diff --git a/rust/connlib/tunnel/src/control_protocol/gateway.rs b/rust/connlib/tunnel/src/control_protocol/gateway.rs index b5de9744b..cc02efdeb 100644 --- a/rust/connlib/tunnel/src/control_protocol/gateway.rs +++ b/rust/connlib/tunnel/src/control_protocol/gateway.rs @@ -63,7 +63,7 @@ where peer: PeerConfig, relays: Vec, client_id: ClientId, - expires_at: DateTime, + expires_at: Option>, resource: ResourceDescription, ) -> Result { let IceConnection { @@ -166,7 +166,7 @@ where &self, resource: ResourceDescription, client_id: ClientId, - expires_at: DateTime, + expires_at: Option>, domain: Option, ) -> Option { if let Some((_, peer)) = self @@ -220,7 +220,7 @@ where peer_config: PeerConfig, client_id: ClientId, resource: ResourceDescription, - expires_at: DateTime, + expires_at: Option>, ice: Arc, resource_addresses: Vec, ) -> Result<()> { diff --git a/rust/connlib/tunnel/src/peer.rs b/rust/connlib/tunnel/src/peer.rs index 3c0ff7e59..d1894f543 100644 --- a/rust/connlib/tunnel/src/peer.rs +++ b/rust/connlib/tunnel/src/peer.rs @@ -23,7 +23,7 @@ use crate::client::IpProvider; use crate::MAX_UDP_SIZE; use crate::{device_channel, ip_packet::MutableIpPacket, PeerConfig}; -type ExpiryingResource = (ResourceDescription, DateTime); +type ExpiryingResource = (ResourceDescription, Option>); // The max time a dns request can be configured to live in resolvconf // is 30 seconds. See resolvconf(5) timeout. @@ -240,14 +240,16 @@ impl PacketTransformGateway { } pub(crate) fn expire_resources(&self) { - self.resources.write().retain(|_, (_, e)| *e > Utc::now()); + self.resources + .write() + .retain(|_, (_, e)| !e.is_some_and(|e| e <= Utc::now())); } pub(crate) fn add_resource( &self, ip: IpNetwork, resource: ResourceDescription, - expires_at: DateTime, + expires_at: Option>, ) { self.resources.write().insert(ip, (resource, expires_at)); } diff --git a/rust/gateway/src/eventloop.rs b/rust/gateway/src/eventloop.rs index 2f46b3e39..7f852818e 100644 --- a/rust/gateway/src/eventloop.rs +++ b/rust/gateway/src/eventloop.rs @@ -167,7 +167,7 @@ impl Eventloop { payload, reference, }))) => { - tracing::debug!(client = %client_id, resource = %resource.id(), expires = %expires_at.to_rfc3339() ,"Allowing access to resource"); + tracing::debug!(client = %client_id, resource = %resource.id(), expires = ?expires_at.map(|e| e.to_rfc3339()), "Allowing access to resource"); if let Some(res) = self .tunnel diff --git a/rust/gateway/src/messages.rs b/rust/gateway/src/messages.rs index a12aaa8c9..fad800148 100644 --- a/rust/gateway/src/messages.rs +++ b/rust/gateway/src/messages.rs @@ -1,4 +1,4 @@ -use chrono::{serde::ts_seconds, DateTime, Utc}; +use chrono::{serde::ts_seconds_option, DateTime, Utc}; use connlib_shared::{ messages::{ ActorId, ClientId, ClientPayload, GatewayResponse, Interface, Peer, Relay, @@ -48,8 +48,8 @@ pub struct RequestConnection { pub client: Client, #[serde(rename = "ref")] pub reference: String, - #[serde(with = "ts_seconds")] - pub expires_at: DateTime, + #[serde(with = "ts_seconds_option")] + pub expires_at: Option>, } #[derive(Debug, Deserialize, Serialize, Clone, PartialEq, Eq)] @@ -80,8 +80,8 @@ pub struct RemoveResource { pub struct AllowAccess { pub client_id: ClientId, pub resource: ResourceDescription, - #[serde(with = "ts_seconds")] - pub expires_at: DateTime, + #[serde(with = "ts_seconds_option")] + pub expires_at: Option>, pub payload: Option, #[serde(rename = "ref")] pub reference: String,