thin-edge
diff --git a/‎Cargo.lock
Lines changed: 1 addition & 0 deletions b/‎Cargo.lock
Lines changed: 1 addition & 0 deletions
diff --git a/‎crates/common/download/src/download.rs
Lines changed: 15 additions & 11 deletions b/‎crates/common/download/src/download.rs
Lines changed: 15 additions & 11 deletions
diff --git a/‎crates/core/c8y_api/src/http_proxy.rs
Lines changed: 3 additions & 2 deletions b/‎crates/core/c8y_api/src/http_proxy.rs
Lines changed: 3 additions & 2 deletions
diff --git a/‎crates/extensions/c8y_auth_proxy/src/actor.rs
Lines changed: 4 additions & 4 deletions b/‎crates/extensions/c8y_auth_proxy/src/actor.rs
Lines changed: 4 additions & 4 deletions
diff --git a/‎crates/extensions/c8y_auth_proxy/src/server.rs
Lines changed: 19 additions & 11 deletions b/‎crates/extensions/c8y_auth_proxy/src/server.rs
Lines changed: 19 additions & 11 deletions
diff --git a/‎crates/extensions/c8y_auth_proxy/src/tokens.rs
Lines changed: 10 additions & 4 deletions b/‎crates/extensions/c8y_auth_proxy/src/tokens.rs
Lines changed: 10 additions & 4 deletions
diff --git a/‎crates/extensions/c8y_firmware_manager/src/actor.rs
Lines changed: 3 additions & 3 deletions b/‎crates/extensions/c8y_firmware_manager/src/actor.rs
Lines changed: 3 additions & 3 deletions
diff --git a/‎crates/extensions/c8y_firmware_manager/src/lib.rs
Lines changed: 7 additions & 7 deletions b/‎crates/extensions/c8y_firmware_manager/src/lib.rs
Lines changed: 7 additions & 7 deletions
@@ -11,6 +11,7 @@ use log::warn;
 use nix::sys::statvfs;
 pub use partial_response::InvalidResponseError;
 use reqwest::header;
+use reqwest::header::HeaderMap;
 use reqwest::Client;
 use reqwest::Identity;
 use serde::Deserialize;
@@ -20,8 +21,6 @@ use std::fs::File;
 use std::io::Seek;
 use std::io::SeekFrom;
 use std::io::Write;
-#[cfg(target_os = "linux")]
-use std::os::unix::prelude::AsRawFd;
 use std::path::Path;
 use std::path::PathBuf;
 use std::time::Duration;
@@ -31,6 +30,8 @@ use tedge_utils::file::FileError;
 use nix::fcntl::fallocate;
 #[cfg(target_os = "linux")]
 use nix::fcntl::FallocateFlags;
+#[cfg(target_os = "linux")]
+use std::os::unix::prelude::AsRawFd;
 
 fn default_backoff() -> ExponentialBackoff {
     // Default retry is an exponential retry with a limit of 15 minutes total.
@@ -49,8 +50,8 @@ fn default_backoff() -> ExponentialBackoff {
 #[serde(deny_unknown_fields)]
 pub struct DownloadInfo {
     pub url: String,
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub auth: Option<String>,
+    #[serde(skip)]
+    pub headers: HeaderMap,
 }
 
 impl From<&str> for DownloadInfo {
@@ -64,14 +65,14 @@ impl DownloadInfo {
     pub fn new(url: &str) -> Self {
         Self {
             url: url.into(),
-            auth: None,
+            headers: HeaderMap::new(),
         }
     }
 
     /// Creates new [`DownloadInfo`] from a URL with authentication.
-    pub fn with_auth(self, auth: &str) -> Self {
+    pub fn with_headers(self, header_map: HeaderMap) -> Self {
         Self {
-            auth: Some(auth.into()),
+            headers: header_map,
             ..self
         }
     }
@@ -369,8 +370,8 @@ impl Downloader {
 
         let operation = || async {
             let mut request = self.client.get(url.url());
-            if let Some(header_value) = &url.auth {
-                request = request.header("Authorization", header_value)
+            for (key, value) in &url.headers {
+                request = request.header(key, value)
             }
 
             if range_start != 0 {
@@ -467,6 +468,7 @@ fn try_pre_allocate_space(file: &File, path: &Path, file_len: u64) -> Result<(),
 #[allow(deprecated)]
 mod tests {
     use super::*;
+    use hyper::header::AUTHORIZATION;
     use std::io::Write;
     use tempfile::tempdir;
     use tempfile::NamedTempFile;
@@ -908,10 +910,12 @@ mod tests {
             }
         };
 
-        // applying token if `with_token` = true
+        // applying http auth header
         let url = {
             if with_token {
-                url.with_auth("Bearer token")
+                let mut headers = HeaderMap::new();
+                headers.append(AUTHORIZATION, "Bearer token".parse().unwrap());
+                url.with_headers(headers)
             } else {
                 url
             }
 
@@ -5,6 +5,7 @@ use mqtt_channel::PubChannel;
 use mqtt_channel::StreamExt;
 use mqtt_channel::Topic;
 use mqtt_channel::TopicFilter;
+use reqwest::header::HeaderMap;
 use reqwest::Url;
 use std::collections::HashMap;
 use std::time::Duration;
@@ -27,7 +28,7 @@ pub struct C8yEndPoint {
     c8y_host: String,
     c8y_mqtt_host: String,
     pub device_id: String,
-    pub token: Option<String>,
+    pub headers: HeaderMap,
     devices_internal_id: HashMap<String, String>,
 }
 
@@ -37,7 +38,7 @@ impl C8yEndPoint {
             c8y_host: c8y_host.into(),
             c8y_mqtt_host: c8y_mqtt_host.into(),
             device_id: device_id.into(),
-            token: None,
+            headers: HeaderMap::new(),
             devices_internal_id: HashMap::new(),
         }
     }
 
@@ -1,6 +1,6 @@
 use axum::async_trait;
-use c8y_http_proxy::credentials::AuthResult;
-use c8y_http_proxy::credentials::AuthRetriever;
+use c8y_http_proxy::credentials::HttpHeaderResult;
+use c8y_http_proxy::credentials::HttpHeaderRetriever;
 use camino::Utf8PathBuf;
 use futures::channel::mpsc;
 use futures::StreamExt;
@@ -38,14 +38,14 @@ impl C8yAuthProxyBuilder {
     pub fn try_from_config(
         config: &TEdgeConfig,
         c8y_profile: Option<&str>,
-        auth: &mut impl Service<(), AuthResult>,
+        header_retriever: &mut impl Service<(), HttpHeaderResult>,
     ) -> anyhow::Result<Self> {
         let reqwest_client = config.cloud_root_certs().client();
         let c8y = config.c8y.try_get(c8y_profile)?;
         let app_data = AppData {
             is_https: true,
             host: c8y.http.or_config_not_set()?.to_string(),
-            token_manager: TokenManager::new(AuthRetriever::new(auth)).shared(),
+            token_manager: TokenManager::new(HttpHeaderRetriever::new(header_retriever)).shared(),
             client: reqwest_client,
         };
         let bind = &c8y.proxy.bind;
 
@@ -23,6 +23,7 @@ use futures::Sink;
 use futures::SinkExt;
 use futures::Stream;
 use futures::StreamExt;
+use hyper::header::AUTHORIZATION;
 use hyper::header::HOST;
 use hyper::HeaderMap;
 use reqwest::Method;
@@ -235,7 +236,7 @@ async fn connect_to_websocket(
     for (name, value) in headers {
         req = req.header(name.as_str(), value);
     }
-    req = req.header("Authorization", auth_value);
+    req = req.header(AUTHORIZATION, auth_value);
     let req = req
         .uri(uri)
         .header(HOST, host.without_scheme.as_ref())
@@ -404,10 +405,10 @@ async fn respond_to(
         None => "",
     };
     let auth: fn(reqwest::RequestBuilder, &str) -> reqwest::RequestBuilder =
-        if headers.contains_key("Authorization") {
+        if headers.contains_key(AUTHORIZATION) {
             |req, _auth_value| req
         } else {
-            |req, auth_value| req.header("Authorization", auth_value)
+            |req, auth_value| req.header(AUTHORIZATION, auth_value)
         };
     headers.remove(HOST);
 
@@ -496,12 +497,13 @@ mod tests {
     use axum::body::Bytes;
     use axum::headers::authorization::Bearer;
     use axum::headers::Authorization;
+    use axum::http::header::AUTHORIZATION;
     use axum::http::Request;
     use axum::middleware::Next;
     use axum::TypedHeader;
-    use c8y_http_proxy::credentials::AuthRequest;
-    use c8y_http_proxy::credentials::AuthResult;
-    use c8y_http_proxy::credentials::AuthRetriever;
+    use c8y_http_proxy::credentials::HttpHeaderRequest;
+    use c8y_http_proxy::credentials::HttpHeaderResult;
+    use c8y_http_proxy::credentials::HttpHeaderRetriever;
     use camino::Utf8PathBuf;
     use futures::channel::mpsc;
     use futures::future::ready;
@@ -1113,7 +1115,7 @@ mod tests {
             let state = AppData {
                 is_https: false,
                 host: target_host.into(),
-                token_manager: TokenManager::new(AuthRetriever::new(&mut retriever)).shared(),
+                token_manager: TokenManager::new(HttpHeaderRetriever::new(&mut retriever)).shared(),
                 client: reqwest::Client::new(),
             };
             let trust_store = ca_dir
@@ -1147,16 +1149,22 @@ mod tests {
 
     #[async_trait]
     impl Server for IterJwtRetriever {
-        type Request = AuthRequest;
-        type Response = AuthResult;
+        type Request = HttpHeaderRequest;
+        type Response = HttpHeaderResult;
 
         fn name(&self) -> &str {
             "IterJwtRetriever"
         }
 
         async fn handle(&mut self, _request: Self::Request) -> Self::Response {
-            let auth_value = format!("Bearer {}", self.tokens.next().unwrap());
-            Ok(auth_value)
+            let mut header_map = HeaderMap::new();
+            header_map.insert(
+                AUTHORIZATION,
+                format!("Bearer {}", self.tokens.next().unwrap())
+                    .parse()
+                    .unwrap(),
+            );
+            Ok(header_map)
         }
     }
 
 
@@ -1,6 +1,8 @@
+use anyhow::Context;
+use hyper::header::AUTHORIZATION;
 use std::sync::Arc;
 
-use c8y_http_proxy::credentials::AuthRetriever;
+use c8y_http_proxy::credentials::HttpHeaderRetriever;
 use tokio::sync::Mutex;
 
 #[derive(Clone)]
@@ -16,12 +18,12 @@ impl SharedTokenManager {
 }
 
 pub struct TokenManager {
-    recv: AuthRetriever,
+    recv: HttpHeaderRetriever,
     cached: Option<Arc<str>>,
 }
 
 impl TokenManager {
-    pub fn new(recv: AuthRetriever) -> Self {
+    pub fn new(recv: HttpHeaderRetriever) -> Self {
         Self { recv, cached: None }
     }
 
@@ -41,7 +43,11 @@ impl TokenManager {
     }
 
     async fn refresh(&mut self) -> Result<Arc<str>, anyhow::Error> {
-        self.cached = Some(self.recv.await_response(()).await??.into());
+        let header_map = self.recv.await_response(()).await??;
+        let auth_header_value = header_map
+            .get(AUTHORIZATION)
+            .context("Authorization is missing from header")?;
+        self.cached = Some(auth_header_value.to_str()?.into());
         Ok(self.cached.as_ref().unwrap().clone())
     }
 }
@@ -12,7 +12,7 @@ use c8y_api::smartrest::message::collect_smartrest_messages;
 use c8y_api::smartrest::message::get_smartrest_template_id;
 use c8y_api::smartrest::smartrest_deserializer::SmartRestFirmwareRequest;
 use c8y_api::smartrest::smartrest_deserializer::SmartRestRequestGeneric;
-use c8y_http_proxy::credentials::AuthRetriever;
+use c8y_http_proxy::credentials::HttpHeaderRetriever;
 use log::error;
 use log::info;
 use log::warn;
@@ -84,7 +84,7 @@ impl FirmwareManagerActor {
         config: FirmwareManagerConfig,
         input_receiver: LoggingReceiver<FirmwareInput>,
         mqtt_publisher: DynSender<MqttMessage>,
-        auth_retriever: AuthRetriever,
+        header_retriever: HttpHeaderRetriever,
         download_sender: ClientMessageBox<IdDownloadRequest, IdDownloadResult>,
         progress_sender: DynSender<OperationOutcome>,
     ) -> Self {
@@ -93,7 +93,7 @@ impl FirmwareManagerActor {
             worker: FirmwareManagerWorker::new(
                 config,
                 mqtt_publisher,
-                auth_retriever,
+                header_retriever,
                 download_sender,
                 progress_sender,
             ),
 
@@ -10,8 +10,8 @@ mod tests;
 
 use actor::FirmwareInput;
 use actor::FirmwareManagerActor;
-use c8y_http_proxy::credentials::AuthResult;
-use c8y_http_proxy::credentials::AuthRetriever;
+use c8y_http_proxy::credentials::HttpHeaderResult;
+use c8y_http_proxy::credentials::HttpHeaderRetriever;
 pub use config::*;
 use tedge_actors::futures::channel::mpsc;
 use tedge_actors::Builder;
@@ -39,7 +39,7 @@ pub struct FirmwareManagerBuilder {
     config: FirmwareManagerConfig,
     input_receiver: LoggingReceiver<FirmwareInput>,
     mqtt_publisher: DynSender<MqttMessage>,
-    jwt_retriever: AuthRetriever,
+    header_retriever: HttpHeaderRetriever,
     download_sender: ClientMessageBox<IdDownloadRequest, IdDownloadResult>,
     progress_sender: DynSender<OperationOutcome>,
     signal_sender: mpsc::Sender<RuntimeRequest>,
@@ -49,7 +49,7 @@ impl FirmwareManagerBuilder {
     pub fn try_new(
         config: FirmwareManagerConfig,
         mqtt_actor: &mut (impl MessageSource<MqttMessage, TopicFilter> + MessageSink<MqttMessage>),
-        jwt_actor: &mut impl Service<(), AuthResult>,
+        header_actor: &mut impl Service<(), HttpHeaderResult>,
         downloader_actor: &mut impl Service<IdDownloadRequest, IdDownloadResult>,
     ) -> Result<FirmwareManagerBuilder, FileError> {
         Self::init(&config.data_dir)?;
@@ -65,14 +65,14 @@ impl FirmwareManagerBuilder {
 
         mqtt_actor.connect_sink(Self::subscriptions(&config.c8y_prefix), &mqtt_sender);
         let mqtt_publisher = mqtt_actor.get_sender();
-        let jwt_retriever = AuthRetriever::new(jwt_actor);
+        let header_retriever = HttpHeaderRetriever::new(header_actor);
         let download_sender = ClientMessageBox::new(downloader_actor);
         let progress_sender = input_sender.into();
         Ok(Self {
             config,
             input_receiver,
             mqtt_publisher,
-            jwt_retriever,
+            header_retriever,
             download_sender,
             progress_sender,
             signal_sender,
@@ -110,7 +110,7 @@ impl Builder<FirmwareManagerActor> for FirmwareManagerBuilder {
             self.config,
             self.input_receiver,
             self.mqtt_publisher,
-            self.jwt_retriever,
+            self.header_retriever,
             self.download_sender,
             self.progress_sender,
         ))
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,8 @@`
	`1`	`+use anyhow::Context;`
	`2`	`+use hyper::header::AUTHORIZATION;`
`1`	`3`	`use std::sync::Arc;`
`2`	`4`
`3`		`-use c8y_http_proxy::credentials::AuthRetriever;`
	`5`	`+use c8y_http_proxy::credentials::HttpHeaderRetriever;`
`4`	`6`	`use tokio::sync::Mutex;`
`5`	`7`
`6`	`8`	`#[derive(Clone)]`
`@@ -16,12 +18,12 @@ impl SharedTokenManager {`
`16`	`18`	`}`
`17`	`19`
`18`	`20`	`pub struct TokenManager {`
`19`		`- recv: AuthRetriever,`
	`21`	`+ recv: HttpHeaderRetriever,`
`20`	`22`	`cached: Option<Arc<str>>,`
`21`	`23`	`}`
`22`	`24`
`23`	`25`	`impl TokenManager {`
`24`		`- pub fn new(recv: AuthRetriever) -> Self {`
	`26`	`+ pub fn new(recv: HttpHeaderRetriever) -> Self {`
`25`	`27`	`Self { recv, cached: None }`
`26`	`28`	`}`
`27`	`29`
`@@ -41,7 +43,11 @@ impl TokenManager {`
`41`	`43`	`}`
`42`	`44`
`43`	`45`	`async fn refresh(&mut self) -> Result<Arc<str>, anyhow::Error> {`
`44`		`- self.cached = Some(self.recv.await_response(()).await??.into());`
	`46`	`+ let header_map = self.recv.await_response(()).await??;`
	`47`	`+ let auth_header_value = header_map`
	`48`	`+ .get(AUTHORIZATION)`
	`49`	`+ .context("Authorization is missing from header")?;`
	`50`	`+ self.cached = Some(auth_header_value.to_str()?.into());`
`45`	`51`	`Ok(self.cached.as_ref().unwrap().clone())`
`46`	`52`	`}`
`47`	`53`	`}`