Split login and token handling.

author: Owen Jacobson <owen@grimoire.ca> 2024-10-02 01:02:58 -0400
committer: Owen Jacobson <owen@grimoire.ca> 2024-10-02 01:02:58 -0400
commit: 5d3392799f88c5a3d3f9c656c73d6e8ac5c4d793 (patch)
tree: 426c568d82b67a98095d25952d2b5b2345a6545b /src/login
parent: 357116366c1307bedaac6a3dfe9c5ed8e0e0c210 (diff)
10 files changed, 68 insertions, 251 deletions
diff --git a/src/login/app.rs b/src/login/app.rs
index 60475af..69c1055 100644
--- a/src/login/app.rs
+++ b/src/login/app.rs
@@ -1,30 +1,17 @@
-use chrono::TimeDelta;
-use futures::{
-    future,
-    stream::{self, StreamExt as _},
-    Stream,
-};
 use sqlx::sqlite::SqlitePool;
 
-use super::{broadcaster::Broadcaster, repo::auth::Provider as _, types, Login};
-use crate::{
-    clock::DateTime,
-    event::Sequence,
-    login::Password,
-    repo::{
-        error::NotFound as _, login::Provider as _, sequence::Provider as _, token::Provider as _,
-    },
-    token::{self, Secret},
-};
+use crate::{event::Sequence, repo::sequence::Provider as _};
+
+#[cfg(test)]
+use super::{repo::Provider as _, Login, Password};
 
 pub struct Logins<'a> {
     db: &'a SqlitePool,
-    logins: &'a Broadcaster,
 }
 
 impl<'a> Logins<'a> {
-    pub const fn new(db: &'a SqlitePool, logins: &'a Broadcaster) -> Self {
-        Self { db, logins }
+    pub const fn new(db: &'a SqlitePool) -> Self {
+        Self { db }
     }
 
     pub async fn boot_point(&self) -> Result<Sequence, sqlx::Error> {
@@ -35,33 +22,6 @@ impl<'a> Logins<'a> {
         Ok(sequence)
     }
 
-    pub async fn login(
-        &self,
-        name: &str,
-        password: &Password,
-        login_at: &DateTime,
-    ) -> Result<Secret, LoginError> {
-        let mut tx = self.db.begin().await?;
-
-        let login = if let Some((login, stored_hash)) = tx.auth().for_name(name).await? {
-            if stored_hash.verify(password)? {
-                // Password verified; use the login.
-                login
-            } else {
-                // Password NOT verified.
-                return Err(LoginError::Rejected);
-            }
-        } else {
-            let password_hash = password.hash()?;
-            tx.logins().create(name, &password_hash).await?
-        };
-
-        let token = tx.tokens().issue(&login, login_at).await?;
-        tx.commit().await?;
-
-        Ok(token)
-    }
-
     #[cfg(test)]
     pub async fn create(&self, name: &str, password: &Password) -> Result<Login, CreateError> {
         let password_hash = password.hash()?;
@@ -72,109 +32,6 @@ impl<'a> Logins<'a> {
 
         Ok(login)
     }
-
-    pub async fn validate(
-        &self,
-        secret: &Secret,
-        used_at: &DateTime,
-    ) -> Result<(token::Id, Login), ValidateError> {
-        let mut tx = self.db.begin().await?;
-        let login = tx
-            .tokens()
-            .validate(secret, used_at)
-            .await
-            .not_found(|| ValidateError::InvalidToken)?;
-        tx.commit().await?;
-
-        Ok(login)
-    }
-
-    pub async fn limit_stream<E>(
-        &self,
-        token: token::Id,
-        events: impl Stream<Item = E> + std::fmt::Debug,
-    ) -> Result<impl Stream<Item = E> + std::fmt::Debug, ValidateError>
-    where
-        E: std::fmt::Debug,
-    {
-        // Subscribe, first.
-        let token_events = self.logins.subscribe();
-
-        // Check that the token is valid at this point in time, second. If it is, then
-        // any future revocations will appear in the subscription. If not, bail now.
-        //
-        // It's possible, otherwise, to get to this point with a token that _was_ valid
-        // at the start of the request, but which was invalided _before_ the
-        // `subscribe()` call. In that case, the corresponding revocation event will
-        // simply be missed, since the `token_events` stream subscribed after the fact.
-        // This check cancels guarding the stream here.
-        //
-        // Yes, this is a weird niche edge case. Most things don't double-check, because
-        // they aren't expected to run long enough for the token's revocation to
-        // matter. Supervising a stream, on the other hand, will run for a
-        // _long_ time; if we miss the race here, we'll never actually carry out the
-        // supervision.
-        let mut tx = self.db.begin().await?;
-        tx.tokens()
-            .require(&token)
-            .await
-            .not_found(|| ValidateError::InvalidToken)?;
-        tx.commit().await?;
-
-        // Then construct the guarded stream. First, project both streams into
-        // `GuardedEvent`.
-        let token_events = token_events
-            .filter(move |event| future::ready(event.token == token))
-            .map(|_| GuardedEvent::TokenRevoked);
-        let events = events.map(|event| GuardedEvent::Event(event));
-
-        // Merge the two streams, then unproject them, stopping at
-        // `GuardedEvent::TokenRevoked`.
-        let stream = stream::select(token_events, events).scan((), |(), event| {
-            future::ready(match event {
-                GuardedEvent::Event(event) => Some(event),
-                GuardedEvent::TokenRevoked => None,
-            })
-        });
-
-        Ok(stream)
-    }
-
-    pub async fn expire(&self, relative_to: &DateTime) -> Result<(), sqlx::Error> {
-        // Somewhat arbitrarily, expire after 7 days.
-        let expire_at = relative_to.to_owned() - TimeDelta::days(7);
-
-        let mut tx = self.db.begin().await?;
-        let tokens = tx.tokens().expire(&expire_at).await?;
-        tx.commit().await?;
-
-        for event in tokens.into_iter().map(types::TokenRevoked::from) {
-            self.logins.broadcast(&event);
-        }
-
-        Ok(())
-    }
-
-    pub async fn logout(&self, token: &token::Id) -> Result<(), ValidateError> {
-        let mut tx = self.db.begin().await?;
-        tx.tokens().revoke(token).await?;
-        tx.commit().await?;
-
-        self.logins
-            .broadcast(&types::TokenRevoked::from(token.clone()));
-
-        Ok(())
-    }
-}
-
-#[derive(Debug, thiserror::Error)]
-pub enum LoginError {
-    #[error("invalid login")]
-    Rejected,
-    #[error(transparent)]
-    DatabaseError(#[from] sqlx::Error),
-    #[error(transparent)]
-    PasswordHashError(#[from] password_hash::Error),
 }
 
 #[cfg(test)]
@@ -184,17 +41,3 @@ pub enum CreateError {
     DatabaseError(#[from] sqlx::Error),
     PasswordHashError(#[from] password_hash::Error),
 }
-
-#[derive(Debug, thiserror::Error)]
-pub enum ValidateError {
-    #[error("invalid token")]
-    InvalidToken,
-    #[error(transparent)]
-    DatabaseError(#[from] sqlx::Error),
-}
-
-#[derive(Debug)]
-enum GuardedEvent<E> {
-    TokenRevoked,
-    Event(E),
-}
diff --git a/src/login/broadcaster.rs b/src/login/broadcaster.rs
deleted file mode 100644
index 8e1fb3a..0000000
--- a/src/login/broadcaster.rs
+++ /dev/null
@@ -1,3 +0,0 @@
-use crate::{broadcast, login::types};
-
-pub type Broadcaster = broadcast::Broadcaster<types::TokenRevoked>;
diff --git a/src/login/mod.rs b/src/login/mod.rs
index 91c1821..65e3ada 100644
--- a/src/login/mod.rs
+++ b/src/login/mod.rs
@@ -1,11 +1,9 @@
 pub mod app;
-pub mod broadcaster;
 pub mod extract;
 mod id;
 pub mod password;
-mod repo;
+pub mod repo;
 mod routes;
-pub mod types;
 
 pub use self::{id::Id, password::Password, routes::router};
 
diff --git a/src/login/repo.rs b/src/login/repo.rs
new file mode 100644
index 0000000..d1a02c4
--- /dev/null
+++ b/src/login/repo.rs
@@ -0,0 +1,50 @@
+use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
+
+use crate::login::{password::StoredHash, Id, Login};
+
+pub trait Provider {
+    fn logins(&mut self) -> Logins;
+}
+
+impl<'c> Provider for Transaction<'c, Sqlite> {
+    fn logins(&mut self) -> Logins {
+        Logins(self)
+    }
+}
+
+pub struct Logins<'t>(&'t mut SqliteConnection);
+
+impl<'c> Logins<'c> {
+    pub async fn create(
+        &mut self,
+        name: &str,
+        password_hash: &StoredHash,
+    ) -> Result<Login, sqlx::Error> {
+        let id = Id::generate();
+
+        let login = sqlx::query_as!(
+            Login,
+            r#"
+                insert or fail
+                into login (id, name, password_hash)
+                values ($1, $2, $3)
+                returning
+                    id as "id: Id",
+                    name
+            "#,
+            id,
+            name,
+            password_hash,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(login)
+    }
+}
+
+impl<'t> From<&'t mut SqliteConnection> for Logins<'t> {
+    fn from(tx: &'t mut SqliteConnection) -> Self {
+        Self(tx)
+    }
+}
diff --git a/src/login/repo/auth.rs b/src/login/repo/auth.rs
deleted file mode 100644
index b299697..0000000
--- a/src/login/repo/auth.rs
+++ /dev/null
@@ -1,50 +0,0 @@
-use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
-
-use crate::login::{self, password::StoredHash, Login};
-
-pub trait Provider {
-    fn auth(&mut self) -> Auth;
-}
-
-impl<'c> Provider for Transaction<'c, Sqlite> {
-    fn auth(&mut self) -> Auth {
-        Auth(self)
-    }
-}
-
-pub struct Auth<'t>(&'t mut SqliteConnection);
-
-impl<'t> Auth<'t> {
-    // Retrieves a login by name, plus its stored password hash for
-    // verification. If there's no login with the requested name, this will
-    // return [None].
-    pub async fn for_name(
-        &mut self,
-        name: &str,
-    ) -> Result<Option<(Login, StoredHash)>, sqlx::Error> {
-        let found = sqlx::query!(
-            r#"
-				select
-					id as "id: login::Id",
-					name,
-					password_hash as "password_hash: StoredHash"
-				from login
-				where name = $1
-			"#,
-            name,
-        )
-        .map(|rec| {
-            (
-                Login {
-                    id: rec.id,
-                    name: rec.name,
-                },
-                rec.password_hash,
-            )
-        })
-        .fetch_optional(&mut *self.0)
-        .await?;
-
-        Ok(found)
-    }
-}
diff --git a/src/login/repo/mod.rs b/src/login/repo/mod.rs
deleted file mode 100644
index 0e4a05d..0000000
--- a/src/login/repo/mod.rs
+++ /dev/null
@@ -1 +0,0 @@
-pub mod auth;
diff --git a/src/login/routes.rs b/src/login/routes.rs
index b571bd5..0874cc3 100644
--- a/src/login/routes.rs
+++ b/src/login/routes.rs
@@ -11,11 +11,9 @@ use crate::{
     clock::RequestedAt,
     error::{Internal, Unauthorized},
     login::{Login, Password},
+    token::{app, extract::IdentityToken},
 };
 
-use super::app;
-use crate::token::extract::IdentityToken;
-
 #[cfg(test)]
 mod test;
 
@@ -59,7 +57,7 @@ async fn on_login(
     Json(request): Json<LoginRequest>,
 ) -> Result<(IdentityToken, StatusCode), LoginError> {
     let token = app
-        .logins()
+        .tokens()
         .login(&request.name, &request.password, &now)
         .await
         .map_err(LoginError)?;
@@ -95,8 +93,8 @@ async fn on_logout(
     Json(LogoutRequest {}): Json<LogoutRequest>,
 ) -> Result<(IdentityToken, StatusCode), LogoutError> {
     if let Some(secret) = identity.secret() {
-        let (token, _) = app.logins().validate(&secret, &now).await?;
-        app.logins().logout(&token).await?;
+        let (token, _) = app.tokens().validate(&secret, &now).await?;
+        app.tokens().logout(&token).await?;
     }
 
     let identity = identity.clear();
diff --git a/src/login/routes/test/login.rs b/src/login/routes/test/login.rs
index 81653ff..3c82738 100644
--- a/src/login/routes/test/login.rs
+++ b/src/login/routes/test/login.rs
@@ -3,10 +3,7 @@ use axum::{
     http::StatusCode,
 };
 
-use crate::{
-    login::{app, routes},
-    test::fixtures,
-};
+use crate::{login::routes, test::fixtures, token::app};
 
 #[tokio::test]
 async fn new_identity() {
@@ -37,7 +34,7 @@ async fn new_identity() {
 
     let validated_at = fixtures::now();
     let (_, validated) = app
-        .logins()
+        .tokens()
         .validate(&secret, &validated_at)
         .await
         .expect("identity secret is valid");
@@ -74,7 +71,7 @@ async fn existing_identity() {
 
     let validated_at = fixtures::now();
     let (_, validated_login) = app
-        .logins()
+        .tokens()
         .validate(&secret, &validated_at)
         .await
         .expect("identity secret is valid");
@@ -127,14 +124,14 @@ async fn token_expires() {
     // Verify the semantics
 
     let expired_at = fixtures::now();
-    app.logins()
+    app.tokens()
         .expire(&expired_at)
         .await
         .expect("expiring tokens never fails");
 
     let verified_at = fixtures::now();
     let error = app
-        .logins()
+        .tokens()
         .validate(&secret, &verified_at)
         .await
         .expect_err("validating an expired token");
diff --git a/src/login/routes/test/logout.rs b/src/login/routes/test/logout.rs
index 20b0d55..42b2534 100644
--- a/src/login/routes/test/logout.rs
+++ b/src/login/routes/test/logout.rs
@@ -3,10 +3,7 @@ use axum::{
     http::StatusCode,
 };
 
-use crate::{
-    login::{app, routes},
-    test::fixtures,
-};
+use crate::{login::routes, test::fixtures, token::app};
 
 #[tokio::test]
 async fn successful() {
@@ -37,7 +34,7 @@ async fn successful() {
     // Verify the semantics
 
     let error = app
-        .logins()
+        .tokens()
         .validate(&secret, &now)
         .await
         .expect_err("secret is invalid");
diff --git a/src/login/types.rs b/src/login/types.rs
deleted file mode 100644
index d53d436..0000000
--- a/src/login/types.rs
+++ /dev/null
@@ -1,12 +0,0 @@
-use crate::token;
-
-#[derive(Clone, Debug)]
-pub struct TokenRevoked {
-    pub token: token::Id,
-}
-
-impl From<token::Id> for TokenRevoked {
-    fn from(token: token::Id) -> Self {
-        Self { token }
-    }
-}
author	Owen Jacobson <owen@grimoire.ca>	2024-10-02 01:02:58 -0400
committer	Owen Jacobson <owen@grimoire.ca>	2024-10-02 01:02:58 -0400
commit	5d3392799f88c5a3d3f9c656c73d6e8ac5c4d793 (patch)
tree	426c568d82b67a98095d25952d2b5b2345a6545b /src/login
parent	357116366c1307bedaac6a3dfe9c5ed8e0e0c210 (diff)