From 6b48054a2ee173f88251f2447ae9e503ff81c059 Mon Sep 17 00:00:00 2001 From: James Hodgkinson Date: Tue, 15 Oct 2024 11:28:07 +1000 Subject: [PATCH] fix(http): status content type should be JSON (#3096) --- examples/kanidm | 34 +++++++++++++++----------------- libs/client/src/lib.rs | 4 ++++ server/core/src/https/generic.rs | 12 +++++------ 3 files changed, 26 insertions(+), 24 deletions(-) diff --git a/examples/kanidm b/examples/kanidm index efb0431da..fe3878ba7 100644 --- a/examples/kanidm +++ b/examples/kanidm @@ -6,8 +6,6 @@ uri = "https://idm.example.com" # TODO: document this # verify_ca = true -# enable (default) or disable TLS certificate verification -# verify_certificate = true # enable (default) or disable TLS certificate hostname verification # verify_hostnames = true @@ -15,31 +13,31 @@ uri = "https://idm.example.com" # ca_path = "/etc/kanidm/cacert.pem" # when configuring the FreeRADIUS server, set the service account details here -auth_token = "putyourtokenhere" +# auth_token = "putyourtokenhere" -radius_cert_path = "/certs/cert.pem" # the TLS certificate -radius_key_path = "/certs/key.pem" # the signing key for radius TLS -radius_ca_path = "/certs/ca.pem" # the CA certificate -radius_dh_path = "/certs/dh.pem" # the diffie-hellman output +# radius_cert_path = "/certs/cert.pem" # the TLS certificate +# radius_key_path = "/certs/key.pem" # the signing key for radius TLS +# radius_ca_path = "/certs/ca.pem" # the CA certificate +# radius_dh_path = "/certs/dh.pem" # the diffie-hellman output # A list of groups, if a user is in them, they're approved for RADIUS authentication -radius_required_groups = [ - "radius_access_allowed", -] +# radius_required_groups = [ +# "radius_access_allowed", +# ] # A mapping between Kanidm groups and VLANS -radius_groups = [ - { spn = "radius_access_allowed", vlan = 10 }, -] +# radius_groups = [ +# { spn = "radius_access_allowed", vlan = 10 }, +# ] # The default VLAN if the user does not fit into another group -radius_default_vlan = 1 +# radius_default_vlan = 1 # A list of radius clients and their passwords, which are allowed to connect, # typically network devices like switches and access points. -radius_clients = [ - { name = "test", ipaddr = "127.0.0.1", secret = "testing123" }, - { name = "docker" , ipaddr = "172.17.0.0/16", secret = "testing123" }, -] +# radius_clients = [ +# { name = "test", ipaddr = "127.0.0.1", secret = "testing123" }, +# { name = "docker" , ipaddr = "172.17.0.0/16", secret = "testing123" }, +# ] # The client connection timeout, in seconds. connect_timeout = 30 diff --git a/libs/client/src/lib.rs b/libs/client/src/lib.rs index 929c77afc..7db9c1a90 100644 --- a/libs/client/src/lib.rs +++ b/libs/client/src/lib.rs @@ -98,6 +98,9 @@ pub struct KanidmClientConfigInstance { /// /// Environment variable is `KANIDM_CA_PATH`. pub ca_path: Option, + + /// Connection Timeout for the client, in seconds. + pub connect_timeout: Option, } #[derive(Debug, Deserialize, Serialize)] @@ -300,6 +303,7 @@ impl KanidmClientBuilder { Some(ca_path) => Some(Self::parse_certificate(&ca_path)?), None => ca, }; + let connect_timeout = kcc.connect_timeout.or(connect_timeout); Ok(KanidmClientBuilder { address, diff --git a/server/core/src/https/generic.rs b/server/core/src/https/generic.rs index f6f3f31d3..28f5907a0 100644 --- a/server/core/src/https/generic.rs +++ b/server/core/src/https/generic.rs @@ -1,7 +1,7 @@ use axum::extract::State; use axum::http::header::CONTENT_TYPE; use axum::response::IntoResponse; -use axum::Extension; +use axum::{Extension, Json}; use kanidmd_lib::status::StatusRequestEvent; use super::middleware::KOpId; @@ -11,7 +11,7 @@ use super::ServerState; get, path = "/status", responses( - (status = 200, description = "Ok"), + (status = 200, description = "Ok", content_type = "application/json"), ), tag = "system", @@ -20,14 +20,14 @@ use super::ServerState; pub async fn status( State(state): State, Extension(kopid): Extension, -) -> String { - let r = state +) -> Json { + state .status_ref .handle_request(StatusRequestEvent { eventid: kopid.eventid, }) - .await; - format!("{}", r) + .await + .into() } #[utoipa::path(