Add gen_jwt_token RPC (#674)

* Add gen_jwt_token RPC

* Set error when failed to generate jwt token

* Modify RPC name

---------

Co-authored-by: 杨赫然 <heran.yang@seafile.com>

common/rpc-service.c

@@ -9,6 +9,7 @@
 #include "utils.h"
 
 #include "seafile-session.h"
+#include "seaf-utils.h"
 #include "fs-mgr.h"
 #include "repo-mgr.h"
 #include "seafile-error.h"
@@ -4604,6 +4605,22 @@ seafile_search_files_by_path (const char *repo_id, const char *path, const char
     return g_list_reverse (ret);
 }
 
+char *
+seafile_generate_notif_server_jwt (const char *repo_id, const char *username, GError **error)
+{
+    if (!repo_id || !username) {
+        g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_BAD_ARGS, "Argument should not be null");
+        return NULL;
+    }
+
+    char *token = seaf_gen_notif_server_jwt (repo_id, username);
+    if (!token) {
+        g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_INTERNAL,
+                     "Failed to generate jwt token");
+    }
+    return token;
+}
+
 /*RPC functions merged from ccnet-server*/
 int
 ccnet_rpc_add_emailuser (const char *email, const char *passwd,

common/seaf-utils.c

@@ -10,6 +10,9 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
+#include <jwt.h>
+
+#define JWT_TOKEN_EXPIRE_TIME 3*24*3600 /* 3 days*/
 
 char *
 seafile_session_get_tmp_file_path (SeafileSession *session,
@@ -441,4 +444,51 @@ out:
     g_free (conf_path);
     g_free (data);
 }
+
+char *
+seaf_gen_notif_server_jwt (const char *repo_id, const char *username)
+{
+    char *jwt_token = NULL;
+    gint64 now = (gint64)time(NULL);
+
+    jwt_t *jwt = NULL;
+
+    if (!seaf->notif_server_private_key) {
+        seaf_warning ("No private key is configured for generating jwt token\n");
+        return NULL;
+    }
+
+    int ret = jwt_new (&jwt);
+    if (ret != 0 || jwt == NULL) {
+        seaf_warning ("Failed to create jwt\n");
+        goto out;
+    }
+
+    ret = jwt_add_grant (jwt, "repo_id", repo_id);
+    if (ret != 0) {
+        seaf_warning ("Failed to add repo_id to jwt\n");
+        goto out;
+    }
+    ret = jwt_add_grant (jwt, "username", username);
+    if (ret != 0) {
+        seaf_warning ("Failed to add username to jwt\n");
+        goto out;
+    }
+    ret = jwt_add_grant_int (jwt, "exp", now + JWT_TOKEN_EXPIRE_TIME);
+    if (ret != 0) {
+        seaf_warning ("Failed to expire time to jwt\n");
+        goto out;
+    }
+    ret = jwt_set_alg (jwt, JWT_ALG_HS256, (unsigned char *)seaf->notif_server_private_key, strlen(seaf->notif_server_private_key));
+    if (ret != 0) {
+        seaf_warning ("Failed to set alg\n");
+        goto out;
+    }
+
+    jwt_token = jwt_encode_str (jwt);
+
+out:
+    jwt_free (jwt);
+    return jwt_token;
+}
 #endif

common/seaf-utils.h

@@ -21,4 +21,7 @@ void
 load_seahub_private_key (SeafileSession *session, const char *conf_dir);
 #endif
 
+char *
+seaf_gen_notif_server_jwt (const char *repo_id, const char *username);
+
 #endif

include/seafile-rpc.h

@@ -1149,6 +1149,9 @@ seafile_search_files (const char *repo_id, const char *str, GError **error);
 GList *
 seafile_search_files_by_path (const char *repo_id, const char *path, const char *str, GError **error);
 
+char *
+seafile_generate_notif_server_jwt (const char *repo_id, const char *username, GError **error);
+
 /*Following is ccnet rpc*/
 int
 ccnet_rpc_add_emailuser (const char *email, const char *passwd,

python/seafile/rpcclient.py

@@ -821,6 +821,10 @@ class SeafServerThreadedRpcClient(NamedPipeClient):
     def search_files_by_path(self, repo_id, path, search_str):
         pass
 
+    @searpc_func("string", ["string", "string"])
+    def generate_notif_server_jwt(self, repo_id, username):
+        pass
+
     #user management
     @searpc_func("int", ["string", "string", "int", "int"])
     def add_emailuser(self, email, passwd, is_staff, is_active):

python/seaserv/api.py

@@ -858,6 +858,9 @@ class SeafileAPI(object):
 
     def search_files_by_path (self, repo_id, path, search_str):
         return seafserv_threaded_rpc.search_files_by_path(repo_id, path, search_str)
+
+    def gen_notif_server_jwt (self, repo_id, username):
+        return seafserv_threaded_rpc.generate_notif_server_jwt (repo_id, username)
     
 seafile_api = SeafileAPI()
 

server/http-server.c

@@ -25,6 +25,7 @@
 #include "diff-simple.h"
 #include "merge-new.h"
 #include "seaf-db.h"
+#include "seaf-utils.h"
 
 #include "access-file.h"
 #include "upload-file.h"
@@ -56,7 +57,6 @@
 #define TOKEN_EXPIRE_TIME 7200	    /* 2 hours */
 #define PERM_EXPIRE_TIME 7200       /* 2 hours */
 #define VIRINFO_EXPIRE_TIME 7200       /* 2 hours */
-#define JWT_TOKEN_EXPIRE_TIME 3*24*3600 /* 3 days*/
 
 #define FS_ID_LIST_MAX_WORKERS 3
 #define FS_ID_LIST_TOKEN_LEN 36
@@ -2378,53 +2378,6 @@ out:
     g_strfreev (parts);
 }
 
-static char *
-gen_jwt_token (const char *repo_id, const char *username)
-{
-    char *jwt_token = NULL;
-    gint64 now = (gint64)time(NULL);
-
-    jwt_t *jwt = NULL;
-
-    if (!seaf->private_key) {
-        seaf_warning ("No private key is configured for generating jwt token\n");
-        return NULL;
-    }
-
-    int ret = jwt_new (&jwt);
-    if (ret != 0 || jwt == NULL) {
-        seaf_warning ("Failed to create jwt\n");
-        goto out;
-    }
-
-    ret = jwt_add_grant (jwt, "repo_id", repo_id);
-    if (ret != 0) {
-        seaf_warning ("Failed to add repo_id to jwt\n");
-        goto out;
-    }
-    ret = jwt_add_grant (jwt, "username", username);
-    if (ret != 0) {
-        seaf_warning ("Failed to add username to jwt\n");
-        goto out;
-    }
-    ret = jwt_add_grant_int (jwt, "exp", now + JWT_TOKEN_EXPIRE_TIME);
-    if (ret != 0) {
-        seaf_warning ("Failed to expire time to jwt\n");
-        goto out;
-    }
-    ret = jwt_set_alg (jwt, JWT_ALG_HS256, (unsigned char *)seaf->private_key, strlen(seaf->private_key));
-    if (ret != 0) {
-        seaf_warning ("Failed to set alg\n");
-        goto out;
-    }
-
-    jwt_token = jwt_encode_str (jwt);
-
-out:
-    jwt_free (jwt);
-    return jwt_token;
-}
-
 static void
 get_jwt_token_cb (evhtp_request_t *req, void *arg)
 {
@@ -2449,7 +2402,7 @@ get_jwt_token_cb (evhtp_request_t *req, void *arg)
         goto out;
     }
 
-    jwt_token = gen_jwt_token (repo_id, username);
+    jwt_token = seaf_gen_notif_server_jwt (repo_id, username);
     if (!jwt_token) {
         seaf_warning ("Failed to gen jwt token for repo %s\n", repo_id);
         evhtp_send_reply (req, EVHTP_RES_SERVERR);

server/notif-mgr.c

@@ -59,7 +59,7 @@ gen_jwt_token ()
 
     jwt_t *jwt = NULL;
 
-    if (!seaf->private_key) {
+    if (!seaf->notif_server_private_key) {
         seaf_warning ("No private key is configured for generating jwt token\n");
         return NULL;
     }
@@ -75,7 +75,7 @@ gen_jwt_token ()
         seaf_warning ("Failed to expire time to jwt\n");
         goto out;
     }
-    ret = jwt_set_alg (jwt, JWT_ALG_HS256, (unsigned char *)seaf->private_key, strlen(seaf->private_key));
+    ret = jwt_set_alg (jwt, JWT_ALG_HS256, (unsigned char *)seaf->notif_server_private_key, strlen(seaf->notif_server_private_key));
     if (ret != 0) {
         seaf_warning ("Failed to set alg\n");
         goto out;

server/seaf-server.c

@@ -350,6 +350,11 @@ static void start_rpc_service (const char *seafile_dir,
                                      "search_files_by_path",
                                      searpc_signature_objlist__string_string_string());
 
+    searpc_server_register_function ("seafserv-threaded-rpcserver",
+                                     seafile_generate_notif_server_jwt,
+                                     "generate_notif_server_jwt",
+                                     searpc_signature_string__string_string());
+
     /* share repo to user */
     searpc_server_register_function ("seafserv-threaded-rpcserver",
                                      seafile_add_share,

server/seafile-session.c

@@ -121,7 +121,7 @@ seafile_session_new(const char *central_config_dir,
     gboolean notif_enabled = FALSE;
     char *notif_server = NULL;
     int notif_port = 8083;
-    char *private_key = NULL;
+    char *notif_server_private_key = NULL;
 
     abs_ccnet_dir = ccnet_expand_path (ccnet_dir);
     abs_seafile_dir = ccnet_expand_path (seafile_dir);
@@ -202,10 +202,10 @@ seafile_session_new(const char *central_config_dir,
                                              "notification", "port",
                                               NULL);
 
-        private_key = g_key_file_get_string (config,
+        notif_server_private_key = g_key_file_get_string (config,
                                              "notification", "jwt_private_key",
                                              NULL);
-        session->private_key = private_key;
+        session->notif_server_private_key = notif_server_private_key;
     }
 
     if (load_database_config (session) < 0) {
@@ -307,7 +307,7 @@ seafile_session_new(const char *central_config_dir,
 
 onerror:
     g_free (notif_server);
-    g_free (private_key);
+    g_free (notif_server_private_key);
     free (abs_seafile_dir);
     free (abs_ccnet_dir);
     g_free (tmp_file_dir);

server/seafile-session.h

@@ -93,7 +93,7 @@ struct _SeafileSession {
 
     // For notification server
     NotifManager *notif_mgr;
-    char         *private_key;
+    char         *notif_server_private_key;
 
     gboolean is_repair;
 };