users.rs 5.18 KB
Newer Older
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
1
2
use uuid::Uuid;
use diesel::prelude::*;
3
use diesel::result::Error as DieselError;
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
4
use diesel_derive_enum::DbEnum;
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
5
6
7
8
9
use rocket::request::{FromRequest, Request, Outcome};
use serde::{Serialize, Deserialize};
use chrono::serde::ts_seconds;
use chrono::prelude::{DateTime, Utc};
use chrono::Duration;
10
11
// TODO: Maybe just use argon2 crate directly
use djangohashers::{make_password_with_algorithm, check_password, HasherError, Algorithm};
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
12
use jsonwebtoken::{encode, Header, EncodingKey, errors::Result as JwtResult};
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
13
14

use crate::schema::*;
15
use crate::DbConn;
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
16

Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
17

18
19
#[derive(Debug, DbEnum, Deserialize)]
#[serde(rename_all = "snake_case")]
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
20
21
22
23
24
pub enum Role {
    Admin,
    ZoneAdmin,
}

25
26
27
// TODO: Store Uuid instead of string??
// TODO: Store role as Role and not String.
#[derive(Debug, Queryable, Identifiable, Insertable)]
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
28
29
30
31
32
33
#[table_name = "user"]
pub struct User {
    pub id: String,
    pub role: String,
}

34
#[derive(Debug, Queryable, Identifiable, Insertable)]
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
35
36
37
38
39
40
41
42
#[table_name = "localuser"]
#[primary_key(user_id)]
pub struct LocalUser {
    pub user_id: String,
    pub username: String,
    pub password: String,
}

43
44
45
46
47
48
49
50
#[derive(Debug, Deserialize)]
pub struct CreateUserRequest {
    pub username: String,
    pub password: String,
    pub email: String,
    pub role: Option<Role>
}

Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
51
52
53
54
55
// pub struct LdapUserAssociation {
//     user_id: Uuid,
//     ldap_id: String
// }

Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#[derive(Debug, Serialize, Deserialize)]
pub struct AuthClaims {
    pub jti: String,
    pub sub: String,
    #[serde(with = "ts_seconds")]
    pub exp: DateTime<Utc>,
    #[serde(with = "ts_seconds")]
    pub iat: DateTime<Utc>,
}

#[derive(Debug, Serialize)]
pub struct AuthTokenResponse {
    pub token: String
}

#[derive(Debug, Deserialize)]
pub struct AuthTokenRequest {
    pub username: String,
    pub password: String,
}

77
#[derive(Debug)]
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
78
pub struct UserInfo {
79
80
81
    pub id: String,
    pub role: String,
    pub username: String,
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
82
83
84
85
86
87
}

impl<'a, 'r> FromRequest<'a, 'r> for UserInfo {
    type Error = ();

    fn from_request(request: &'a Request<'r>) -> Outcome<UserInfo, ()> {
88
        // LocalUser::get_user_by_uuid()
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
89
90
91
        Outcome::Forward(())
    }
}
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187

#[derive(Debug)]
pub enum UserError {
    NotFound,
    UserExists,
    DbError(DieselError),
    PasswordError(HasherError),
}

impl From<DieselError> for UserError {
    fn from(e: DieselError) -> Self {
        match e {
            DieselError::NotFound => UserError::NotFound,
            DieselError::DatabaseError(diesel::result::DatabaseErrorKind::UniqueViolation, _) => UserError::UserExists,
            other => UserError::DbError(other)
        }
    }
}

impl From<HasherError> for UserError {
    fn from(e: HasherError) -> Self {
        match e {
            other => UserError::PasswordError(other)
        }
    }
}

impl LocalUser {
    pub fn create_user(conn: &DbConn, user_request: CreateUserRequest) -> Result<UserInfo, UserError> {
        use crate::schema::localuser::dsl::*;
        use crate::schema::user::dsl::*;

        let new_user_id = Uuid::new_v4().to_simple().to_string();

        let new_user = User {
            id: new_user_id.clone(),
            // TODO: Use role from request
            role: "zoneadmin".into(),
        };

        let new_localuser = LocalUser {
            user_id: new_user_id.clone(),
            username: user_request.username.clone(),
            password: make_password_with_algorithm(&user_request.password, Algorithm::Argon2),
        };

        let res = UserInfo {
            id: new_user.id.clone(),
            role: new_user.role.clone(),
            username: new_localuser.username.clone(),
        };

        conn.immediate_transaction(|| -> diesel::QueryResult<()> {
            diesel::insert_into(user)
                .values(new_user)
                .execute(&**conn)?;

            diesel::insert_into(localuser)
                .values(new_localuser)
                .execute(&**conn)?;

            Ok(())
        })?;

        Ok(res)
    }

    pub fn get_user_by_creds(
        conn: &DbConn,
        request_username: &str,
        request_password: &str
    ) ->  Result<UserInfo, UserError> {

        use crate::schema::localuser::dsl::*;
        use crate::schema::user::dsl::*;

        let (client_user, client_localuser): (User, LocalUser) = user.inner_join(localuser)
            .filter(username.eq(request_username))
            .get_result(&**conn)?;

        if !check_password(&request_password, &client_localuser.password)? {
            return Err(UserError::NotFound);
        }

        Ok(UserInfo {
            id: client_user.id,
            role: client_user.role,
            username: client_localuser.username,
        })
    }

    pub fn get_user_by_uuid(user_id: Uuid) -> Result<UserInfo, ()> {
        unimplemented!()
    }

}
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202

impl AuthClaims {
    pub fn new(user_info: &UserInfo, token_duration: Duration) -> AuthClaims {
        let jti = Uuid::new_v4().to_simple().to_string();
        let iat = Utc::now();
        let exp = iat + token_duration;

        AuthClaims {
            jti: jti,
            sub: user_info.id.clone(),
            exp: exp,
            iat: iat,
        }
    }

203
204
    pub fn encode(self, secret: &str) -> JwtResult<String> {
        encode(&Header::default(), &self, &EncodingKey::from_secret(secret.as_bytes()))
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
205
206
    }
}