From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id C69FE1FF16E for ; Mon, 17 Feb 2025 12:51:01 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DD0561E2D9; Mon, 17 Feb 2025 12:50:59 +0100 (CET) Date: Mon, 17 Feb 2025 12:50:25 +0100 From: Stoiko Ivanov To: Markus Frank Message-ID: <20250217125025.127f25f9@rosa.proxmox.com> In-Reply-To: <20250114093010.4560-3-m.frank@proxmox.com> References: <20250114093010.4560-1-m.frank@proxmox.com> <20250114093010.4560-3-m.frank@proxmox.com> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.069 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pmg-devel] [PATCH proxmox-perl-rs v4 2/10] move openid code from pve-rs to common X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: pmg-devel@lists.proxmox.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pmg-devel-bounces@lists.proxmox.com Sender: "pmg-devel" On Tue, 14 Jan 2025 10:30:02 +0100 Markus Frank wrote: > Change pve-rs functions to be wrapper functions for common. > > Signed-off-by: Markus Frank > --- > common/pkg/Makefile | 1 + > common/src/mod.rs | 1 + > common/src/openid/mod.rs | 63 ++++++++++++++++++++++++++++++++++++++++ > pmg-rs/Cargo.toml | 1 + > pmg-rs/debian/control | 1 + > pve-rs/src/openid/mod.rs | 32 +++++--------------- > 6 files changed, 75 insertions(+), 24 deletions(-) > create mode 100644 common/src/openid/mod.rs > > diff --git a/common/pkg/Makefile b/common/pkg/Makefile > index cbefdf7..eb5828a 100644 > --- a/common/pkg/Makefile > +++ b/common/pkg/Makefile > @@ -24,6 +24,7 @@ PERLMOD_PACKAGES := \ > Proxmox::RS::APT::Repositories \ > Proxmox::RS::CalendarEvent \ > Proxmox::RS::Notify \ > + Proxmox::RS::OpenId \ it's a new module - so you could call it Proxmox::RS::OIDC (PVE::RS:OpenId remains as name for backward compatibility, and could be replaced in a independent patch for PVE) > Proxmox::RS::SharedCache \ > Proxmox::RS::Subscription > > diff --git a/common/src/mod.rs b/common/src/mod.rs > index badfc98..5b8445f 100644 > --- a/common/src/mod.rs > +++ b/common/src/mod.rs > @@ -2,5 +2,6 @@ pub mod apt; > mod calendar_event; > pub mod logger; > pub mod notify; > +pub mod openid; > pub mod shared_cache; > mod subscription; > diff --git a/common/src/openid/mod.rs b/common/src/openid/mod.rs > new file mode 100644 > index 0000000..13bbaab > --- /dev/null > +++ b/common/src/openid/mod.rs > @@ -0,0 +1,63 @@ > +#[perlmod::package(name = "Proxmox::RS::OpenId")] > +pub mod export { > + use std::sync::Mutex; > + > + use anyhow::Error; > + > + use perlmod::{to_value, Value}; > + > + use proxmox_openid::{OpenIdAuthenticator, OpenIdConfig, PrivateAuthState}; > + > + perlmod::declare_magic!(Box : &OpenId as "Proxmox::RS::OpenId"); > + > + /// An OpenIdAuthenticator client instance. > + pub struct OpenId { > + inner: Mutex, > + } > + > + /// Create a new OpenId client instance > + #[export(raw_return)] > + pub fn discover( > + #[raw] class: Value, > + config: OpenIdConfig, > + redirect_url: &str, > + ) -> Result { > + let open_id = OpenIdAuthenticator::discover(&config, redirect_url)?; > + Ok(perlmod::instantiate_magic!( > + &class, > + MAGIC => Box::new(OpenId { > + inner: Mutex::new(open_id), > + }) > + )) > + } > + > + #[export] > + pub fn authorize_url( > + #[try_from_ref] this: &OpenId, > + state_dir: &str, > + realm: &str, > + ) -> Result { > + let open_id = this.inner.lock().unwrap(); > + open_id.authorize_url(state_dir, realm) > + } > + > + #[export] > + pub fn verify_public_auth_state( > + state_dir: &str, > + state: &str, > + ) -> Result<(String, PrivateAuthState), Error> { > + OpenIdAuthenticator::verify_public_auth_state(state_dir, state) > + } > + > + #[export(raw_return)] > + pub fn verify_authorization_code( > + #[try_from_ref] this: &OpenId, > + code: &str, > + private_auth_state: PrivateAuthState, > + ) -> Result { > + let open_id = this.inner.lock().unwrap(); > + let claims = open_id.verify_authorization_code_simple(code, &private_auth_state)?; > + > + Ok(to_value(&claims)?) > + } > +} > diff --git a/pmg-rs/Cargo.toml b/pmg-rs/Cargo.toml > index 1252671..ce715bf 100644 > --- a/pmg-rs/Cargo.toml > +++ b/pmg-rs/Cargo.toml > @@ -42,3 +42,4 @@ proxmox-subscription = "0.5" > proxmox-sys = "0.6" > proxmox-tfa = { version = "5", features = ["api"] } > proxmox-time = "2" > +proxmox-openid = "0.10.0" > diff --git a/pmg-rs/debian/control b/pmg-rs/debian/control > index 295dcb3..afd8cbb 100644 > --- a/pmg-rs/debian/control > +++ b/pmg-rs/debian/control > @@ -27,6 +27,7 @@ Build-Depends: cargo:native , > librust-proxmox-http-error-0.1+default-dev, > librust-proxmox-log-0.2+default-dev, > librust-proxmox-notify-0.5+default-dev, > + librust-proxmox-openid-0.10+default-dev, > librust-proxmox-shared-cache-0.1+default-dev, > librust-proxmox-subscription-0.5+default-dev, > librust-proxmox-sys-0.6+default-dev, > diff --git a/pve-rs/src/openid/mod.rs b/pve-rs/src/openid/mod.rs > index 1fa7572..d3ad5a5 100644 > --- a/pve-rs/src/openid/mod.rs > +++ b/pve-rs/src/openid/mod.rs > @@ -1,19 +1,13 @@ > #[perlmod::package(name = "PVE::RS::OpenId", lib = "pve_rs")] > mod export { > - use std::sync::Mutex; > - > use anyhow::Error; > > - use perlmod::{to_value, Value}; > - > - use proxmox_openid::{OpenIdAuthenticator, OpenIdConfig, PrivateAuthState}; > + use perlmod::Value; > > - perlmod::declare_magic!(Box : &OpenId as "PVE::RS::OpenId"); > + use proxmox_openid::{OpenIdConfig, PrivateAuthState}; > > - /// An OpenIdAuthenticator client instance. > - pub struct OpenId { > - inner: Mutex, > - } > + use crate::common::openid::export as common; > + use crate::common::openid::export::OpenId as OpenId; > > /// Create a new OpenId client instance > #[export(raw_return)] > @@ -22,13 +16,7 @@ mod export { > config: OpenIdConfig, > redirect_url: &str, > ) -> Result { > - let open_id = OpenIdAuthenticator::discover(&config, redirect_url)?; > - Ok(perlmod::instantiate_magic!( > - &class, > - MAGIC => Box::new(OpenId { > - inner: Mutex::new(open_id), > - }) > - )) > + common::discover(class, config, redirect_url) > } > > #[export] > @@ -37,8 +25,7 @@ mod export { > state_dir: &str, > realm: &str, > ) -> Result { > - let open_id = this.inner.lock().unwrap(); > - open_id.authorize_url(state_dir, realm) > + common::authorize_url(this, state_dir, realm) > } > > #[export] > @@ -46,7 +33,7 @@ mod export { > state_dir: &str, > state: &str, > ) -> Result<(String, PrivateAuthState), Error> { > - OpenIdAuthenticator::verify_public_auth_state(state_dir, state) > + common::verify_public_auth_state(state_dir, state) > } > > #[export(raw_return)] > @@ -55,9 +42,6 @@ mod export { > code: &str, > private_auth_state: PrivateAuthState, > ) -> Result { > - let open_id = this.inner.lock().unwrap(); > - let claims = open_id.verify_authorization_code_simple(code, &private_auth_state)?; > - > - Ok(to_value(&claims)?) > + common::verify_authorization_code(this, code, private_auth_state) > } > } _______________________________________________ pmg-devel mailing list pmg-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel