aboutsummaryrefslogtreecommitdiff
path: root/crates/iam/src/main.rs
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--crates/iam/src/main.rs114
1 files changed, 39 insertions, 75 deletions
diff --git a/crates/iam/src/main.rs b/crates/iam/src/main.rs
index 4f6316a..ce72072 100644
--- a/crates/iam/src/main.rs
+++ b/crates/iam/src/main.rs
@@ -10,7 +10,8 @@ use api::{
use clap::Parser;
use command::dev_oauth2_listen;
use env_logger::Env;
-use secd::{Secd, SecdError};
+use secd::{Secd, SecdError, ENV_AUTH_STORE_CONN_STRING};
+use std::str::FromStr;
use util::{error_detail, Result};
use uuid::Uuid;
@@ -49,16 +50,15 @@ async fn exec() -> Result<Option<String>> {
}
rest @ _ => {
- let cfg = util::read_config(args.profile).map_err(|_| CliError::InvalidProfile)?;
- let secd = Secd::init(
- cfg.store,
- Some(&cfg.store_conn),
- cfg.emailer,
- cfg.email_template_login,
- cfg.email_template_signup,
- )
- .await
- .map_err(|e| CliError::SecdInitializationFailure(e.to_string()))?;
+ // let cfg = util::read_config(args.profile).map_err(|_| CliError::InvalidProfile)?;
+ std::env::set_var(
+ ENV_AUTH_STORE_CONN_STRING,
+ "sqlite:///tmp/store.db?mode=rwc",
+ // "postgresql://secduser:p4ssw0rd@localhost:5412/secd",
+ );
+ let secd = Secd::init()
+ .await
+ .map_err(|e| CliError::SecdInitializationFailure(e.to_string()))?;
match rest {
Command::Admin { action } => admin(&secd, action).await?,
@@ -69,13 +69,13 @@ async fn exec() -> Result<Option<String>> {
"4a696b66-6231-4a2f-811c-4448a41473d2",
"Code path should be unreachable",
))),
- Command::Link { object, unlink } => link(&secd, object, unlink).await?,
+ Command::Link { object, unlink } => todo!(),
Command::Ls {
object,
name,
before,
after,
- } => list(&secd, object, name, before, after).await?,
+ } => todo!(),
Command::Repl => {
unimplemented!()
}
@@ -90,19 +90,7 @@ async fn admin(secd: &Secd, cmd: AdminAction) -> Result<Option<String>> {
println!("do backend stuff!");
None
}
- AdminAction::Create { object } => match object {
- AdminObject::Oauth2Provider {
- provider,
- client_id,
- secret,
- redirect_url,
- } => {
- secd.create_oauth_provider(&provider, client_id, secret, redirect_url)
- .await?;
- None
- }
- rest @ _ => unimplemented!(),
- },
+ AdminAction::Create { object } => todo!(),
AdminAction::Seal => {
println!("do seal");
None
@@ -148,54 +136,31 @@ async fn create(secd: &Secd, cmd: CreateObject) -> Result<Option<String>> {
CreateObject::Session {
validation_id,
secret_code,
- } => {
- let session = secd
- .exchange_code_for_session(validation_id, secret_code)
- .await
- .map_err(|e| match e {
- SecdError::InvalidCode => CliError::InvalidCode,
- _ => CliError::InternalError(error_detail(
- "17e5c226-5d7d-44a2-b3b5-be3ee958c252",
- "An unknown error while exchanging a session",
- )),
- })?;
- serde_json::to_string(&session).ok()
- }
- CreateObject::Validation { method, identity } => match method {
- ValidationMethod::Email { address } => serde_json::to_string(&Validation {
- validation_id: secd.create_validation_request_email(&address).await?,
- note: Some("<secret code> sent to client".into()),
- oauth_auth_url: None,
- })
- .ok(),
+ } => todo!(),
+ CreateObject::Validation {
+ method,
+ identity_id,
+ } => match method {
+ ValidationMethod::Email { address } => {
+ let validation = secd.validate_email(&address, identity_id).await?;
- ValidationMethod::Oauth2 {
- provider,
- scope,
- identity,
- } => {
- let redirect = secd
- .create_validation_request_oauth(&provider, scope)
- .await?
- .to_string();
- let validation_id = redirect
- .split("state=")
- .collect::<Vec<&str>>()
- .last()
- .map(|i| Uuid::parse_str(i).ok())
- .flatten()
- .unwrap();
- serde_json::to_string(&Validation {
- validation_id,
- note: Some(
- "<secret code> is retrieved by completing oauth flow in the browser".into(),
- ),
- oauth_auth_url: Some(redirect),
- })
- .ok()
+ Some(serde_json::ser::to_string(&validation)?.to_string())
}
_ => unimplemented!(),
},
+ CreateObject::ValidationCompletion {
+ validation_id,
+ token,
+ code,
+ } => {
+ if token.is_none() && code.is_none() {
+ bail!("A token or code must be specified")
+ }
+ let session = secd
+ .complete_address_validation(&validation_id, token, code)
+ .await?;
+ Some(serde_json::ser::to_string(&session)?.to_string())
+ }
})
}
@@ -215,10 +180,10 @@ async fn get(secd: &Secd, cmd: GetObject) -> Result<Option<String>> {
println!("get object group");
None
}
- GetObject::Identity { id } => {
- println!("get object identity");
- None
+ GetObject::Identity { session_token } => {
+ Some(serde_json::ser::to_string(&secd.get_identity(&session_token).await?)?.to_string())
}
+
GetObject::Permission { name, id } => {
println!("get object permission");
None
@@ -236,8 +201,7 @@ async fn get(secd: &Secd, cmd: GetObject) -> Result<Option<String>> {
None
}
GetObject::Session { secret } => {
- println!("get object session");
- None
+ Some(serde_json::ser::to_string(&secd.get_session(&secret).await?)?.to_string())
}
GetObject::Validation { id } => {
println!("get object validation");
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-06 12:55:06 +0000