generate session cookies and secure the administrator dashboard for real

Author: tayloraswift

Sources/HTTPServer/Responses/ServerMessage.swift

@@ -54,6 +54,9 @@ extension ServerMessage
         case .error:
             status = .internalServerError
 
+        case .forbidden:
+            status = .forbidden
+
         case .none:
             status = .notFound
 

Sources/HTTPServer/Responses/ServerResource.Content.swift

@@ -13,17 +13,22 @@ extension ServerResource
 }
 extension ServerResource.Content
 {
+    @inlinable public
+    var length:Int
+    {
+        switch self
+        {
+        case .binary(let buffer):   return buffer.count
+        case .buffer(let buffer):   return buffer.readableBytes
+        case .string(let string):   return string.utf8.count
+        case .length(let length):   return length
+        }
+    }
     /// Drops any payload storage held by this instance, and replaces it with the length of the
     /// dropped payload. If the payload is already a ``length(_:)``, this function does nothing.
     @inlinable public mutating
     func drop()
     {
-        switch self
-        {
-        case .binary(let buffer):   self = .length(buffer.count)
-        case .buffer(let buffer):   self = .length(buffer.readableBytes)
-        case .string(let string):   self = .length(string.utf8.count)
-        case .length:               return
-        }
+        self = .length(self.length)
     }
 }

Sources/HTTPServer/Responses/ServerResource.Results.swift

@@ -5,6 +5,9 @@ extension ServerResource
     enum Results:Equatable, Hashable, Sendable
     {
         case error
+
+        case forbidden
+
         case many
         case none
         case one(canonical:String?)
@@ -17,7 +20,7 @@ extension ServerResource.Results
     {
         switch self
         {
-        case .error, .many, .none:              return nil
+        case .error, .forbidden, .many, .none:  return nil
         case .one(canonical: let canonical):    return canonical
         }
     }

Sources/HTTPServer/Responses/ServerResponse.swift

@@ -6,3 +6,23 @@ enum ServerResponse:Equatable, Sendable
     case redirect(ServerRedirect, cookies:[Cookie] = [])
     case resource(ServerResource)
 }
+extension ServerResponse
+{
+    @inlinable public static
+    func redirect(_ redirect:ServerRedirect, cookies:KeyValuePairs<String, String>) -> Self
+    {
+        .redirect(redirect, cookies: cookies.map(Cookie.init(name:value:)))
+    }
+}
+extension ServerResponse
+{
+    @inlinable public
+    var resource:ServerResource?
+    {
+        switch self
+        {
+        case .redirect:                 return nil
+        case .resource(let resource):   return resource
+        }
+    }
+}

Sources/UnidocDatabase/Accounts/Account.Database.Users.CookieView.swift

@@ -0,0 +1,23 @@
+import BSONDecoding
+
+extension Account.Database.Users
+{
+    struct CookieView:Equatable, Sendable
+    {
+        let cookie:Int64
+
+        init(cookie:Int64)
+        {
+            self.cookie = cookie
+        }
+    }
+}
+extension Account.Database.Users.CookieView:BSONDocumentDecodable
+{
+    typealias CodingKey = Account.CodingKey
+
+    init(bson:BSON.DocumentDecoder<CodingKey, some RandomAccessCollection<UInt8>>) throws
+    {
+        self.init(cookie: try bson[.cookie].decode())
+    }
+}

Sources/UnidocDatabase/Accounts/Account.Database.Users.RoleView.swift

@@ -0,0 +1,23 @@
+import BSONDecoding
+
+extension Account.Database.Users
+{
+    struct RoleView:Equatable, Sendable
+    {
+        let role:Account.Role
+
+        init(role:Account.Role)
+        {
+            self.role = role
+        }
+    }
+}
+extension Account.Database.Users.RoleView:BSONDocumentDecodable
+{
+    typealias CodingKey = Account.CodingKey
+
+    init(bson:BSON.DocumentDecoder<CodingKey, some RandomAccessCollection<UInt8>>) throws
+    {
+        self.init(role: try bson[.role].decode())
+    }
+}

Sources/UnidocDatabase/Accounts/Account.Database.Users.swift

@@ -1,12 +1,15 @@
+import MongoDB
 import MongoQL
 
 extension Account.Database
 {
-    public
+    @frozen public
     struct Users
     {
+        public
         let database:Mongo.Database
 
+        @inlinable public
         init(database:Mongo.Database)
         {
             self.database = database
@@ -21,17 +24,98 @@ extension Account.Database.Users:DatabaseCollection
     typealias ElementID = Account.ID
 
     static
-    let indexes:[Mongo.CreateIndexStatement] =
-    [
-        .init
+    let indexes:[Mongo.CreateIndexStatement] = []
+}
+extension Account.Database.Users
+{
+    public
+    func validate(cookie:String, with session:Mongo.Session) async throws -> Account.Role?
+    {
+        if  let separator:String.Index = cookie.firstIndex(of: ":"),
+            let account:Account.ID = .init(cookie[..<separator]),
+            let cookie:UInt64 = .init(cookie[cookie.index(after: separator)...])
         {
-            $0[.unique] = true
-            $0[.name] = "session,role"
-            $0[.key] = .init
+            let cookie:Int64 = .init(bitPattern: cookie)
+            return try await self.validate(cookie: cookie, from: account, with: session)
+        }
+        else
+        {
+            return nil
+        }
+    }
+    private
+    func validate(cookie:Int64,
+        from account:Account.ID,
+        with session:Mongo.Session) async throws -> Account.Role?
+    {
+        let matches:[RoleView] = try await session.run(
+            command: Mongo.Find<Mongo.SingleBatch<RoleView>>.init(Self.name, limit: 1)
             {
-                $0[Account[.session]] = (+)
-                $0[Account[.role]] = (+)
-            }
-        },
-    ]
+                $0[.hint] = .init
+                {
+                    $0[Account[.id]] = (+)
+                }
+                $0[.filter] = .init
+                {
+                    $0[Account[.id]] = account
+                    $0[Account[.cookie]] = cookie
+                }
+                $0[.projection] = .init
+                {
+                    $0[Account[.role]] = true
+                }
+            },
+            against: self.database)
+
+        return matches.first?.role
+    }
+
+    /// Upserts the given account into the database, returning a new, randomly-generated
+    /// session cookie if the account was inserted, or the existing cookie if the account
+    /// already exists.
+    ///
+    /// This function always calls into ``Int64.random(in:)``, which might block the current
+    /// thread while it waits for the system to generate a random number. This cookie is only
+    /// secure if the system's random number generator is secure.
+    public
+    func update(account:__owned Account, with session:Mongo.Session) async throws -> String
+    {
+        let cookie:Int64 = try await self.update(account: account, with: session)
+        return "\(account.id):\(UInt64.init(bitPattern: cookie))"
+    }
+
+    private
+    func update(account:__owned Account, with session:Mongo.Session) async throws -> Int64
+    {
+        let (upserted, _):(CookieView, Account.ID?) = try await session.run(
+            command: Mongo.FindAndModify<Mongo.Upserting<CookieView, Account.ID>>.init(
+                Self.name,
+                returning: .new)
+            {
+                $0[.hint] = .init
+                {
+                    $0[Account[.id]] = (+)
+                }
+                $0[.query] = .init
+                {
+                    $0[Account[.id]] = account.id
+                }
+                $0[.update] = .init
+                {
+                    $0[.set] = .init
+                    {
+                        $0[Account[.id]] = account.id
+                        $0[Account[.role]] = account.role
+                        $0[Account[.user]] = account.user
+                    }
+                    $0[.setOnInsert] = .init
+                    {
+                        $0[Account[.cookie]] = Int64.random(in: .min ... .max)
+                    }
+                }
+            },
+            against: self.database)
+
+        return upserted.cookie
+    }
 }

Sources/UnidocDatabase/Accounts/Account.Database.swift

@@ -17,65 +17,14 @@ extension Account
 }
 extension Account.Database
 {
+    @inlinable public
     var users:Users { .init(database: self.id) }
 }
-extension Account.Database
-{
-    public static
-    func setup(as id:Mongo.Database, in pool:__owned Mongo.SessionPool) async throws -> Self
-    {
-        let database:Self = .init(id: id)
-        try await database.setup(with: try await .init(from: pool))
-        return database
-    }
-
-    private
-    func setup(with session:Mongo.Session) async throws
-    {
-        do
-        {
-            try await self.users.setup(with: session)
-        }
-        catch let error
-        {
-            print("""
-                warning: some indexes are no longer valid. \
-                the database '\(self.id)' likely needs to be rebuilt.
-                """)
-            print(error)
-        }
-    }
-}
-extension Account.Database
+extension Account.Database:DatabaseModel
 {
     public
-    func upsert(account:__owned Account, with session:Mongo.Session) async throws
-    {
-        try await self.users.upsert(account, with: session)
-    }
-
-    public
-    func cookie(_ value:String,
-        indicates role:Account.Role,
-        with session:Mongo.Session) async throws -> Bool
+    func setup(with session:Mongo.Session) async throws
     {
-        //  FIXME: we don’t need to return the entire account document here.
-        let matches:[Account] = try await session.run(
-            command: Mongo.Find<Mongo.SingleBatch<Account>>.init(Users.name, limit: 1)
-            {
-                $0[.filter] = .init
-                {
-                    $0[Account[.session]] = value
-                    $0[Account[.role]] = role
-                }
-                $0[.hint] = .init
-                {
-                    $0[Account[.session]] = (+)
-                    $0[Account[.role]] = (+)
-                }
-            },
-            against: self.id)
-
-        return !matches.isEmpty
+        try await self.users.setup(with: session)
     }
 }

Sources/UnidocDatabase/Accounts/Account.ID.swift

@@ -38,3 +38,27 @@ extension Account.ID:RawRepresentable
 extension Account.ID:BSONDecodable, BSONEncodable
 {
 }
+extension Account.ID:CustomStringConvertible
+{
+    @inlinable public
+    var description:String
+    {
+        "\(UInt64.init(bitPattern: self.rawValue))"
+    }
+}
+extension Account.ID:LosslessStringConvertible
+{
+    @inlinable public
+    init?(_ description:some StringProtocol)
+    {
+        if  let value:UInt64 = .init(description),
+            let value:Self = .init(rawValue: .init(bitPattern: value))
+        {
+            self = value
+        }
+        else
+        {
+            return nil
+        }
+    }
+}