1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
use chrono::TimeDelta;
use sqlx::sqlite::SqlitePool;
use super::{repo::Provider as _, Id, Invite, Summary};
use crate::{
clock::DateTime,
db::{Duplicate as _, NotFound as _},
event::{repo::Provider as _, Broadcaster, Event},
login::{repo::Provider as _, Login, Password},
name::Name,
token::{repo::Provider as _, Secret},
};
pub struct Invites<'a> {
db: &'a SqlitePool,
events: &'a Broadcaster,
}
impl<'a> Invites<'a> {
pub const fn new(db: &'a SqlitePool, events: &'a Broadcaster) -> Self {
Self { db, events }
}
pub async fn issue(&self, issuer: &Login, issued_at: &DateTime) -> Result<Invite, sqlx::Error> {
let mut tx = self.db.begin().await?;
let invite = tx.invites().create(issuer, issued_at).await?;
tx.commit().await?;
Ok(invite)
}
pub async fn get(&self, invite: &Id) -> Result<Option<Summary>, sqlx::Error> {
let mut tx = self.db.begin().await?;
let invite = tx.invites().summary(invite).await.optional()?;
tx.commit().await?;
Ok(invite)
}
pub async fn accept(
&self,
invite: &Id,
name: &Name,
password: &Password,
accepted_at: &DateTime,
) -> Result<(Login, Secret), AcceptError> {
let mut tx = self.db.begin().await?;
let invite = tx
.invites()
.by_id(invite)
.await
.not_found(|| AcceptError::NotFound(invite.clone()))?;
// Split the tx here so we don't block writes while we deal with the password,
// and don't deal with the password until we're fairly confident we can accept
// the invite. Final validation is in the next tx.
tx.commit().await?;
let password_hash = password.hash()?;
let mut tx = self.db.begin().await?;
// If the invite has been deleted or accepted in the interim, this step will
// catch it.
tx.invites().accept(&invite).await?;
let created = tx.sequence().next(accepted_at).await?;
let login = tx
.logins()
.create(name, &password_hash, &created)
.await
.duplicate(|| AcceptError::DuplicateLogin(name.clone()))?;
let secret = tx.tokens().issue(&login, accepted_at).await?;
tx.commit().await?;
self.events
.broadcast(login.events().map(Event::from).collect::<Vec<_>>());
Ok((login.as_created(), secret))
}
pub async fn expire(&self, relative_to: &DateTime) -> Result<(), sqlx::Error> {
// Somewhat arbitrarily, expire after one day.
let expire_at = relative_to.to_owned() - TimeDelta::days(1);
let mut tx = self.db.begin().await?;
tx.invites().expire(&expire_at).await?;
tx.commit().await?;
Ok(())
}
}
#[derive(Debug, thiserror::Error)]
pub enum AcceptError {
#[error("invite not found: {0}")]
NotFound(Id),
#[error("name in use: {0}")]
DuplicateLogin(Name),
#[error(transparent)]
Database(#[from] sqlx::Error),
#[error(transparent)]
PasswordHash(#[from] password_hash::Error),
}
|
