diff --git a/rust/connlib/tunnel/src/messages/gateway.rs b/rust/connlib/tunnel/src/messages/gateway.rs index a1b2549aa..9093261e7 100644 --- a/rust/connlib/tunnel/src/messages/gateway.rs +++ b/rust/connlib/tunnel/src/messages/gateway.rs @@ -176,6 +176,8 @@ pub struct AllowAccess { pub struct Authorization { pub client_id: ClientId, pub resource_id: ResourceId, + #[serde(with = "ts_seconds")] + pub expires_at: DateTime, } #[derive(Debug, Deserialize, Clone)] diff --git a/rust/gateway/src/eventloop.rs b/rust/gateway/src/eventloop.rs index 353b7257d..ac6c0b961 100644 --- a/rust/gateway/src/eventloop.rs +++ b/rust/gateway/src/eventloop.rs @@ -7,8 +7,9 @@ use firezone_bin_shared::TunDeviceManager; use firezone_telemetry::{Telemetry, analytics}; use firezone_tunnel::messages::gateway::{ - AccessAuthorizationExpiryUpdated, AllowAccess, ClientIceCandidates, ClientsIceCandidates, - ConnectionReady, EgressMessages, IngressMessages, InitGateway, RejectAccess, RequestConnection, + AccessAuthorizationExpiryUpdated, AllowAccess, Authorization, ClientIceCandidates, + ClientsIceCandidates, ConnectionReady, EgressMessages, IngressMessages, InitGateway, + RejectAccess, RequestConnection, }; use firezone_tunnel::messages::{ConnectionAccepted, GatewayResponse, Interface, RelaysPresence}; use firezone_tunnel::{ @@ -403,7 +404,7 @@ impl Eventloop { }); self.tunnel .state_mut() - .retain_authorizations(authorizations.into_iter().fold( + .retain_authorizations(authorizations.iter().fold( BTreeMap::new(), |mut authorizations, next| { authorizations @@ -414,6 +415,20 @@ impl Eventloop { authorizations }, )); + for Authorization { + client_id, + resource_id, + expires_at, + } in authorizations + { + if let Err(e) = self.tunnel.state_mut().update_access_authorization_expiry( + client_id, + resource_id, + expires_at, + ) { + tracing::debug!(%client_id, %resource_id, "Failed to update access authorization: {e:#}"); + } + } if self .set_interface_tasks