feat(orm): varchar(n) support (#64)

Author: m4tx

.github/workflows/rust.yml

@@ -50,7 +50,7 @@ jobs:
         run: cargo +${{ matrix.rust }} build
 
       - name: Test
-        run: cargo +${{ matrix.rust }} nextest run
+        run: cargo +${{ matrix.rust }} nextest run --all-features
 
       # Nextest does not support doc tests as in stable Rust
       # they are not exposed in the same way as normal tests.

flareon/Cargo.toml

@@ -16,6 +16,7 @@ bytes.workspace = true
 chrono.workspace = true
 derive_builder.workspace = true
 derive_more.workspace = true
+fake = { workspace = true, optional = true }
 flareon_macros.workspace = true
 form_urlencoded.workspace = true
 futures-core.workspace = true
@@ -30,6 +31,7 @@ mime_guess.workspace = true
 mockall.workspace = true
 password-auth.workspace = true
 pin-project-lite.workspace = true
+rand = { workspace = true, optional = true }
 regex.workspace = true
 sea-query-binder.workspace = true
 sea-query.workspace = true
@@ -59,3 +61,6 @@ ignored = [
     # time requires version 0.3.35 to work with the latest versions of Rust, but we don't use it directly
     "time",
 ]
+
+[features]
+fake = ["dep:fake", "dep:rand"]

flareon/src/auth.rs

@@ -285,7 +285,12 @@ impl PasswordHash {
     /// Returns an error if the password hash is invalid.
     pub fn new<T: Into<String>>(hash: T) -> Result<Self> {
         let hash = hash.into();
+
+        if hash.len() > MAX_PASSWORD_HASH_LENGTH as usize {
+            return Err(AuthError::PasswordHashInvalid);
+        }
         password_auth::is_hash_obsolete(&hash).map_err(|_| AuthError::PasswordHashInvalid)?;
+
         Ok(Self(hash))
     }
 
@@ -303,6 +308,8 @@ impl PasswordHash {
     #[must_use]
     pub fn from_password(password: &Password) -> Self {
         let hash = password_auth::generate_hash(password.as_str());
+
+        assert!(hash.len() <= MAX_PASSWORD_HASH_LENGTH as usize);
         Self(hash)
     }
 
@@ -393,9 +400,10 @@ impl Debug for PasswordHash {
     }
 }
 
+const MAX_PASSWORD_HASH_LENGTH: u32 = 128;
+
 impl DatabaseField for PasswordHash {
-    // TODO change to length-limiting type
-    const TYPE: ColumnType = ColumnType::Text;
+    const TYPE: ColumnType = ColumnType::String(MAX_PASSWORD_HASH_LENGTH);
 }
 
 impl FromDbValue for PasswordHash {

flareon/src/auth/db.rs

@@ -9,6 +9,7 @@ use async_trait::async_trait;
 use flareon_macros::model;
 use hmac::{Hmac, KeyInit, Mac};
 use sha2::Sha512;
+use thiserror::Error;
 
 use crate::admin::{AdminModel, AdminModelManager, DefaultAdminModelManager};
 use crate::auth::{
@@ -17,24 +18,33 @@ use crate::auth::{
 };
 use crate::config::SecretKey;
 use crate::db::migrations::DynMigration;
-use crate::db::{query, DatabaseBackend, Model};
+use crate::db::{query, DatabaseBackend, LimitedString, Model};
 use crate::request::{Request, RequestExt};
 use crate::FlareonApp;
 
 pub mod migrations;
 
+pub(crate) const MAX_USERNAME_LENGTH: u32 = 255;
+
 /// A user stored in the database.
 #[derive(Debug, Clone)]
 #[model]
 pub struct DatabaseUser {
     id: i64,
-    username: String,
+    username: LimitedString<MAX_USERNAME_LENGTH>,
     password: PasswordHash,
 }
 
+#[derive(Debug, Clone, Error)]
+#[non_exhaustive]
+pub enum CreateUserError {
+    #[error("username is too long (max {MAX_USERNAME_LENGTH} characters, got {0})")]
+    UsernameTooLong(usize),
+}
+
 impl DatabaseUser {
     #[must_use]
-    pub fn new(id: i64, username: String, password: &Password) -> Self {
+    pub fn new(id: i64, username: LimitedString<MAX_USERNAME_LENGTH>, password: &Password) -> Self {
         Self {
             id,
             username,
@@ -88,7 +98,13 @@ impl DatabaseUser {
         username: T,
         password: U,
     ) -> Result<Self> {
-        let mut user = Self::new(0, username.into(), &password.into());
+        let username = username.into();
+        let username_length = username.len();
+        let username = LimitedString::<MAX_USERNAME_LENGTH>::new(username).map_err(|_| {
+            AuthError::backend_error(CreateUserError::UsernameTooLong(username_length))
+        })?;
+
+        let mut user = Self::new(0, username, &password.into());
         user.save(db).await.map_err(AuthError::backend_error)?;
 
         Ok(user)
@@ -109,7 +125,10 @@ impl DatabaseUser {
         db: &DB,
         credentials: &DatabaseUserCredentials,
     ) -> Result<Option<Self>> {
-        let user = query!(DatabaseUser, $username == credentials.username())
+        let username_limited =
+            LimitedString::<MAX_USERNAME_LENGTH>::new(credentials.username().to_string())
+                .map_err(|_| AuthError::backend_error(CreateUserError::UsernameTooLong(0)))?;
+        let user = query!(DatabaseUser, $username == username_limited)
             .get(db)
             .await
             .map_err(AuthError::backend_error)?;
@@ -339,7 +358,11 @@ mod tests {
 
     #[test]
     fn session_auth_hash() {
-        let user = DatabaseUser::new(1, "testuser".to_string(), &Password::new("password123"));
+        let user = DatabaseUser::new(
+            1,
+            LimitedString::new("testuser").unwrap(),
+            &Password::new("password123"),
+        );
         let secret_key = SecretKey::new(b"supersecretkey");
 
         let hash = user.session_auth_hash(&secret_key);
@@ -348,7 +371,11 @@ mod tests {
 
     #[test]
     fn database_user_traits() {
-        let user = DatabaseUser::new(1, "testuser".to_string(), &Password::new("password123"));
+        let user = DatabaseUser::new(
+            1,
+            LimitedString::new("testuser").unwrap(),
+            &Password::new("password123"),
+        );
         let user_ref: &dyn User = &user;
         assert_eq!(user_ref.id(), Some(UserId::Int(1)));
         assert_eq!(user_ref.username(), Some("testuser"));
@@ -378,7 +405,11 @@ mod tests {
     #[tokio::test]
     async fn get_by_id() {
         let mut mock_db = MockDatabaseBackend::new();
-        let user = DatabaseUser::new(1, "testuser".to_string(), &Password::new("password123"));
+        let user = DatabaseUser::new(
+            1,
+            LimitedString::new("testuser").unwrap(),
+            &Password::new("password123"),
+        );
 
         mock_db
             .expect_get::<DatabaseUser>()
@@ -394,7 +425,11 @@ mod tests {
     #[tokio::test]
     async fn authenticate() {
         let mut mock_db = MockDatabaseBackend::new();
-        let user = DatabaseUser::new(1, "testuser".to_string(), &Password::new("password123"));
+        let user = DatabaseUser::new(
+            1,
+            LimitedString::new("testuser").unwrap(),
+            &Password::new("password123"),
+        );
 
         mock_db
             .expect_get::<DatabaseUser>()
@@ -428,7 +463,11 @@ mod tests {
     #[tokio::test]
     async fn authenticate_invalid_password() {
         let mut mock_db = MockDatabaseBackend::new();
-        let user = DatabaseUser::new(1, "testuser".to_string(), &Password::new("password123"));
+        let user = DatabaseUser::new(
+            1,
+            LimitedString::new("testuser").unwrap(),
+            &Password::new("password123"),
+        );
 
         mock_db
             .expect_get::<DatabaseUser>()

flareon/src/auth/db/migrations/m_0001_initial.rs

@@ -1,6 +1,8 @@
-//! Generated by flareon CLI 0.1.0 on 2024-11-06 02:29:53+00:00
+//! Generated by flareon CLI 0.1.0 on 2024-11-07 11:30:40+00:00
 
+use crate::auth::db::MAX_USERNAME_LENGTH;
 use crate::auth::PasswordHash;
+use crate::db::LimitedString;
 
 #[derive(Debug, Copy, Clone)]
 pub(super) struct Migration;
@@ -20,9 +22,11 @@ impl ::flareon::db::migrations::Migration for Migration {
                 .set_null(<i64 as ::flareon::db::DatabaseField>::NULLABLE),
                 ::flareon::db::migrations::Field::new(
                     ::flareon::db::Identifier::new("username"),
-                    <String as ::flareon::db::DatabaseField>::TYPE,
+                    <LimitedString<MAX_USERNAME_LENGTH> as ::flareon::db::DatabaseField>::TYPE,
                 )
-                .set_null(<String as ::flareon::db::DatabaseField>::NULLABLE),
+                .set_null(
+                    <LimitedString<MAX_USERNAME_LENGTH> as ::flareon::db::DatabaseField>::NULLABLE,
+                ),
                 ::flareon::db::migrations::Field::new(
                     ::flareon::db::Identifier::new("password"),
                     <PasswordHash as ::flareon::db::DatabaseField>::TYPE,
@@ -36,6 +40,6 @@ impl ::flareon::db::migrations::Migration for Migration {
 #[::flareon::db::model(model_type = "migration")]
 struct _DatabaseUser {
     id: i64,
-    username: String,
+    username: LimitedString<MAX_USERNAME_LENGTH>,
     password: PasswordHash,
 }