allowthem-core 0.0.1

Core types, database, and auth logic for allowthem
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};

use crate::db::Db;
use crate::error::AuthError;
use crate::types::{AuditEntryId, UserId};

/// Every type of authentication event that can be recorded.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, sqlx::Type)]
#[sqlx(rename_all = "snake_case")]
pub enum AuditEvent {
    Login,
    LoginFailed,
    Logout,
    Register,
    PasswordChange,
    PasswordReset,
    RoleAssigned,
    RoleUnassigned,
    PermissionAssigned,
    PermissionUnassigned,
    SessionCreated,
    SessionExpired,
    UserUpdated,
    UserDeleted,
}

/// A single record in the audit log.
#[derive(Debug, Clone, Serialize, sqlx::FromRow)]
pub struct AuditEntry {
    pub id: AuditEntryId,
    pub event_type: AuditEvent,
    pub user_id: Option<UserId>,
    pub target_id: Option<String>,
    pub ip_address: Option<String>,
    pub user_agent: Option<String>,
    pub detail: Option<String>,
    pub created_at: DateTime<Utc>,
}

impl Db {
    /// Record an audit event.
    ///
    /// `user_id` may be `None` for events where no authenticated user is
    /// involved (e.g. a failed login attempt against an unknown email).
    pub async fn log_audit(
        &self,
        event_type: AuditEvent,
        user_id: Option<&UserId>,
        target_id: Option<&str>,
        ip_address: Option<&str>,
        user_agent: Option<&str>,
        detail: Option<&str>,
    ) -> Result<(), AuthError> {
        let id = AuditEntryId::new();
        sqlx::query(
            "INSERT INTO allowthem_audit_log
             (id, event_type, user_id, target_id, ip_address, user_agent, detail)
             VALUES (?, ?, ?, ?, ?, ?, ?)",
        )
        .bind(id)
        .bind(event_type)
        .bind(user_id.copied())
        .bind(target_id)
        .bind(ip_address)
        .bind(user_agent)
        .bind(detail)
        .execute(self.pool())
        .await
        .map_err(AuthError::Database)?;
        Ok(())
    }

    /// Retrieve audit log entries, optionally filtered by user.
    ///
    /// Results are ordered by `created_at` descending (newest first).
    pub async fn get_audit_log(
        &self,
        user_id: Option<&UserId>,
        limit: u32,
        offset: u32,
    ) -> Result<Vec<AuditEntry>, AuthError> {
        match user_id {
            Some(uid) => {
                sqlx::query_as::<_, AuditEntry>(
                    "SELECT id, event_type, user_id, target_id, ip_address, user_agent, detail, created_at
                     FROM allowthem_audit_log
                     WHERE user_id = ?
                     ORDER BY created_at DESC
                     LIMIT ? OFFSET ?",
                )
                .bind(*uid)
                .bind(limit)
                .bind(offset)
                .fetch_all(self.pool())
                .await
                .map_err(AuthError::Database)
            }
            None => {
                sqlx::query_as::<_, AuditEntry>(
                    "SELECT id, event_type, user_id, target_id, ip_address, user_agent, detail, created_at
                     FROM allowthem_audit_log
                     ORDER BY created_at DESC
                     LIMIT ? OFFSET ?",
                )
                .bind(limit)
                .bind(offset)
                .fetch_all(self.pool())
                .await
                .map_err(AuthError::Database)
            }
        }
    }

    /// Retrieve audit log entries filtered by event type.
    ///
    /// Results are ordered by `created_at` descending (newest first).
    pub async fn get_audit_log_by_event(
        &self,
        event_type: AuditEvent,
        limit: u32,
        offset: u32,
    ) -> Result<Vec<AuditEntry>, AuthError> {
        sqlx::query_as::<_, AuditEntry>(
            "SELECT id, event_type, user_id, target_id, ip_address, user_agent, detail, created_at
             FROM allowthem_audit_log
             WHERE event_type = ?
             ORDER BY created_at DESC
             LIMIT ? OFFSET ?",
        )
        .bind(event_type)
        .bind(limit)
        .bind(offset)
        .fetch_all(self.pool())
        .await
        .map_err(AuthError::Database)
    }
}