Line data    Source code

       1             : /*
       2             :  *  Copyright (C) 2004-2025 Savoir-faire Linux Inc.
       3             :  *
       4             :  *  This program is free software: you can redistribute it and/or modify
       5             :  *  it under the terms of the GNU General Public License as published by
       6             :  *  the Free Software Foundation, either version 3 of the License, or
       7             :  *  (at your option) any later version.
       8             :  *
       9             :  *  This program is distributed in the hope that it will be useful,
      10             :  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
      11             :  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
      12             :  *  GNU General Public License for more details.
      13             :  *
      14             :  *  You should have received a copy of the GNU General Public License
      15             :  *  along with this program. If not, see <https://www.gnu.org/licenses/>.
      16             :  */
      17             : #pragma once
      18             : 
      19             : #include "account_manager.h"
      20             : 
      21             : #include <queue>
      22             : #include <set>
      23             : #include <chrono>
      24             : 
      25             : namespace jami {
      26             : 
      27             : class ServerAccountManager : public AccountManager
      28             : {
      29             : public:
      30             :     ServerAccountManager(const std::string& accountId,
      31             :                          const std::filesystem::path& path,
      32             :                          const std::string& managerHostname,
      33             :                          const std::string& nameServer);
      34             : 
      35             :     struct ServerAccountCredentials : AccountCredentials
      36             :     {
      37             :         std::string username;
      38             :         std::shared_ptr<dht::crypto::Certificate> ca;
      39             :     };
      40             : 
      41             :     void initAuthentication(PrivateKey request,
      42             :                             std::string deviceName,
      43             :                             std::unique_ptr<AccountCredentials> credentials,
      44             :                             AuthSuccessCallback onSuccess,
      45             :                             AuthFailureCallback onFailure,
      46             :                             const OnChangeCallback& onChange) override;
      47             : 
      48           0 :     bool changePassword(const std::string& /*password_old*/,
      49             :                         const std::string& /*password_new*/) override
      50             :     {
      51           0 :         return false;
      52             :     }
      53             : 
      54             :     void syncDevices() override;
      55             : 
      56             :     using SyncBlueprintCallback
      57             :         = std::function<void(const std::map<std::string, std::string>& config)>;
      58             : 
      59             :     void syncBlueprintConfig(SyncBlueprintCallback onSuccess);
      60             : 
      61             :     bool revokeDevice(const std::string& device,
      62             :                       std::string_view scheme,
      63             :                       const std::string& password,
      64             :                       RevokeDeviceCallback cb) override;
      65             : 
      66             :     bool searchUser(const std::string& query, SearchCallback cb) override;
      67             :     void registerName(const std::string& name,
      68             :                       std::string_view scheme,
      69             :                       const std::string& password,
      70             :                       RegistrationCallback cb) override;
      71             : 
      72           0 :     void onNeedsMigration(std::function<void()> cb) { onNeedsMigration_ = std::move(cb); }
      73             : 
      74             : private:
      75             :     struct AuthContext
      76             :     {
      77             :         std::string accountId;
      78             :         PrivateKey key;
      79             :         CertRequest request;
      80             :         std::string deviceName;
      81             :         std::unique_ptr<ServerAccountCredentials> credentials;
      82             :         AuthSuccessCallback onSuccess;
      83             :         AuthFailureCallback onFailure;
      84             :     };
      85             : 
      86             :     const std::string managerHostname_;
      87             :     std::shared_ptr<dht::Logger> logger_;
      88             : 
      89             :     std::mutex requestLock_;
      90             :     std::set<std::shared_ptr<dht::http::Request>> requests_;
      91             :     std::unique_ptr<ServerAccountCredentials> creds_;
      92             : 
      93             :     void sendRequest(const std::shared_ptr<dht::http::Request>& request);
      94             :     void clearRequest(const std::weak_ptr<dht::http::Request>& request);
      95             : 
      96             :     enum class TokenScope : unsigned { None = 0, Device, User, Admin };
      97             :     std::mutex tokenLock_;
      98             :     std::string token_ {};
      99             :     TokenScope tokenScope_ {};
     100             :     std::chrono::steady_clock::time_point tokenExpire_ {
     101             :         std::chrono::steady_clock::time_point::min()};
     102             : 
     103             :     using RequestQueue = std::queue<std::shared_ptr<dht::http::Request>>;
     104             :     RequestQueue pendingDeviceRequests_;
     105             :     RequestQueue pendingAccountRequests_;
     106           0 :     RequestQueue& getRequestQueue(TokenScope scope)
     107             :     {
     108           0 :         return scope == TokenScope::Device ? pendingDeviceRequests_ : pendingAccountRequests_;
     109             :     }
     110           0 :     bool hasAuthorization(TokenScope scope) const
     111             :     {
     112           0 :         return not token_.empty() and tokenScope_ >= scope
     113           0 :                and tokenExpire_ >= std::chrono::steady_clock::now();
     114             :     }
     115             :     void setAuthHeaderFields(dht::http::Request& request) const;
     116             : 
     117             :     void sendDeviceRequest(const std::shared_ptr<dht::http::Request>& req);
     118             :     void sendAccountRequest(const std::shared_ptr<dht::http::Request>& req,
     119             :                             const std::string& password);
     120             : 
     121             :     void authenticateDevice();
     122             :     void authenticateAccount(const std::string& username, const std::string& password);
     123             :     void authFailed(TokenScope scope, int code);
     124             :     void authError(TokenScope scope);
     125             :     void onAuthEnded(const Json::Value& json, const dht::http::Response& response, TokenScope scope);
     126             :     std::function<void()> onNeedsMigration_;
     127             : 
     128             :     void setToken(std::string token,
     129             :                   TokenScope scope,
     130             :                   std::chrono::steady_clock::time_point expiration);
     131             : };
     132             : 
     133             : } // namespace jami