1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100

use std::fmt::{Display, Formatter};
use std::str::FromStr;

use rusqlite::types::{FromSql, FromSqlResult, ToSqlOutput, ValueRef};
use rusqlite::ToSql;

use crate::FirewallError;

/// Action dictated by a firewall rule.
///
/// Each firewall rule is associated to a given action.
#[derive(Default, Copy, Clone, Eq, PartialEq, Debug)]
pub enum FirewallAction {
    /// Allows traffic that matches the rule to pass.
    #[default]
    ACCEPT,
    /// Silently blocks traffic that matches the rule.
    DENY,
    /// Blocks traffic that matches the rule.
    ///
    /// An *ICMP Destination Unreachable* message should be sent back to the traffic source.
    REJECT,
}

impl FromStr for FirewallAction {
    type Err = FirewallError;

    fn from_str(s: &str) -> Result<Self, Self::Err> {
        match s {
            "ACCEPT" => Ok(Self::ACCEPT),
            "DENY" => Ok(Self::DENY),
            "REJECT" => Ok(Self::REJECT),
            x => Err(FirewallError::InvalidAction(x.to_owned())),
        }
    }
}

impl Display for FirewallAction {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        write!(f, "{self:?}")
    }
}

impl ToSql for FirewallAction {
    fn to_sql(&self) -> rusqlite::Result<ToSqlOutput<'_>> {
        Ok(self.to_string().into())
    }
}

impl FromSql for FirewallAction {
    fn column_result(value: ValueRef<'_>) -> FromSqlResult<Self> {
        FromSqlResult::Ok(FirewallAction::from_str(value.as_str().unwrap()).unwrap())
    }
}

#[cfg(test)]
mod tests {
    use std::str::FromStr;

    use rusqlite::types::ToSqlOutput;
    use rusqlite::types::Value::Text;
    use rusqlite::ToSql;

    use crate::{FirewallAction, FirewallError};

    #[test]
    fn test_firewall_actions_from_str() {
        assert_eq!(
            FirewallAction::from_str("ACCEPT"),
            Ok(FirewallAction::ACCEPT)
        );
        assert_eq!(FirewallAction::from_str("DENY"), Ok(FirewallAction::DENY));
        assert_eq!(
            FirewallAction::from_str("REJECT"),
            Ok(FirewallAction::REJECT)
        );

        let err = FirewallAction::from_str("DROP").unwrap_err();
        assert_eq!(err, FirewallError::InvalidAction("DROP".to_owned()));
        assert_eq!(err.to_string(), "Firewall error - incorrect action 'DROP'");
    }

    #[test]
    fn test_firewall_actions_to_sql() {
        assert_eq!(
            FirewallAction::to_sql(&FirewallAction::ACCEPT),
            Ok(ToSqlOutput::Owned(Text("ACCEPT".to_string())))
        );

        assert_eq!(
            FirewallAction::to_sql(&FirewallAction::DENY),
            Ok(ToSqlOutput::Owned(Text("DENY".to_string())))
        );

        assert_eq!(
            FirewallAction::to_sql(&FirewallAction::REJECT),
            Ok(ToSqlOutput::Owned(Text("REJECT".to_string())))
        );
    }
}