diff options
| author | benj <benj@rse8.com> | 2022-12-24 00:43:38 -0800 |
|---|---|---|
| committer | benj <benj@rse8.com> | 2022-12-24 00:43:38 -0800 |
| commit | c2268c285648ef02ece04de0d9df0813c6d70ff8 (patch) | |
| tree | f84ec7ee42f97d78245f26d0c5a0c559cd35e89d /crates/iam/src/main.rs | |
| parent | de6339da72af1d61ca5908b780977e2b037ce014 (diff) | |
| download | secdiam-c2268c285648ef02ece04de0d9df0813c6d70ff8.tar secdiam-c2268c285648ef02ece04de0d9df0813c6d70ff8.tar.gz secdiam-c2268c285648ef02ece04de0d9df0813c6d70ff8.tar.bz2 secdiam-c2268c285648ef02ece04de0d9df0813c6d70ff8.tar.lz secdiam-c2268c285648ef02ece04de0d9df0813c6d70ff8.tar.xz secdiam-c2268c285648ef02ece04de0d9df0813c6d70ff8.tar.zst secdiam-c2268c285648ef02ece04de0d9df0813c6d70ff8.zip | |
refactor everything with more abstraction and a nicer interface
Diffstat (limited to 'crates/iam/src/main.rs')
| -rw-r--r-- | crates/iam/src/main.rs | 114 |
1 files changed, 39 insertions, 75 deletions
diff --git a/crates/iam/src/main.rs b/crates/iam/src/main.rs index 4f6316a..ce72072 100644 --- a/crates/iam/src/main.rs +++ b/crates/iam/src/main.rs @@ -10,7 +10,8 @@ use api::{ use clap::Parser; use command::dev_oauth2_listen; use env_logger::Env; -use secd::{Secd, SecdError}; +use secd::{Secd, SecdError, ENV_AUTH_STORE_CONN_STRING}; +use std::str::FromStr; use util::{error_detail, Result}; use uuid::Uuid; @@ -49,16 +50,15 @@ async fn exec() -> Result<Option<String>> { } rest @ _ => { - let cfg = util::read_config(args.profile).map_err(|_| CliError::InvalidProfile)?; - let secd = Secd::init( - cfg.store, - Some(&cfg.store_conn), - cfg.emailer, - cfg.email_template_login, - cfg.email_template_signup, - ) - .await - .map_err(|e| CliError::SecdInitializationFailure(e.to_string()))?; + // let cfg = util::read_config(args.profile).map_err(|_| CliError::InvalidProfile)?; + std::env::set_var( + ENV_AUTH_STORE_CONN_STRING, + "sqlite:///tmp/store.db?mode=rwc", + // "postgresql://secduser:p4ssw0rd@localhost:5412/secd", + ); + let secd = Secd::init() + .await + .map_err(|e| CliError::SecdInitializationFailure(e.to_string()))?; match rest { Command::Admin { action } => admin(&secd, action).await?, @@ -69,13 +69,13 @@ async fn exec() -> Result<Option<String>> { "4a696b66-6231-4a2f-811c-4448a41473d2", "Code path should be unreachable", ))), - Command::Link { object, unlink } => link(&secd, object, unlink).await?, + Command::Link { object, unlink } => todo!(), Command::Ls { object, name, before, after, - } => list(&secd, object, name, before, after).await?, + } => todo!(), Command::Repl => { unimplemented!() } @@ -90,19 +90,7 @@ async fn admin(secd: &Secd, cmd: AdminAction) -> Result<Option<String>> { println!("do backend stuff!"); None } - AdminAction::Create { object } => match object { - AdminObject::Oauth2Provider { - provider, - client_id, - secret, - redirect_url, - } => { - secd.create_oauth_provider(&provider, client_id, secret, redirect_url) - .await?; - None - } - rest @ _ => unimplemented!(), - }, + AdminAction::Create { object } => todo!(), AdminAction::Seal => { println!("do seal"); None @@ -148,54 +136,31 @@ async fn create(secd: &Secd, cmd: CreateObject) -> Result<Option<String>> { CreateObject::Session { validation_id, secret_code, - } => { - let session = secd - .exchange_code_for_session(validation_id, secret_code) - .await - .map_err(|e| match e { - SecdError::InvalidCode => CliError::InvalidCode, - _ => CliError::InternalError(error_detail( - "17e5c226-5d7d-44a2-b3b5-be3ee958c252", - "An unknown error while exchanging a session", - )), - })?; - serde_json::to_string(&session).ok() - } - CreateObject::Validation { method, identity } => match method { - ValidationMethod::Email { address } => serde_json::to_string(&Validation { - validation_id: secd.create_validation_request_email(&address).await?, - note: Some("<secret code> sent to client".into()), - oauth_auth_url: None, - }) - .ok(), + } => todo!(), + CreateObject::Validation { + method, + identity_id, + } => match method { + ValidationMethod::Email { address } => { + let validation = secd.validate_email(&address, identity_id).await?; - ValidationMethod::Oauth2 { - provider, - scope, - identity, - } => { - let redirect = secd - .create_validation_request_oauth(&provider, scope) - .await? - .to_string(); - let validation_id = redirect - .split("state=") - .collect::<Vec<&str>>() - .last() - .map(|i| Uuid::parse_str(i).ok()) - .flatten() - .unwrap(); - serde_json::to_string(&Validation { - validation_id, - note: Some( - "<secret code> is retrieved by completing oauth flow in the browser".into(), - ), - oauth_auth_url: Some(redirect), - }) - .ok() + Some(serde_json::ser::to_string(&validation)?.to_string()) } _ => unimplemented!(), }, + CreateObject::ValidationCompletion { + validation_id, + token, + code, + } => { + if token.is_none() && code.is_none() { + bail!("A token or code must be specified") + } + let session = secd + .complete_address_validation(&validation_id, token, code) + .await?; + Some(serde_json::ser::to_string(&session)?.to_string()) + } }) } @@ -215,10 +180,10 @@ async fn get(secd: &Secd, cmd: GetObject) -> Result<Option<String>> { println!("get object group"); None } - GetObject::Identity { id } => { - println!("get object identity"); - None + GetObject::Identity { session_token } => { + Some(serde_json::ser::to_string(&secd.get_identity(&session_token).await?)?.to_string()) } + GetObject::Permission { name, id } => { println!("get object permission"); None @@ -236,8 +201,7 @@ async fn get(secd: &Secd, cmd: GetObject) -> Result<Option<String>> { None } GetObject::Session { secret } => { - println!("get object session"); - None + Some(serde_json::ser::to_string(&secd.get_session(&secret).await?)?.to_string()) } GetObject::Validation { id } => { println!("get object validation"); |