mas_config/sections/
policy.rs

1// Copyright 2024 New Vector Ltd.
2// Copyright 2022-2024 The Matrix.org Foundation C.I.C.
3//
4// SPDX-License-Identifier: AGPL-3.0-only
5// Please see LICENSE in the repository root for full details.
6
7use camino::Utf8PathBuf;
8use schemars::JsonSchema;
9use serde::{Deserialize, Serialize};
10use serde_with::serde_as;
11
12use super::ConfigurationSection;
13
14#[cfg(not(any(feature = "docker", feature = "dist")))]
15fn default_policy_path() -> Utf8PathBuf {
16    "./policies/policy.wasm".into()
17}
18
19#[cfg(feature = "docker")]
20fn default_policy_path() -> Utf8PathBuf {
21    "/usr/local/share/mas-cli/policy.wasm".into()
22}
23
24#[cfg(feature = "dist")]
25fn default_policy_path() -> Utf8PathBuf {
26    "./share/policy.wasm".into()
27}
28
29fn is_default_policy_path(value: &Utf8PathBuf) -> bool {
30    *value == default_policy_path()
31}
32
33fn default_client_registration_entrypoint() -> String {
34    "client_registration/violation".to_owned()
35}
36
37fn is_default_client_registration_entrypoint(value: &String) -> bool {
38    *value == default_client_registration_entrypoint()
39}
40
41fn default_register_entrypoint() -> String {
42    "register/violation".to_owned()
43}
44
45fn is_default_register_entrypoint(value: &String) -> bool {
46    *value == default_register_entrypoint()
47}
48
49fn default_authorization_grant_entrypoint() -> String {
50    "authorization_grant/violation".to_owned()
51}
52
53fn is_default_authorization_grant_entrypoint(value: &String) -> bool {
54    *value == default_authorization_grant_entrypoint()
55}
56
57fn default_password_entrypoint() -> String {
58    "password/violation".to_owned()
59}
60
61fn is_default_password_entrypoint(value: &String) -> bool {
62    *value == default_password_entrypoint()
63}
64
65fn default_email_entrypoint() -> String {
66    "email/violation".to_owned()
67}
68
69fn is_default_email_entrypoint(value: &String) -> bool {
70    *value == default_email_entrypoint()
71}
72
73fn default_data() -> serde_json::Value {
74    serde_json::json!({})
75}
76
77fn is_default_data(value: &serde_json::Value) -> bool {
78    *value == default_data()
79}
80
81/// Application secrets
82#[serde_as]
83#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
84pub struct PolicyConfig {
85    /// Path to the WASM module
86    #[serde(
87        default = "default_policy_path",
88        skip_serializing_if = "is_default_policy_path"
89    )]
90    #[schemars(with = "String")]
91    pub wasm_module: Utf8PathBuf,
92
93    /// Entrypoint to use when evaluating client registrations
94    #[serde(
95        default = "default_client_registration_entrypoint",
96        skip_serializing_if = "is_default_client_registration_entrypoint"
97    )]
98    pub client_registration_entrypoint: String,
99
100    /// Entrypoint to use when evaluating user registrations
101    #[serde(
102        default = "default_register_entrypoint",
103        skip_serializing_if = "is_default_register_entrypoint"
104    )]
105    pub register_entrypoint: String,
106
107    /// Entrypoint to use when evaluating authorization grants
108    #[serde(
109        default = "default_authorization_grant_entrypoint",
110        skip_serializing_if = "is_default_authorization_grant_entrypoint"
111    )]
112    pub authorization_grant_entrypoint: String,
113
114    /// Entrypoint to use when changing password
115    #[serde(
116        default = "default_password_entrypoint",
117        skip_serializing_if = "is_default_password_entrypoint"
118    )]
119    pub password_entrypoint: String,
120
121    /// Entrypoint to use when adding an email address
122    #[serde(
123        default = "default_email_entrypoint",
124        skip_serializing_if = "is_default_email_entrypoint"
125    )]
126    pub email_entrypoint: String,
127
128    /// Arbitrary data to pass to the policy
129    #[serde(default = "default_data", skip_serializing_if = "is_default_data")]
130    pub data: serde_json::Value,
131}
132
133impl Default for PolicyConfig {
134    fn default() -> Self {
135        Self {
136            wasm_module: default_policy_path(),
137            client_registration_entrypoint: default_client_registration_entrypoint(),
138            register_entrypoint: default_register_entrypoint(),
139            authorization_grant_entrypoint: default_authorization_grant_entrypoint(),
140            password_entrypoint: default_password_entrypoint(),
141            email_entrypoint: default_email_entrypoint(),
142            data: default_data(),
143        }
144    }
145}
146
147impl PolicyConfig {
148    /// Returns true if the configuration is the default one
149    pub(crate) fn is_default(&self) -> bool {
150        is_default_policy_path(&self.wasm_module)
151            && is_default_client_registration_entrypoint(&self.client_registration_entrypoint)
152            && is_default_register_entrypoint(&self.register_entrypoint)
153            && is_default_authorization_grant_entrypoint(&self.authorization_grant_entrypoint)
154            && is_default_password_entrypoint(&self.password_entrypoint)
155            && is_default_email_entrypoint(&self.email_entrypoint)
156            && is_default_data(&self.data)
157    }
158}
159
160impl ConfigurationSection for PolicyConfig {
161    const PATH: Option<&'static str> = Some("policy");
162}
mas_config/sections/policy.rs

mas_config/sections/
policy.rs
