junobuild-satellite 0.6.0

Core implementation of a Juno Satellite.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

use crate::errors::user::{
    JUNO_DATASTORE_ERROR_USER_CALLER_KEY, JUNO_DATASTORE_ERROR_USER_CANNOT_UPDATE,
    JUNO_DATASTORE_ERROR_USER_INVALID_DATA, JUNO_DATASTORE_ERROR_USER_KEY_NO_PRINCIPAL,
    JUNO_DATASTORE_ERROR_USER_NOT_ALLOWED,
};
use crate::user::core::types::state::{BannedReason, UserData};
use crate::{get_doc_store, Doc, SetDoc};
use candid::Principal;
use junobuild_collections::constants::db::COLLECTION_USER_KEY;
use junobuild_collections::types::core::CollectionKey;
use junobuild_shared::ic::api::id;
use junobuild_shared::segments::access_keys::is_write_access_key;
use junobuild_shared::types::core::Key;
use junobuild_shared::types::state::AccessKeys;
use junobuild_shared::utils::principal_not_equal;
use junobuild_utils::decode_doc_data;

pub fn is_known_user(caller: Principal) -> bool {
    let user_key = caller.to_text();

    let user = get_doc_store(id(), COLLECTION_USER_KEY.to_string(), user_key).unwrap_or(None);

    user.is_some()
}

pub fn assert_user_collection_caller_key(
    caller: Principal,
    collection: &CollectionKey,
    key: &Key,
    current_doc: &Option<Doc>,
) -> Result<(), String> {
    if collection != COLLECTION_USER_KEY {
        return Ok(());
    }

    let owner = Principal::from_text(key.trim())
        .map_err(|_| JUNO_DATASTORE_ERROR_USER_KEY_NO_PRINCIPAL.to_string())?;

    // Once set the owner cannot be modified and another assertion prevent user update unless the caller is an admin controller
    if current_doc.is_none() && principal_not_equal(owner, caller) {
        return Err(JUNO_DATASTORE_ERROR_USER_CALLER_KEY.to_string());
    }

    Ok(())
}

pub fn assert_user_collection_data(collection: &CollectionKey, doc: &SetDoc) -> Result<(), String> {
    let user_collection = COLLECTION_USER_KEY;

    if collection != user_collection {
        return Ok(());
    }

    let user_data = decode_doc_data::<UserData>(&doc.data)
        .map_err(|err| format!("{JUNO_DATASTORE_ERROR_USER_INVALID_DATA}: {err}"))?;

    user_data.assert_provider_data()
}

pub fn assert_user_collection_write_permission(
    caller: Principal,
    controllers: &AccessKeys,
    collection: &CollectionKey,
    current_doc: &Option<Doc>,
) -> Result<(), String> {
    let user_collection = COLLECTION_USER_KEY;

    if collection != user_collection {
        return Ok(());
    }

    if is_write_access_key(caller, controllers) {
        return Ok(());
    }

    // It's a new document
    if current_doc.is_none() {
        return Ok(());
    }

    // The user already exist but the caller is not a controller
    Err(JUNO_DATASTORE_ERROR_USER_CANNOT_UPDATE.to_string())
}

pub fn assert_user_is_not_banned(
    caller: Principal,
    controllers: &AccessKeys,
) -> Result<(), String> {
    // This way we spare loading the user for controllers calls and, we for example allow controllers to delete banned users
    if is_write_access_key(caller, controllers) {
        return Ok(());
    }

    let user_key = caller.to_text();

    let user = get_doc_store(id(), COLLECTION_USER_KEY.to_string(), user_key)?;

    if let Some(user) = user {
        let user_data = decode_doc_data::<UserData>(&user.data)?;

        if let Some(BannedReason::Indefinite) = user_data.banned {
            return Err(JUNO_DATASTORE_ERROR_USER_NOT_ALLOWED.to_string());
        }
    }

    Ok(())
}