fabaccess-bffh/bffhd/users/db.rs

204 lines
5.7 KiB
Rust
Raw Permalink Normal View History

use lmdb::{DatabaseFlags, Environment, RwTransaction, Transaction, WriteFlags};
2022-03-16 18:10:59 +01:00
use rkyv::Infallible;
2022-05-05 15:50:44 +02:00
use std::collections::HashMap;
2022-03-15 20:00:43 +01:00
2022-06-02 17:46:26 +02:00
use miette::{Context, IntoDiagnostic};
2022-05-05 15:50:44 +02:00
use std::sync::Arc;
2020-10-26 12:58:55 +01:00
2022-03-16 18:10:59 +01:00
use crate::db;
2022-05-05 15:50:44 +02:00
use crate::db::{AlignedAdapter, ArchivedValue, RawDB, DB};
use rkyv::ser::serializers::AllocSerializer;
use rkyv::ser::Serializer;
use rkyv::Deserialize;
2022-03-13 17:29:21 +01:00
#[derive(
Clone,
PartialEq,
Eq,
Debug,
rkyv::Archive,
rkyv::Serialize,
rkyv::Deserialize,
serde::Serialize,
serde::Deserialize,
)]
pub struct User {
2022-03-13 22:50:37 +01:00
pub id: String,
pub userdata: UserData,
}
fn hash_pw(pw: &[u8]) -> argon2::Result<String> {
let config = argon2::Config::default();
let salt: [u8; 16] = rand::random();
argon2::hash_encoded(pw, &salt, &config)
}
2022-03-15 17:52:47 +01:00
impl User {
2022-06-02 17:46:26 +02:00
pub fn check_password(&self, pwd: &[u8]) -> miette::Result<bool> {
2022-03-15 17:52:47 +01:00
if let Some(ref encoded) = self.userdata.passwd {
2022-06-02 17:46:26 +02:00
argon2::verify_encoded(encoded, pwd)
.into_diagnostic()
.wrap_err("Stored password is an invalid string")
2022-03-15 17:52:47 +01:00
} else {
Ok(false)
}
}
pub fn new_with_plain_pw(username: &str, password: impl AsRef<[u8]>) -> Self {
let hash = hash_pw(password.as_ref())
.expect(&format!("Failed to hash password for {}: ", username));
tracing::debug!("Hashed pw for {} to {}", username, hash);
User {
id: username.to_string(),
userdata: UserData {
passwd: Some(hash),
2022-05-05 15:50:44 +02:00
..Default::default()
},
}
}
pub fn set_pw(&mut self, password: impl AsRef<[u8]>) {
self.userdata.passwd = Some(hash_pw(password.as_ref()).expect(&format!(
"failed to update hashed password for {}",
&self.id
)));
}
2022-03-15 17:52:47 +01:00
}
2022-03-13 22:50:37 +01:00
#[derive(
2022-05-05 15:50:44 +02:00
Clone,
PartialEq,
Eq,
Debug,
Default,
rkyv::Archive,
rkyv::Serialize,
rkyv::Deserialize,
serde::Serialize,
serde::Deserialize,
2022-03-13 22:50:37 +01:00
)]
/// Data on an user to base decisions on
///
/// This of course includes authorization data, i.e. that users set roles
pub struct UserData {
/// A Person has N ≥ 0 roles.
/// Persons are only ever given roles, not permissions directly
pub roles: Vec<String>,
#[serde(skip_serializing_if = "Option::is_none")]
#[serde(default)]
pub passwd: Option<String>,
/// Additional data storage
#[serde(flatten, skip_serializing_if = "HashMap::is_empty")]
pub kv: HashMap<String, String>,
2022-03-13 22:50:37 +01:00
}
impl UserData {
pub fn new(roles: Vec<String>) -> Self {
2022-05-05 15:50:44 +02:00
Self {
roles,
kv: HashMap::new(),
passwd: None,
}
2022-03-13 22:50:37 +01:00
}
pub fn new_with_kv(roles: Vec<String>, kv: HashMap<String, String>) -> Self {
2022-05-05 15:50:44 +02:00
Self {
roles,
kv,
passwd: None,
}
2022-03-13 22:50:37 +01:00
}
2022-03-13 17:29:21 +01:00
}
2020-12-16 13:51:47 +01:00
2021-10-28 01:10:35 +02:00
#[derive(Clone, Debug)]
2021-10-20 18:37:50 +02:00
pub struct UserDB {
env: Arc<Environment>,
2022-03-16 18:10:59 +01:00
db: DB<AlignedAdapter<User>>,
2021-10-20 18:37:50 +02:00
}
2020-11-24 15:57:23 +01:00
2021-10-20 18:37:50 +02:00
impl UserDB {
// TODO: Make an userdb-specific Transaction newtype to make this safe
pub unsafe fn get_rw_txn(&self) -> Result<RwTransaction, db::Error> {
// The returned transaction is only valid for *this* environment.
2022-06-02 17:46:26 +02:00
Ok(self.env.begin_rw_txn()?)
}
2021-10-20 18:37:50 +02:00
pub unsafe fn new(env: Arc<Environment>, db: RawDB) -> Self {
2022-03-16 18:10:59 +01:00
let db = DB::new(db);
2021-10-20 18:37:50 +02:00
Self { env, db }
2020-12-02 16:20:50 +01:00
}
2022-03-16 18:10:59 +01:00
pub unsafe fn open(env: Arc<Environment>) -> Result<Self, db::Error> {
2021-10-20 18:37:50 +02:00
let db = RawDB::open(&env, Some("user"))?;
Ok(Self::new(env, db))
}
2020-11-24 14:41:19 +01:00
2022-03-16 18:10:59 +01:00
pub unsafe fn create(env: Arc<Environment>) -> Result<Self, db::Error> {
2021-10-20 18:37:50 +02:00
let flags = DatabaseFlags::empty();
let db = RawDB::create(&env, Some("user"), flags)?;
Ok(Self::new(env, db))
2020-11-24 15:57:23 +01:00
}
2022-03-16 18:10:59 +01:00
pub fn get(&self, uid: &str) -> Result<Option<ArchivedValue<User>>, db::Error> {
2021-10-20 18:37:50 +02:00
let txn = self.env.begin_ro_txn()?;
2022-03-16 18:10:59 +01:00
self.db.get(&txn, &uid.as_bytes())
2020-11-24 15:57:23 +01:00
}
2020-10-26 12:58:55 +01:00
2022-03-16 18:10:59 +01:00
pub fn put(&self, uid: &str, user: &User) -> Result<(), db::Error> {
let mut serializer = AllocSerializer::<1024>::default();
2022-03-16 19:01:09 +01:00
serializer.serialize_value(user).expect("rkyv error");
2022-03-16 18:10:59 +01:00
let v = serializer.into_serializer().into_inner();
let value = ArchivedValue::new(v);
2021-10-20 18:37:50 +02:00
let mut txn = self.env.begin_rw_txn()?;
let flags = WriteFlags::empty();
2022-03-16 18:10:59 +01:00
self.db.put(&mut txn, &uid.as_bytes(), &value, flags)?;
2022-03-15 20:00:52 +01:00
txn.commit()?;
2021-10-20 18:37:50 +02:00
Ok(())
2020-12-02 16:20:50 +01:00
}
2021-09-21 07:48:19 +02:00
2022-05-05 15:50:44 +02:00
pub fn put_txn(
&self,
txn: &mut RwTransaction,
uid: &str,
user: &User,
) -> Result<(), db::Error> {
let mut serializer = AllocSerializer::<1024>::default();
serializer.serialize_value(user).expect("rkyv error");
let v = serializer.into_serializer().into_inner();
let value = ArchivedValue::new(v);
let flags = WriteFlags::empty();
self.db.put(txn, &uid.as_bytes(), &value, flags)?;
Ok(())
}
pub fn delete(&self, uid: &str) -> Result<(), db::Error> {
let mut txn = self.env.begin_rw_txn()?;
self.db.del(&mut txn, &uid)?;
txn.commit()?;
Ok(())
}
pub fn clear_txn(&self, txn: &mut RwTransaction) -> Result<(), db::Error> {
self.db.clear(txn);
Ok(())
}
2022-07-24 16:39:33 +02:00
pub fn get_all(&self) -> Result<HashMap<String, UserData>, db::Error> {
2021-10-20 18:37:50 +02:00
let txn = self.env.begin_ro_txn()?;
2022-04-26 23:21:43 +02:00
let iter = self.db.get_all(&txn)?;
2022-07-24 16:39:33 +02:00
let mut out = HashMap::new();
2022-03-16 18:10:59 +01:00
for (uid, user) in iter {
2021-10-20 18:37:50 +02:00
let uid = unsafe { std::str::from_utf8_unchecked(uid).to_string() };
2022-05-05 15:50:44 +02:00
let user: User =
Deserialize::<User, _>::deserialize(user.as_ref(), &mut Infallible).unwrap();
2022-07-24 16:39:33 +02:00
out.insert(uid, user.userdata);
2021-10-20 18:37:50 +02:00
}
2020-12-16 13:51:47 +01:00
2021-10-20 18:37:50 +02:00
Ok(out)
}
2022-05-05 15:50:44 +02:00
}