kestrel
/
uidc


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159
							pub use microrm::{Schema, Entity, Modelable};
use serde::{Deserialize, Serialize};

#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct Session {
    pub key: String,
    // TODO: add expiry here
}

microrm::make_index!(!SessionKeyIndex, Session::Key);

#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct SessionAuthentication {
    #[microrm_foreign]
    pub session: SessionID,
    #[microrm_foreign]
    pub realm: RealmID,
    #[microrm_foreign]
    pub user: UserID,

    pub challenges_left: Vec<AuthChallengeType>,
}

// **** oauth types ****
#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct Realm {
    pub shortname: String,
}

#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct Key {
    #[microrm_foreign]
    pub realm: RealmID,
    pub key_id: String,
    #[serde(with = "serde_bytes")]
    pub keydata: Vec<u8>,
}

/// End-user representation object
#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct User {
    #[microrm_foreign]
    pub realm: RealmID,
    pub username: String,
}

#[derive(Clone, Copy, Debug, PartialEq, Modelable, Serialize, Deserialize)]
pub enum AuthChallengeType {
    Username,
    Password,
    TOTP,
    Grid,
    WebAuthn,
}

#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct AuthChallenge {
    #[microrm_foreign]
    pub user: UserID,
    pub challenge_type: AuthChallengeType,
    #[serde(with = "serde_bytes")]
    pub public: Vec<u8>,
    #[serde(with = "serde_bytes")]
    pub secret: Vec<u8>,
}

/// User semantic grouping
#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct Group {
    #[microrm_foreign]
    pub realm: RealmID,
    pub shortname: String,
}

/// User membership in group
#[derive(Debug, Entity,Serialize,Deserialize)]
pub struct GroupMembership {
    pub group: GroupID,
    pub user: UserID,
}

/// OAuth2 client representation
#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct Client {
    #[microrm_foreign]
    pub realm: RealmID,
    pub shortname: String,
    pub secret: String,
}

microrm::make_index!(
    !ClientNameIndex,
    Client::Realm,
    Client::Shortname
);

#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct ClientRedirect {
    #[microrm_foreign]
    pub client: ClientID,
    pub redirect: String,
}

/// Requested group of permissions
#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct Scope {
    #[microrm_foreign]
    pub realm: RealmID,
    pub shortname: String,
}

/// Specific atomic permission
#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct Role {
    #[microrm_foreign]
    pub realm: RealmID,
    pub shortname: String,
}

/// Role membership in scope
#[derive(Debug, Entity,Serialize,Deserialize)]
pub struct ScopeRole {
    pub scope: ScopeID,
    pub role: RoleID,
}

/// Assigned permissions in group
#[derive(Debug, Entity,Serialize,Deserialize)]
pub struct GroupRole {
    pub scope: ScopeID,
    pub role: RoleID,
}

#[derive(Debug, Entity,Serialize,Deserialize)]
pub struct RevokedToken {
    pub user: UserID,
    pub nonce: String,
}

pub fn schema() -> Schema {
    Schema::new()
        .entity::<Session>()
        .index::<SessionKeyIndex>()
        .entity::<SessionAuthentication>()
        // oauth types
        .entity::<Realm>()
        .entity::<Key>()
        .entity::<User>()
        .entity::<AuthChallenge>()
        .entity::<Group>()
        .entity::<Client>()
        .index::<ClientNameIndex>()
        .entity::<ClientRedirect>()
        .entity::<Scope>()
        .entity::<Role>()
        .entity::<ScopeRole>()
        .entity::<GroupRole>()
        .entity::<RevokedToken>()
}