User db & loading

bffhd/users/db.rs

@@ -1,10 +1,12 @@
 use crate::db::{AllocAdapter, Environment, RawDB, Result, DB};
 use crate::db::{DatabaseFlags, LMDBorrow, RoTransaction, WriteFlags};
 use lmdb::{RwTransaction, Transaction};
-use std::collections::HashSet;
+use std::collections::{HashMap, HashSet};
+use std::path::Path;
 use std::sync::Arc;
 
 use rkyv::{Archived, Deserialize};
+use crate::authorization::roles::RoleIdentifier;
 
 #[derive(
     Clone,
@@ -18,9 +20,45 @@ use rkyv::{Archived, Deserialize};
     serde::Deserialize,
 )]
 pub struct User {
-    id: u128,
-    username: String,
-    roles: Vec<String>,
+    pub id: String,
+    pub userdata: UserData,
+}
+
+#[derive(
+Clone,
+PartialEq,
+Eq,
+Debug,
+rkyv::Archive,
+rkyv::Serialize,
+rkyv::Deserialize,
+serde::Serialize,
+serde::Deserialize,
+)]
+/// Data on an user to base decisions on
+///
+/// This of course includes authorization data, i.e. that users set roles
+pub struct UserData {
+    /// A Person has N ≥ 0 roles.
+    /// Persons are only ever given roles, not permissions directly
+    pub roles: Vec<String>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    #[serde(default)]
+    pub passwd: Option<String>,
+
+    /// Additional data storage
+    #[serde(flatten, skip_serializing_if = "HashMap::is_empty")]
+    kv: HashMap<String, String>,
+}
+
+impl UserData {
+    pub fn new(roles: Vec<String>) -> Self {
+        Self { roles, kv: HashMap::new(), passwd: None }
+    }
+    pub fn new_with_kv(roles: Vec<String>, kv: HashMap<String, String>) -> Self {
+        Self { roles, kv, passwd: None }
+    }
 }
 
 type Adapter = AllocAdapter<User>;
@@ -79,4 +117,4 @@ impl UserDB {
 
         Ok(out)
     }
-}
+}

bffhd/users/mod.rs

@@ -14,17 +14,22 @@
  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 
+use std::collections::HashMap;
 use rkyv::{Archive, Deserialize, Infallible, Serialize};
 use std::ops::Deref;
+use std::path::Path;
 use std::sync::Arc;
+use anyhow::Context;
+use lmdb::Environment;
 
 pub mod db;
 
 pub use crate::authentication::db::PassDB;
-use crate::authorization::roles::Role;
+use crate::authorization::roles::{Role, RoleIdentifier};
+use crate::UserDB;
+use crate::users::db::UserData;
 
 #[derive(
-    Copy,
     Clone,
     PartialEq,
     Eq,
@@ -35,18 +40,18 @@ use crate::authorization::roles::Role;
     serde::Serialize,
     serde::Deserialize,
 )]
-#[archive_attr(derive(Debug, PartialEq, serde::Serialize, serde::Deserialize))]
+#[archive_attr(derive(Debug, PartialEq))]
 pub struct User {
-    id: u64
+    id: String,
 }
 
 impl User {
-    pub fn new(id: u64) -> Self {
+    pub fn new(id: String) -> Self {
         User { id }
     }
 
     pub fn get_username(&self) -> &str {
-        unimplemented!()
+        self.id.as_str()
     }
 
     pub fn get_roles(&self) -> impl IntoIterator<Item=Role> {
@@ -54,3 +59,45 @@ impl User {
         []
     }
 }
+
+pub struct Inner {
+    userdb: UserDB,
+    //passdb: PassDB,
+}
+
+#[derive(Clone)]
+pub struct Users {
+    inner: Arc<Inner>
+}
+
+impl Users {
+    pub fn new(env: Arc<Environment>) -> anyhow::Result<Self> {
+        let userdb = unsafe { UserDB::create(env.clone()).unwrap() };
+        //let passdb = unsafe { PassDB::create(env).unwrap() };
+        Ok(Self { inner: Arc::new(Inner { userdb }) })
+    }
+
+    pub fn load_file<P: AsRef<Path>>(&self, path: P) -> anyhow::Result<()> {
+        let f = std::fs::read(path)?;
+        let mut map: HashMap<String, UserData> = toml::from_slice(&f)?;
+
+        for (uid, mut userdata) in map {
+            userdata.passwd = userdata.passwd.map(|pw| if !pw.starts_with("$argon2") {
+                let config = argon2::Config::default();
+                let salt: [u8; 16] = rand::random();
+                let hash = argon2::hash_encoded(pw.as_bytes(), &salt, &config)
+                    .expect(&format!("Failed to hash password for {}: ", uid));
+                tracing::debug!("Hashed pw for {} to {}", uid, hash);
+
+                hash
+            } else {
+                pw
+            });
+            let user = db::User { id: uid.clone(), userdata };
+            tracing::trace!(%uid, ?user, "Storing user object");
+            self.inner.userdb.put(uid.as_str(), &user);
+        }
+
+        Ok(())
+    }
+}