[pmg-api.git] / src / PMG / TFAConfig.pm

package PMG::TFAConfig;

use strict;
use warnings;

use PVE::Tools;
use PVE::INotify;
use PVE::JSONSchema qw(get_standard_option);
use PVE::Exception qw(raise);

use PMG::Utils;
use PMG::UserConfig;

use base 'PMG::RS::TFA';

my $inotify_file_id = 'pmg-tfa.json';
my $config_filename = '/etc/pmg/tfa.json';

sub new {
    my ($type) = @_;

    my $class = ref($type) || $type;

    my $cfg = PVE::INotify::read_file($inotify_file_id);

    return bless $cfg, $class;
}

sub write {
    my ($self) = @_;

    PVE::INotify::write_file($inotify_file_id, $self);
}

# This lives in `UserConfig` in order to enforce lock order.
sub lock_config {
    return PMG::UserConfig::lock_tfa_config(@_);
}

my sub read_tfa_conf : prototype($$) {
    my ($filename, $fh) = @_;

    my $raw;
    if ($fh) {
	$raw = do { local $/ = undef; <$fh> };
    } else {
	$raw = '{}';
    }

    my $cfg = PMG::RS::TFA->new($raw);

    # Purge invalid users:
    my $usercfg = PMG::UserConfig->new();
    foreach my $user ($cfg->users()->@*) {
	if (!$usercfg->lookup_user_data($user, 1)) {
	    $cfg->remove_user($user);
	}
    }

    return $cfg;
}

my sub write_tfa_conf : prototype($$$) {
    my ($filename, $fh, $cfg) = @_;

    chmod(0600, $fh);

    PVE::Tools::safe_print($filename, $fh, $cfg->SUPER::write());
}

PVE::INotify::register_file(
    $inotify_file_id,
    $config_filename,
    \&read_tfa_conf,
    \&write_tfa_conf,
    undef,
    always_call_parser => 1,
    # the parser produces a rust TfaConfig object, Clone::clone would break this
    noclone => 1,
);

1;
Commit	Line	Data
3dd4f162 WB	1	package PMG::TFAConfig;
	2
	3	use strict;
	4	use warnings;
	5
	6	use PVE::Tools;
	7	use PVE::INotify;
	8	use PVE::JSONSchema qw(get_standard_option);
	9	use PVE::Exception qw(raise);
	10
	11	use PMG::Utils;
	12	use PMG::UserConfig;
	13
	14	use base 'PMG::RS::TFA';
	15
	16	my $inotify_file_id = 'pmg-tfa.json';
	17	my $config_filename = '/etc/pmg/tfa.json';
	18
	19	sub new {
	20	my ($type) = @_;
	21
	22	my $class = ref($type) \|\| $type;
	23
	24	my $cfg = PVE::INotify::read_file($inotify_file_id);
	25
	26	return bless $cfg, $class;
	27	}
	28
	29	sub write {
	30	my ($self) = @_;
	31
	32	PVE::INotify::write_file($inotify_file_id, $self);
	33	}
	34
	35	# This lives in `UserConfig` in order to enforce lock order.
	36	sub lock_config {
	37	return PMG::UserConfig::lock_tfa_config(@_);
	38	}
	39
	40	my sub read_tfa_conf : prototype($$) {
	41	my ($filename, $fh) = @_;
	42
	43	my $raw;
	44	if ($fh) {
	45	$raw = do { local $/ = undef; <$fh> };
	46	} else {
	47	$raw = '{}';
	48	}
	49
	50	my $cfg = PMG::RS::TFA->new($raw);
	51
	52	# Purge invalid users:
	53	my $usercfg = PMG::UserConfig->new();
	54	foreach my $user ($cfg->users()->@*) {
	55	if (!$usercfg->lookup_user_data($user, 1)) {
	56	$cfg->remove_user($user);
	57	}
	58	}
	59
	60	return $cfg;
	61	}
	62
	63	my sub write_tfa_conf : prototype($$$) {
	64	my ($filename, $fh, $cfg) = @_;
65
66	chmod(0600, $fh);
67
68	PVE::Tools::safe_print($filename, $fh, $cfg->SUPER::write());
69	}
70
03f4cf8f TL	71	PVE::INotify::register_file(
	72	$inotify_file_id,
	73	$config_filename,
	74	\&read_tfa_conf,
	75	\&write_tfa_conf,
	76	undef,
	77	always_call_parser => 1,
	78	# the parser produces a rust TfaConfig object, Clone::clone would break this
	79	noclone => 1,
	80	);
3dd4f162 WB	81
3dd4f162 WB	82	1;