diff options
| author | Per Larsson <[email protected]> | 2022-02-02 16:56:38 +0100 |
|---|---|---|
| committer | Per Larsson <[email protected]> | 2022-02-02 16:56:38 +0100 |
| commit | 5b7c068b482b563443320453064fe5fa5601d446 (patch) | |
| tree | 3309bc01ef5ab2f4d08580b5e6c1098c6b45570b | |
| parent | Parse expire time from OpenID refresh token and added OpenId token provider. (diff) | |
| download | zen-5b7c068b482b563443320453064fe5fa5601d446.tar.xz zen-5b7c068b482b563443320453064fe5fa5601d446.zip | |
Added upstream auth config and removed the possibility to add endpoints via REST.
| -rw-r--r-- | zenserver/auth/authmgr.cpp | 109 | ||||
| -rw-r--r-- | zenserver/auth/authmgr.h | 1 | ||||
| -rw-r--r-- | zenserver/config.cpp | 40 | ||||
| -rw-r--r-- | zenserver/config.h | 8 | ||||
| -rw-r--r-- | zenserver/upstream/jupiter.h | 3 | ||||
| -rw-r--r-- | zenserver/upstream/upstreamcache.cpp | 33 | ||||
| -rw-r--r-- | zenserver/upstream/upstreamcache.h | 15 | ||||
| -rw-r--r-- | zenserver/upstream/upstreamservice.cpp | 152 | ||||
| -rw-r--r-- | zenserver/zenserver.cpp | 80 |
9 files changed, 192 insertions, 249 deletions
diff --git a/zenserver/auth/authmgr.cpp b/zenserver/auth/authmgr.cpp index 9cdd5ed02..7b6c30640 100644 --- a/zenserver/auth/authmgr.cpp +++ b/zenserver/auth/authmgr.cpp @@ -28,7 +28,13 @@ class AuthMgrImpl final : public AuthMgr using Seconds = std::chrono::seconds; public: - AuthMgrImpl(const AuthConfig& Config) : m_Config(Config), m_Log(logging::Get("auth")) { LoadState(); } + AuthMgrImpl(const AuthConfig& Config) : m_Config(Config), m_Log(logging::Get("auth")) + { + LoadState(); + + m_BackgroundThread.Interval = Config.UpdateInterval; + m_BackgroundThread.Thread = std::thread(&AuthMgrImpl::BackgroundThreadEntry, this); + } virtual ~AuthMgrImpl() { SaveState(); } @@ -161,7 +167,11 @@ private: return Client.RefreshToken(RefreshToken); } - void Shutdown() { SaveState(); } + void Shutdown() + { + BackgroundThread::Stop(m_BackgroundThread); + SaveState(); + } void LoadState() { @@ -279,6 +289,100 @@ private: } } + void BackgroundThreadEntry() + { + for (;;) + { + std::cv_status SignalStatus = BackgroundThread::WaitForSignal(m_BackgroundThread); + + if (m_BackgroundThread.Running.load() == false) + { + break; + } + + if (SignalStatus != std::cv_status::timeout) + { + continue; + } + + { + // Refresh Open ID token(s) + + std::vector<OpenIdTokenMap::value_type> ExpiredTokens; + + { + std::unique_lock _(m_TokenMutex); + + for (const auto& Kv : m_OpenIdTokens) + { + const Seconds ExpiresIn = std::chrono::duration_cast<Seconds>(Kv.second.ExpireTime - Clock::now()); + const bool Expired = ExpiresIn < Seconds(m_BackgroundThread.Interval * 2); + + if (Expired) + { + ExpiredTokens.push_back(Kv); + } + } + } + + ZEN_DEBUG("refreshing '{}' OpenID token(s)", ExpiredTokens.size()); + + for (const auto& Kv : ExpiredTokens) + { + OidcClient::RefreshTokenResult RefreshResult = RefreshOpenIdToken(Kv.first, Kv.second.RefreshToken); + + if (RefreshResult.Ok) + { + ZEN_DEBUG("refresh access token from provider '{}' Ok", Kv.first); + + auto Token = OpenIdToken{.IdentityToken = RefreshResult.IdentityToken, + .RefreshToken = RefreshResult.RefreshToken, + .AccessToken = fmt::format("Bearer {}"sv, RefreshResult.AccessToken), + .ExpireTime = Clock::now() + Seconds(RefreshResult.ExpiresInSeconds)}; + + { + std::unique_lock _(m_TokenMutex); + m_OpenIdTokens.insert_or_assign(Kv.first, std::move(Token)); + } + } + else + { + ZEN_WARN("refresh access token from provider '{}' FAILED, reason '{}'", Kv.first, RefreshResult.Reason); + } + } + } + } + } + + struct BackgroundThread + { + std::chrono::seconds Interval{10}; + std::mutex Mutex; + std::condition_variable Signal; + std::atomic_bool Running{true}; + std::thread Thread; + + static void Stop(BackgroundThread& State) + { + if (State.Running.load()) + { + State.Running.store(true); + State.Signal.notify_one(); + } + + if (State.Thread.joinable()) + { + State.Thread.join(); + } + } + + static std::cv_status WaitForSignal(BackgroundThread& State) + { + std::unique_lock Lock(State.Mutex); + return State.Signal.wait_for(Lock, State.Interval); + } + }; + struct OpenIdProvider { std::string Name; @@ -302,6 +406,7 @@ private: AuthConfig m_Config; spdlog::logger& m_Log; + BackgroundThread m_BackgroundThread; OpenIdProviderMap m_OpenIdProviders; OpenIdTokenMap m_OpenIdTokens; std::mutex m_ProviderMutex; diff --git a/zenserver/auth/authmgr.h b/zenserver/auth/authmgr.h index 59dc1725d..355c25cc9 100644 --- a/zenserver/auth/authmgr.h +++ b/zenserver/auth/authmgr.h @@ -42,6 +42,7 @@ public: struct AuthConfig { std::filesystem::path RootDirectory; + std::chrono::seconds UpdateInterval{30}; }; std::unique_ptr<AuthMgr> MakeAuthMgr(const AuthConfig& Config); diff --git a/zenserver/config.cpp b/zenserver/config.cpp index 6fd1c3bea..bc44e305b 100644 --- a/zenserver/config.cpp +++ b/zenserver/config.cpp @@ -206,7 +206,7 @@ ParseCliOptions(int argc, char* argv[], ZenServerOptions& ServerOptions) "", "upstream-jupiter-oauth-url", "URL to the OAuth provier", - cxxopts::value<std::string>(ServerOptions.UpstreamCacheConfig.JupiterConfig.OAuthProvider)->default_value(""), + cxxopts::value<std::string>(ServerOptions.UpstreamCacheConfig.JupiterConfig.OAuthUrl)->default_value(""), ""); options.add_option("cache", @@ -225,30 +225,30 @@ ParseCliOptions(int argc, char* argv[], ZenServerOptions& ServerOptions) options.add_option("cache", "", - "upstream-jupiter-namespace", - "The Common Blob Store API namespace", - cxxopts::value<std::string>(ServerOptions.UpstreamCacheConfig.JupiterConfig.Namespace)->default_value(""), + "upstream-jupiter-openid-provider", + "Name of a registered Open ID provider", + cxxopts::value<std::string>(ServerOptions.UpstreamCacheConfig.JupiterConfig.OpenIdProvider)->default_value(""), ""); options.add_option("cache", "", - "upstream-jupiter-namespace-ddc", - "The lecacy DDC namespace", - cxxopts::value<std::string>(ServerOptions.UpstreamCacheConfig.JupiterConfig.DdcNamespace)->default_value(""), + "upstream-jupiter-token", + "A static authentication token", + cxxopts::value<std::string>(ServerOptions.UpstreamCacheConfig.JupiterConfig.AccessToken)->default_value(""), ""); options.add_option("cache", "", - "upstream-jupiter-prod", - "Enable Jupiter upstream caching using production settings", - cxxopts::value<bool>(ServerOptions.UpstreamCacheConfig.JupiterConfig.UseProductionSettings)->default_value("false"), + "upstream-jupiter-namespace", + "The Common Blob Store API namespace", + cxxopts::value<std::string>(ServerOptions.UpstreamCacheConfig.JupiterConfig.Namespace)->default_value(""), ""); options.add_option("cache", "", - "upstream-jupiter-dev", - "Enable Jupiter upstream caching using development settings", - cxxopts::value<bool>(ServerOptions.UpstreamCacheConfig.JupiterConfig.UseDevelopmentSettings)->default_value("false"), + "upstream-jupiter-namespace-ddc", + "The lecacy DDC namespace", + cxxopts::value<std::string>(ServerOptions.UpstreamCacheConfig.JupiterConfig.DdcNamespace)->default_value(""), ""); options.add_option("cache", @@ -322,7 +322,7 @@ ParseCliOptions(int argc, char* argv[], ZenServerOptions& ServerOptions) ""); try { - auto result = options.parse(argc, argv); + auto result = options.parse(argc, argv); ServerOptions.DataDir = DataDir; if (result.count("help")) @@ -487,7 +487,7 @@ ParseConfigFile(const std::filesystem::path& Path, ZenServerOptions& ServerOptio ServerOptions.UpstreamCacheConfig.JupiterConfig.Url); UpdateStringValueFromConfig(JupiterConfig.value(), std::string_view("oauthprovider"), - ServerOptions.UpstreamCacheConfig.JupiterConfig.OAuthProvider); + ServerOptions.UpstreamCacheConfig.JupiterConfig.OAuthUrl); UpdateStringValueFromConfig(JupiterConfig.value(), std::string_view("oauthclientid"), ServerOptions.UpstreamCacheConfig.JupiterConfig.OAuthClientId); @@ -495,16 +495,18 @@ ParseConfigFile(const std::filesystem::path& Path, ZenServerOptions& ServerOptio std::string_view("oauthclientsecret"), ServerOptions.UpstreamCacheConfig.JupiterConfig.OAuthClientSecret); UpdateStringValueFromConfig(JupiterConfig.value(), + std::string_view("openidprovider"), + ServerOptions.UpstreamCacheConfig.JupiterConfig.OpenIdProvider); + UpdateStringValueFromConfig(JupiterConfig.value(), + std::string_view("token"), + ServerOptions.UpstreamCacheConfig.JupiterConfig.AccessToken); + UpdateStringValueFromConfig(JupiterConfig.value(), std::string_view("namespace"), ServerOptions.UpstreamCacheConfig.JupiterConfig.Namespace); UpdateStringValueFromConfig(JupiterConfig.value(), std::string_view("ddcnamespace"), ServerOptions.UpstreamCacheConfig.JupiterConfig.DdcNamespace); - ServerOptions.UpstreamCacheConfig.JupiterConfig.UseDevelopmentSettings = - JupiterConfig->get_or("usedevelopmentsettings", - ServerOptions.UpstreamCacheConfig.JupiterConfig.UseDevelopmentSettings); - ServerOptions.UpstreamCacheConfig.JupiterConfig.UseLegacyDdc = JupiterConfig->get_or("uselegacyddc", ServerOptions.UpstreamCacheConfig.JupiterConfig.UseLegacyDdc); }; diff --git a/zenserver/config.h b/zenserver/config.h index e38b5c704..cad130193 100644 --- a/zenserver/config.h +++ b/zenserver/config.h @@ -23,14 +23,14 @@ struct ZenUpstreamJupiterConfig { std::string Name; std::string Url; - std::string OAuthProvider; + std::string OAuthUrl; std::string OAuthClientId; std::string OAuthClientSecret; + std::string OpenIdProvider; + std::string AccessToken; std::string Namespace; std::string DdcNamespace; - bool UseDevelopmentSettings = false; - bool UseProductionSettings = false; - bool UseLegacyDdc = false; + bool UseLegacyDdc = false; }; struct ZenUpstreamZenConfig diff --git a/zenserver/upstream/jupiter.h b/zenserver/upstream/jupiter.h index 1b9650bdf..47fdc4e17 100644 --- a/zenserver/upstream/jupiter.h +++ b/zenserver/upstream/jupiter.h @@ -185,8 +185,6 @@ public: std::string_view DdcNamespace() const { return m_DdcNamespace; } std::string_view BlobStoreNamespace() const { return m_BlobStoreNamespace; } std::string_view ServiceUrl() const { return m_ServiceUrl; } - bool IsValid() const { return m_IsValid; } - void SetAccessToken(CloudCacheAccessToken Token); spdlog::logger& Logger() { return m_Log; } @@ -198,7 +196,6 @@ private: std::chrono::milliseconds m_ConnectTimeout{}; std::chrono::milliseconds m_Timeout{}; std::unique_ptr<CloudCacheTokenProvider> m_TokenProvider; - bool m_IsValid = false; RwLock m_SessionStateLock; std::list<detail::CloudCacheSessionState*> m_SessionStateCache; diff --git a/zenserver/upstream/upstreamcache.cpp b/zenserver/upstream/upstreamcache.cpp index 58c025b4f..d83542701 100644 --- a/zenserver/upstream/upstreamcache.cpp +++ b/zenserver/upstream/upstreamcache.cpp @@ -85,9 +85,7 @@ namespace detail { class JupiterUpstreamEndpoint final : public UpstreamEndpoint { public: - JupiterUpstreamEndpoint(const CloudCacheClientOptions& Options, - std::unique_ptr<CloudCacheTokenProvider> TokenProvider, - AuthMgr& Mgr) + JupiterUpstreamEndpoint(const CloudCacheClientOptions& Options, const UpstreamAuthConfig& AuthConfig, AuthMgr& Mgr) : m_AuthMgr(Mgr) , m_Log(zen::logging::Get("upstream")) , m_UseLegacyDdc(Options.UseLegacyDdc) @@ -95,7 +93,30 @@ namespace detail { ZEN_ASSERT(!Options.Name.empty()); m_Info.Name = Options.Name; m_Info.Url = Options.ServiceUrl; - m_Client = new CloudCacheClient(Options, std::move(TokenProvider)); + + std::unique_ptr<CloudCacheTokenProvider> TokenProvider; + + if (AuthConfig.OAuthUrl.empty() == false) + { + TokenProvider = CloudCacheTokenProvider::MakeFromOAuthClientCredentials( + {.Url = AuthConfig.OAuthUrl, .ClientId = AuthConfig.OAuthClientId, .ClientSecret = AuthConfig.OAuthClientSecret}); + } + else if (AuthConfig.OpenIdProvider.empty() == false) + { + TokenProvider = CloudCacheTokenProvider::MakeFromCallback([this, ProviderName = std::string(AuthConfig.OpenIdProvider)]() { + AuthMgr::OpenIdAccessToken Token = m_AuthMgr.GetOpenIdAccessToken(ProviderName); + return CloudCacheAccessToken{.Value = Token.AccessToken, .ExpireTime = Token.ExpireTime}; + }); + } + else + { + CloudCacheAccessToken AccessToken{.Value = std::string(AuthConfig.AccessToken), + .ExpireTime = CloudCacheAccessToken::TimePoint::max()}; + + TokenProvider = CloudCacheTokenProvider::MakeFromStaticToken(AccessToken); + } + + m_Client = new CloudCacheClient(Options, std::move(TokenProvider)); } virtual ~JupiterUpstreamEndpoint() = default; @@ -1491,9 +1512,9 @@ MakeUpstreamCache(const UpstreamCacheOptions& Options, ZenCacheStore& CacheStore } std::unique_ptr<UpstreamEndpoint> -MakeJupiterUpstreamEndpoint(const CloudCacheClientOptions& Options, std::unique_ptr<CloudCacheTokenProvider> TokenProvider, AuthMgr& Mgr) +MakeJupiterUpstreamEndpoint(const CloudCacheClientOptions& Options, const UpstreamAuthConfig& AuthConfig, AuthMgr& Mgr) { - return std::make_unique<detail::JupiterUpstreamEndpoint>(Options, std::move(TokenProvider), Mgr); + return std::make_unique<detail::JupiterUpstreamEndpoint>(Options, AuthConfig, Mgr); } std::unique_ptr<UpstreamEndpoint> diff --git a/zenserver/upstream/upstreamcache.h b/zenserver/upstream/upstreamcache.h index c82af28c6..48601c879 100644 --- a/zenserver/upstream/upstreamcache.h +++ b/zenserver/upstream/upstreamcache.h @@ -123,6 +123,15 @@ ToString(UpstreamEndpointState State) } } +struct UpstreamAuthConfig +{ + std::string_view OAuthUrl; + std::string_view OAuthClientId; + std::string_view OAuthClientSecret; + std::string_view OpenIdProvider; + std::string_view AccessToken; +}; + struct UpstreamEndpointStatus { std::string Reason; @@ -205,9 +214,9 @@ public: std::unique_ptr<UpstreamCache> MakeUpstreamCache(const UpstreamCacheOptions& Options, ZenCacheStore& CacheStore, CidStore& CidStore); -std::unique_ptr<UpstreamEndpoint> MakeJupiterUpstreamEndpoint(const CloudCacheClientOptions& Options, - std::unique_ptr<CloudCacheTokenProvider> TokenProvider, - AuthMgr& Mgr); +std::unique_ptr<UpstreamEndpoint> MakeJupiterUpstreamEndpoint(const CloudCacheClientOptions& Options, + const UpstreamAuthConfig& AuthConfig, + AuthMgr& Mgr); std::unique_ptr<UpstreamEndpoint> MakeZenUpstreamEndpoint(const ZenStructuredCacheClientOptions& Options); diff --git a/zenserver/upstream/upstreamservice.cpp b/zenserver/upstream/upstreamservice.cpp index 5f248678a..74ddd7e3e 100644 --- a/zenserver/upstream/upstreamservice.cpp +++ b/zenserver/upstream/upstreamservice.cpp @@ -15,57 +15,6 @@ namespace zen { using namespace std::literals; -namespace { - json11::Json TryGetJson(IoBuffer Body, HttpContentType ContentType, std::string& OutError) - { - if (!Body) - { - OutError = "No data"sv; - return json11::Json(); - } - - if ((ContentType == HttpContentType::kJSON || ContentType == HttpContentType::kCbObject) == false) - { - OutError = "Invalid content type"sv; - return json11::Json(); - } - - if (ContentType == ZenContentType::kJSON) - { - std::string JsonText(reinterpret_cast<const char*>(Body.GetData()), Body.GetSize()); - return json11::Json::parse(JsonText, OutError); - } - - if (CbObject Obj = LoadCompactBinaryObject(Body)) - { - ExtendableStringBuilder<512> Sb; - return json11::Json::parse(Obj.ToJson(Sb).ToString(), OutError); - } - - OutError = "Invalid compact binary"sv; - return json11::Json(); - } - - void WriteErrorResponse(HttpServerRequest& Request, std::string_view Property, std::string_view Reason) - { - CbObjectWriter Response; - Response << "Result"sv << false; - Response.BeginObject("Error"sv); - Response << "Property"sv << Property << "Reason"sv << Reason; - Response.EndObject(); - - Request.WriteResponse(HttpResponseCode::BadRequest, Response.Save()); - } - - void WriteSuccessResponse(HttpServerRequest& Request) - { - CbObjectWriter Response; - Response << "Result"sv << true; - - Request.WriteResponse(HttpResponseCode::OK, Response.Save()); - } -} // namespace - HttpUpstreamService::HttpUpstreamService(UpstreamCache& Upstream, AuthMgr& Mgr) : m_Upstream(Upstream), m_AuthMgr(Mgr) { m_Router.RegisterRoute( @@ -90,107 +39,6 @@ HttpUpstreamService::HttpUpstreamService(UpstreamCache& Upstream, AuthMgr& Mgr) Req.ServerRequest().WriteResponse(HttpResponseCode::OK, Writer.Save()); }, HttpVerb::kGet); - - m_Router.RegisterRoute( - "endpoints", - [this](HttpRouterRequest& RouterRequest) { - HttpServerRequest& ServerRequest = RouterRequest.ServerRequest(); - std::string JsonError; - - json11::Json Json = TryGetJson(ServerRequest.ReadPayload(), ServerRequest.RequestContentType(), JsonError); - - if (!JsonError.empty()) - { - return ServerRequest.WriteResponse(HttpResponseCode::BadRequest, HttpContentType::kText, JsonError); - } - - const auto Type = Json["Type"].string_value(); - const auto Name = Json["Name"].string_value(); - const auto Url = Json["Url"].string_value(); - const auto Namespace = Json["Namespace"].string_value(); - const auto OAuthProvider = Json["OAuthProvider"].string_value(); - const auto OAuthClientId = Json["OAuthClientId"].string_value(); - const auto OAuthSecret = Json["OAuthSecret"].string_value(); - const auto OAuthToken = Json["OAuthToken"].string_value(); - - if ((Type == "Horde"sv || Type == "Zen"sv) == false) - { - return WriteErrorResponse(ServerRequest, "Type"sv, "Invalid endpoint type, must be Zen or Horde"sv); - } - - if (Name.empty()) - { - return WriteErrorResponse(ServerRequest, "Name"sv, "Invalid endpoint name"sv); - } - - if (Url.empty()) - { - return WriteErrorResponse(ServerRequest, "Url"sv, "Invalid endpoint URL"sv); - } - - bool IsNameUnique = true; - m_Upstream.IterateEndpoints([&Name, &IsNameUnique](UpstreamEndpoint& Ep) { - IsNameUnique = IsNameUnique && Ep.GetEndpointInfo().Name != Name; - return IsNameUnique; - }); - - if (IsNameUnique == false) - { - return WriteErrorResponse(ServerRequest, "Url"sv, "Endpoint name is not unique"sv); - } - - std::unique_ptr<zen::UpstreamEndpoint> Endpoint; - - if (Type == "Zen"sv) - { - std::vector<std::string> Urls; - Urls.push_back(Json["Url"].string_value()); - Endpoint = zen::MakeZenUpstreamEndpoint({.Name = Name, .Urls = Urls}); - } - else - { - if (Namespace.empty()) - { - return WriteErrorResponse(ServerRequest, "Namespace"sv, "Invalid Horde namespace"sv); - } - - if (OAuthProvider.empty()) - { - return WriteErrorResponse(ServerRequest, "OAuthProvider"sv, "Invalid Horde OAuth provider URL"sv); - } - - if (OAuthToken.empty()) - { - if (OAuthClientId.empty()) - { - return WriteErrorResponse(ServerRequest, "OAuthClientId"sv, "Invalid Horde OAuth client ID"sv); - } - - if (OAuthSecret.empty()) - { - return WriteErrorResponse(ServerRequest, "OAuthSecret"sv, "Invalid Horde OAuth secret"sv); - } - } - - /* - const zen::CloudCacheClientOptions Options = {.Name = Name, - .ServiceUrl = Url, - .DdcNamespace = Namespace, - .BlobStoreNamespace = Namespace, - .OAuthProvider = OAuthProvider, - .OAuthClientId = OAuthClientId, - .OAuthSecret = OAuthSecret, - .AccessToken = OAuthToken}; - - Endpoint = zen::MakeJupiterUpstreamEndpoint(Options, m_AuthMgr); - */ - } - - m_Upstream.RegisterEndpoint(std::move(Endpoint)); - - WriteSuccessResponse(ServerRequest); - }, - HttpVerb::kPost); } HttpUpstreamService::~HttpUpstreamService() diff --git a/zenserver/zenserver.cpp b/zenserver/zenserver.cpp index 8d408eb90..c8ee024fb 100644 --- a/zenserver/zenserver.cpp +++ b/zenserver/zenserver.cpp @@ -742,66 +742,26 @@ ZenServer::InitializeStructuredCache(const ZenServerOptions& ServerOptions) // Jupiter upstream { - zen::CloudCacheClientOptions Options; - std::unique_ptr<CloudCacheTokenProvider> TokenProvider; - std::string EndpointName; - std::string Url; - - if (UpstreamConfig.JupiterConfig.UseProductionSettings || UpstreamConfig.JupiterConfig.UseDevelopmentSettings) - { - EndpointName = "Jupiter-Dev"; - Url = "https://jupiter.devtools-dev.epicgames.com"; - - if (UpstreamConfig.JupiterConfig.UseProductionSettings) - { - EndpointName = "Jupiter-Prod"; - Url = "https://jupiter.devtools.epicgames.com"; - } - - TokenProvider = CloudCacheTokenProvider::MakeFromOAuthClientCredentials( - {.Url = "https://epicgames.okta.com/oauth2/auso645ojjWVdRI3d0x7/v1/token"sv, - .ClientId = "0oao91lrhqPiAlaGD0x7"sv, - .ClientSecret = "-GBWjjenhCgOwhxL5yBKNJECVIoDPH0MK4RDuN7d"sv}); - - Options = - zen::CloudCacheClientOptions{.Name = EndpointName, - .ServiceUrl = Url, - .DdcNamespace = "ue.ddc"sv, - .BlobStoreNamespace = "ue.ddc"sv, - .ConnectTimeout = std::chrono::milliseconds(UpstreamConfig.ConnectTimeoutMilliseconds), - .Timeout = std::chrono::milliseconds(UpstreamConfig.TimeoutMilliseconds), - .UseLegacyDdc = false}; - } - else - { - EndpointName = UpstreamConfig.JupiterConfig.Name.empty() ? "Jupiter"sv : UpstreamConfig.JupiterConfig.Name; - - TokenProvider = CloudCacheTokenProvider::MakeFromOAuthClientCredentials( - {.Url = "https://epicgames.okta.com/oauth2/auso645ojjWVdRI3d0x7/v1/token"sv, - .ClientId = "0oao91lrhqPiAlaGD0x7"sv, - .ClientSecret = "-GBWjjenhCgOwhxL5yBKNJECVIoDPH0MK4RDuN7d"sv}); - - Options = - zen::CloudCacheClientOptions{.Name = EndpointName, - .ServiceUrl = UpstreamConfig.JupiterConfig.Url, - .DdcNamespace = UpstreamConfig.JupiterConfig.DdcNamespace, - .BlobStoreNamespace = UpstreamConfig.JupiterConfig.Namespace, - .ConnectTimeout = std::chrono::milliseconds(UpstreamConfig.ConnectTimeoutMilliseconds), - .Timeout = std::chrono::milliseconds(UpstreamConfig.TimeoutMilliseconds), - .UseLegacyDdc = false}; - } - - if (!Options.ServiceUrl.empty()) - { - TokenProvider = CloudCacheTokenProvider::MakeFromCallback([this]() { - AuthMgr::OpenIdAccessToken Token = m_AuthMgr->GetOpenIdAccessToken("Okta"sv); - return CloudCacheAccessToken{.Value = Token.AccessToken, .ExpireTime = Token.ExpireTime}; - }); - - std::unique_ptr<zen::UpstreamEndpoint> JupiterEndpoint = - zen::MakeJupiterUpstreamEndpoint(Options, std::move(TokenProvider), *m_AuthMgr); - m_UpstreamCache->RegisterEndpoint(std::move(JupiterEndpoint)); - } + std::string_view EndpointName = UpstreamConfig.JupiterConfig.Name.empty() ? "Jupiter"sv : UpstreamConfig.JupiterConfig.Name; + + auto Options = + zen::CloudCacheClientOptions{.Name = EndpointName, + .ServiceUrl = UpstreamConfig.JupiterConfig.Url, + .DdcNamespace = UpstreamConfig.JupiterConfig.DdcNamespace, + .BlobStoreNamespace = UpstreamConfig.JupiterConfig.Namespace, + .ConnectTimeout = std::chrono::milliseconds(UpstreamConfig.ConnectTimeoutMilliseconds), + .Timeout = std::chrono::milliseconds(UpstreamConfig.TimeoutMilliseconds), + .UseLegacyDdc = false}; + + auto AuthConfig = zen::UpstreamAuthConfig{.OAuthUrl = UpstreamConfig.JupiterConfig.OAuthUrl, + .OAuthClientId = UpstreamConfig.JupiterConfig.OAuthClientId, + .OAuthClientSecret = UpstreamConfig.JupiterConfig.OAuthClientSecret, + .OpenIdProvider = UpstreamConfig.JupiterConfig.OpenIdProvider, + .AccessToken = UpstreamConfig.JupiterConfig.AccessToken}; + + std::unique_ptr<zen::UpstreamEndpoint> JupiterEndpoint = zen::MakeJupiterUpstreamEndpoint(Options, AuthConfig, *m_AuthMgr); + + m_UpstreamCache->RegisterEndpoint(std::move(JupiterEndpoint)); } } |