From 8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3 Mon Sep 17 00:00:00 2001
From: benj <benj@rse8.com>
Date: Fri, 30 Dec 2022 15:57:36 -0800
Subject: impl authZ write and check (depends on spicedb for now)

---
 crates/secd/src/lib.rs | 97 +++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 93 insertions(+), 4 deletions(-)

(limited to 'crates/secd/src/lib.rs')

diff --git a/crates/secd/src/lib.rs b/crates/secd/src/lib.rs
index c84f7cf..15a92a8 100644
--- a/crates/secd/src/lib.rs
+++ b/crates/secd/src/lib.rs
@@ -1,15 +1,20 @@
+pub mod auth;
 mod client;
-mod command;
 mod util;
 
 use client::{
-    email::{EmailMessenger, EmailMessengerError},
-    store::{Store, StoreError},
+    email::{EmailMessenger, EmailMessengerError, LocalMailer},
+    spice::Spice,
+    store::{
+        sql_db::{PgClient, SqliteClient},
+        Store, StoreError,
+    },
 };
 use email_address::EmailAddress;
+use log::{error, info};
 use serde::{Deserialize, Serialize};
 use serde_with::{serde_as, DisplayFromStr};
-use std::sync::Arc;
+use std::{env::var, str::FromStr, sync::Arc};
 use strum_macros::{Display, EnumString, EnumVariantNames};
 use time::OffsetDateTime;
 use url::Url;
@@ -19,6 +24,8 @@ pub const ENV_AUTH_STORE_CONN_STRING: &str = "SECD_AUTH_STORE_CONN_STRING";
 pub const ENV_EMAIL_MESSENGER: &str = "SECD_EMAIL_MESSENGER";
 pub const ENV_EMAIL_MESSENGER_CLIENT_ID: &str = "SECD_EMAIL_MESSENGER_CLIENT_ID";
 pub const ENV_EMAIL_MESSENGER_CLIENT_SECRET: &str = "SECD_EMAIL_MESSENGER_CLIENT_SECRET";
+pub const ENV_SPICE_SECRET: &str = "SECD_SPICE_SECRET";
+pub const ENV_SPICE_SERVER: &str = "SECD_SPICE_SERVER";
 
 const SESSION_SIZE_BYTES: usize = 32;
 const SESSION_DURATION: i64 = 60 /* seconds*/ * 60 /* minutes */ * 24 /* hours */ * 360 /* days */;
@@ -55,12 +62,15 @@ pub enum SecdError {
     StoreInitFailure(String),
 
     FailedToDecodeInput(#[from] hex::FromHexError),
+
+    AuthorizationNotSupported(String),
     Todo,
 }
 
 pub struct Secd {
     store: Arc<dyn Store + Send + Sync + 'static>,
     email_messenger: Arc<dyn EmailMessenger + Send + Sync + 'static>,
+    spice: Option<Arc<Spice>>,
 }
 
 #[derive(Display, Debug, Serialize, Deserialize, EnumString, EnumVariantNames)]
@@ -184,3 +194,82 @@ pub struct Session {
     #[serde(with = "time::serde::timestamp::option")]
     pub revoked_at: Option<OffsetDateTime>,
 }
+
+impl Secd {
+    /// init
+    ///
+    /// Initialize SecD with the specified configuration, established the necessary
+    /// constraints, persistance stores, and options.
+    pub async fn init(z_schema: Option<&str>) -> Result<Self, SecdError> {
+        let auth_store = AuthStore::from(var(ENV_AUTH_STORE_CONN_STRING).ok());
+        let email_messenger = AuthEmailMessenger::from_str(
+            &var(ENV_EMAIL_MESSENGER).unwrap_or(AuthEmailMessenger::Local.to_string()),
+        )
+        .expect("unreachable f4ad0f48-0812-427f-b477-0f9c67bb69c5");
+        let email_messenger_client_id = var(ENV_EMAIL_MESSENGER_CLIENT_ID).ok();
+        let email_messenger_client_secret = var(ENV_EMAIL_MESSENGER_CLIENT_SECRET).ok();
+
+        info!("starting client with auth_store: {:?}", auth_store);
+        info!("starting client with email_messenger: {:?}", auth_store);
+
+        let store = match auth_store {
+            AuthStore::Sqlite { conn } => {
+                if z_schema.is_some() {
+                    return Err(SecdError::AuthorizationNotSupported(
+                        "sqlite is currently unsupported".into(),
+                    ));
+                }
+
+                SqliteClient::new(
+                    sqlx::sqlite::SqlitePoolOptions::new()
+                        .connect(&conn)
+                        .await
+                        .map_err(|e| {
+                            SecdError::StoreInitFailure(format!("failed to init sqlite: {}", e))
+                        })?,
+                )
+                .await
+            }
+            AuthStore::Postgres { conn } => {
+                PgClient::new(
+                    sqlx::postgres::PgPoolOptions::new()
+                        .connect(&conn)
+                        .await
+                        .map_err(|e| {
+                            SecdError::StoreInitFailure(format!("failed to init sqlite: {}", e))
+                        })?,
+                )
+                .await
+            }
+            rest @ _ => {
+                error!(
+                    "requested an AuthStore which has not yet been implemented: {:?}",
+                    rest
+                );
+                unimplemented!()
+            }
+        };
+
+        let email_sender = match email_messenger {
+            AuthEmailMessenger::Local => LocalMailer {},
+            _ => unimplemented!(),
+        };
+
+        let spice = match z_schema {
+            Some(schema) => {
+                let c: Arc<Spice> = Arc::new(Spice::new().await);
+                c.write_schema(schema)
+                    .await
+                    .expect("failed to write authorization schema".into());
+                Some(c)
+            }
+            None => None,
+        };
+
+        Ok(Secd {
+            store,
+            email_messenger: Arc::new(email_sender),
+            spice,
+        })
+    }
+}
-- 
cgit v1.2.3