Avoid some unnecessary allocations.

src/server/oidc.rs

@@ -24,21 +24,47 @@ pub enum OIDCErrorType {
     // TemporarilyUnavailable,
 }
 
+pub enum OIDCErrorPayload<'a> {
+    Borrowed(&'a str),
+    Owned(String),
+}
+
+impl<'a> OIDCErrorPayload<'a> {
+    fn as_str(&self) -> &str {
+        match self {
+            Self::Borrowed(s) => s,
+            Self::Owned(s) => s.as_str(),
+        }
+    }
+}
+
+impl<'a> From<&'a str> for OIDCErrorPayload<'a> {
+    fn from(value: &'a str) -> Self {
+        Self::Borrowed(value)
+    }
+}
+
+impl<'a> From<String> for OIDCErrorPayload<'a> {
+    fn from(value: String) -> Self {
+        Self::Owned(value)
+    }
+}
+
 /// error type,
-pub struct OIDCError<'a>(OIDCErrorType, String, Option<&'a str>);
+pub struct OIDCError<'a>(OIDCErrorType, OIDCErrorPayload<'a>, Option<&'a str>);
 
 impl<'a> OIDCError<'a> {
     fn to_response(self) -> tide::Response {
         #[derive(Serialize)]
         struct ErrorOut<'a> {
             error: OIDCErrorType,
-            error_description: String,
+            error_description: &'a str,
             state: Option<&'a str>,
         }
 
         let eo = ErrorOut {
             error: self.0,
-            error_description: self.1,
+            error_description: self.1.as_str(),
             state: self.2,
         };
 
@@ -52,7 +78,7 @@ impl<'a> From<microrm::Error> for OIDCError<'a> {
     fn from(value: microrm::Error) -> Self {
         Self(
             OIDCErrorType::ServerError,
-            format!("Internal database error: {value}"),
+            format!("Internal database error: {value}").into(),
             None,
         )
     }

src/server/oidc/authorize.rs

@@ -19,7 +19,7 @@ fn do_code_authorize<'l, 's>(
         .map_err(|_| {
             OIDCError(
                 OIDCErrorType::ServerError,
-                format!("Failed to generate auth code."),
+                "failed to generate auth code".into(),
                 state,
             )
         })?
@@ -50,7 +50,7 @@ fn do_code_authorize<'l, 's>(
         tide::http::Url::parse_with_params(redirect_uri.as_str(), new_params).map_err(|e| {
             OIDCError(
                 OIDCErrorType::InvalidRequest,
-                format!("could not parse redirect_uri as a URL: {e}"),
+                format!("could not parse redirect_uri as a URL: {e}").into(),
                 None,
             )
         })?,
@@ -63,7 +63,7 @@ pub(super) fn do_authorize(request: Request, state: Option<&str>) -> Result<tide
     let realm = shelper.get_realm().map_err(|_| {
         OIDCError(
             OIDCErrorType::InvalidRequest,
-            "No such realm!".to_string(),
+            "No such realm!".into(),
             state,
         )
     })?;
@@ -79,7 +79,7 @@ pub(super) fn do_authorize(request: Request, state: Option<&str>) -> Result<tide
 
     let qp: api::AuthorizationRequestQuery = request
         .query()
-        .map_err(|x| OIDCError(OIDCErrorType::InvalidRequest, x.to_string(), state))?;
+        .map_err(|x| OIDCError(OIDCErrorType::InvalidRequest, x.to_string().into(), state))?;
 
     // collect session authentication info
 
@@ -100,7 +100,7 @@ pub(super) fn do_authorize(request: Request, state: Option<&str>) -> Result<tide
     else {
         return Err(OIDCError(
             OIDCErrorType::ServerError,
-            "Internal state error!".to_string(),
+            "Internal state error!".into(),
             state,
         ));
     };
@@ -117,7 +117,7 @@ pub(super) fn do_authorize(request: Request, state: Option<&str>) -> Result<tide
         .ok_or_else(|| {
             OIDCError(
                 OIDCErrorType::UnauthorizedClient,
-                "Client does not exist".to_string(),
+                "Client does not exist".into(),
                 state,
             )
         })?;
@@ -144,7 +144,7 @@ pub(super) fn do_authorize(request: Request, state: Option<&str>) -> Result<tide
     } else if qp.response_type == "token" {
         let rhelper = request.state().core.realms.get_helper(realm.id()).unwrap();
 
-        let token = rhelper.generate_access_token(&client, &user, scopes).map_err(|e| OIDCError(OIDCErrorType::ServerError, format!("could not generate token: {e}"), state))?;
+        let token = rhelper.generate_access_token(&client, &user, scopes).map_err(|e| OIDCError(OIDCErrorType::ServerError, format!("could not generate token: {e}").into(), state))?;
 
         Ok(tide::Response::builder(200)
            .content_type(tide::http::mime::JSON)
@@ -158,7 +158,7 @@ pub(super) fn do_authorize(request: Request, state: Option<&str>) -> Result<tide
     } else {
         Err(OIDCError(
             OIDCErrorType::UnsupportedResponseType,
-            "Only code and token are understood.".to_string(),
+            "Only code and token are understood.".into(),
             state,
         ))
     }

src/server/oidc/token.rs

@@ -44,7 +44,7 @@ fn do_authorization_code<'l>(realm: &microrm::Stored<schema::Realm>, rhelper: &R
     .map_err(|e| {
         OIDCError(
             OIDCErrorType::ServerError,
-            format!("error signing key: {e}"),
+            format!("error signing key: {e}").into(),
             None,
         )
     })?;
@@ -76,7 +76,7 @@ fn do_refresh_token<'l>(_realm: &microrm::Stored<schema::Realm>, rhelper: &Realm
         Ok((a, r)) => (a, r),
         Err(e) => return Err(OIDCError(
             OIDCErrorType::InvalidRequest,
-            format!("could not trade refresh token: {e}"),
+            format!("could not trade refresh token: {e}").into(),
             None,
         ))
     };
@@ -126,7 +126,7 @@ fn do_direct_grant<'l>(realm: &microrm::Stored<schema::Realm>, rhelper: &RealmHe
             Err(e.into())
         },
         Err(e) => {
-            Err(OIDCError(OIDCErrorType::ServerError, format!("internal error: {e}"), None))
+            Err(OIDCError(OIDCErrorType::ServerError, format!("internal error: {e}").into(), None))
         },
         Ok(false) => {
             Err(OIDCError(OIDCErrorType::AccessDenied, "password authentication failed".into(), None))
@@ -167,7 +167,7 @@ pub(super) async fn do_token<'l>(mut request: Request) -> Result<tide::Response,
     let treq: api::TokenRequestBody = request.body_form().await.map_err(|e| {
         OIDCError(
             OIDCErrorType::InvalidRequest,
-            format!("could not parse form body: {e}"),
+            format!("could not parse form body: {e}").into(),
             None,
         )
     })?;
@@ -184,7 +184,7 @@ pub(super) async fn do_token<'l>(mut request: Request) -> Result<tide::Response,
         .get()?
         .ok_or(OIDCError(
             OIDCErrorType::InvalidRequest,
-            format!("unknown client name {client_name}"),
+            format!("unknown client name {client_name}").into(),
             None,
         ))?;
 
@@ -199,7 +199,7 @@ pub(super) async fn do_token<'l>(mut request: Request) -> Result<tide::Response,
     } else {
         Err(OIDCError(
             OIDCErrorType::InvalidRequest,
-            format!("unknown grant type {}", treq.grant_type),
+            format!("unknown grant type {}", treq.grant_type).into(),
             None,
         ))
     }