factoriauth/src/auth.rs

use std::sync::Arc;

use rand::{seq::IteratorRandom, thread_rng};
use thiserror::Error;
use tokio::sync::Mutex;
use tracing::{event, instrument, Level};

use crate::{
    db::{/* Database, */ Database, SqliteDatabase},
    secrets::{Password, UserToken},
};

#[derive(Debug, Error)]
pub enum AuthenticationError {
    #[error("Invalid username or password")]
    InvalidUserOrPassword,
    #[error("Invalid token")]
    InvalidToken,
    #[error("Invalid server hash")]
    InvalidServerHash,
    #[error("Authentication backend error")]
    Backend(#[from] sqlx::Error),
}

#[derive(Debug)]
pub struct Authenticator {
    db: Arc<Mutex<SqliteDatabase>>,
}

impl Authenticator {
    pub fn new(db: Arc<Mutex<SqliteDatabase>>) -> Self {
        Self { db }
    }

    #[instrument]
    pub async fn create_user_token(&mut self, username: &str, password: &Password) -> UserToken {
        let mut token_str = "".to_owned();

        let mut rng = thread_rng();
        for _ in 0..30 {
            let digit = (0..=15).choose(&mut rng).unwrap();
            let char = (('a' as u8) + digit) as char;
            token_str.push(char)
        }

        let new_token = UserToken::from(token_str);

        let mut db = self.db.lock().await;
        if let Err(err) = db.save_token(username, &new_token).await {
            event!(Level::ERROR, %err, "Failed to save token in database");
        }

        new_token
    }

    #[instrument]
    pub async fn verify_user_token(
        &self,
        username: &str,
        token: &UserToken,
    ) -> Result<(), AuthenticationError> {
        let mut db = self.db.lock().await;

        // TODO: (in db) distinguish between invalid token and SQLX error
        db.get_token(username).await?;

        Ok(())
    }
}
beginnings of SqliteDatabase 2024-02-10 12:06:53 +01:00			`use std::sync::Arc;`

generate token and save in database 2024-02-10 13:07:36 +01:00			`use rand::{seq::IteratorRandom, thread_rng};`
Add AuthenticationError enum 2024-02-10 13:08:45 +01:00			`use thiserror::Error;`
beginnings of SqliteDatabase 2024-02-10 12:06:53 +01:00			`use tokio::sync::Mutex;`
generate token and save in database 2024-02-10 13:07:36 +01:00			`use tracing::{event, instrument, Level};`
use SecretString for password and user token 2024-02-10 11:10:58 +01:00
move secrets to secrets.rs 2024-02-10 12:32:01 +01:00			`use crate::{`
generate token and save in database 2024-02-10 13:07:36 +01:00			`db::{/* Database, */ Database, SqliteDatabase},`
move secrets to secrets.rs 2024-02-10 12:32:01 +01:00			`secrets::{Password, UserToken},`
			`};`
use SecretString for password and user token 2024-02-10 11:10:58 +01:00
Add AuthenticationError enum 2024-02-10 13:08:45 +01:00			`#[derive(Debug, Error)]`
			`pub enum AuthenticationError {`
			`#[error("Invalid username or password")]`
			`InvalidUserOrPassword,`
			`#[error("Invalid token")]`
			`InvalidToken,`
			`#[error("Invalid server hash")]`
			`InvalidServerHash,`
			`#[error("Authentication backend error")]`
			`Backend(#[from] sqlx::Error),`
			`}`

log {create,verify}_user_token 2024-02-10 11:20:35 +01:00			`#[derive(Debug)]`
make Authenticator non-generic 2024-02-10 12:56:35 +01:00			`pub struct Authenticator {`
			`db: Arc<Mutex<SqliteDatabase>>,`
authenticator skeleton 2024-02-10 10:51:56 +01:00			`}`

make Authenticator non-generic 2024-02-10 12:56:35 +01:00			`impl Authenticator {`
beginnings of SqliteDatabase 2024-02-10 12:06:53 +01:00			`pub fn new(db: Arc<Mutex<SqliteDatabase>>) -> Self {`
			`Self { db }`
authenticator skeleton 2024-02-10 10:51:56 +01:00			`}`

log {create,verify}_user_token 2024-02-10 11:20:35 +01:00			`#[instrument]`
beginnings of SqliteDatabase 2024-02-10 12:06:53 +01:00			`pub async fn create_user_token(&mut self, username: &str, password: &Password) -> UserToken {`
generate token and save in database 2024-02-10 13:07:36 +01:00			`let mut token_str = "".to_owned();`

			`let mut rng = thread_rng();`
			`for _ in 0..30 {`
			`let digit = (0..=15).choose(&mut rng).unwrap();`
			`let char = (('a' as u8) + digit) as char;`
			`token_str.push(char)`
			`}`

			`let new_token = UserToken::from(token_str);`

			`let mut db = self.db.lock().await;`
			`if let Err(err) = db.save_token(username, &new_token).await {`
			`event!(Level::ERROR, %err, "Failed to save token in database");`
			`}`

			`new_token`
verify_user_token 2024-02-10 11:11:46 +01:00			`}`

log {create,verify}_user_token 2024-02-10 11:20:35 +01:00			`#[instrument]`
Add AuthenticationError enum 2024-02-10 13:08:45 +01:00			`pub async fn verify_user_token(`
			`&self,`
			`username: &str,`
			`token: &UserToken,`
			`) -> Result<(), AuthenticationError> {`
basic implementation of verify_user_token 2024-02-10 13:10:54 +01:00			`let mut db = self.db.lock().await;`

			`// TODO: (in db) distinguish between invalid token and SQLX error`
Add AuthenticationError enum 2024-02-10 13:08:45 +01:00			`db.get_token(username).await?;`

			`Ok(())`
authenticator skeleton 2024-02-10 10:51:56 +01:00			`}`
			`}`