Line data    Source code

       1             : /*
       2             :  *  Copyright (C) 2004-2024 Savoir-faire Linux Inc.
       3             :  *  Author : Adrien Béraud <adrien.beraud@savoirfairelinux.com>
       4             :  *           Vsevolod Ivanov <vsevolod.ivanov@savoirfairelinux.com>
       5             :  *
       6             :  *  This program is free software; you can redistribute it and/or modify
       7             :  *  it under the terms of the GNU General Public License as published by
       8             :  *  the Free Software Foundation; either version 3 of the License, or
       9             :  *  (at your option) any later version.
      10             :  *
      11             :  *  This program is distributed in the hope that it will be useful,
      12             :  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
      13             :  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      14             :  *  GNU General Public License for more details.
      15             :  *
      16             :  *  You should have received a copy of the GNU General Public License
      17             :  *  along with this program. If not, see <https://www.gnu.org/licenses/>.
      18             :  */
      19             : #pragma once
      20             : 
      21             : #include "account_manager.h"
      22             : 
      23             : #include <queue>
      24             : #include <set>
      25             : #include <chrono>
      26             : 
      27             : namespace jami {
      28             : 
      29             : class ServerAccountManager : public AccountManager
      30             : {
      31             : public:
      32             :     ServerAccountManager(const std::filesystem::path& path,
      33             :                          const std::string& managerHostname,
      34             :                          const std::string& nameServer);
      35             : 
      36             :     struct ServerAccountCredentials : AccountCredentials
      37             :     {
      38             :         std::string username;
      39             :         std::shared_ptr<dht::crypto::Certificate> ca;
      40             :     };
      41             : 
      42             :     void initAuthentication(const std::string& accountId,
      43             :                             PrivateKey request,
      44             :                             std::string deviceName,
      45             :                             std::unique_ptr<AccountCredentials> credentials,
      46             :                             AuthSuccessCallback onSuccess,
      47             :                             AuthFailureCallback onFailure,
      48             :                             const OnChangeCallback& onChange) override;
      49             : 
      50           0 :     bool changePassword(const std::string& /*password_old*/,
      51             :                         const std::string& /*password_new*/) override
      52             :     {
      53           0 :         return false;
      54             :     }
      55             : 
      56             :     void syncDevices() override;
      57             : 
      58             :     using SyncBlueprintCallback = std::function<void(const std::map<std::string, std::string>& config)>;
      59             : 
      60             :     void syncBlueprintConfig(SyncBlueprintCallback onSuccess);
      61             : 
      62             :     bool revokeDevice(const std::string& device,
      63             :                       std::string_view scheme, const std::string& password,
      64             :                       RevokeDeviceCallback cb) override;
      65             : 
      66             :     bool searchUser(const std::string& query, SearchCallback cb) override;
      67             :     void registerName(const std::string& name,
      68             :                       std::string_view scheme, const std::string& password,
      69             :                       RegistrationCallback cb) override;
      70             : 
      71           0 :     void onNeedsMigration(std::function<void()> cb) {
      72           0 :         onNeedsMigration_ = std::move(cb);
      73           0 :     }
      74             : 
      75             : private:
      76             :     struct AuthContext
      77             :     {
      78             :         std::string accountId;
      79             :         PrivateKey key;
      80             :         CertRequest request;
      81             :         std::string deviceName;
      82             :         std::unique_ptr<ServerAccountCredentials> credentials;
      83             :         AuthSuccessCallback onSuccess;
      84             :         AuthFailureCallback onFailure;
      85             :     };
      86             : 
      87             :     const std::string managerHostname_;
      88             :     std::shared_ptr<dht::Logger> logger_;
      89             : 
      90             :     std::mutex requestLock_;
      91             :     std::set<std::shared_ptr<dht::http::Request>> requests_;
      92             :     std::unique_ptr<ServerAccountCredentials> creds_;
      93             : 
      94             :     void sendRequest(const std::shared_ptr<dht::http::Request>& request);
      95             :     void clearRequest(const std::weak_ptr<dht::http::Request>& request);
      96             : 
      97             :     enum class TokenScope : unsigned { None = 0, Device, User, Admin };
      98             :     std::mutex tokenLock_;
      99             :     std::string token_ {};
     100             :     TokenScope tokenScope_ {};
     101             :     std::chrono::steady_clock::time_point tokenExpire_ {
     102             :         std::chrono::steady_clock::time_point::min()};
     103             :     unsigned authErrorCount {0};
     104             : 
     105             :     using RequestQueue = std::queue<std::shared_ptr<dht::http::Request>>;
     106             :     RequestQueue pendingDeviceRequests_;
     107             :     RequestQueue pendingAccountRequests_;
     108           0 :     RequestQueue& getRequestQueue(TokenScope scope)
     109             :     {
     110           0 :         return scope == TokenScope::Device ? pendingDeviceRequests_ : pendingAccountRequests_;
     111             :     }
     112           0 :     bool hasAuthorization(TokenScope scope) const
     113             :     {
     114           0 :         return not token_.empty() and tokenScope_ >= scope
     115           0 :                and tokenExpire_ >= std::chrono::steady_clock::now();
     116             :     }
     117             :     void setAuthHeaderFields(dht::http::Request& request) const;
     118             : 
     119             :     void sendDeviceRequest(const std::shared_ptr<dht::http::Request>& req);
     120             :     void sendAccountRequest(const std::shared_ptr<dht::http::Request>& req, const std::string& password);
     121             : 
     122             :     void authenticateDevice();
     123             :     void authenticateAccount(const std::string& username, const std::string& password);
     124             :     void authFailed(TokenScope scope, int code);
     125             :     void authError(TokenScope scope);
     126             :     void onAuthEnded(const Json::Value& json, const dht::http::Response& response, TokenScope scope);
     127             :     std::function<void()> onNeedsMigration_;
     128             : 
     129             :     void setToken(std::string token,
     130             :                   TokenScope scope,
     131             :                   std::chrono::steady_clock::time_point expiration);
     132             : };
     133             : 
     134             : } // namespace jami