refactor: structure of an hexagonal architecture

Created a kernel crate to store models and future action implementations.
Will be useful to create admin cli.

tests/hurl_integration/run_scenario.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/sh
+
+set -eou pipefail
+
+scenario_name="$1"
+project_root="$(dirname $(cargo locate-project | jq -r .root))"
+scenario_dir="$project_root/tests/hurl_integration/$1"
+scenario_tmp_dir_path="$project_root/tmp/tests/$scenario_name"
+database_path="$project_root/tmp/tests/$scenario_name/minauthator.db"
+
+echo "Starting scenario $scenario_name."
+mkdir -p $scenario_tmp_dir_path
+if [ -f $database_path ]; then
+    rm $database_path
+fi
+sqlite3 $database_path < $project_root/migrations/all.sql
+
+export DB_PATH=$database_path
+if [ -f $scenario_dir/init_db.sh ]; then
+    $scenario_dir/init_db.sh
+fi
+
+pkill -f $project_root/target/debug/minauthator-server &
+sleep 0.1
+$project_root/target/debug/minauthator-server \
+    --config "$scenario_dir/config.toml" \
+    --database  $database_path \
+    --listen-host "127.0.0.1" \
+    --listen-port "8086" \
+    --static-assets "$project_root/assets" &
+
+server_pid=$!
+sleep 0.2
+hurl \
+    --variable base_url="http://localhost:8086" \
+    --test --error-format long \
+    $scenario_dir/main.hurl
+kill $server_pid
+echo "End of scenario."

tests/hurl_integration/scenario_1/config.toml

@@ -0,0 +1,56 @@
+[instance]
+base_uri = "http://localhost:8086"
+name = "Example org"
+logo_uri = "https://example.org/logo.png"
+
+[[applications]]
+slug = "demo_app"
+name = "Demo app"
+description = "A super application where you can do everything you want."
+client_id = "00000001-0000-0000-0000-000000000001"
+client_secret = "dummy_client_secret"
+login_uri = "https://localhost:9876"
+allowed_redirect_uris = [
+    "http://localhost:9090/callback",
+    "http://localhost:9876/callback"
+]
+visibility = "Internal"
+authorize_flow = "Implicit"
+
+[[applications]]
+slug = "wiki"
+name = "Wiki app"
+description = "The knowledge base of the exemple org."
+client_id = "f9de1885-448d-44bb-8c48-7e985486a8c6"
+client_secret = "49c6c16a-0a8a-4981-a60d-5cb96582cc1a"
+login_uri = "https://wiki.example.org/login"
+allowed_redirect_uris = [
+    "https://wiki.example.org/oauth2/callback"
+]
+visibility = "Public"
+authorize_flow = "Implicit"
+
+[[applications]]
+slug = "private_app"
+name = "Demo app"
+description = "Private app you should never discover"
+client_id = "c8a08783-2342-4ce3-a3cb-9dc89b6bdf"
+client_secret = "this_is_the_secret"
+login_uri = "https://private-app.org"
+allowed_redirect_uris = [
+    "http://localhost:9091/authorize",
+]
+visibility = "Private"
+authorize_flow = "Implicit"
+
+[[roles]]
+slug = "basic"
+name = "Basic"
+description = "Basic user"
+default = true
+
+[[roles]]
+slug = "admin"
+name = "Administrator"
+description = "Full power on organization instance"
+

tests/hurl_integration/scenario_1/init_db.sh

@@ -0,0 +1,9 @@
+password_hash="$(echo -n "root" | argon2 salt_06cGGWYDJCZ -e)"
+echo $password_hash
+SQL=$(cat <<EOF
+    INSERT INTO users
+        (id, handle, email, roles, status, password_hash, created_at)
+        VALUES
+        ('$(uuid)', 'root', 'root@example.org', '[]', 'Active', '$password_hash', '2024-11-30T00:00:00Z');
+EOF)
+echo $SQL | sqlite3 $DB_PATH

tests/hurl_integration/scenario_1/main.hurl

@@ -0,0 +1,88 @@
+GET {{ base_url }}/api
+HTTP 200
+[Asserts]
+jsonpath "$.software" == "Minauthator"
+
+POST {{ base_url }}/login
+[FormParams]
+login: root
+password: root
+HTTP 303
+[Captures]
+user_jwt: cookie "minauthator_jwt"
+[Asserts]
+cookie "minauthator_jwt" exists
+cookie "minauthator_jwt[Value]" contains "eyJ0"
+cookie "minauthator_jwt[SameSite]" == "Lax"
+
+GET {{ base_url }}/me
+HTTP 200
+Content-Type: text/html; charset=utf-8
+[Asserts]
+xpath "string(///h1)" == "Welcome root!"
+
+POST {{ base_url }}/me/details-form
+[MultipartFormData]
+handle: root
+email: root@johndoe.net
+full_name: John Doe
+website: https://johndoe.net
+picture: file,john_doe_profile_pic.jpg; image/jpeg
+HTTP 200
+
+GET {{ base_url }}/me/authorizations
+HTTP 200
+[Asserts]
+xpath "string(///h1)" == "Your authorizations"
+xpath "string(///i)" == "You didn't authorized or accessed any applications for now."
+
+# OAuth2 implicit flow (pre-granted app)
+GET {{ base_url }}/authorize
+[QueryStringParams]
+client_id: 00000001-0000-0000-0000-000000000001
+response_type: code
+redirect_uri: http://localhost:9090/callback
+state: Afk4kf6pbZkms78jM
+scope: user_read_basic
+HTTP 302
+[Asserts]
+header "Location" contains "http://localhost:9090/callback?code="
+[Captures]
+authorization_code: header "Location" regex "\\?code=(.*)&"
+
+# OAuth2 get access token
+POST {{ base_url }}/api/token
+[BasicAuth]
+00000001-0000-0000-0000-000000000001: dummy_client_secret
+[FormParams]
+code: {{ authorization_code }}
+scope: user_read_basic
+redirect_uri: http://localhost:9090/callback
+grant_type: authorization_code
+HTTP 200
+Content-Type: application/json
+[Asserts]
+jsonpath "$.access_token" exists
+jsonpath "$.access_token" matches "eyJ[[:alpha:]0-9].[[:alpha:]0-9].[[:alpha:]0-9]"
+[Captures]
+access_token: jsonpath "$.access_token"
+
+# Get basic user info
+GET {{ base_url }}/api/user
+Authorization: JWT {{ access_token }}
+HTTP 200
+Content-Type: application/json
+[Asserts]
+jsonpath "$.handle" == "root"
+jsonpath "$.email" == "root@johndoe.net"
+
+GET {{ base_url }}/me/authorizations
+HTTP 200
+[Asserts]
+xpath "string(///h1)" == "Your authorizations"
+xpath "string(///main/ul/li)" contains "UserReadBasic"
+
+GET {{ base_url }}/logout
+HTTP 303
+[Asserts]
+cookie "minauthator_jwt" == ""

tests/manual/.gitignore

@@ -0,0 +1 @@
+tmp

tests/manual/access_token_request.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/sh
+
+curl -v http://localhost:8085/api/token \
+    -u "a1785786-8be1-443c-9a6f-35feed703609":"49c6c16a-0a8a-4981-a60d-5cb96582cc1a" \
+    -d grant_type="authorization_code" \
+    -d code="$(cat tmp/authorize_code.txt)" \
+    -d redirect_uri="http://localhost:9090/authorize" > tmp/access_token.json

tests/manual/all.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/sh
+
+set -xeuo pipefail
+
+./login.sh
+./authorize.sh
+./access_token_request.sh
+./get_user_info.sh

tests/manual/authorize.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/sh
+
+curl -v http://localhost:8085/authorize \
+    -G \
+    -D "tmp/headers.txt" \
+    --cookie "tmp/.curl-cookies" \
+    -d client_id="a1785786-8be1-443c-9a6f-35feed703609" \
+    -d response_type="code" \
+    -d redirect_uri="http://localhost:9090/callback" \
+    -d scope="user_read_basic" \
+    -d state="qxYAfk4kf6pbZkms78jM"
+
+code="$(cat tmp/headers.txt | grep -i "location" | awk -F ": " '{print $2}' | trurl -f - -g "{query:code}")"
+
+echo "$code" > tmp/authorize_code.txt

tests/manual/create_test_user.sql

@@ -0,0 +1,5 @@
+INSERT INTO users
+    (id, handle, email, roles, status, password_hash, created_at)
+    VALUES
+    ('30c134a7-d541-4ec7-9310-9c8e298077db', 'test', 'test@example.org', '[]', 'Active', '$argon2i$v=19$m=4096,t=3,p=1$V2laYjAwTlFHOUpiekRlVzRQUU0$33h8XwAWM3pKQM7Ksler0l7rMJfseTuWPJKrdX/cGyc', '2024-11-30T00:00:00Z');
+

tests/manual/get_user_info.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/sh
+
+curl -v http://localhost:8085/api/user \
+    -u "a1785786-8be1-443c-9a6f-35feed703609":"49c6c16a-0a8a-4981-a60d-5cb96582cc1a" \
+    -H "Authorization: JWT $(jq -r .access_token tmp/access_token.json)"

tests/manual/login.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/sh
+
+curl -v http://localhost:8085/login \
+    --cookie-jar "tmp/.curl-cookies" \
+    -d login="test" \
+    -d password="test"

tests/manual/oauth2c.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/bash
+
+oauth2c http://localhost:8085 \
+  --client-id "a1785786-8be1-443c-9a6f-35feed703609" \
+  --client-secret "49c6c16a-0a8a-4981-a60d-5cb96582cc1a" \
+  --response-types code \
+  --response-mode query \
+  --grant-type authorization_code \
+  --auth-method client_secret_basic \
+  --scopes "user_read_basic"

tests/manual/register.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/sh
+
+curl -v http://localhost:8085/register \
+    -d email="test@example.org" \
+    -d handle="test" \
+    -d password="test"