lockchain-core/src/init.rs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

use errors::VaultError;
use traits::{Body, Vault};

/// Describes the internal permission layout of a vault
/// 
/// ---
/// 
/// **Important Note** Because lockchain-core doesn't make assumptions about
/// about the existence of a cryptographic layer, the `UserStore` that
/// handles these secrets assumes they are **not** secret!
/// 
/// This means that only already encrypted keys should be given to the
/// generator type, because they will be written to disk **as is** by
/// certain backends!
/// 
/// It is in the responsibility of the library user to make sure that all
/// cryptographic operations are handled on the client side. Clear-text
/// keys that are given to a generator
/// should be considered **fully compromised**
#[derive(Debug, Serialize, Deserialize, Clone)]
pub enum VaultType {
    /// Create an all-powerful root user which can access everything
    Administrated {
        /// 
        secret: Vec<u8>,
    },
    /// Similar to `Administrated`
    /// but only allows a single-user for a vault
    SoloUser { username: String, secret: Vec<u8> },
}

/// A shared initialisation generator for vaults
///
/// All vaults, regardless of backends
/// or persistence layer
/// share the same common principles
/// of users and permissions.
///
/// This means that intiailisation is shared,
/// regardless of what backend implements it.
///
/// A `VaultGenerator` takes arguments
/// for a generic backend,
/// calls functions provided by said backend
/// and then returns the actual backend.
pub struct Generator {
    #[doc(hidden)]
    pub name: Option<String>,
    #[doc(hidden)]
    pub location: Option<String>,
    #[doc(hidden)]
    pub user_type: Option<VaultType>,
}

impl Generator {
    /// Start a new generator for a generic type
    pub fn new() -> Self {
        Self {
            name: None,
            location: None,
            user_type: None,
        }
    }

    pub fn path<N, L>(self, name: N, location: L) -> Self
    where
        N: Into<String>,
        L: Into<String>,
    {
        Self {
            name: Some(name.into()),
            location: Some(location.into()),
            ..self
        }
    }

    /// Specify the internal user permission structure for this vault
    ///
    /// If you don't know what this means, please consult
    /// the `VaultType` enum documentation
    pub fn user_type(self, t: VaultType) -> Self {
        Self {
            user_type: Some(t),
            ..self
        }
    }

    /// Finally call this function to construct the vault
    pub fn finalise<V, B>(self) -> Result<V, VaultError>
    where
        V: Vault<B>,
        B: Body,
    {
        V::new(self).map(|b| *b)
    }
}