WIP: Begins work on login / signup, adds user database models, authentication needs implemented.

2026-01-02 17:00:50 -05:00
parent 4750842a57
commit 6602c4a8b5
13 changed files with 819 additions and 85 deletions
--- a/Sources/DatabaseClient/Users.swift
+++ b/Sources/DatabaseClient/Users.swift
@@ -0,0 +1,294 @@
+import Dependencies
+import DependenciesMacros
+import Fluent
+import ManualDCore
+import Vapor
+
+extension DatabaseClient {
+  @DependencyClient
+  public struct Users: Sendable {
+    public var create: @Sendable (User.Create) async throws -> User
+    public var delete: @Sendable (User.ID) async throws -> Void
+    public var get: @Sendable (User.ID) async throws -> User?
+    public var login: @Sendable (User.Login) async throws -> User.Token
+    public var logout: @Sendable (User.Token.ID) async throws -> Void
+    // public var token: @Sendable (User.ID) async throws -> User.Token
+  }
+
+}
+
+extension DatabaseClient.Users: TestDependencyKey {
+  public static let testValue = Self()
+
+  public static func live(database: any Database) -> Self {
+    .init(
+      create: { request in
+        let model = try request.toModel()
+        try await model.save(on: database)
+        return try model.toDTO()
+      },
+      delete: { id in
+        guard let model = try await UserModel.find(id, on: database) else {
+          throw NotFoundError()
+        }
+        try await model.delete(on: database)
+      },
+      get: { id in
+        try await UserModel.find(id, on: database).map { try $0.toDTO() }
+      },
+      login: { request in
+        guard
+          let user = try await UserModel.query(on: database)
+            .with(\.$token)
+            .filter(\UserModel.$email == request.email)
+            .first()
+        else {
+          throw NotFoundError()
+        }
+
+        let token: User.Token
+
+        // Check if there's a user token
+        if let userToken = user.token {
+          token = try userToken.toDTO()
+        } else {
+          // generate a new token
+          let tokenModel = try user.generateToken()
+          try await tokenModel.save(on: database)
+          token = try tokenModel.toDTO()
+        }
+
+        return token
+
+      },
+      logout: { tokenID in
+        guard let token = try await UserTokenModel.find(tokenID, on: database) else { return }
+        try await token.delete(on: database)
+      }
+      // ,
+      // token: { id in
+      // }
+
+    )
+  }
+}
+
+extension User {
+  struct Migrate: AsyncMigration {
+    let name = "CreateUser"
+
+    func prepare(on database: any Database) async throws {
+      try await database.schema(UserModel.schema)
+        .id()
+        .field("username", .string, .required)
+        .field("email", .string, .required)
+        .field("password_hash", .string, .required)
+        .field("created_at", .datetime)
+        .field("updated_at", .datetime)
+        .unique(on: "email", "username")
+        .create()
+    }
+
+    func revert(on database: any Database) async throws {
+      try await database.schema(UserModel.schema).delete()
+    }
+  }
+}
+
+extension User.Token {
+  struct Migrate: AsyncMigration {
+    let name = "CreateUserToken"
+
+    func prepare(on database: any Database) async throws {
+      try await database.schema(UserTokenModel.schema)
+        .id()
+        .field("value", .string, .required)
+        .field("user_id", .uuid, .required, .references(UserModel.schema, "id"))
+        .unique(on: "value")
+        .create()
+    }
+
+    func revert(on database: any Database) async throws {
+      try await database.schema(UserTokenModel.schema).delete()
+    }
+  }
+}
+
+extension User {
+
+  static func hashPassword(_ password: String) throws -> String {
+    try Bcrypt.hash(password, cost: 12)
+  }
+
+}
+
+extension User.Create {
+
+  func toModel() throws -> UserModel {
+    try validate()
+    return try .init(username: username, email: email, passwordHash: User.hashPassword(password))
+  }
+
+  func validate() throws {
+    guard !username.isEmpty else {
+      throw ValidationError("Username should not be empty.")
+    }
+    guard !email.isEmpty else {
+      throw ValidationError("Email should not be empty")
+    }
+    guard password.count > 8 else {
+      throw ValidationError("Password should be more than 8 characters long.")
+    }
+    guard password == confirmPassword else {
+      throw ValidationError("Passwords do not match.")
+    }
+  }
+}
+
+final class UserModel: Model, @unchecked Sendable {
+
+  static let schema = "user"
+
+  @ID(key: .id)
+  var id: UUID?
+
+  @Field(key: "username")
+  var username: String
+
+  @Field(key: "email")
+  var email: String
+
+  @Field(key: "password_hash")
+  var passwordHash: String
+
+  @Timestamp(key: "createdAt", on: .create, format: .iso8601)
+  var createdAt: Date?
+
+  @Timestamp(key: "updatedAt", on: .update, format: .iso8601)
+  var updatedAt: Date?
+
+  @OptionalChild(for: \.$user)
+  var token: UserTokenModel?
+
+  init() {}
+
+  init(
+    id: UUID? = nil,
+    username: String,
+    email: String,
+    passwordHash: String
+  ) {
+    self.id = id
+    self.username = username
+    self.email = email
+    self.passwordHash = passwordHash
+  }
+
+  func toDTO() throws -> User {
+    try .init(
+      id: requireID(),
+      email: email,
+      username: username,
+      createdAt: createdAt!,
+      updatedAt: updatedAt!
+    )
+  }
+
+  func generateToken() throws -> UserTokenModel {
+    try .init(
+      value: [UInt8].random(count: 16).base64,
+      userID: requireID()
+    )
+  }
+
+  func verifyPassword(_ password: String) throws -> Bool {
+    try Bcrypt.verify(password, created: passwordHash)
+  }
+}
+
+final class UserTokenModel: Model, Codable, @unchecked Sendable {
+
+  static let schema = "user_token"
+
+  @ID(key: .id)
+  var id: UUID?
+
+  @Field(key: "value")
+  var value: String
+
+  @Parent(key: "user_id")
+  var user: UserModel
+
+  init() {}
+
+  init(id: UUID? = nil, value: String, userID: UserModel.IDValue) {
+    self.id = id
+    self.value = value
+    $user.id = userID
+  }
+
+  func toDTO() throws -> User.Token {
+    try .init(id: requireID(), userID: $user.id, value: value)
+  }
+
+}
+
+// MARK: - Authentication
+
+extension User: Authenticatable {}
+extension User: SessionAuthenticatable {
+  public var sessionID: String { username }
+}
+
+public struct UserPasswordAuthenticator: AsyncBasicAuthenticator {
+  public typealias User = ManualDCore.User
+
+  public init() {}
+
+  public func authenticate(basic: BasicAuthorization, for request: Request) async throws {
+    guard
+      let user = try await UserModel.query(on: request.db)
+        .filter(\UserModel.$username == basic.username)
+        .first(),
+      try user.verifyPassword(basic.password)
+    else {
+      throw Abort(.unauthorized)
+    }
+    try request.auth.login(user.toDTO())
+  }
+}
+
+public struct UserTokenAuthenticator: AsyncBearerAuthenticator {
+  public typealias User = ManualDCore.User
+
+  public init() {}
+
+  public func authenticate(bearer: BearerAuthorization, for request: Request) async throws {
+    guard
+      let token = try await UserTokenModel.query(on: request.db)
+        .filter(\UserTokenModel.$value == bearer.token)
+        .with(\UserTokenModel.$user)
+        .first()
+    else {
+      throw Abort(.unauthorized)
+    }
+    try request.auth.login(token.user.toDTO())
+  }
+}
+
+public struct UserSessionAuthenticator: AsyncSessionAuthenticator {
+  public typealias User = ManualDCore.User
+
+  public init() {}
+
+  public func authenticate(sessionID: User.SessionID, for request: Request) async throws {
+    guard
+      let user = try await UserModel.query(on: request.db)
+        .filter(\UserModel.$username == sessionID)
+        .first()
+    else {
+      throw Abort(.unauthorized)
+    }
+    try request.auth.login(user.toDTO())
+  }
+}