torc 0.23.0

Workflow management system
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

use super::*;
use crate::server::htpasswd::HtpasswdFile;

impl<C> Server<C>
where
    C: Has<XSpanIdString> + Has<Option<Authorization>> + Send + Sync,
{
    pub(super) async fn transport_get_version(
        &self,
        context: &C,
    ) -> Result<GetVersionResponse, ApiError> {
        debug!(
            "get_version() - X-Span-ID: {:?}",
            Has::<XSpanIdString>::get(context).0.clone()
        );
        if self.authorization_service.enforce_access_control() {
            Ok(GetVersionResponse::SuccessfulResponse(serde_json::json!({
                "version": full_version(),
                "api_version": API_VERSION,
            })))
        } else {
            Ok(GetVersionResponse::SuccessfulResponse(serde_json::json!({
                "version": full_version(),
                "api_version": API_VERSION,
                "git_hash": GIT_HASH
            })))
        }
    }

    pub(super) async fn transport_ping(&self, context: &C) -> Result<PingResponse, ApiError> {
        debug!(
            "ping() - X-Span-ID: {:?}",
            Has::<XSpanIdString>::get(context).0.clone()
        );
        Ok(PingResponse::SuccessfulResponse(
            serde_json::json!({"status": "ok"}),
        ))
    }

    pub(super) async fn transport_reload_auth(
        &self,
        context: &C,
    ) -> Result<ReloadAuthResponse, ApiError> {
        debug!(
            "reload_auth() - X-Span-ID: {:?}",
            Has::<XSpanIdString>::get(context).0.clone()
        );

        authorize_admin!(self, context, ReloadAuthResponse);

        let auth_file_path = match &self.auth_file_path {
            Some(path) => path.clone(),
            None => {
                return Ok(ReloadAuthResponse::DefaultErrorResponse(
                    models::ErrorResponse::new(serde_json::json!({
                        "error": "NoAuthFile",
                        "message": "No auth file configured. Start the server with --auth-file to enable auth reloading."
                    })),
                ));
            }
        };

        info!("Reloading htpasswd file from: {}", auth_file_path);

        let load_result = tokio::task::spawn_blocking(move || HtpasswdFile::load(&auth_file_path))
            .await
            .map_err(|e| ApiError(format!("spawn_blocking failed: {e}")))?;

        match load_result {
            Ok(new_htpasswd) => {
                let user_count = new_htpasswd.user_count();

                {
                    let mut htpasswd_guard = self.htpasswd.write();
                    *htpasswd_guard = Some(new_htpasswd);
                }

                {
                    let cache_guard = self.credential_cache.read();
                    if let Some(cache) = cache_guard.as_ref() {
                        cache.clear();
                    }
                }

                info!(
                    "Successfully reloaded htpasswd file with {} users, credential cache cleared",
                    user_count
                );

                Ok(ReloadAuthResponse::SuccessfulResponse(serde_json::json!({
                    "message": "Auth credentials reloaded successfully",
                    "user_count": user_count
                })))
            }
            Err(e) => {
                error!("Failed to reload htpasswd file: {}", e);
                Ok(ReloadAuthResponse::DefaultErrorResponse(
                    models::ErrorResponse::new(serde_json::json!({
                        "error": "ReloadFailed",
                        "message": format!("Failed to reload htpasswd file: {}", e)
                    })),
                ))
            }
        }
    }
}