lxmf-sdk 0.7.0

High-level Rust SDK for LXMF clients and RPC-backed LXMF workflows.
Documentation
use super::ZmqPipelineBackendClient;
use crate::capability::NegotiationRequest;
use crate::types::{AuthMode, BindMode};
use serde_json::{json, Value as JsonValue};
use std::time::{SystemTime, UNIX_EPOCH};

pub(super) fn new_session_id() -> String {
    let now = SystemTime::now()
        .duration_since(UNIX_EPOCH)
        .map(|duration| duration.as_nanos())
        .unwrap_or(0);
    format!("zmq-sdk-{:032x}", now)
}

impl ZmqPipelineBackendClient {
    pub(super) fn negotiation_security_config(
        &self,
        req: &NegotiationRequest,
    ) -> (&'static str, &'static str, Option<JsonValue>) {
        if let Some(auth) = self.config.token_auth.as_ref() {
            return (
                "remote",
                "token",
                Some(json!({
                    "token_auth": {
                        "issuer": auth.issuer,
                        "audience": auth.audience,
                        "jti_cache_ttl_ms": auth.ttl_secs.saturating_mul(1000).max(1),
                        "clock_skew_ms": 5_000,
                        "shared_secret": auth.shared_secret,
                    }
                })),
            );
        }
        (
            bind_mode_to_wire(req.bind_mode.clone()),
            auth_mode_to_wire(req.auth_mode.clone()),
            req.rpc_backend.as_ref().map(|config| {
                json!({
                    "listen_addr": config.listen_addr,
                    "read_timeout_ms": config.read_timeout_ms,
                    "write_timeout_ms": config.write_timeout_ms,
                    "max_header_bytes": config.max_header_bytes,
                    "max_body_bytes": config.max_body_bytes,
                    "token_auth": config.token_auth.as_ref().map(|token| json!({
                        "issuer": token.issuer,
                        "audience": token.audience,
                        "jti_cache_ttl_ms": token.jti_cache_ttl_ms,
                        "clock_skew_ms": token.clock_skew_ms,
                        "shared_secret": token.shared_secret,
                    })),
                    "mtls_auth": config.mtls_auth.as_ref().map(|mtls| json!({
                        "ca_bundle_path": mtls.ca_bundle_path,
                        "require_client_cert": mtls.require_client_cert,
                        "allowed_san": mtls.allowed_san,
                        "client_cert_path": mtls.client_cert_path,
                        "client_key_path": mtls.client_key_path,
                    })),
                })
            }),
        )
    }
}

fn bind_mode_to_wire(bind_mode: BindMode) -> &'static str {
    match bind_mode {
        BindMode::LocalOnly => "local_only",
        BindMode::Remote => "remote",
    }
}

fn auth_mode_to_wire(auth_mode: AuthMode) -> &'static str {
    match auth_mode {
        AuthMode::LocalTrusted => "local_trusted",
        AuthMode::Token => "token",
        AuthMode::Mtls => "mtls",
    }
}