bffh/src/api.rs

use std::sync::Arc;

use capnp::capability::{Params, Results, Promise};

use crate::schema::connection_capnp;
use crate::connection::Session;

use crate::db::Databases;
use crate::db::user::UserId;

use crate::network::Network;

pub mod auth;
mod machine;
mod machines;
use machines::Machines;

mod user;
mod users;
use users::Users;

// TODO Session restoration by making the Bootstrap cap a SturdyRef
pub struct Bootstrap {
    session: Arc<Session>,
    db: Databases,
    nw: Arc<Network>,
}

impl Bootstrap {
    pub fn new(session: Arc<Session>, db: Databases, nw: Arc<Network>) -> Self {
        info!(session.log, "Created Bootstrap");
        Self { session, db, nw }
    }
}

use connection_capnp::bootstrap::*;
impl connection_capnp::bootstrap::Server for Bootstrap {
    fn authentication_system(&mut self, 
        _: AuthenticationSystemParams,
        mut res: AuthenticationSystemResults
    ) -> Promise<(), capnp::Error> {
        // TODO: Forbid mutltiple authentication for now
        // TODO: When should we allow multiple auth and how do me make sure that does not leak
        // priviledges (e.g. due to previously issues caps)?

        res.get().set_authentication_system(capnp_rpc::new_client(auth::Auth::new(self.db.clone(), self.session.clone())));

        Promise::ok(())
    }

    fn machine_system(&mut self,
        _: MachineSystemParams,
        mut res: MachineSystemResults
    ) -> Promise<(), capnp::Error> {
        let session = self.session.clone();
        let accessdb = self.db.access.clone();
        let nw = self.nw.clone();
        let f = async move {
            // Ensure the lock is dropped as soon as possible
            if let Some(user) = { session.user.lock().await.clone() } {
                let perms = accessdb.collect_permrules(&user.data)
                    .map_err(|e| capnp::Error::failed(format!("AccessDB lookup failed: {}", e)))?;

                debug!(session.log, "Giving MachineSystem cap to user {} with perms:", user.id);
                for r in perms.iter() {
                    debug!(session.log, "   {}", r);
                }

                // TODO actual permission check and stuff
                //      Right now we only check that the user has authenticated at all.
                let c = capnp_rpc::new_client(Machines::new(user.id, perms, nw));
                res.get().set_machine_system(c);
            }

            // Promise is Ok either way, just the machine system may not be set, indicating as
            // usual a lack of permission.
            Ok(())
        };

        Promise::from_future(f)
    }

    fn user_system(
        &mut self,
        _: UserSystemParams,
        mut results: UserSystemResults
    ) -> Promise<(), capnp::Error> {
        let session = self.session.clone();
        let accessdb = self.db.access.clone();
        let f = async move {
            // Ensure the lock is dropped as soon as possible
            if let Some(user) = { session.user.lock().await.clone() } {
                let perms = accessdb.collect_permrules(&user.data)
                    .map_err(|e| capnp::Error::failed(format!("AccessDB lookup failed: {}", e)))?;

                // TODO actual permission check and stuff
                //      Right now we only check that the user has authenticated at all.
                let c = capnp_rpc::new_client(Users::new(perms));
                results.get().set_user_system(c);
            }

            // Promise is Ok either way, just the machine system may not be set, indicating as
            // usual a lack of permission.
            Ok(())
        };

        Promise::from_future(f)
    }
}
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`use std::sync::Arc;`

Cleanup 2020-11-17 14:38:11 +01:00			`use capnp::capability::{Params, Results, Promise};`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00
			`use crate::schema::connection_capnp;`
			`use crate::connection::Session;`

Lots of changes for better API stuffs 2020-11-20 13:06:55 +01:00			`use crate::db::Databases;`
More API implementation 2021-09-18 17:01:35 +02:00			`use crate::db::user::UserId;`
Lots of changes for better API stuffs 2020-11-20 13:06:55 +01:00
Pass Arc<Network> to everywhere 2020-12-15 13:12:22 +01:00			`use crate::network::Network;`

Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`pub mod auth;`
API cleanup 2020-11-17 14:15:29 +01:00			`mod machine;`
			`mod machines;`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`use machines::Machines;`

Better user 2021-09-19 22:53:43 +02:00			`mod user;`
Stuff to make work 2021-09-19 19:47:29 +02:00			`mod users;`
			`use users::Users;`

Mark ToDo 2020-12-09 18:44:52 +01:00			`// TODO Session restoration by making the Bootstrap cap a SturdyRef`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`pub struct Bootstrap {`
Lots of changes for better API stuffs 2020-11-20 13:06:55 +01:00			`session: Arc<Session>,`
			`db: Databases,`
Pass Arc<Network> to everywhere 2020-12-15 13:12:22 +01:00			`nw: Arc<Network>,`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`}`

			`impl Bootstrap {`
Pass Arc<Network> to everywhere 2020-12-15 13:12:22 +01:00			`pub fn new(session: Arc<Session>, db: Databases, nw: Arc<Network>) -> Self {`
Pushes code around until example loading compiles 2020-11-19 14:53:14 +01:00			`info!(session.log, "Created Bootstrap");`
Pass Arc<Network> to everywhere 2020-12-15 13:12:22 +01:00			`Self { session, db, nw }`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`}`
			`}`

			`use connection_capnp::bootstrap::*;`
			`impl connection_capnp::bootstrap::Server for Bootstrap {`
make compile 2021-09-09 21:50:11 +02:00			`fn authentication_system(&mut self,`
			`_: AuthenticationSystemParams,`
			`mut res: AuthenticationSystemResults`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`) -> Promise<(), capnp::Error> {`
Mark ToDo 2020-12-09 18:44:52 +01:00			`// TODO: Forbid mutltiple authentication for now`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`// TODO: When should we allow multiple auth and how do me make sure that does not leak`
			`// priviledges (e.g. due to previously issues caps)?`
Actually make compile for once. 2020-11-24 15:57:23 +01:00
make compile 2021-09-09 21:50:11 +02:00			`res.get().set_authentication_system(capnp_rpc::new_client(auth::Auth::new(self.db.clone(), self.session.clone())));`
Actually make compile for once. 2020-11-24 15:57:23 +01:00
			`Promise::ok(())`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`}`

make compile 2021-09-09 21:50:11 +02:00			`fn machine_system(&mut self,`
			`_: MachineSystemParams,`
			`mut res: MachineSystemResults`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`) -> Promise<(), capnp::Error> {`
More API implementation 2021-09-18 17:01:35 +02:00			`let session = self.session.clone();`
			`let accessdb = self.db.access.clone();`
			`let nw = self.nw.clone();`
			`let f = async move {`
			`// Ensure the lock is dropped as soon as possible`
			`if let Some(user) = { session.user.lock().await.clone() } {`
			`let perms = accessdb.collect_permrules(&user.data)`
			`.map_err(\|e\| capnp::Error::failed(format!("AccessDB lookup failed: {}", e)))?;`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00
Stuff to make work 2021-09-19 19:47:29 +02:00			`debug!(session.log, "Giving MachineSystem cap to user {} with perms:", user.id);`
			`for r in perms.iter() {`
			`debug!(session.log, " {}", r);`
			`}`

More API implementation 2021-09-18 17:01:35 +02:00			`// TODO actual permission check and stuff`
			`// Right now we only check that the user has authenticated at all.`
			`let c = capnp_rpc::new_client(Machines::new(user.id, perms, nw));`
			`res.get().set_machine_system(c);`
			`}`

			`// Promise is Ok either way, just the machine system may not be set, indicating as`
			`// usual a lack of permission.`
			`Ok(())`
			`};`

			`Promise::from_future(f)`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`}`

Stuff to make work 2021-09-19 19:47:29 +02:00			`fn user_system(`
			`&mut self,`
			`_: UserSystemParams,`
			`mut results: UserSystemResults`
			`) -> Promise<(), capnp::Error> {`
			`let session = self.session.clone();`
			`let accessdb = self.db.access.clone();`
			`let f = async move {`
			`// Ensure the lock is dropped as soon as possible`
			`if let Some(user) = { session.user.lock().await.clone() } {`
			`let perms = accessdb.collect_permrules(&user.data)`
			`.map_err(\|e\| capnp::Error::failed(format!("AccessDB lookup failed: {}", e)))?;`

			`// TODO actual permission check and stuff`
			`// Right now we only check that the user has authenticated at all.`
			`let c = capnp_rpc::new_client(Users::new(perms));`
			`results.get().set_user_system(c);`
			`}`

			`// Promise is Ok either way, just the machine system may not be set, indicating as`
			`// usual a lack of permission.`
			`Ok(())`
			`};`

			`Promise::from_future(f)`
			`}`
			`}`