draft for permission framework

author: metamuffin <metamuffin@disroot.org> 2023-10-01 00:38:29 +0200
committer: metamuffin <metamuffin@disroot.org> 2023-10-01 00:38:29 +0200
commit: fc5e13ae525cb74e77a5bc51204f44476115cea9 (patch)
tree: a20b6d296d67735a2c8d42a0dc31b44c0bb53cb7 /server
parent: d546caa3f5053ade763430490911fefd6257af9f (diff)
download: jellything-fc5e13ae525cb74e77a5bc51204f44476115cea9.tar
jellything-fc5e13ae525cb74e77a5bc51204f44476115cea9.tar.bz2
jellything-fc5e13ae525cb74e77a5bc51204f44476115cea9.tar.zst
4 files changed, 25 insertions, 16 deletions
diff --git a/server/src/database.rs b/server/src/database.rs
index d5a435f..6c3b938 100644
--- a/server/src/database.rs
+++ b/server/src/database.rs
@@ -6,9 +6,11 @@
 use crate::routes::ui::account::hash_password;
 use anyhow::Context;
 use jellybase::CONF;
-use jellycommon::Node;
+use jellycommon::{
+    user::{PermissionSet, User},
+    Node,
+};
 use log::info;
-use serde::{Deserialize, Serialize};
 use std::path::Path;
 use typed_sled::Tree;
 
@@ -20,14 +22,6 @@ pub struct Database {
     pub node: Tree<String, Node>,
 }
 
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct User {
-    pub name: String,
-    pub display_name: String,
-    pub password: Vec<u8>,
-    pub admin: bool,
-}
-
 impl Database {
     pub fn open(path: &Path) -> Result<Self, anyhow::Error> {
         info!("opening database… (might take up to O(n) time)");
@@ -51,6 +45,7 @@ impl Database {
                     display_name: "Admin".to_string(),
                     name: CONF.admin_username.clone(),
                     password: hash_password(&CONF.admin_username, &CONF.admin_password),
+                    permissions: PermissionSet::default(),
                 },
             )
             .unwrap();
diff --git a/server/src/routes/ui/account/mod.rs b/server/src/routes/ui/account/mod.rs
index b7ba332..a4aa2dd 100644
--- a/server/src/routes/ui/account/mod.rs
+++ b/server/src/routes/ui/account/mod.rs
@@ -8,7 +8,7 @@ pub mod settings;
 
 use super::{error::MyError, layout::LayoutPage};
 use crate::{
-    database::{Database, User},
+    database::Database,
     routes::ui::{error::MyResult, home::rocket_uri_macro_r_home, layout::DynLayoutPage},
     uri,
 };
@@ -16,6 +16,7 @@ use anyhow::anyhow;
 use argon2::{password_hash::Salt, Argon2, PasswordHasher};
 use chrono::Duration;
 use jellybase::CONF;
+use jellycommon::user::{PermissionSet, User};
 use rocket::{
     form::{Contextual, Form},
     get,
@@ -131,6 +132,7 @@ pub fn r_account_register_post<'a>(
                 name: form.username.clone(),
                 password: hash_password(&form.username, &form.password),
                 admin: false,
+                permissions: PermissionSet::default(),
             }),
         )
         .unwrap()
@@ -188,7 +190,7 @@ pub fn login_logic(database: &Database, username: &str, password: &str) -> MyRes
     }
 
     Ok(session::token::create(
-        user.name,
+        &user,
         Duration::days(CONF.login_expire),
     ))
 }
diff --git a/server/src/routes/ui/account/session/mod.rs b/server/src/routes/ui/account/session/mod.rs
index b13f157..0de15c4 100644
--- a/server/src/routes/ui/account/session/mod.rs
+++ b/server/src/routes/ui/account/session/mod.rs
@@ -3,8 +3,8 @@
     which is licensed under the GNU Affero General Public License (version 3); see /COPYING.
     Copyright (C) 2023 metamuffin <metamuffin.org>
 */
-use crate::database::User;
 use chrono::{DateTime, Utc};
+use jellycommon::user::{PermissionSet, User};
 use serde::{Deserialize, Serialize};
 
 pub mod guard;
@@ -20,4 +20,5 @@ pub struct AdminSession(pub Session);
 pub struct SessionData {
     username: String,
     expire: DateTime<Utc>,
+    permissions: PermissionSet,
 }
diff --git a/server/src/routes/ui/account/session/token.rs b/server/src/routes/ui/account/session/token.rs
index e5e4baf..baec665 100644
--- a/server/src/routes/ui/account/session/token.rs
+++ b/server/src/routes/ui/account/session/token.rs
@@ -12,6 +12,7 @@ use anyhow::anyhow;
 use base64::Engine;
 use chrono::{Duration, Utc};
 use jellybase::CONF;
+use jellycommon::user::User;
 use log::warn;
 use std::sync::LazyLock;
 
@@ -28,10 +29,11 @@ static SESSION_KEY: LazyLock<[u8; 32]> = LazyLock::new(|| {
     }
 });
 
-pub fn create(username: String, expire: Duration) -> String {
+pub fn create(user: &User, expire: Duration) -> String {
     let session_data = SessionData {
         expire: Utc::now() + expire,
-        username,
+        username: user.name.to_owned(),
+        permissions: user.permissions.clone(),
     };
     let mut plaintext =
         bincode::serde::encode_to_vec(&session_data, bincode::config::standard()).unwrap();
@@ -70,7 +72,16 @@ pub fn validate(token: &str) -> anyhow::Result<String> {
 
 #[test]
 fn test() {
-    let tok = create("blub".to_string(), Duration::days(1));
+    let tok = create(
+        &User {
+            name: "blub".to_string(),
+            display_name: "blub".to_owned(),
+            password: vec![],
+            admin: false,
+            permissions: jellycommon::user::PermissionSet::default(),
+        },
+        Duration::days(1),
+    );
     validate(&tok).unwrap();
 }
author	metamuffin <metamuffin@disroot.org>	2023-10-01 00:38:29 +0200
committer	metamuffin <metamuffin@disroot.org>	2023-10-01 00:38:29 +0200
commit	fc5e13ae525cb74e77a5bc51204f44476115cea9 (patch)
tree	a20b6d296d67735a2c8d42a0dc31b44c0bb53cb7 /server
parent	d546caa3f5053ade763430490911fefd6257af9f (diff)
download	jellything-fc5e13ae525cb74e77a5bc51204f44476115cea9.tar jellything-fc5e13ae525cb74e77a5bc51204f44476115cea9.tar.bz2 jellything-fc5e13ae525cb74e77a5bc51204f44476115cea9.tar.zst