Implements #72, attribute uniqueness. This extends schema to have a field "unique" which means a value should be unique for that object, and all other live objects (recycle and tombstones excluded). Note UUID has to retain special handling in base.rs and can't usethis due to needing to check with recycled too..
Implements #60 authsession garbage collection. If we assume that an authsession is around 1024 bytes (this assumes a 16 char name + groups + claims) then this means that in 1Gb of ram we can store about 1 million in progress auth attempts. Obviously, we don't want infinite memory growth, but we can't use an LRU cache due to the future desire to use concurrent trees. So instead we prune the tree based on a timeout when we start and auth operation. Auth session id's are generated from a timestamp similar to how we'll generate replication csn's. We can then apply a diff that will split all items lower than the csn/sid and remove them from future consideration.
We set the default timeout to 5 minutes. This means that assuming 10,000 auths per second, we would require 3GB of ram to process these sessions before they are expired. We expect any deployment with such large loadings can affort 3Gb of ram :)
This adds support for authentication and credential storage to the server.
It also adds account recovery and options for integration test fixtures, refactors
to make the client library easier to manage, and support clean seperation of the
proto vs lib.
This implements strongly typed storage of data types in attribute values. This means that have the future ability to have tagged, hidden, complex or other datatypes in values rather than relying on string manipulations. It helps also to lift the burden on schema to only checking the values types on input from the protocol types, so that comparisons and other conversions will be faster. It also helps to strengthen and check values are valid earlier in conversions.
so that restarts to affect object schema are not required. This is good to allow
customisation and other extensions for advanced users, and doing it now makes it
"easier" to supply extra schema from the project core into the initialise_idm function.
This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet.
This also adds a few missing files from a previous commit mistake. Opps!
Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
This implements access controls, including a huge amount of refactor to support
them and their resolution with the "SelfUUID" keyword. Additionally, parts of
the event structure was improved to help, normalised was added as an entry state
and more.
And there are access controls! They work, have tests, and appear sane.
* Large refactor to improve the ava get interface
* Improve ACP parsing test
* ACP parsing complete
* Fix txn type tech debt
* Clean up queryserver name issue
* Integrate acp to query server, and add reload hooks
* Starting to write search acp enforcement
* Refactor event to take entry rather than UUID to allow acp to filter on the event properly.
* Most of the filter refactor is done
* Finish filter refactor!
* Write and implement basic filter optimiser with redundant term folding
* moved core BackendWriteTransaction::create code to BackendWriteTransaction::_create, implemented both BackendWriteTransaction::{backup, restore} need to add data into db for testing backup/restore, restore currently fails as there is no data in the backed up file yet.
* test_backup_restore now runs successfully, created unsafe purge function to remove all data from the database, changed function _create to internal_create and a few other smaller things
