fabaccess-bffh/bffhd/users/db.rs

use lmdb::{DatabaseFlags, Environment, RwTransaction, Transaction, WriteFlags};
use rkyv::Infallible;
use std::collections::HashMap;

use miette::{Context, IntoDiagnostic};
use std::sync::Arc;

use crate::db;
use crate::db::{AlignedAdapter, ArchivedValue, RawDB, DB};
use rkyv::ser::serializers::AllocSerializer;
use rkyv::ser::Serializer;
use rkyv::Deserialize;

#[derive(
    Clone,
    PartialEq,
    Eq,
    Debug,
    rkyv::Archive,
    rkyv::Serialize,
    rkyv::Deserialize,
    serde::Serialize,
    serde::Deserialize,
)]
pub struct User {
    pub id: String,
    pub userdata: UserData,
}

fn hash_pw(pw: &[u8]) -> argon2::Result<String> {
    let config = argon2::Config::default();
    let salt: [u8; 16] = rand::random();
    argon2::hash_encoded(pw, &salt, &config)
}

impl User {
    pub fn check_password(&self, pwd: &[u8]) -> miette::Result<bool> {
        if let Some(ref encoded) = self.userdata.passwd {
            argon2::verify_encoded(encoded, pwd)
                .into_diagnostic()
                .wrap_err("Stored password is an invalid string")
        } else {
            Ok(false)
        }
    }

    pub fn new_with_plain_pw(username: &str, password: impl AsRef<[u8]>) -> Self {
        let hash = hash_pw(password.as_ref())
            .expect(&format!("Failed to hash password for {}: ", username));
        tracing::debug!("Hashed pw for {} to {}", username, hash);

        User {
            id: username.to_string(),
            userdata: UserData {
                passwd: Some(hash),
                ..Default::default()
            },
        }
    }

    pub fn set_pw(&mut self, password: impl AsRef<[u8]>) {
        self.userdata.passwd = Some(hash_pw(password.as_ref()).expect(&format!(
            "failed to update hashed password for {}",
            &self.id
        )));
    }
}

#[derive(
    Clone,
    PartialEq,
    Eq,
    Debug,
    Default,
    rkyv::Archive,
    rkyv::Serialize,
    rkyv::Deserialize,
    serde::Serialize,
    serde::Deserialize,
)]
/// Data on an user to base decisions on
///
/// This of course includes authorization data, i.e. that users set roles
pub struct UserData {
    /// A Person has N ≥ 0 roles.
    /// Persons are only ever given roles, not permissions directly
    pub roles: Vec<String>,

    #[serde(skip_serializing_if = "Option::is_none")]
    #[serde(default)]
    pub passwd: Option<String>,

    /// Additional data storage
    #[serde(flatten, skip_serializing_if = "HashMap::is_empty")]
    pub kv: HashMap<String, String>,
}

impl UserData {
    pub fn new(roles: Vec<String>) -> Self {
        Self {
            roles,
            kv: HashMap::new(),
            passwd: None,
        }
    }
    pub fn new_with_kv(roles: Vec<String>, kv: HashMap<String, String>) -> Self {
        Self {
            roles,
            kv,
            passwd: None,
        }
    }
}

#[derive(Clone, Debug)]
pub struct UserDB {
    env: Arc<Environment>,
    db: DB<AlignedAdapter<User>>,
}

impl UserDB {
    // TODO: Make an userdb-specific Transaction newtype to make this safe
    pub unsafe fn get_rw_txn(&self) -> Result<RwTransaction, db::Error> {
        // The returned transaction is only valid for *this* environment.
        Ok(self.env.begin_rw_txn()?)
    }

    pub unsafe fn new(env: Arc<Environment>, db: RawDB) -> Self {
        let db = DB::new(db);
        Self { env, db }
    }

    pub unsafe fn open(env: Arc<Environment>) -> Result<Self, db::Error> {
        let db = RawDB::open(&env, Some("user"))?;
        Ok(Self::new(env, db))
    }

    pub unsafe fn create(env: Arc<Environment>) -> Result<Self, db::Error> {
        let flags = DatabaseFlags::empty();
        let db = RawDB::create(&env, Some("user"), flags)?;
        Ok(Self::new(env, db))
    }

    pub fn get(&self, uid: &str) -> Result<Option<ArchivedValue<User>>, db::Error> {
        let txn = self.env.begin_ro_txn()?;
        self.db.get(&txn, &uid.as_bytes())
    }

    pub fn put(&self, uid: &str, user: &User) -> Result<(), db::Error> {
        let mut serializer = AllocSerializer::<1024>::default();
        serializer.serialize_value(user).expect("rkyv error");
        let v = serializer.into_serializer().into_inner();
        let value = ArchivedValue::new(v);

        let mut txn = self.env.begin_rw_txn()?;
        let flags = WriteFlags::empty();
        self.db.put(&mut txn, &uid.as_bytes(), &value, flags)?;
        txn.commit()?;
        Ok(())
    }

    pub fn put_txn(
        &self,
        txn: &mut RwTransaction,
        uid: &str,
        user: &User,
    ) -> Result<(), db::Error> {
        let mut serializer = AllocSerializer::<1024>::default();
        serializer.serialize_value(user).expect("rkyv error");
        let v = serializer.into_serializer().into_inner();
        let value = ArchivedValue::new(v);

        let flags = WriteFlags::empty();
        self.db.put(txn, &uid.as_bytes(), &value, flags)?;
        Ok(())
    }

    pub fn delete(&self, uid: &str) -> Result<(), db::Error> {
        let mut txn = self.env.begin_rw_txn()?;
        self.db.del(&mut txn, &uid)?;
        txn.commit()?;
        Ok(())
    }

    pub fn clear_txn(&self, txn: &mut RwTransaction) -> Result<(), db::Error> {
        self.db.clear(txn);
        Ok(())
    }

    pub fn get_all(&self) -> Result<HashMap<String, UserData>, db::Error> {
        let txn = self.env.begin_ro_txn()?;
        let iter = self.db.get_all(&txn)?;
        let mut out = HashMap::new();
        for (uid, user) in iter {
            let uid = unsafe { std::str::from_utf8_unchecked(uid).to_string() };
            let user: User =
                Deserialize::<User, _>::deserialize(user.as_ref(), &mut Infallible).unwrap();
            out.insert(uid, user.userdata);
        }

        Ok(out)
    }
}
Correcly dump and recreate user db on --load 2022-04-30 20:52:32 +02:00			`use lmdb::{DatabaseFlags, Environment, RwTransaction, Transaction, WriteFlags};`
Compile with new DB system 2022-03-16 18:10:59 +01:00			`use rkyv::Infallible;`
Run rustfmt 2022-05-05 15:50:44 +02:00			`use std::collections::HashMap;`
Cargo fix 2022-03-15 20:00:43 +01:00
Switch out anyhow for miette 2022-06-02 17:46:26 +02:00			`use miette::{Context, IntoDiagnostic};`
Run rustfmt 2022-05-05 15:50:44 +02:00			`use std::sync::Arc;`
Moves databases around a touch 2020-10-26 12:58:55 +01:00
Compile with new DB system 2022-03-16 18:10:59 +01:00			`use crate::db;`
Run rustfmt 2022-05-05 15:50:44 +02:00			`use crate::db::{AlignedAdapter, ArchivedValue, RawDB, DB};`
			`use rkyv::ser::serializers::AllocSerializer;`
			`use rkyv::ser::Serializer;`
			`use rkyv::Deserialize;`
Api framework impl 2022-03-13 17:29:21 +01:00
			`#[derive(`
			`Clone,`
			`PartialEq,`
			`Eq,`
			`Debug,`
			`rkyv::Archive,`
			`rkyv::Serialize,`
			`rkyv::Deserialize,`
			`serde::Serialize,`
			`serde::Deserialize,`
			`)]`
			`pub struct User {`
User db & loading 2022-03-13 22:50:37 +01:00			`pub id: String,`
			`pub userdata: UserData,`
			`}`

Implement password change functionality 2022-07-11 12:27:51 +02:00			`fn hash_pw(pw: &[u8]) -> argon2::Result<String> {`
			`let config = argon2::Config::default();`
			`let salt: [u8; 16] = rand::random();`
			`argon2::hash_encoded(pw, &salt, &config)`
			`}`

Session initialization 2022-03-15 17:52:47 +01:00			`impl User {`
Switch out anyhow for miette 2022-06-02 17:46:26 +02:00			`pub fn check_password(&self, pwd: &[u8]) -> miette::Result<bool> {`
Session initialization 2022-03-15 17:52:47 +01:00			`if let Some(ref encoded) = self.userdata.passwd {`
Switch out anyhow for miette 2022-06-02 17:46:26 +02:00			`argon2::verify_encoded(encoded, pwd)`
			`.into_diagnostic()`
			`.wrap_err("Stored password is an invalid string")`
Session initialization 2022-03-15 17:52:47 +01:00			`} else {`
			`Ok(false)`
			`}`
			`}`
Implements a first bit of User management. 2022-04-27 20:19:04 +02:00
			`pub fn new_with_plain_pw(username: &str, password: impl AsRef<[u8]>) -> Self {`
Implement password change functionality 2022-07-11 12:27:51 +02:00			`let hash = hash_pw(password.as_ref())`
Implements a first bit of User management. 2022-04-27 20:19:04 +02:00			`.expect(&format!("Failed to hash password for {}: ", username));`
			`tracing::debug!("Hashed pw for {} to {}", username, hash);`

			`User {`
			`id: username.to_string(),`
			`userdata: UserData {`
			`passwd: Some(hash),`
Run rustfmt 2022-05-05 15:50:44 +02:00			`..Default::default()`
			`},`
Implements a first bit of User management. 2022-04-27 20:19:04 +02:00			`}`
			`}`
Implement password change functionality 2022-07-11 12:27:51 +02:00
			`pub fn set_pw(&mut self, password: impl AsRef<[u8]>) {`
			`self.userdata.passwd = Some(hash_pw(password.as_ref()).expect(&format!(`
			`"failed to update hashed password for {}",`
			`&self.id`
			`)));`
			`}`
Session initialization 2022-03-15 17:52:47 +01:00			`}`

User db & loading 2022-03-13 22:50:37 +01:00			`#[derive(`
Run rustfmt 2022-05-05 15:50:44 +02:00			`Clone,`
			`PartialEq,`
			`Eq,`
			`Debug,`
			`Default,`
			`rkyv::Archive,`
			`rkyv::Serialize,`
			`rkyv::Deserialize,`
			`serde::Serialize,`
			`serde::Deserialize,`
User db & loading 2022-03-13 22:50:37 +01:00			`)]`
			`/// Data on an user to base decisions on`
			`///`
			`/// This of course includes authorization data, i.e. that users set roles`
			`pub struct UserData {`
			`/// A Person has N ≥ 0 roles.`
			`/// Persons are only ever given roles, not permissions directly`
			`pub roles: Vec<String>,`

			`#[serde(skip_serializing_if = "Option::is_none")]`
			`#[serde(default)]`
			`pub passwd: Option<String>,`

			`/// Additional data storage`
			`#[serde(flatten, skip_serializing_if = "HashMap::is_empty")]`
fix fabfire mechanism integration and improve logging 2022-03-19 06:00:21 +01:00			`pub kv: HashMap<String, String>,`
User db & loading 2022-03-13 22:50:37 +01:00			`}`

			`impl UserData {`
			`pub fn new(roles: Vec<String>) -> Self {`
Run rustfmt 2022-05-05 15:50:44 +02:00			`Self {`
			`roles,`
			`kv: HashMap::new(),`
			`passwd: None,`
			`}`
User db & loading 2022-03-13 22:50:37 +01:00			`}`
			`pub fn new_with_kv(roles: Vec<String>, kv: HashMap<String, String>) -> Self {`
Run rustfmt 2022-05-05 15:50:44 +02:00			`Self {`
			`roles,`
			`kv,`
			`passwd: None,`
			`}`
User db & loading 2022-03-13 22:50:37 +01:00			`}`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`
Put the users in the db as well 2020-12-16 13:51:47 +01:00
Make more things burn less 2021-10-28 01:10:35 +02:00			`#[derive(Clone, Debug)]`
All the things. 2021-10-20 18:37:50 +02:00			`pub struct UserDB {`
			`env: Arc<Environment>,`
Compile with new DB system 2022-03-16 18:10:59 +01:00			`db: DB<AlignedAdapter<User>>,`
All the things. 2021-10-20 18:37:50 +02:00			`}`
Actually make compile for once. 2020-11-24 15:57:23 +01:00
All the things. 2021-10-20 18:37:50 +02:00			`impl UserDB {`
Correcly dump and recreate user db on --load 2022-04-30 20:52:32 +02:00			`// TODO: Make an userdb-specific Transaction newtype to make this safe`
			`pub unsafe fn get_rw_txn(&self) -> Result<RwTransaction, db::Error> {`
			`// The returned transaction is only valid for this environment.`
Switch out anyhow for miette 2022-06-02 17:46:26 +02:00			`Ok(self.env.begin_rw_txn()?)`
Correcly dump and recreate user db on --load 2022-04-30 20:52:32 +02:00			`}`

All the things. 2021-10-20 18:37:50 +02:00			`pub unsafe fn new(env: Arc<Environment>, db: RawDB) -> Self {`
Compile with new DB system 2022-03-16 18:10:59 +01:00			`let db = DB::new(db);`
All the things. 2021-10-20 18:37:50 +02:00			`Self { env, db }`
Initiators first concept 2020-12-02 16:20:50 +01:00			`}`

Compile with new DB system 2022-03-16 18:10:59 +01:00			`pub unsafe fn open(env: Arc<Environment>) -> Result<Self, db::Error> {`
All the things. 2021-10-20 18:37:50 +02:00			`let db = RawDB::open(&env, Some("user"))?;`
			`Ok(Self::new(env, db))`
			`}`
Make compile (well.. not really) 2020-11-24 14:41:19 +01:00
Compile with new DB system 2022-03-16 18:10:59 +01:00			`pub unsafe fn create(env: Arc<Environment>) -> Result<Self, db::Error> {`
All the things. 2021-10-20 18:37:50 +02:00			`let flags = DatabaseFlags::empty();`
			`let db = RawDB::create(&env, Some("user"), flags)?;`
			`Ok(Self::new(env, db))`
Actually make compile for once. 2020-11-24 15:57:23 +01:00			`}`

Compile with new DB system 2022-03-16 18:10:59 +01:00			`pub fn get(&self, uid: &str) -> Result<Option<ArchivedValue<User>>, db::Error> {`
All the things. 2021-10-20 18:37:50 +02:00			`let txn = self.env.begin_ro_txn()?;`
Compile with new DB system 2022-03-16 18:10:59 +01:00			`self.db.get(&txn, &uid.as_bytes())`
Actually make compile for once. 2020-11-24 15:57:23 +01:00			`}`
Moves databases around a touch 2020-10-26 12:58:55 +01:00
Compile with new DB system 2022-03-16 18:10:59 +01:00			`pub fn put(&self, uid: &str, user: &User) -> Result<(), db::Error> {`
			`let mut serializer = AllocSerializer::<1024>::default();`
Make capnp machines api work again 2022-03-16 19:01:09 +01:00			`serializer.serialize_value(user).expect("rkyv error");`
Compile with new DB system 2022-03-16 18:10:59 +01:00			`let v = serializer.into_serializer().into_inner();`
			`let value = ArchivedValue::new(v);`

All the things. 2021-10-20 18:37:50 +02:00			`let mut txn = self.env.begin_rw_txn()?;`
			`let flags = WriteFlags::empty();`
Compile with new DB system 2022-03-16 18:10:59 +01:00			`self.db.put(&mut txn, &uid.as_bytes(), &value, flags)?;`
Commit on useradd 2022-03-15 20:00:52 +01:00			`txn.commit()?;`
All the things. 2021-10-20 18:37:50 +02:00			`Ok(())`
Initiators first concept 2020-12-02 16:20:50 +01:00			`}`
Make work 2021-09-21 07:48:19 +02:00
Run rustfmt 2022-05-05 15:50:44 +02:00			`pub fn put_txn(`
			`&self,`
			`txn: &mut RwTransaction,`
			`uid: &str,`
			`user: &User,`
			`) -> Result<(), db::Error> {`
Correcly dump and recreate user db on --load 2022-04-30 20:52:32 +02:00			`let mut serializer = AllocSerializer::<1024>::default();`
			`serializer.serialize_value(user).expect("rkyv error");`
			`let v = serializer.into_serializer().into_inner();`
			`let value = ArchivedValue::new(v);`

			`let flags = WriteFlags::empty();`
			`self.db.put(txn, &uid.as_bytes(), &value, flags)?;`
			`Ok(())`
			`}`

Implements a first bit of User management. 2022-04-27 20:19:04 +02:00			`pub fn delete(&self, uid: &str) -> Result<(), db::Error> {`
			`let mut txn = self.env.begin_rw_txn()?;`
			`self.db.del(&mut txn, &uid)?;`
			`txn.commit()?;`
			`Ok(())`
			`}`

Correcly dump and recreate user db on --load 2022-04-30 20:52:32 +02:00			`pub fn clear_txn(&self, txn: &mut RwTransaction) -> Result<(), db::Error> {`
			`self.db.clear(txn);`
			`Ok(())`
			`}`

Add dumping the user db 2022-07-24 16:39:33 +02:00			`pub fn get_all(&self) -> Result<HashMap<String, UserData>, db::Error> {`
All the things. 2021-10-20 18:37:50 +02:00			`let txn = self.env.begin_ro_txn()?;`
ran cargo fix 2022-04-26 23:21:43 +02:00			`let iter = self.db.get_all(&txn)?;`
Add dumping the user db 2022-07-24 16:39:33 +02:00			`let mut out = HashMap::new();`
Compile with new DB system 2022-03-16 18:10:59 +01:00			`for (uid, user) in iter {`
All the things. 2021-10-20 18:37:50 +02:00			`let uid = unsafe { std::str::from_utf8_unchecked(uid).to_string() };`
Run rustfmt 2022-05-05 15:50:44 +02:00			`let user: User =`
			`Deserialize::<User, _>::deserialize(user.as_ref(), &mut Infallible).unwrap();`
Add dumping the user db 2022-07-24 16:39:33 +02:00			`out.insert(uid, user.userdata);`
All the things. 2021-10-20 18:37:50 +02:00			`}`
Put the users in the db as well 2020-12-16 13:51:47 +01:00
All the things. 2021-10-20 18:37:50 +02:00			`Ok(out)`
			`}`
Run rustfmt 2022-05-05 15:50:44 +02:00			`}`