351 lines
8.8 KiB
Swift
351 lines
8.8 KiB
Swift
import DatabaseClient
|
|
import FluentKit
|
|
import Foundation
|
|
import SharedModels
|
|
import Vapor
|
|
|
|
public extension DatabaseClient.Users {
|
|
|
|
static func live(database: any Database) -> Self {
|
|
.init {
|
|
try await UserModel.query(on: database).count()
|
|
} create: { create in
|
|
let model = try create.toModel()
|
|
try await model.save(on: database)
|
|
return try model.toDTO()
|
|
} delete: { id in
|
|
guard let model = try await UserModel.find(id, on: database) else {
|
|
throw NotFoundError()
|
|
}
|
|
try await model.delete(on: database)
|
|
} fetchAll: {
|
|
try await UserModel.query(on: database).all().map { try $0.toDTO() }
|
|
} get: { id in
|
|
try await UserModel.find(id, on: database).map { try $0.toDTO() }
|
|
} login: { login in
|
|
try login.validate()
|
|
|
|
var query = UserModel
|
|
.query(on: database)
|
|
.with(\.$token)
|
|
|
|
if let username = login.username {
|
|
query = query.filter(\UserModel.$username == username)
|
|
} else {
|
|
query = query.filter(\UserModel.$email == login.email!)
|
|
}
|
|
|
|
guard let user = try await query.first() else {
|
|
throw NotFoundError()
|
|
}
|
|
|
|
let token: User.Token
|
|
|
|
// Check if the user already has a token.
|
|
if let userToken = user.token {
|
|
token = try userToken.toDTO()
|
|
} else {
|
|
// Generate a new token for the user if they didn't have one.
|
|
let tokenModel = try user.generateToken()
|
|
try await tokenModel.save(on: database)
|
|
token = try tokenModel.toDTO()
|
|
}
|
|
|
|
return token
|
|
|
|
} logout: { id in
|
|
guard let token = try await UserTokenModel.find(id, on: database)
|
|
else { return }
|
|
try await token.delete(on: database)
|
|
} resetPassword: { id, request in
|
|
database.logger.debug("Reset password: \(id)")
|
|
|
|
try request.validate()
|
|
|
|
guard let user = try await UserModel.find(id, on: database) else {
|
|
throw Abort(.badRequest, reason: "User not found.")
|
|
}
|
|
|
|
user.passwordHash = try User.hashPassword(request.password)
|
|
try await user.save(on: database)
|
|
|
|
} token: { _ in
|
|
guard let user = try await UserModel.query(on: database)
|
|
.with(\.$token)
|
|
.first()
|
|
else {
|
|
throw Abort(.notFound)
|
|
}
|
|
|
|
guard let token = user.token else {
|
|
let token = try user.generateToken()
|
|
try await token.save(on: database)
|
|
return try token.toDTO()
|
|
}
|
|
|
|
return try token.toDTO()
|
|
} update: { id, updates in
|
|
guard let user = try await UserModel.find(id, on: database) else {
|
|
throw Abort(.notFound)
|
|
}
|
|
var hasChanges = false
|
|
if let username = updates.username {
|
|
hasChanges = true
|
|
user.username = username
|
|
}
|
|
if let email = updates.email {
|
|
hasChanges = true
|
|
user.email = email
|
|
}
|
|
|
|
guard hasChanges else { return try user.toDTO() }
|
|
try await user.save(on: database)
|
|
return try user.toDTO()
|
|
}
|
|
}
|
|
}
|
|
|
|
extension User {
|
|
struct Migrate: AsyncMigration {
|
|
let name = "CreateUser"
|
|
|
|
func prepare(on database: any Database) async throws {
|
|
try await database.schema(UserModel.schema)
|
|
.id()
|
|
.field("username", .string, .required)
|
|
.field("email", .string, .required)
|
|
.field("password_hash", .string, .required)
|
|
.field("created_at", .datetime)
|
|
.field("updated_at", .datetime)
|
|
.unique(on: "email", "username")
|
|
.create()
|
|
}
|
|
|
|
func revert(on database: any Database) async throws {
|
|
try await database.schema(UserModel.schema).delete()
|
|
}
|
|
}
|
|
}
|
|
|
|
extension User.Token {
|
|
struct Migrate: AsyncMigration {
|
|
let name = "CreateUserToken"
|
|
|
|
func prepare(on database: any Database) async throws {
|
|
try await database.schema(UserTokenModel.schema)
|
|
.id()
|
|
.field("value", .string, .required)
|
|
.field("user_id", .uuid, .required, .references(UserModel.schema, "id"))
|
|
.unique(on: "value")
|
|
.create()
|
|
}
|
|
|
|
func revert(on database: any Database) async throws {
|
|
try await database.schema(UserTokenModel.schema).delete()
|
|
}
|
|
}
|
|
}
|
|
|
|
extension User {
|
|
|
|
static func hashPassword(_ password: String) throws -> String {
|
|
try Bcrypt.hash(password, cost: 12)
|
|
}
|
|
|
|
}
|
|
|
|
extension User.Create {
|
|
|
|
func toModel() throws -> UserModel {
|
|
try validate()
|
|
return try .init(username: username, email: email, passwordHash: User.hashPassword(password))
|
|
}
|
|
|
|
func validate() throws {
|
|
guard !username.isEmpty else {
|
|
throw ValidationError(message: "Username should not be empty.")
|
|
}
|
|
guard !email.isEmpty else {
|
|
throw ValidationError(message: "Email should not be empty")
|
|
}
|
|
guard password.count > 8 else {
|
|
throw ValidationError(message: "Password should be more than 8 characters long.")
|
|
}
|
|
guard password == confirmPassword else {
|
|
throw ValidationError(message: "Passwords do not match.")
|
|
}
|
|
}
|
|
}
|
|
|
|
extension User.Login {
|
|
|
|
func validate() throws {
|
|
guard username != nil || email != nil else {
|
|
throw ValidationError(message: "Either username or email must be provided to login.")
|
|
}
|
|
}
|
|
}
|
|
|
|
extension User.ResetPassword {
|
|
|
|
func validate() throws {
|
|
guard password.count > 8 else {
|
|
throw ValidationError(message: "Password should be more than 8 characters long.")
|
|
}
|
|
guard password == confirmPassword else {
|
|
throw ValidationError(message: "Passwords do not match.")
|
|
}
|
|
}
|
|
}
|
|
|
|
/// The user database model.
|
|
///
|
|
/// A user is someone who is able to login and generate PO's for employees. Generally a user should also
|
|
/// have an employee profile, but not all employees are users. Users are generally restricted to office workers
|
|
/// and administrators.
|
|
///
|
|
///
|
|
final class UserModel: Model, @unchecked Sendable {
|
|
static let schema = "user"
|
|
|
|
@ID(key: .id)
|
|
var id: UUID?
|
|
|
|
@Field(key: "username")
|
|
var username: String
|
|
|
|
@Field(key: "email")
|
|
var email: String
|
|
|
|
@Field(key: "password_hash")
|
|
var passwordHash: String
|
|
|
|
@Timestamp(key: "created_at", on: .create, format: .iso8601)
|
|
var createdAt: Date?
|
|
|
|
@Timestamp(key: "updated_at", on: .update, format: .iso8601)
|
|
var updatedAt: Date?
|
|
|
|
@OptionalChild(for: \.$user)
|
|
var token: UserTokenModel?
|
|
|
|
init() {}
|
|
|
|
init(
|
|
id: UUID? = nil,
|
|
username: String,
|
|
email: String,
|
|
passwordHash: String
|
|
) {
|
|
self.id = id
|
|
self.username = username
|
|
self.email = email
|
|
self.passwordHash = passwordHash
|
|
}
|
|
|
|
func toDTO() throws -> User {
|
|
try .init(
|
|
id: requireID(),
|
|
email: email,
|
|
username: username,
|
|
createdAt: createdAt,
|
|
updatedAt: updatedAt
|
|
)
|
|
}
|
|
|
|
func generateToken() throws -> UserTokenModel {
|
|
try .init(
|
|
value: [UInt8].random(count: 16).base64,
|
|
userID: requireID()
|
|
)
|
|
}
|
|
|
|
func verifyPassword(_ password: String) throws -> Bool {
|
|
try Bcrypt.verify(password, created: passwordHash)
|
|
}
|
|
}
|
|
|
|
final class UserTokenModel: Model, Codable, @unchecked Sendable {
|
|
|
|
static let schema = "user_token"
|
|
|
|
@ID(key: .id)
|
|
var id: UUID?
|
|
|
|
@Field(key: "value")
|
|
var value: String
|
|
|
|
@Parent(key: "user_id")
|
|
var user: UserModel
|
|
|
|
init() {}
|
|
|
|
init(id: UUID? = nil, value: String, userID: UserModel.IDValue) {
|
|
self.id = id
|
|
self.value = value
|
|
$user.id = userID
|
|
}
|
|
|
|
func toDTO() throws -> User.Token {
|
|
try .init(id: requireID(), userID: $user.id, value: value)
|
|
}
|
|
|
|
}
|
|
|
|
// MARK: - Authentication
|
|
|
|
extension User: Authenticatable {}
|
|
extension User: SessionAuthenticatable {
|
|
public var sessionID: String { username }
|
|
}
|
|
|
|
public struct UserPasswordAuthenticator: AsyncBasicAuthenticator {
|
|
public typealias User = SharedModels.User
|
|
|
|
public init() {}
|
|
|
|
public func authenticate(basic: BasicAuthorization, for request: Request) async throws {
|
|
guard let user = try await UserModel.query(on: request.db)
|
|
.filter(\UserModel.$username == basic.username)
|
|
.first(),
|
|
try user.verifyPassword(basic.password)
|
|
else {
|
|
throw Abort(.unauthorized)
|
|
}
|
|
try request.auth.login(user.toDTO())
|
|
}
|
|
}
|
|
|
|
public struct UserTokenAuthenticator: AsyncBearerAuthenticator {
|
|
public typealias User = SharedModels.User
|
|
|
|
public init() {}
|
|
|
|
public func authenticate(bearer: BearerAuthorization, for request: Request) async throws {
|
|
guard let token = try await UserTokenModel.query(on: request.db)
|
|
.filter(\UserTokenModel.$value == bearer.token)
|
|
.with(\UserTokenModel.$user)
|
|
.first()
|
|
else {
|
|
throw Abort(.unauthorized)
|
|
}
|
|
try request.auth.login(token.user.toDTO())
|
|
}
|
|
}
|
|
|
|
public struct UserSessionAuthenticator: AsyncSessionAuthenticator {
|
|
public typealias User = SharedModels.User
|
|
|
|
public init() {}
|
|
|
|
public func authenticate(sessionID: User.SessionID, for request: Request) async throws {
|
|
guard let user = try await UserModel.query(on: request.db)
|
|
.filter(\UserModel.$username == sessionID)
|
|
.first()
|
|
else {
|
|
throw Abort(.unauthorized)
|
|
}
|
|
try request.auth.login(user.toDTO())
|
|
}
|
|
}
|