Line data    Source code

       1             : /*
       2             :  *  Copyright (C) 2004-2024 Savoir-faire Linux Inc.
       3             :  *
       4             :  *  This program is free software: you can redistribute it and/or modify
       5             :  *  it under the terms of the GNU General Public License as published by
       6             :  *  the Free Software Foundation, either version 3 of the License, or
       7             :  *  (at your option) any later version.
       8             :  *
       9             :  *  This program is distributed in the hope that it will be useful,
      10             :  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
      11             :  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
      12             :  *  GNU General Public License for more details.
      13             :  *
      14             :  *  You should have received a copy of the GNU General Public License
      15             :  *  along with this program. If not, see <https://www.gnu.org/licenses/>.
      16             :  */
      17             : #pragma once
      18             : 
      19             : #include "account_manager.h"
      20             : 
      21             : #include <queue>
      22             : #include <set>
      23             : #include <chrono>
      24             : 
      25             : namespace jami {
      26             : 
      27             : class ServerAccountManager : public AccountManager
      28             : {
      29             : public:
      30             :     ServerAccountManager(const std::filesystem::path& path,
      31             :                          const std::string& managerHostname,
      32             :                          const std::string& nameServer);
      33             : 
      34             :     struct ServerAccountCredentials : AccountCredentials
      35             :     {
      36             :         std::string username;
      37             :         std::shared_ptr<dht::crypto::Certificate> ca;
      38             :     };
      39             : 
      40             :     void initAuthentication(const std::string& accountId,
      41             :                             PrivateKey request,
      42             :                             std::string deviceName,
      43             :                             std::unique_ptr<AccountCredentials> credentials,
      44             :                             AuthSuccessCallback onSuccess,
      45             :                             AuthFailureCallback onFailure,
      46             :                             const OnChangeCallback& onChange) override;
      47             : 
      48           0 :     bool changePassword(const std::string& /*password_old*/,
      49             :                         const std::string& /*password_new*/) override
      50             :     {
      51           0 :         return false;
      52             :     }
      53             : 
      54             :     void syncDevices() override;
      55             : 
      56             :     using SyncBlueprintCallback = std::function<void(const std::map<std::string, std::string>& config)>;
      57             : 
      58             :     void syncBlueprintConfig(SyncBlueprintCallback onSuccess);
      59             : 
      60             :     bool revokeDevice(const std::string& device,
      61             :                       std::string_view scheme, const std::string& password,
      62             :                       RevokeDeviceCallback cb) override;
      63             : 
      64             :     bool searchUser(const std::string& query, SearchCallback cb) override;
      65             :     void registerName(const std::string& name,
      66             :                       std::string_view scheme, const std::string& password,
      67             :                       RegistrationCallback cb) override;
      68             : 
      69           0 :     void onNeedsMigration(std::function<void()> cb) {
      70           0 :         onNeedsMigration_ = std::move(cb);
      71           0 :     }
      72             : 
      73             : private:
      74             :     struct AuthContext
      75             :     {
      76             :         std::string accountId;
      77             :         PrivateKey key;
      78             :         CertRequest request;
      79             :         std::string deviceName;
      80             :         std::unique_ptr<ServerAccountCredentials> credentials;
      81             :         AuthSuccessCallback onSuccess;
      82             :         AuthFailureCallback onFailure;
      83             :     };
      84             : 
      85             :     const std::string managerHostname_;
      86             :     std::shared_ptr<dht::Logger> logger_;
      87             : 
      88             :     std::mutex requestLock_;
      89             :     std::set<std::shared_ptr<dht::http::Request>> requests_;
      90             :     std::unique_ptr<ServerAccountCredentials> creds_;
      91             : 
      92             :     void sendRequest(const std::shared_ptr<dht::http::Request>& request);
      93             :     void clearRequest(const std::weak_ptr<dht::http::Request>& request);
      94             : 
      95             :     enum class TokenScope : unsigned { None = 0, Device, User, Admin };
      96             :     std::mutex tokenLock_;
      97             :     std::string token_ {};
      98             :     TokenScope tokenScope_ {};
      99             :     std::chrono::steady_clock::time_point tokenExpire_ {
     100             :         std::chrono::steady_clock::time_point::min()};
     101             :     unsigned authErrorCount {0};
     102             : 
     103             :     using RequestQueue = std::queue<std::shared_ptr<dht::http::Request>>;
     104             :     RequestQueue pendingDeviceRequests_;
     105             :     RequestQueue pendingAccountRequests_;
     106           0 :     RequestQueue& getRequestQueue(TokenScope scope)
     107             :     {
     108           0 :         return scope == TokenScope::Device ? pendingDeviceRequests_ : pendingAccountRequests_;
     109             :     }
     110           0 :     bool hasAuthorization(TokenScope scope) const
     111             :     {
     112           0 :         return not token_.empty() and tokenScope_ >= scope
     113           0 :                and tokenExpire_ >= std::chrono::steady_clock::now();
     114             :     }
     115             :     void setAuthHeaderFields(dht::http::Request& request) const;
     116             : 
     117             :     void sendDeviceRequest(const std::shared_ptr<dht::http::Request>& req);
     118             :     void sendAccountRequest(const std::shared_ptr<dht::http::Request>& req, const std::string& password);
     119             : 
     120             :     void authenticateDevice();
     121             :     void authenticateAccount(const std::string& username, const std::string& password);
     122             :     void authFailed(TokenScope scope, int code);
     123             :     void authError(TokenScope scope);
     124             :     void onAuthEnded(const Json::Value& json, const dht::http::Response& response, TokenScope scope);
     125             :     std::function<void()> onNeedsMigration_;
     126             : 
     127             :     void setToken(std::string token,
     128             :                   TokenScope scope,
     129             :                   std::chrono::steady_clock::time_point expiration);
     130             : };
     131             : 
     132             : } // namespace jami