From 5d5d9f4f55131a8249a47d60c93f12e3c8a735f5 Mon Sep 17 00:00:00 2001 From: Katharina Fey Date: Sat, 15 Sep 2018 22:26:56 +0100 Subject: Using the new generators to create filevault --- lockchain-core/src/init.rs | 3 ++- lockchain-core/src/users/mod.rs | 6 +++--- lockchain-core/src/users/tokens.rs | 43 ++++++++++++++++++-------------------- lockchain-files/src/config.rs | 17 ++++++++++----- lockchain-files/src/create.rs | 43 +++++++++++++++++++++++--------------- lockchain-files/src/lib.rs | 24 +++++++++++++++------ lockchain-files/src/userstore.rs | 18 +--------------- 7 files changed, 82 insertions(+), 72 deletions(-) diff --git a/lockchain-core/src/init.rs b/lockchain-core/src/init.rs index 0e666bb..1880599 100644 --- a/lockchain-core/src/init.rs +++ b/lockchain-core/src/init.rs @@ -1,7 +1,8 @@ -use traits::{Body, Vault}; use errors::VaultError; +use traits::{Body, Vault}; /// Describes the internal permission layout of a vault +#[derive(Debug, Serialize, Deserialize, Clone)] pub enum VaultType { /// Create an all-powerful root user which can access everything Administrated { diff --git a/lockchain-core/src/users/mod.rs b/lockchain-core/src/users/mod.rs index 4086fac..392e008 100644 --- a/lockchain-core/src/users/mod.rs +++ b/lockchain-core/src/users/mod.rs @@ -14,17 +14,17 @@ //! data to load and store them into a metadata store. mod auth; -mod user; mod rights; mod tokens; +mod user; mod secrets; mod userstore; pub use self::auth::pam_authenticate; -pub use self::tokens::Token; +pub use self::tokens::{Request, Token}; pub use self::user::User; pub use self::userstore::UserStore; -pub use errors::AuthError; pub use self::rights::{Access, Role}; +pub use errors::AuthError; diff --git a/lockchain-core/src/users/tokens.rs b/lockchain-core/src/users/tokens.rs index f7226ef..e2b0747 100644 --- a/lockchain-core/src/users/tokens.rs +++ b/lockchain-core/src/users/tokens.rs @@ -1,41 +1,38 @@ -use crypto::random; - -const TOK_SIZE: usize = 64; +use crypto::{random, Key, KeyType}; /// An authentication token that can be compared in constant time -/// +/// /// ``` /// use lockchain_core::users::auth::Token; /// let t1 = Token::new(); /// let t2 = Token::new(); -/// +/// /// // Will fail, but no expose failure length /// assert_eq!(t1, t2); /// ``` +#[derive(PartialEq, Eq, Serialize, Deserialize)] pub struct Token { - tok: [u8; TOK_SIZE], + inner: Key, } impl Token { pub fn new() -> Self { - let v = random::bytes(TOK_SIZE); - let mut tok = [0; TOK_SIZE]; - tok.copy_from_slice(v.as_slice()); - - Self { tok } - } -} - -impl PartialEq for Token { - fn eq(&self, other: &Self) -> bool { - let mut ret = true; - for i in 0..TOK_SIZE { - if self.tok[i] != other.tok[i] { - ret = false; - } + Self { + inner: Key::new(KeyType::Aes128), } - ret } } -impl Eq for Token {} +/// A request wrapper around a username and token +/// +/// This structure is accepted by most Vault-trait +/// functions to reduce the number of paramters required.auth +/// +/// Because `Request` objects are short-lived and numerous, +/// they only deal with references to the original +/// username and token data. +#[derive(PartialEq, Eq, Serialize, Deserialize)] +pub struct Request<'outer> { + username: &'outer str, + token: Token, +} diff --git a/lockchain-files/src/config.rs b/lockchain-files/src/config.rs index c862b31..6d67d7d 100644 --- a/lockchain-files/src/config.rs +++ b/lockchain-files/src/config.rs @@ -11,7 +11,7 @@ use semver::Version; use toml; use utils::FileToString; -use lcc::Generator; +use lcc::{errors::VaultError, Generator, VaultType}; /// A set of errors around `lockchain-files` configs #[derive(Debug)] @@ -39,21 +39,28 @@ impl fmt::Display for ConfigError { impl Error for ConfigError {} /// The configuration describing a file vault -#[derive(Serialize, Deserialize, Debug)] +#[derive(Debug, Serialize, Deserialize)] pub struct VaultConfig { /// A semver conforming version string pub version: String, + pub vault_type: VaultType, pub created_at: SystemTime, pub modified_at: SystemTime, } impl VaultConfig { - pub fn new(_: &Generator) -> Self { - Self { + pub fn new(gen: &Generator) -> Result { + let vt = gen + .user_type + .as_ref() + .ok_or(VaultError::IncompleteGenerator)?; + + Ok(Self { version: "0.1".into(), + vault_type: vt.clone(), created_at: SystemTime::now(), modified_at: SystemTime::now(), - } + }) } pub fn save(&self, vault: &PathBuf) -> Result<(), io::Error> { diff --git a/lockchain-files/src/create.rs b/lockchain-files/src/create.rs index aa8c0cd..7e3e39a 100644 --- a/lockchain-files/src/create.rs +++ b/lockchain-files/src/create.rs @@ -2,7 +2,11 @@ #![allow(unused_imports)] use lcc::errors::VaultError; -use lcc::{traits::Body, Generator}; +use lcc::{ + traits::{Body, Vault}, + users::UserStore, + Generator, Key, VaultType, +}; use std::collections::HashMap; use config::{ConfigError, VaultConfig}; @@ -17,22 +21,27 @@ impl FileVault { let fs = Filesystem::new(location, name); fs.scaffold().map_err(|_| VaultError::FailedCreation)?; - let cfg = VaultConfig::new(&gen); - - // Ok(Box::new( - // Self { - // meta_info: ( - // gen.name.clone().unwrap().into(), - // gen.location.clone().unwrap().into(), - // ), - // records: HashMap::new(), - // config: VaultConfig::new(), - // metadata: HashMap::new(), - // fs: Filesystem::new(&gen.location.unwrap(), &gen.name.unwrap()), - // users: UserStoreMapper::new(), - // }.initialize(), - // )) - unimplemented!() + let config = VaultConfig::new(&gen)?; + let mut users = UserStore::new(); + + /* At this point we'll have to create some user */ + use self::VaultType::*; + match config.vault_type { + SoloUser { username, secret } => users.add_user(username, Key::from(secret)), + Administrated { secret } => users.add_user("Admin".into(), Key::from(secret)), + } + + let mut me = Self { + config, + fs, + users, + ..Default::default() + }; + + /* Make sure to sync all made changes after the scaffold */ + me.sync(); + + Ok(me) } fn get_path(gen: &Generator) -> Result<(&str, &str), VaultError> { diff --git a/lockchain-files/src/lib.rs b/lockchain-files/src/lib.rs index b9b8bd4..e62611e 100644 --- a/lockchain-files/src/lib.rs +++ b/lockchain-files/src/lib.rs @@ -23,31 +23,31 @@ use lcc::{ Generator, Header, MetaDomain, Payload, Record, VaultMetadata, }; use std::collections::HashMap; +use std::default::Default; mod config; mod create; mod fs; mod load; -mod userstore; mod utils; +mod userstore; pub use config::{ConfigError, VaultConfig}; use fs::{FileType, Filesystem}; -use userstore::UserStoreMapper; /// Persistence mapper to a folder and file structure /// /// This implementation tries to be as efficient /// as possible, however please note that it is /// dependant on filesystem operations and is -/// not suited for high-performance applications! -/// +/// not suited for high-performance applications! +/// /// --- -/// +/// /// Implements the `Vault` API in full, /// replicating all functionality in memory /// while providing async operations on-disk. -/// +/// /// Requests on files are debounced! /// /// The internal layout should not be assumed @@ -76,6 +76,18 @@ pub struct FileVault { metadata: HashMap, } +impl Default for FileVault { + #[allow(unconditional_recursion)] + fn default() -> Self { + Self { + records: HashMap::new(), + headers: HashMap::new(), + metadata: HashMap::new(), + ..Default::default() + } + } +} + impl LoadRecord for FileVault {} impl Vault for FileVault { diff --git a/lockchain-files/src/userstore.rs b/lockchain-files/src/userstore.rs index 07c57fd..f7bfccd 100644 --- a/lockchain-files/src/userstore.rs +++ b/lockchain-files/src/userstore.rs @@ -1,20 +1,4 @@ -//! This module maps the lockchain internal `UserStore` into a -//! structure that can be saved to disk. +//! Implements serialization, desrialization for UserStore -use lcc::users::UserStore; -pub struct UserStoreMapper { - inner: UserStore, -} -impl UserStoreMapper { - pub fn new() -> Self { - Self { - inner: UserStore::new(), - } - } - - pub fn load(store: UserStore) -> Self { - Self { inner: store } - } -} -- cgit v1.2.3