vial-srv 0.2.0

Framework-agnostic server logic for Vial
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

use diesel::{ConnectionError, ConnectionResult};
use diesel_async::pooled_connection::bb8::Pool;
use diesel_async::pooled_connection::{AsyncDieselConnectionManager, ManagerConfig};
use diesel_async::{AsyncMigrationHarness, AsyncPgConnection};
use diesel_migrations::{EmbeddedMigrations, MigrationHarness as _, embed_migrations};
use futures_util::FutureExt;
use futures_util::future::BoxFuture;
use rustls::pki_types::CertificateDer;
use rustls::pki_types::pem::PemObject;
use rustls::{ClientConfig, RootCertStore};
use std::env::var;
use std::fs::read;
use tokio::time::Duration;
use vial_shared::{CreateSecretRequest, EncryptedPayload};

use crate::db::models::Secret;
use crate::errors::ServerError;

#[derive(Clone)]
pub struct Handler {
    conn: Pool<AsyncPgConnection>,
}

pub const MIGRATIONS: EmbeddedMigrations = embed_migrations!("src/migrations");

pub async fn get_connection(url: &str) -> Handler {
    rustls::crypto::ring::default_provider()
        .install_default()
        .expect("Failed to install rustls crypto provider");

    let mut config = ManagerConfig::default();
    config.custom_setup = Box::new(establish_connection);
    let mgr = AsyncDieselConnectionManager::<AsyncPgConnection>::new_with_config(url, config);

    let conn = Pool::builder()
        .max_size(10)
        .min_idle(Some(5))
        .max_lifetime(Some(Duration::from_secs(60 * 60 * 24)))
        .idle_timeout(Some(Duration::from_secs(60 * 2)))
        .build(mgr)
        .await
        .unwrap_or_else(|e| panic!("Failed to create DB connection. Error: {e}"));

    {
        let async_connection = establish_connection(url)
            .await
            .expect("Failed to establish_connection to DB");
        let mut harness = AsyncMigrationHarness::new(async_connection);
        harness
            .run_pending_migrations(MIGRATIONS)
            .expect("Failed to run migrations");
        let _async_connection = harness.into_inner();
    }

    let handler = Handler { conn };

    let handler_clone = handler.clone();

    tokio::spawn(async move {
        handler_clone.initiate_expired_cleanup().await;
    });

    handler
}

fn establish_connection(config: &str) -> BoxFuture<'_, ConnectionResult<AsyncPgConnection>> {
    let fut = async {
        let mut root_store = RootCertStore::empty();

        // Specifically for working with self signed certs.
        if let Ok(cert_location) = var("CERT_LOCATION") {
            let file_bytes = read(&cert_location)
                .unwrap_or_else(|e| panic!("Failed to read {cert_location}. Error: {e}"));
            let cert = CertificateDer::from_pem_slice(&file_bytes)
                .unwrap_or_else(|e| panic!("Failed to create cert. Error: {e}"));

            root_store.add(cert).unwrap();
        }

        let rustls_config = ClientConfig::builder()
            .with_root_certificates(root_store)
            .with_no_client_auth();

        let tls = tokio_postgres_rustls::MakeRustlsConnect::new(rustls_config);
        let (client, conn) = tokio_postgres::connect(config, tls)
            .await
            .map_err(|e| ConnectionError::BadConnection(e.to_string()))?;

        AsyncPgConnection::try_from_client_and_connection(client, conn).await
    };
    fut.boxed()
}

impl Handler {
    pub async fn get_secret(&self, id: &str) -> Result<Option<EncryptedPayload>, ServerError> {
        let mut conn = self
            .conn
            .get()
            .await
            .map_err(|e| ServerError::DatabaseError(e.to_string()))?;

        Secret::get_secret(id, &mut conn)
            .await
            .map_err(|e| ServerError::DatabaseError(e.to_string()))
            .map(|opt| opt.map(Secret::get_payload))
    }

    pub async fn clear_expired(&self) -> Result<(), ServerError> {
        let mut conn = self
            .conn
            .get()
            .await
            .map_err(|e| ServerError::DatabaseError(e.to_string()))?;

        Secret::clear_expired(&mut conn)
            .await
            .map_err(|e| ServerError::DatabaseError(e.to_string()))?;

        Ok(())
    }

    pub async fn clear_expired_days(&self, days: i32) -> Result<(), ServerError> {
        let mut conn = self
            .conn
            .get()
            .await
            .map_err(|e| ServerError::DatabaseError(e.to_string()))?;

        Secret::clear_expired_days(days, &mut conn)
            .await
            .map_err(|e| ServerError::DatabaseError(e.to_string()))?;

        Ok(())
    }

    pub async fn new_secret(&self, new_secret: CreateSecretRequest) -> Result<String, ServerError> {
        let mut conn = self
            .conn
            .get()
            .await
            .map_err(|e| ServerError::DatabaseError(e.to_string()))?;

        let secret = Secret::new(
            new_secret.ciphertext,
            new_secret.expires_at,
            new_secret.max_views,
        )?;

        let secret_id = secret.get_id();

        secret
            .insert(&mut conn)
            .await
            .map_err(|e| ServerError::DatabaseError(e.to_string()))?;

        Ok(secret_id)
    }

    pub async fn initiate_days_cleanup(&self, days: i32) {
        let self_clone = self.clone();
        tokio::spawn(async move {
            loop {
                tokio::time::sleep(Duration::from_secs(60)).await;

                if let Err(e) = self_clone.clear_expired_days(days).await {
                    println!("Failed to clear expired secrets. Error: {e}");
                }
            }
        });
    }

    async fn initiate_expired_cleanup(&self) {
        loop {
            tokio::time::sleep(Duration::from_secs(60)).await;
            if let Err(e) = self.clear_expired().await {
                println!("Failed to clear expired secrets. Error: {e}");
            }
        }
    }
}