From aea08efed61c64e5da103654a4b60bbbc89c1506 Mon Sep 17 00:00:00 2001
From: Fenris Wolf <fenris@folksprak.org>
Date: Fri, 13 Sep 2024 17:49:32 +0200
Subject: [PATCH] [int]

---
 doc/konzept.md                        |  1 +
 source/api/actions/session_begin.ts   | 73 +++++++++++++++++++++++++++
 source/api/actions/session_end.ts     | 36 +++++++++++++
 source/api/actions/session_oidc.ts    | 36 +++++++++++++
 source/api/actions/session_prepare.ts | 55 ++++++++++++++++++++
 source/api/base.ts                    | 11 ++++
 source/api/functions.ts               |  5 ++
 source/conf.ts                        | 18 +++++++
 source/types.ts                       | 23 ++-------
 tools/makefile                        |  2 +
 tools/update-plankton                 |  1 +
 11 files changed, 243 insertions(+), 18 deletions(-)
 create mode 100644 source/api/actions/session_begin.ts
 create mode 100644 source/api/actions/session_end.ts
 create mode 100644 source/api/actions/session_oidc.ts
 create mode 100644 source/api/actions/session_prepare.ts

diff --git a/doc/konzept.md b/doc/konzept.md
index aab1815..707a845 100644
--- a/doc/konzept.md
+++ b/doc/konzept.md
@@ -21,3 +21,4 @@
 - nach dem Anmelden sieht man eine Kalender-Ansicht mit folgenden Kalendern kombiniert angezeigt:
   - öffentliche Kalender
   - nicht öffentliche Kalendar, bei welchen man Lese-Berechtigung hat
+- öffentliche Kalendar können ohne Anmeldung betrachtet werden, jedoch nur mit einem schwer bis gar nicht erratbaren Link
diff --git a/source/api/actions/session_begin.ts b/source/api/actions/session_begin.ts
new file mode 100644
index 0000000..32bfbab
--- /dev/null
+++ b/source/api/actions/session_begin.ts
@@ -0,0 +1,73 @@
+
+namespace _zeitbild.api
+{
+	
+	/**
+	 */
+	export function register_session_begin(
+		rest_subject : lib_plankton.rest.type_rest
+	) : void
+	{
+		lib_plankton.rest.register<
+			{
+				name : string;
+				password : string;
+			},
+			(
+				null
+				|
+				string
+			)
+		>(
+			rest_subject,
+			lib_plankton.http.enum_method.post,
+			"/session/begin",
+			{
+				"description": "führt die Anmeldung am System aus um geschützte Aktionen nutzen zu können",
+				"input_schema": () => ({
+					"type": "object",
+					"properties": {
+						"name": {
+							"type": "string"
+						},
+						"password": {
+							"type": "string"
+						},
+					},
+					"additionalProperties": false,
+					"required": [
+						"name",
+						"password",
+					]
+				}),
+				"output_schema": () => ({
+					"type": "string",
+					"description": "der Sitzungs-Schlüssel, der als Header 'X-Session-Key' gesetzt werden muss um Erlaubnis zur Ausführung geschützter Aktionen zu erhalten",
+				}),
+				"restriction": restriction_none,
+				"execution": async ({"input": input}) => {
+					if (input === null) {
+						return Promise.reject(new Error("impossible"));
+					}
+					else {
+						const admin : (null | _zeitbild.service.admin.type_value) = await _zeitbild.service.admin.login(input.name, input.password);
+						if (admin === null) {
+							return Promise.resolve({
+								"status_code": 403,
+								"data": null,
+							});
+						}
+						else {
+							const session_key : string = await lib_plankton.session.begin(admin.name);
+							return Promise.resolve({
+								"status_code": 201,
+								"data": session_key,
+							});
+						}
+					}
+				},
+			}
+		);
+	}
+	
+}
diff --git a/source/api/actions/session_end.ts b/source/api/actions/session_end.ts
new file mode 100644
index 0000000..124bb5e
--- /dev/null
+++ b/source/api/actions/session_end.ts
@@ -0,0 +1,36 @@
+
+namespace _zeitbild.api
+{
+	
+	/**
+	 */
+	export function register_session_end(
+		rest_subject : lib_plankton.rest.type_rest
+	) : void
+	{
+		register<null, null>(
+			rest_subject,
+			lib_plankton.http.enum_method.delete,
+			"/session/end",
+			{
+				"description": "beendet eine Sitzung",
+				"input_schema": () => ({
+					"type": "null",
+				}),
+				"output_schema": () => ({
+					"type": "null",
+				}),
+				"restriction": restriction_logged_in,
+				"execution": async (stuff) => {
+					const session : {key : string; value : lib_plankton.session.type_session} = await session_from_stuff(stuff);
+					await lib_plankton.session.end(session.key);
+					return Promise.resolve({
+						"status_code": 200,
+						"data": null,
+					});
+				},
+			}
+		);
+	}
+	
+}
diff --git a/source/api/actions/session_oidc.ts b/source/api/actions/session_oidc.ts
new file mode 100644
index 0000000..757f741
--- /dev/null
+++ b/source/api/actions/session_oidc.ts
@@ -0,0 +1,36 @@
+
+namespace _zeitbild.api
+{
+	
+	/**
+	 */
+	export function register_session_oidc(
+		rest_subject : lib_plankton.rest.type_rest
+	) : void
+	{
+		register<null, null>(
+			rest_subject,
+			lib_plankton.http.enum_method.delete,
+			"/session/oidc",
+			{
+				"description": "beendet eine Sitzung",
+				"input_schema": () => ({
+					"type": "null",
+				}),
+				"output_schema": () => ({
+					"type": "null",
+				}),
+				"restriction": restriction_logged_in,
+				"execution": async (stuff) => {
+					const session : {key : string; value : lib_plankton.session.type_session} = await session_from_stuff(stuff);
+					await lib_plankton.session.end(session.key);
+					return Promise.resolve({
+						"status_code": 200,
+						"data": null,
+					});
+				},
+			}
+		);
+	}
+	
+}
diff --git a/source/api/actions/session_prepare.ts b/source/api/actions/session_prepare.ts
new file mode 100644
index 0000000..987dcb5
--- /dev/null
+++ b/source/api/actions/session_prepare.ts
@@ -0,0 +1,55 @@
+
+namespace _zeitbild.api
+{
+	
+	/**
+	 */
+	export function register_session_prepare(
+		rest_subject : lib_plankton.rest.type_rest
+	) : void
+	{
+		lib_plankton.rest.register<
+			{
+				name : string;
+				password : string;
+			},
+			(
+				null
+				|
+				string
+			)
+		>(
+			rest_subject,
+			lib_plankton.http.enum_method.get,
+			"/session/prepare",
+			{
+				"description": "gibt die nötigen Werkzeuge für eine Anmeldung aus",
+				"input_schema": () => ({
+					"nullable": true,
+				}),
+				"output_schema": () => ({
+					"type": "string",
+					"description": "der Sitzungs-Schlüssel, der als Header 'X-Session-Key' gesetzt werden muss um Erlaubnis zur Ausführung geschützter Aktionen zu erhalten",
+				}),
+				"restriction": restriction_none,
+				"execution": async () => {
+					const admin : (null | _zeitbild.service.admin.type_value) = await _zeitbild.service.admin.login(input.name, input.password);
+					if (admin === null) {
+						return Promise.resolve({
+							"status_code": 403,
+							"data": null,
+						});
+					}
+					else {
+						const session_key : string = await lib_plankton.session.begin(admin.name);
+						return Promise.resolve({
+							"status_code": 201,
+							"data": session_key,
+						});
+					}
+				},
+			}
+		);
+	}
+	
+}
diff --git a/source/api/base.ts b/source/api/base.ts
index 6eb2444..93ed49b 100644
--- a/source/api/base.ts
+++ b/source/api/base.ts
@@ -25,6 +25,17 @@ namespace _zeitbild.api
 	}
 	
 	
+	/**
+	 */
+	export const restriction_logged_in : lib_plankton.rest.type_restriction<any> = (
+		(stuff) => (
+			session_from_stuff(stuff)
+			.then(() => Promise.resolve<boolean>(true))
+			.catch(() => Promise.resolve<boolean>(false))
+		)
+	);
+	
+	
 	/**
 	 */
 	export const restriction_none : lib_plankton.rest.type_restriction<any> = (
diff --git a/source/api/functions.ts b/source/api/functions.ts
index 3462811..2987e3b 100644
--- a/source/api/functions.ts
+++ b/source/api/functions.ts
@@ -24,6 +24,11 @@ namespace _zeitbild.api
 			_zeitbild.api.register_meta_ping(rest_subject);
 			_zeitbild.api.register_meta_spec(rest_subject);
 		}
+		// session
+		{
+			_zeitbild.api.register_session_begin(rest_subject);
+			_zeitbild.api.register_session_end(rest_subject);
+		}
 		// calendar
 		{
 			_zeitbild.api.register_calendar_list(rest_subject);
diff --git a/source/conf.ts b/source/conf.ts
index 8e7c31b..d6a0eae 100644
--- a/source/conf.ts
+++ b/source/conf.ts
@@ -87,6 +87,24 @@ namespace _zeitbild.conf
 				};
 			}
 		);
+		authentication : (
+			{
+				kind : "internal";
+				data : {
+				};
+			}
+			|
+			{
+				kind : "oidc";
+				data : {
+					client_id : string;
+					client_secret : string;
+					url_authorization : string;
+					url_token : string;
+					url_userinfo : string;
+				};
+			}
+		);
 		session_management : {
 			in_memory : boolean;
 			drop_all_at_start : boolean;
diff --git a/source/types.ts b/source/types.ts
index 320b81f..43db96a 100644
--- a/source/types.ts
+++ b/source/types.ts
@@ -24,6 +24,11 @@ namespace _zeitbild.type
 	 */
 	export type user_object = {
 		name : string;
+		email_address : (
+			null
+			|
+			string
+		);
 	};
 	
 	
@@ -97,22 +102,4 @@ namespace _zeitbild.type
 		resource_id : resource_id;
 	};
 	
-	
-	/**
-	 */
-	export type root = {
-		users : Array<
-			{
-				id : user_id;
-				object : user_object;
-			}
-		>;
-		calendars : Array<
-			{
-				id : calendar_id;
-				object : calendar_object;
-			}
-		>;
-	};
-	
 }
diff --git a/tools/makefile b/tools/makefile
index cc3dbbb..48cb83a 100644
--- a/tools/makefile
+++ b/tools/makefile
@@ -32,6 +32,8 @@ ${dir_temp}/zeitbild-unlinked.js: \
 		${dir_source}/api/base.ts \
 		${dir_source}/api/actions/meta_ping.ts \
 		${dir_source}/api/actions/meta_spec.ts \
+		${dir_source}/api/actions/session_begin.ts \
+		${dir_source}/api/actions/session_end.ts \
 		${dir_source}/api/actions/calendar_list.ts \
 		${dir_source}/api/actions/events.ts \
 		${dir_source}/api/functions.ts \
diff --git a/tools/update-plankton b/tools/update-plankton
index a156eaf..5f658b0 100755
--- a/tools/update-plankton
+++ b/tools/update-plankton
@@ -22,6 +22,7 @@ modules="${modules} api"
 modules="${modules} rest"
 modules="${modules} server"
 modules="${modules} args"
+modules="${modules} auth"
 
 
 ## exec