Canonicalize login and channel names.

Canonicalization does two things:

* It prevents duplicate names that differ only by case or only by normalization/encoding sequence; and
* It makes certain name-based comparisons "case-insensitive" (generalizing via Unicode's case-folding rules).

This change is complicated, as it means that every name now needs to be stored in two forms. Unfortunately, this is _very likely_ a breaking schema change. The migrations in this commit perform a best-effort attempt to canonicalize existing channel or login names, but it's likely any existing channels or logins with non-ASCII characters will not be canonicalize correctly. Since clients look at all channel names and all login names on boot, and since the code in this commit verifies canonicalization when reading from the database, this will effectively make the server un-usuable until any incorrectly-canonicalized values are either manually canonicalized, or removed

It might be possible to do better with [the `icu` sqlite3 extension][icu], but (a) I'm not convinced of that and (b) this commit is already huge; adding database extension support would make it far larger.

[icu]: https://sqlite.org/src/dir/ext/icu

For some references on why it's worth storing usernames this way, see <https://www.b-list.org/weblog/2018/nov/26/case/> and the refernced talk, as well as <https://www.b-list.org/weblog/2018/feb/11/usernames/>. Bennett's treatment of this issue is, to my eye, much more readable than the referenced Unicode technical reports, and I'm inclined to trust his opinion given that he maintains a widely-used, internet-facing user registration library for Django.

4 files changed, 126 insertions, 49 deletions

diff --git a/src/token/app.rs b/src/token/app.rs
index d4dd1a0..c19d6a0 100644
--- a/src/token/app.rs
+++ b/src/token/app.rs
@@ -7,12 +7,14 @@ use futures::{
 use sqlx::sqlite::SqlitePool;
 
 use super::{
-    repo::auth::Provider as _, repo::Provider as _, Broadcaster, Event as TokenEvent, Id, Secret,
+    repo::{self, auth::Provider as _, Provider as _},
+    Broadcaster, Event as TokenEvent, Id, Secret,
 };
 use crate::{
     clock::DateTime,
     db::NotFound as _,
-    login::{Login, Name, Password},
+    login::{Login, Password},
+    name::{self, Name},
 };
 
 pub struct Tokens<'a> {
@@ -65,14 +67,16 @@ impl<'a> Tokens<'a> {
         used_at: &DateTime,
     ) -> Result<(Id, Login), ValidateError> {
         let mut tx = self.db.begin().await?;
-        let login = tx
+        let (token, login) = tx
             .tokens()
             .validate(secret, used_at)
             .await
             .not_found(|| ValidateError::InvalidToken)?;
         tx.commit().await?;
 
-        Ok(login)
+        let login = login.as_snapshot().ok_or(ValidateError::LoginDeleted)?;
+
+        Ok((token, login))
     }
 
     pub async fn limit_stream<E>(
@@ -162,15 +166,40 @@ pub enum LoginError {
     #[error(transparent)]
     Database(#[from] sqlx::Error),
     #[error(transparent)]
+    Name(#[from] name::Error),
+    #[error(transparent)]
     PasswordHash(#[from] password_hash::Error),
 }
 
+impl From<repo::auth::LoadError> for LoginError {
+    fn from(error: repo::auth::LoadError) -> Self {
+        use repo::auth::LoadError;
+        match error {
+            LoadError::Database(error) => error.into(),
+            LoadError::Name(error) => error.into(),
+        }
+    }
+}
+
 #[derive(Debug, thiserror::Error)]
 pub enum ValidateError {
     #[error("invalid token")]
     InvalidToken,
+    #[error("login deleted")]
+    LoginDeleted,
     #[error(transparent)]
     Database(#[from] sqlx::Error),
+    #[error(transparent)]
+    Name(#[from] name::Error),
+}
+
+impl From<repo::LoadError> for ValidateError {
+    fn from(error: repo::LoadError) -> Self {
+        match error {
+            repo::LoadError::Database(error) => error.into(),
+            repo::LoadError::Name(error) => error.into(),
+        }
+    }
 }
 
 #[derive(Debug)]
diff --git a/src/token/repo/auth.rs b/src/token/repo/auth.rs
index c621b65..bdc4c33 100644
--- a/src/token/repo/auth.rs
+++ b/src/token/repo/auth.rs
@@ -2,8 +2,10 @@ use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
 
 use crate::{
     clock::DateTime,
+    db::NotFound,
     event::{Instant, Sequence},
-    login::{self, password::StoredHash, History, Login, Name},
+    login::{self, password::StoredHash, History, Login},
+    name::{self, Name},
 };
 
 pub trait Provider {
@@ -19,35 +21,53 @@ impl<'c> Provider for Transaction<'c, Sqlite> {
 pub struct Auth<'t>(&'t mut SqliteConnection);
 
 impl<'t> Auth<'t> {
-    pub async fn for_name(&mut self, name: &Name) -> Result<(History, StoredHash), sqlx::Error> {
-        let found = sqlx::query!(
+    pub async fn for_name(&mut self, name: &Name) -> Result<(History, StoredHash), LoadError> {
+        let name = name.canonical();
+        let row = sqlx::query!(
             r#"
-				select
-					id as "id: login::Id",
-					name as "name: Name",
-					password_hash as "password_hash: StoredHash",
+                select
+                    id as "id: login::Id",
+                    display_name as "display_name: String",
+                    canonical_name as "canonical_name: String",
                     created_sequence as "created_sequence: Sequence",
-                    created_at as "created_at: DateTime"
-				from login
-				where name = $1
-			"#,
+                    created_at as "created_at: DateTime",
+                    password_hash as "password_hash: StoredHash"
+                from login
+                where canonical_name = $1
+            "#,
             name,
         )
-        .map(|row| {
-            (
-                History {
-                    login: Login {
-                        id: row.id,
-                        name: row.name,
-                    },
-                    created: Instant::new(row.created_at, row.created_sequence),
-                },
-                row.password_hash,
-            )
-        })
         .fetch_one(&mut *self.0)
         .await?;
 
-        Ok(found)
+        let login = History {
+            login: Login {
+                id: row.id,
+                name: Name::new(row.display_name, row.canonical_name)?,
+            },
+            created: Instant::new(row.created_at, row.created_sequence),
+        };
+
+        Ok((login, row.password_hash))
+    }
+}
+
+#[derive(Debug, thiserror::Error)]
+#[error(transparent)]
+pub enum LoadError {
+    Database(#[from] sqlx::Error),
+    Name(#[from] name::Error),
+}
+
+impl<T> NotFound for Result<T, LoadError> {
+    type Ok = T;
+    type Error = LoadError;
+
+    fn optional(self) -> Result<Option<T>, LoadError> {
+        match self {
+            Ok(value) => Ok(Some(value)),
+            Err(LoadError::Database(sqlx::Error::RowNotFound)) => Ok(None),
+            Err(other) => Err(other),
+        }
     }
 }
diff --git a/src/token/repo/mod.rs b/src/token/repo/mod.rs
index 9169743..d8463eb 100644
--- a/src/token/repo/mod.rs
+++ b/src/token/repo/mod.rs
@@ -1,4 +1,4 @@
 pub mod auth;
 mod token;
 
-pub use self::token::Provider;
+pub use self::token::{LoadError, Provider};
diff --git a/src/token/repo/token.rs b/src/token/repo/token.rs
index 960bb72..35ea385 100644
--- a/src/token/repo/token.rs
+++ b/src/token/repo/token.rs
@@ -3,7 +3,10 @@ use uuid::Uuid;
 
 use crate::{
     clock::DateTime,
-    login::{self, History, Login, Name},
+    db::NotFound,
+    event::{Instant, Sequence},
+    login::{self, History, Login},
+    name::{self, Name},
     token::{Id, Secret},
 };
 
@@ -100,53 +103,78 @@ impl<'c> Tokens<'c> {
     }
 
     // Validate a token by its secret, retrieving the associated Login record.
-    // Will return [None] if the token is not valid. The token's last-used
-    // timestamp will be set to `used_at`.
+    // Will return an error if the token is not valid. If successful, the
+    // retrieved token's last-used timestamp will be set to `used_at`.
     pub async fn validate(
         &mut self,
         secret: &Secret,
         used_at: &DateTime,
-    ) -> Result<(Id, Login), sqlx::Error> {
+    ) -> Result<(Id, History), LoadError> {
         // I would use `update … returning` to do this in one query, but
         // sqlite3, as of this writing, does not allow an update's `returning`
         // clause to reference columns from tables joined into the update. Two
         // queries is fine, but it feels untidy.
-        sqlx::query!(
+        let (token, login) = sqlx::query!(
             r#"
                 update token
                 set last_used_at = $1
                 where secret = $2
+                returning
+                    id as "token: Id",
+                    login as "login: login::Id"
             "#,
             used_at,
             secret,
         )
-        .execute(&mut *self.0)
+        .map(|row| (row.token, row.login))
+        .fetch_one(&mut *self.0)
         .await?;
 
         let login = sqlx::query!(
             r#"
                 select
-                    token.id as "token_id: Id",
-                    login.id as "login_id: login::Id",
-                    login.name as "login_name: Name"
+                    id as "id: login::Id",
+                    display_name as "display_name: String",
+                    canonical_name as "canonical_name: String",
+                    created_sequence as "created_sequence: Sequence",
+                    created_at as "created_at: DateTime"
                 from login
-                join token on login.id = token.login
-                where token.secret = $1
+                where id = $1
             "#,
-            secret,
+            login,
         )
         .map(|row| {
-            (
-                row.token_id,
-                Login {
-                    id: row.login_id,
-                    name: row.login_name,
+            Ok::<_, name::Error>(History {
+                login: Login {
+                    id: row.id,
+                    name: Name::new(row.display_name, row.canonical_name)?,
                 },
-            )
+                created: Instant::new(row.created_at, row.created_sequence),
+            })
         })
         .fetch_one(&mut *self.0)
-        .await?;
+        .await??;
+
+        Ok((token, login))
+    }
+}
+
+#[derive(Debug, thiserror::Error)]
+#[error(transparent)]
+pub enum LoadError {
+    Database(#[from] sqlx::Error),
+    Name(#[from] name::Error),
+}
+
+impl<T> NotFound for Result<T, LoadError> {
+    type Ok = T;
+    type Error = LoadError;
 
-        Ok(login)
+    fn optional(self) -> Result<Option<T>, LoadError> {
+        match self {
+            Ok(value) => Ok(Some(value)),
+            Err(LoadError::Database(sqlx::Error::RowNotFound)) => Ok(None),
+            Err(other) => Err(other),
+        }
     }
 }