From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 21 Jun 2025 13:00:10 +0000 (+0000)
Subject: buildservice: Decode expiry times from access/refresh tokens
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55050f39a49caa1a038b303dd05270396f678fbd;p=pakfire.git

buildservice: Decode expiry times from access/refresh tokens

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/pakfire/buildservice.c b/src/pakfire/buildservice.c
index ab020db5..2867e56d 100644
--- a/src/pakfire/buildservice.c
+++ b/src/pakfire/buildservice.c
@@ -30,6 +30,7 @@
 #include <pakfire/hasher.h>
 #include <pakfire/hashes.h>
 #include <pakfire/json.h>
+#include <pakfire/jwt.h>
 #include <pakfire/logging.h>
 #include <pakfire/os.h>
 #include <pakfire/path.h>
@@ -55,7 +56,9 @@ struct pakfire_buildservice {
 
 	// Tokens
 	char access_token[1024];
+	time_t access_token_expires_at;
 	char refresh_token[1024];
+	time_t refresh_token_expires_at;
 };
 
 static int pakfire_buildservice_xfer_create(struct pakfire_xfer** xfer,
@@ -94,6 +97,58 @@ ERROR:
 	return r;
 }
 
+static int pakfire_buildservice_set_access_token(struct pakfire_buildservice* self, const char* token) {
+	char expires_at[1024];
+	int r;
+
+	// Store the token
+	r = pakfire_string_set(self->access_token, token);
+	if (r < 0)
+		return r;
+
+	// Fetch the expiry time
+	self->access_token_expires_at = pakfire_jwt_expires_at(self->ctx, self->access_token);
+	if (self->access_token_expires_at < 0)
+		return self->access_token_expires_at;
+
+	// Format the expiry time
+	r = pakfire_strftime(expires_at, "%Y-%m-%dT%H:%M:%SZ", self->access_token_expires_at);
+	if (r < 0)
+		return r;
+
+	// Log action
+	DEBUG(self->ctx, "Set access token: %s\n", self->access_token);
+	DEBUG(self->ctx, "  Expires: %s\n", expires_at);
+
+	return 0;
+}
+
+static int pakfire_buildservice_set_refresh_token(struct pakfire_buildservice* self, const char* token) {
+	char expires_at[1024];
+	int r;
+
+	// Store the token
+	r = pakfire_string_set(self->refresh_token, token);
+	if (r < 0)
+		return r;
+
+	// Fetch the expiry time
+	self->refresh_token_expires_at = pakfire_jwt_expires_at(self->ctx, self->refresh_token);
+	if (self->refresh_token_expires_at < 0)
+		return self->refresh_token_expires_at;
+
+	// Format the expiry time
+	r = pakfire_strftime(expires_at, "%Y-%m-%dT%H:%M:%SZ", self->refresh_token_expires_at);
+	if (r < 0)
+		return r;
+
+	// Log action
+	DEBUG(self->ctx, "Set refresh token: %s\n", self->refresh_token);
+	DEBUG(self->ctx, "  Expires: %s\n", expires_at);
+
+	return 0;
+}
+
 static int pakfire_buildservice_setup_auth(struct pakfire_buildservice* service) {
 	const char* error = NULL;
 	int r;
@@ -238,18 +293,16 @@ int pakfire_buildservice_auth_user(struct pakfire_buildservice* self,
 	}
 
 	// Store the access token
-	r = pakfire_string_set(self->access_token, access_token);
+	r = pakfire_buildservice_set_access_token(self, access_token);
 	if (r < 0)
 		goto ERROR;
 
 	// Store the refresh token
-	r = pakfire_string_set(self->refresh_token, refresh_token);
+	r = pakfire_buildservice_set_refresh_token(self, refresh_token);
 	if (r < 0)
 		goto ERROR;
 
 	DEBUG(self->ctx, "Successfully authenticated %s\n", username);
-	DEBUG(self->ctx, "  Access Token : %s\n", access_token);
-	DEBUG(self->ctx, "  Refresh Token: %s\n", refresh_token);
 
 ERROR:
 	if (xfer)