Merge pull request #26 from RPGLibrarium/rewrite

Full rewrite
RPGLibrarium · Mar 2, 2022 · 03489cd · 03489cd
2 parents 06b6ace + 327768f
commit 03489cd
Show file tree

Hide file tree

Showing 115 changed files with 3,653 additions and 11,661 deletions.
diff --git a/.dockerignore b/.dockerignore
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,3 @@
-config/local.toml
-config/test.toml
-
 .idea/
 /target/
 **/*.rs.bk
@@ -9,3 +6,5 @@ config/test.toml
 
 /webhooks-cargo/build/
 /webhooks-cargo/webhook/secret
+
+/config/
diff --git a/.travis.yml b/.travis.yml
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,49 +1,29 @@
 [package]
 name = "liberation"
-version = "0.1.0"
-authors = ["Yoann Kehler <privat@yoann.de>"]
-edition = '2018'
+version = "0.2.0"
+authors = ["Yoann Kehler <mail@yoann.de>", "Richard Z. <git+liberation@richardz.de>"]
+edition = "2021"
 
-[dependencies]
-rand = "^0.7"
-serde = {version="^1.0", features = ["derive"]}
-serde_json = "^1.0"
-chrono = "^0.4"
-#actix-web = {git = "https://github.com/actix/actix-web", branch="master"}
-actix-web = { version="^1", features=["ssl"] }
-awc = "0.2.2"
-actix-service = "*"
-actix-files = "*"
-actix = "*"
-failure = "*"
-futures = "^0.1"
-config = "^0.9"
-oauth2 = "2.0.0-beta.3"
-url = "^1.0"
-url_serde="*"
-tokio="*"
-jsonwebtoken = "^6"
-log = "*"
-env_logger = "*"
-base64 = "*"
-openssl = "^0.10"
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
-[dependencies.mysql]
-version = "*"
-features = ["rustc-serialize"]
+[dependencies]
+log = "0.4"
+thiserror = "1.0"
+actix-web = "4.0.0-beta.21"
+tokio = { version = "1", features = ["macros"] }
+futures = "0.3"
+# in version 7 handling the key is super anoying, because it has no state.
+jsonwebtoken = "8"
+serde = { version = "1.0", features = ["derive"] }
+diesel = { version = "1.4", features = ["mysql", "r2d2"] }
+base64 = "0.13.0"
+oauth2 = { version = "4", features = ["reqwest"] }
+reqwest = { version = "0.11", features = ["json"]}
 
-[dev-dependencies]
+# Binary only dependencies. Cargo doesn't support this at the moment.
+clap = { version = "3", features = ["derive", "cargo"] }
+config = { version="0.11.0", features = ["toml"]}
+env_logger = "0.9"
 
-[profile.dev]
-debug = true
-overflow-checks = true
 
-[profile.test]
-opt-level = 0
-debug = 2
-overflow-checks = true
 
-[profile.release]
-opt-level = 3
-debug = false
-overflow-checks = false
diff --git a/Dockerfile b/Dockerfile
diff --git a/README.md b/README.md
@@ -0,0 +1,75 @@
+# Liberation Backend
+
+## Development setup
+Dependencies (Ubuntu):
+- gcc
+- libssl-dev
+- libmysqlclient-dev
+
+1. Install mariadb container
+```shell
+podman run -dt -p 127.0.0.1:3306:3306  --name liberation-dev-db  --env MARIADB_USER=liberation --env MARIADB_PASSWORD=liberation --env MARIADB_ROOT_PASSWORD=root --env MARIADB_DATABASE=liberation docker.io/mariadb:latest
+```
+Or start container
+```shell
+podman start liberation-dev-db
+```
+
+2. Apply the latest migration
+One time and update when necessary
+```shell
+cargo install diesel_cli
+```
+
+On first run and after each database change
+```shell
+diesel migration run --database-url mysql://liberation:[email protected]:3306/liberation
+```
+
+3. Run Liberation
+```shell
+cargo run -p liberation -- -d mysql://liberation:[email protected]:3306/liberation
+```
+
+## A short introduction to access control
+### Definitions
+A `client` is an application accessing resources (e.g. web frontend, Android app).
+A `subject` is the authenticated entity ob behalf a client is acting (e.g. the user).
+A `scope` is a subset of privileges available to a user (e.g. see account information, see collection, lend books from inventory).
+The client can request certain scopes and (if they are available to the user) the user can delegate them the client.
+
+In Liberation the access control is partially handled through scopes and partially done on application level. Scopes
+control which subset privileges the user provides to the client. 
+
+### Scopes
+Liberation requires scopes for certain actions. The client can request those scopes for a user.
+The web frontend asks of some scopes by default, because they are needed for the basic functionality:
+- `account:read`
+- `collection:read`
+- `collection:modify`
+- `inventory:read`
+- `inventory:modify`
+- `librarian:read`
+- `librarian:modify`
+
+Some more important scopes need to be requested explicitly before performing the action:
+- `account:register`
+- `account:delete`
+- `account:modify`
+- `aristocrat:read`
+- `aristocrat:modify`
+
+Not all scopes are available to all subjects. For example librarian scopes are only available to librarians and 
+aristocrat scopes can only be attained by aristocrats.
+
+### Groups and roles
+The following groups are managed in keycloak
+- `librarium`
+  - `members`
+    - `board`
+    - `developers`
+
+All members get the `liberation-user` role. All `board` members are assigned the `liberation-aristocrat` and 
+the `liberation-librarian` role.
+
+All developers get the `liberation-frontend/developer` role so that they see experimental frontend features.
diff --git a/config/defaults.toml b/config/defaults.toml
diff --git a/config/local.toml.sample b/config/local.toml.sample
diff --git a/config/test.toml.sample b/config/test.toml.sample
diff --git a/diesel.toml b/diesel.toml
@@ -0,0 +1,5 @@
+# For documentation on how to configure this file,
+# see diesel.rs/guides/configuring-diesel-cli
+
+[print_schema]
+file = "src/schema.rs"
diff --git a/docker-compose.yml b/docker-compose.yml
diff --git a/docs/.gitignore b/docs/.gitignore
diff --git a/docs/404.html b/docs/404.html
diff --git a/docs/CNAME b/docs/CNAME
diff --git a/docs/Gemfile b/docs/Gemfile