nomilo/src/models/users.rs

use uuid::Uuid;
use diesel::prelude::*;
use diesel::result::Error as DieselError;
use diesel_derive_enum::DbEnum;
use rocket::request::{FromRequest, Request, Outcome};
use serde::{Serialize, Deserialize};
use chrono::serde::ts_seconds;
use chrono::prelude::{DateTime, Utc};
use chrono::Duration;
// TODO: Maybe just use argon2 crate directly
use djangohashers::{make_password_with_algorithm, check_password, HasherError, Algorithm};
use jsonwebtoken::{encode, Header, EncodingKey, errors::Result as JwtResult};

use crate::schema::*;
use crate::DbConn;


#[derive(Debug, DbEnum, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum Role {
    Admin,
    ZoneAdmin,
}

// TODO: Store Uuid instead of string??
// TODO: Store role as Role and not String.
#[derive(Debug, Queryable, Identifiable, Insertable)]
#[table_name = "user"]
pub struct User {
    pub id: String,
    pub role: String,
}

#[derive(Debug, Queryable, Identifiable, Insertable)]
#[table_name = "localuser"]
#[primary_key(user_id)]
pub struct LocalUser {
    pub user_id: String,
    pub username: String,
    pub password: String,
}

#[derive(Debug, Deserialize)]
pub struct CreateUserRequest {
    pub username: String,
    pub password: String,
    pub email: String,
    pub role: Option<Role>
}

// pub struct LdapUserAssociation {
//     user_id: Uuid,
//     ldap_id: String
// }

#[derive(Debug, Serialize, Deserialize)]
pub struct AuthClaims {
    pub jti: String,
    pub sub: String,
    #[serde(with = "ts_seconds")]
    pub exp: DateTime<Utc>,
    #[serde(with = "ts_seconds")]
    pub iat: DateTime<Utc>,
}

#[derive(Debug, Serialize)]
pub struct AuthTokenResponse {
    pub token: String
}

#[derive(Debug, Deserialize)]
pub struct AuthTokenRequest {
    pub username: String,
    pub password: String,
}

#[derive(Debug)]
pub struct UserInfo {
    pub id: String,
    pub role: String,
    pub username: String,
}

impl<'a, 'r> FromRequest<'a, 'r> for UserInfo {
    type Error = ();

    fn from_request(request: &'a Request<'r>) -> Outcome<UserInfo, ()> {
        // LocalUser::get_user_by_uuid()
        Outcome::Forward(())
    }
}

#[derive(Debug)]
pub enum UserError {
    NotFound,
    UserExists,
    DbError(DieselError),
    PasswordError(HasherError),
}

impl From<DieselError> for UserError {
    fn from(e: DieselError) -> Self {
        match e {
            DieselError::NotFound => UserError::NotFound,
            DieselError::DatabaseError(diesel::result::DatabaseErrorKind::UniqueViolation, _) => UserError::UserExists,
            other => UserError::DbError(other)
        }
    }
}

impl From<HasherError> for UserError {
    fn from(e: HasherError) -> Self {
        match e {
            other => UserError::PasswordError(other)
        }
    }
}

impl LocalUser {
    pub fn create_user(conn: &DbConn, user_request: CreateUserRequest) -> Result<UserInfo, UserError> {
        use crate::schema::localuser::dsl::*;
        use crate::schema::user::dsl::*;

        let new_user_id = Uuid::new_v4().to_simple().to_string();

        let new_user = User {
            id: new_user_id.clone(),
            // TODO: Use role from request
            role: "zoneadmin".into(),
        };

        let new_localuser = LocalUser {
            user_id: new_user_id.clone(),
            username: user_request.username.clone(),
            password: make_password_with_algorithm(&user_request.password, Algorithm::Argon2),
        };

        let res = UserInfo {
            id: new_user.id.clone(),
            role: new_user.role.clone(),
            username: new_localuser.username.clone(),
        };

        conn.immediate_transaction(|| -> diesel::QueryResult<()> {
            diesel::insert_into(user)
                .values(new_user)
                .execute(&**conn)?;

            diesel::insert_into(localuser)
                .values(new_localuser)
                .execute(&**conn)?;

            Ok(())
        })?;

        Ok(res)
    }

    pub fn get_user_by_creds(
        conn: &DbConn,
        request_username: &str,
        request_password: &str
    ) ->  Result<UserInfo, UserError> {

        use crate::schema::localuser::dsl::*;
        use crate::schema::user::dsl::*;

        let (client_user, client_localuser): (User, LocalUser) = user.inner_join(localuser)
            .filter(username.eq(request_username))
            .get_result(&**conn)?;

        if !check_password(&request_password, &client_localuser.password)? {
            return Err(UserError::NotFound);
        }

        Ok(UserInfo {
            id: client_user.id,
            role: client_user.role,
            username: client_localuser.username,
        })
    }

    pub fn get_user_by_uuid(user_id: Uuid) -> Result<UserInfo, ()> {
        unimplemented!()
    }

}

impl AuthClaims {
    pub fn new(user_info: &UserInfo, token_duration: Duration) -> AuthClaims {
        let jti = Uuid::new_v4().to_simple().to_string();
        let iat = Utc::now();
        let exp = iat + token_duration;

        AuthClaims {
            jti: jti,
            sub: user_info.id.clone(),
            exp: exp,
            iat: iat,
        }
    }

    pub fn encode(self, secret: &str) -> JwtResult<String> {
        encode(&Header::default(), &self, &EncodingKey::from_secret(secret.as_bytes()))
    }
}
bootstrap database 2021-03-26 22:30:38 +00:00			`use uuid::Uuid;`
			`use diesel::prelude::*;`
basic token generation 2021-03-27 05:45:59 +00:00			`use diesel::result::Error as DieselError;`
bootstrap database 2021-03-26 22:30:38 +00:00			`use diesel_derive_enum::DbEnum;`
add config for tokens 2021-03-27 17:23:19 +00:00			`use rocket::request::{FromRequest, Request, Outcome};`
			`use serde::{Serialize, Deserialize};`
			`use chrono::serde::ts_seconds;`
			`use chrono::prelude::{DateTime, Utc};`
			`use chrono::Duration;`
basic token generation 2021-03-27 05:45:59 +00:00			`// TODO: Maybe just use argon2 crate directly`
			`use djangohashers::{make_password_with_algorithm, check_password, HasherError, Algorithm};`
add config for tokens 2021-03-27 17:23:19 +00:00			`use jsonwebtoken::{encode, Header, EncodingKey, errors::Result as JwtResult};`
bootstrap database 2021-03-26 22:30:38 +00:00
			`use crate::schema::*;`
basic token generation 2021-03-27 05:45:59 +00:00			`use crate::DbConn;`
bootstrap database 2021-03-26 22:30:38 +00:00
add config for tokens 2021-03-27 17:23:19 +00:00
basic token generation 2021-03-27 05:45:59 +00:00			`#[derive(Debug, DbEnum, Deserialize)]`
			`#[serde(rename_all = "snake_case")]`
bootstrap database 2021-03-26 22:30:38 +00:00			`pub enum Role {`
			`Admin,`
			`ZoneAdmin,`
			`}`

basic token generation 2021-03-27 05:45:59 +00:00			`// TODO: Store Uuid instead of string??`
			`// TODO: Store role as Role and not String.`
			`#[derive(Debug, Queryable, Identifiable, Insertable)]`
bootstrap database 2021-03-26 22:30:38 +00:00			`#[table_name = "user"]`
			`pub struct User {`
			`pub id: String,`
			`pub role: String,`
			`}`

basic token generation 2021-03-27 05:45:59 +00:00			`#[derive(Debug, Queryable, Identifiable, Insertable)]`
bootstrap database 2021-03-26 22:30:38 +00:00			`#[table_name = "localuser"]`
			`#[primary_key(user_id)]`
			`pub struct LocalUser {`
			`pub user_id: String,`
			`pub username: String,`
			`pub password: String,`
			`}`

basic token generation 2021-03-27 05:45:59 +00:00			`#[derive(Debug, Deserialize)]`
			`pub struct CreateUserRequest {`
			`pub username: String,`
			`pub password: String,`
			`pub email: String,`
			`pub role: Option<Role>`
			`}`

bootstrap database 2021-03-26 22:30:38 +00:00			`// pub struct LdapUserAssociation {`
			`// user_id: Uuid,`
			`// ldap_id: String`
			`// }`

add config for tokens 2021-03-27 17:23:19 +00:00			`#[derive(Debug, Serialize, Deserialize)]`
			`pub struct AuthClaims {`
			`pub jti: String,`
			`pub sub: String,`
			`#[serde(with = "ts_seconds")]`
			`pub exp: DateTime<Utc>,`
			`#[serde(with = "ts_seconds")]`
			`pub iat: DateTime<Utc>,`
			`}`

			`#[derive(Debug, Serialize)]`
			`pub struct AuthTokenResponse {`
			`pub token: String`
			`}`

			`#[derive(Debug, Deserialize)]`
			`pub struct AuthTokenRequest {`
			`pub username: String,`
			`pub password: String,`
			`}`

basic token generation 2021-03-27 05:45:59 +00:00			`#[derive(Debug)]`
bootstrap database 2021-03-26 22:30:38 +00:00			`pub struct UserInfo {`
basic token generation 2021-03-27 05:45:59 +00:00			`pub id: String,`
			`pub role: String,`
			`pub username: String,`
bootstrap database 2021-03-26 22:30:38 +00:00			`}`

			`impl<'a, 'r> FromRequest<'a, 'r> for UserInfo {`
			`type Error = ();`

			`fn from_request(request: &'a Request<'r>) -> Outcome<UserInfo, ()> {`
basic token generation 2021-03-27 05:45:59 +00:00			`// LocalUser::get_user_by_uuid()`
bootstrap database 2021-03-26 22:30:38 +00:00			`Outcome::Forward(())`
			`}`
			`}`
basic token generation 2021-03-27 05:45:59 +00:00
			`#[derive(Debug)]`
			`pub enum UserError {`
			`NotFound,`
			`UserExists,`
			`DbError(DieselError),`
			`PasswordError(HasherError),`
			`}`

			`impl From<DieselError> for UserError {`
			`fn from(e: DieselError) -> Self {`
			`match e {`
			`DieselError::NotFound => UserError::NotFound,`
			`DieselError::DatabaseError(diesel::result::DatabaseErrorKind::UniqueViolation, _) => UserError::UserExists,`
			`other => UserError::DbError(other)`
			`}`
			`}`
			`}`

			`impl From<HasherError> for UserError {`
			`fn from(e: HasherError) -> Self {`
			`match e {`
			`other => UserError::PasswordError(other)`
			`}`
			`}`
			`}`

			`impl LocalUser {`
			`pub fn create_user(conn: &DbConn, user_request: CreateUserRequest) -> Result<UserInfo, UserError> {`
			`use crate::schema::localuser::dsl::*;`
			`use crate::schema::user::dsl::*;`

			`let new_user_id = Uuid::new_v4().to_simple().to_string();`

			`let new_user = User {`
			`id: new_user_id.clone(),`
			`// TODO: Use role from request`
			`role: "zoneadmin".into(),`
			`};`

			`let new_localuser = LocalUser {`
			`user_id: new_user_id.clone(),`
			`username: user_request.username.clone(),`
			`password: make_password_with_algorithm(&user_request.password, Algorithm::Argon2),`
			`};`

			`let res = UserInfo {`
			`id: new_user.id.clone(),`
			`role: new_user.role.clone(),`
			`username: new_localuser.username.clone(),`
			`};`

			`conn.immediate_transaction(\|\| -> diesel::QueryResult<()> {`
			`diesel::insert_into(user)`
			`.values(new_user)`
			`.execute(&**conn)?;`

			`diesel::insert_into(localuser)`
			`.values(new_localuser)`
			`.execute(&**conn)?;`

			`Ok(())`
			`})?;`

			`Ok(res)`
			`}`

			`pub fn get_user_by_creds(`
			`conn: &DbConn,`
			`request_username: &str,`
			`request_password: &str`
			`) -> Result<UserInfo, UserError> {`

			`use crate::schema::localuser::dsl::*;`
			`use crate::schema::user::dsl::*;`

			`let (client_user, client_localuser): (User, LocalUser) = user.inner_join(localuser)`
			`.filter(username.eq(request_username))`
			`.get_result(&**conn)?;`

			`if !check_password(&request_password, &client_localuser.password)? {`
			`return Err(UserError::NotFound);`
			`}`

			`Ok(UserInfo {`
			`id: client_user.id,`
			`role: client_user.role,`
			`username: client_localuser.username,`
			`})`
			`}`

			`pub fn get_user_by_uuid(user_id: Uuid) -> Result<UserInfo, ()> {`
			`unimplemented!()`
			`}`

			`}`
add config for tokens 2021-03-27 17:23:19 +00:00
			`impl AuthClaims {`
			`pub fn new(user_info: &UserInfo, token_duration: Duration) -> AuthClaims {`
			`let jti = Uuid::new_v4().to_simple().to_string();`
			`let iat = Utc::now();`
			`let exp = iat + token_duration;`

			`AuthClaims {`
			`jti: jti,`
			`sub: user_info.id.clone(),`
			`exp: exp,`
			`iat: iat,`
			`}`
			`}`

secret as string and not bytes 2021-03-27 17:31:14 +00:00			`pub fn encode(self, secret: &str) -> JwtResult<String> {`
			`encode(&Header::default(), &self, &EncodingKey::from_secret(secret.as_bytes()))`
add config for tokens 2021-03-27 17:23:19 +00:00			`}`
			`}`