310 lines
7.7 KiB
Swift
310 lines
7.7 KiB
Swift
import DatabaseClient
|
|
import FluentKit
|
|
import Foundation
|
|
import SharedModels
|
|
import Vapor
|
|
|
|
public extension DatabaseClient.Users {
|
|
|
|
static func live(database: any Database) -> Self {
|
|
.init {
|
|
try await UserModel.query(on: database).count()
|
|
} create: { create in
|
|
let model = try create.toModel()
|
|
try await model.save(on: database)
|
|
return try model.toDTO()
|
|
} delete: { id in
|
|
guard let model = try await UserModel.find(id, on: database) else {
|
|
throw NotFoundError()
|
|
}
|
|
try await model.delete(on: database)
|
|
} fetchAll: {
|
|
try await UserModel.query(on: database).all().map { try $0.toDTO() }
|
|
} get: { id in
|
|
try await UserModel.find(id, on: database).map { try $0.toDTO() }
|
|
} login: { login in
|
|
try login.validate()
|
|
|
|
var query = UserModel.query(on: database)
|
|
|
|
if let username = login.username {
|
|
query = query.filter(\UserModel.$username == username)
|
|
} else {
|
|
query = query.filter(\UserModel.$email == login.email!)
|
|
}
|
|
|
|
guard let user = try await query.first() else {
|
|
throw NotFoundError()
|
|
}
|
|
|
|
let token = try user.generateToken()
|
|
|
|
try await token.save(on: database)
|
|
|
|
return try User.Token(
|
|
id: token.requireID(),
|
|
userID: user.requireID(),
|
|
value: token.value
|
|
)
|
|
|
|
} logout: { id in
|
|
guard let token = try await UserTokenModel.find(id, on: database)
|
|
else { return }
|
|
try await token.delete(on: database)
|
|
} token: { _ in
|
|
guard let user = try await UserModel.query(on: database)
|
|
.with(\.$token)
|
|
.first()
|
|
else {
|
|
throw Abort(.notFound)
|
|
}
|
|
|
|
guard let token = user.token else {
|
|
let token = try user.generateToken()
|
|
try await token.save(on: database)
|
|
return try token.toDTO()
|
|
}
|
|
|
|
return try token.toDTO()
|
|
} update: { id, updates in
|
|
guard let user = try await UserModel.find(id, on: database) else {
|
|
throw Abort(.notFound)
|
|
}
|
|
var hasChanges = false
|
|
if let username = updates.username {
|
|
hasChanges = true
|
|
user.username = username
|
|
}
|
|
if let email = updates.email {
|
|
hasChanges = true
|
|
user.email = email
|
|
}
|
|
|
|
guard hasChanges else { return try user.toDTO() }
|
|
try await user.save(on: database)
|
|
return try user.toDTO()
|
|
}
|
|
}
|
|
}
|
|
|
|
extension User {
|
|
struct Migrate: AsyncMigration {
|
|
let name = "CreateUser"
|
|
|
|
func prepare(on database: any Database) async throws {
|
|
try await database.schema(UserModel.schema)
|
|
.id()
|
|
.field("username", .string, .required)
|
|
.field("email", .string, .required)
|
|
.field("password_hash", .string, .required)
|
|
.field("created_at", .datetime)
|
|
.field("updated_at", .datetime)
|
|
.unique(on: "email", "username")
|
|
.create()
|
|
}
|
|
|
|
func revert(on database: any Database) async throws {
|
|
try await database.schema(UserModel.schema).delete()
|
|
}
|
|
}
|
|
}
|
|
|
|
extension User.Token {
|
|
struct Migrate: AsyncMigration {
|
|
let name = "CreateUserToken"
|
|
|
|
func prepare(on database: any Database) async throws {
|
|
try await database.schema(UserTokenModel.schema)
|
|
.id()
|
|
.field("value", .string, .required)
|
|
.field("user_id", .uuid, .required, .references(UserModel.schema, "id"))
|
|
.unique(on: "value")
|
|
.create()
|
|
}
|
|
|
|
func revert(on database: any Database) async throws {
|
|
try await database.schema(UserTokenModel.schema).delete()
|
|
}
|
|
}
|
|
}
|
|
|
|
extension User.Create {
|
|
|
|
func toModel() throws -> UserModel {
|
|
try validate()
|
|
return try .init(username: username, email: email, passwordHash: Bcrypt.hash(password, cost: 12))
|
|
}
|
|
|
|
func validate() throws {
|
|
guard !username.isEmpty else {
|
|
throw ValidationError(message: "Username should not be empty.")
|
|
}
|
|
guard !email.isEmpty else {
|
|
throw ValidationError(message: "Email should not be empty")
|
|
}
|
|
guard password.count > 8 else {
|
|
throw ValidationError(message: "Password should be more than 8 characters long.")
|
|
}
|
|
guard password == confirmPassword else {
|
|
throw ValidationError(message: "Passwords do not match.")
|
|
}
|
|
}
|
|
}
|
|
|
|
extension User.Login {
|
|
|
|
func validate() throws {
|
|
guard username != nil || email != nil else {
|
|
throw ValidationError(message: "Either username or email must be provided to login.")
|
|
}
|
|
}
|
|
}
|
|
|
|
/// The user database model.
|
|
///
|
|
/// A user is someone who is able to login and generate PO's for employees. Generally a user should also
|
|
/// have an employee profile, but not all employees are users. Users are generally restricted to office workers
|
|
/// and administrators.
|
|
///
|
|
///
|
|
final class UserModel: Model, @unchecked Sendable {
|
|
static let schema = "user"
|
|
|
|
@ID(key: .id)
|
|
var id: UUID?
|
|
|
|
@Field(key: "username")
|
|
var username: String
|
|
|
|
@Field(key: "email")
|
|
var email: String
|
|
|
|
@Field(key: "password_hash")
|
|
var passwordHash: String
|
|
|
|
@Timestamp(key: "created_at", on: .create)
|
|
var createdAt: Date?
|
|
|
|
@Timestamp(key: "updated_at", on: .update)
|
|
var updatedAt: Date?
|
|
|
|
@OptionalChild(for: \.$user)
|
|
var token: UserTokenModel?
|
|
|
|
init() {}
|
|
|
|
init(
|
|
id: UUID? = nil,
|
|
username: String,
|
|
email: String,
|
|
passwordHash: String
|
|
) {
|
|
self.id = id
|
|
self.username = username
|
|
self.email = email
|
|
self.passwordHash = passwordHash
|
|
}
|
|
|
|
func toDTO() throws -> User {
|
|
try .init(
|
|
id: requireID(),
|
|
email: email,
|
|
username: username,
|
|
createdAt: createdAt,
|
|
updatedAt: updatedAt
|
|
)
|
|
}
|
|
|
|
func generateToken() throws -> UserTokenModel {
|
|
try .init(
|
|
value: [UInt8].random(count: 16).base64,
|
|
userID: requireID()
|
|
)
|
|
}
|
|
|
|
}
|
|
|
|
final class UserTokenModel: Model, Codable, @unchecked Sendable {
|
|
|
|
static let schema = "user_token"
|
|
|
|
@ID(key: .id)
|
|
var id: UUID?
|
|
|
|
@Field(key: "value")
|
|
var value: String
|
|
|
|
@Parent(key: "user_id")
|
|
var user: UserModel
|
|
|
|
init() {}
|
|
|
|
init(id: UUID? = nil, value: String, userID: UserModel.IDValue) {
|
|
self.id = id
|
|
self.value = value
|
|
$user.id = userID
|
|
}
|
|
|
|
func toDTO() throws -> User.Token {
|
|
try .init(id: requireID(), userID: $user.id, value: value)
|
|
}
|
|
|
|
}
|
|
|
|
// MARK: - Authentication
|
|
|
|
extension User: Authenticatable {}
|
|
extension User: SessionAuthenticatable {
|
|
public var sessionID: String { username }
|
|
}
|
|
|
|
public struct UserPasswordAuthenticator: AsyncBasicAuthenticator {
|
|
public typealias User = SharedModels.User
|
|
|
|
public init() {}
|
|
|
|
public func authenticate(basic: BasicAuthorization, for request: Request) async throws {
|
|
guard let user = try await UserModel.query(on: request.db)
|
|
.filter(\UserModel.$username == basic.username)
|
|
.first(),
|
|
try Bcrypt.verify(basic.password, created: user.passwordHash)
|
|
else {
|
|
throw Abort(.unauthorized)
|
|
}
|
|
try request.auth.login(user.toDTO())
|
|
}
|
|
}
|
|
|
|
public struct UserTokenAuthenticator: AsyncBearerAuthenticator {
|
|
public typealias User = SharedModels.User
|
|
|
|
public init() {}
|
|
|
|
public func authenticate(bearer: BearerAuthorization, for request: Request) async throws {
|
|
guard let token = try await UserTokenModel.query(on: request.db)
|
|
.filter(\UserTokenModel.$value == bearer.token)
|
|
.with(\UserTokenModel.$user)
|
|
.first()
|
|
else {
|
|
throw Abort(.unauthorized)
|
|
}
|
|
try request.auth.login(token.user.toDTO())
|
|
}
|
|
}
|
|
|
|
public struct UserSessionAuthenticator: AsyncSessionAuthenticator {
|
|
public typealias User = SharedModels.User
|
|
|
|
public init() {}
|
|
|
|
public func authenticate(sessionID: User.SessionID, for request: Request) async throws {
|
|
guard let user = try await UserModel.query(on: request.db)
|
|
.filter(\UserModel.$username == sessionID)
|
|
.first()
|
|
else {
|
|
throw Abort(.unauthorized)
|
|
}
|
|
try request.auth.login(user.toDTO())
|
|
}
|
|
}
|