From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 3728890614 for ; Tue, 2 Apr 2024 13:28:03 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 1C0F94A8B for ; Tue, 2 Apr 2024 13:27:33 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 2 Apr 2024 13:27:32 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 009F544A12 for ; Tue, 2 Apr 2024 13:27:32 +0200 (CEST) From: Markus Frank To: pmg-devel@lists.proxmox.com Date: Tue, 2 Apr 2024 13:27:16 +0200 Message-Id: <20240402112721.14405-2-m.frank@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240402112721.14405-1-m.frank@proxmox.com> References: <20240402112721.14405-1-m.frank@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.034 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pmg-devel] [PATCH proxmox-perl-rs 1/6] move openid code from pve-rs to common X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Apr 2024 11:28:03 -0000 Change pve-rs functions to be wrapper functions for common and add similar wrapper functions for pmg-rs. Signed-off-by: Markus Frank --- common/src/mod.rs | 1 + common/src/openid/mod.rs | 63 ++++++++++++++++++++++++++++++++++++++++ pmg-rs/Cargo.toml | 1 + pmg-rs/src/lib.rs | 1 + pmg-rs/src/openid/mod.rs | 47 ++++++++++++++++++++++++++++++ pve-rs/src/openid/mod.rs | 32 +++++--------------- 6 files changed, 121 insertions(+), 24 deletions(-) create mode 100644 common/src/openid/mod.rs create mode 100644 pmg-rs/src/openid/mod.rs diff --git a/common/src/mod.rs b/common/src/mod.rs index c3574f4..8460439 100644 --- a/common/src/mod.rs +++ b/common/src/mod.rs @@ -3,3 +3,4 @@ mod calendar_event; pub mod logger; pub mod notify; mod subscription; +pub mod openid; diff --git a/common/src/openid/mod.rs b/common/src/openid/mod.rs new file mode 100644 index 0000000..13bbaab --- /dev/null +++ b/common/src/openid/mod.rs @@ -0,0 +1,63 @@ +#[perlmod::package(name = "Proxmox::RS::OpenId")] +pub mod export { + use std::sync::Mutex; + + use anyhow::Error; + + use perlmod::{to_value, Value}; + + use proxmox_openid::{OpenIdAuthenticator, OpenIdConfig, PrivateAuthState}; + + perlmod::declare_magic!(Box : &OpenId as "Proxmox::RS::OpenId"); + + /// An OpenIdAuthenticator client instance. + pub struct OpenId { + inner: Mutex, + } + + /// Create a new OpenId client instance + #[export(raw_return)] + pub fn discover( + #[raw] class: Value, + config: OpenIdConfig, + redirect_url: &str, + ) -> Result { + let open_id = OpenIdAuthenticator::discover(&config, redirect_url)?; + Ok(perlmod::instantiate_magic!( + &class, + MAGIC => Box::new(OpenId { + inner: Mutex::new(open_id), + }) + )) + } + + #[export] + pub fn authorize_url( + #[try_from_ref] this: &OpenId, + state_dir: &str, + realm: &str, + ) -> Result { + let open_id = this.inner.lock().unwrap(); + open_id.authorize_url(state_dir, realm) + } + + #[export] + pub fn verify_public_auth_state( + state_dir: &str, + state: &str, + ) -> Result<(String, PrivateAuthState), Error> { + OpenIdAuthenticator::verify_public_auth_state(state_dir, state) + } + + #[export(raw_return)] + pub fn verify_authorization_code( + #[try_from_ref] this: &OpenId, + code: &str, + private_auth_state: PrivateAuthState, + ) -> Result { + let open_id = this.inner.lock().unwrap(); + let claims = open_id.verify_authorization_code_simple(code, &private_auth_state)?; + + Ok(to_value(&claims)?) + } +} diff --git a/pmg-rs/Cargo.toml b/pmg-rs/Cargo.toml index 0d01b59..6f3e3df 100644 --- a/pmg-rs/Cargo.toml +++ b/pmg-rs/Cargo.toml @@ -41,3 +41,4 @@ proxmox-subscription = "0.4" proxmox-sys = "0.5" proxmox-tfa = { version = "4.0.4", features = ["api"] } proxmox-time = "1.1.3" +proxmox-openid = "0.10.0" diff --git a/pmg-rs/src/lib.rs b/pmg-rs/src/lib.rs index 4a91632..1930423 100644 --- a/pmg-rs/src/lib.rs +++ b/pmg-rs/src/lib.rs @@ -5,6 +5,7 @@ pub mod acme; pub mod apt; pub mod csr; pub mod tfa; +pub mod openid; #[perlmod::package(name = "Proxmox::Lib::PMG", lib = "pmg_rs")] mod export { diff --git a/pmg-rs/src/openid/mod.rs b/pmg-rs/src/openid/mod.rs new file mode 100644 index 0000000..c0988d6 --- /dev/null +++ b/pmg-rs/src/openid/mod.rs @@ -0,0 +1,47 @@ +#[perlmod::package(name = "PMG::RS::OpenId", lib = "pmg_rs")] +mod export { + use anyhow::Error; + + use perlmod::Value; + + use proxmox_openid::{OpenIdConfig, PrivateAuthState}; + + use crate::common::openid::export as common; + use crate::common::openid::export::OpenId as OpenId; + + /// Create a new OpenId client instance + #[export(raw_return)] + pub fn discover( + #[raw] class: Value, + config: OpenIdConfig, + redirect_url: &str, + ) -> Result { + common::discover(class, config, redirect_url) + } + + #[export] + pub fn authorize_url( + #[try_from_ref] this: &OpenId, + state_dir: &str, + realm: &str, + ) -> Result { + common::authorize_url(this, state_dir, realm) + } + + #[export] + pub fn verify_public_auth_state( + state_dir: &str, + state: &str, + ) -> Result<(String, PrivateAuthState), Error> { + common::verify_public_auth_state(state_dir, state) + } + + #[export(raw_return)] + pub fn verify_authorization_code( + #[try_from_ref] this: &OpenId, + code: &str, + private_auth_state: PrivateAuthState, + ) -> Result { + common::verify_authorization_code(this, code, private_auth_state) + } +} diff --git a/pve-rs/src/openid/mod.rs b/pve-rs/src/openid/mod.rs index 1fa7572..d3ad5a5 100644 --- a/pve-rs/src/openid/mod.rs +++ b/pve-rs/src/openid/mod.rs @@ -1,19 +1,13 @@ #[perlmod::package(name = "PVE::RS::OpenId", lib = "pve_rs")] mod export { - use std::sync::Mutex; - use anyhow::Error; - use perlmod::{to_value, Value}; - - use proxmox_openid::{OpenIdAuthenticator, OpenIdConfig, PrivateAuthState}; + use perlmod::Value; - perlmod::declare_magic!(Box : &OpenId as "PVE::RS::OpenId"); + use proxmox_openid::{OpenIdConfig, PrivateAuthState}; - /// An OpenIdAuthenticator client instance. - pub struct OpenId { - inner: Mutex, - } + use crate::common::openid::export as common; + use crate::common::openid::export::OpenId as OpenId; /// Create a new OpenId client instance #[export(raw_return)] @@ -22,13 +16,7 @@ mod export { config: OpenIdConfig, redirect_url: &str, ) -> Result { - let open_id = OpenIdAuthenticator::discover(&config, redirect_url)?; - Ok(perlmod::instantiate_magic!( - &class, - MAGIC => Box::new(OpenId { - inner: Mutex::new(open_id), - }) - )) + common::discover(class, config, redirect_url) } #[export] @@ -37,8 +25,7 @@ mod export { state_dir: &str, realm: &str, ) -> Result { - let open_id = this.inner.lock().unwrap(); - open_id.authorize_url(state_dir, realm) + common::authorize_url(this, state_dir, realm) } #[export] @@ -46,7 +33,7 @@ mod export { state_dir: &str, state: &str, ) -> Result<(String, PrivateAuthState), Error> { - OpenIdAuthenticator::verify_public_auth_state(state_dir, state) + common::verify_public_auth_state(state_dir, state) } #[export(raw_return)] @@ -55,9 +42,6 @@ mod export { code: &str, private_auth_state: PrivateAuthState, ) -> Result { - let open_id = this.inner.lock().unwrap(); - let claims = open_id.verify_authorization_code_simple(code, &private_auth_state)?; - - Ok(to_value(&claims)?) + common::verify_authorization_code(this, code, private_auth_state) } } -- 2.39.2