2022-07-27 13:05:28 +00:00
|
|
|
use crate::cli::CF;
|
2022-07-04 00:01:24 +00:00
|
|
|
use crate::cnf::SERVER_NAME;
|
|
|
|
use crate::dbs::DB;
|
|
|
|
use crate::err::Error;
|
|
|
|
use crate::iam::token::{Claims, HEADER};
|
|
|
|
use chrono::{Duration, Utc};
|
|
|
|
use jsonwebtoken::{encode, EncodingKey};
|
2022-08-23 22:44:13 +00:00
|
|
|
use std::sync::Arc;
|
2022-12-30 08:23:19 +00:00
|
|
|
use surrealdb::dbs::Auth;
|
|
|
|
use surrealdb::dbs::Session;
|
2022-07-04 00:01:24 +00:00
|
|
|
use surrealdb::sql::Object;
|
2022-09-04 23:53:35 +00:00
|
|
|
use surrealdb::sql::Value;
|
2022-07-04 00:01:24 +00:00
|
|
|
|
2022-10-19 22:54:41 +00:00
|
|
|
pub async fn signup(session: &mut Session, vars: Object) -> Result<Value, Error> {
|
2022-08-21 12:13:38 +00:00
|
|
|
// Parse the specified variables
|
2022-07-04 00:01:24 +00:00
|
|
|
let ns = vars.get("NS").or_else(|| vars.get("ns"));
|
|
|
|
let db = vars.get("DB").or_else(|| vars.get("db"));
|
|
|
|
let sc = vars.get("SC").or_else(|| vars.get("sc"));
|
2022-08-21 12:13:38 +00:00
|
|
|
// Check if the parameters exist
|
2022-07-04 00:01:24 +00:00
|
|
|
match (ns, db, sc) {
|
|
|
|
(Some(ns), Some(db), Some(sc)) => {
|
|
|
|
// Process the provided values
|
|
|
|
let ns = ns.to_strand().as_string();
|
|
|
|
let db = db.to_strand().as_string();
|
|
|
|
let sc = sc.to_strand().as_string();
|
|
|
|
// Attempt to signin to specified scope
|
2022-10-19 22:54:41 +00:00
|
|
|
super::signup::sc(session, ns, db, sc, vars).await
|
2022-07-04 00:01:24 +00:00
|
|
|
}
|
|
|
|
_ => Err(Error::InvalidAuth),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-08-23 22:44:13 +00:00
|
|
|
pub async fn sc(
|
|
|
|
session: &mut Session,
|
|
|
|
ns: String,
|
|
|
|
db: String,
|
|
|
|
sc: String,
|
|
|
|
vars: Object,
|
2022-10-19 22:54:41 +00:00
|
|
|
) -> Result<Value, Error> {
|
2022-07-04 00:01:24 +00:00
|
|
|
// Get a database reference
|
|
|
|
let kvs = DB.get().unwrap();
|
2022-07-27 13:05:28 +00:00
|
|
|
// Get local copy of options
|
|
|
|
let opt = CF.get().unwrap();
|
2022-07-04 00:01:24 +00:00
|
|
|
// Create a new readonly transaction
|
|
|
|
let mut tx = kvs.transaction(false, false).await?;
|
|
|
|
// Check if the supplied NS Login exists
|
|
|
|
match tx.get_sc(&ns, &db, &sc).await {
|
|
|
|
Ok(sv) => {
|
|
|
|
match sv.signup {
|
|
|
|
// This scope allows signin
|
|
|
|
Some(val) => {
|
|
|
|
// Setup the query params
|
|
|
|
let vars = Some(vars.0);
|
|
|
|
// Setup the query session
|
|
|
|
let sess = Session::for_db(&ns, &db);
|
|
|
|
// Compute the value with the params
|
2022-07-27 13:05:28 +00:00
|
|
|
match kvs.compute(val, &sess, vars, opt.strict).await {
|
2022-07-04 00:01:24 +00:00
|
|
|
// The signin value succeeded
|
2022-09-19 11:28:41 +00:00
|
|
|
Ok(val) => match val.record() {
|
2022-07-04 00:01:24 +00:00
|
|
|
// There is a record returned
|
|
|
|
Some(rid) => {
|
|
|
|
// Create the authentication key
|
|
|
|
let key = EncodingKey::from_secret(sv.code.as_ref());
|
|
|
|
// Create the authentication claim
|
|
|
|
let val = Claims {
|
2022-09-27 21:07:41 +00:00
|
|
|
iss: Some(SERVER_NAME.to_owned()),
|
|
|
|
iat: Some(Utc::now().timestamp()),
|
|
|
|
nbf: Some(Utc::now().timestamp()),
|
|
|
|
exp: Some(
|
|
|
|
match sv.session {
|
|
|
|
Some(v) => {
|
|
|
|
Utc::now() + Duration::from_std(v.0).unwrap()
|
|
|
|
}
|
|
|
|
_ => Utc::now() + Duration::hours(1),
|
|
|
|
}
|
|
|
|
.timestamp(),
|
|
|
|
),
|
2022-08-23 22:44:13 +00:00
|
|
|
ns: Some(ns.to_owned()),
|
|
|
|
db: Some(db.to_owned()),
|
|
|
|
sc: Some(sc.to_owned()),
|
2022-07-04 00:01:24 +00:00
|
|
|
id: Some(rid.to_raw()),
|
|
|
|
..Claims::default()
|
|
|
|
};
|
2022-09-17 01:52:07 +00:00
|
|
|
// Create the authentication token
|
2022-11-23 09:09:24 +00:00
|
|
|
let enc = encode(&HEADER, &val, &key);
|
2022-09-17 01:50:10 +00:00
|
|
|
// Set the authentication on the session
|
2022-09-17 01:52:07 +00:00
|
|
|
session.tk = Some(val.into());
|
2022-09-04 23:53:35 +00:00
|
|
|
session.ns = Some(ns.to_owned());
|
|
|
|
session.db = Some(db.to_owned());
|
|
|
|
session.sc = Some(sc.to_owned());
|
|
|
|
session.sd = Some(Value::from(rid));
|
2022-08-23 22:44:13 +00:00
|
|
|
session.au = Arc::new(Auth::Sc(ns, db, sc));
|
2022-07-04 00:01:24 +00:00
|
|
|
// Create the authentication token
|
2022-09-17 01:52:07 +00:00
|
|
|
match enc {
|
2022-07-04 00:01:24 +00:00
|
|
|
// The auth token was created successfully
|
2022-10-19 22:54:41 +00:00
|
|
|
Ok(tk) => Ok(tk.into()),
|
2022-07-04 00:01:24 +00:00
|
|
|
// There was an error creating the token
|
|
|
|
_ => Err(Error::InvalidAuth),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// No record was returned
|
|
|
|
_ => Err(Error::InvalidAuth),
|
|
|
|
},
|
|
|
|
// The signin query failed
|
|
|
|
_ => Err(Error::InvalidAuth),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// This scope does not allow signin
|
|
|
|
_ => Err(Error::InvalidAuth),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// The scope does not exists
|
|
|
|
_ => Err(Error::InvalidAuth),
|
|
|
|
}
|
|
|
|
}
|