tokidator 0.8.1

Token based authentication framework
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

use std::collections::BTreeSet;
use std::fmt::{self, Debug};
use std::iter::FromIterator;

use bitvec::prelude::*;
use num_traits::FromPrimitive;
use tracing::trace;

use crate::rbac::Permission;

#[derive(Clone)]
pub struct PermissionSet<T>(BTreeSet<T>);

impl<T: Debug> Debug for PermissionSet<T> {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        Debug::fmt(&self.0, f)
    }
}

impl<P: Permission> Default for PermissionSet<P> {
    fn default() -> Self {
        Self::new()
    }
}

impl<P: Permission> PermissionSet<P> {
    pub fn new() -> Self {
        Self(BTreeSet::new())
    }

    pub fn to_bytes(&self) -> Vec<u8> {
        const TO_USIZE_ERROR: &str = "Unable to convert Permission to usize";
        let mut bits = BitVec::<u8, Msb0>::new();
        if let Some(max_permission_id) = self
            .0
            .iter()
            .max()
            .map(|p| p.to_usize().expect(TO_USIZE_ERROR))
        {
            // Reserve space for every possible permission.
            let len = max_permission_id + 1;
            trace!(
                "Max permission id: {}, new length: {}",
                max_permission_id,
                len
            );
            bits.resize(len, false);

            for p in self.0.iter() {
                let index = p.to_usize().expect(TO_USIZE_ERROR);
                bits.set(index, true);
            }
        }
        // We explicitly initialize all bits of vector in order to get correct zero filled bytes.
        bits.set_uninitialized(false);
        bits.into_vec()
    }

    /// Parse set of permissions from encoded bytes
    ///
    /// In case of identity server is separated from web server.
    /// Identity server may use a newer version of permission library which likely to add newer permissions.
    /// If that permissions are used on outdated web server, this function will return error result
    /// with known permissions.
    pub fn parse_from_bytes(bytes: &[u8]) -> Result<Self, Self> {
        bytes
            .view_bits::<Msb0>()
            .into_iter()
            .enumerate()
            .filter_map(|(index, bit)| bit.then(|| index))
            .try_fold(Self::new(), |mut acc, index| {
                if let Some(permission) = <P as FromPrimitive>::from_usize(index) {
                    acc.0.insert(permission);
                    Ok(acc)
                } else {
                    Err(acc)
                }
            })
    }

    pub fn iter(&self) -> Iter<'_, P> {
        Iter {
            iter: self.0.iter(),
        }
    }

    pub fn from_slice(src: &[P]) -> Self {
        src.iter().copied().collect()
    }

    pub(crate) fn inner(&self) -> &BTreeSet<P> {
        &self.0
    }
}

impl<T: Ord> FromIterator<T> for PermissionSet<T> {
    fn from_iter<I: IntoIterator<Item = T>>(iter: I) -> Self {
        Self(BTreeSet::from_iter(iter))
    }
}

impl<T: Ord> From<Vec<T>> for PermissionSet<T> {
    fn from(vec: Vec<T>) -> Self {
        Self::from_iter(vec)
    }
}

impl<T: Ord, const N: usize> From<[T; N]> for PermissionSet<T> {
    fn from(vec: [T; N]) -> Self {
        Self::from_iter(vec)
    }
}

impl<A: Ord> Extend<A> for PermissionSet<A> {
    fn extend<T: IntoIterator<Item = A>>(&mut self, iter: T) {
        self.0.extend(iter)
    }
}

pub struct Iter<'a, T> {
    iter: std::collections::btree_set::Iter<'a, T>,
}

impl<'a, T: 'a> Iterator for Iter<'a, T> {
    type Item = &'a T;

    fn next(&mut self) -> Option<Self::Item> {
        self.iter.next()
    }
}

#[cfg(test)]
mod tests {
    use crate::rbac::test_helpers::TestPermission;

    use super::*;

    #[test]
    fn serialization() {
        let ps = PermissionSet::from(vec![
            TestPermission::Permission2,
            TestPermission::Permission1,
        ]);
        let b1 = ps.to_bytes();
        let b2 = PermissionSet::<TestPermission>::parse_from_bytes(&b1)
            .unwrap()
            .to_bytes();
        assert_eq!(b1, b2);
    }
}