-- SPDX-FileCopyrightText: 2024 Sarah Vaupel <sarah.vaupel@uniworx.de>
--
-- SPDX-License-Identifier: AGPL-3.0-or-later


-- | AzureADv2 (Microsoft Graph) user authentication sources, parsed from application settings
-- | Note: No host specification is needed since Azure authentication is always requested at https://graph.microsoft.com/ (Microsoft Graph API)
AuthSourceAzure
  clientId       UUID         -- ^ Azure Client ID of this application
  clientSecret   Text         -- ^ Azure Client Secret of this application
  tenantId       UUID         -- ^ Azure Tenant ID of the Azure source
  scopes         AzureScopes  -- ^ Azure Scopes this application (client) is authorized for
  UniqueAuthSourceAzure clientId -- TODO rethink!
  Primary clientId -- TODO rethink!
  deriving Show Eq Ord Generic

-- | LDAP user authentication sources, parsed from application settings
AuthSourceLdap
  host           Text         -- ^ LDAP host destination to connect to
                              -- TODO: switch to url type
  port           Natural      -- ^ Port of the LDAP service to connect to
                              -- TODO: is there a port type? Maybe merge with host and make primary key?
  tls            Bool         -- ^ Whether to connect to the host via TLS
  user           Text         -- ^ User used for queries
  pass           Text         -- ^ Password used for queries
  baseDn         Text
  scope          LdapScope
  timeout        Natural      -- ^ Query timeout in milliseconds
  searchTimeout  Natural      -- ^ Search query timeout in milliseconds
  UniqueAuthSourceLdap host port -- TODO rethink!
  deriving Show Eq Ord Generic


-- | User authentication data, source-agnostic data
UserAuth
    ident     UserIdent                    -- Human-readable text uniquely identifying a user
    lastLogin UTCTime                      -- When did the corresponding User last authenticate using this entry?
    Primary ident
    UniqueAuthentication ident
    deriving Show Eq Ord Generic

-- | User authentication data fetched from external user sources
ExternalAuth
    ident     UserIdent
    source    AuthenticationSourceIdent    -- Identifier of the external source in the config
    data      Value "default='{}'::jsonb"  -- Raw user data from external source
    lastSync  UTCTime                      -- When was the corresponding User entry last synced with this external source?
    UniqueExternalAuth ident source        -- At most one entry of this user per source
    deriving Show Eq Ord Generic

-- | FraDrive-specific user authentication data, internal logins have precedence over external authentication
InternalAuth
    ident     UserIdent
    hash      Text                         -- Hashed password
    Primary ident
    UniqueInternalAuth ident
    deriving Show Eq Ord Generic