_some() {
             let mut page: u32 = 1;
             loop {
-                match utils::api::check_blocking_rules(&config.get_url(), &config.get_token(), scan_id.as_ref().unwrap(), Some(page)) {
+                match utils::api::check_blocking_rules(&config.get_url(), scan_id.as_ref().unwrap(), Some(page)) {
                     Ok(rules) => {
                         if rules.block {
                             render_blocking_rules = true;
@@ -224,7 +224,7 @@ pub fn run(config: &Config, issues: &bool, sca_issues: &bool, json: &bool, page:
 
         utils::terminal::print_table(table, issues_response.page, issues_response.total_pages);
     } else {
-        let (scans, page, total_pages) = match utils::api::query_scan_list(&config.get_url(), &config.get_token(), Some(&project_name), *page, *page_size) {
+        let (scans, page, total_pages) = match utils::api::query_scan_list(&config.get_url(), Some(&project_name), *page, *page_size) {
             Ok(scans) => {
                 let page = scans.page;
                 let total_pages = scans.total_pages;

src/main.rs

@@ -186,7 +186,8 @@ fn main() {
             eprintln!("No token set.\nPlease run 'corgea login' to authenticate.\nFor more info checkout our docs at Check out our docs at https://docs.corgea.app/install_cli#login-with-the-cli");
             std::process::exit(1);
         }
-        match utils::api::verify_token(config.get_token().as_str(), config.get_url().as_str()) {
+        utils::api::set_auth_token(&config.get_token());
+        match utils::api::verify_token(config.get_url().as_str()) {
             Ok(true) => {
                 return;
             }
@@ -207,7 +208,8 @@ fn main() {
             match effective_token {
                 Some(token_value) => {
                     let token_source = if token.is_some() { "parameter" } else { "CORGEA_TOKEN environment variable" };
-                    match utils::api::verify_token(&token_value, url.as_deref().unwrap_or(corgea_config.get_url().as_str())) {
+                    utils::api::set_auth_token(&token_value);
+                    match utils::api::verify_token(url.as_deref().unwrap_or(corgea_config.get_url().as_str())) {
                         Ok(true) => {
                             corgea_config.set_token(token_value.clone()).expect("Failed to set token");
                             if let Some(url) = url {

src/scan.rs

@@ -131,8 +131,8 @@ pub fn upload_scan(config: &Config, paths: Vec<String>, scanner: String, input:
     let github_env_vars = get_github_env_vars();
 
     let run_id = Uuid::new_v4().to_string();
-    let token = config.get_token();
     let base_url = config.get_url();
+    let api_base = "/api/v1";
     let project;
 
     if in_ci {
@@ -143,20 +143,20 @@ pub fn upload_scan(config: &Config, paths: Vec<String>, scanner: String, input:
     } else {
         project = utils::generic::determine_project_name(project_name.as_deref());
     }
-    let repo_data = std::env::var("REPO_DATA").unwrap_or_else(|_| "".to_string()); //encoded data to forward.
+    let repo_data = std::env::var("REPO_DATA").unwrap_or_else(|_| "".to_string());
 
     let scan_upload_url = if repo_data.is_empty() {
         format!(
-            "{}/api/cli/scan-upload?token={}&engine={}&run_id={}&project={}&ci={}&ci_platform={}", base_url, token, scanner, run_id, project, in_ci, ci_platform
+            "{}{}/scan-upload?engine={}&run_id={}&project={}&ci={}&ci_platform={}", base_url, api_base, scanner, run_id, project, in_ci, ci_platform
         )
     } else {
         format!(
-            "{}/api/cli/scan-upload?token={}&engine={}&run_id={}&project={}&ci={}&ci_platform={}&repo_data={}", base_url, token, scanner, run_id, project, in_ci, ci_platform, repo_data
+            "{}{}/scan-upload?engine={}&run_id={}&project={}&ci={}&ci_platform={}&repo_data={}", base_url, api_base, scanner, run_id, project, in_ci, ci_platform, repo_data
         )
     };
 
     let git_config_upload_url = format!(
-        "{}/api/cli/git-config-upload?token={}&run_id={}", base_url, token, run_id
+        "{}{}/git-config-upload?run_id={}", base_url, api_base, run_id
     );
     let client = utils::api::http_client();
 
@@ -177,7 +177,7 @@ pub fn upload_scan(config: &Config, paths: Vec<String>, scanner: String, input:
         }
 
         let src_upload_url = format!(
-            "{}/api/cli/code-upload?token={}&run_id={}&path={}", base_url, token, run_id, path
+            "{}{}/code-upload?run_id={}&path={}", base_url, api_base, run_id, path
         );
         debug(&format!("Uploading file: {}", path));
         let fp = Path::new(&path);
@@ -404,7 +404,7 @@ pub fn upload_scan(config: &Config, paths: Vec<String>, scanner: String, input:
 
     if in_ci {
         let ci_data_upload_url = format!(
-            "{}/api/cli/ci-data-upload?token={}&run_id={}&platform={}", base_url, token, run_id, ci_platform
+            "{}{}/ci-data-upload?run_id={}&platform={}", base_url, api_base, run_id, ci_platform
         );
 
         let mut github_env_vars_json = serde_json::Map::new();

src/scanners/blast.rs

@@ -180,7 +180,7 @@ pub fn run(
     let _ = packaging_thread.join();
     print!("\r{}Project packaged successfully.\n", utils::terminal::set_text_color("", utils::terminal::TerminalColor::Green));
     println!("\n\nSubmitting scan to Corgea:");
-    let upload_result = match utils::api::upload_zip(&zip_path, &config.get_token(), &config.get_url(), &project_name, repo_info, scan_type, policy) {
+    let upload_result = match utils::api::upload_zip(&zip_path, &config.get_url(), &project_name, repo_info, scan_type, policy) {
         Ok(result) => result,
         Err(e) => {
             eprintln!("\n\nOh no! We encountered an issue while uploading the zip file '{}' to the server.\nPlease ensure that:
@@ -225,7 +225,7 @@ pub fn run(
         utils::terminal::show_loading_message("Collecting scan results... ([T]s)", stop_signal_clone);
     });
 
-    let classifications = match report_scan_status(&config.get_url(), &config.get_token(), &project_name) {
+    let classifications = match report_scan_status(&config.get_url(), &project_name) {
         Ok(issues_classes) => {
             *stop_signal.lock().unwrap() = true;
             let _ = results_thread.join();
@@ -258,7 +258,7 @@ pub fn run(
         }
     };
     if *fail {
-        let blocking_rules = match utils::api::check_blocking_rules(&config.get_url(), &config.get_token(), &scan_id, None) {
+        let blocking_rules = match utils::api::check_blocking_rules(&config.get_url(), &scan_id, None) {
             Ok(rules) => rules,
             Err(e) => {
                 eprintln!("Failed to check blocking rules: {}", e);
@@ -286,14 +286,14 @@ pub fn run(
             });
 
             if out_format == "json" {
-                let issues = match utils::api::get_all_issues(&config.get_url(), &config.get_token(), &project_name, Some(scan_id.clone())) {
+                let issues = match utils::api::get_all_issues(&config.get_url(), &project_name, Some(scan_id.clone())) {
                     Ok(issues) => issues,
                     Err(e) => {
                         eprintln!("\n\nFailed to fetch issues: {}\n\n", e);
                         std::process::exit(1);
                     }
                 };
-                let sca_issues = match utils::api::get_all_sca_issues(&config.get_url(), &config.get_token(), &project_name, Some(scan_id.clone())) {
+                let sca_issues = match utils::api::get_all_sca_issues(&config.get_url(), &project_name, Some(scan_id.clone())) {
                     Ok(issues) => issues,
                     Err(e) => {
                         eprintln!("\n\nFailed to fetch SCA issues: {}\n\n", e);
@@ -311,7 +311,7 @@ pub fn run(
                 println!("\n\nScan results written to: {}\n\n", out_file.clone());
             }
             else if out_format == "html" {
-                let report = match utils::api::get_scan_report(&config.get_url(), &config.get_token(), &scan_id, None) {
+                let report = match utils::api::get_scan_report(&config.get_url(), &scan_id, None) {
                     Ok(html) => html,
                     Err(e) => {
                         eprintln!("\n\nFailed to fetch scan report: {}\n\n", e);
@@ -325,7 +325,7 @@ pub fn run(
                 println!("\n\nScan report written to: {}\n\n", out_file.clone());
             }
             else if out_format == "sarif" {
-                let report = match utils::api::get_scan_report(&config.get_url(), &config.get_token(), &scan_id, Some("sarif")) {
+                let report = match utils::api::get_scan_report(&config.get_url(), &scan_id, Some("sarif")) {
                     Ok(sarif) => sarif,
                     Err(e) => {
                         eprintln!("\n\nFailed to fetch SARIF report: {}\n\n", e);
@@ -339,7 +339,7 @@ pub fn run(
                 println!("\n\nScan report written to: {}\n\n", out_file.clone());
             }
             else if out_format == "markdown" {
-                let report = match utils::api::get_scan_report(&config.get_url(), &config.get_token(), &scan_id, Some("markdown")) {
+                let report = match utils::api::get_scan_report(&config.get_url(), &scan_id, Some("markdown")) {
                     Ok(markdown) => markdown,
                     Err(e) => {
                         eprintln!("\n\nFailed to fetch Markdown report: {}\n\n", e);
@@ -402,7 +402,7 @@ pub fn wait_for_scan(config: &Config, scan_id: &str) {
 
         loop {
             std::thread::sleep(std::time::Duration::from_secs(1));
-            match check_scan_status(&scan_id, &config.get_url(), &config.get_token()) {
+            match check_scan_status(&scan_id, &config.get_url()) {
                 Ok(true) => {
                     *stop_signal.lock().unwrap() = true;
                     break;
@@ -444,16 +444,16 @@ pub fn wait_for_scan(config: &Config, scan_id: &str) {
 }
 
 
-pub fn check_scan_status(scan_id: &str, url: &str, token: &str) -> Result<bool, Box<dyn Error>> {
-    match utils::api::get_scan(url, token, scan_id) {
+pub fn check_scan_status(scan_id: &str, url: &str) -> Result<bool, Box<dyn Error>> {
+    match utils::api::get_scan(url, scan_id) {
         Ok(scan) => Ok(scan.status == "complete"),
         Err(e) => Err(e)
     }
 }
 
 
-pub fn fetch_and_group_scan_issues(url: &str, token: &str, project: &str) -> Result<HashMap<String, usize>, Box<dyn std::error::Error>> {
-    let issues = match utils::api::get_all_issues(url, token, project, None) {
+pub fn fetch_and_group_scan_issues(url: &str, project: &str) -> Result<HashMap<String, usize>, Box<dyn std::error::Error>> {
+    let issues = match utils::api::get_all_issues(url, project, None) {
         Ok(issues) => issues,
         Err(err) => {
             return Err(format!("Failed to fetch scan issues: {}", err).into());
@@ -468,8 +468,8 @@ pub fn fetch_and_group_scan_issues(url: &str, token: &str, project: &str) -> Res
     Ok(classification_counts)
 }
 
-pub fn report_scan_status(url: &str, token: &str, project: &str) ->  Result<HashMap<String, usize>, Box<dyn std::error::Error>>{
-    let classification_counts = match fetch_and_group_scan_issues(url, token, project) {
+pub fn report_scan_status(url: &str, project: &str) ->  Result<HashMap<String, usize>, Box<dyn std::error::Error>>{
+    let classification_counts = match fetch_and_group_scan_issues(url, project) {
         Ok(counts) => counts,
         Err(e) => {
             return Err(e);