bffh/src/api.rs

use std::rc::Rc;
use std::cell::RefCell;
use std::ops::Deref;

use slog::Logger;

use std::sync::Arc;

use capnp::capability::{Params, Results, Promise};

use crate::schema::connection_capnp;
use crate::connection::Session;

use crate::db::Databases;
use crate::db::user::UserId;

use crate::network::Network;

pub mod auth;
mod machine;
mod machines;
use machines::Machines;

mod user;
mod users;
use users::Users;

// TODO Session restoration by making the Bootstrap cap a SturdyRef
pub struct Bootstrap {
    log: Logger,

    db: Databases,
    nw: Arc<Network>,

    session: Rc<RefCell<Option<Session>>>,
}

impl Bootstrap {
    pub fn new(log: Logger, db: Databases, nw: Arc<Network>) -> Self {
        info!(log, "Created Bootstrap");
        let session = Rc::new(RefCell::new(None));
        Self { session, db, nw, log }
    }
}

use connection_capnp::bootstrap::*;
impl connection_capnp::bootstrap::Server for Bootstrap {
    fn authentication_system(&mut self, 
        _: AuthenticationSystemParams,
        mut res: AuthenticationSystemResults
    ) -> Promise<(), capnp::Error> {
        // TODO: Forbid mutltiple authentication for now
        // TODO: When should we allow multiple auth and how do me make sure that does not leak
        // priviledges (e.g. due to previously issues caps)?

        // If this Rc has a strong count of 1 then there's no other cap issued yet meaning we can
        // safely transform the inner session with an auth.
        if Rc::strong_count(&self.session) == 1 {
            let session = Rc::clone(&self.session);
            let db = self.db.clone();
            res.get().set_authentication_system(capnp_rpc::new_client(
                    auth::Auth::new(self.log.new(o!()), db, session))
            );
        }

        Promise::ok(())
    }

    fn machine_system(&mut self,
        _: MachineSystemParams,
        mut res: MachineSystemResults
    ) -> Promise<(), capnp::Error> {
        if let Some(session) = self.session.borrow().deref() {
            debug!(self.log, "Giving MachineSystem cap to user {} with perms:", session.authzid);
            for r in session.perms.iter() {
                debug!(session.log, "   {}", r);
            }

            // TODO actual permission check and stuff
            //      Right now we only check that the user has authenticated at all.
            let c = capnp_rpc::new_client(Machines::new(Rc::clone(&self.session), self.nw.clone()));
            res.get().set_machine_system(c);
        }

        Promise::ok(())
    }

    fn user_system(
        &mut self,
        _: UserSystemParams,
        mut results: UserSystemResults
    ) -> Promise<(), capnp::Error> {
        if self.session.borrow().is_some() {
            // TODO actual permission check and stuff
            //      Right now we only check that the user has authenticated at all.
            let c = capnp_rpc::new_client(Users::new(Rc::clone(&self.session), self.db.userdb.clone()));
            results.get().set_user_system(c);
        }

        Promise::ok(())
    }
}
Start the user API 2021-09-20 13:47:08 +02:00			`use std::rc::Rc;`
			`use std::cell::RefCell;`
			`use std::ops::Deref;`

			`use slog::Logger;`

Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`use std::sync::Arc;`

Cleanup 2020-11-17 14:38:11 +01:00			`use capnp::capability::{Params, Results, Promise};`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00
			`use crate::schema::connection_capnp;`
			`use crate::connection::Session;`

Lots of changes for better API stuffs 2020-11-20 13:06:55 +01:00			`use crate::db::Databases;`
More API implementation 2021-09-18 17:01:35 +02:00			`use crate::db::user::UserId;`
Lots of changes for better API stuffs 2020-11-20 13:06:55 +01:00
Pass Arc<Network> to everywhere 2020-12-15 13:12:22 +01:00			`use crate::network::Network;`

Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`pub mod auth;`
API cleanup 2020-11-17 14:15:29 +01:00			`mod machine;`
			`mod machines;`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`use machines::Machines;`

Better user 2021-09-19 22:53:43 +02:00			`mod user;`
Stuff to make work 2021-09-19 19:47:29 +02:00			`mod users;`
			`use users::Users;`

Mark ToDo 2020-12-09 18:44:52 +01:00			`// TODO Session restoration by making the Bootstrap cap a SturdyRef`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`pub struct Bootstrap {`
Start the user API 2021-09-20 13:47:08 +02:00			`log: Logger,`

Lots of changes for better API stuffs 2020-11-20 13:06:55 +01:00			`db: Databases,`
Pass Arc<Network> to everywhere 2020-12-15 13:12:22 +01:00			`nw: Arc<Network>,`
Start the user API 2021-09-20 13:47:08 +02:00
			`session: Rc<RefCell<Option<Session>>>,`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`}`

			`impl Bootstrap {`
Start the user API 2021-09-20 13:47:08 +02:00			`pub fn new(log: Logger, db: Databases, nw: Arc<Network>) -> Self {`
			`info!(log, "Created Bootstrap");`
			`let session = Rc::new(RefCell::new(None));`
			`Self { session, db, nw, log }`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`}`
			`}`

			`use connection_capnp::bootstrap::*;`
			`impl connection_capnp::bootstrap::Server for Bootstrap {`
make compile 2021-09-09 21:50:11 +02:00			`fn authentication_system(&mut self,`
			`_: AuthenticationSystemParams,`
			`mut res: AuthenticationSystemResults`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`) -> Promise<(), capnp::Error> {`
Mark ToDo 2020-12-09 18:44:52 +01:00			`// TODO: Forbid mutltiple authentication for now`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`// TODO: When should we allow multiple auth and how do me make sure that does not leak`
			`// priviledges (e.g. due to previously issues caps)?`
Actually make compile for once. 2020-11-24 15:57:23 +01:00
Start the user API 2021-09-20 13:47:08 +02:00			`// If this Rc has a strong count of 1 then there's no other cap issued yet meaning we can`
			`// safely transform the inner session with an auth.`
			`if Rc::strong_count(&self.session) == 1 {`
			`let session = Rc::clone(&self.session);`
			`let db = self.db.clone();`
			`res.get().set_authentication_system(capnp_rpc::new_client(`
			`auth::Auth::new(self.log.new(o!()), db, session))`
			`);`
			`}`
Actually make compile for once. 2020-11-24 15:57:23 +01:00
			`Promise::ok(())`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`}`

make compile 2021-09-09 21:50:11 +02:00			`fn machine_system(&mut self,`
			`_: MachineSystemParams,`
			`mut res: MachineSystemResults`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`) -> Promise<(), capnp::Error> {`
Start the user API 2021-09-20 13:47:08 +02:00			`if let Some(session) = self.session.borrow().deref() {`
			`debug!(self.log, "Giving MachineSystem cap to user {} with perms:", session.authzid);`
			`for r in session.perms.iter() {`
			`debug!(session.log, " {}", r);`
More API implementation 2021-09-18 17:01:35 +02:00			`}`

Start the user API 2021-09-20 13:47:08 +02:00			`// TODO actual permission check and stuff`
			`// Right now we only check that the user has authenticated at all.`
			`let c = capnp_rpc::new_client(Machines::new(Rc::clone(&self.session), self.nw.clone()));`
			`res.get().set_machine_system(c);`
			`}`
More API implementation 2021-09-18 17:01:35 +02:00
Start the user API 2021-09-20 13:47:08 +02:00			`Promise::ok(())`
Api restructure zum zweiten 2020-11-17 14:35:16 +01:00			`}`

Stuff to make work 2021-09-19 19:47:29 +02:00			`fn user_system(`
			`&mut self,`
			`_: UserSystemParams,`
			`mut results: UserSystemResults`
			`) -> Promise<(), capnp::Error> {`
Start the user API 2021-09-20 13:47:08 +02:00			`if self.session.borrow().is_some() {`
			`// TODO actual permission check and stuff`
			`// Right now we only check that the user has authenticated at all.`
			`let c = capnp_rpc::new_client(Users::new(Rc::clone(&self.session), self.db.userdb.clone()));`
			`results.get().set_user_system(c);`
			`}`
Stuff to make work 2021-09-19 19:47:29 +02:00
Start the user API 2021-09-20 13:47:08 +02:00			`Promise::ok(())`
Stuff to make work 2021-09-19 19:47:29 +02:00			`}`
			`}`