From a4ce1bd28f6b2abb66edc864528c58e829666fd4 Mon Sep 17 00:00:00 2001
From: Gregor Reitzenstein <me@dequbed.space>
Date: Mon, 17 Feb 2020 03:44:02 +0100
Subject: [PATCH] Schema update

---
 schema/api.capnp |  14 +-----
 src/access.rs    |   9 ++++
 src/api.rs       | 110 ++++++++++++++++-------------------------------
 src/auth.rs      |  26 +++++------
 src/machine.rs   |   8 ++++
 src/main.rs      |   9 ++--
 6 files changed, 74 insertions(+), 102 deletions(-)

diff --git a/schema/api.capnp b/schema/api.capnp
index 1cfd5ca..191f3aa 100644
--- a/schema/api.capnp
+++ b/schema/api.capnp
@@ -39,6 +39,8 @@ interface Diflouroborane {
     machines @2 () -> ( mach :Machines );
     # Diflouroborane stores machine¹ information in an opaque internal database. This interface is
     # the only stable process of modifying that information
+
+    # TODO Capability transfer system, required for machine takeover, session resumption.
 }
 
 struct Maybe(Value) {
@@ -61,18 +63,6 @@ struct Either(Left, Right) {
     }
 }
 
-struct Machine {
-    name @0 :Text;
-    location @1 :Text;
-    status @2 :Status;
-}
-
-enum Status {
-    free @0;
-    occupied @1;
-    blocked @2;
-}
-
 struct UUID {
     lsg @0 :UInt64; # least significant
     msg @1 :UInt64; # most significant
diff --git a/src/access.rs b/src/access.rs
index 9e0b033..1bcd83c 100644
--- a/src/access.rs
+++ b/src/access.rs
@@ -5,6 +5,15 @@ use casbin::prelude::*;
 
 use super::config::Config;
 
+use crate::api::api;
+
+#[derive(Clone)]
+pub struct Permissions;
+
+impl api::permissions::Server for Permissions {
+
+}
+
 /// This line documents init
 pub async fn init(config: &Config) -> Result<Enforcer, Box<dyn std::error::Error>> {
     let model = Model::from_file(config.access.model.clone()).await?;
diff --git a/src/api.rs b/src/api.rs
index 9896818..58d631f 100644
--- a/src/api.rs
+++ b/src/api.rs
@@ -1,6 +1,6 @@
 // module needs to be top level for generated functions to be in scope:
 // https://github.com/capnproto/capnproto-rust/issues/16
-pub(crate) mod api {
+pub mod api {
     include!(concat!(env!("OUT_DIR"), "/schema/api_capnp.rs"));
 }
 
@@ -11,10 +11,12 @@ use futures_signals::signal::Mutable;
 use casbin::Enforcer;
 use casbin::MgmtApi;
 
-use crate::machine::{MachineDB, Machine, Status, save};
+use crate::machine::Machines;
 use crate::auth::Authentication;
+use crate::access::Permissions;
 
 use capnp::{Error};
+use capnp::capability::Promise;
 use capnp_rpc::RpcSystem;
 use capnp_rpc::twoparty::VatNetwork;
 use capnp_rpc::rpc_twoparty_capnp::Side;
@@ -24,11 +26,10 @@ use api::diflouroborane;
 pub fn init() {
 }
 
-pub async fn process_socket(e: Mutable<Enforcer>, m: Mutable<MachineDB>, a: Authentication, socket: TcpStream) 
+pub async fn process_socket(auth: Authentication, perm: Permissions, mach: Machines, socket: TcpStream) 
     -> Result<(), Error> 
 {
-    let auth = api::authentication::ToClient::new(a).into_client::<capnp_rpc::Server>();
-    let api = Api { e, m, auth };
+    let api = Api { auth, perm, mach };
     let a = api::diflouroborane::ToClient::new(api).into_client::<capnp_rpc::Server>();
     let netw = VatNetwork::new(socket.clone(), socket, Side::Server, Default::default());
     let rpc = RpcSystem::new(Box::new(netw), Some(a.clone().client));
@@ -36,79 +37,42 @@ pub async fn process_socket(e: Mutable<Enforcer>, m: Mutable<MachineDB>, a: Auth
 }
 
 struct Api {
-    e: Mutable<Enforcer>,
-    m: Mutable<MachineDB>,
-    auth: api::authentication::Client,
+    auth: Authentication,
+    perm: Permissions,
+    mach: Machines,
 }
 
 impl diflouroborane::Server for Api {
-    fn get_all_subjects(&mut self,
-        _params: api_capnp::bffh_admin::GetAllSubjectsParams,
-        mut results: api_capnp::bffh_admin::GetAllSubjectsResults)
-        -> ::capnp::capability::Promise<(), ::capnp::Error>
-    {
-        let subjs = self.e.lock_ref().get_all_subjects();
-        let mut b = results.get()
-            .init_subjects(subjs.len() as u32);
-        for (i, s) in subjs.into_iter().enumerate() {
-            let bldr = b.reborrow();
-            let mut sub = bldr.get(i as u32);
-            sub.set_id(&s);
-            sub.set_domain("");
-        }
-
-        ::capnp::capability::Promise::ok(())
-    }
-
-    fn get_all_machines(&mut self,
-        _params: api_capnp::bffh_admin::GetAllMachinesParams,
-        mut results: api_capnp::bffh_admin::GetAllMachinesResults)
-        -> ::capnp::capability::Promise<(), ::capnp::Error>
-    {
-        let machs = self.m.lock_ref();
-
-        let mut b = results.get()
-            .init_machines(machs.len() as u32);
-
-        for (i, (name, m)) in machs.iter().enumerate() {
-            let bldr = b.reborrow();
-            let mut mach = bldr.get(i as u32);
-            mach.set_name(&name);
-            mach.set_location(&m.location);
-            mach.set_status(match m.status {
-                Status::Blocked => api_capnp::Status::Blocked,
-                Status::Free => api_capnp::Status::Free,
-                Status::Occupied => api_capnp::Status::Occupied,
-            });
-        }
-        ::capnp::capability::Promise::ok(())
-    }
-
-    fn add_machine(&mut self,
-        params: api_capnp::bffh_admin::AddMachineParams,
-        mut results: api_capnp::bffh_admin::AddMachineResults)
-        -> ::capnp::capability::Promise<(), ::capnp::Error>
-    {
-        let params = pry!(params.get());
-
-        let name = pry!(params.get_name());
-        let location = pry!(params.get_location());
-
-        let m = Machine::new(location.to_string());
-
-        let mut mdb = self.m.lock_mut();
-        mdb.insert(name.to_string(), m);
-
-        ::capnp::capability::Promise::ok(())
-    }
-
     fn authentication(&mut self,
-        _params: api_capnp::bffh_admin::AuthenticationParams,
-        mut results: api_capnp::bffh_admin::AuthenticationResults)
-        -> ::capnp::capability::Promise<(), ::capnp::Error>
+        _params: diflouroborane::AuthenticationParams,
+        mut results: diflouroborane::AuthenticationResults)
+        -> Promise<(), Error>
     {
         let mut b = results.get();
-        b.set_auth(self.auth.clone());
-        ::capnp::capability::Promise::ok(())
+        let auth = api::authentication::ToClient::new(self.auth.clone()).into_client::<capnp_rpc::Server>();
+        b.set_auth(auth);
+        Promise::ok(())
+    }
+
+    fn permissions(&mut self,
+        _params: diflouroborane::PermissionsParams,
+        mut results: diflouroborane::PermissionsResults) 
+        -> Promise<(), Error>
+    {
+        let mut b = results.get();
+        let perm = api::permissions::ToClient::new(self.perm.clone()).into_client::<capnp_rpc::Server>();
+        b.set_perm(perm);
+        Promise::ok(())
+    }
+
+    fn machines(&mut self,
+        _params: diflouroborane::MachinesParams,
+        mut results: diflouroborane::MachinesResults) 
+        -> Promise<(), Error>
+    {
+        let mut b = results.get();
+        let mach = api::machines::ToClient::new(self.mach.clone()).into_client::<capnp_rpc::Server>();
+        b.set_mach(mach);
+        Promise::ok(())
     }
 }
diff --git a/src/auth.rs b/src/auth.rs
index 9b0759f..0aa28d7 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -121,12 +121,12 @@ impl Authentication {
     }
 }
 
-use crate::api_capnp;
+use crate::api::api;
 
-impl api_capnp::authentication::Server for Authentication {
+impl api::authentication::Server for Authentication {
     fn available_mechanisms(&mut self,
-        _params: api_capnp::authentication::AvailableMechanismsParams,
-        mut results: api_capnp::authentication::AvailableMechanismsResults)
+        _params: api::authentication::AvailableMechanismsParams,
+        mut results: api::authentication::AvailableMechanismsResults)
         -> ::capnp::capability::Promise<(), ::capnp::Error>
     {
         let m = self.mechs();
@@ -141,15 +141,15 @@ impl api_capnp::authentication::Server for Authentication {
     }
 
     fn initialize_authentication(&mut self,
-        params: api_capnp::authentication::InitializeAuthenticationParams,
-        mut results: api_capnp::authentication::InitializeAuthenticationResults)
+        params: api::authentication::InitializeAuthenticationParams,
+        mut results: api::authentication::InitializeAuthenticationResults)
         -> ::capnp::capability::Promise<(), ::capnp::Error>
     {
         let params = pry!(params.get());
         let mechanism = pry!(params.get_mechanism());
         match mechanism {
             "PLAIN" => {
-                use api_capnp::maybe::Which;
+                use api::maybe::Which;
 
                 let data = pry!(params.get_initial_data());
                 if let Ok(Which::Some(data)) = data.which() {
@@ -165,7 +165,7 @@ impl api_capnp::authentication::Server for Authentication {
                         results
                             .get()
                             .init_response()
-                            .set_right(api_capnp::authentication::outcome::ToClient::new(outcome)
+                            .set_right(api::authentication::outcome::ToClient::new(outcome)
                                 .into_client::<::capnp_rpc::Server>()).unwrap();
                     }
                     ::capnp::capability::Promise::ok(())
@@ -184,8 +184,8 @@ impl api_capnp::authentication::Server for Authentication {
     }
 
     fn get_authzid(&mut self,
-        _params: api_capnp::authentication::GetAuthzidParams,
-        mut results: api_capnp::authentication::GetAuthzidResults)
+        _params: api::authentication::GetAuthzidParams,
+        mut results: api::authentication::GetAuthzidResults)
         -> ::capnp::capability::Promise<(), ::capnp::Error>
     {
         if let Some(zid) = &self.state {
@@ -207,10 +207,10 @@ impl Outcome {
     }
 }
 
-impl api_capnp::authentication::outcome::Server for Outcome {
+impl api::authentication::outcome::Server for Outcome {
     fn value(&mut self,
-        _params: api_capnp::authentication::outcome::ValueParams,
-        mut results: api_capnp::authentication::outcome::ValueResults)
+        _params: api::authentication::outcome::ValueParams,
+        mut results: api::authentication::outcome::ValueResults)
         -> ::capnp::capability::Promise<(), ::capnp::Error>
     {
         results.get().set_granted(self.value);
diff --git a/src/machine.rs b/src/machine.rs
index e1857ee..ad172a4 100644
--- a/src/machine.rs
+++ b/src/machine.rs
@@ -11,6 +11,7 @@ use casbin::Enforcer;
 
 use crate::error::Result;
 use crate::config::Config;
+use crate::api::api;
 
 /// Status of a Machine
 #[derive(PartialEq, Eq, Debug, Serialize, Deserialize)]
@@ -23,6 +24,13 @@ pub enum Status {
     Blocked,
 }
 
+#[derive(Clone)]
+pub struct Machines;
+
+impl api::machines::Server for Machines {
+
+}
+
 #[derive(PartialEq, Eq, Debug, Serialize, Deserialize)]
 pub struct Machine {
     pub location: String,
diff --git a/src/main.rs b/src/main.rs
index 00c1a3c..d4b9620 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -15,7 +15,7 @@ mod machine;
 
 use std::ops::Deref;
 
-use api::api_capnp;
+use api::api as api_capnp;
 
 use futures::prelude::*;
 use futures_signals::signal::Mutable;
@@ -45,9 +45,10 @@ fn main() {
 
     let p = auth::open_passdb(&config.passdb).unwrap();
     let p = Mutable::new(p);
-    let a = auth::Authentication::new(p, enf.clone());
-
+    let auth = auth::Authentication::new(p, enf.clone());
 
+    let perm = access::Permissions;
+    let mach = machine::Machines;
 
     use std::net::ToSocketAddrs;
     let args: Vec<String> = ::std::env::args().collect();
@@ -65,7 +66,7 @@ fn main() {
         let mut incoming = listener.incoming();
         while let Some(socket) = incoming.next().await {
             let socket = socket?;
-            let rpc_system = api::process_socket(enf.clone(), m.clone(), a.clone(), socket);
+            let rpc_system = api::process_socket(auth.clone(), perm.clone(), mach.clone(), socket);
             machine::save(&config, &m.lock_ref()).expect("MachineDB save");
             spawner.spawn_local_obj(
                 Box::pin(rpc_system.map_err(|e| println!("error: {:?}", e)).map(|_|())).into()).expect("spawn")