etiennecollin
diff --git a/‎README.md‎
Lines changed: 66 additions & 27 deletions b/‎README.md‎
Lines changed: 66 additions & 27 deletions
diff --git a/‎backend/Cargo.lock‎
Lines changed: 3 additions & 2 deletions b/‎backend/Cargo.lock‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎backend/Cargo.toml‎
Lines changed: 1 addition & 0 deletions b/‎backend/Cargo.toml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎backend/src/environment.rs‎
Lines changed: 103 additions & 0 deletions b/‎backend/src/environment.rs‎
Lines changed: 103 additions & 0 deletions
diff --git a/‎backend/src/handlers.rs‎
Lines changed: 66 additions & 4 deletions b/‎backend/src/handlers.rs‎
Lines changed: 66 additions & 4 deletions
diff --git a/‎backend/src/lib.rs‎
Lines changed: 2 additions & 94 deletions b/‎backend/src/lib.rs‎
Lines changed: 2 additions & 94 deletions
@@ -8,6 +8,7 @@ axum = "0.8.4"
 chrono = { version = "0.4.41" }
 chrono-tz = "0.10.4"
 dotenvy = { version = "0.15.7", optional = true }
+percent-encoding = "2.3.2"
 reqwest = { version = "0.12.22", features = ["json", "rustls-tls"] }
 serde = { version = "1.0.219", features = ["derive"] }
 serde_json = "1.0.141"
 
@@ -0,0 +1,103 @@
+use std::{env, sync::OnceLock};
+
+use chrono_tz::Tz;
+use tracing::{error, info};
+
+const DEFAULT_BACKEND_BIND_HOST: &str = "127.0.0.1";
+const DEFAULT_BACKEND_BIND_PORT: u16 = 8080;
+const DEFAULT_UNIFI_SITE_ID: &str = "default";
+const DEEFAULT_ROLLING_VOUCHER_DURATION_MINUTES: u64 = 480;
+
+pub static ENVIRONMENT: OnceLock<Environment> = OnceLock::new();
+
+#[derive(Debug, Clone)]
+pub struct Environment {
+    pub unifi_controller_url: String,
+    pub unifi_site_id: String,
+    pub unifi_api_key: String,
+    pub backend_bind_host: String,
+    pub backend_bind_port: u16,
+    pub rolling_voucher_duration_minutes: u64,
+    pub unifi_has_valid_cert: bool,
+    pub timezone: Tz,
+}
+
+impl Environment {
+    pub fn try_new() -> Result<Self, String> {
+        #[cfg(feature = "dotenv")]
+        dotenvy::dotenv().map_err(|e| format!("Failed to load .env file: {e}"))?;
+
+        let unifi_controller_url: String =
+            env::var("UNIFI_CONTROLLER_URL").map_err(|e| format!("UNIFI_CONTROLLER_URL: {e}"))?;
+
+        if !unifi_controller_url.starts_with("http://")
+            && !unifi_controller_url.starts_with("https://")
+        {
+            return Err("UNIFI_CONTROLLER_URL must start with http:// or https://".to_string());
+        }
+
+        let unifi_api_key: String =
+            env::var("UNIFI_API_KEY").map_err(|e| format!("UNIFI_API_KEY: {e}"))?;
+        let unifi_site_id: String =
+            env::var("UNIFI_SITE_ID").unwrap_or(DEFAULT_UNIFI_SITE_ID.to_owned());
+
+        let backend_bind_host: String =
+            env::var("BACKEND_BIND_HOST").unwrap_or(DEFAULT_BACKEND_BIND_HOST.to_owned());
+        let backend_bind_port: u16 = match env::var("BACKEND_BIND_PORT") {
+            Ok(port_str) => port_str
+                .parse()
+                .map_err(|e| format!("Invalid BACKEND_BIND_PORT: {e}"))?,
+            Err(_) => DEFAULT_BACKEND_BIND_PORT,
+        };
+
+        let rolling_voucher_duration_minutes = match env::var("ROLLING_VOUCHER_DURATION_MINUTES") {
+            Ok(val) => val
+                .parse()
+                .map_err(|e| format!("Invalid ROLLING_VOUCHER_DURATION_MINUTES: {e}"))?,
+            Err(_) => DEEFAULT_ROLLING_VOUCHER_DURATION_MINUTES,
+        };
+
+        let unifi_has_valid_cert: bool = match env::var("UNIFI_HAS_VALID_CERT") {
+            Ok(val) => {
+                Self::parse_bool(&val).map_err(|e| format!("Invalid UNIFI_HAS_VALID_CERT: {e}"))?
+            }
+            Err(_) => true,
+        };
+
+        let timezone: Tz = match env::var("TIMEZONE") {
+            Ok(s) => match s.parse() {
+                Ok(tz) => {
+                    info!("Using timezone: {}", s);
+                    tz
+                }
+                Err(_) => {
+                    error!("Using UTC, could not parse timezone: {}", s);
+                    Tz::UTC
+                }
+            },
+            Err(_) => {
+                info!("TIMEZONE environment variable not set, defaulting to UTC");
+                Tz::UTC
+            }
+        };
+
+        Ok(Self {
+            unifi_controller_url,
+            unifi_site_id,
+            unifi_api_key,
+            backend_bind_host,
+            backend_bind_port,
+            rolling_voucher_duration_minutes,
+            unifi_has_valid_cert,
+            timezone,
+        })
+    }
+
+    fn parse_bool(s: &str) -> Result<bool, String> {
+        match s.trim().to_lowercase().as_str() {
+            "true" | "1" | "yes" => Ok(true),
+            "false" | "0" | "no" => Ok(false),
+            _ => Err(format!("Boolean value must be true or false, found: {s}")),
+        }
+    }
+}
@@ -1,6 +1,11 @@
-use crate::{models::*, unifi_api::*};
-use axum::{extract::Query, http::StatusCode, response::Json};
-use tracing::{debug, error};
+use axum::{
+    extract::Query,
+    http::{HeaderMap, StatusCode},
+    response::Json,
+};
+use tracing::{debug, error, info};
+
+use crate::{models::*, unifi_api::UNIFI_API};
 
 pub async fn get_vouchers_handler() -> Result<Json<GetVouchersResponse>, StatusCode> {
     debug!("Received request to get vouchers");
@@ -14,7 +19,20 @@ pub async fn get_vouchers_handler() -> Result<Json<GetVouchersResponse>, StatusC
     }
 }
 
-pub async fn get_newest_voucher_handler() -> Result<Json<Option<Voucher>>, StatusCode> {
+pub async fn get_rolling_voucher_handler() -> Result<Json<Voucher>, StatusCode> {
+    debug!("Received request to get rolling voucher");
+    let client = UNIFI_API.get().expect("UnifiAPI not initialized");
+    match client.get_rolling_voucher().await {
+        Ok(Some(voucher)) => Ok(Json(voucher)),
+        Ok(None) => Err(StatusCode::NOT_FOUND),
+        Err(e) => {
+            error!("Failed to get rolling voucher: {}", e);
+            Err(e)
+        }
+    }
+}
+
+pub async fn get_newest_voucher_handler() -> Result<Json<Voucher>, StatusCode> {
     debug!("Received request to get newest voucher");
     let client = UNIFI_API.get().expect("UnifiAPI not initialized");
     match client.get_newest_voucher().await {
@@ -54,6 +72,38 @@ pub async fn create_voucher_handler(
     }
 }
 
+pub async fn create_rolling_voucher_handler(
+    headers: HeaderMap,
+) -> Result<Json<Voucher>, StatusCode> {
+    debug!("Received request to create voucher");
+
+    let client = UNIFI_API.get().expect("UnifiAPI not initialized");
+
+    if let Some(forwarded) = headers.get("x-forwarded-for") {
+        if let Ok(ip) = forwarded.to_str() {
+            debug!("Client IP from x-forwarded-for: {}", ip);
+
+            // Check if user already rotated the rolling voucher
+            if client.check_rolling_voucher_ip(ip).await? {
+                info!("Rolling voucher already rotated for IP: {}", ip);
+                return Err(StatusCode::FORBIDDEN);
+            }
+
+            // Voucher rotation allowed, create a new rolling voucher
+            match client.create_rolling_voucher(ip).await {
+                Ok(response) => return Ok(Json(response)),
+                Err(e) => {
+                    error!("Failed to create rolling voucher: {}", e);
+                    return Err(e);
+                }
+            }
+        }
+    }
+
+    error!("Invalid x-forwarded-for header");
+    Err(StatusCode::BAD_REQUEST)
+}
+
 pub async fn delete_selected_handler(
     Query(params): Query<DeleteRequest>,
 ) -> Result<Json<DeleteResponse>, StatusCode> {
@@ -81,6 +131,18 @@ pub async fn delete_expired_handler() -> Result<Json<DeleteResponse>, StatusCode
     }
 }
 
+pub async fn delete_expired_rolling_handler() -> Result<Json<DeleteResponse>, StatusCode> {
+    debug!("Received request to delete expired rolling voucher");
+    let client = UNIFI_API.get().expect("UnifiAPI not initialized");
+    match client.delete_expired_rolling_vouchers().await {
+        Ok(response) => Ok(Json(response)),
+        Err(e) => {
+            error!("Failed to delete expired rolling voucher: {}", e);
+            Err(e)
+        }
+    }
+}
+
 pub async fn health_check_handler() -> Result<Json<HealthCheckResponse>, StatusCode> {
     debug!("Received health check request");
     let response = HealthCheckResponse {
 
@@ -1,97 +1,5 @@
-use std::{env, sync::OnceLock};
-
-use chrono_tz::Tz;
-use tracing::{error, info};
-
+pub mod environment;
 pub mod handlers;
 pub mod models;
+pub mod tasks;
 pub mod unifi_api;
-
-const DEFAULT_BACKEND_BIND_HOST: &str = "127.0.0.1";
-const DEFAULT_BACKEND_BIND_PORT: u16 = 8080;
-const DEFAULT_UNIFI_SITE_ID: &str = "default";
-
-pub static ENVIRONMENT: OnceLock<Environment> = OnceLock::new();
-
-#[derive(Debug, Clone)]
-pub struct Environment {
-    pub unifi_controller_url: String,
-    pub unifi_site_id: String,
-    pub unifi_api_key: String,
-    pub backend_bind_host: String,
-    pub backend_bind_port: u16,
-    pub unifi_has_valid_cert: bool,
-    pub timezone: Tz,
-}
-
-impl Environment {
-    pub fn try_new() -> Result<Self, String> {
-        #[cfg(feature = "dotenv")]
-        dotenvy::dotenv().map_err(|e| format!("Failed to load .env file: {e}"))?;
-
-        let unifi_controller_url: String =
-            env::var("UNIFI_CONTROLLER_URL").map_err(|e| format!("UNIFI_CONTROLLER_URL: {e}"))?;
-
-        if !unifi_controller_url.starts_with("http://")
-            && !unifi_controller_url.starts_with("https://")
-        {
-            return Err("UNIFI_CONTROLLER_URL must start with http:// or https://".to_string());
-        }
-
-        let unifi_api_key: String =
-            env::var("UNIFI_API_KEY").map_err(|e| format!("UNIFI_API_KEY: {e}"))?;
-        let unifi_site_id: String =
-            env::var("UNIFI_SITE_ID").unwrap_or(DEFAULT_UNIFI_SITE_ID.to_owned());
-
-        let backend_bind_host: String =
-            env::var("BACKEND_BIND_HOST").unwrap_or(DEFAULT_BACKEND_BIND_HOST.to_owned());
-        let backend_bind_port: u16 = match env::var("BACKEND_BIND_PORT") {
-            Ok(port_str) => port_str
-                .parse()
-                .map_err(|e| format!("Invalid BACKEND_BIND_PORT: {e}"))?,
-            Err(_) => DEFAULT_BACKEND_BIND_PORT,
-        };
-
-        let unifi_has_valid_cert: bool = match env::var("UNIFI_HAS_VALID_CERT") {
-            Ok(val) => {
-                Self::parse_bool(&val).map_err(|e| format!("Invalid UNIFI_HAS_VALID_CERT: {e}"))?
-            }
-            Err(_) => true,
-        };
-
-        let timezone: Tz = match env::var("TIMEZONE") {
-            Ok(s) => match s.parse() {
-                Ok(tz) => {
-                    info!("Using timezone: {}", s);
-                    tz
-                }
-                Err(_) => {
-                    error!("Using UTC, could not parse timezone: {}", s);
-                    Tz::UTC
-                }
-            },
-            Err(_) => {
-                info!("TIMEZONE environment variable not set, defaulting to UTC");
-                Tz::UTC
-            }
-        };
-
-        Ok(Self {
-            unifi_controller_url,
-            unifi_site_id,
-            unifi_api_key,
-            backend_bind_host,
-            backend_bind_port,
-            unifi_has_valid_cert,
-            timezone,
-        })
-    }
-
-    fn parse_bool(s: &str) -> Result<bool, String> {
-        match s.trim().to_lowercase().as_str() {
-            "true" | "1" | "yes" => Ok(true),
-            "false" | "0" | "no" => Ok(false),
-            _ => Err(format!("Boolean value must be true or false, found: {s}")),
-        }
-    }
-}