Follow microrm changes.

Cargo.lock

@@ -763,6 +763,12 @@ version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "212d0f5754cb6769937f4501cc0e67f4f4483c8d2c3e1e922ee9edbe4ab4c7c0"
 
+[[package]]
+name = "either"
+version = "1.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a47c1c47d2f5964e29c61246e81db715514cd532db6b5116a25ea3c03d6780a2"
+
 [[package]]
 name = "equivalent"
 version = "1.0.1"
@@ -1156,6 +1162,15 @@ dependencies = [
  "windows-sys 0.48.0",
 ]
 
+[[package]]
+name = "itertools"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569"
+dependencies = [
+ "either",
+]
+
 [[package]]
 name = "itoa"
 version = "1.0.9"
@@ -1242,24 +1257,21 @@ checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167"
 
 [[package]]
 name = "microrm"
-version = "0.4.0-rc.1"
+version = "0.4.0-rc.4"
 dependencies = [
- "base64 0.13.1",
  "clap",
- "lazy_static",
+ "itertools",
  "libsqlite3-sys",
  "log",
  "microrm-macros",
  "serde",
  "serde_json",
- "sha2 0.10.8",
  "time 0.3.34",
- "topological-sort",
 ]
 
 [[package]]
 name = "microrm-macros"
-version = "0.4.0-rc.1"
+version = "0.4.0-rc.4"
 dependencies = [
  "convert_case",
  "proc-macro2",
@@ -2279,12 +2291,6 @@ dependencies = [
  "winnow",
 ]
 
-[[package]]
-name = "topological-sort"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ea68304e134ecd095ac6c3574494fc62b909f416c4fca77e440530221e549d3d"
-
 [[package]]
 name = "tracing"
 version = "0.1.39"

Cargo.toml

@@ -25,7 +25,7 @@ hmac = { version = "0.12" }
 toml = "0.8.2"
 
 # Data storage dependencies
-microrm = { version = "0.4.0-rc.1", path="../microrm/microrm/", features = ["clap"] }
+microrm = { version = "0.4.0-rc.4", path="../microrm/microrm/", features = ["clap"] }
 serde_bytes = { version = "0.11.6" }
 
 # Public API/server dependencies

src/cli.rs

@@ -1,12 +1,21 @@
 use crate::{
-    client_management, config, group_management,
+    client_management, config,
     key::{self, KeyType},
     schema::{self, UIDCDatabase},
-    scope_management, server, token_management, user_management, UIDCError,
+    scope_management, server, token_management, UIDCError,
 };
 use clap::{Parser, Subcommand};
-use microrm::prelude::*;
-use microrm::cli::ClapInterface;
+use microrm::{prelude::*, schema::Stored};
+use microrm::cli::Autogenerate;
+
+mod role;
+mod user;
+
+impl microrm::cli::CLIError for UIDCError {
+    fn no_such_entity(ename: &'static str, keys: String) -> Self {
+        UIDCError::AbortString(format!("no such {ename} matching {keys}"))
+    }
+}
 
 #[derive(Debug, Parser)]
 #[clap(author, version, about, long_about = None)]
@@ -49,11 +58,11 @@ enum Command {
 
 struct RunArgs {
     db: UIDCDatabase,
-    realm: schema::Realm,
+    realm: Stored<schema::Realm>,
 }
 
 impl RootArgs {
-    async fn run(&self) -> Result<(), UIDCError> {
+    async fn run(self) -> Result<(), UIDCError> {
         if let Command::Init = self.command {
             return self.init().await;
         }
@@ -68,11 +77,11 @@ impl RootArgs {
             .ok_or(UIDCError::Abort("no such realm"))?;
 
         let ra = RunArgs {
-            db: db,
-            realm: realm.wrapped(),
+            db,
+            realm,
         };
 
-        match &self.command {
+        match self.command {
             Command::Init => unreachable!(),
             Command::Config(v) => v.run(ra).await,
             Command::Key(v) => v.run(ra).await,
@@ -129,7 +138,7 @@ struct KeyArgs {
 }
 
 impl KeyArgs {
-    async fn run(&self, args: RunArgs) -> Result<(), UIDCError> {
+    async fn run(self, args: RunArgs) -> Result<(), UIDCError> {
         match &self.command {
             KeyCommand::List => key::list(&args.realm),
             KeyCommand::Generate { key_type } => {
@@ -169,7 +178,9 @@ struct ClientArgs {
 
 impl ClientArgs {
     async fn run(&self, args: RunArgs) -> Result<(), UIDCError> {
-        match &self.command {
+        todo!()
+        /*
+        match self.command {
             ClientCommand::Create { name, key_type } => {
                 client_management::create(&args.realm, name, key_type.unwrap_or(KeyType::Ed25519))
             }
@@ -178,6 +189,7 @@ impl ClientArgs {
             }
             ClientCommand::Inspect { name } => client_management::inspect(&args.realm, name),
         }
+        */
     }
 }
 
@@ -195,7 +207,7 @@ struct ConfigArgs {
 }
 
 impl ConfigArgs {
-    async fn run(&self, args: RunArgs) -> Result<(), UIDCError> {
+    async fn run(self, args: RunArgs) -> Result<(), UIDCError> {
         match &self.command {
             ConfigCommand::Dump => {
                 let config = config::Config::build_from(&args.db, None);
@@ -254,8 +266,9 @@ struct GroupArgs {
 }
 
 impl GroupArgs {
-    async fn run(&self, args: RunArgs) -> Result<(), UIDCError> {
-        match &self.command {
+    async fn run(self, args: RunArgs) -> Result<(), UIDCError> {
+        todo!()
+        /*match &self.command {
             GroupCommand::Create { group_name } => {
                 group_management::create_group(&args.realm, group_name)?;
             }
@@ -292,8 +305,8 @@ impl GroupArgs {
             } => {
                 group_management::detach_user(&args.realm, group_name, username)?;
             }
-        }
-        Ok(())
+        }*/
+        // Ok(())
     }
 }
 
@@ -323,7 +336,7 @@ struct ScopeArgs {
 }
 
 impl ScopeArgs {
-    async fn run(&self, args: RunArgs) -> Result<(), UIDCError> {
+    async fn run(self, args: RunArgs) -> Result<(), UIDCError> {
         match &self.command {
             ScopeCommand::AttachRole {
                 scope_name,
@@ -351,7 +364,7 @@ struct ServerArgs {
 }
 
 impl ServerArgs {
-    async fn run(&self, args: RunArgs) -> Result<(), UIDCError> {
+    async fn run(self, args: RunArgs) -> Result<(), UIDCError> {
         let config = config::Config::build_from(&args.db, None);
         server::run_server(args.db, config, self.port.unwrap_or(2114)).await
     }
@@ -387,7 +400,7 @@ struct TokenArgs {
 }
 
 impl TokenArgs {
-    async fn run(&self, args: RunArgs) -> Result<(), UIDCError> {
+    async fn run(self, args: RunArgs) -> Result<(), UIDCError> {
         let config = config::Config::build_from(&args.db, None);
         match &self.command {
             TokenCommand::GenerateAuth {
@@ -437,11 +450,11 @@ enum RoleCommand {
 #[derive(Debug, Parser)]
 struct RoleArgs {
     #[clap(subcommand)]
-    command: ClapInterface<schema::Role>,
+    command: Autogenerate<role::RoleInterface>,
 }
 
 impl RoleArgs {
-    async fn run(&self, args: RunArgs) -> Result<(), UIDCError> {
+    async fn run(self, args: RunArgs) -> Result<(), UIDCError> {
         self.command.perform(&args.realm, &args.realm.roles, &args.realm.roles)
     }
 }
@@ -462,11 +475,11 @@ enum UserCommand {
 #[derive(Debug, Parser)]
 struct UserArgs {
     #[clap(subcommand)]
-    command: ClapInterface<schema::User>,
+    command: Autogenerate<user::UserInterface>,
 }
 
 impl UserArgs {
-    async fn run(&self, args: RunArgs) -> Result<(), UIDCError> {
+    async fn run(self, args: RunArgs) -> Result<(), UIDCError> {
         self.command.perform(&args.realm, &args.realm.users, &args.realm.users)
     }
 }

src/cli/role.rs

@@ -0,0 +1,59 @@
+use microrm::{prelude::*, schema::entity::EntityID};
+use crate::{schema, UIDCError};
+
+#[derive(Debug)]
+pub struct RoleInterface;
+
+#[derive(Debug, clap::Subcommand)]
+pub enum RoleCommands {
+    Create { name: String }
+}
+
+impl microrm::cli::EntityInterface for RoleInterface {
+    type Error = UIDCError;
+    type Entity = schema::Role;
+    type Context = microrm::schema::Stored<schema::Realm>;
+    type CustomCommand = RoleCommands;
+
+    fn run_custom(
+        ctx: &Self::Context,
+        cmd: Self::CustomCommand,
+        _query_ctx: impl Queryable<EntityOutput = Self::Entity>,
+        insert_ctx: &impl Insertable<Self::Entity>,
+    ) -> Result<(), Self::Error> {
+        match cmd {
+            RoleCommands::Create { name } => {
+                insert_ctx.insert(schema::Role {
+                    realm: ctx.id(),
+                    shortname: name,
+                    groups: Default::default(),
+                })?;
+            },
+        }
+
+        Ok(())
+    }
+
+    fn should_override(_entity: &'static str, field: &'static str, _role: microrm::cli::ValueRole) -> bool {
+        if field == "realm" {
+            true
+        }
+        else {
+            false
+        }
+    }
+
+    fn override_for(
+        ctx: &Self::Context,
+        _entity: &'static str,
+        field: &'static str,
+        _role: microrm::cli::ValueRole,
+    ) -> String {
+        if field == "realm" {
+            format!("{}", ctx.id().into_raw())
+        }
+        else {
+            unreachable!()
+        }
+    }
+}

src/cli/user.rs

@@ -0,0 +1,60 @@
+use microrm::{prelude::*, schema::entity::EntityID};
+use crate::{schema, UIDCError};
+
+#[derive(Debug)]
+pub struct UserInterface;
+
+#[derive(Debug, clap::Subcommand)]
+pub enum UserCommands {
+    Create { username: String }
+}
+
+impl microrm::cli::EntityInterface for UserInterface {
+    type Error = UIDCError;
+    type Entity = schema::User;
+    type Context = microrm::schema::Stored<schema::Realm>;
+    type CustomCommand = UserCommands;
+
+    fn run_custom(
+        ctx: &Self::Context,
+        cmd: Self::CustomCommand,
+        _query_ctx: impl Queryable<EntityOutput = Self::Entity>,
+        insert_ctx: &impl Insertable<Self::Entity>,
+    ) -> Result<(), Self::Error> {
+        match cmd {
+            UserCommands::Create { username } => {
+                insert_ctx.insert(schema::User {
+                    realm: ctx.id(),
+                    username,
+                    auth: Default::default(),
+                    groups: Default::default(),
+                })?;
+            },
+        }
+
+        Ok(())
+    }
+
+    fn should_override(_entity: &'static str, field: &'static str, _role: microrm::cli::ValueRole) -> bool {
+        if field == "realm" {
+            true
+        }
+        else {
+            false
+        }
+    }
+
+    fn override_for(
+        ctx: &Self::Context,
+        _entity: &'static str,
+        field: &'static str,
+        _role: microrm::cli::ValueRole,
+    ) -> String {
+        if field == "realm" {
+            format!("{}", ctx.id().into_raw())
+        }
+        else {
+            unreachable!()
+        }
+    }
+}

src/client_management.rs

@@ -1,11 +1,12 @@
 use crate::{key::KeyType, schema, UIDCError};
 use microrm::prelude::*;
 
-pub fn create(realm: &schema::Realm, name: &String, key_type: KeyType) -> Result<(), UIDCError> {
+pub fn create(realm: &microrm::Stored<schema::Realm>, name: &String, key_type: KeyType) -> Result<(), UIDCError> {
     let rng = ring::rand::SystemRandom::new();
     let client_secret: [u8; 32] = ring::rand::generate(&rng).unwrap().expose();
 
     realm.clients.insert(schema::Client {
+        realm: realm.id(),
         shortname: name.into(),
         secret: base64::encode(&client_secret),
         key_type: key_type.into(),
@@ -15,8 +16,8 @@ pub fn create(realm: &schema::Realm, name: &String, key_type: KeyType) -> Result
     Ok(())
 }
 
-pub fn inspect(realm: &schema::Realm, name: &String) -> Result<(), UIDCError> {
-    if let Some(client) = realm.clients.keyed(name).get()? {
+pub fn inspect(realm: &microrm::Stored<schema::Realm>, name: &str) -> Result<(), UIDCError> {
+    if let Some(client) = realm.clients.with(schema::Client::Shortname, name).first().get()? {
         println!("Found client {name}");
         println!("Client secret: {}", client.secret);
         println!("Signature type: {:?}", client.key_type);

src/group_management.rs

@@ -1,8 +1,9 @@
 use crate::{schema, UIDCError};
 use microrm::prelude::*;
 
-pub fn create_group(realm: &schema::Realm, name: &String) -> Result<(), UIDCError> {
+pub fn create_group(realm: &Stored<schema::Realm>, name: &str) -> Result<(), UIDCError> {
     realm.groups.insert(schema::Group {
+        realm: realm.id(),
         shortname: name.into(),
         roles: Default::default(),
         users: Default::default(),
@@ -17,8 +18,8 @@ pub fn list_groups(realm: &schema::Realm) -> Result<(), UIDCError> {
     Ok(())
 }
 
-pub fn list_members(realm: &schema::Realm, name: &String) -> Result<(), UIDCError> {
-    for member in realm.groups.keyed(name).join(schema::Group::Users).get()? {
+pub fn list_members(realm: &schema::Realm, name: &str) -> Result<(), UIDCError> {
+    for member in realm.groups.with(schema::Group::Shortname, name).first().join(schema::Group::Users).get()? {
         println!("- {}", member.username);
     }
 
@@ -26,7 +27,7 @@ pub fn list_members(realm: &schema::Realm, name: &String) -> Result<(), UIDCErro
 }
 
 pub fn list_roles(realm: &schema::Realm, name: &String) -> Result<(), UIDCError> {
-    for role in realm.groups.keyed(name).join(schema::Group::Roles).get()? {
+    for role in realm.groups.with(schema::Group::Shortname, name).join(schema::Group::Roles).get()? {
         println!("- {}", role.shortname);
     }
 
@@ -38,8 +39,8 @@ pub fn attach_user(
     group_name: &String,
     username: &String,
 ) -> Result<(), UIDCError> {
-    let group = realm.groups.keyed(group_name).get()?;
-    let user = realm.users.keyed(username).get()?;
+    let group = realm.groups.with(schema::Group::Shortname, group_name).first().get()?;
+    let user = realm.users.with(schema::User::Username, username).first().get()?;
 
     match (group, user) {
         (None, _) => Err(UIDCError::Abort("no such group")),

src/main.rs

@@ -4,7 +4,7 @@ mod cli;
 mod client_management;
 mod config;
 mod error;
-mod group_management;
+// mod group_management;
 mod jwt;
 mod key;
 mod role_management;
@@ -16,8 +16,6 @@ mod token_management;
 mod user;
 mod user_management;
 
-mod object;
-
 pub use error::UIDCError;
 
 fn main() {
@@ -31,7 +29,5 @@ fn main() {
         .init()
         .unwrap();
 
-    // tide::log::with_level(log::LevelFilter::Trace);
-
     cli::invoked();
 }

src/object.rs

@@ -1,10 +0,0 @@
-use crate::UIDCError;
-
-mod role;
-mod user;
-
-impl microrm::cli::CLIError for UIDCError {
-    fn no_such_entity(ename: &'static str, keys: String) -> Self {
-        UIDCError::AbortString(format!("no such {ename} matching {keys}"))
-    }
-}

src/object/role.rs

@@ -1,26 +0,0 @@
-use crate::{schema, UIDCError};
-use microrm::cli::CLIObject;
-
-#[derive(clap::Parser, Debug)]
-pub struct CreateParameters {
-    shortname: String,
-}
-
-impl CLIObject for schema::Role {
-    type Error = UIDCError;
-    type CreateParameters = CreateParameters;
-
-    fn create_from_params(cp: &Self::CreateParameters) -> Result<Self, UIDCError> {
-        Ok(Self {
-            shortname: cp.shortname.clone(),
-            groups: Default::default(),
-        })
-    }
-
-    type ExtraCommands = microrm::cli::EmptyCommand;
-    type ExtraCommandData = schema::Realm;
-
-    fn shortname(&self) -> &str {
-        &self.shortname
-    }
-}

src/object/user.rs

@@ -1,52 +0,0 @@
-use crate::{schema, UIDCError, user_management};
-use microrm::cli::CLIObject;
-
-#[derive(clap::Parser, Debug)]
-pub struct CreateParameters {
-    username: String,
-}
-
-#[derive(Debug, clap::Subcommand)]
-pub enum UserCommands {
-    UpdateAuth {
-        username: String,
-        #[clap(short, long, default_value_t = false)]
-        password: bool,
-        #[clap(short, long, default_value_t = false)]
-        totp: bool,
-    }
-}
-
-impl CLIObject for schema::User {
-    type Error = UIDCError;
-    type CreateParameters = CreateParameters;
-
-    fn create_from_params(cp: &Self::CreateParameters) -> Result<Self, UIDCError> {
-        Ok(Self {
-            username: cp.username.clone(),
-            auth: Default::default(),
-            groups: Default::default(),
-        })
-    }
-
-    type ExtraCommands = UserCommands;
-    type ExtraCommandData = schema::Realm;
-    fn run_extra_command(
-        realm: &schema::Realm,
-        extra: &Self::ExtraCommands,
-        _query_ctx: impl microrm::prelude::Queryable<EntityOutput = Self>,
-        _insert_ctx: &impl microrm::prelude::Insertable<Self>) -> Result<(), UIDCError> {
-
-        match extra {
-            UserCommands::UpdateAuth { username, password, totp } => {
-                user_management::change_auth(realm, username, *password, *totp)?;
-            }
-        }
-
-        Ok(())
-    }
-
-    fn shortname(&self) -> &str {
-        &self.username
-    }
-}

src/schema.rs

@@ -1,5 +1,4 @@
 pub use microrm::prelude::{Database, Entity};
-use microrm::schema::{AssocDomain, AssocMap, AssocRange, IDMap, Relation, Serialized};
 use serde::{Deserialize, Serialize};
 
 use crate::key::KeyType;
@@ -24,7 +23,7 @@ pub struct PersistentConfig {
 pub struct Session {
     #[key]
     pub session_id: String,
-    pub auth: AssocMap<SessionAuth>,
+    pub auth: microrm::RelationMap<SessionAuth>,
     pub expiry: time::OffsetDateTime,
 }
 
@@ -35,7 +34,7 @@ pub struct SessionAuth {
     pub user: Option<UserID>,
 
     pub pending_user: Option<UserID>,
-    pub pending_challenges: Serialized<Vec<AuthChallengeType>>,
+    pub pending_challenges: microrm::Serialized<Vec<AuthChallengeType>>,
 }
 
 #[derive(Clone, Copy, PartialEq, PartialOrd, Serialize, Deserialize, Debug)]
@@ -52,7 +51,7 @@ pub struct AuthChallenge {
     #[key]
     pub user_id: UserID,
     #[key]
-    pub challenge_type: Serialized<AuthChallengeType>,
+    pub challenge_type: microrm::Serialized<AuthChallengeType>,
     #[elide]
     pub public: Vec<u8>,
     #[elide]
@@ -65,14 +64,14 @@ pub struct AuthChallenge {
 // ----------------------------------------------------------------------
 
 pub struct UserGroupRelation;
-impl Relation for UserGroupRelation {
+impl microrm::Relation for UserGroupRelation {
     type Domain = User;
     type Range = Group;
     const NAME: &'static str = "UserGroup";
 }
 
 pub struct GroupRoleRelation;
-impl Relation for GroupRoleRelation {
+impl microrm::Relation for GroupRoleRelation {
     type Domain = Group;
     type Range = Role;
     const NAME: &'static str = "GroupRole";
@@ -83,19 +82,19 @@ pub struct Realm {
     #[key]
     pub shortname: String,
 
-    pub clients: AssocMap<Client>,
-    pub groups: AssocMap<Group>,
-    pub keys: AssocMap<Key>,
-    pub roles: AssocMap<Role>,
-    pub scopes: AssocMap<Scope>,
-    pub users: AssocMap<User>,
+    pub clients: microrm::RelationMap<Client>,
+    pub groups: microrm::RelationMap<Group>,
+    pub keys: microrm::RelationMap<Key>,
+    pub roles: microrm::RelationMap<Role>,
+    pub scopes: microrm::RelationMap<Scope>,
+    pub users: microrm::RelationMap<User>,
 }
 
 #[derive(Entity)]
 pub struct Key {
     #[key]
     pub key_id: String,
-    pub key_type: Serialized<KeyType>,
+    pub key_type: microrm::Serialized<KeyType>,
     pub public_data: Vec<u8>,
     pub secret_data: Vec<u8>,
     pub expiry: time::OffsetDateTime,
@@ -103,37 +102,45 @@ pub struct Key {
 
 #[derive(Entity)]
 pub struct User {
+    #[key]
+    pub realm: RealmID,
     #[key]
     pub username: String,
-    pub auth: AssocMap<AuthChallenge>,
-    pub groups: AssocDomain<UserGroupRelation>,
+    pub auth: microrm::RelationMap<AuthChallenge>,
+    pub groups: microrm::RelationDomain<UserGroupRelation>,
 }
 
 #[derive(Entity)]
 pub struct Group {
+    #[key]
+    pub realm: RealmID,
     #[key]
     pub shortname: String,
-    pub users: AssocRange<UserGroupRelation>,
-    pub roles: AssocDomain<GroupRoleRelation>,
+    pub users: microrm::RelationRange<UserGroupRelation>,
+    pub roles: microrm::RelationDomain<GroupRoleRelation>,
 }
 
 #[derive(Entity)]
 pub struct Role {
+    #[key]
+    pub realm: RealmID,
     /// key publicly-visible name for role
     #[key]
     pub shortname: String,
-    pub groups: AssocRange<GroupRoleRelation>,
+    pub groups: microrm::RelationRange<GroupRoleRelation>,
 }
 
 /// OAuth2 client representation
 #[derive(Entity)]
 pub struct Client {
+    #[key]
+    pub realm: RealmID,
     #[key]
     pub shortname: String,
     pub secret: String,
-    pub key_type: Serialized<KeyType>,
-    pub redirects: AssocMap<ClientRedirect>,
-    pub scopes: AssocMap<Scope>,
+    pub key_type: microrm::Serialized<KeyType>,
+    pub redirects: microrm::RelationMap<ClientRedirect>,
+    pub scopes: microrm::RelationMap<Scope>,
 }
 
 #[derive(Entity)]
@@ -144,16 +151,18 @@ pub struct ClientRedirect {
 /// Requested group of permissions
 #[derive(Entity)]
 pub struct Scope {
+    #[key]
+    pub realm: RealmID,
     #[key]
     pub shortname: String,
-    pub roles: AssocMap<Role>,
+    pub roles: microrm::RelationMap<Role>,
 }
 
 #[derive(Database)]
 pub struct UIDCDatabase {
-    pub persistent_config: IDMap<PersistentConfig>,
+    pub persistent_config: microrm::IDMap<PersistentConfig>,
 
-    pub realms: IDMap<Realm>,
+    pub realms: microrm::IDMap<Realm>,
 
-    pub sessions: IDMap<Session>,
+    pub sessions: microrm::IDMap<Session>,
 }

src/scope_management.rs

@@ -1,8 +1,9 @@
 use crate::{schema, UIDCError};
 use microrm::prelude::*;
 
-pub fn create_scope(realm: &schema::Realm, name: &String) -> Result<(), UIDCError> {
+pub fn create_scope(realm: &microrm::Stored<schema::Realm>, name: &str) -> Result<(), UIDCError> {
     realm.scopes.insert(schema::Scope {
+        realm: realm.id(),
         shortname: name.into(),
         roles: Default::default(),
     })?;
@@ -16,10 +17,10 @@ pub fn list_scopes(realm: &schema::Realm) -> Result<(), UIDCError> {
     Ok(())
 }
 
-pub fn inspect_scope(realm: &schema::Realm, scope_name: &String) -> Result<(), UIDCError> {
+pub fn inspect_scope(realm: &microrm::Stored<schema::Realm>, scope_name: &str) -> Result<(), UIDCError> {
     let scope = realm
         .scopes
-        .keyed(scope_name)
+        .keyed((realm.id(), scope_name))
         .get()?
         .ok_or(UIDCError::Abort("no such scope"))?;
 
@@ -34,12 +35,12 @@ pub fn inspect_scope(realm: &schema::Realm, scope_name: &String) -> Result<(), U
 }
 
 pub fn attach_role(
-    realm: &schema::Realm,
-    scope_name: &String,
-    role_name: &String,
+    realm: &microrm::Stored<schema::Realm>,
+    scope_name: &str,
+    role_name: &str,
 ) -> Result<(), UIDCError> {
-    let scope = realm.scopes.keyed(scope_name).get()?;
-    let role = realm.roles.keyed(role_name).get()?;
+    let scope = realm.scopes.keyed((realm.id(), scope_name)).get()?;
+    let role = realm.roles.keyed((realm.id(), role_name)).get()?;
 
     match (scope, role) {
         (None, _) => Err(UIDCError::Abort("no such scope")),
@@ -52,12 +53,12 @@ pub fn attach_role(
 }
 
 pub fn detach_role(
-    realm: &schema::Realm,
-    scope_name: &String,
-    role_name: &String,
+    realm: &microrm::Stored<schema::Realm>,
+    scope_name: &str,
+    role_name: &str,
 ) -> Result<(), UIDCError> {
-    let scope = realm.scopes.keyed(scope_name).get()?;
-    let role = realm.roles.keyed(role_name).get()?;
+    let scope = realm.scopes.keyed((realm.id(), scope_name)).get()?;
+    let role = realm.roles.keyed((realm.id(), role_name)).get()?;
 
     if let Some((scope, role)) = scope.as_ref().zip(role) {
         scope.roles.disconnect_from(role.id())?;

src/server/session.rs

@@ -274,7 +274,7 @@ async fn v1_login_post(mut req: Request) -> tide::Result<tide::Response> {
         ChallengeType::Username => {
             shelper.destroy_auth(realm.id(), &session)?;
 
-            let user = realm.users.keyed(&body.challenge).get()?;
+            let user = realm.users.with(schema::User::Username, &body.challenge).first().get()?;
             if user.is_none() {
                 error = Some(format!("No such user {}", body.challenge));
             } else {

src/token.rs

@@ -38,7 +38,7 @@ pub fn generate_auth_token<'a>(
     // find all roles requested by the scopes
     let mut requested_roles = vec![];
     for scope_name in scopes {
-        if let Some(scope) = realm.scopes.keyed(&scope_name.to_string()).get()? {
+        if let Some(scope) = realm.scopes.with(schema::Scope::Shortname, scope_name).first().get()? {
             requested_roles.extend(scope.roles.get()?.into_iter());
         }
     }

src/token_management.rs

@@ -13,13 +13,15 @@ pub fn create_auth_token(
         realm,
         &realm
             .clients
-            .keyed(client)
+            .with(schema::Client::Shortname, client)
+            .first()
             .get()?
             .ok_or(UIDCError::Abort("no such client"))?
             .wrapped(),
         &realm
             .users
-            .keyed(username)
+            .with(schema::User::Username, username)
+            .first()
             .get()?
             .ok_or(UIDCError::Abort("no such user"))?
             .wrapped(),
@@ -39,13 +41,15 @@ pub fn create_refresh_token(
         realm,
         &realm
             .clients
-            .keyed(client)
+            .with(schema::Client::Shortname, client)
+            .first()
             .get()?
             .ok_or(UIDCError::Abort("no such client"))?
             .wrapped(),
         &realm
             .users
-            .keyed(username)
+            .with(schema::User::Username, username)
+            .first()
             .get()?
             .ok_or(UIDCError::Abort("no such user"))?
             .wrapped(),

src/user.rs

@@ -46,7 +46,7 @@ impl<'a> User<'a> {
 
     pub fn change_username(&mut self, new_name: &String) -> Result<(), UIDCError> {
         // check to ensure the new username isn't already in use
-        if self.realm.users.keyed(new_name).get()?.is_some() {
+        if self.realm.users.with(schema::User::Username, new_name).first().get()?.is_some() {
             Err(UIDCError::Abort("username already in use"))
         } else {
             self.user.username = new_name.clone();

src/user_management.rs

@@ -10,7 +10,8 @@ pub fn change_auth(
     // check that the user exists
     let user = realm
         .users
-        .keyed(username)
+        .with(schema::User::Username, username)
+        .first()
         .get()?
         .ok_or(UIDCError::Abort("no such user"))?;
 
@@ -27,7 +28,7 @@ pub fn change_auth(
         qr2term::print_qr(new_uri.as_str())
             .map_err(|_| UIDCError::Abort("could not display QR code"))?;
         let new_challenge = schema::AuthChallenge {
-            user_id: user_id,
+            user_id,
             challenge_type: schema::AuthChallengeType::TOTP.into(),
             public: vec![],
             secret: new_secret.clone(),