atlas-form
diff --git a/‎crates/capsula-pki-server/Cargo.toml‎
Lines changed: 1 addition & 0 deletions b/‎crates/capsula-pki-server/Cargo.toml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎crates/capsula-pki-server/src/db/mod.rs‎
Lines changed: 46 additions & 0 deletions b/‎crates/capsula-pki-server/src/db/mod.rs‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎crates/capsula-pki-server/src/db/user.rs‎
Lines changed: 55 additions & 0 deletions b/‎crates/capsula-pki-server/src/db/user.rs‎
Lines changed: 55 additions & 0 deletions
diff --git a/‎crates/capsula-pki-server/src/error/mod.rs‎
Lines changed: 7 additions & 6 deletions b/‎crates/capsula-pki-server/src/error/mod.rs‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎crates/capsula-pki-server/src/handlers/ca.rs‎
Lines changed: 37 additions & 34 deletions b/‎crates/capsula-pki-server/src/handlers/ca.rs‎
Lines changed: 37 additions & 34 deletions
diff --git a/‎crates/capsula-pki-server/src/handlers/certificate.rs‎
Lines changed: 2 additions & 8 deletions b/‎crates/capsula-pki-server/src/handlers/certificate.rs‎
Lines changed: 2 additions & 8 deletions
diff --git a/‎…ula-pki-server/src/handlers/simple_ca.rs‎ ‎…apsula-pki-server/src/handlers/health.rs‎crates/capsula-pki-server/src/handlers/simple_ca.rs renamed to crates/capsula-pki-server/src/handlers/health.rs
Lines changed: 1 addition & 7 deletions b/‎…ula-pki-server/src/handlers/simple_ca.rs‎ ‎…apsula-pki-server/src/handlers/health.rs‎crates/capsula-pki-server/src/handlers/simple_ca.rs renamed to crates/capsula-pki-server/src/handlers/health.rs
Lines changed: 1 addition & 7 deletions
diff --git a/‎crates/capsula-pki-server/src/handlers/mod.rs‎
Lines changed: 2 additions & 2 deletions b/‎crates/capsula-pki-server/src/handlers/mod.rs‎
Lines changed: 2 additions & 2 deletions
@@ -25,6 +25,7 @@ serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 validator = { version = "0.20", features = ["derive"] }
 thiserror = "2"
+surrealdb = { version = "2.3.8" }
 
 # API documentation
 utoipa = { version = "5", features = ["axum_extras", "uuid", "chrono"] }
 
@@ -0,0 +1,46 @@
+pub mod user;
+
+use std::sync::LazyLock;
+
+use serde::Deserialize;
+use surrealdb::{
+    engine::remote::ws::{Client, Ws},
+    opt::auth::Root,
+    Surreal,
+};
+
+use crate::{db::user::create_users_table, error::Result};
+
+/// Struct representing the Surrealdb configuration parameters.
+#[derive(Debug, Deserialize)]
+pub struct SurrealdbCfg {
+    pub host: String,
+    pub port: u16,
+    pub username: String,
+    pub password: String,
+    pub namespace: String,
+    pub database: String,
+}
+
+static DB: LazyLock<Surreal<Client>> = LazyLock::new(Surreal::init);
+
+pub async fn init_db(cfg: SurrealdbCfg) -> Result<()> {
+    let addr = format!("{}:{}", cfg.host, cfg.port);
+    DB.connect::<Ws>(addr).await?;
+    DB.signin(Root {
+        username: &cfg.username,
+        password: &cfg.password,
+    })
+    .await?;
+    DB.use_ns(cfg.namespace).use_db(cfg.database).await?;
+    Ok(())
+}
+
+pub fn get_db() -> &'static Surreal<Client> {
+    &DB
+}
+
+pub async fn create_tables() -> Result<()> {
+    create_users_table().await?;
+    Ok(())
+}
@@ -0,0 +1,55 @@
+use crate::{
+    db::get_db,
+    error::Result,
+    models::user::{User, UserInput},
+};
+
+pub async fn create_users_table() -> Result<()> {
+    let query = r#"
+        DEFINE TABLE IF NOT EXISTS users SCHEMALESS PERMISSIONS FULL;
+
+        DEFINE FIELD IF NOT EXISTS uuid ON TABLE users TYPE string READONLY;
+        DEFINE FIELD IF NOT EXISTS username ON TABLE users TYPE string READONLY;
+        DEFINE FIELD IF NOT EXISTS password ON TABLE users TYPE string;
+        DEFINE FIELD IF NOT EXISTS email ON TABLE users TYPE option<string>;
+        DEFINE FIELD IF NOT EXISTS email_verified ON TABLE users TYPE bool VALUE false;
+        DEFINE FIELD IF NOT EXISTS role ON TABLE users TYPE string;
+        DEFINE FIELD IF NOT EXISTS disabled ON TABLE users TYPE bool VALUE false;
+        DEFINE FIELD IF NOT EXISTS mfa_enabled ON TABLE users TYPE bool VALUE false;
+        DEFINE FIELD IF NOT EXISTS mfa_secret ON TABLE users TYPE option<string>;
+        DEFINE FIELD IF NOT EXISTS created_at ON TABLE users TYPE datetime VALUE time::now() READONLY;
+        DEFINE FIELD IF NOT EXISTS updated_at ON TABLE users TYPE datetime VALUE time::now();
+
+        DEFINE INDEX IF NOT EXISTS unique_uuid ON TABLE users FIELDS uuid UNIQUE;
+        DEFINE INDEX IF NOT EXISTS unique_username ON TABLE users FIELDS username UNIQUE;
+        DEFINE INDEX IF NOT EXISTS unique_email ON TABLE users FIELDS email UNIQUE;
+    "#;
+
+    let db = get_db();
+    db.query(query).await?;
+
+    Ok(())
+}
+
+pub async fn create_user(input: UserInput) -> Result<()> {
+    let db = get_db();
+    let _r: Option<User> = db.create(("users", &input.uuid)).content(input).await?;
+    Ok(())
+}
+
+pub async fn get_user_by_name(username: &str) -> Result<Option<User>> {
+    let db = get_db();
+    let query = "SELECT * FROM users WHERE username = $username";
+    let result: Option<User> = db
+        .query(query)
+        .bind(("username", username.to_string()))
+        .await?
+        .take(0)?;
+    Ok(result)
+}
+
+pub async fn get_user_by_id(user_id: &str) -> Result<Option<User>> {
+    let db = get_db();
+    let r: Option<User> = db.select(("users", user_id)).await?;
+    Ok(r)
+}
@@ -1,9 +1,9 @@
 pub mod error_code;
 
 use axum::{
-    Json,
     http::StatusCode,
     response::{IntoResponse, Response},
+    Json,
 };
 use serde_json::json;
 use thiserror::Error;
@@ -19,19 +19,19 @@ pub enum AppError {
     #[allow(clippy::enum_variant_names)]
     ValidationError(#[from] validator::ValidationErrors),
 
+    #[error("db error: {0}")]
+    DbError(#[from] surrealdb::Error),
+
     #[error("not found: {0}")]
     NotFound(String),
-    
+
     #[error("PKI error: {0}")]
     PkiError(String),
-    
+
     #[error("internal error: {0}")]
     Internal(String),
 }
 
-// Keep the old Error type as alias for backward compatibility
-pub type Error = AppError;
-
 impl IntoResponse for AppError {
     fn into_response(self) -> Response {
         let (status, error_message) = match self {
@@ -40,6 +40,7 @@ impl IntoResponse for AppError {
             AppError::NotFound(ref e) => (StatusCode::NOT_FOUND, e.to_string()),
             AppError::PkiError(ref e) => (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()),
             AppError::Internal(ref e) => (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()),
+            AppError::DbError(ref e) => (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()),
         };
 
         let body = Json(json!({
 
@@ -3,14 +3,18 @@
 use axum::{
     http::StatusCode,
     response::Json,
+    routing::{get, post},
+    Router,
 };
-use utoipa_axum::router::OpenApiRouter;
-use utoipa_axum::routes;
-
-use crate::models::ca::{CaInfo, CaInitRequest, CaStatus};
-use crate::error::AppError;
+use capsula_pki::keystore::{
+    FileSystemBackend, KeyGenerationConfig, KeyType, KeyUsage, KeystoreManager,
+};
+use utoipa_axum::{router::OpenApiRouter, routes};
 
-use capsula_pki::keystore::{KeystoreManager, KeyGenerationConfig, KeyType, KeyUsage, FileSystemBackend};
+use crate::{
+    error::AppError,
+    models::ca::{CaInfo, CaInitRequest, CaStatus},
+};
 
 /// Get CA status and information
 #[utoipa::path(
@@ -24,15 +28,16 @@ use capsula_pki::keystore::{KeystoreManager, KeyGenerationConfig, KeyType, KeyUs
 )]
 pub async fn get_ca_status() -> Result<Json<CaStatus>, AppError> {
     tracing::info!("Getting CA status");
-    
+
     // TODO: Implement CA status check
     // 1. Check if CA is initialized
     // 2. Get CA certificate information
     // 3. Get statistics from storage
-    
+
     // Placeholder response
     let ca_info = CaInfo {
-        ca_certificate_pem: "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----".to_string(),
+        ca_certificate_pem: "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"
+            .to_string(),
         subject: "CN=Capsula Root CA, O=Capsula PKI, C=US".to_string(),
         serial_number: "1".to_string(),
         not_before: chrono::Utc::now() - chrono::Duration::days(1),
@@ -41,15 +46,15 @@ pub async fn get_ca_status() -> Result<Json<CaStatus>, AppError> {
         key_size: Some(4096),
         created_at: chrono::Utc::now() - chrono::Duration::days(1),
     };
-    
+
     let status = CaStatus {
         initialized: true,
         ca_info: Some(ca_info),
         certificates_issued: 0,
         active_certificates: 0,
         revoked_certificates: 0,
     };
-    
+
     Ok(Json(status))
 }
 
@@ -66,12 +71,13 @@ pub async fn get_ca_status() -> Result<Json<CaStatus>, AppError> {
 )]
 pub async fn get_ca_certificate() -> Result<Json<CaInfo>, AppError> {
     tracing::info!("Getting CA certificate");
-    
+
     // TODO: Implement CA certificate retrieval
-    
+
     // Placeholder response
     let ca_info = CaInfo {
-        ca_certificate_pem: "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----".to_string(),
+        ca_certificate_pem: "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"
+            .to_string(),
         subject: "CN=Capsula Root CA, O=Capsula PKI, C=US".to_string(),
         serial_number: "1".to_string(),
         not_before: chrono::Utc::now() - chrono::Duration::days(1),
@@ -80,14 +86,14 @@ pub async fn get_ca_certificate() -> Result<Json<CaInfo>, AppError> {
         key_size: Some(4096),
         created_at: chrono::Utc::now() - chrono::Duration::days(1),
     };
-    
+
     Ok(Json(ca_info))
 }
 
 /// Initialize Certificate Authority
 #[utoipa::path(
     post,
-    path = "/api/v1/ca/init",
+    path = "/ca/init",
     request_body = CaInitRequest,
     responses(
         (status = 201, description = "CA initialized successfully", body = CaInfo),
@@ -100,7 +106,7 @@ pub async fn initialize_ca(
     Json(request): Json<CaInitRequest>,
 ) -> Result<(StatusCode, Json<CaInfo>), AppError> {
     tracing::info!("Initializing CA with CN: {}", request.common_name);
-    
+
     // Simple CA initialization
     match simple_initialize_ca(&request).await {
         Ok(ca_info) => Ok((StatusCode::CREATED, Json(ca_info))),
@@ -112,46 +118,51 @@ pub async fn initialize_ca(
 }
 
 /// Simple CA initialization implementation
-async fn simple_initialize_ca(request: &CaInitRequest) -> Result<CaInfo, Box<dyn std::error::Error>> {
+async fn simple_initialize_ca(
+    request: &CaInitRequest,
+) -> Result<CaInfo, Box<dyn std::error::Error>> {
     tracing::info!("Creating CA with basic PKI integration");
-    
+
     // 1. Create keystore manager
     let storage_backend = Box::new(FileSystemBackend::new("./pki_data/keys")?);
     let mut keystore_manager = KeystoreManager::new(storage_backend);
-    
+
     // 2. Generate CA key pair
     let key_type = match request.key_algorithm.as_str() {
         "RSA" => KeyType::RSA(request.key_size.unwrap_or(2048)),
         "Ed25519" => KeyType::Ed25519,
         _ => KeyType::Ed25519, // Default to Ed25519
     };
-    
+
     let config = KeyGenerationConfig {
         key_type,
         usages: vec![KeyUsage::CertificateSigning, KeyUsage::CRLSigning],
         use_hsm: false,
         exportable: false, // CA key should not be exportable
         label: Some("CA Root Key".to_string()),
     };
-    
+
     let (ca_key_id, _ca_key) = keystore_manager.generate_key(config)?;
     tracing::info!("Generated CA key with ID: {}", ca_key_id);
-    
+
     // 3. Create CA info (simplified without actual certificate generation)
     let ca_info = CaInfo {
         ca_certificate_pem: format!(
-            "-----BEGIN CERTIFICATE-----\nTEMPORARY_CA_CERT_FOR_KEY_{}\n-----END CERTIFICATE-----", 
+            "-----BEGIN CERTIFICATE-----\nTEMPORARY_CA_CERT_FOR_KEY_{}\n-----END CERTIFICATE-----",
             ca_key_id
         ),
-        subject: format!("CN={}, O={}, C={}", request.common_name, request.organization, request.country),
+        subject: format!(
+            "CN={}, O={}, C={}",
+            request.common_name, request.organization, request.country
+        ),
         serial_number: "1".to_string(),
         not_before: chrono::Utc::now(),
         not_after: chrono::Utc::now() + chrono::Duration::days(request.validity_days as i64),
         key_algorithm: request.key_algorithm.clone(),
         key_size: request.key_size,
         created_at: chrono::Utc::now(),
     };
-    
+
     tracing::info!("CA initialized successfully");
     Ok(ca_info)
 }
@@ -168,11 +179,3 @@ async fn simple_initialize_ca(request: &CaInitRequest) -> Result<CaInfo, Box<dyn
 pub async fn health_check() -> StatusCode {
     StatusCode::OK
 }
-
-pub fn create_router() -> OpenApiRouter {
-    OpenApiRouter::new()
-        .routes(routes!(get_ca_status))
-        .routes(routes!(get_ca_certificate))
-        .routes(routes!(initialize_ca))
-        .routes(routes!(health_check))
-}
 
@@ -4,6 +4,8 @@ use axum::{
     extract::{Path, Query},
     http::StatusCode,
     response::Json,
+    routing::{get, post},
+    Router,
 };
 use utoipa_axum::{router::OpenApiRouter, routes};
 use uuid::Uuid;
@@ -164,11 +166,3 @@ pub async fn revoke_certificate(
 
     Ok(StatusCode::OK)
 }
-
-pub fn create_router() -> OpenApiRouter {
-    OpenApiRouter::new()
-        .routes(routes!(create_certificate))
-        .routes(routes!(get_certificate))
-        .routes(routes!(list_certificates))
-        .routes(routes!(revoke_certificate))
-}
@@ -1,4 +1,4 @@
-use axum::{http::StatusCode, response::Json, routing::get, Router};
+use axum::response::Json;
 use serde_json::json;
 
 pub async fn health() -> Json<serde_json::Value> {
@@ -14,9 +14,3 @@ pub async fn ca_status() -> Json<serde_json::Value> {
         "message": "Simple PKI server working"
     }))
 }
-
-pub fn create_simple_router() -> Router {
-    Router::new()
-        .route("/simple-health", get(health))
-        .route("/simple-ca-status", get(ca_status))
-}
@@ -1,3 +1,3 @@
-pub mod certificate;
 pub mod ca;
-pub mod simple_ca;
+pub mod certificate;
+pub mod health;