uidc/src/client_management.rs

use crate::{
    key::{HMacType, KeyType},
    schema, UIDCError,
};
use microrm::prelude::*;

pub fn create(
    realm: &microrm::Stored<schema::Realm>,
    name: &String,
    key_type: KeyType,
) -> Result<(), UIDCError> {
    let rng = ring::rand::SystemRandom::new();
    let client_secret: [u8; 32] = ring::rand::generate(&rng).unwrap().expose();

    realm.clients.insert(schema::Client {
        realm: realm.id(),
        shortname: name.into(),
        secret: base64::encode(client_secret),
        access_key_type: key_type.into(),
        refresh_key_type: KeyType::HMac(HMacType::Sha256).into_serialized(),
        direct_grant_enabled: false,
        redirects: Default::default(),
        scopes: Default::default(),
    })?;
    Ok(())
}

pub fn rotate_secret(realm: &microrm::Stored<schema::Realm>, name: &str) -> Result<(), UIDCError> {
    let rng = ring::rand::SystemRandom::new();
    let client_secret: [u8; 32] = ring::rand::generate(&rng).unwrap().expose();

    let mut client = realm
        .clients
        .with(schema::Client::Shortname, name)
        .first()
        .get()?
        .ok_or(UIDCError::Abort("no such client"))?;
    client.secret = base64::encode(client_secret);

    client.sync()?;

    Ok(())
}

pub fn add_redirect(
    realm: &microrm::Stored<schema::Realm>,
    name: &str,
    pattern: &str,
) -> Result<(), UIDCError> {
    let Some(client) = realm.clients.keyed((realm.id(), name)).get()? else {
        return Err(UIDCError::Abort("no such client"));
    };

    client.redirects.insert(schema::ClientRedirect {
        redirect_pattern: pattern.into(),
    })?;

    Ok(())
}