Line data Source code
1 : /* 2 : * Copyright (C) 2004-2024 Savoir-faire Linux Inc. 3 : * Author : Adrien BĂ©raud <adrien.beraud@savoirfairelinux.com> 4 : * Vsevolod Ivanov <vsevolod.ivanov@savoirfairelinux.com> 5 : * 6 : * This program is free software; you can redistribute it and/or modify 7 : * it under the terms of the GNU General Public License as published by 8 : * the Free Software Foundation; either version 3 of the License, or 9 : * (at your option) any later version. 10 : * 11 : * This program is distributed in the hope that it will be useful, 12 : * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 : * GNU General Public License for more details. 15 : * 16 : * You should have received a copy of the GNU General Public License 17 : * along with this program. If not, see <https://www.gnu.org/licenses/>. 18 : */ 19 : #pragma once 20 : 21 : #include "account_manager.h" 22 : 23 : #include <queue> 24 : #include <set> 25 : #include <chrono> 26 : 27 : namespace jami { 28 : 29 : class ServerAccountManager : public AccountManager 30 : { 31 : public: 32 : ServerAccountManager(const std::filesystem::path& path, 33 : const std::string& managerHostname, 34 : const std::string& nameServer); 35 : 36 : struct ServerAccountCredentials : AccountCredentials 37 : { 38 : std::string username; 39 : std::shared_ptr<dht::crypto::Certificate> ca; 40 : }; 41 : 42 : void initAuthentication(const std::string& accountId, 43 : PrivateKey request, 44 : std::string deviceName, 45 : std::unique_ptr<AccountCredentials> credentials, 46 : AuthSuccessCallback onSuccess, 47 : AuthFailureCallback onFailure, 48 : const OnChangeCallback& onChange) override; 49 : 50 0 : bool changePassword(const std::string& /*password_old*/, 51 : const std::string& /*password_new*/) override 52 : { 53 0 : return false; 54 : } 55 : 56 : void syncDevices() override; 57 : 58 : using SyncBlueprintCallback = std::function<void(const std::map<std::string, std::string>& config)>; 59 : 60 : void syncBlueprintConfig(SyncBlueprintCallback onSuccess); 61 : 62 : bool revokeDevice(const std::string& device, 63 : std::string_view scheme, const std::string& password, 64 : RevokeDeviceCallback cb) override; 65 : 66 : bool searchUser(const std::string& query, SearchCallback cb) override; 67 : void registerName(const std::string& name, 68 : std::string_view scheme, const std::string& password, 69 : RegistrationCallback cb) override; 70 : 71 0 : void onNeedsMigration(std::function<void()> cb) { 72 0 : onNeedsMigration_ = std::move(cb); 73 0 : } 74 : 75 : private: 76 : struct AuthContext 77 : { 78 : std::string accountId; 79 : PrivateKey key; 80 : CertRequest request; 81 : std::string deviceName; 82 : std::unique_ptr<ServerAccountCredentials> credentials; 83 : AuthSuccessCallback onSuccess; 84 : AuthFailureCallback onFailure; 85 : }; 86 : 87 : const std::string managerHostname_; 88 : std::shared_ptr<dht::Logger> logger_; 89 : 90 : std::mutex requestLock_; 91 : std::set<std::shared_ptr<dht::http::Request>> requests_; 92 : std::unique_ptr<ServerAccountCredentials> creds_; 93 : 94 : void sendRequest(const std::shared_ptr<dht::http::Request>& request); 95 : void clearRequest(const std::weak_ptr<dht::http::Request>& request); 96 : 97 : enum class TokenScope : unsigned { None = 0, Device, User, Admin }; 98 : std::mutex tokenLock_; 99 : std::string token_ {}; 100 : TokenScope tokenScope_ {}; 101 : std::chrono::steady_clock::time_point tokenExpire_ { 102 : std::chrono::steady_clock::time_point::min()}; 103 : unsigned authErrorCount {0}; 104 : 105 : using RequestQueue = std::queue<std::shared_ptr<dht::http::Request>>; 106 : RequestQueue pendingDeviceRequests_; 107 : RequestQueue pendingAccountRequests_; 108 0 : RequestQueue& getRequestQueue(TokenScope scope) 109 : { 110 0 : return scope == TokenScope::Device ? pendingDeviceRequests_ : pendingAccountRequests_; 111 : } 112 0 : bool hasAuthorization(TokenScope scope) const 113 : { 114 0 : return not token_.empty() and tokenScope_ >= scope 115 0 : and tokenExpire_ >= std::chrono::steady_clock::now(); 116 : } 117 : void setAuthHeaderFields(dht::http::Request& request) const; 118 : 119 : void sendDeviceRequest(const std::shared_ptr<dht::http::Request>& req); 120 : void sendAccountRequest(const std::shared_ptr<dht::http::Request>& req, const std::string& password); 121 : 122 : void authenticateDevice(); 123 : void authenticateAccount(const std::string& username, const std::string& password); 124 : void authFailed(TokenScope scope, int code); 125 : void authError(TokenScope scope); 126 : void onAuthEnded(const Json::Value& json, const dht::http::Response& response, TokenScope scope); 127 : std::function<void()> onNeedsMigration_; 128 : 129 : void setToken(std::string token, 130 : TokenScope scope, 131 : std::chrono::steady_clock::time_point expiration); 132 : }; 133 : 134 : } // namespace jami