diff options
| author | benj <benj@rse8.com> | 2022-12-30 15:57:36 -0800 |
|---|---|---|
| committer | benj <benj@rse8.com> | 2022-12-30 15:57:36 -0800 |
| commit | 8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3 (patch) | |
| tree | 1ff85fd9fbd94a5559f9dbac755973fd58b31f28 /crates/secd/src/lib.rs | |
| parent | f0ea9ecd17b03605d747044874a26e1bd52c0ee1 (diff) | |
| download | secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.gz secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.bz2 secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.lz secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.xz secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.tar.zst secdiam-8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3.zip | |
impl authZ write and check (depends on spicedb for now)
Diffstat (limited to '')
| -rw-r--r-- | crates/secd/src/lib.rs | 97 |
1 files changed, 93 insertions, 4 deletions
diff --git a/crates/secd/src/lib.rs b/crates/secd/src/lib.rs index c84f7cf..15a92a8 100644 --- a/crates/secd/src/lib.rs +++ b/crates/secd/src/lib.rs @@ -1,15 +1,20 @@ +pub mod auth; mod client; -mod command; mod util; use client::{ - email::{EmailMessenger, EmailMessengerError}, - store::{Store, StoreError}, + email::{EmailMessenger, EmailMessengerError, LocalMailer}, + spice::Spice, + store::{ + sql_db::{PgClient, SqliteClient}, + Store, StoreError, + }, }; use email_address::EmailAddress; +use log::{error, info}; use serde::{Deserialize, Serialize}; use serde_with::{serde_as, DisplayFromStr}; -use std::sync::Arc; +use std::{env::var, str::FromStr, sync::Arc}; use strum_macros::{Display, EnumString, EnumVariantNames}; use time::OffsetDateTime; use url::Url; @@ -19,6 +24,8 @@ pub const ENV_AUTH_STORE_CONN_STRING: &str = "SECD_AUTH_STORE_CONN_STRING"; pub const ENV_EMAIL_MESSENGER: &str = "SECD_EMAIL_MESSENGER"; pub const ENV_EMAIL_MESSENGER_CLIENT_ID: &str = "SECD_EMAIL_MESSENGER_CLIENT_ID"; pub const ENV_EMAIL_MESSENGER_CLIENT_SECRET: &str = "SECD_EMAIL_MESSENGER_CLIENT_SECRET"; +pub const ENV_SPICE_SECRET: &str = "SECD_SPICE_SECRET"; +pub const ENV_SPICE_SERVER: &str = "SECD_SPICE_SERVER"; const SESSION_SIZE_BYTES: usize = 32; const SESSION_DURATION: i64 = 60 /* seconds*/ * 60 /* minutes */ * 24 /* hours */ * 360 /* days */; @@ -55,12 +62,15 @@ pub enum SecdError { StoreInitFailure(String), FailedToDecodeInput(#[from] hex::FromHexError), + + AuthorizationNotSupported(String), Todo, } pub struct Secd { store: Arc<dyn Store + Send + Sync + 'static>, email_messenger: Arc<dyn EmailMessenger + Send + Sync + 'static>, + spice: Option<Arc<Spice>>, } #[derive(Display, Debug, Serialize, Deserialize, EnumString, EnumVariantNames)] @@ -184,3 +194,82 @@ pub struct Session { #[serde(with = "time::serde::timestamp::option")] pub revoked_at: Option<OffsetDateTime>, } + +impl Secd { + /// init + /// + /// Initialize SecD with the specified configuration, established the necessary + /// constraints, persistance stores, and options. + pub async fn init(z_schema: Option<&str>) -> Result<Self, SecdError> { + let auth_store = AuthStore::from(var(ENV_AUTH_STORE_CONN_STRING).ok()); + let email_messenger = AuthEmailMessenger::from_str( + &var(ENV_EMAIL_MESSENGER).unwrap_or(AuthEmailMessenger::Local.to_string()), + ) + .expect("unreachable f4ad0f48-0812-427f-b477-0f9c67bb69c5"); + let email_messenger_client_id = var(ENV_EMAIL_MESSENGER_CLIENT_ID).ok(); + let email_messenger_client_secret = var(ENV_EMAIL_MESSENGER_CLIENT_SECRET).ok(); + + info!("starting client with auth_store: {:?}", auth_store); + info!("starting client with email_messenger: {:?}", auth_store); + + let store = match auth_store { + AuthStore::Sqlite { conn } => { + if z_schema.is_some() { + return Err(SecdError::AuthorizationNotSupported( + "sqlite is currently unsupported".into(), + )); + } + + SqliteClient::new( + sqlx::sqlite::SqlitePoolOptions::new() + .connect(&conn) + .await + .map_err(|e| { + SecdError::StoreInitFailure(format!("failed to init sqlite: {}", e)) + })?, + ) + .await + } + AuthStore::Postgres { conn } => { + PgClient::new( + sqlx::postgres::PgPoolOptions::new() + .connect(&conn) + .await + .map_err(|e| { + SecdError::StoreInitFailure(format!("failed to init sqlite: {}", e)) + })?, + ) + .await + } + rest @ _ => { + error!( + "requested an AuthStore which has not yet been implemented: {:?}", + rest + ); + unimplemented!() + } + }; + + let email_sender = match email_messenger { + AuthEmailMessenger::Local => LocalMailer {}, + _ => unimplemented!(), + }; + + let spice = match z_schema { + Some(schema) => { + let c: Arc<Spice> = Arc::new(Spice::new().await); + c.write_schema(schema) + .await + .expect("failed to write authorization schema".into()); + Some(c) + } + None => None, + }; + + Ok(Secd { + store, + email_messenger: Arc::new(email_sender), + spice, + }) + } +} |