From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pmg-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
by lore.proxmox.com (Postfix) with ESMTPS id C69FE1FF16E
for <inbox@lore.proxmox.com>; Mon, 17 Feb 2025 12:51:01 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id DD0561E2D9;
Mon, 17 Feb 2025 12:50:59 +0100 (CET)
Date: Mon, 17 Feb 2025 12:50:25 +0100
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: Markus Frank <m.frank@proxmox.com>
Message-ID: <20250217125025.127f25f9@rosa.proxmox.com>
In-Reply-To: <20250114093010.4560-3-m.frank@proxmox.com>
References: <20250114093010.4560-1-m.frank@proxmox.com>
<20250114093010.4560-3-m.frank@proxmox.com>
X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; x86_64-pc-linux-gnu)
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.069 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DMARC_MISSING 0.1 Missing DMARC policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Subject: Re: [pmg-devel] [PATCH proxmox-perl-rs v4 2/10] move openid code
from pve-rs to common
X-BeenThere: pmg-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Mail Gateway development discussion
<pmg-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pmg-devel>,
<mailto:pmg-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pmg-devel/>
List-Post: <mailto:pmg-devel@lists.proxmox.com>
List-Help: <mailto:pmg-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel>,
<mailto:pmg-devel-request@lists.proxmox.com?subject=subscribe>
Cc: pmg-devel@lists.proxmox.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pmg-devel-bounces@lists.proxmox.com
Sender: "pmg-devel" <pmg-devel-bounces@lists.proxmox.com>
On Tue, 14 Jan 2025 10:30:02 +0100
Markus Frank <m.frank@proxmox.com> wrote:
> Change pve-rs functions to be wrapper functions for common.
>
> Signed-off-by: Markus Frank <m.frank@proxmox.com>
> ---
> common/pkg/Makefile | 1 +
> common/src/mod.rs | 1 +
> common/src/openid/mod.rs | 63 ++++++++++++++++++++++++++++++++++++++++
> pmg-rs/Cargo.toml | 1 +
> pmg-rs/debian/control | 1 +
> pve-rs/src/openid/mod.rs | 32 +++++---------------
> 6 files changed, 75 insertions(+), 24 deletions(-)
> create mode 100644 common/src/openid/mod.rs
>
> diff --git a/common/pkg/Makefile b/common/pkg/Makefile
> index cbefdf7..eb5828a 100644
> --- a/common/pkg/Makefile
> +++ b/common/pkg/Makefile
> @@ -24,6 +24,7 @@ PERLMOD_PACKAGES := \
> Proxmox::RS::APT::Repositories \
> Proxmox::RS::CalendarEvent \
> Proxmox::RS::Notify \
> + Proxmox::RS::OpenId \
it's a new module - so you could call it Proxmox::RS::OIDC
(PVE::RS:OpenId remains as name for backward compatibility,
and could be replaced in a independent patch for PVE)
> Proxmox::RS::SharedCache \
> Proxmox::RS::Subscription
>
> diff --git a/common/src/mod.rs b/common/src/mod.rs
> index badfc98..5b8445f 100644
> --- a/common/src/mod.rs
> +++ b/common/src/mod.rs
> @@ -2,5 +2,6 @@ pub mod apt;
> mod calendar_event;
> pub mod logger;
> pub mod notify;
> +pub mod openid;
> pub mod shared_cache;
> mod subscription;
> diff --git a/common/src/openid/mod.rs b/common/src/openid/mod.rs
> new file mode 100644
> index 0000000..13bbaab
> --- /dev/null
> +++ b/common/src/openid/mod.rs
> @@ -0,0 +1,63 @@
> +#[perlmod::package(name = "Proxmox::RS::OpenId")]
> +pub mod export {
> + use std::sync::Mutex;
> +
> + use anyhow::Error;
> +
> + use perlmod::{to_value, Value};
> +
> + use proxmox_openid::{OpenIdAuthenticator, OpenIdConfig, PrivateAuthState};
> +
> + perlmod::declare_magic!(Box<OpenId> : &OpenId as "Proxmox::RS::OpenId");
> +
> + /// An OpenIdAuthenticator client instance.
> + pub struct OpenId {
> + inner: Mutex<OpenIdAuthenticator>,
> + }
> +
> + /// Create a new OpenId client instance
> + #[export(raw_return)]
> + pub fn discover(
> + #[raw] class: Value,
> + config: OpenIdConfig,
> + redirect_url: &str,
> + ) -> Result<Value, Error> {
> + let open_id = OpenIdAuthenticator::discover(&config, redirect_url)?;
> + Ok(perlmod::instantiate_magic!(
> + &class,
> + MAGIC => Box::new(OpenId {
> + inner: Mutex::new(open_id),
> + })
> + ))
> + }
> +
> + #[export]
> + pub fn authorize_url(
> + #[try_from_ref] this: &OpenId,
> + state_dir: &str,
> + realm: &str,
> + ) -> Result<String, Error> {
> + let open_id = this.inner.lock().unwrap();
> + open_id.authorize_url(state_dir, realm)
> + }
> +
> + #[export]
> + pub fn verify_public_auth_state(
> + state_dir: &str,
> + state: &str,
> + ) -> Result<(String, PrivateAuthState), Error> {
> + OpenIdAuthenticator::verify_public_auth_state(state_dir, state)
> + }
> +
> + #[export(raw_return)]
> + pub fn verify_authorization_code(
> + #[try_from_ref] this: &OpenId,
> + code: &str,
> + private_auth_state: PrivateAuthState,
> + ) -> Result<Value, Error> {
> + let open_id = this.inner.lock().unwrap();
> + let claims = open_id.verify_authorization_code_simple(code, &private_auth_state)?;
> +
> + Ok(to_value(&claims)?)
> + }
> +}
> diff --git a/pmg-rs/Cargo.toml b/pmg-rs/Cargo.toml
> index 1252671..ce715bf 100644
> --- a/pmg-rs/Cargo.toml
> +++ b/pmg-rs/Cargo.toml
> @@ -42,3 +42,4 @@ proxmox-subscription = "0.5"
> proxmox-sys = "0.6"
> proxmox-tfa = { version = "5", features = ["api"] }
> proxmox-time = "2"
> +proxmox-openid = "0.10.0"
> diff --git a/pmg-rs/debian/control b/pmg-rs/debian/control
> index 295dcb3..afd8cbb 100644
> --- a/pmg-rs/debian/control
> +++ b/pmg-rs/debian/control
> @@ -27,6 +27,7 @@ Build-Depends: cargo:native <!nocheck>,
> librust-proxmox-http-error-0.1+default-dev,
> librust-proxmox-log-0.2+default-dev,
> librust-proxmox-notify-0.5+default-dev,
> + librust-proxmox-openid-0.10+default-dev,
> librust-proxmox-shared-cache-0.1+default-dev,
> librust-proxmox-subscription-0.5+default-dev,
> librust-proxmox-sys-0.6+default-dev,
> diff --git a/pve-rs/src/openid/mod.rs b/pve-rs/src/openid/mod.rs
> index 1fa7572..d3ad5a5 100644
> --- a/pve-rs/src/openid/mod.rs
> +++ b/pve-rs/src/openid/mod.rs
> @@ -1,19 +1,13 @@
> #[perlmod::package(name = "PVE::RS::OpenId", lib = "pve_rs")]
> mod export {
> - use std::sync::Mutex;
> -
> use anyhow::Error;
>
> - use perlmod::{to_value, Value};
> -
> - use proxmox_openid::{OpenIdAuthenticator, OpenIdConfig, PrivateAuthState};
> + use perlmod::Value;
>
> - perlmod::declare_magic!(Box<OpenId> : &OpenId as "PVE::RS::OpenId");
> + use proxmox_openid::{OpenIdConfig, PrivateAuthState};
>
> - /// An OpenIdAuthenticator client instance.
> - pub struct OpenId {
> - inner: Mutex<OpenIdAuthenticator>,
> - }
> + use crate::common::openid::export as common;
> + use crate::common::openid::export::OpenId as OpenId;
>
> /// Create a new OpenId client instance
> #[export(raw_return)]
> @@ -22,13 +16,7 @@ mod export {
> config: OpenIdConfig,
> redirect_url: &str,
> ) -> Result<Value, Error> {
> - let open_id = OpenIdAuthenticator::discover(&config, redirect_url)?;
> - Ok(perlmod::instantiate_magic!(
> - &class,
> - MAGIC => Box::new(OpenId {
> - inner: Mutex::new(open_id),
> - })
> - ))
> + common::discover(class, config, redirect_url)
> }
>
> #[export]
> @@ -37,8 +25,7 @@ mod export {
> state_dir: &str,
> realm: &str,
> ) -> Result<String, Error> {
> - let open_id = this.inner.lock().unwrap();
> - open_id.authorize_url(state_dir, realm)
> + common::authorize_url(this, state_dir, realm)
> }
>
> #[export]
> @@ -46,7 +33,7 @@ mod export {
> state_dir: &str,
> state: &str,
> ) -> Result<(String, PrivateAuthState), Error> {
> - OpenIdAuthenticator::verify_public_auth_state(state_dir, state)
> + common::verify_public_auth_state(state_dir, state)
> }
>
> #[export(raw_return)]
> @@ -55,9 +42,6 @@ mod export {
> code: &str,
> private_auth_state: PrivateAuthState,
> ) -> Result<Value, Error> {
> - let open_id = this.inner.lock().unwrap();
> - let claims = open_id.verify_authorization_code_simple(code, &private_auth_state)?;
> -
> - Ok(to_value(&claims)?)
> + common::verify_authorization_code(this, code, private_auth_state)
> }
> }
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel