kestrel
/
uidc


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152
							pub use microrm::prelude::{Entity, Database};
use microrm::schema::{IDMap, AssocMap, Serialized, Relation, AssocDomain, AssocRange};
use serde::{Deserialize, Serialize};

use crate::key::KeyType;

// ----------------------------------------------------------------------
// uidc internal types
// ----------------------------------------------------------------------

/// Simple key-value store for persistent configuration
#[derive(Debug, Entity)]
pub struct PersistentConfig {
    #[unique]
    pub key: String,
    pub value: String,
}

// ----------------------------------------------------------------------
// Session types
// ----------------------------------------------------------------------

#[derive(Debug, Entity)]
pub struct Session {
    auth: AssocMap<SessionAuth>,
    // expiry: std::time::SystemTime
}

#[derive(Debug, Entity)]
pub struct SessionAuth {
    pub realm: RealmID,

    pub user: Option<UserID>,

    pub pending_user: Option<UserID>,
    pub pending_challenges: Serialized<Vec<AuthChallengeType>>,
}

#[derive(Clone, Copy, Debug, PartialEq, PartialOrd, Serialize, Deserialize)]
pub enum AuthChallengeType {
    Username,
    Password,
    TOTP,
    Grid,
    WebAuthn,
}

#[derive(Debug, Entity)]
pub struct AuthChallenge {
    #[unique]
    pub challenge_type: Serialized<AuthChallengeType>,
    pub public: Vec<u8>,
    pub secret: Vec<u8>,
    pub enabled: bool,
}

// ----------------------------------------------------------------------
// OIDC types
// ----------------------------------------------------------------------

pub struct UserGroupRelation;
impl Relation for UserGroupRelation {
    type Domain = User;
    type Range = Group;
    const NAME: &'static str = "UserGroup";
}

pub struct GroupRoleRelation;
impl Relation for GroupRoleRelation {
    type Domain = Group;
    type Range = Role;
    const NAME: &'static str = "GroupRole";
}

#[derive(Clone, Debug, Default, Entity)]
pub struct Realm {
    #[unique]
    pub shortname: String,

    pub clients: AssocMap<Client>,
    pub groups: AssocMap<Group>,
    pub keys: AssocMap<Key>,
    pub roles: AssocMap<Role>,
    pub scopes: AssocMap<Scope>,
    pub users: AssocMap<User>,
}

#[derive(Debug, Entity)]
pub struct Key {
    #[unique]
    pub key_id: String,
    pub key_type: Serialized<KeyType>,
    pub public_data: Vec<u8>,
    pub secret_data: Vec<u8>,
    pub expiry: time::OffsetDateTime,
}

#[derive(Debug, Entity)]
pub struct User {
    #[unique]
    pub username: String,
    pub auth: AssocMap<AuthChallenge>,
    pub groups: AssocDomain<UserGroupRelation>,
}

#[derive(Debug, Entity)]
pub struct Group {
    #[unique]
    pub shortname: String,
    pub users: AssocRange<UserGroupRelation>,
    pub roles: AssocDomain<GroupRoleRelation>,
}

#[derive(Debug, Entity)]
pub struct Role {
    #[unique]
    pub shortname: String,
    pub groups: AssocRange<GroupRoleRelation>,
}

/// OAuth2 client representation
#[derive(Debug, Entity)]
pub struct Client {
    #[unique]
    pub shortname: String,
    pub secret: String,
    pub key_type: Serialized<KeyType>,
    pub redirects: AssocMap<ClientRedirect>,
    pub scopes: AssocMap<Scope>,
}

#[derive(Debug, Entity)]
pub struct ClientRedirect {
    pub redirect: String,
}

/// Requested group of permissions
#[derive(Debug, Entity)]
pub struct Scope {
    #[unique]
    pub shortname: String,
    pub roles: AssocMap<Role>,
}

#[derive(Database)]
pub struct UIDCDatabase {
    pub persistent_config: IDMap<PersistentConfig>,

    pub realms: IDMap<Realm>,

    pub sessions: IDMap<Session>,
}