409/warren
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

create users through admin page

Browse Source
This commit is contained in:
Shawn
2025-07-19 22:18:49 +02:00
parent deff81d2ff
commit 7f2aac12e6
65 changed files with 1394 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
backend/src/lib/domain/warren/models/user/requests.rs
View File

@@ -11,8 +11,16 @@ pub struct RegisterUserRequest {
password: UserPassword,
}
impl From<RegisterUserRequest> for CreateUserRequest {
fn from(value: RegisterUserRequest) -> Self {
Self::new(value.name, value.email, value.password, false)
}
}
#[derive(Debug, Error)]
pub enum RegisterUserError {
#[error(transparent)]
CreateUser(#[from] CreateUserError),
#[error(transparent)]
Unknown(#[from] anyhow::Error),
}
@@ -178,3 +186,45 @@ pub enum LoginUserError {
#[error(transparent)]
Unknown(#[from] anyhow::Error),
}
/// An admin request to create a new user
#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub struct CreateUserRequest {
name: UserName,
email: UserEmail,
password: UserPassword,
admin: bool,
}
impl CreateUserRequest {
pub fn new(name: UserName, email: UserEmail, password: UserPassword, admin: bool) -> Self {
Self {
name,
email,
password,
admin,
}
}
pub fn name(&self) -> &UserName {
&self.name
}
pub fn email(&self) -> &UserEmail {
&self.email
}
pub fn password(&self) -> &UserPassword {
&self.password
}
pub fn admin(&self) -> bool {
self.admin
}
}
#[derive(Debug, Error)]
pub enum CreateUserError {
#[error(transparent)]
Unknown(#[from] anyhow::Error),
}

3
backend/src/lib/domain/warren/ports/metrics.rs
View File

@@ -56,6 +56,9 @@ pub trait AuthMetrics: Clone + Send + Sync + 'static {
fn record_user_login_success(&self) -> impl Future<Output = ()> + Send;
fn record_user_login_failure(&self) -> impl Future<Output = ()> + Send;
fn record_user_creation_success(&self) -> impl Future<Output = ()> + Send;
fn record_user_creation_failure(&self) -> impl Future<Output = ()> + Send;
fn record_auth_session_creation_success(&self) -> impl Future<Output = ()> + Send;
fn record_auth_session_creation_failure(&self) -> impl Future<Output = ()> + Send;

9
backend/src/lib/domain/warren/ports/mod.rs
View File

@@ -20,8 +20,8 @@ use super::models::{
FilePath, ListFilesError, ListFilesRequest, RenameEntryError, RenameEntryRequest,
},
user::{
LoginUserError, LoginUserRequest, LoginUserResponse, RegisterUserError,
RegisterUserRequest, User,
CreateUserError, CreateUserRequest, LoginUserError, LoginUserRequest, LoginUserResponse,
RegisterUserError, RegisterUserRequest, User,
},
user_warren::{
UserWarren,
@@ -120,6 +120,11 @@ pub trait AuthService: Clone + Send + Sync + 'static {
&self,
request: LoginUserRequest,
) -> impl Future<Output = Result<LoginUserResponse, LoginUserError>> + Send;
/// An action that creates a user (MUST REQUIRE ADMIN PRIVILEGES)
fn create_user(
&self,
request: AuthRequest<CreateUserRequest>,
) -> impl Future<Output = Result<User, AuthError<CreateUserError>>> + Send;
fn create_auth_session(
&self,

2
backend/src/lib/domain/warren/ports/notifier.rs
View File

@@ -73,6 +73,8 @@ pub trait FileSystemNotifier: Clone + Send + Sync + 'static {
pub trait AuthNotifier: Clone + Send + Sync + 'static {
fn user_registered(&self, user: &User) -> impl Future<Output = ()> + Send;
fn user_logged_in(&self, response: &LoginUserResponse) -> impl Future<Output = ()> + Send;
fn user_created(&self, creator: &User, created: &User) -> impl Future<Output = ()> + Send;
fn auth_session_created(&self, user_id: &Uuid) -> impl Future<Output = ()> + Send;
fn auth_session_fetched(
&self,

8
backend/src/lib/domain/warren/ports/repository.rs
View File

@@ -12,7 +12,7 @@ use crate::domain::warren::models::{
FilePath, ListFilesError, ListFilesRequest, RenameEntryError, RenameEntryRequest,
},
user::{
RegisterUserError, RegisterUserRequest, User, VerifyUserPasswordError,
CreateUserError, CreateUserRequest, User, VerifyUserPasswordError,
VerifyUserPasswordRequest,
},
user_warren::{
@@ -70,10 +70,10 @@ pub trait FileSystemRepository: Clone + Send + Sync + 'static {
}
pub trait AuthRepository: Clone + Send + Sync + 'static {
fn register_user(
fn create_user(
&self,
request: RegisterUserRequest,
) -> impl Future<Output = Result<User, RegisterUserError>> + Send;
request: CreateUserRequest,
) -> impl Future<Output = Result<User, CreateUserError>> + Send;
fn verify_user_password(
&self,
request: VerifyUserPasswordRequest,

34
backend/src/lib/domain/warren/service/auth.rs
View File

@@ -10,8 +10,8 @@ use crate::{
},
},
user::{
LoginUserError, LoginUserRequest, LoginUserResponse, RegisterUserError,
RegisterUserRequest, User,
CreateUserError, CreateUserRequest, LoginUserError, LoginUserRequest,
LoginUserResponse, RegisterUserError, RegisterUserRequest, User,
},
user_warren::{
UserWarren,
@@ -99,7 +99,7 @@ where
N: AuthNotifier,
{
async fn register_user(&self, request: RegisterUserRequest) -> Result<User, RegisterUserError> {
let result = self.repository.register_user(request).await;
let result = self.repository.create_user(request.into()).await;
if let Ok(user) = result.as_ref() {
self.metrics.record_user_registration_success().await;
@@ -108,7 +108,7 @@ where
self.metrics.record_user_registration_failure().await;
}
result
result.map_err(Into::into)
}
async fn login_user(
@@ -139,6 +139,32 @@ where
result.map_err(Into::into)
}
async fn create_user(
&self,
request: AuthRequest<CreateUserRequest>,
) -> Result<User, AuthError<CreateUserError>> {
let (session, request) = request.unpack();
let response = self
.fetch_auth_session(FetchAuthSessionRequest::new(session.session_id().clone()))
.await?;
if !response.user().admin() {
return Err(AuthError::InsufficientPermissions);
}
let result = self.repository.create_user(request).await;
if let Ok(user) = result.as_ref() {
self.metrics.record_user_creation_success().await;
self.notifier.user_created(response.user(), user).await;
} else {
self.metrics.record_user_creation_failure().await;
}
result.map_err(AuthError::Custom)
}
async fn create_auth_session(
&self,
request: CreateAuthSessionRequest,

11
backend/src/lib/inbound/http/errors.rs
View File

@@ -2,7 +2,7 @@ use crate::{
domain::warren::models::{
auth_session::{AuthError, requests::FetchAuthSessionError},
file::{CreateDirectoryError, DeleteDirectoryError, DeleteFileError, ListFilesError},
user::{LoginUserError, RegisterUserError, VerifyUserPasswordError},
user::{CreateUserError, LoginUserError, RegisterUserError, VerifyUserPasswordError},
user_warren::requests::FetchUserWarrenError,
warren::{
CreateWarrenDirectoryError, DeleteWarrenDirectoryError, DeleteWarrenFileError,
@@ -136,6 +136,7 @@ impl From<UploadWarrenFilesError> for ApiError {
impl From<RegisterUserError> for ApiError {
fn from(value: RegisterUserError) -> Self {
match value {
RegisterUserError::CreateUser(err) => err.into(),
RegisterUserError::Unknown(error) => Self::InternalServerError(error.to_string()),
}
}
@@ -197,3 +198,11 @@ impl<T: std::error::Error> From<AuthError<T>> for ApiError {
}
}
}
impl From<CreateUserError> for ApiError {
fn from(value: CreateUserError) -> Self {
match value {
CreateUserError::Unknown(err) => Self::InternalServerError(err.to_string()),
}
}
}

95
backend/src/lib/inbound/http/handlers/admin/create_user.rs Normal file
View File

@@ -0,0 +1,95 @@
use axum::{Json, extract::State, http::StatusCode};
use serde::Deserialize;
use thiserror::Error;
use crate::{
domain::warren::{
models::{
auth_session::AuthRequest,
user::{
CreateUserRequest, UserEmail, UserEmailError, UserName, UserNameError,
UserPassword, UserPasswordError,
},
},
ports::{AuthService, WarrenService},
},
inbound::http::{
AppState,
handlers::{UserData, extractors::SessionIdHeader},
responses::{ApiError, ApiSuccess},
},
};
#[derive(Debug, Clone, Error)]
pub(super) enum ParseCreateUserHttpRequestError {
#[error(transparent)]
UserName(#[from] UserNameError),
#[error(transparent)]
UserEmail(#[from] UserEmailError),
#[error(transparent)]
UserPassword(#[from] UserPasswordError),
}
impl From<ParseCreateUserHttpRequestError> for ApiError {
fn from(value: ParseCreateUserHttpRequestError) -> Self {
match value {
ParseCreateUserHttpRequestError::UserName(err) => match err {
UserNameError::Empty => {
Self::BadRequest("The username must not be empty".to_string())
}
},
ParseCreateUserHttpRequestError::UserEmail(err) => match err {
UserEmailError::Invalid => Self::BadRequest("The email is invalid".to_string()),
UserEmailError::Empty => {
Self::BadRequest("The email must not be empty".to_string())
}
},
ParseCreateUserHttpRequestError::UserPassword(err) => Self::BadRequest(
match err {
UserPasswordError::Empty => "The provided password is empty",
// Best not give a potential bad actor any hints since this is the login and
// not the registration
UserPasswordError::LeadingWhitespace
| UserPasswordError::TrailingWhitespace
| UserPasswordError::TooShort
| UserPasswordError::TooLong => "",
}
.to_string(),
),
}
}
}
#[derive(Debug, Clone, PartialEq, Eq, Deserialize)]
#[serde(rename_all = "camelCase")]
pub(super) struct CreateUserHttpRequestBody {
name: String,
email: String,
password: String,
admin: bool,
}
impl CreateUserHttpRequestBody {
fn try_into_domain(self) -> Result<CreateUserRequest, ParseCreateUserHttpRequestError> {
let name = UserName::new(&self.name)?;
let email = UserEmail::new(&self.email)?;
let password = UserPassword::new(&self.password)?;
Ok(CreateUserRequest::new(name, email, password, self.admin))
}
}
pub async fn create_user<WS: WarrenService, AS: AuthService>(
State(state): State<AppState<WS, AS>>,
SessionIdHeader(session): SessionIdHeader,
Json(request): Json<CreateUserHttpRequestBody>,
) -> Result<ApiSuccess<UserData>, ApiError> {
let domain_request = request.try_into_domain()?;
state
.auth_service
.create_user(AuthRequest::new(session, domain_request))
.await
.map(|user| ApiSuccess::new(StatusCode::CREATED, user.into()))
.map_err(ApiError::from)
}

13
backend/src/lib/inbound/http/handlers/admin/mod.rs Normal file
View File

@@ -0,0 +1,13 @@
mod create_user;
use create_user::create_user;
use axum::{Router, routing::post};
use crate::{
domain::warren::ports::{AuthService, WarrenService},
inbound::http::AppState,
};
pub fn routes<WS: WarrenService, AS: AuthService>() -> Router<AppState<WS, AS>> {
Router::new().route("/users", post(create_user))
}

4
backend/src/lib/inbound/http/handlers/auth/fetch_session.rs
View File

@@ -14,7 +14,7 @@ use crate::{
},
inbound::http::{
AppState,
handlers::SessionUser,
handlers::UserData,
responses::{ApiError, ApiSuccess},
},
};
@@ -22,7 +22,7 @@ use crate::{
#[derive(Debug, Clone, Serialize, PartialEq)]
#[serde(rename_all = "camelCase")]
pub struct FetchSessionResponseBody {
user: SessionUser,
user: UserData,
expires_at: i64,
}

4
backend/src/lib/inbound/http/handlers/auth/login.rs
View File

@@ -12,7 +12,7 @@ use crate::{
},
inbound::http::{
AppState,
handlers::SessionUser,
handlers::UserData,
responses::{ApiError, ApiSuccess},
},
};
@@ -70,7 +70,7 @@ impl LoginUserHttpRequestBody {
#[derive(Debug, Clone, PartialEq, Serialize)]
pub struct LoginResponseBody {
token: String,
user: SessionUser,
user: UserData,
expires_at: i64,
}

5
backend/src/lib/inbound/http/handlers/mod.rs
View File

@@ -3,6 +3,7 @@ use uuid::Uuid;
use crate::domain::warren::models::user::User;
pub mod admin;
pub mod auth;
pub mod extractors;
pub mod warrens;
@@ -10,14 +11,14 @@ pub mod warrens;
#[derive(Debug, Clone, Serialize, PartialEq)]
#[serde(rename_all = "camelCase")]
/// A session user that can be safely sent to the client
pub struct SessionUser {
pub(super) struct UserData {
id: Uuid,
name: String,
email: String,
admin: bool,
}
impl From<User> for SessionUser {
impl From<User> for UserData {
fn from(value: User) -> Self {
Self {
id: *value.id(),

2
backend/src/lib/inbound/http/mod.rs
View File

@@ -6,6 +6,7 @@ use std::sync::Arc;
use anyhow::Context;
use axum::{Router, http::HeaderValue};
use handlers::admin;
use handlers::auth;
use handlers::warrens;
use tokio::net::TcpListener;
@@ -126,4 +127,5 @@ fn api_routes<WS: WarrenService, AS: AuthService>() -> Router<AppState<WS, AS>>
Router::new()
.nest("/auth", auth::routes())
.nest("/warrens", warrens::routes())
.nest("/admin", admin::routes())
}

7
backend/src/lib/outbound/metrics_debug_logger.rs
View File

@@ -138,6 +138,13 @@ impl AuthMetrics for MetricsDebugLogger {
tracing::debug!("[Metrics] User login failed");
}
async fn record_user_creation_success(&self) {
tracing::debug!("[Metrics] User creation succeeded");
}
async fn record_user_creation_failure(&self) {
tracing::debug!("[Metrics] User creation failed");
}
async fn record_auth_session_creation_success(&self) {
tracing::debug!("[Metrics] Auth session creation succeeded");
}

8
backend/src/lib/outbound/notifier_debug_logger.rs
View File

@@ -121,6 +121,14 @@ impl AuthNotifier for NotifierDebugLogger {
tracing::debug!("[Notifier] Registered user {}", user.name());
}
async fn user_created(&self, creator: &User, created: &User) {
tracing::debug!(
"[Notifier] Admin user {} created user {}",
creator.name(),
created.name()
);
}
async fn user_logged_in(&self, response: &LoginUserResponse) {
tracing::debug!("[Notifier] Logged in user {}", response.user().name());
}

6
backend/src/lib/outbound/postgres.rs
View File

@@ -25,7 +25,7 @@ use crate::domain::warren::{
},
},
user::{
RegisterUserError, RegisterUserRequest, User, UserEmail, UserName, UserPassword,
CreateUserError, CreateUserRequest, User, UserEmail, UserName, UserPassword,
VerifyUserPasswordError, VerifyUserPasswordRequest,
},
user_warren::{
@@ -394,7 +394,7 @@ impl WarrenRepository for Postgres {
}
impl AuthRepository for Postgres {
async fn register_user(&self, request: RegisterUserRequest) -> Result<User, RegisterUserError> {
async fn create_user(&self, request: CreateUserRequest) -> Result<User, CreateUserError> {
let mut connection = self
.pool
.acquire()
@@ -407,7 +407,7 @@ impl AuthRepository for Postgres {
request.name(),
request.email(),
request.password(),
false,
request.admin(),
)
.await
.context(format!("Failed to create user"))?;