2018-07-27 16:54:20 +08:00
|
|
|
#include "auth/auth.hpp"
|
|
|
|
|
2018-08-14 17:34:00 +08:00
|
|
|
#include "auth/exceptions.hpp"
|
2018-07-27 16:54:20 +08:00
|
|
|
|
|
|
|
namespace auth {
|
|
|
|
|
|
|
|
const std::string kUserPrefix = "user:";
|
|
|
|
const std::string kRolePrefix = "role:";
|
|
|
|
const std::string kLinkPrefix = "link:";
|
|
|
|
|
|
|
|
/**
|
|
|
|
* All data stored in the `Auth` storage is stored in an underlying
|
|
|
|
* `storage::KVStore`. Because we are using a key-value store to store the data,
|
|
|
|
* the data has to be encoded. The encoding used is as follows:
|
|
|
|
*
|
|
|
|
* User: key="user:<username>", value="<json_encoded_members_of_user>"
|
|
|
|
* Role: key="role:<rolename>", value="<json_endoded_members_of_role>"
|
|
|
|
*
|
|
|
|
* The User->Role relationship isn't stored in the `User` encoded data because
|
|
|
|
* we want to be able to delete/modify a Role and have it automatically be
|
|
|
|
* removed/modified in all linked users. Because of that we store the links to
|
|
|
|
* the role as a foreign-key like mapping in the KVStore. It is saved as
|
|
|
|
* follows:
|
|
|
|
*
|
|
|
|
* key="link:<username>", value="<rolename>"
|
|
|
|
*/
|
|
|
|
|
|
|
|
Auth::Auth(const std::string &storage_directory)
|
|
|
|
: storage_(storage_directory) {}
|
|
|
|
|
|
|
|
std::experimental::optional<User> Auth::Authenticate(
|
|
|
|
const std::string &username, const std::string &password) {
|
|
|
|
auto user = GetUser(username);
|
|
|
|
if (!user) return std::experimental::nullopt;
|
|
|
|
if (!user->CheckPassword(password)) return std::experimental::nullopt;
|
|
|
|
return user;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::experimental::optional<User> Auth::GetUser(const std::string &username) {
|
|
|
|
auto existing_user = storage_.Get(kUserPrefix + username);
|
|
|
|
if (!existing_user) return std::experimental::nullopt;
|
|
|
|
|
|
|
|
nlohmann::json data;
|
|
|
|
try {
|
|
|
|
data = nlohmann::json::parse(*existing_user);
|
|
|
|
} catch (const nlohmann::json::parse_error &e) {
|
2018-08-14 17:34:00 +08:00
|
|
|
throw AuthException("Couldn't load user data!");
|
2018-07-27 16:54:20 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
auto user = User::Deserialize(data);
|
|
|
|
auto link = storage_.Get(kLinkPrefix + username);
|
|
|
|
|
|
|
|
if (link) {
|
|
|
|
auto role = GetRole(*link);
|
|
|
|
if (role) {
|
|
|
|
user.SetRole(*role);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return user;
|
|
|
|
}
|
|
|
|
|
2018-08-14 17:34:00 +08:00
|
|
|
void Auth::SaveUser(const User &user) {
|
|
|
|
bool success = false;
|
2018-07-27 16:54:20 +08:00
|
|
|
if (user.role()) {
|
2018-08-14 17:34:00 +08:00
|
|
|
success = storage_.PutMultiple(
|
|
|
|
{{kUserPrefix + user.username(), user.Serialize().dump()},
|
|
|
|
{kLinkPrefix + user.username(), user.role()->rolename()}});
|
2018-07-27 16:54:20 +08:00
|
|
|
} else {
|
2018-08-14 17:34:00 +08:00
|
|
|
success = storage_.PutAndDeleteMultiple(
|
|
|
|
{{kUserPrefix + user.username(), user.Serialize().dump()}},
|
|
|
|
{kLinkPrefix + user.username()});
|
|
|
|
}
|
|
|
|
if (!success) {
|
|
|
|
throw AuthException("Couldn't save user '{}'!", user.username());
|
2018-07-27 16:54:20 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-08-14 17:34:00 +08:00
|
|
|
std::experimental::optional<User> Auth::AddUser(
|
|
|
|
const std::string &username,
|
|
|
|
const std::experimental::optional<std::string> &password) {
|
2018-07-27 16:54:20 +08:00
|
|
|
auto existing_user = GetUser(username);
|
|
|
|
if (existing_user) return std::experimental::nullopt;
|
2018-08-14 17:34:00 +08:00
|
|
|
auto existing_role = GetRole(username);
|
|
|
|
if (existing_role) return std::experimental::nullopt;
|
2018-07-27 16:54:20 +08:00
|
|
|
auto new_user = User(username);
|
2018-08-14 17:34:00 +08:00
|
|
|
new_user.UpdatePassword(password);
|
|
|
|
SaveUser(new_user);
|
2018-07-27 16:54:20 +08:00
|
|
|
return new_user;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool Auth::RemoveUser(const std::string &username) {
|
|
|
|
if (!storage_.Get(kUserPrefix + username)) return false;
|
2018-08-14 17:34:00 +08:00
|
|
|
std::vector<std::string> keys(
|
|
|
|
{kLinkPrefix + username, kUserPrefix + username});
|
|
|
|
if (!storage_.DeleteMultiple(keys)) {
|
|
|
|
throw AuthException("Couldn't remove user '{}'!", username);
|
|
|
|
}
|
|
|
|
return true;
|
2018-07-27 16:54:20 +08:00
|
|
|
}
|
|
|
|
|
2018-08-14 17:34:00 +08:00
|
|
|
std::vector<auth::User> Auth::AllUsers() {
|
|
|
|
std::vector<auth::User> ret;
|
|
|
|
for (auto it = storage_.begin(kUserPrefix); it != storage_.end(kUserPrefix);
|
|
|
|
++it) {
|
|
|
|
auto user = GetUser(it->first.substr(kUserPrefix.size()));
|
|
|
|
if (user) {
|
|
|
|
ret.push_back(*user);
|
2018-07-27 16:54:20 +08:00
|
|
|
}
|
|
|
|
}
|
2018-08-14 17:34:00 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool Auth::HasUsers() {
|
|
|
|
return storage_.begin(kUserPrefix) != storage_.end(kUserPrefix);
|
2018-07-27 16:54:20 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
std::experimental::optional<Role> Auth::GetRole(const std::string &rolename) {
|
|
|
|
auto existing_role = storage_.Get(kRolePrefix + rolename);
|
|
|
|
if (!existing_role) return std::experimental::nullopt;
|
|
|
|
|
|
|
|
nlohmann::json data;
|
|
|
|
try {
|
|
|
|
data = nlohmann::json::parse(*existing_role);
|
|
|
|
} catch (const nlohmann::json::parse_error &e) {
|
2018-08-14 17:34:00 +08:00
|
|
|
throw AuthException("Couldn't load role data!");
|
2018-07-27 16:54:20 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return Role::Deserialize(data);
|
|
|
|
}
|
|
|
|
|
2018-08-14 17:34:00 +08:00
|
|
|
void Auth::SaveRole(const Role &role) {
|
|
|
|
if (!storage_.Put(kRolePrefix + role.rolename(), role.Serialize().dump())) {
|
|
|
|
throw AuthException("Couldn't save role '{}'!", role.rolename());
|
|
|
|
}
|
2018-07-27 16:54:20 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
std::experimental::optional<Role> Auth::AddRole(const std::string &rolename) {
|
|
|
|
auto existing_role = GetRole(rolename);
|
|
|
|
if (existing_role) return std::experimental::nullopt;
|
2018-08-14 17:34:00 +08:00
|
|
|
auto existing_user = GetUser(rolename);
|
|
|
|
if (existing_user) return std::experimental::nullopt;
|
2018-07-27 16:54:20 +08:00
|
|
|
auto new_role = Role(rolename);
|
2018-08-14 17:34:00 +08:00
|
|
|
SaveRole(new_role);
|
2018-07-27 16:54:20 +08:00
|
|
|
return new_role;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool Auth::RemoveRole(const std::string &rolename) {
|
|
|
|
if (!storage_.Get(kRolePrefix + rolename)) return false;
|
2018-08-14 17:34:00 +08:00
|
|
|
std::vector<std::string> keys;
|
|
|
|
for (auto it = storage_.begin(kLinkPrefix); it != storage_.end(kLinkPrefix);
|
|
|
|
++it) {
|
|
|
|
if (it->second == rolename) {
|
|
|
|
keys.push_back(it->first);
|
2018-07-27 16:54:20 +08:00
|
|
|
}
|
|
|
|
}
|
2018-08-14 17:34:00 +08:00
|
|
|
keys.push_back(kRolePrefix + rolename);
|
|
|
|
if (!storage_.DeleteMultiple(keys)) {
|
|
|
|
throw AuthException("Couldn't remove role '{}'!", rolename);
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::vector<auth::Role> Auth::AllRoles() {
|
|
|
|
std::vector<auth::Role> ret;
|
|
|
|
for (auto it = storage_.begin(kRolePrefix); it != storage_.end(kRolePrefix);
|
|
|
|
++it) {
|
|
|
|
auto rolename = it->first.substr(kRolePrefix.size());
|
|
|
|
auto role = GetRole(rolename);
|
|
|
|
if (role) {
|
|
|
|
ret.push_back(*role);
|
|
|
|
} else {
|
|
|
|
throw AuthException("Couldn't load role '{}'!", rolename);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::vector<auth::User> Auth::AllUsersForRole(const std::string &rolename) {
|
|
|
|
std::vector<auth::User> ret;
|
|
|
|
for (auto it = storage_.begin(kLinkPrefix); it != storage_.end(kLinkPrefix);
|
|
|
|
++it) {
|
|
|
|
auto username = it->first.substr(kLinkPrefix.size());
|
|
|
|
if (it->second == rolename) {
|
|
|
|
auto user = GetUser(username);
|
|
|
|
if (user) {
|
|
|
|
ret.push_back(*user);
|
|
|
|
} else {
|
|
|
|
throw AuthException("Couldn't load user '{}'!", username);
|
|
|
|
}
|
|
|
|
}
|
2018-07-27 16:54:20 +08:00
|
|
|
}
|
2018-08-14 17:34:00 +08:00
|
|
|
return ret;
|
2018-07-27 16:54:20 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
std::mutex &Auth::WithLock() { return lock_; }
|
|
|
|
|
|
|
|
} // namespace auth
|