diff options
author | Katharina Fey <kookie@spacekookie.de> | 2018-06-29 00:20:23 +0200 |
---|---|---|
committer | Katharina Fey <kookie@spacekookie.de> | 2018-06-29 00:20:23 +0200 |
commit | 23019c494588a63babd45bb70730ab8076df9154 (patch) | |
tree | 73a9d8bf63215127e6fb97e73c9e26f55e30367f | |
parent | df23d3dc3c028ebce6e8185f3d6578f48de38290 (diff) |
Adding some user registration code
-rw-r--r-- | lockchain-core/src/users.rs | 28 | ||||
-rw-r--r-- | lockchain-crypto/src/engine.rs | 6 |
2 files changed, 32 insertions, 2 deletions
diff --git a/lockchain-core/src/users.rs b/lockchain-core/src/users.rs index 34bcd42..654b924 100644 --- a/lockchain-core/src/users.rs +++ b/lockchain-core/src/users.rs @@ -1,15 +1,29 @@ //! User and access regulation module //! +//! Access can be given for a vault or file (based on id) +//! as well as an entire Api endpoint. By default all +//! Rust APIs assume `{ Api, Admin }` access, for other +//! APIs crates (http, ...), a user with access rights +//! has to be specified. //! +//! A user for an API endpoint is not the same as a user for +//! a vault. An API admin could have access to a vault where +//! they can only read a single file! +//! +//! `User` is also a serialisable struct which contains important +//! data to load and store them into a metadata store. mod auth; pub use self::auth::Token; +use crypto::{encoding, hashing}; use traits::AutoEncoder; /// Specifies access to a resource #[derive(Serialize, Deserialize)] pub enum Access { + /// Allows specific access to an entire API + Api, /// Allows access to vault metadata & index files Vault(String), /// Allows access to a record resource inside a vault @@ -27,12 +41,22 @@ pub enum Role { /// A generic user representation #[derive(Serialize, Deserialize)] pub struct User { - id: u64, name: String, pw_hash: String, - pw_salt: String, role: Role, access: Vec<Access>, } +impl User { + /// Register a new user with a name and password + pub fn register(name: &str, pw: &str) -> Self { + Self { + name: name.into(), + pw_hash: encoding::base64_encode(&hashing::blake2(pw, name).to_vec()), + role: Role::Reader, + access: Vec::new(), + } + } +} + impl AutoEncoder for User {} diff --git a/lockchain-crypto/src/engine.rs b/lockchain-crypto/src/engine.rs index 3fa20a1..24d79dc 100644 --- a/lockchain-crypto/src/engine.rs +++ b/lockchain-crypto/src/engine.rs @@ -1,4 +1,9 @@ +//! Implements an Aes256Siv encryption engine //! +//! Can be initialised from scratch or with a pw/salt +//! combintaion which derives a key via the `keybob` crate. +//! +//! Implements use lcc::traits::{AutoEncoder, Encryptable, EncryptionHandler}; use lcc::{EncryptedBody, PackedData}; @@ -29,6 +34,7 @@ impl AesEngine { iv: random::bytes(len), } } + /// Generate an Aes context from password pub fn from_pw(pw: &str, salt: &str) -> Self { let key = Key::from_pw(KeyType::Aes256, pw, salt); |