From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 240B11FF141
	for <inbox@lore.proxmox.com>; Fri, 13 Feb 2026 17:03:55 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id D2B4A9598;
	Fri, 13 Feb 2026 17:04:31 +0100 (CET)
From: Arthur Bied-Charreton <a.bied-charreton@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH proxmox 2/7] notify (smtp): Introduce state module
Date: Fri, 13 Feb 2026 17:04:00 +0100
Message-ID: <20260213160415.609868-3-a.bied-charreton@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260213160415.609868-1-a.bied-charreton@proxmox.com>
References: <20260213160415.609868-1-a.bied-charreton@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
	AWL                    -0.091 Adjusted score from AWL reputation of From:
 address
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
 Alignment
	KAM_LAZY_DOMAIN_SECURITY      1 Sending domain does not have any anti-forgery
 methods
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED  0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
	RCVD_IN_VALIDITY_RPBL_BLOCKED  0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
	RCVD_IN_VALIDITY_SAFE_BLOCKED  0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
	RDNS_NONE               0.793 Delivered to internal network by a host with no
 rDNS
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_NONE                0.001 SPF: sender does not publish an SPF Record
Message-ID-Hash: BUG3KRGJMHNPOTCPUUU3U2XIMRF66KFX
X-Message-ID-Hash: BUG3KRGJMHNPOTCPUUU3U2XIMRF66KFX
X-MailFrom: abied-charreton@jett.proxmox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

The state module exports a new struct with associated functionality for
loading, updating, and persisting the state for SMTP endpoints with
OAuth2 configured as authentication method.

The path to the state files, as well as their create options, are
retrieved through new Context methods to allow portability between PVE
and PBS.

Signed-off-by: Arthur Bied-Charreton <a.bied-charreton@proxmox.com>
---
 proxmox-notify/src/context/mod.rs          |  6 ++
 proxmox-notify/src/context/pbs.rs          |  8 +++
 proxmox-notify/src/context/pve.rs          |  8 +++
 proxmox-notify/src/context/test.rs         |  8 +++
 proxmox-notify/src/endpoints/smtp.rs       |  3 +
 proxmox-notify/src/endpoints/smtp/state.rs | 67 ++++++++++++++++++++++
 6 files changed, 100 insertions(+)
 create mode 100644 proxmox-notify/src/endpoints/smtp/state.rs

diff --git a/proxmox-notify/src/context/mod.rs b/proxmox-notify/src/context/mod.rs
index 8b6e2c43..492442f9 100644
--- a/proxmox-notify/src/context/mod.rs
+++ b/proxmox-notify/src/context/mod.rs
@@ -1,6 +1,8 @@
 use std::fmt::Debug;
 use std::sync::Mutex;
 
+use proxmox_sys::fs::CreateOptions;
+
 use crate::renderer::TemplateSource;
 use crate::Error;
 
@@ -32,6 +34,10 @@ pub trait Context: Send + Sync + Debug {
         namespace: Option<&str>,
         source: TemplateSource,
     ) -> Result<Option<String>, Error>;
+    /// Return the path to the state file for this context.
+    fn state_file_path(&self, name: &str) -> String;
+    /// Create options to be used when writing files containing secrets.
+    fn secret_create_options(&self) -> CreateOptions;
 }
 
 #[cfg(not(test))]
diff --git a/proxmox-notify/src/context/pbs.rs b/proxmox-notify/src/context/pbs.rs
index 3e5da59c..4f93b45d 100644
--- a/proxmox-notify/src/context/pbs.rs
+++ b/proxmox-notify/src/context/pbs.rs
@@ -125,6 +125,14 @@ impl Context for PBSContext {
             .map_err(|err| Error::Generic(format!("could not load template: {err}")))?;
         Ok(template_string)
     }
+
+    fn state_file_path(&self, name: &str) -> String {
+        format!("/var/lib/proxmox-backup/priv/notifications/{name}.json")
+    }
+
+    fn secret_create_options(&self) -> proxmox_sys::fs::CreateOptions {
+        proxmox_sys::fs::CreateOptions::new().perm(nix::sys::stat::Mode::from_bits_truncate(0o600))
+    }
 }
 
 #[cfg(test)]
diff --git a/proxmox-notify/src/context/pve.rs b/proxmox-notify/src/context/pve.rs
index a97cce26..e30f7b49 100644
--- a/proxmox-notify/src/context/pve.rs
+++ b/proxmox-notify/src/context/pve.rs
@@ -74,6 +74,14 @@ impl Context for PVEContext {
             .map_err(|err| Error::Generic(format!("could not load template: {err}")))?;
         Ok(template_string)
     }
+
+    fn state_file_path(&self, name: &str) -> String {
+        format!("/etc/pve/priv/notifications/{name}.json")
+    }
+
+    fn secret_create_options(&self) -> proxmox_sys::fs::CreateOptions {
+        proxmox_sys::fs::CreateOptions::new().perm(nix::sys::stat::Mode::from_bits_truncate(0o600))
+    }
 }
 
 pub static PVE_CONTEXT: PVEContext = PVEContext;
diff --git a/proxmox-notify/src/context/test.rs b/proxmox-notify/src/context/test.rs
index 2c236b4c..7e29d36a 100644
--- a/proxmox-notify/src/context/test.rs
+++ b/proxmox-notify/src/context/test.rs
@@ -40,4 +40,12 @@ impl Context for TestContext {
     ) -> Result<Option<String>, Error> {
         Ok(Some(String::new()))
     }
+
+    fn state_file_path(&self, name: &str) -> String {
+        format!("/tmp/notifications/{name}.json")
+    }
+
+    fn secret_create_options(&self) -> proxmox_sys::fs::CreateOptions {
+        proxmox_sys::fs::CreateOptions::new().perm(nix::sys::stat::Mode::from_bits_truncate(0o755))
+    }
 }
diff --git a/proxmox-notify/src/endpoints/smtp.rs b/proxmox-notify/src/endpoints/smtp.rs
index 277b70f4..699ed1c6 100644
--- a/proxmox-notify/src/endpoints/smtp.rs
+++ b/proxmox-notify/src/endpoints/smtp.rs
@@ -23,8 +23,11 @@ const SMTP_SUBMISSION_STARTTLS_PORT: u16 = 587;
 const SMTP_SUBMISSION_TLS_PORT: u16 = 465;
 const SMTP_TIMEOUT: u16 = 5;
 
+mod state;
 mod xoauth2;
 
+pub(crate) use state::State;
+
 #[api]
 #[derive(Debug, Serialize, Deserialize, Default, Clone, Copy)]
 #[serde(rename_all = "kebab-case")]
diff --git a/proxmox-notify/src/endpoints/smtp/state.rs b/proxmox-notify/src/endpoints/smtp/state.rs
new file mode 100644
index 00000000..60bef590
--- /dev/null
+++ b/proxmox-notify/src/endpoints/smtp/state.rs
@@ -0,0 +1,67 @@
+use serde::{Deserialize, Serialize};
+
+use crate::{context::context, Error};
+
+#[derive(Serialize, Deserialize, Clone, Debug, Default)]
+#[serde(rename_all = "kebab-case")]
+pub(crate) struct State {
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub oauth2_refresh_token: Option<String>,
+    pub last_refreshed: i64,
+}
+
+impl State {
+    /// Instantiate a new [`State`].
+    pub(crate) fn new(oauth2_refresh_token: Option<String>) -> Self {
+        Self {
+            oauth2_refresh_token,
+            last_refreshed: proxmox_time::epoch_i64(),
+        }
+    }
+
+    /// Load the state for the endpoint identified by `name`, instantiating a default object
+    /// if no state exists.
+    ///
+    /// # Errors
+    /// An [`Error`] is returned if deserialization of the state object fails.
+    pub(crate) fn load(name: &str) -> Result<State, Error> {
+        match proxmox_sys::fs::file_get_optional_contents(context().state_file_path(name))
+            .map_err(|e| Error::ConfigDeserialization(e.into()))?
+        {
+            Some(bytes) => {
+                serde_json::from_slice(&bytes).map_err(|e| Error::ConfigDeserialization(e.into()))
+            }
+            None => Ok(State::default()),
+        }
+    }
+
+    /// Persist the state for the endpoint identified by `name`.
+    ///
+    /// # Errors
+    /// An [`Error`] is returned if serialization of the state object, or the final write, fail.
+    pub(crate) fn store(self, name: &str) -> Result<(), Error> {
+        let path = context().state_file_path(name);
+        let parent = std::path::Path::new(&path).parent().unwrap();
+
+        proxmox_sys::fs::ensure_dir_exists(parent, &context().secret_create_options(), false)
+            .map_err(|e| Error::ConfigSerialization(e.into()))?;
+
+        let s = serde_json::to_string_pretty(&self)
+            .map_err(|e| Error::ConfigSerialization(e.into()))?;
+
+        proxmox_sys::fs::replace_file(path, s.as_bytes(), context().secret_create_options(), true)
+            .map_err(|e| Error::ConfigSerialization(e.into()))
+    }
+
+    /// Set `last_refreshed`.
+    pub(crate) fn set_last_refreshed(mut self, last_refreshed: i64) -> Self {
+        self.last_refreshed = last_refreshed;
+        self
+    }
+
+    /// Set `oauth2_refresh_token`.
+    pub(crate) fn set_oauth2_refresh_token(mut self, oauth2_refresh_token: Option<String>) -> Self {
+        self.oauth2_refresh_token = oauth2_refresh_token;
+        self
+    }
+}
-- 
2.47.3