ldap_backend/src/bin/update_groups.rs

use chrono::{Datelike, Utc};
use dotenvy::dotenv;
use ldap3::{LdapConn, Mod};
use skynet_ldap_backend::{db_init, get_config, read_csv, Accounts, Config};
use sqlx::{Pool, Sqlite};
use std::{collections::HashSet, env, error::Error};

#[async_std::main]
async fn main() -> tide::Result<()> {
    let config = get_config();

    update_users(&config).await?;
    update_admin(&config).await?;
    update_committee(&config).await?;

    Ok(())
}

async fn update_users(config: &Config) -> tide::Result<()> {
    let mut users_tmp = HashSet::new();
    // default user to ensure group is never empty
    users_tmp.insert(String::from("compsoc"));

    if let Ok(x) = env::var("USERS_LIFETIME") {
        for user in x.split(',').collect::<Vec<&str>>() {
            users_tmp.insert(user.to_string());
        }
    }

    /*
    pull in data from wolves (csv or api (hopefully api)
    pull entire ldap data

    for every valid user in wolves match to ldap
    add to users
    */
    // pull from wolves csv
    for user in from_csv(config).await.unwrap_or_default() {
        users_tmp.insert(user);
    }

    // sorting makes it easier/faster
    if let Ok(x) = env::var("USERS_BANNED") {
        for user in x.split(',').collect::<Vec<&str>>() {
            users_tmp.remove(user);
        }
    }

    // easier to work with Strings above but easier to work with &str below
    let users: Vec<&str> = users_tmp.iter().map(|s| &**s).collect();

    update_group(config, "skynet-users", &users, true).await?;

    Ok(())
}

fn uid_to_dn(uid: &str) -> String {
    format!("uid={},ou=users,dc=skynet,dc=ie", uid)
}

async fn update_admin(config: &Config) -> tide::Result<()> {
    dotenv().ok();

    // read from teh env
    if let Ok(x) = env::var("USERS_ADMIN") {
        let users = x.split(',').collect::<Vec<&str>>();

        update_group(config, "skynet-admins", &users, true).await?;
        // admins automatically get added as users
        update_group(config, "skynet-users", &users, false).await?;
    }
    Ok(())
}

async fn update_committee(config: &Config) -> tide::Result<()> {
    dotenv().ok();

    // read from teh env
    if let Ok(x) = env::var("USERS_COMMITTEE") {
        let users = x.split(',').collect::<Vec<&str>>();

        update_group(config, "skynet-committee", &users, true).await?;
        // admins automatically get added as users
        update_group(config, "skynet-users", &users, false).await?;
    }
    Ok(())
}

async fn update_group(config: &Config, group: &str, users: &[&str], replace: bool) -> tide::Result<()> {
    if users.is_empty() {
        return Ok(());
    }

    let mut ldap = LdapConn::new(&config.ldap_host)?;

    // use the admin account
    ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;

    let dn = format!("cn={},ou=groups,dc=skynet,dc=ie", group);
    let members = users.iter().map(|uid| uid_to_dn(uid)).collect();
    let mods = if replace {
        vec![Mod::Replace("member".to_string(), members)]
    } else {
        vec![Mod::Add("member".to_string(), members)]
    };

    if let Err(x) = ldap.modify(&dn, mods) {
        println!("{:?}", x);
    }

    let dn_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group);
    let members_linux = users.iter().map(|uid| uid.to_string()).collect();
    let mods = if replace {
        vec![Mod::Replace("memberUid".to_string(), members_linux)]
    } else {
        vec![Mod::Add("memberUid".to_string(), members_linux)]
    };
    if let Err(x) = ldap.modify(&dn_linux, mods) {
        println!("{:?}", x);
    };

    // tidy up
    ldap.unbind()?;

    Ok(())
}

async fn from_csv(config: &Config) -> Result<HashSet<String>, Box<dyn Error>> {
    let db = db_init(config).await.unwrap();

    let mut uids = HashSet::new();

    let records = read_csv(config)?;

    let now = Utc::now();
    let today = format!("{}-{:02}-{:02}", now.year(), now.month(), now.day());

    for record in records {
        // only import users if it is actually active.
        if record.expiry < today {
            continue;
        }

        if let Some(uid) = account_mail_get_uid(&db, &record.email).await {
            uids.insert(uid);
        } else if let Some(uid) = account_id_get_uid(&db, &record.id_student).await {
            uids.insert(uid);
        }
    }

    Ok(uids)
}

async fn account_mail_get_uid(db: &Pool<Sqlite>, mail: &str) -> Option<String> {
    match sqlx::query_as::<_, Accounts>(
        r#"
        SELECT user
        FROM accounts
        WHERE mail == ?
        "#,
    )
    .bind(mail)
    .fetch_all(db)
    .await
    {
        Ok(res) => {
            if res.is_empty() {
                None
            } else {
                Some(res[0].user.to_owned())
            }
        }
        Err(_) => None,
    }
}

async fn account_id_get_uid(db: &Pool<Sqlite>, id: &str) -> Option<String> {
    match sqlx::query_as::<_, Accounts>(
        r#"
        SELECT student_id
        FROM accounts
        WHERE mail == ?
        "#,
    )
    .bind(id)
    .fetch_all(db)
    .await
    {
        Ok(res) => {
            if res.is_empty() {
                None
            } else {
                Some(res[0].student_id.to_owned())
            }
        }
        Err(_) => None,
    }
}
fix: make sure that an old csv does not cause issues. 2023-07-17 00:38:02 +01:00			`use chrono::{Datelike, Utc};`
pkg: newer dotenv 2023-07-29 22:19:15 +01:00			`use dotenvy::dotenv;`
fmt: clippy and fmt 2023-07-30 01:19:19 +01:00			`use ldap3::{LdapConn, Mod};`
			`use skynet_ldap_backend::{db_init, get_config, read_csv, Accounts, Config};`
			`use sqlx::{Pool, Sqlite};`
			`use std::{collections::HashSet, env, error::Error};`
feat: first time adding users to groups 2023-06-18 17:19:59 +01:00
			`#[async_std::main]`
			`async fn main() -> tide::Result<()> {`
			`let config = get_config();`

feat: basic structure for general suers, still need the wolves api 2023-06-18 19:10:46 +01:00			`update_users(&config).await?;`
feat: first time adding users to groups 2023-06-18 17:19:59 +01:00			`update_admin(&config).await?;`
feat: mantain committee group as well 2023-06-18 18:37:44 +01:00			`update_committee(&config).await?;`
fmt: fmt and clippy 2023-06-18 18:34:27 +01:00
feat: first time adding users to groups 2023-06-18 17:19:59 +01:00			`Ok(())`
			`}`

feat: basic structure for general suers, still need the wolves api 2023-06-18 19:10:46 +01:00			`async fn update_users(config: &Config) -> tide::Result<()> {`
fmt: fmt and clippy 2023-07-17 00:14:48 +01:00			`let mut users_tmp = HashSet::new();`
			`// default user to ensure group is never empty`
			`users_tmp.insert(String::from("compsoc"));`
feat: basic structure for general suers, still need the wolves api 2023-06-18 19:10:46 +01:00
			`if let Ok(x) = env::var("USERS_LIFETIME") {`
			`for user in x.split(',').collect::<Vec<&str>>() {`
fmt: fmt and clippy 2023-07-17 00:14:48 +01:00			`users_tmp.insert(user.to_string());`
feat: basic structure for general suers, still need the wolves api 2023-06-18 19:10:46 +01:00			`}`
			`}`

			`/*`
			`pull in data from wolves (csv or api (hopefully api)`
			`pull entire ldap data`

			`for every valid user in wolves match to ldap`
			`add to users`
			`*/`
fmt: fmt and clippy 2023-07-17 00:14:48 +01:00			`// pull from wolves csv`
			`for user in from_csv(config).await.unwrap_or_default() {`
			`users_tmp.insert(user);`
			`}`
feat: basic structure for general suers, still need the wolves api 2023-06-18 19:10:46 +01:00
			`// sorting makes it easier/faster`
			`if let Ok(x) = env::var("USERS_BANNED") {`
			`for user in x.split(',').collect::<Vec<&str>>() {`
fmt: fmt and clippy 2023-07-17 00:14:48 +01:00			`users_tmp.remove(user);`
feat: basic structure for general suers, still need the wolves api 2023-06-18 19:10:46 +01:00			`}`
			`}`

			`// easier to work with Strings above but easier to work with &str below`
			`let users: Vec<&str> = users_tmp.iter().map(\|s\| &**s).collect();`

			`update_group(config, "skynet-users", &users, true).await?;`

			`Ok(())`
			`}`
fmt: fmt and clippy 2023-06-18 18:34:27 +01:00
			`fn uid_to_dn(uid: &str) -> String {`
feat: first time adding users to groups 2023-06-18 17:19:59 +01:00			`format!("uid={},ou=users,dc=skynet,dc=ie", uid)`
			`}`

fmt: fmt and clippy 2023-06-18 18:34:27 +01:00			`async fn update_admin(config: &Config) -> tide::Result<()> {`
feat: now get the users from teh env 2023-06-18 18:29:49 +01:00			`dotenv().ok();`
fmt: fmt and clippy 2023-06-18 18:34:27 +01:00
feat: now get the users from teh env 2023-06-18 18:29:49 +01:00			`// read from teh env`
			`if let Ok(x) = env::var("USERS_ADMIN") {`
			`let users = x.split(',').collect::<Vec<&str>>();`
fmt: fmt and clippy 2023-06-18 18:34:27 +01:00
			`update_group(config, "skynet-admins", &users, true).await?;`
feat: now get the users from teh env 2023-06-18 18:29:49 +01:00			`// admins automatically get added as users`
fmt: fmt and clippy 2023-06-18 18:34:27 +01:00			`update_group(config, "skynet-users", &users, false).await?;`
feat: now get the users from teh env 2023-06-18 18:29:49 +01:00			`}`
feat: turned group add into a nice function 2023-06-18 17:33:39 +01:00			`Ok(())`
			`}`

feat: mantain committee group as well 2023-06-18 18:37:44 +01:00			`async fn update_committee(config: &Config) -> tide::Result<()> {`
			`dotenv().ok();`

			`// read from teh env`
			`if let Ok(x) = env::var("USERS_COMMITTEE") {`
			`let users = x.split(',').collect::<Vec<&str>>();`

			`update_group(config, "skynet-committee", &users, true).await?;`
			`// admins automatically get added as users`
			`update_group(config, "skynet-users", &users, false).await?;`
			`}`
			`Ok(())`
			`}`

fmt: fmt and clippy 2023-06-18 18:34:27 +01:00			`async fn update_group(config: &Config, group: &str, users: &[&str], replace: bool) -> tide::Result<()> {`
fix: dont do anything if there are no users 2023-06-18 20:47:36 +01:00			`if users.is_empty() {`
			`return Ok(());`
			`}`

feat: first time adding users to groups 2023-06-18 17:19:59 +01:00			`let mut ldap = LdapConn::new(&config.ldap_host)?;`

			`// use the admin account`
			`ldap.simple_bind(&config.ldap_admin, &config.ldap_admin_pw)?.success()?;`
feat: turned group add into a nice function 2023-06-18 17:33:39 +01:00
fix: little bit of a tidy up 2023-06-18 18:32:52 +01:00			`let dn = format!("cn={},ou=groups,dc=skynet,dc=ie", group);`
fmt: fmt and clippy 2023-06-18 18:34:27 +01:00			`let members = users.iter().map(\|uid\| uid_to_dn(uid)).collect();`
feat: added override to ensure that admins have user perms 2023-06-18 17:45:33 +01:00			`let mods = if replace {`
fix: little bit of a tidy up 2023-06-18 18:32:52 +01:00			`vec![Mod::Replace("member".to_string(), members)]`
feat: added override to ensure that admins have user perms 2023-06-18 17:45:33 +01:00			`} else {`
fix: little bit of a tidy up 2023-06-18 18:32:52 +01:00			`vec![Mod::Add("member".to_string(), members)]`
feat: added override to ensure that admins have user perms 2023-06-18 17:45:33 +01:00			`};`
fmt: fmt and clippy 2023-06-18 18:34:27 +01:00
fix: little bit of a tidy up 2023-06-18 18:32:52 +01:00			`if let Err(x) = ldap.modify(&dn, mods) {`
feat: added override to ensure that admins have user perms 2023-06-18 17:45:33 +01:00			`println!("{:?}", x);`
			`}`
feat: turned group add into a nice function 2023-06-18 17:33:39 +01:00
fix: little bit of a tidy up 2023-06-18 18:32:52 +01:00			`let dn_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group);`
fmt: fmt and clippy 2023-06-18 18:34:27 +01:00			`let members_linux = users.iter().map(\|uid\| uid.to_string()).collect();`
feat: added override to ensure that admins have user perms 2023-06-18 17:45:33 +01:00			`let mods = if replace {`
fix: little bit of a tidy up 2023-06-18 18:32:52 +01:00			`vec![Mod::Replace("memberUid".to_string(), members_linux)]`
feat: added override to ensure that admins have user perms 2023-06-18 17:45:33 +01:00			`} else {`
fix: little bit of a tidy up 2023-06-18 18:32:52 +01:00			`vec![Mod::Add("memberUid".to_string(), members_linux)]`
feat: added override to ensure that admins have user perms 2023-06-18 17:45:33 +01:00			`};`
fmt: fmt and clippy 2023-06-18 18:34:27 +01:00			`if let Err(x) = ldap.modify(&dn_linux, mods) {`
feat: added override to ensure that admins have user perms 2023-06-18 17:45:33 +01:00			`println!("{:?}", x);`
			`};`
feat: first time adding users to groups 2023-06-18 17:19:59 +01:00
fix: little bit of a tidy up 2023-06-18 18:32:52 +01:00			`// tidy up`
feat: first time adding users to groups 2023-06-18 17:19:59 +01:00			`ldap.unbind()?;`
feat: turned group add into a nice function 2023-06-18 17:33:39 +01:00
feat: first time adding users to groups 2023-06-18 17:19:59 +01:00			`Ok(())`
fmt: fmt and clippy 2023-06-18 18:34:27 +01:00			`}`
feat: now able to pull data from the csv 2023-07-16 23:29:52 +01:00
fmt: fmt and clippy 2023-07-17 00:14:48 +01:00			`async fn from_csv(config: &Config) -> Result<HashSet<String>, Box<dyn Error>> {`
fmt: clippy and fmt 2023-07-30 01:19:19 +01:00			`let db = db_init(config).await.unwrap();`

feat: now able to pull data from the csv 2023-07-16 23:29:52 +01:00			`let mut uids = HashSet::new();`

feat: add proper env vars for home and the csv 2023-07-17 01:24:52 +01:00			`let records = read_csv(config)?;`
fmt: fmt and clippy 2023-07-17 00:14:48 +01:00
fix: make sure that an old csv does not cause issues. 2023-07-17 00:38:02 +01:00			`let now = Utc::now();`
			`let today = format!("{}-{:02}-{:02}", now.year(), now.month(), now.day());`

feat: now able to pull data from the csv 2023-07-16 23:29:52 +01:00			`for record in records {`
fix: make sure that an old csv does not cause issues. 2023-07-17 00:38:02 +01:00			`// only import users if it is actually active.`
			`if record.expiry < today {`
			`continue;`
			`}`

fmt: clippy and fmt 2023-07-30 01:19:19 +01:00			`if let Some(uid) = account_mail_get_uid(&db, &record.email).await {`
			`uids.insert(uid);`
			`} else if let Some(uid) = account_id_get_uid(&db, &record.id_student).await {`
			`uids.insert(uid);`
feat: now able to pull data from the csv 2023-07-16 23:29:52 +01:00			`}`
			`}`
fmt: fmt and clippy 2023-07-17 00:14:48 +01:00
feat: now able to pull data from the csv 2023-07-16 23:29:52 +01:00			`Ok(uids)`
			`}`
fmt: clippy and fmt 2023-07-30 01:19:19 +01:00
			`async fn account_mail_get_uid(db: &Pool<Sqlite>, mail: &str) -> Option<String> {`
			`match sqlx::query_as::<_, Accounts>(`
			`r#"`
			`SELECT user`
			`FROM accounts`
			`WHERE mail == ?`
			`"#,`
			`)`
			`.bind(mail)`
			`.fetch_all(db)`
			`.await`
			`{`
			`Ok(res) => {`
			`if res.is_empty() {`
			`None`
			`} else {`
			`Some(res[0].user.to_owned())`
			`}`
			`}`
			`Err(_) => None,`
			`}`
			`}`

			`async fn account_id_get_uid(db: &Pool<Sqlite>, id: &str) -> Option<String> {`
			`match sqlx::query_as::<_, Accounts>(`
			`r#"`
			`SELECT student_id`
			`FROM accounts`
			`WHERE mail == ?`
			`"#,`
			`)`
			`.bind(id)`
			`.fetch_all(db)`
			`.await`
			`{`
			`Ok(res) => {`
			`if res.is_empty() {`
			`None`
			`} else {`
			`Some(res[0].student_id.to_owned())`
			`}`
			`}`
			`Err(_) => None,`
			`}`
			`}`