arium 0.1.4

Framework-agnostic authentication engine (passwords, sessions, OAuth, MFA, RBAC, API tokens, audit) for axum + sqlx apps.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325

//! Audit log: record, query, prune.
//!
//! We deliberately do NOT pin down the exact JSON shape of `details` —
//! that's the part most likely to evolve harmlessly, and locking it would
//! turn every refactor into a test rewrite. Instead we lock down:
//!
//! - One row written per `record` / `record_or_log` call.
//! - `query` filters by event_type (exact + `prefix.` form), actor, target,
//!   and time range.
//! - `query` sorts newest-first and respects limit.
//! - `prune` deletes rows older than the cutoff and only those rows.
//! - Failures inside `record_or_log` are swallowed (don't poison the caller).

mod common;

use arium::auth::audit;
use arium::wire::AuditQuery;

fn input<'a>(
    event_type: &'a str,
    actor: Option<i64>,
    target: Option<i64>,
) -> audit::RecordInput<'a> {
    audit::RecordInput {
        event_type,
        actor_id: actor,
        target_id: target,
        ip: None,
        user_agent: None,
        details: None,
    }
}

fn empty_query() -> AuditQuery {
    AuditQuery {
        event_type: String::new(),
        actor_id: None,
        target_id: None,
        since: None,
        until: None,
        limit: 50,
        offset: 0,
    }
}

#[tokio::test]
async fn record_inserts_exactly_one_row() {
    let pool = common::pool().await;
    audit::record(&pool, input(audit::USER_LOGIN_SUCCESS, Some(1), Some(1)))
        .await
        .unwrap();
    let count: i64 = sqlx::query_scalar("SELECT COUNT(*) FROM audit_events")
        .fetch_one(&pool)
        .await
        .unwrap();
    assert_eq!(count, 1);
}

#[tokio::test]
async fn query_exact_event_type_match() {
    let pool = common::pool().await;
    // FK constraints on `audit_events` require any non-NULL actor/target
    // to point at a real user row, so use the seeded Guest (id=1) where we
    // need one and `None` otherwise.
    audit::record(&pool, input(audit::USER_LOGIN_SUCCESS, None, None))
        .await
        .unwrap();
    audit::record(&pool, input(audit::USER_LOGOUT, None, None))
        .await
        .unwrap();
    audit::record(&pool, input(audit::USER_SIGNUP, None, None))
        .await
        .unwrap();

    let q = AuditQuery {
        event_type: audit::USER_LOGIN_SUCCESS.to_string(),
        ..empty_query()
    };
    let rows = audit::query(&pool, &q).await.unwrap();
    assert_eq!(rows.len(), 1);
    assert_eq!(rows[0].event_type, audit::USER_LOGIN_SUCCESS);
}

#[tokio::test]
async fn query_prefix_match() {
    let pool = common::pool().await;
    audit::record(&pool, input(audit::USER_LOGIN_SUCCESS, None, None))
        .await
        .unwrap();
    audit::record(&pool, input(audit::USER_LOGIN_FAILED, None, None))
        .await
        .unwrap();
    audit::record(&pool, input(audit::USER_LOGOUT, None, None))
        .await
        .unwrap();

    // Trailing dot turns it into LIKE 'user.login.%' — both successes and
    // failures match, logout does not.
    let q = AuditQuery {
        event_type: "user.login.".to_string(),
        ..empty_query()
    };
    let rows = audit::query(&pool, &q).await.unwrap();
    let types: Vec<&str> = rows.iter().map(|r| r.event_type.as_str()).collect();
    assert!(types.contains(&audit::USER_LOGIN_SUCCESS), "{types:?}");
    assert!(types.contains(&audit::USER_LOGIN_FAILED), "{types:?}");
    assert!(!types.contains(&audit::USER_LOGOUT), "{types:?}");
}

#[tokio::test]
async fn query_filters_by_actor_id() {
    let pool = common::pool().await;
    let alice = common::make_user(&pool, "alice@example.com", "hunter22!").await;
    let bob = common::make_user(&pool, "bob@example.com", "hunter22!").await;

    audit::record(&pool, input("evt.x", Some(alice), None))
        .await
        .unwrap();
    audit::record(&pool, input("evt.x", Some(bob), None))
        .await
        .unwrap();

    let q = AuditQuery {
        actor_id: Some(alice),
        ..empty_query()
    };
    let rows = audit::query(&pool, &q).await.unwrap();
    assert_eq!(rows.len(), 1);
    assert_eq!(rows[0].actor_id, Some(alice));
}

#[tokio::test]
async fn query_filters_by_target_id() {
    let pool = common::pool().await;
    let alice = common::make_user(&pool, "alice@example.com", "hunter22!").await;
    let bob = common::make_user(&pool, "bob@example.com", "hunter22!").await;

    audit::record(&pool, input("evt.x", Some(alice), Some(alice)))
        .await
        .unwrap();
    audit::record(&pool, input("evt.x", Some(alice), Some(bob)))
        .await
        .unwrap();

    let q = AuditQuery {
        target_id: Some(bob),
        ..empty_query()
    };
    let rows = audit::query(&pool, &q).await.unwrap();
    assert_eq!(rows.len(), 1);
    assert_eq!(rows[0].target_id, Some(bob));
}

#[tokio::test]
async fn query_filters_by_time_range() {
    let pool = common::pool().await;

    // Build rows at three different occurred_at stamps by writing the table
    // directly — `audit::record` always uses `now`, which we don't want here.
    let t0 = common::now_secs() - 100;
    let t1 = common::now_secs() - 50;
    let t2 = common::now_secs() - 10;
    for (i, ts) in [t0, t1, t2].iter().enumerate() {
        sqlx::query("INSERT INTO audit_events (occurred_at, event_type) VALUES ($1, $2)")
            .bind(ts)
            .bind(format!("evt.{i}"))
            .execute(&pool)
            .await
            .unwrap();
    }

    let q = AuditQuery {
        since: Some(t1),
        until: Some(t2),
        ..empty_query()
    };
    let rows = audit::query(&pool, &q).await.unwrap();
    // inclusive both ends → t1 and t2 match, t0 doesn't.
    assert_eq!(rows.len(), 2);
    assert!(
        rows.iter()
            .all(|r| r.occurred_at >= t1 && r.occurred_at <= t2)
    );
}

#[tokio::test]
async fn query_sorts_newest_first() {
    let pool = common::pool().await;
    let base = common::now_secs();
    for (offset, label) in [(0, "a"), (-10, "b"), (-5, "c")] {
        sqlx::query("INSERT INTO audit_events (occurred_at, event_type) VALUES ($1, $2)")
            .bind(base + offset)
            .bind(label)
            .execute(&pool)
            .await
            .unwrap();
    }
    let rows = audit::query(&pool, &empty_query()).await.unwrap();
    let types: Vec<_> = rows.iter().map(|r| r.event_type.as_str()).collect();
    assert_eq!(types, vec!["a", "c", "b"]);
}

#[tokio::test]
async fn query_clamps_limit_into_valid_range() {
    let pool = common::pool().await;
    for i in 0..5 {
        audit::record(&pool, input(&format!("evt.{i}"), None, None))
            .await
            .unwrap();
    }
    let q = AuditQuery {
        limit: 0, // clamped up to 1
        ..empty_query()
    };
    let rows = audit::query(&pool, &q).await.unwrap();
    assert_eq!(rows.len(), 1);
}

#[tokio::test]
async fn query_joins_actor_and_target_email_when_users_exist() {
    let pool = common::pool().await;
    let alice = common::make_user(&pool, "alice@example.com", "hunter22!").await;
    let bob = common::make_user(&pool, "bob@example.com", "hunter22!").await;

    audit::record(
        &pool,
        input(audit::ADMIN_USER_DELETED, Some(alice), Some(bob)),
    )
    .await
    .unwrap();

    let rows = audit::query(&pool, &empty_query()).await.unwrap();
    let row = rows
        .iter()
        .find(|r| r.event_type == audit::ADMIN_USER_DELETED)
        .unwrap();
    assert_eq!(row.actor_email.as_deref(), Some("alice@example.com"));
    assert_eq!(row.target_email.as_deref(), Some("bob@example.com"));
}

#[tokio::test]
async fn prune_zero_days_is_noop() {
    let pool = common::pool().await;
    audit::record(&pool, input("evt", None, None))
        .await
        .unwrap();
    let n = audit::prune(&pool, 0).await.unwrap();
    assert_eq!(n, 0);

    let total: i64 = sqlx::query_scalar("SELECT COUNT(*) FROM audit_events")
        .fetch_one(&pool)
        .await
        .unwrap();
    assert_eq!(total, 1);
}

#[tokio::test]
async fn prune_deletes_only_rows_older_than_cutoff() {
    let pool = common::pool().await;
    let day = 86_400_i64;
    let now = common::now_secs();

    // 31 days old → pruned at 30-day retention.
    // 29 days old → kept.
    sqlx::query("INSERT INTO audit_events (occurred_at, event_type) VALUES ($1, 'old')")
        .bind(now - 31 * day)
        .execute(&pool)
        .await
        .unwrap();
    sqlx::query("INSERT INTO audit_events (occurred_at, event_type) VALUES ($1, 'young')")
        .bind(now - 29 * day)
        .execute(&pool)
        .await
        .unwrap();

    let deleted = audit::prune(&pool, 30).await.unwrap();
    assert_eq!(deleted, 1);

    let types: Vec<(String,)> =
        sqlx::query_as("SELECT event_type FROM audit_events ORDER BY event_type")
            .fetch_all(&pool)
            .await
            .unwrap();
    let types: Vec<String> = types.into_iter().map(|(t,)| t).collect();
    assert_eq!(types, vec!["young".to_string()]);
}

#[tokio::test]
async fn record_or_log_swallows_errors() {
    // Drop the table — subsequent `record_or_log` must NOT panic / propagate.
    let pool = common::pool().await;
    sqlx::query("DROP TABLE audit_events")
        .execute(&pool)
        .await
        .unwrap();
    // No panic, no return value — just needs to complete.
    audit::record_or_log(&pool, input("evt", None, None)).await;
}

#[tokio::test]
async fn record_propagates_errors_to_caller() {
    let pool = common::pool().await;
    sqlx::query("DROP TABLE audit_events")
        .execute(&pool)
        .await
        .unwrap();
    let err = audit::record(&pool, input("evt", None, None))
        .await
        .unwrap_err();
    // We don't care about the exact wording — only that it surfaced.
    let _ = err.to_string();
}

#[tokio::test]
async fn occurred_at_iso_is_a_human_readable_utc_string() {
    let pool = common::pool().await;
    audit::record(&pool, input("evt", None, None))
        .await
        .unwrap();
    let rows = audit::query(&pool, &empty_query()).await.unwrap();
    let iso = &rows[0].occurred_at_iso;
    assert!(iso.ends_with(" UTC"), "expected '<ts> UTC', got {iso:?}",);
    // Loose shape check: '2026-…' so a future timezone fix won't break this.
    assert!(iso.len() >= "2026-01-01 00:00:00 UTC".len(), "{iso:?}");
}