feat: Fixes release build failures and get's release dockerfile working.

Sources/DatabaseClientLive/Users+live.swift

@@ -0,0 +1,309 @@
+import DatabaseClient
+import FluentKit
+import Foundation
+import SharedModels
+import Vapor
+
+public extension DatabaseClient.Users {
+
+  static func live(database: any Database) -> Self {
+    .init {
+      try await UserModel.query(on: database).count()
+    } create: { create in
+      let model = try create.toModel()
+      try await model.save(on: database)
+      return try model.toDTO()
+    } delete: { id in
+      guard let model = try await UserModel.find(id, on: database) else {
+        throw NotFoundError()
+      }
+      try await model.delete(on: database)
+    } fetchAll: {
+      try await UserModel.query(on: database).all().map { try $0.toDTO() }
+    } get: { id in
+      try await UserModel.find(id, on: database).map { try $0.toDTO() }
+    } login: { login in
+      try login.validate()
+
+      var query = UserModel.query(on: database)
+
+      if let username = login.username {
+        query = query.filter(\UserModel.$username == username)
+      } else {
+        query = query.filter(\UserModel.$email == login.email!)
+      }
+
+      guard let user = try await query.first() else {
+        throw NotFoundError()
+      }
+
+      let token = try user.generateToken()
+
+      try await token.save(on: database)
+
+      return try User.Token(
+        id: token.requireID(),
+        userID: user.requireID(),
+        value: token.value
+      )
+
+    } logout: { id in
+      guard let token = try await UserTokenModel.find(id, on: database)
+      else { return }
+      try await token.delete(on: database)
+    } token: { _ in
+      guard let user = try await UserModel.query(on: database)
+        .with(\.$token)
+        .first()
+      else {
+        throw Abort(.notFound)
+      }
+
+      guard let token = user.token else {
+        let token = try user.generateToken()
+        try await token.save(on: database)
+        return try token.toDTO()
+      }
+
+      return try token.toDTO()
+    } update: { id, updates in
+      guard let user = try await UserModel.find(id, on: database) else {
+        throw Abort(.notFound)
+      }
+      var hasChanges = false
+      if let username = updates.username {
+        hasChanges = true
+        user.username = username
+      }
+      if let email = updates.email {
+        hasChanges = true
+        user.email = email
+      }
+
+      guard hasChanges else { return try user.toDTO() }
+      try await user.save(on: database)
+      return try user.toDTO()
+    }
+  }
+}
+
+extension User {
+  struct Migrate: AsyncMigration {
+    let name = "CreateUser"
+
+    func prepare(on database: any Database) async throws {
+      try await database.schema(UserModel.schema)
+        .id()
+        .field("username", .string, .required)
+        .field("email", .string, .required)
+        .field("password_hash", .string, .required)
+        .field("created_at", .datetime)
+        .field("updated_at", .datetime)
+        .unique(on: "email", "username")
+        .create()
+    }
+
+    func revert(on database: any Database) async throws {
+      try await database.schema(UserModel.schema).delete()
+    }
+  }
+}
+
+extension User.Token {
+  struct Migrate: AsyncMigration {
+    let name = "CreateUserToken"
+
+    func prepare(on database: any Database) async throws {
+      try await database.schema(UserTokenModel.schema)
+        .id()
+        .field("value", .string, .required)
+        .field("user_id", .uuid, .required, .references(UserModel.schema, "id"))
+        .unique(on: "value")
+        .create()
+    }
+
+    func revert(on database: any Database) async throws {
+      try await database.schema(UserTokenModel.schema).delete()
+    }
+  }
+}
+
+extension User.Create {
+
+  func toModel() throws -> UserModel {
+    try validate()
+    return try .init(username: username, email: email, passwordHash: Bcrypt.hash(password, cost: 12))
+  }
+
+  func validate() throws {
+    guard !username.isEmpty else {
+      throw ValidationError(message: "Username should not be empty.")
+    }
+    guard !email.isEmpty else {
+      throw ValidationError(message: "Email should not be empty")
+    }
+    guard password.count > 8 else {
+      throw ValidationError(message: "Password should be more than 8 characters long.")
+    }
+    guard password == confirmPassword else {
+      throw ValidationError(message: "Passwords do not match.")
+    }
+  }
+}
+
+extension User.Login {
+
+  func validate() throws {
+    guard username != nil || email != nil else {
+      throw ValidationError(message: "Either username or email must be provided to login.")
+    }
+  }
+}
+
+/// The user database model.
+///
+/// A user is someone who is able to login and generate PO's for employees.  Generally a user should also
+/// have an employee profile, but not all employees are users. Users are generally restricted to office workers
+/// and administrators.
+///
+///
+final class UserModel: Model, @unchecked Sendable {
+  static let schema = "user"
+
+  @ID(key: .id)
+  var id: UUID?
+
+  @Field(key: "username")
+  var username: String
+
+  @Field(key: "email")
+  var email: String
+
+  @Field(key: "password_hash")
+  var passwordHash: String
+
+  @Timestamp(key: "created_at", on: .create)
+  var createdAt: Date?
+
+  @Timestamp(key: "updated_at", on: .update)
+  var updatedAt: Date?
+
+  @OptionalChild(for: \.$user)
+  var token: UserTokenModel?
+
+  init() {}
+
+  init(
+    id: UUID? = nil,
+    username: String,
+    email: String,
+    passwordHash: String
+  ) {
+    self.id = id
+    self.username = username
+    self.email = email
+    self.passwordHash = passwordHash
+  }
+
+  func toDTO() throws -> User {
+    try .init(
+      id: requireID(),
+      email: email,
+      username: username,
+      createdAt: createdAt,
+      updatedAt: updatedAt
+    )
+  }
+
+  func generateToken() throws -> UserTokenModel {
+    try .init(
+      value: [UInt8].random(count: 16).base64,
+      userID: requireID()
+    )
+  }
+
+}
+
+final class UserTokenModel: Model, Codable, @unchecked Sendable {
+
+  static let schema = "user_token"
+
+  @ID(key: .id)
+  var id: UUID?
+
+  @Field(key: "value")
+  var value: String
+
+  @Parent(key: "user_id")
+  var user: UserModel
+
+  init() {}
+
+  init(id: UUID? = nil, value: String, userID: UserModel.IDValue) {
+    self.id = id
+    self.value = value
+    $user.id = userID
+  }
+
+  func toDTO() throws -> User.Token {
+    try .init(id: requireID(), userID: $user.id, value: value)
+  }
+
+}
+
+// MARK: - Authentication
+
+extension User: Authenticatable {}
+extension User: SessionAuthenticatable {
+  public var sessionID: String { username }
+}
+
+public struct UserPasswordAuthenticator: AsyncBasicAuthenticator {
+  public typealias User = SharedModels.User
+
+  public init() {}
+
+  public func authenticate(basic: BasicAuthorization, for request: Request) async throws {
+    guard let user = try await UserModel.query(on: request.db)
+      .filter(\UserModel.$username == basic.username)
+      .first(),
+      try Bcrypt.verify(basic.password, created: user.passwordHash)
+    else {
+      throw Abort(.unauthorized)
+    }
+    try request.auth.login(user.toDTO())
+  }
+}
+
+public struct UserTokenAuthenticator: AsyncBearerAuthenticator {
+  public typealias User = SharedModels.User
+
+  public init() {}
+
+  public func authenticate(bearer: BearerAuthorization, for request: Request) async throws {
+    guard let token = try await UserTokenModel.query(on: request.db)
+      .filter(\UserTokenModel.$value == bearer.token)
+      .with(\UserTokenModel.$user)
+      .first()
+    else {
+      throw Abort(.unauthorized)
+    }
+    try request.auth.login(token.user.toDTO())
+  }
+}
+
+public struct UserSessionAuthenticator: AsyncSessionAuthenticator {
+  public typealias User = SharedModels.User
+
+  public init() {}
+
+  public func authenticate(sessionID: User.SessionID, for request: Request) async throws {
+    guard let user = try await UserModel.query(on: request.db)
+      .filter(\UserModel.$username == sessionID)
+      .first()
+    else {
+      throw Abort(.unauthorized)
+    }
+    try request.auth.login(user.toDTO())
+  }
+}