Migrate principal store to sqlite

2025-12-13 20:32:48 +00:00 · 2025-04-26 14:13:37 +02:00
parent 1f915b73de
commit 87112f3794
28 changed files with 597 additions and 351 deletions
--- a/src/commands/membership.rs
+++ b/src/commands/membership.rs
@@ -34,7 +34,7 @@ pub struct MembershipArgs {
 }

 pub async fn handle_membership_command(
-    user_store: impl AuthenticationProvider,
+    user_store: &impl AuthenticationProvider,
    MembershipArgs { command }: MembershipArgs,
 ) -> anyhow::Result<()> {
    let id = match &command {
@@ -42,28 +42,22 @@ pub async fn handle_membership_command(
        MembershipCommand::Remove(RemoveArgs { id, .. }) => id,
        MembershipCommand::List(ListArgs { id }) => id,
    };
-    let mut principal = user_store
-        .get_principal(id)
-        .await?
-        .unwrap_or_else(|| panic!("Principal {id} does not exist"));

-    match command {
+    match &command {
        MembershipCommand::Assign(AssignArgs { to, .. }) => {
-            if principal.memberships.contains(&to) {
-                println!("Principal is already member of {to}");
-                return Ok(());
-            }
-            principal.memberships.push(to);
-            user_store.insert_principal(principal, true).await?;
+            user_store.add_membership(id, to).await?;
            println!("Membership assigned");
        }
        MembershipCommand::Remove(RemoveArgs { to, .. }) => {
-            principal.memberships.retain(|principal| principal != &to);
-            user_store.insert_principal(principal, true).await?;
+            user_store.remove_membership(id, to).await?;
            println!("Membership removed");
        }
        MembershipCommand::List(ListArgs { .. }) => {
-            for membership in principal.memberships {
+            let principal = user_store
+                .get_principal(id)
+                .await?
+                .unwrap_or_else(|| panic!("Principal {id} does not exist"));
+            for membership in principal.memberships() {
                println!("{membership}");
            }
        }
--- a/src/commands/mod.rs
+++ b/src/commands/mod.rs
@@ -4,11 +4,9 @@ use password_hash::PasswordHasher;
 use pbkdf2::Params;
 use rand::{RngCore, rngs::OsRng};
 use rustical_frontend::FrontendConfig;
-use rustical_store::auth::TomlUserStoreConfig;

 use crate::config::{
-    AuthConfig, Config, DataStoreConfig, DavPushConfig, HttpConfig, SqliteDataStoreConfig,
-    TracingConfig,
+    Config, DataStoreConfig, DavPushConfig, HttpConfig, SqliteDataStoreConfig, TracingConfig,
 };

 mod membership;
@@ -28,9 +26,6 @@ pub fn generate_frontend_secret() -> [u8; 64] {
 pub fn cmd_gen_config(_args: GenConfigArgs) -> anyhow::Result<()> {
    let config = Config {
        http: HttpConfig::default(),
-        auth: AuthConfig::Toml(TomlUserStoreConfig {
-            path: "/etc/rustical/principals.toml".to_owned(),
-        }),
        data_store: DataStoreConfig::Sqlite(SqliteDataStoreConfig {
            db_url: "/var/lib/rustical/db.sqlite3".to_owned(),
        }),
--- a/src/commands/principals.rs
+++ b/src/commands/principals.rs
@@ -1,5 +1,5 @@
 use super::membership::{MembershipArgs, handle_membership_command};
-use crate::config::{self, Config};
+use crate::{config::Config, get_data_stores};
 use clap::{Parser, Subcommand};
 use figment::{
    Figment,
@@ -8,7 +8,7 @@ use figment::{
 use password_hash::PasswordHasher;
 use password_hash::SaltString;
 use rand::rngs::OsRng;
-use rustical_store::auth::{AuthenticationProvider, TomlPrincipalStore, User, user::PrincipalType};
+use rustical_store::auth::{AuthenticationProvider, User, user::PrincipalType};

 #[derive(Parser, Debug)]
 pub struct PrincipalsArgs {
@@ -66,13 +66,11 @@ pub async fn cmd_principals(args: PrincipalsArgs) -> anyhow::Result<()> {
        .merge(Env::prefixed("RUSTICAL_").split("__"))
        .extract()?;

-    let user_store = match config.auth {
-        config::AuthConfig::Toml(config) => TomlPrincipalStore::new(config)?,
-    };
+    let (_, _, _, principal_store, _) = get_data_stores(true, &config.data_store).await?;

    match args.command {
        Command::List => {
-            for principal in user_store.get_principals().await? {
+            for principal in principal_store.get_principals().await? {
                println!(
                    "{} (displayname={}) [{}]",
                    principal.id,
@@ -101,13 +99,12 @@ pub async fn cmd_principals(args: PrincipalsArgs) -> anyhow::Result<()> {
            } else {
                None
            };
-            user_store
+            principal_store
                .insert_principal(
                    User {
                        id,
                        displayname: name,
                        principal_type: principal_type.unwrap_or_default(),
-                        app_tokens: vec![],
                        password,
                        memberships: vec![],
                    },
@@ -117,7 +114,7 @@ pub async fn cmd_principals(args: PrincipalsArgs) -> anyhow::Result<()> {
            println!("Principal created");
        }
        Command::Remove(RemoveArgs { id }) => {
-            user_store.remove_principal(&id).await?;
+            principal_store.remove_principal(&id).await?;
            println!("Principal {id} removed");
        }
        Command::Edit(EditArgs {
@@ -127,7 +124,7 @@ pub async fn cmd_principals(args: PrincipalsArgs) -> anyhow::Result<()> {
            name,
            principal_type,
        }) => {
-            let mut principal = user_store
+            let mut principal = principal_store
                .get_principal(&id)
                .await?
                .unwrap_or_else(|| panic!("Principal {id} does not exist"));
@@ -153,10 +150,12 @@ pub async fn cmd_principals(args: PrincipalsArgs) -> anyhow::Result<()> {
            if let Some(principal_type) = principal_type {
                principal.principal_type = principal_type;
            }
-            user_store.insert_principal(principal, true).await?;
+            principal_store.insert_principal(principal, true).await?;
            println!("Principal {id} updated");
        }
-        Command::Membership(args) => handle_membership_command(user_store, args).await?,
+        Command::Membership(args) => {
+            handle_membership_command(principal_store.as_ref(), args).await?
+        }
    }
    Ok(())
 }
--- a/src/config.rs
+++ b/src/config.rs
@@ -1,6 +1,5 @@
 use rustical_frontend::FrontendConfig;
 use rustical_oidc::OidcConfig;
-use rustical_store::auth::TomlUserStoreConfig;
 use serde::{Deserialize, Serialize};

 #[derive(Debug, Deserialize, Serialize)]
@@ -32,13 +31,6 @@ pub enum DataStoreConfig {
    Sqlite(SqliteDataStoreConfig),
 }

-#[derive(Debug, Deserialize, Serialize)]
-#[serde(rename_all = "snake_case")]
-#[serde(deny_unknown_fields)]
-pub enum AuthConfig {
-    Toml(TomlUserStoreConfig),
-}
-
 #[derive(Debug, Deserialize, Serialize, Default)]
 #[serde(deny_unknown_fields, default)]
 pub struct TracingConfig {
@@ -80,7 +72,6 @@ impl Default for NextcloudLoginConfig {
 #[serde(deny_unknown_fields)]
 pub struct Config {
    pub data_store: DataStoreConfig,
-    pub auth: AuthConfig,
    #[serde(default)]
    pub http: HttpConfig,
    pub frontend: FrontendConfig,
--- a/src/main.rs
+++ b/src/main.rs
@@ -11,10 +11,11 @@ use figment::Figment;
 use figment::providers::{Env, Format, Toml};
 use rustical_dav_push::notifier::push_notifier;
 use rustical_frontend::nextcloud_login::NextcloudFlows;
-use rustical_store::auth::TomlPrincipalStore;
+use rustical_store::auth::AuthenticationProvider;
 use rustical_store::{AddressbookStore, CalendarStore, CollectionOperation, SubscriptionStore};
 use rustical_store_sqlite::addressbook_store::SqliteAddressbookStore;
 use rustical_store_sqlite::calendar_store::SqliteCalendarStore;
+use rustical_store_sqlite::principal_store::SqlitePrincipalStore;
 use rustical_store_sqlite::{SqliteStore, create_db_pool};
 use setup_tracing::setup_tracing;
 use std::sync::Arc;
@@ -51,6 +52,7 @@ async fn get_data_stores(
    Arc<impl AddressbookStore>,
    Arc<impl CalendarStore>,
    Arc<impl SubscriptionStore>,
+    Arc<impl AuthenticationProvider>,
    Receiver<CollectionOperation>,
 )> {
    Ok(match &config {
@@ -62,7 +64,14 @@ async fn get_data_stores(
            let addressbook_store = Arc::new(SqliteAddressbookStore::new(db.clone(), send.clone()));
            let cal_store = Arc::new(SqliteCalendarStore::new(db.clone(), send));
            let subscription_store = Arc::new(SqliteStore::new(db.clone()));
-            (addressbook_store, cal_store, subscription_store, recv)
+            let principal_store = Arc::new(SqlitePrincipalStore::new(db.clone()));
+            (
+                addressbook_store,
+                cal_store,
+                subscription_store,
+                principal_store,
+                recv,
+            )
        }
    })
 }
@@ -83,7 +92,7 @@ async fn main() -> Result<()> {

            setup_tracing(&config.tracing);

-            let (addr_store, cal_store, subscription_store, update_recv) =
+            let (addr_store, cal_store, subscription_store, principal_store, update_recv) =
                get_data_stores(!args.no_migrations, &config.data_store).await?;

            if config.dav_push.enabled {
@@ -94,10 +103,6 @@ async fn main() -> Result<()> {
                ));
            }

-            let user_store = match config.auth {
-                config::AuthConfig::Toml(config) => Arc::new(TomlPrincipalStore::new(config)?),
-            };
-
            let nextcloud_flows = Arc::new(NextcloudFlows::default());

            HttpServer::new(move || {
@@ -105,7 +110,7 @@ async fn main() -> Result<()> {
                    addr_store.clone(),
                    cal_store.clone(),
                    subscription_store.clone(),
-                    user_store.clone(),
+                    principal_store.clone(),
                    config.frontend.clone(),
                    config.oidc.clone(),
                    config.nextcloud_login.clone(),
@@ -131,94 +136,27 @@ mod tests {
        get_data_stores,
    };
    use actix_web::{http::StatusCode, test::TestRequest};
-    use anyhow::anyhow;
-    use async_trait::async_trait;
    use rustical_frontend::FrontendConfig;
    use rustical_frontend::nextcloud_login::NextcloudFlows;
-    use rustical_store::auth::AuthenticationProvider;
    use std::sync::Arc;

-    #[derive(Debug, Clone)]
-    struct MockUserStore;
-
-    #[async_trait]
-    impl AuthenticationProvider for MockUserStore {
-        async fn get_principals(
-            &self,
-        ) -> Result<Vec<rustical_store::auth::User>, rustical_store::Error> {
-            Err(rustical_store::Error::Other(anyhow!("Not implemented")))
-        }
-        async fn get_principal(
-            &self,
-            _id: &str,
-        ) -> Result<Option<rustical_store::auth::User>, rustical_store::Error> {
-            Err(rustical_store::Error::Other(anyhow!("Not implemented")))
-        }
-
-        async fn remove_principal(&self, _id: &str) -> Result<(), rustical_store::Error> {
-            Err(rustical_store::Error::Other(anyhow!("Not implemented")))
-        }
-
-        async fn validate_password(
-            &self,
-            _user_id: &str,
-            _password: &str,
-        ) -> Result<Option<rustical_store::auth::User>, rustical_store::Error> {
-            Err(rustical_store::Error::Other(anyhow!("Not implemented")))
-        }
-
-        async fn validate_app_token(
-            &self,
-            _user_id: &str,
-            _token: &str,
-        ) -> Result<Option<rustical_store::auth::User>, rustical_store::Error> {
-            Err(rustical_store::Error::Other(anyhow!("Not implemented")))
-        }
-
-        async fn add_app_token(
-            &self,
-            _user_id: &str,
-            _name: String,
-            _token: String,
-        ) -> Result<String, rustical_store::Error> {
-            Err(rustical_store::Error::Other(anyhow!("Not implemented")))
-        }
-
-        async fn remove_app_token(
-            &self,
-            _user_id: &str,
-            _token_id: &str,
-        ) -> Result<(), rustical_store::Error> {
-            Err(rustical_store::Error::Other(anyhow!("Not implemented")))
-        }
-
-        async fn insert_principal(
-            &self,
-            _user: rustical_store::auth::User,
-            _overwrite: bool,
-        ) -> Result<(), rustical_store::Error> {
-            Err(rustical_store::Error::Other(anyhow!("Not implemented")))
-        }
-    }
-
    #[tokio::test]
    async fn test_main() {
-        let (addr_store, cal_store, subscription_store, _update_recv) = get_data_stores(
-            true,
-            &crate::config::DataStoreConfig::Sqlite(crate::config::SqliteDataStoreConfig {
-                db_url: "".to_owned(),
-            }),
-        )
-        .await
-        .unwrap();
-
-        let user_store = Arc::new(MockUserStore);
+        let (addr_store, cal_store, subscription_store, principal_store, _update_recv) =
+            get_data_stores(
+                true,
+                &crate::config::DataStoreConfig::Sqlite(crate::config::SqliteDataStoreConfig {
+                    db_url: "".to_owned(),
+                }),
+            )
+            .await
+            .unwrap();

        let app = make_app(
            addr_store,
            cal_store,
            subscription_store,
-            user_store,
+            principal_store,
            FrontendConfig {
                enabled: false,
                secret_key: generate_frontend_secret(),