aboutsummaryrefslogtreecommitdiff
path: root/lockchain-core/src
diff options
context:
space:
mode:
Diffstat (limited to 'lockchain-core/src')
-rw-r--r--lockchain-core/src/init.rs3
-rw-r--r--lockchain-core/src/users/mod.rs6
-rw-r--r--lockchain-core/src/users/tokens.rs43
3 files changed, 25 insertions, 27 deletions
diff --git a/lockchain-core/src/init.rs b/lockchain-core/src/init.rs
index 0e666bb..1880599 100644
--- a/lockchain-core/src/init.rs
+++ b/lockchain-core/src/init.rs
@@ -1,7 +1,8 @@
-use traits::{Body, Vault};
use errors::VaultError;
+use traits::{Body, Vault};
/// Describes the internal permission layout of a vault
+#[derive(Debug, Serialize, Deserialize, Clone)]
pub enum VaultType {
/// Create an all-powerful root user which can access everything
Administrated {
diff --git a/lockchain-core/src/users/mod.rs b/lockchain-core/src/users/mod.rs
index 4086fac..392e008 100644
--- a/lockchain-core/src/users/mod.rs
+++ b/lockchain-core/src/users/mod.rs
@@ -14,17 +14,17 @@
//! data to load and store them into a metadata store.
mod auth;
-mod user;
mod rights;
mod tokens;
+mod user;
mod secrets;
mod userstore;
pub use self::auth::pam_authenticate;
-pub use self::tokens::Token;
+pub use self::tokens::{Request, Token};
pub use self::user::User;
pub use self::userstore::UserStore;
-pub use errors::AuthError;
pub use self::rights::{Access, Role};
+pub use errors::AuthError;
diff --git a/lockchain-core/src/users/tokens.rs b/lockchain-core/src/users/tokens.rs
index f7226ef..e2b0747 100644
--- a/lockchain-core/src/users/tokens.rs
+++ b/lockchain-core/src/users/tokens.rs
@@ -1,41 +1,38 @@
-use crypto::random;
-
-const TOK_SIZE: usize = 64;
+use crypto::{random, Key, KeyType};
/// An authentication token that can be compared in constant time
-///
+///
/// ```
/// use lockchain_core::users::auth::Token;
/// let t1 = Token::new();
/// let t2 = Token::new();
-///
+///
/// // Will fail, but no expose failure length
/// assert_eq!(t1, t2);
/// ```
+#[derive(PartialEq, Eq, Serialize, Deserialize)]
pub struct Token {
- tok: [u8; TOK_SIZE],
+ inner: Key,
}
impl Token {
pub fn new() -> Self {
- let v = random::bytes(TOK_SIZE);
- let mut tok = [0; TOK_SIZE];
- tok.copy_from_slice(v.as_slice());
-
- Self { tok }
- }
-}
-
-impl PartialEq for Token {
- fn eq(&self, other: &Self) -> bool {
- let mut ret = true;
- for i in 0..TOK_SIZE {
- if self.tok[i] != other.tok[i] {
- ret = false;
- }
+ Self {
+ inner: Key::new(KeyType::Aes128),
}
- ret
}
}
-impl Eq for Token {}
+/// A request wrapper around a username and token
+///
+/// This structure is accepted by most Vault-trait
+/// functions to reduce the number of paramters required.auth
+///
+/// Because `Request` objects are short-lived and numerous,
+/// they only deal with references to the original
+/// username and token data.
+#[derive(PartialEq, Eq, Serialize, Deserialize)]
+pub struct Request<'outer> {
+ username: &'outer str,
+ token: Token,
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 13:11:23 +0000