refactor: settings into modules

2026-05-31 02:31:15 +00:00
parent 3b7916d66c
commit 7173f504ed
7 changed files with 695 additions and 560 deletions
--- a/apps/nxmesh-agent/src/config/settings/auth.rs
+++ b/apps/nxmesh-agent/src/config/settings/auth.rs
@@ -0,0 +1,166 @@
+use serde::{Deserialize, Serialize};
+
+use crate::config::settings::{Validate, ValidationError};
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub enum MAuthSettings {
+    Tls(TLSSettings),
+}
+
+/// TLS certificate settings
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub enum TLSSettings {
+    RawPath {
+        ca_path: String,
+        cert_path: String,
+        key_path: String,
+    },
+    ZipPath {
+        cert_zip_path: String,
+    },
+}
+
+impl Validate for MAuthSettings {
+    fn validate(&self) -> Result<(), ValidationError> {
+        match self {
+            MAuthSettings::Tls(tls_settings) => tls_settings.validate()?,
+        }
+        Ok(())
+    }
+}
+
+impl Validate for TLSSettings {
+    fn validate(&self) -> Result<(), ValidationError> {
+        match self {
+            TLSSettings::RawPath {
+                ca_path,
+                cert_path,
+                key_path,
+            } => {
+                if !std::path::Path::new(ca_path).exists() {
+                    return Err(format!("CA file not found: {}", ca_path));
+                }
+                if !std::path::Path::new(cert_path).exists() {
+                    return Err(format!("Certificate file not found: {}", cert_path));
+                }
+                if !std::path::Path::new(key_path).exists() {
+                    return Err(format!("Key file not found: {}", key_path));
+                }
+            }
+            TLSSettings::ZipPath { cert_zip_path } => {
+                if !std::path::Path::new(cert_zip_path).exists() {
+                    return Err(format!("Certificate zip file not found: {}", cert_zip_path));
+                }
+            }
+        }
+        Ok(())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use std::{
+        fs,
+        os::unix::fs::PermissionsExt,
+        path::{Path, PathBuf},
+    };
+
+    use tempfile::TempDir;
+
+    use super::*;
+
+    #[test]
+    fn test_esnure_send_and_sync() {
+        fn assert_send_sync<T: Send + Sync>() {}
+        assert_send_sync::<TLSSettings>();
+    }
+
+    fn write_file(path: &Path) {
+        let result = fs::write(path, b"content");
+        assert!(result.is_ok());
+    }
+
+    fn create_exec_file(path: &Path) {
+        write_file(path);
+        let metadata = fs::metadata(path);
+        assert!(metadata.is_ok());
+        let metadata = metadata.ok();
+        assert!(metadata.is_some());
+        let metadata = metadata.unwrap_or_else(|| unreachable!());
+
+        let mut perms = metadata.permissions();
+        perms.set_mode(0o755);
+        let result = fs::set_permissions(path, perms);
+        assert!(result.is_ok());
+    }
+
+    fn create_non_exec_file(path: &Path) {
+        write_file(path);
+        let metadata = fs::metadata(path);
+        assert!(metadata.is_ok());
+        let metadata = metadata.ok();
+        assert!(metadata.is_some());
+        let metadata = metadata.unwrap_or_else(|| unreachable!());
+
+        let mut perms = metadata.permissions();
+        perms.set_mode(0o644);
+        let result = fs::set_permissions(path, perms);
+        assert!(result.is_ok());
+    }
+
+    fn valid_tls_raw_paths(temp_dir: &TempDir) -> (PathBuf, PathBuf, PathBuf) {
+        let ca_path = temp_dir.path().join("ca.pem");
+        let cert_path = temp_dir.path().join("cert.pem");
+        let key_path = temp_dir.path().join("key.pem");
+
+        write_file(&ca_path);
+        write_file(&cert_path);
+        write_file(&key_path);
+
+        (ca_path, cert_path, key_path)
+    }
+
+    #[test]
+    fn tls_raw_path_validate_succeeds_when_all_files_exist() {
+        let temp_dir = TempDir::new();
+        assert!(temp_dir.is_ok());
+        let temp_dir = temp_dir.ok();
+        assert!(temp_dir.is_some());
+        let temp_dir = temp_dir.unwrap_or_else(|| unreachable!());
+
+        let (ca_path, cert_path, key_path) = valid_tls_raw_paths(&temp_dir);
+        let settings = TLSSettings::RawPath {
+            ca_path: ca_path.to_string_lossy().to_string(),
+            cert_path: cert_path.to_string_lossy().to_string(),
+            key_path: key_path.to_string_lossy().to_string(),
+        };
+
+        assert!(settings.validate().is_ok());
+    }
+
+    #[test]
+    fn tls_raw_path_validate_fails_when_ca_missing() {
+        let settings = TLSSettings::RawPath {
+            ca_path: "/tmp/does-not-exist-ca.pem".into(),
+            cert_path: "/tmp/does-not-exist-cert.pem".into(),
+            key_path: "/tmp/does-not-exist-key.pem".into(),
+        };
+
+        let result = settings.validate();
+        assert!(result.is_err());
+        let msg = result.err().unwrap_or_else(|| unreachable!());
+        assert!(msg.contains("CA file not found"));
+    }
+
+    #[test]
+    fn tls_zip_path_validate_fails_when_zip_missing() {
+        let settings = TLSSettings::ZipPath {
+            cert_zip_path: "/tmp/missing-certs.zip".into(),
+        };
+
+        let result = settings.validate();
+        assert!(result.is_err());
+        let msg = result.err().unwrap_or_else(|| unreachable!());
+        assert!(msg.contains("Certificate zip file not found"));
+    }
+}