[int]

doc/konzept.md

@@ -21,3 +21,4 @@
 - nach dem Anmelden sieht man eine Kalender-Ansicht mit folgenden Kalendern kombiniert angezeigt:
   - öffentliche Kalender
   - nicht öffentliche Kalendar, bei welchen man Lese-Berechtigung hat
+- öffentliche Kalendar können ohne Anmeldung betrachtet werden, jedoch nur mit einem schwer bis gar nicht erratbaren Link

source/api/actions/session_begin.ts

@@ -0,0 +1,73 @@
+
+namespace _zeitbild.api
+{
+	
+	/**
+	 */
+	export function register_session_begin(
+		rest_subject : lib_plankton.rest.type_rest
+	) : void
+	{
+		lib_plankton.rest.register<
+			{
+				name : string;
+				password : string;
+			},
+			(
+				null
+				|
+				string
+			)
+		>(
+			rest_subject,
+			lib_plankton.http.enum_method.post,
+			"/session/begin",
+			{
+				"description": "führt die Anmeldung am System aus um geschützte Aktionen nutzen zu können",
+				"input_schema": () => ({
+					"type": "object",
+					"properties": {
+						"name": {
+							"type": "string"
+						},
+						"password": {
+							"type": "string"
+						},
+					},
+					"additionalProperties": false,
+					"required": [
+						"name",
+						"password",
+					]
+				}),
+				"output_schema": () => ({
+					"type": "string",
+					"description": "der Sitzungs-Schlüssel, der als Header 'X-Session-Key' gesetzt werden muss um Erlaubnis zur Ausführung geschützter Aktionen zu erhalten",
+				}),
+				"restriction": restriction_none,
+				"execution": async ({"input": input}) => {
+					if (input === null) {
+						return Promise.reject(new Error("impossible"));
+					}
+					else {
+						const admin : (null | _zeitbild.service.admin.type_value) = await _zeitbild.service.admin.login(input.name, input.password);
+						if (admin === null) {
+							return Promise.resolve({
+								"status_code": 403,
+								"data": null,
+							});
+						}
+						else {
+							const session_key : string = await lib_plankton.session.begin(admin.name);
+							return Promise.resolve({
+								"status_code": 201,
+								"data": session_key,
+							});
+						}
+					}
+				},
+			}
+		);
+	}
+	
+}

source/api/actions/session_end.ts

@@ -0,0 +1,36 @@
+
+namespace _zeitbild.api
+{
+	
+	/**
+	 */
+	export function register_session_end(
+		rest_subject : lib_plankton.rest.type_rest
+	) : void
+	{
+		register<null, null>(
+			rest_subject,
+			lib_plankton.http.enum_method.delete,
+			"/session/end",
+			{
+				"description": "beendet eine Sitzung",
+				"input_schema": () => ({
+					"type": "null",
+				}),
+				"output_schema": () => ({
+					"type": "null",
+				}),
+				"restriction": restriction_logged_in,
+				"execution": async (stuff) => {
+					const session : {key : string; value : lib_plankton.session.type_session} = await session_from_stuff(stuff);
+					await lib_plankton.session.end(session.key);
+					return Promise.resolve({
+						"status_code": 200,
+						"data": null,
+					});
+				},
+			}
+		);
+	}
+	
+}

source/api/actions/session_oidc.ts

@@ -0,0 +1,36 @@
+
+namespace _zeitbild.api
+{
+	
+	/**
+	 */
+	export function register_session_oidc(
+		rest_subject : lib_plankton.rest.type_rest
+	) : void
+	{
+		register<null, null>(
+			rest_subject,
+			lib_plankton.http.enum_method.delete,
+			"/session/oidc",
+			{
+				"description": "beendet eine Sitzung",
+				"input_schema": () => ({
+					"type": "null",
+				}),
+				"output_schema": () => ({
+					"type": "null",
+				}),
+				"restriction": restriction_logged_in,
+				"execution": async (stuff) => {
+					const session : {key : string; value : lib_plankton.session.type_session} = await session_from_stuff(stuff);
+					await lib_plankton.session.end(session.key);
+					return Promise.resolve({
+						"status_code": 200,
+						"data": null,
+					});
+				},
+			}
+		);
+	}
+	
+}

source/api/actions/session_prepare.ts

@@ -0,0 +1,55 @@
+
+namespace _zeitbild.api
+{
+	
+	/**
+	 */
+	export function register_session_prepare(
+		rest_subject : lib_plankton.rest.type_rest
+	) : void
+	{
+		lib_plankton.rest.register<
+			{
+				name : string;
+				password : string;
+			},
+			(
+				null
+				|
+				string
+			)
+		>(
+			rest_subject,
+			lib_plankton.http.enum_method.get,
+			"/session/prepare",
+			{
+				"description": "gibt die nötigen Werkzeuge für eine Anmeldung aus",
+				"input_schema": () => ({
+					"nullable": true,
+				}),
+				"output_schema": () => ({
+					"type": "string",
+					"description": "der Sitzungs-Schlüssel, der als Header 'X-Session-Key' gesetzt werden muss um Erlaubnis zur Ausführung geschützter Aktionen zu erhalten",
+				}),
+				"restriction": restriction_none,
+				"execution": async () => {
+					const admin : (null | _zeitbild.service.admin.type_value) = await _zeitbild.service.admin.login(input.name, input.password);
+					if (admin === null) {
+						return Promise.resolve({
+							"status_code": 403,
+							"data": null,
+						});
+					}
+					else {
+						const session_key : string = await lib_plankton.session.begin(admin.name);
+						return Promise.resolve({
+							"status_code": 201,
+							"data": session_key,
+						});
+					}
+				},
+			}
+		);
+	}
+	
+}

source/api/base.ts

@@ -25,6 +25,17 @@ namespace _zeitbild.api
 	}
 	
 	
+	/**
+	 */
+	export const restriction_logged_in : lib_plankton.rest.type_restriction<any> = (
+		(stuff) => (
+			session_from_stuff(stuff)
+			.then(() => Promise.resolve<boolean>(true))
+			.catch(() => Promise.resolve<boolean>(false))
+		)
+	);
+	
+	
 	/**
 	 */
 	export const restriction_none : lib_plankton.rest.type_restriction<any> = (

source/api/functions.ts

@@ -24,6 +24,11 @@ namespace _zeitbild.api
 			_zeitbild.api.register_meta_ping(rest_subject);
 			_zeitbild.api.register_meta_spec(rest_subject);
 		}
+		// session
+		{
+			_zeitbild.api.register_session_begin(rest_subject);
+			_zeitbild.api.register_session_end(rest_subject);
+		}
 		// calendar
 		{
 			_zeitbild.api.register_calendar_list(rest_subject);

source/conf.ts

@@ -87,6 +87,24 @@ namespace _zeitbild.conf
 				};
 			}
 		);
+		authentication : (
+			{
+				kind : "internal";
+				data : {
+				};
+			}
+			|
+			{
+				kind : "oidc";
+				data : {
+					client_id : string;
+					client_secret : string;
+					url_authorization : string;
+					url_token : string;
+					url_userinfo : string;
+				};
+			}
+		);
 		session_management : {
 			in_memory : boolean;
 			drop_all_at_start : boolean;

source/types.ts

@@ -24,6 +24,11 @@ namespace _zeitbild.type
 	 */
 	export type user_object = {
 		name : string;
+		email_address : (
+			null
+			|
+			string
+		);
 	};
 	
 	
@@ -97,22 +102,4 @@ namespace _zeitbild.type
 		resource_id : resource_id;
 	};
 	
-	
-	/**
-	 */
-	export type root = {
-		users : Array<
-			{
-				id : user_id;
-				object : user_object;
-			}
-		>;
-		calendars : Array<
-			{
-				id : calendar_id;
-				object : calendar_object;
-			}
-		>;
-	};
-	
 }

tools/makefile

@@ -32,6 +32,8 @@ ${dir_temp}/zeitbild-unlinked.js: \
 		${dir_source}/api/base.ts \
 		${dir_source}/api/actions/meta_ping.ts \
 		${dir_source}/api/actions/meta_spec.ts \
+		${dir_source}/api/actions/session_begin.ts \
+		${dir_source}/api/actions/session_end.ts \
 		${dir_source}/api/actions/calendar_list.ts \
 		${dir_source}/api/actions/events.ts \
 		${dir_source}/api/functions.ts \

tools/update-plankton

@@ -22,6 +22,7 @@ modules="${modules} api"
 modules="${modules} rest"
 modules="${modules} server"
 modules="${modules} args"
+modules="${modules} auth"
 
 
 ## exec