Add function to report devices activity

central_backend/src/server/devices_api/mgmt_controller.rs

@@ -1,15 +1,13 @@
 use crate::app_config::AppConfig;
-use crate::crypto::pki;
 use crate::devices::device::{DeviceId, DeviceInfo};
 use crate::energy::energy_actor;
 use crate::energy::energy_actor::RelaySyncStatus;
 use crate::server::custom_error::HttpResult;
+use crate::server::devices_api::jwt_parser::JWTRequest;
 use crate::server::WebEnergyActor;
 use actix_web::{web, HttpResponse};
-use jsonwebtoken::{Algorithm, DecodingKey, Validation};
 use openssl::nid::Nid;
-use openssl::x509::{X509Req, X509};
-use std::collections::HashSet;
+use openssl::x509::X509Req;
 
 #[derive(Debug, serde::Deserialize)]
 pub struct EnrollRequest {
@@ -129,11 +127,6 @@ pub async fn get_certificate(query: web::Query<ReqWithDevID>, actor: WebEnergyAc
         .body(cert))
 }
 
-#[derive(serde::Deserialize)]
-pub struct SyncRequest {
-    payload: String,
-}
-
 #[derive(Debug, serde::Serialize, serde::Deserialize)]
 struct Claims {
     info: DeviceInfo,
@@ -145,68 +138,11 @@ struct SyncResult {
 }
 
 /// Synchronize device
-pub async fn sync_device(body: web::Json<SyncRequest>, actor: WebEnergyActor) -> HttpResult {
-    // First, we need to extract device kid from query
-    let Ok(jwt_header) = jsonwebtoken::decode_header(&body.payload) else {
-        log::error!("Failed to decode JWT header!");
-        return Ok(HttpResponse::BadRequest().json("Failed to decode JWT header!"));
-    };
-
-    let Some(kid) = jwt_header.kid else {
-        log::error!("Missing KID in JWT!");
-        return Ok(HttpResponse::BadRequest().json("Missing KID in JWT!"));
-    };
-
-    // Fetch device information
-    let Some(device) = actor
-        .send(energy_actor::GetSingleDevice(DeviceId(kid)))
-        .await?
-    else {
-        log::error!("Sent a JWT for a device which does not exists!");
-        return Ok(HttpResponse::NotFound().json("Sent a JWT for a device which does not exists!"));
-    };
-
-    if !device.validated {
-        log::error!("Sent a JWT for a device which is not validated!");
-        return Ok(HttpResponse::PreconditionFailed()
-            .json("Sent a JWT for a device which is not validated!"));
-    }
-
-    // Check certificate revocation status
-    let cert_bytes = std::fs::read(AppConfig::get().device_cert_path(&device.id))?;
-    let certificate = X509::from_pem(&cert_bytes)?;
-
-    if pki::CertData::load_devices_ca()?.is_revoked(&certificate)? {
-        log::error!("Sent a JWT using a revoked certificate!");
-        return Ok(
-            HttpResponse::PreconditionFailed().json("Sent a JWT using a revoked certificate!")
-        );
-    }
-
-    let (key, alg) = match DecodingKey::from_ec_pem(&cert_bytes) {
-        Ok(key) => (key, Algorithm::ES256),
-        Err(e) => {
-            log::warn!("Failed to decode certificate as EC certificate {e}, trying RSA...");
-            (
-                DecodingKey::from_rsa_pem(&cert_bytes).expect("Failed to decode RSA certificate"),
-                Algorithm::RS256,
-            )
-        }
-    };
-    let mut validation = Validation::new(alg);
-    validation.validate_exp = false;
-    validation.required_spec_claims = HashSet::default();
-
-    let c = match jsonwebtoken::decode::<Claims>(&body.payload, &key, &validation) {
-        Ok(c) => c,
-        Err(e) => {
-            log::error!("Failed to validate JWT! {e}");
-            return Ok(HttpResponse::PreconditionFailed().json("Failed to validate JWT!"));
-        }
-    };
+pub async fn sync_device(body: web::Json<JWTRequest>, actor: WebEnergyActor) -> HttpResult {
+    let (device, claims) = body.0.parse_jwt::<Claims>(actor.clone()).await?;
 
     let relays = actor
-        .send(energy_actor::SynchronizeDevice(device.id, c.claims.info))
+        .send(energy_actor::SynchronizeDevice(device.id, claims.info))
         .await??;
 
     Ok(HttpResponse::Ok().json(SyncResult { relays }))