users.rs 5.18 KB
Newer Older
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
1 2
use uuid::Uuid;
use diesel::prelude::*;
3
use diesel::result::Error as DieselError;
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
4
use diesel_derive_enum::DbEnum;
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
5 6 7 8 9
use rocket::request::{FromRequest, Request, Outcome};
use serde::{Serialize, Deserialize};
use chrono::serde::ts_seconds;
use chrono::prelude::{DateTime, Utc};
use chrono::Duration;
10 11
// TODO: Maybe just use argon2 crate directly
use djangohashers::{make_password_with_algorithm, check_password, HasherError, Algorithm};
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
12
use jsonwebtoken::{encode, Header, EncodingKey, errors::Result as JwtResult};
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
13 14

use crate::schema::*;
15
use crate::DbConn;
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
16

Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
17

18 19
#[derive(Debug, DbEnum, Deserialize)]
#[serde(rename_all = "snake_case")]
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
20 21 22 23 24
pub enum Role {
    Admin,
    ZoneAdmin,
}

25 26 27
// TODO: Store Uuid instead of string??
// TODO: Store role as Role and not String.
#[derive(Debug, Queryable, Identifiable, Insertable)]
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
28 29 30 31 32 33
#[table_name = "user"]
pub struct User {
    pub id: String,
    pub role: String,
}

34
#[derive(Debug, Queryable, Identifiable, Insertable)]
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
35 36 37 38 39 40 41 42
#[table_name = "localuser"]
#[primary_key(user_id)]
pub struct LocalUser {
    pub user_id: String,
    pub username: String,
    pub password: String,
}

43 44 45 46 47 48 49 50
#[derive(Debug, Deserialize)]
pub struct CreateUserRequest {
    pub username: String,
    pub password: String,
    pub email: String,
    pub role: Option<Role>
}

Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
51 52 53 54 55
// pub struct LdapUserAssociation {
//     user_id: Uuid,
//     ldap_id: String
// }

Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
#[derive(Debug, Serialize, Deserialize)]
pub struct AuthClaims {
    pub jti: String,
    pub sub: String,
    #[serde(with = "ts_seconds")]
    pub exp: DateTime<Utc>,
    #[serde(with = "ts_seconds")]
    pub iat: DateTime<Utc>,
}

#[derive(Debug, Serialize)]
pub struct AuthTokenResponse {
    pub token: String
}

#[derive(Debug, Deserialize)]
pub struct AuthTokenRequest {
    pub username: String,
    pub password: String,
}

77
#[derive(Debug)]
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
78
pub struct UserInfo {
79 80 81
    pub id: String,
    pub role: String,
    pub username: String,
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
82 83 84 85 86 87
}

impl<'a, 'r> FromRequest<'a, 'r> for UserInfo {
    type Error = ();

    fn from_request(request: &'a Request<'r>) -> Outcome<UserInfo, ()> {
88
        // LocalUser::get_user_by_uuid()
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
89 90 91
        Outcome::Forward(())
    }
}
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187

#[derive(Debug)]
pub enum UserError {
    NotFound,
    UserExists,
    DbError(DieselError),
    PasswordError(HasherError),
}

impl From<DieselError> for UserError {
    fn from(e: DieselError) -> Self {
        match e {
            DieselError::NotFound => UserError::NotFound,
            DieselError::DatabaseError(diesel::result::DatabaseErrorKind::UniqueViolation, _) => UserError::UserExists,
            other => UserError::DbError(other)
        }
    }
}

impl From<HasherError> for UserError {
    fn from(e: HasherError) -> Self {
        match e {
            other => UserError::PasswordError(other)
        }
    }
}

impl LocalUser {
    pub fn create_user(conn: &DbConn, user_request: CreateUserRequest) -> Result<UserInfo, UserError> {
        use crate::schema::localuser::dsl::*;
        use crate::schema::user::dsl::*;

        let new_user_id = Uuid::new_v4().to_simple().to_string();

        let new_user = User {
            id: new_user_id.clone(),
            // TODO: Use role from request
            role: "zoneadmin".into(),
        };

        let new_localuser = LocalUser {
            user_id: new_user_id.clone(),
            username: user_request.username.clone(),
            password: make_password_with_algorithm(&user_request.password, Algorithm::Argon2),
        };

        let res = UserInfo {
            id: new_user.id.clone(),
            role: new_user.role.clone(),
            username: new_localuser.username.clone(),
        };

        conn.immediate_transaction(|| -> diesel::QueryResult<()> {
            diesel::insert_into(user)
                .values(new_user)
                .execute(&**conn)?;

            diesel::insert_into(localuser)
                .values(new_localuser)
                .execute(&**conn)?;

            Ok(())
        })?;

        Ok(res)
    }

    pub fn get_user_by_creds(
        conn: &DbConn,
        request_username: &str,
        request_password: &str
    ) ->  Result<UserInfo, UserError> {

        use crate::schema::localuser::dsl::*;
        use crate::schema::user::dsl::*;

        let (client_user, client_localuser): (User, LocalUser) = user.inner_join(localuser)
            .filter(username.eq(request_username))
            .get_result(&**conn)?;

        if !check_password(&request_password, &client_localuser.password)? {
            return Err(UserError::NotFound);
        }

        Ok(UserInfo {
            id: client_user.id,
            role: client_user.role,
            username: client_localuser.username,
        })
    }

    pub fn get_user_by_uuid(user_id: Uuid) -> Result<UserInfo, ()> {
        unimplemented!()
    }

}
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
188 189 190 191 192 193 194 195 196 197 198 199 200 201 202

impl AuthClaims {
    pub fn new(user_info: &UserInfo, token_duration: Duration) -> AuthClaims {
        let jti = Uuid::new_v4().to_simple().to_string();
        let iat = Utc::now();
        let exp = iat + token_duration;

        AuthClaims {
            jti: jti,
            sub: user_info.id.clone(),
            exp: exp,
            iat: iat,
        }
    }

203 204
    pub fn encode(self, secret: &str) -> JwtResult<String> {
        encode(&Header::default(), &self, &EncodingKey::from_secret(secret.as_bytes()))
Gaël Berthaud-Müller's avatar
Gaël Berthaud-Müller committed
205 206
    }
}