marzban_api 0.2.12

A simple async client which abstracts/simplifies the interactions with the Marzban panel API (https://github.com/Gozargah/Marzban).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

//! # Marzban API Client
//!
//! This module contains the API client for the Marzban API.

use std::{fmt::Debug, future::Future, sync::Arc};

use reqwest::{Client, IntoUrl, Response, StatusCode};
use tokio::sync::{Mutex, RwLock};

use crate::{error::ApiError, models::auth::BodyAdminTokenApiAdminTokenPost};

/// The Marzban API client.
///
/// This struct contains the base URL for the API, the reqwest client, and the token within the Inner struct.
///
/// You do **not** have to wrap the `Client` in an [`Rc`] or [`Arc`] to **reuse** it,
/// because it already uses an [`Arc`] internally.
#[derive(Debug, Clone)]
pub struct MarzbanAPIClient {
    pub(crate) inner: Arc<MarzbanAPIClientRef>,
}

/// The Marzban API client reference. Contains all the data needed to make requests.
/// This struct is used to allow for thread-safe access to the client and cloning, also making it cheap to clone the outer MarzbanAPIClient struct.
pub(crate) struct MarzbanAPIClientRef {
    pub(crate) base_url: String,
    pub(crate) client: Client,
    pub(crate) token: RwLock<Option<String>>,
    pub(crate) username: RwLock<Option<String>>,
    pub(crate) password: RwLock<Option<String>>,
    pub(crate) refresh_lock: Mutex<()>,
}

impl Debug for MarzbanAPIClientRef {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("MarzbanAPIClient")
            .field("base_url", &self.base_url)
            .field("client", &self.client)
            .field("token", &"*****")
            .field("username", &self.username)
            .field("password", &"*****")
            .finish()
    }
}

impl MarzbanAPIClient {
    /// Create a new Marzban API client with the given base URL.
    pub fn new(base_url: &str) -> Self {
        MarzbanAPIClient {
            inner: MarzbanAPIClientRef {
                base_url: base_url.to_string(),
                client: Client::new(),
                token: RwLock::new(None),
                username: RwLock::new(None),
                password: RwLock::new(None),
                refresh_lock: Mutex::new(()),
            }
            .into(),
        }
    }

    /// Create a new Marzban API client with the given base URL and token.
    pub fn new_with_token(base_url: &str, token: &str) -> Self {
        MarzbanAPIClient {
            inner: MarzbanAPIClientRef {
                base_url: base_url.to_string(),
                client: Client::new(),
                token: RwLock::new(Some(token.to_owned())),
                username: RwLock::new(None),
                password: RwLock::new(None),
                refresh_lock: Mutex::new(()),
            }
            .into(),
        }
    }

    /// Helper function to prepare a request with the given method and URL.
    pub fn prepare_request(
        &self,
        method: reqwest::Method,
        url: impl IntoUrl,
    ) -> reqwest::RequestBuilder {
        self.inner.client.request(method, url)
    }

    /// Attach Authorization if we have a token at send time.
    pub async fn attach_auth(&self, mut rb: reqwest::RequestBuilder) -> reqwest::RequestBuilder {
        if let Some(token) = self.inner.token.read().await.as_ref() {
            rb = rb.bearer_auth(token);
        }
        rb
    }

    /// Send, and on 401 once, refresh token (if creds exist) and retry.
    ///
    /// `make` must rebuild the *same* request (method, url, body, query, headers except auth).
    pub async fn send_with_auth_retry<M, Fut>(&self, make: M) -> Result<Response, ApiError>
    where
        M: Fn() -> Fut + Send + Sync,
        Fut: Future<Output = reqwest::RequestBuilder> + Send,
    {
        // 0 = initial try
        // 1 = retry after seeing someone else might have refreshed (after locking)
        // 2 = retry after we refreshed ourselves
        let mut stage = 0usize;

        loop {
            let resp = self.attach_auth(make().await).await.send().await?;

            if resp.status() != StatusCode::UNAUTHORIZED {
                return Ok(resp);
            }

            match stage {
                0 => {
                    // serialize potential refreshes
                    let _g = self.inner.refresh_lock.lock().await;
                    // someone else could have refreshed already; bump stage and try again
                    stage = 1;
                    continue;
                }
                1 => {
                    // still 401 while holding/after lock -> we refresh
                    self.refresh_token_from_saved_creds().await?;
                    stage = 2;
                    continue;
                }
                _ => {
                    // still 401 after our own refresh → give up
                    return Err(ApiError::ApiResponseError("Unauthorized".into()));
                }
            }
        }
    }

    /// Re-auth using saved username/password and store new token.
    async fn refresh_token_from_saved_creds(&self) -> Result<(), ApiError> {
        let (username, password) = {
            let u = self.inner.username.read().await.clone();
            let p = self.inner.password.read().await.clone();
            (u, p)
        };

        let (username, password) = match (username, password) {
            (Some(u), Some(p)) => (u, p),
            _ => {
                // no saved creds -> nothing we can do
                return Err(ApiError::ApiResponseError(
                    "401 and no saved credentials to refresh token".into(),
                ));
            }
        };

        // call the existing endpoint to get a fresh token
        let body = BodyAdminTokenApiAdminTokenPost {
            username,
            password,
            grant_type: None,
            scope: "".to_string(),
            client_id: None,
            client_secret: None,
        };
        let token = self.admin_token(body).await?;
        let mut token_lock = self.inner.token.write().await;
        *token_lock = Some(token.access_token);
        Ok(())
    }
}