Migrate to ApodiniAuthorization (#1)

* * Migrate to ApodiniAuthorization
* Migrate to Metadata DSL for specifying Operation

* Fix swiftlint

* Add Contributor note

* Incorporate latest changes of Apodini (@Authorized property wrapper)

Author: bauer-andreas

CONTRIBUTORS.md

@@ -6,3 +6,4 @@ Apodini Xpense Example contributors
 * [Lara Marie Reimer](...)
 * [Dominic Henze](...)
 * [Florian Bodlée](...)
+* [Andreas Bauer](https://github.com/Supereg)

README.md

@@ -12,7 +12,7 @@ To start and test the web service, you can run the `$ docker compose up` command
 
 Xcode 13 (only available on macOS) is required to build and run the example client application. Follow the instructions on https://developer.apple.com/xcode/ to install the latest version of Xcode.
 
-1. Opening the *Xoense.xcworkspace*. The workspace bundles the web services and the client application.
+1. Opening the *Xpense.xcworkspace*. The workspace bundles the web services and the client application.
 2. Select the *WebService* target, and then the *Xpense* target and start the web service as well as the app by following the instructions on [Running Your App in the Simulator or on a Device](https://developer.apple.com/documentation/xcode/running-your-app-in-the-simulator-or-on-a-device)
 
 ## System Functionality

Shared/Sources/XpenseModel/Model.swift

@@ -195,6 +195,28 @@ open class Model {
         userDidSet()
         return user
     }
+
+    /// Verifies the credentials of a given username-password combination.
+    /// - Parameters:
+    ///   - name: The name of the ``User`` that is used to authenticate the ``User``
+    ///   - password: The password of the ``User`` that is used to authenticate the ``User``
+    /// - Returns: The ``User`` for the given username, if the password check succeeded.
+    open func verifyCredentials(_ name: String, password: String) async throws -> User {
+        guard let user = users.first(where: { $0.name == name }), user.verify(password: password) else {
+            throw XpenseServiceError.loginFailed
+        }
+        return user
+    }
+
+    /// Creates a new login token for a given ``User`` instance.
+    /// - Parameter user: The ``User`` instance for which a new authentication token shall be created.
+    /// - Returns: Returns the freshly created auth token.
+    open func createToken(for user: inout User) async -> String {
+        let token = user.createToken()
+        users.update(with: user)
+        userDidSet()
+        return token
+    }
 
     /// Provides the login functionality of the `Model`
     /// - Parameters:
@@ -203,13 +225,8 @@ open class Model {
     /// - Returns: The token that can be used to further authenticate requests to the Xpense Web Service
     @discardableResult
     open func login(_ name: String, password: String) async throws -> String {
-        guard var user = users.first(where: { $0.name == name }), user.verify(password: password) else {
-            throw XpenseServiceError.loginFailed
-        }
-        let token = user.createToken()
-        users.update(with: user)
-        userDidSet()
-        return token
+        var user = try await verifyCredentials(name, password: password)
+        return await createToken(for: &user)
     }
 
     /// Logout the current `User` that is signed in and remove all personal data of the `User` stored in this `Model`

WebService/Package.swift

@@ -12,7 +12,7 @@ let package = Package(
         .executable(name: "WebService", targets: ["WebService"])
     ],
     dependencies: [
-        .package(url: "https://github.com/Apodini/Apodini.git", .revision("251bbba60b1023443b6973d80ba42c4155fe143a")),
+        .package(url: "https://github.com/Apodini/Apodini.git", .revision("d68e398166acc43308fecd5ed0529a7bca66dc9e")),
         .package(name: "Shared", path: "../Shared")
     ],
     targets: [
@@ -22,6 +22,9 @@ let package = Package(
                 .product(name: "Apodini", package: "Apodini"),
                 .product(name: "ApodiniREST", package: "Apodini"),
                 .product(name: "ApodiniOpenAPI", package: "Apodini"),
+                .product(name: "ApodiniAuthorization", package: "Apodini"),
+                .product(name: "ApodiniAuthorizationBasicScheme", package: "Apodini"),
+                .product(name: "ApodiniAuthorizationBearerScheme", package: "Apodini"),
                 .product(name: "XpenseModel", package: "Shared")
             ]
         )

WebService/Sources/WebService/AuthenticationVerifier/UserCredentialsVerifier.swift

@@ -0,0 +1,28 @@
+//
+// This source file is part of the Apodini Xpense Example
+//
+// SPDX-FileCopyrightText: 2018-2021 Paul Schmiedmayer and project authors (see CONTRIBUTORS.md) <[email protected]>
+//
+// SPDX-License-Identifier: MIT
+//
+
+import Apodini
+import ApodiniAuthorization
+import XpenseModel
+
+struct UserCredentialsVerifier: AuthenticationVerifier {
+    @Environment(\.xpenseModel) var xpenseModel
+    
+    @Throws(.unauthenticated, reason: "The provided credentials are not correct")
+    var unauthenticatedError: ApodiniError
+    
+    typealias AuthenticationInfo = (username: String, password: String)
+    
+    func initializeAndVerify(for authenticationInfo: AuthenticationInfo) async throws -> User {
+        do {
+            return try await xpenseModel.verifyCredentials(authenticationInfo.username, password: authenticationInfo.password)
+        } catch {
+            throw unauthenticatedError
+        }
+    }
+}

WebService/Sources/WebService/AuthenticationVerifier/UserTokenVerifier.swift

@@ -0,0 +1,28 @@
+//
+// This source file is part of the Apodini Xpense Example
+//
+// SPDX-FileCopyrightText: 2018-2021 Paul Schmiedmayer and project authors (see CONTRIBUTORS.md) <[email protected]>
+//
+// SPDX-License-Identifier: MIT
+//
+
+import Apodini
+import ApodiniAuthorization
+import XpenseModel
+
+struct UserTokenVerifier: AuthenticationVerifier {
+    @Environment(\.xpenseModel) var xpenseModel
+    
+    @Throws(.unauthenticated,
+            reason: "The user could not be authenticated",
+            description: "Could not find a user for the supplied token!")
+    var tokenNotFound: ApodiniError
+    
+    func initializeAndVerify(for authenticationInfo: String) throws -> User {
+        guard let user = xpenseModel.user(forToken: authenticationInfo) else {
+            throw tokenNotFound
+        }
+        
+        return user
+    }
+}

WebService/Sources/WebService/Components/AccountComponent.swift

@@ -8,24 +8,19 @@
 
 import Apodini
 import Foundation
-import XpenseModel
-
 
 struct AccountComponent: Component {
     @PathParameter var accountId: UUID
-    
-    
+
     var content: some Component {
         Group("accounts") {
             GetAllAccounts()
             CreateAccount()
-                .operation(.create)
+
             Group($accountId) {
                 GetAccount(id: $accountId)
                 UpdateAccount(id: $accountId)
-                    .operation(.update)
                 DeleteAccount(id: $accountId)
-                    .operation(.delete)
             }
         }
     }

WebService/Sources/WebService/Components/AccountHandlers/CreateAccount.swift

@@ -7,6 +7,7 @@
 //
 
 import Apodini
+import ApodiniAuthorization
 import XpenseModel
 
 
@@ -17,18 +18,18 @@ struct CreateAccount: Handler {
 
 
     @Environment(\.xpenseModel) var xpenseModel
-    @Environment(\.connection) var connection
 
     @Parameter(.http(.body)) var account: CreateAccountMediator
 
-    @Throws(.unauthenticated, reason: "The User is not Authenticated correctly") var userNotFound: ApodiniError
-    
+    @Authorized(User.self) var user
 
     func handle() async throws -> Account {
-        guard let user = xpenseModel.user(fromConnection: connection) else {
-            throw userNotFound
-        }
+        let user = try user()
 
         return try await xpenseModel.save(Account(name: account.name, userID: user.id))
     }
+    
+    var metadata: Metadata {
+        Operation(.create)
+    }
 }

WebService/Sources/WebService/Components/AccountHandlers/DeleteAccount.swift

@@ -7,24 +7,22 @@
 //
 
 import Apodini
+import ApodiniAuthorization
 import Foundation
 import XpenseModel
 
 
 struct DeleteAccount: Handler {
     @Environment(\.xpenseModel) var xpenseModel
-    @Environment(\.connection) var connection
 
     @Binding var id: UUID
 
-    @Throws(.unauthenticated, reason: "The User is not Authenticated correctly") var userNotFound: ApodiniError
     @Throws(.notFound, reason: "The Account could not be found") var notFound: ApodiniError
 
+    @Authorized(User.self) var user
 
     func handle() async throws -> Status {
-        guard let user = xpenseModel.user(fromConnection: connection) else {
-            throw userNotFound
-        }
+        let user = try user()
 
         guard let account = xpenseModel.account(id),
               account.userID == user.id else {
@@ -35,4 +33,8 @@ struct DeleteAccount: Handler {
 
         return .noContent
     }
+    
+    var metadata: Metadata {
+        Operation(.delete)
+    }
 }

WebService/Sources/WebService/Components/AccountHandlers/GetAccount.swift

@@ -7,24 +7,22 @@
 //
 
 import Apodini
+import ApodiniAuthorization
 import Foundation
 import XpenseModel
 
 
 struct GetAccount: Handler {
     @Environment(\.xpenseModel) var xpenseModel
-    @Environment(\.connection) var connection
 
     @Binding var id: UUID
 
-    @Throws(.unauthenticated, reason: "The User is not Authenticated correctly") var userNotFound: ApodiniError
     @Throws(.notFound, reason: "The Account could not be found") var notFound: ApodiniError
 
+    @Authorized(User.self) var user
 
     func handle() throws -> Account {
-        guard let user = xpenseModel.user(fromConnection: connection) else {
-            throw userNotFound
-        }
+        let user = try user()
 
         guard let account = xpenseModel.account(id), account.userID == user.id else {
             throw notFound

WebService/Sources/WebService/Components/AccountHandlers/GetAllAccounts.swift

@@ -7,21 +7,17 @@
 //
 
 import Apodini
+import ApodiniAuthorization
 import XpenseModel
 
 
 struct GetAllAccounts: Handler {
     @Environment(\.xpenseModel) var xpenseModel
-    @Environment(\.connection) var connection
-    
-    @Throws(.unauthenticated, reason: "The User is not Authenticated correctly") var userNotFound: ApodiniError
-    
+
+    @Authorized(User.self) var user
 
     func handle() throws -> [Account] {
-        guard let user = xpenseModel.user(fromConnection: connection) else {
-            throw userNotFound
-        }
-        
+        let user = try user()
         return user.accounts(xpenseModel)
     }
 }

WebService/Sources/WebService/Components/AccountHandlers/UpdateAccount.swift

@@ -7,6 +7,7 @@
 //
 
 import Apodini
+import ApodiniAuthorization
 import Foundation
 import XpenseModel
 
@@ -18,25 +19,26 @@ struct UpdateAccount: Handler {
 
 
     @Environment(\.xpenseModel) var xpenseModel
-    @Environment(\.connection) var connection
 
     @Binding var id: UUID
 
     @Parameter(.http(.body)) var updatedAccount: UpdateAccountMediator
 
-    @Throws(.unauthenticated, reason: "The User is not Authenticated correctly") var userNotFound: ApodiniError
     @Throws(.notFound, reason: "The Account could not be found") var notFound: ApodiniError
 
+    @Authorized(User.self) var user
 
     func handle() async throws -> Account {
-        guard let user = xpenseModel.user(fromConnection: connection) else {
-            throw userNotFound
-        }
+        let user = try user()
 
         guard xpenseModel.account(id)?.userID == user.id else {
             throw notFound
         }
 
         return try await xpenseModel.save(Account(id: id, name: updatedAccount.name, userID: user.id))
     }
+    
+    var metadata: Metadata {
+        Operation(.update)
+    }
 }

WebService/Sources/WebService/Components/TransactionComponent.swift

@@ -13,18 +13,15 @@ import Foundation
 struct TransactionComponent: Component {
     @PathParameter var transactionId: UUID
 
-    
     var content: some Component {
         Group("transactions") {
             CreateTransaction()
-                .operation(.create)
             GetAllTransactions()
+            
             Group($transactionId) {
                 GetTransaction(transactionId: $transactionId)
                 UpdateTransaction(transactionId: $transactionId)
-                    .operation(.update)
                 DeleteTransaction(transactionId: $transactionId)
-                    .operation(.delete)
             }
         }
     }

WebService/Sources/WebService/Components/TransactionHandlers/CreateTransaction.swift

@@ -7,6 +7,7 @@
 //
 
 import Apodini
+import ApodiniAuthorization
 import Foundation
 import XpenseModel
 
@@ -22,18 +23,15 @@ struct CreateTransaction: Handler {
 
 
     @Environment(\.xpenseModel) var xpenseModel
-    @Environment(\.connection) var connection
 
     @Parameter(.http(.body)) var transaction: CreateTransactionMediator
 
-    @Throws(.unauthenticated, reason: "The User is not Authenticated correctly") var userNotFound: ApodiniError
     @Throws(.notFound, reason: "The Account could not be found") var notFound: ApodiniError
 
+    @Authorized(User.self) var user
 
     func handle() async throws -> Transaction {
-        guard let user = xpenseModel.user(fromConnection: connection) else {
-            throw userNotFound
-        }
+        let user = try user()
 
         guard xpenseModel.account(transaction.account)?.userID == user.id else {
             throw notFound
@@ -49,4 +47,8 @@ struct CreateTransaction: Handler {
             )
         )
     }
+    
+    var metadata: Metadata {
+        Operation(.create)
+    }
 }