[proxmox-backup.git] / src / api2 / access / domain.rs

//! List Authentication domains/realms

use anyhow::{Error};

use serde::{Deserialize, Serialize};
use serde_json::{json, Value};

use proxmox_router::{Router, RpcEnvironment, Permission};
use proxmox_schema::api;

use pbs_api_types::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA};

#[api]
#[derive(Deserialize, Serialize, PartialEq, Eq)]
#[serde(rename_all = "lowercase")]
/// type of the realm
pub enum RealmType {
    /// The PAM realm
    Pam,
    /// The PBS realm
    Pbs,
    /// An OpenID Connect realm
    OpenId,
}

#[api(
    properties: {
        realm: {
            schema: REALM_ID_SCHEMA,
        },
        "type": {
            type: RealmType,
        },
        comment: {
            optional: true,
            schema: SINGLE_LINE_COMMENT_SCHEMA,
        },
    },
)]
#[derive(Deserialize, Serialize)]
#[serde(rename_all = "kebab-case")]
/// Basic Information about a realm
pub struct BasicRealmInfo {
    pub realm: String,
    #[serde(rename = "type")]
    pub ty: RealmType,
    /// True if it is the default realm
    #[serde(skip_serializing_if = "Option::is_none")]
    pub default: Option<bool>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub comment: Option<String>,
}


#[api(
    returns: {
        description: "List of realms with basic info.",
        type: Array,
        items: {
            type: BasicRealmInfo,
        }
    },
    access: {
        description: "Anyone can access this, because we need that list for the login box (before the user is authenticated).",
        permission: &Permission::World,
    }
)]
/// Authentication domain/realm index.
fn list_domains(mut rpcenv: &mut dyn RpcEnvironment) -> Result<Vec<BasicRealmInfo>, Error> {
    let mut list = Vec::new();

    list.push(serde_json::from_value(json!({
        "realm": "pam",
        "type": "pam",
        "comment": "Linux PAM standard authentication",
        "default": Some(true),
    }))?);
    list.push(serde_json::from_value(json!({
        "realm": "pbs",
        "type": "pbs",
        "comment": "Proxmox Backup authentication server",
    }))?);

    let (config, digest) = pbs_config::domains::config()?;

    for (_, (section_type, v)) in config.sections.iter() {
        let mut entry = v.clone();
        entry["type"] = Value::from(section_type.clone());
        list.push(serde_json::from_value(entry)?);
    }

    rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into();

    Ok(list)
}

pub const ROUTER: Router = Router::new()
    .get(&API_METHOD_LIST_DOMAINS);
Commit	Line	Data
bf78f708 DM	1	//! List Authentication domains/realms
bf78f708 DM	2
2649c893	3	use anyhow::{Error};
708db4b3	4
0c27d880	5	use serde::{Deserialize, Serialize};
708db4b3 DM	6	use serde_json::{json, Value};
708db4b3 DM	7
6ef1b649 WB	8	use proxmox_router::{Router, RpcEnvironment, Permission};
6ef1b649 WB	9	use proxmox_schema::api;
708db4b3	10
21211748	11	use pbs_api_types::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA};
708db4b3	12
0c27d880 DC	13	#[api]
	14	#[derive(Deserialize, Serialize, PartialEq, Eq)]
	15	#[serde(rename_all = "lowercase")]
	16	/// type of the realm
	17	pub enum RealmType {
	18	/// The PAM realm
	19	Pam,
	20	/// The PBS realm
	21	Pbs,
	22	/// An OpenID Connect realm
	23	OpenId,
	24	}
	25
	26	#[api(
	27	properties: {
	28	realm: {
	29	schema: REALM_ID_SCHEMA,
	30	},
	31	"type": {
	32	type: RealmType,
	33	},
	34	comment: {
	35	optional: true,
	36	schema: SINGLE_LINE_COMMENT_SCHEMA,
	37	},
	38	},
	39	)]
	40	#[derive(Deserialize, Serialize)]
	41	#[serde(rename_all = "kebab-case")]
	42	/// Basic Information about a realm
	43	pub struct BasicRealmInfo {
	44	pub realm: String,
	45	#[serde(rename = "type")]
	46	pub ty: RealmType,
	47	/// True if it is the default realm
	48	#[serde(skip_serializing_if = "Option::is_none")]
	49	pub default: Option<bool>,
	50	#[serde(skip_serializing_if = "Option::is_none")]
	51	pub comment: Option<String>,
	52	}
	53
	54
708db4b3 DM	55	#[api(
708db4b3 DM	56	returns: {
0c27d880	57	description: "List of realms with basic info.",
708db4b3 DM	58	type: Array,
708db4b3 DM	59	items: {
0c27d880	60	type: BasicRealmInfo,
708db4b3	61	}
4b40148c DM	62	},
	63	access: {
	64	description: "Anyone can access this, because we need that list for the login box (before the user is authenticated).",
	65	permission: &Permission::World,
708db4b3 DM	66	}
	67	)]
	68	/// Authentication domain/realm index.
0c27d880	69	fn list_domains(mut rpcenv: &mut dyn RpcEnvironment) -> Result<Vec<BasicRealmInfo>, Error> {
708db4b3	70	let mut list = Vec::new();
bbff6c49	71
0c27d880 DC	72	list.push(serde_json::from_value(json!({
	73	"realm": "pam",
	74	"type": "pam",
	75	"comment": "Linux PAM standard authentication",
	76	"default": Some(true),
	77	}))?);
	78	list.push(serde_json::from_value(json!({
	79	"realm": "pbs",
	80	"type": "pbs",
	81	"comment": "Proxmox Backup authentication server",
	82	}))?);
bbff6c49	83
21211748	84	let (config, digest) = pbs_config::domains::config()?;
bbff6c49	85
0c27d880 DC	86	for (_, (section_type, v)) in config.sections.iter() {
	87	let mut entry = v.clone();
	88	entry["type"] = Value::from(section_type.clone());
	89	list.push(serde_json::from_value(entry)?);
bbff6c49 DM	90	}
bbff6c49 DM	91
0c27d880 DC	92	rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into();
	93
	94	Ok(list)
708db4b3 DM	95	}
	96
	97	pub const ROUTER: Router = Router::new()
2649c893	98	.get(&API_METHOD_LIST_DOMAINS);