Consolidate most repository types into a repo module.

Having them contained in the individual endpoint groups conveyed an unintended sense that their intended scope was _only_ that endpoint group. It also made most repo-related import paths _quite_ long. This splits up the repos as follows:

* "General applicability" repos - those that are only loosely connected to a single task, and are likely to be shared between tasks - go in crate::repo.

* Specialized repos - those tightly connected to a specific task - go in the module for that task, under crate::PATH::repo.

In both cases, each repo goes in its own submodule, to make it easier to use the module name as a namespace.

Which category a repo goes in is a judgment call. `crate::channel::repo::broadcast` (formerly `channel::repo::messages`) is used outside of `crate::channel`, for example, but its main purpose is to support channel message broadcasts. It could arguably live under `crate::event::repo::channel`, but the resulting namespace is less legible to me.

7 files changed, 421 insertions, 0 deletions

diff --git a/src/repo/channel.rs b/src/repo/channel.rs
new file mode 100644
index 0000000..ab7489c
--- /dev/null
+++ b/src/repo/channel.rs
@@ -0,0 +1,102 @@
+use std::fmt;
+
+use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
+
+use crate::id::Id as BaseId;
+
+pub trait Provider {
+    fn channels(&mut self) -> Channels;
+}
+
+impl<'c> Provider for Transaction<'c, Sqlite> {
+    fn channels(&mut self) -> Channels {
+        Channels(self)
+    }
+}
+
+pub struct Channels<'t>(&'t mut SqliteConnection);
+
+#[derive(Debug)]
+pub struct Channel {
+    pub id: Id,
+    pub name: String,
+}
+
+impl<'c> Channels<'c> {
+    /// Create a new channel.
+    pub async fn create(&mut self, name: &str) -> Result<Id, sqlx::Error> {
+        let id = Id::generate();
+
+        let channel = sqlx::query_scalar!(
+            r#"
+                insert
+                into channel (id, name)
+                values ($1, $2)
+                returning id as "id: Id"
+            "#,
+            id,
+            name,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(channel)
+    }
+
+    pub async fn by_id(&mut self, channel: Id) -> Result<Channel, sqlx::Error> {
+        let channel = sqlx::query_as!(
+            Channel,
+            r#"
+                select id as "id: Id", name
+                from channel
+                where id = $1
+            "#,
+            channel,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(channel)
+    }
+
+    pub async fn all(&mut self) -> Result<Vec<Channel>, sqlx::Error> {
+        let channels = sqlx::query_as!(
+            Channel,
+            r#"
+                select
+                    channel.id as "id: Id",
+                    channel.name
+                from channel
+                order by channel.name
+            "#,
+        )
+        .fetch_all(&mut *self.0)
+        .await?;
+
+        Ok(channels)
+    }
+}
+
+/// Stable identifier for a [Channel]. Prefixed with `C`.
+#[derive(Clone, Debug, Eq, Hash, PartialEq, sqlx::Type, serde::Deserialize, serde::Serialize)]
+#[sqlx(transparent)]
+#[serde(transparent)]
+pub struct Id(BaseId);
+
+impl From<BaseId> for Id {
+    fn from(id: BaseId) -> Self {
+        Self(id)
+    }
+}
+
+impl Id {
+    pub fn generate() -> Self {
+        BaseId::generate("C")
+    }
+}
+
+impl fmt::Display for Id {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        self.0.fmt(f)
+    }
+}
diff --git a/src/repo/login/extract.rs b/src/repo/login/extract.rs
new file mode 100644
index 0000000..a068bc0
--- /dev/null
+++ b/src/repo/login/extract.rs
@@ -0,0 +1,55 @@
+use axum::{
+    extract::{FromRequestParts, State},
+    http::{request::Parts, StatusCode},
+    response::{IntoResponse, Response},
+};
+
+use super::Login;
+use crate::{app::App, clock::RequestedAt, error::InternalError, login::extract::IdentityToken};
+
+#[async_trait::async_trait]
+impl FromRequestParts<App> for Login {
+    type Rejection = LoginError<InternalError>;
+
+    async fn from_request_parts(parts: &mut Parts, state: &App) -> Result<Self, Self::Rejection> {
+        // After Rust 1.82 (and #[feature(min_exhaustive_patterns)] lands on
+        // stable), the following can be replaced:
+        //
+        // let Ok(identity_token) = IdentityToken::from_request_parts(parts, state).await;
+        let identity_token = IdentityToken::from_request_parts(parts, state).await?;
+        let RequestedAt(used_at) = RequestedAt::from_request_parts(parts, state).await?;
+
+        let secret = identity_token.secret().ok_or(LoginError::Unauthorized)?;
+
+        let app = State::<App>::from_request_parts(parts, state).await?;
+        let login = app.logins().validate(secret, used_at).await?;
+
+        login.ok_or(LoginError::Unauthorized)
+    }
+}
+
+pub enum LoginError<E> {
+    Failure(E),
+    Unauthorized,
+}
+
+impl<E> IntoResponse for LoginError<E>
+where
+    E: IntoResponse,
+{
+    fn into_response(self) -> Response {
+        match self {
+            Self::Unauthorized => (StatusCode::UNAUTHORIZED, "unauthorized").into_response(),
+            Self::Failure(e) => e.into_response(),
+        }
+    }
+}
+
+impl<E> From<E> for LoginError<InternalError>
+where
+    E: Into<InternalError>,
+{
+    fn from(err: E) -> Self {
+        Self::Failure(err.into())
+    }
+}
diff --git a/src/repo/login/mod.rs b/src/repo/login/mod.rs
new file mode 100644
index 0000000..e23a7b7
--- /dev/null
+++ b/src/repo/login/mod.rs
@@ -0,0 +1,4 @@
+mod extract;
+mod store;
+
+pub use self::store::{Id, Login, Logins, Provider};
diff --git a/src/repo/login/store.rs b/src/repo/login/store.rs
new file mode 100644
index 0000000..24dd744
--- /dev/null
+++ b/src/repo/login/store.rs
@@ -0,0 +1,104 @@
+use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
+
+use crate::{id::Id as BaseId, password::StoredHash};
+
+pub trait Provider {
+    fn logins(&mut self) -> Logins;
+}
+
+impl<'c> Provider for Transaction<'c, Sqlite> {
+    fn logins(&mut self) -> Logins {
+        Logins(self)
+    }
+}
+
+pub struct Logins<'t>(&'t mut SqliteConnection);
+
+// This also implements FromRequestParts (see `./extract.rs`). As a result, it
+// can be used as an extractor for endpoints that want to require login, or for
+// endpoints that need to behave differently depending on whether the client is
+// or is not logged in.
+#[derive(Clone, Debug, serde::Serialize)]
+pub struct Login {
+    pub id: Id,
+    pub name: String,
+    // The omission of the hashed password is deliberate, to minimize the
+    // chance that it ends up tangled up in debug output or in some other chunk
+    // of logic elsewhere.
+}
+
+impl<'c> Logins<'c> {
+    pub async fn create(
+        &mut self,
+        name: &str,
+        password_hash: &StoredHash,
+    ) -> Result<Login, sqlx::Error> {
+        let id = Id::generate();
+
+        let login = sqlx::query_as!(
+            Login,
+            r#"
+                insert or fail
+                into login (id, name, password_hash)
+                values ($1, $2, $3)
+                returning
+                    id as "id: Id",
+                    name
+            "#,
+            id,
+            name,
+            password_hash,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(login)
+    }
+
+    pub async fn by_id(&mut self, id: &Id) -> Result<Login, sqlx::Error> {
+        let login = sqlx::query_as!(
+            Login,
+            r#"
+                select
+                    id as "id: Id",
+                    name
+                from login
+                where id = $1
+            "#,
+            id,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(login)
+    }
+}
+
+impl<'t> From<&'t mut SqliteConnection> for Logins<'t> {
+    fn from(tx: &'t mut SqliteConnection) -> Self {
+        Self(tx)
+    }
+}
+
+/// Stable identifier for a [Login]. Prefixed with `L`.
+#[derive(Clone, Debug, Eq, PartialEq, sqlx::Type, serde::Serialize)]
+#[sqlx(transparent)]
+pub struct Id(BaseId);
+
+impl From<BaseId> for Id {
+    fn from(id: BaseId) -> Self {
+        Self(id)
+    }
+}
+
+impl Id {
+    pub fn generate() -> Self {
+        BaseId::generate("L")
+    }
+}
+
+impl std::fmt::Display for Id {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        self.0.fmt(f)
+    }
+}
diff --git a/src/repo/message.rs b/src/repo/message.rs
new file mode 100644
index 0000000..e331a4e
--- /dev/null
+++ b/src/repo/message.rs
@@ -0,0 +1,27 @@
+use std::fmt;
+
+use crate::id::Id as BaseId;
+
+/// Stable identifier for a [Message]. Prefixed with `M`.
+#[derive(Clone, Debug, Eq, Hash, PartialEq, sqlx::Type, serde::Deserialize, serde::Serialize)]
+#[sqlx(transparent)]
+#[serde(transparent)]
+pub struct Id(BaseId);
+
+impl From<BaseId> for Id {
+    fn from(id: BaseId) -> Self {
+        Self(id)
+    }
+}
+
+impl Id {
+    pub fn generate() -> Self {
+        BaseId::generate("M")
+    }
+}
+
+impl fmt::Display for Id {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        self.0.fmt(f)
+    }
+}
diff --git a/src/repo/mod.rs b/src/repo/mod.rs
new file mode 100644
index 0000000..d8995a3
--- /dev/null
+++ b/src/repo/mod.rs
@@ -0,0 +1,4 @@
+pub mod channel;
+pub mod login;
+pub mod message;
+pub mod token;
diff --git a/src/repo/token.rs b/src/repo/token.rs
new file mode 100644
index 0000000..e7eb273
--- /dev/null
+++ b/src/repo/token.rs
@@ -0,0 +1,125 @@
+use chrono::TimeDelta;
+use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
+use uuid::Uuid;
+
+use super::login::{self, Login};
+use crate::clock::DateTime;
+
+pub trait Provider {
+    fn tokens(&mut self) -> Tokens;
+}
+
+impl<'c> Provider for Transaction<'c, Sqlite> {
+    fn tokens(&mut self) -> Tokens {
+        Tokens(self)
+    }
+}
+
+pub struct Tokens<'t>(&'t mut SqliteConnection);
+
+impl<'c> Tokens<'c> {
+    /// Issue a new token for an existing login. The issued_at timestamp will
+    /// be used to control expiry, until the token is actually used.
+    pub async fn issue(
+        &mut self,
+        login: &login::Id,
+        issued_at: DateTime,
+    ) -> Result<String, sqlx::Error> {
+        let secret = Uuid::new_v4().to_string();
+
+        let secret = sqlx::query_scalar!(
+            r#"
+                insert
+                into token (secret, login, issued_at, last_used_at)
+                values ($1, $2, $3, $3)
+                returning secret as "secret!"
+            "#,
+            secret,
+            login,
+            issued_at,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(secret)
+    }
+
+    /// Revoke a token by its secret.
+    pub async fn revoke(&mut self, secret: &str) -> Result<(), sqlx::Error> {
+        sqlx::query!(
+            r#"
+                delete
+                from token
+                where secret = $1
+                returning 1 as "found: u32"
+            "#,
+            secret,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(())
+    }
+
+    /// Expire and delete all tokens that haven't been used within the expiry
+    /// interval (right now, 7 days) prior to `expire_at`. Tokens that are in
+    /// use within that period will be retained.
+    pub async fn expire(&mut self, expire_at: DateTime) -> Result<(), sqlx::Error> {
+        // Somewhat arbitrarily, expire after 7 days.
+        let expired_issue_at = expire_at - TimeDelta::days(7);
+        sqlx::query!(
+            r#"
+                delete
+                from token
+                where last_used_at < $1
+            "#,
+            expired_issue_at,
+        )
+        .execute(&mut *self.0)
+        .await?;
+
+        Ok(())
+    }
+
+    /// Validate a token by its secret, retrieving the associated Login record.
+    /// Will return [None] if the token is not valid. The token's last-used
+    /// timestamp will be set to `used_at`.
+    pub async fn validate(
+        &mut self,
+        secret: &str,
+        used_at: DateTime,
+    ) -> Result<Option<Login>, sqlx::Error> {
+        // I would use `update … returning` to do this in one query, but
+        // sqlite3, as of this writing, does not allow an update's `returning`
+        // clause to reference columns from tables joined into the update. Two
+        // queries is fine, but it feels untidy.
+        sqlx::query!(
+            r#"
+                update token
+                set last_used_at = $1
+                where secret = $2
+            "#,
+            used_at,
+            secret,
+        )
+        .execute(&mut *self.0)
+        .await?;
+
+        let login = sqlx::query_as!(
+            Login,
+            r#"
+                select
+                    login.id as "id: login::Id",
+                    name
+                from login
+                join token on login.id = token.login
+                where token.secret = $1
+            "#,
+            secret,
+        )
+        .fetch_optional(&mut *self.0)
+        .await?;
+
+        Ok(login)
+    }
+}