Add vault-level access control

2025-03-29 12:25:15 +00:00 · 2025-03-29 12:25:15 +00:00 · b3e98d32b6
commit b3e98d32b6
parent a8c813b9a7
17 changed files with 86 additions and 41 deletions
--- a/backend/sync_server/src/config/database_config.rs
+++ b/backend/sync_server/src/config/database_config.rs
@ -3,15 +3,15 @@ use std::path::PathBuf;
 use log::debug;
 use serde::{Deserialize, Serialize};

-use crate::consts::{DEFAULT_DATABASES_DIRECTORY_PATH, DEFAULT_MAX_CONNECTIONS};
+use crate::consts::{DEFAULT_DATABASES_DIRECTORY_PATH, DEFAULT_MAX_CONNECTIONS_PER_VAULT};

 #[derive(Debug, Deserialize, Serialize, Clone)]
 pub struct DatabaseConfig {
    #[serde(default = "default_databases_directory_path")]
    pub databases_directory_path: PathBuf,

-    #[serde(default = "default_max_connections")]
-    pub max_connections: u32,
+    #[serde(default = "default_max_connections_per_vault")]
+    pub max_connections_per_vault: u32,
 }

 fn default_databases_directory_path() -> PathBuf {
@ -19,16 +19,16 @@ fn default_databases_directory_path() -> PathBuf {
    PathBuf::from(DEFAULT_DATABASES_DIRECTORY_PATH)
 }

-fn default_max_connections() -> u32 {
-    debug!("Using default max connections: {DEFAULT_MAX_CONNECTIONS}");
-    DEFAULT_MAX_CONNECTIONS
+fn default_max_connections_per_vault() -> u32 {
+    debug!("Using default max connections: {DEFAULT_MAX_CONNECTIONS_PER_VAULT}");
+    DEFAULT_MAX_CONNECTIONS_PER_VAULT
 }

 impl Default for DatabaseConfig {
    fn default() -> Self {
        Self {
            databases_directory_path: default_databases_directory_path(),
-            max_connections: default_max_connections(),
+            max_connections_per_vault: default_max_connections_per_vault(),
        }
    }
 }
--- a/backend/sync_server/src/config/user_config.rs
+++ b/backend/sync_server/src/config/user_config.rs
@ -1,6 +1,10 @@
+use std::default;
+
 use rand::{Rng as _, distributions::Alphanumeric, thread_rng};
 use serde::{Deserialize, Serialize};

+use crate::app_state::database::models::VaultId;
+
 #[derive(Debug, Deserialize, Serialize, Clone)]
 pub struct UserConfig {
    #[serde(default = "default_users")]
@ -17,6 +21,7 @@ impl UserConfig {
 pub struct User {
    pub name: String,
    pub token: String,
+    pub vault_access: VaultAccess,
 }

 impl Default for UserConfig {
@ -27,10 +32,25 @@ impl Default for UserConfig {
    }
 }

+#[derive(Debug, Deserialize, Serialize, Clone, Default)]
+#[serde(rename_all = "snake_case", tag = "type")]
+pub enum VaultAccess {
+    #[default]
+    AllowAccessToAll,
+
+    AllowList(AllowListedVaults),
+}
+
+#[derive(Debug, Deserialize, Serialize, Clone, Default)]
+pub struct AllowListedVaults {
+    pub allowed: Vec<VaultId>,
+}
+
 fn default_users() -> Vec<User> {
    vec![User {
        name: "admin".to_owned(),
        token: get_random_token(),
+        vault_access: VaultAccess::default(),
    }]
 }