chamber-core 0.2.0

The core for Chamber, the self-hostable SecretOps service.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

use crate::errors::DatabaseError;
use crate::secrets::{EncryptedSecret, Secret, SecretInfo};
use chrono::{DateTime, Utc};
use std::sync::Arc;
use tokio::sync::Mutex;

use serde::{Deserialize, Serialize};

use crate::users::User;

#[derive(Debug, Serialize, Deserialize)]
pub struct AuthBody {
    pub access_token: String,
    pub token_type: String,
}

impl AuthBody {
    pub fn new(access_token: String) -> Self {
        Self {
            access_token,
            token_type: "Bearer".to_string(),
        }
    }
}

#[derive(Deserialize)]
pub struct CreateSecretParams {
    pub key: String,
    pub value: String,
    pub tags: Option<Vec<String>>,
    pub access_level: Option<i32>,
    pub role_whitelist: Option<Vec<String>>,
}

#[async_trait::async_trait]
pub trait Database {
    async fn view_all_secrets_admin(
        &self,
    ) -> Result<Vec<EncryptedSecret>, DatabaseError>;
    async fn view_all_secrets(
        &self,
        user: User,
        tag: Option<String>,
    ) -> Result<Vec<SecretInfo>, DatabaseError>;
    async fn view_secret_decrypted(&self, user: User, key: String)
        -> Result<Secret, DatabaseError>;
    async fn view_secret(&self, user: User, key: String) -> Result<EncryptedSecret, DatabaseError>;
    async fn create_secret(&self, secret: EncryptedSecret) -> Result<(), DatabaseError>;
    async fn update_secret(
        &self,
        key: String,
        secret: EncryptedSecret,
    ) -> Result<(), DatabaseError>;
    async fn rekey_all_secrets(&self, secrets: Vec<EncryptedSecret>) -> Result<(), DatabaseError>;
    async fn delete_secret(&self, key: String) -> Result<(), DatabaseError>;
    async fn view_users(&self) -> Result<Vec<User>, DatabaseError>;
    async fn get_user_from_name(&self, id: String) -> Result<User, DatabaseError>;
    async fn get_user_from_password(&self, password: String) -> Result<User, DatabaseError>;
    async fn create_user(&self, user: User) -> Result<String, DatabaseError>;
    async fn update_user(&self, user: User) -> Result<(), DatabaseError>;
    async fn delete_user(&self, name: String) -> Result<(), DatabaseError>;
}

#[derive(Clone)]
pub struct LockedStatus {
    pub is_sealed: Arc<Mutex<bool>>,
    pub relock_datetime: Option<DateTime<Utc>>,
}

impl Default for LockedStatus {
    fn default() -> Self {
        Self::new()
    }
}

impl LockedStatus {
    fn new() -> Self {
        Self {
            is_sealed: Arc::new(Mutex::new(true)),
            relock_datetime: None,
        }
    }
    pub async fn unlock(&self) -> Result<bool, DatabaseError> {
        let mut state = self.is_sealed.lock().await;

        *state = false;

        Ok(true)
    }

    pub async fn is_locked(&self) -> bool {
        let state = self.is_sealed.lock().await;

        *state
    }
}