diff --git a/Cargo.lock b/Cargo.lock index d9a204d..ed3f42c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3157,6 +3157,7 @@ dependencies = [ "async-trait", "chrono", "chrono-tz", + "clap", "derive_more 2.0.1", "ical", "lazy_static", diff --git a/Cargo.toml b/Cargo.toml index 6ee1963..3af58df 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -111,6 +111,7 @@ reqwest = { version = "0.12", features = [ "http2", ], default-features = false } openidconnect = "4.0" +clap = { version = "4.5", features = ["derive", "env"] } [dependencies] rustical_store = { workspace = true } @@ -124,7 +125,7 @@ serde = { workspace = true } tokio = { workspace = true } tracing = { workspace = true } anyhow = { workspace = true } -clap = { version = "4.5", features = ["derive", "env"] } +clap.workspace = true sqlx = { workspace = true } async-trait = { workspace = true } tracing-actix-web = { workspace = true } diff --git a/crates/store/Cargo.toml b/crates/store/Cargo.toml index 28c77f3..018b700 100644 --- a/crates/store/Cargo.toml +++ b/crates/store/Cargo.toml @@ -29,6 +29,7 @@ toml.workspace = true tokio.workspace = true rand.workspace = true uuid.workspace = true +clap.workspace = true [dev-dependencies] rstest = { workspace = true } diff --git a/crates/store/src/auth/mod.rs b/crates/store/src/auth/mod.rs index c5e335a..3f49c79 100644 --- a/crates/store/src/auth/mod.rs +++ b/crates/store/src/auth/mod.rs @@ -6,7 +6,9 @@ use async_trait::async_trait; #[async_trait] pub trait AuthenticationProvider: 'static { + async fn get_principals(&self) -> Result, crate::Error>; async fn get_principal(&self, id: &str) -> Result, crate::Error>; + async fn remove_principal(&self, id: &str) -> Result<(), crate::Error>; async fn insert_principal(&self, user: User) -> Result<(), crate::Error>; async fn validate_password(&self, user_id: &str, password: &str) -> Result, Error>; diff --git a/crates/store/src/auth/toml_user_store.rs b/crates/store/src/auth/toml_user_store.rs index 413941b..44edfa3 100644 --- a/crates/store/src/auth/toml_user_store.rs +++ b/crates/store/src/auth/toml_user_store.rs @@ -61,6 +61,10 @@ impl TomlPrincipalStore { #[async_trait] impl AuthenticationProvider for TomlPrincipalStore { + async fn get_principals(&self) -> Result, crate::Error> { + Ok(self.principals.read().await.values().cloned().collect()) + } + async fn get_principal(&self, id: &str) -> Result, crate::Error> { Ok(self.principals.read().await.get(id).cloned()) } @@ -75,6 +79,13 @@ impl AuthenticationProvider for TomlPrincipalStore { Ok(()) } + async fn remove_principal(&self, id: &str) -> Result<(), crate::Error> { + let mut principals = self.principals.write().await; + principals.remove(id); + self.save(principals.deref())?; + Ok(()) + } + async fn validate_password( &self, user_id: &str, diff --git a/crates/store/src/auth/user.rs b/crates/store/src/auth/user.rs index 42ef42a..47d5fda 100644 --- a/crates/store/src/auth/user.rs +++ b/crates/store/src/auth/user.rs @@ -12,7 +12,7 @@ use std::future::{Ready, ready}; use crate::Secret; /// https://datatracker.ietf.org/doc/html/rfc5545#section-3.2.3 -#[derive(Debug, Clone, Deserialize, Serialize, Default, PartialEq)] +#[derive(Debug, Clone, Deserialize, Serialize, Default, PartialEq, Display, clap::ValueEnum)] #[serde(rename_all = "lowercase")] pub enum PrincipalType { #[default] diff --git a/src/commands/mod.rs b/src/commands/mod.rs index 5b4af30..043b083 100644 --- a/src/commands/mod.rs +++ b/src/commands/mod.rs @@ -11,6 +11,8 @@ use crate::config::{ TracingConfig, }; +pub mod principals; + #[derive(Debug, Parser)] pub struct GenConfigArgs {} diff --git a/src/commands/principals.rs b/src/commands/principals.rs new file mode 100644 index 0000000..d43c993 --- /dev/null +++ b/src/commands/principals.rs @@ -0,0 +1,105 @@ +use clap::{Parser, Subcommand}; +use figment::{ + Figment, + providers::{Env, Format, Toml}, +}; +use password_hash::PasswordHasher; +use password_hash::SaltString; +use rand::rngs::OsRng; +use rustical_store::auth::{AuthenticationProvider, TomlPrincipalStore, User, user::PrincipalType}; + +use crate::config::{self, Config}; + +#[derive(Parser, Debug)] +pub struct PrincipalsArgs { + #[arg(short, long, env, default_value = "/etc/rustical/config.toml")] + config_file: String, + + #[command(subcommand)] + command: Command, +} + +#[derive(Parser, Debug)] +struct CreateArgs { + id: String, + #[arg(value_enum, short, long)] + principal_type: Option, + #[arg(short, long)] + name: Option, + #[arg(long, help = "Ask for password input")] + password: bool, +} + +#[derive(Parser, Debug)] +struct RemoveArgs { + id: String, +} + +#[derive(Debug, Subcommand)] +enum Command { + List, + Create(CreateArgs), + Remove(RemoveArgs), +} + +pub async fn cmd_principals(args: PrincipalsArgs) -> anyhow::Result<()> { + let config: Config = Figment::new() + // TODO: What to do when config file does not exist? + .merge(Toml::file(&args.config_file)) + .merge(Env::prefixed("RUSTICAL_").split("__")) + .extract()?; + + let user_store = match config.auth { + config::AuthConfig::Toml(config) => TomlPrincipalStore::new(config)?, + }; + + match args.command { + Command::List => { + for principal in user_store.get_principals().await? { + println!( + "{} (displayname={}) [{}]", + principal.id, + principal.displayname.unwrap_or_default(), + principal.principal_type + ); + } + } + Command::Create(CreateArgs { + id, + principal_type, + name, + password, + }) => { + let salt = SaltString::generate(OsRng); + let password = if password { + println!("Enter your password:"); + let password = rpassword::read_password()?; + Some( + argon2::Argon2::default() + .hash_password(password.as_bytes(), &salt) + .unwrap() + .to_string() + .into(), + ) + } else { + None + }; + user_store + .insert_principal(User { + id, + displayname: name, + principal_type: principal_type.unwrap_or_default(), + app_tokens: vec![], + password, + memberships: vec![], + }) + .await?; + println!("Principal created"); + } + Command::Remove(RemoveArgs { id }) => { + user_store.remove_principal(&id).await?; + println!("Principal {id} removed"); + } + } + Ok(()) +} diff --git a/src/main.rs b/src/main.rs index 345568e..8919260 100644 --- a/src/main.rs +++ b/src/main.rs @@ -4,6 +4,7 @@ use actix_web::http::KeepAlive; use anyhow::Result; use app::make_app; use clap::{Parser, Subcommand}; +use commands::principals::{PrincipalsArgs, cmd_principals}; use commands::{cmd_gen_config, cmd_pwhash}; use config::{DataStoreConfig, SqliteDataStoreConfig}; use figment::Figment; @@ -40,6 +41,7 @@ struct Args { enum Command { GenConfig(commands::GenConfigArgs), Pwhash(commands::PwhashArgs), + Principals(PrincipalsArgs), } async fn get_data_stores( @@ -72,6 +74,7 @@ async fn main() -> Result<()> { match args.command { Some(Command::GenConfig(gen_config_args)) => cmd_gen_config(gen_config_args)?, Some(Command::Pwhash(pwhash_args)) => cmd_pwhash(pwhash_args)?, + Some(Command::Principals(principals_args)) => cmd_principals(principals_args).await?, None => { let config: Config = Figment::new() // TODO: What to do when config file does not exist? @@ -140,11 +143,20 @@ mod tests { #[async_trait] impl AuthenticationProvider for MockUserStore { + async fn get_principals( + &self, + ) -> Result, rustical_store::Error> { + Err(rustical_store::Error::Other(anyhow!("Not implemented"))) + } async fn get_principal( &self, id: &str, ) -> Result, rustical_store::Error> { - Err(rustical_store::Error::NotFound) + Err(rustical_store::Error::Other(anyhow!("Not implemented"))) + } + + async fn remove_principal(&self, id: &str) -> Result<(), rustical_store::Error> { + Err(rustical_store::Error::Other(anyhow!("Not implemented"))) } async fn validate_password( @@ -152,7 +164,7 @@ mod tests { user_id: &str, password: &str, ) -> Result, rustical_store::Error> { - Err(rustical_store::Error::NotFound) + Err(rustical_store::Error::Other(anyhow!("Not implemented"))) } async fn validate_app_token( @@ -160,7 +172,7 @@ mod tests { user_id: &str, token: &str, ) -> Result, rustical_store::Error> { - Err(rustical_store::Error::NotFound) + Err(rustical_store::Error::Other(anyhow!("Not implemented"))) } async fn add_app_token(