buildservice: Implement authentication using the access token

author Michael Tremer <michael.tremer@ipfire.org>

Sat, 21 Jun 2025 16:49:41 +0000 (16:49 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Sat, 21 Jun 2025 16:50:51 +0000 (16:50 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Sat, 21 Jun 2025 16:49:41 +0000 (16:49 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Sat, 21 Jun 2025 16:50:51 +0000 (16:50 +0000)
diff --git a/src/pakfire/buildservice.c b/src/pakfire/buildservice.c

index 9ce030817688d1815cf4ab1a5ca227d72f6d41a9..5c7f27134af98f60150809f758b815896c43cce4 100644 (file)
--- a/src/pakfire/buildservice.c
+++ b/src/pakfire/buildservice.c
@@ -97,6 +97,47 @@ ERROR:
         return r;
  }
  
+static int pakfire_buildservice_auth_refresh(struct pakfire_buildservice* self) {
+       return 0; // XXX TODO
+}
+
+static int pakfire_buildservice_token_has_expired(const time_t t) {
+       time_t now = -1;
+
+       // Fetch the current time
+       now = time(NULL);
+       if (now < 0)
+               return -errno;
+
+       // We consider the token as expired if there are less than 60 seconds left
+       return (now - t) < 60;
+}
+
+static int pakfire_buildservice_xfer_auth(struct pakfire_buildservice* self, struct pakfire_xfer* xfer) {
+       int r;
+
+       // Fail if not authenticated
+       if (!*self->access_token)
+               return -ENOTSUP;
+
+       // Refresh if the access token has expired
+       if (pakfire_buildservice_token_has_expired(self->access_token_expires_at)) {
+               DEBUG(self->ctx, "The access token has expired. Trying to refresh...\n");
+
+               // Refresh the access token
+               r = pakfire_buildservice_auth_refresh(self);
+               if (r < 0)
+                       return r;
+       }
+
+       // Set the access token
+       r = pakfire_xfer_add_header(xfer, "Authorization: Bearer %s", self->access_token);
+       if (r < 0)
+               return r;
+
+       return 0;
+}
+
  static int pakfire_buildservice_set_access_token(struct pakfire_buildservice* self, const char* token) {
         char expires_at[1024];
         int r;
@@ -334,7 +375,7 @@ int pakfire_buildservice_build(struct pakfire_buildservice* service, const char*
                 goto ERROR;
  
         // Enable authentication
-       r = pakfire_xfer_auth(xfer);
+       r = pakfire_buildservice_xfer_auth(service, xfer);
         if (r)
                 goto ERROR;
  
@@ -459,8 +500,8 @@ static int pakfire_buildservice_create_upload(struct pakfire_buildservice* servi
                 goto ERROR;
  
         // Enable authentication
-       r = pakfire_xfer_auth(xfer);
-       if (r)
+       r = pakfire_buildservice_xfer_auth(service, xfer);
+       if (r < 0)
                 goto ERROR;
  
         // Add the filename parameter
@@ -527,7 +568,7 @@ static int pakfire_buildservice_upload_payload(struct pakfire_buildservice* serv
                 goto ERROR;
  
         // Enable authentication
-       r = pakfire_xfer_auth(xfer);
+       r = pakfire_buildservice_xfer_auth(service, xfer);
         if (r)
                 goto ERROR;
  
@@ -611,7 +652,7 @@ int pakfire_buildservice_list_uploads(
                 goto ERROR;
  
         // Enable authentication
-       r = pakfire_xfer_auth(xfer);
+       r = pakfire_buildservice_xfer_auth(service, xfer);
         if (r)
                 goto ERROR;
  
@@ -657,7 +698,7 @@ int pakfire_buildservice_delete_upload(
                 goto ERROR;
  
         // Enable authentication
-       r = pakfire_xfer_auth(xfer);
+       r = pakfire_buildservice_xfer_auth(service, xfer);
         if (r)
                 goto ERROR;
  
@@ -694,7 +735,7 @@ int pakfire_buildservice_list_repos(struct pakfire_buildservice* service,
                 goto ERROR;
  
         // Enable authentication
-       r = pakfire_xfer_auth(xfer);
+       r = pakfire_buildservice_xfer_auth(service, xfer);
         if (r)
                 goto ERROR;
  
@@ -738,7 +779,7 @@ int pakfire_buildservice_get_repo(struct pakfire_buildservice* service,
                 goto ERROR;
  
         // Enable authentication
-       r = pakfire_xfer_auth(xfer);
+       r = pakfire_buildservice_xfer_auth(service, xfer);
         if (r)
                 goto ERROR;
  
@@ -775,7 +816,7 @@ int pakfire_buildservice_create_repo(struct pakfire_buildservice* service,
                 goto ERROR;
  
         // Enable authentication
-       r = pakfire_xfer_auth(xfer);
+       r = pakfire_buildservice_xfer_auth(service, xfer);
         if (r)
                 goto ERROR;
  
@@ -825,7 +866,7 @@ int pakfire_buildservice_delete_repo(struct pakfire_buildservice* service,
                 goto ERROR;
  
         // Enable authentication
-       r = pakfire_xfer_auth(xfer);
+       r = pakfire_buildservice_xfer_auth(service, xfer);
         if (r)
                 goto ERROR;
author	Michael Tremer <michael.tremer@ipfire.org>
	Sat, 21 Jun 2025 16:49:41 +0000 (16:49 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Sat, 21 Jun 2025 16:50:51 +0000 (16:50 +0000)