netidx_netproto/publisher.rs
1use crate::{resolver::UserInfo, value::Value};
2use bytes::Bytes;
3use netidx_core::path::Path;
4use netidx_derive::Pack;
5use std::net::SocketAddr;
6
7atomic_id!(Id);
8
9atomic_id!(WriteId);
10
11impl Default for WriteId {
12 fn default() -> Self {
13 WriteId::new()
14 }
15}
16
17#[derive(Debug, Clone, PartialEq, Eq, Pack)]
18pub enum Hello {
19 /// No authentication will be provided. The publisher may drop
20 /// the connection at this point, if it chooses to allow this
21 /// then it will return Anonymous.
22 Anonymous,
23 /// Authenticate using kerberos 5, following the hello, the
24 /// subscriber and publisher will exchange tokens to complete the
25 /// authentication.
26 Krb5(#[pack(default)] Option<UserInfo>),
27 /// Authenticate using a local unix socket, only valid for
28 /// publishers on the same machine as the subscriber.
29 Local(#[pack(default)] Option<UserInfo>),
30 /// In order to prevent denial of service, spoofing, etc,
31 /// authenticated publishers must prove that they are actually
32 /// listening on the socket they claim to be listening on. To
33 /// facilitate this, after a new security context has been
34 /// created the resolver server will encrypt a random number
35 /// with it, connect to the write address specified by the
36 /// publisher, and send the encrypted token. The publisher
37 /// must decrypt the token using it's end of the security
38 /// context, add 1 to the number, encrypt it again and send it
39 /// back. If that round trip succeeds then the new security
40 /// context will replace any old one, if it fails the new
41 /// context will be thrown away and the old one will continue
42 /// to be associated with the write address.
43 ResolverAuthenticate(SocketAddr),
44 /// Authenticate using transport layer security. In this case both
45 /// the server AND the client must have certificates that are
46 /// signed by a CA they mutually trust.
47 Tls(#[pack(default)] Option<UserInfo>),
48}
49
50#[derive(Debug, Clone, PartialEq, Pack)]
51pub enum To {
52 /// Subscribe to the specified value, if it is not available
53 /// the result will be NoSuchValue. The optional security
54 /// token is a proof from the resolver server that this
55 /// subscription is permitted. In the case of an anonymous
56 /// connection this proof will be empty.
57 Subscribe {
58 path: Path,
59 resolver: SocketAddr,
60 timestamp: u64,
61 permissions: u32,
62 token: Bytes,
63 },
64 /// Unsubscribe from the specified value, this will always result
65 /// in an Unsubscribed message even if you weren't ever subscribed
66 /// to the value, or it doesn't exist.
67 Unsubscribe(Id),
68 /// Send a write to the specified value.
69 Write(Id, bool, Value, #[pack(default)] WriteId),
70}
71
72#[derive(Debug, Clone, PartialEq, Pack)]
73pub enum From {
74 /// The requested subscription to Path cannot be completed because
75 /// it doesn't exist
76 NoSuchValue(Path),
77 /// Permission to subscribe to the specified path is denied.
78 Denied(Path),
79 /// You have been unsubscriped from Path. This can be the result
80 /// of an Unsubscribe message, or it may be sent unsolicited, in
81 /// the case the value is no longer published, or the publisher is
82 /// in the process of shutting down.
83 Unsubscribed(Id),
84 /// You are now subscribed to Path with subscription id `Id`, and
85 /// The next message contains the first value for Id. All further
86 /// communications about this subscription will only refer to the
87 /// Id.
88 Subscribed(Path, Id, Value),
89 /// A value update to Id
90 Update(Id, Value),
91 /// Indicates that the publisher is idle, but still
92 /// functioning correctly.
93 Heartbeat,
94 /// Indicates the result of a write request
95 WriteResult(Id, Value, #[pack(default)] WriteId),
96}