zed/crates/server/src/api.rs

use crate::{auth, db::UserId, AppState, Request, RequestExt as _};
use async_trait::async_trait;
use serde::Deserialize;
use serde_json::json;
use std::sync::Arc;
use surf::StatusCode;

pub fn add_routes(app: &mut tide::Server<Arc<AppState>>) {
    app.at("/users").get(get_users);
    app.at("/users").post(create_user);
    app.at("/users/:id").put(update_user);
    app.at("/users/:id").delete(destroy_user);
    app.at("/users/:github_login").get(get_user);
    app.at("/users/:github_login/access_tokens")
        .post(create_access_token);
}

async fn get_user(request: Request) -> tide::Result {
    request.require_token().await?;

    let user = request
        .db()
        .get_user_by_github_login(request.param("github_login")?)
        .await?
        .ok_or_else(|| surf::Error::from_str(404, "user not found"))?;

    Ok(tide::Response::builder(StatusCode::Ok)
        .body(tide::Body::from_json(&user)?)
        .build())
}

async fn get_users(request: Request) -> tide::Result {
    request.require_token().await?;

    let users = request.db().get_all_users().await?;

    Ok(tide::Response::builder(StatusCode::Ok)
        .body(tide::Body::from_json(&users)?)
        .build())
}

async fn create_user(mut request: Request) -> tide::Result {
    request.require_token().await?;

    #[derive(Deserialize)]
    struct Params {
        github_login: String,
        admin: bool,
    }
    let params = request.body_json::<Params>().await?;

    let user_id = request
        .db()
        .create_user(&params.github_login, params.admin)
        .await?;

    let user = request.db().get_user_by_id(user_id).await?.ok_or_else(|| {
        surf::Error::from_str(
            StatusCode::InternalServerError,
            "couldn't find the user we just created",
        )
    })?;

    Ok(tide::Response::builder(StatusCode::Ok)
        .body(tide::Body::from_json(&user)?)
        .build())
}

async fn update_user(mut request: Request) -> tide::Result {
    request.require_token().await?;

    #[derive(Deserialize)]
    struct Params {
        admin: bool,
    }
    let user_id = UserId(
        request
            .param("id")?
            .parse::<i32>()
            .map_err(|error| surf::Error::from_str(StatusCode::BadRequest, error.to_string()))?,
    );
    let params = request.body_json::<Params>().await?;

    request
        .db()
        .set_user_is_admin(user_id, params.admin)
        .await?;

    Ok(tide::Response::builder(StatusCode::Ok).build())
}

async fn destroy_user(request: Request) -> tide::Result {
    request.require_token().await?;
    let user_id = UserId(
        request
            .param("id")?
            .parse::<i32>()
            .map_err(|error| surf::Error::from_str(StatusCode::BadRequest, error.to_string()))?,
    );

    request.db().destroy_user(user_id).await?;

    Ok(tide::Response::builder(StatusCode::Ok).build())
}

async fn create_access_token(request: Request) -> tide::Result {
    request.require_token().await?;

    let user = request
        .db()
        .get_user_by_github_login(request.param("github_login")?)
        .await?
        .ok_or_else(|| surf::Error::from_str(StatusCode::NotFound, "user not found"))?;
    let access_token = auth::create_access_token(request.db(), user.id).await?;

    #[derive(Deserialize)]
    struct QueryParams {
        public_key: String,
        impersonate: Option<String>,
    }

    let query_params: QueryParams = request.query().map_err(|_| {
        surf::Error::from_str(StatusCode::UnprocessableEntity, "invalid query params")
    })?;

    let encrypted_access_token =
        auth::encrypt_access_token(&access_token, query_params.public_key.clone())?;

    let mut user_id = user.id;
    if let Some(impersonate) = query_params.impersonate {
        if user.admin {
            if let Some(impersonated_user) =
                request.db().get_user_by_github_login(&impersonate).await?
            {
                user_id = impersonated_user.id;
            } else {
                return Ok(tide::Response::builder(StatusCode::UnprocessableEntity)
                    .body(format!(
                        "Can't impersonate non-existent user {}",
                        impersonate
                    ))
                    .build());
            }
        } else {
            return Ok(tide::Response::builder(StatusCode::Unauthorized)
                .body(format!(
                    "Can't impersonate user {} because the real user isn't an admin",
                    impersonate
                ))
                .build());
        }
    }

    Ok(tide::Response::builder(StatusCode::Ok)
        .body(json!({"user_id": user_id, "encrypted_access_token": encrypted_access_token}))
        .build())
}

#[async_trait]
pub trait RequestExt {
    async fn require_token(&self) -> tide::Result<()>;
}

#[async_trait]
impl RequestExt for Request {
    async fn require_token(&self) -> tide::Result<()> {
        let token = self
            .header("Authorization")
            .and_then(|header| header.get(0))
            .and_then(|header| header.as_str().strip_prefix("token "))
            .ok_or_else(|| surf::Error::from_str(403, "invalid authorization header"))?;

        if token == self.state().config.api_token {
            Ok(())
        } else {
            Err(tide::Error::from_str(403, "invalid authorization token"))
        }
    }
}
Add endpoints for listing, creating, and updating users 2021-12-24 01:20:24 +00:00			`use crate::{auth, db::UserId, AppState, Request, RequestExt as _};`
Add the fetching of user JSON by github login with a token header 2021-12-19 16:43:13 +00:00			`use async_trait::async_trait;`
Enable authentication via the NextJS site 2021-12-22 15:19:19 +00:00			`use serde::Deserialize;`
Add an endpoint for creating an access token for a GitHub login 2021-12-21 20:05:32 +00:00			`use serde_json::json;`
Add the fetching of user JSON by github login with a token header 2021-12-19 16:43:13 +00:00			`use std::sync::Arc;`
Enable authentication via the NextJS site 2021-12-22 15:19:19 +00:00			`use surf::StatusCode;`
Add the fetching of user JSON by github login with a token header 2021-12-19 16:43:13 +00:00
			`pub fn add_routes(app: &mut tide::Server<Arc<AppState>>) {`
Add endpoints for listing, creating, and updating users 2021-12-24 01:20:24 +00:00			`app.at("/users").get(get_users);`
			`app.at("/users").post(create_user);`
			`app.at("/users/:id").put(update_user);`
Destroy access tokens before destroying users and word-smith method names 2021-12-26 00:46:02 +00:00			`app.at("/users/:id").delete(destroy_user);`
Add the fetching of user JSON by github login with a token header 2021-12-19 16:43:13 +00:00			`app.at("/users/:github_login").get(get_user);`
Add an endpoint for creating an access token for a GitHub login 2021-12-21 20:05:32 +00:00			`app.at("/users/:github_login/access_tokens")`
			`.post(create_access_token);`
Add the fetching of user JSON by github login with a token header 2021-12-19 16:43:13 +00:00			`}`

			`async fn get_user(request: Request) -> tide::Result {`
			`request.require_token().await?;`

			`let user = request`
			`.db()`
			`.get_user_by_github_login(request.param("github_login")?)`
			`.await?`
			`.ok_or_else(\|\| surf::Error::from_str(404, "user not found"))?;`

Enable authentication via the NextJS site 2021-12-22 15:19:19 +00:00			`Ok(tide::Response::builder(StatusCode::Ok)`
Add the fetching of user JSON by github login with a token header 2021-12-19 16:43:13 +00:00			`.body(tide::Body::from_json(&user)?)`
			`.build())`
			`}`

Add endpoints for listing, creating, and updating users 2021-12-24 01:20:24 +00:00			`async fn get_users(request: Request) -> tide::Result {`
			`request.require_token().await?;`

			`let users = request.db().get_all_users().await?;`

			`Ok(tide::Response::builder(StatusCode::Ok)`
			`.body(tide::Body::from_json(&users)?)`
			`.build())`
			`}`

			`async fn create_user(mut request: Request) -> tide::Result {`
			`request.require_token().await?;`

			`#[derive(Deserialize)]`
			`struct Params {`
			`github_login: String,`
			`admin: bool,`
			`}`
			`let params = request.body_json::<Params>().await?;`

			`let user_id = request`
			`.db()`
			`.create_user(&params.github_login, params.admin)`
			`.await?;`

			`let user = request.db().get_user_by_id(user_id).await?.ok_or_else(\|\| {`
			`surf::Error::from_str(`
			`StatusCode::InternalServerError,`
			`"couldn't find the user we just created",`
			`)`
			`})?;`

			`Ok(tide::Response::builder(StatusCode::Ok)`
			`.body(tide::Body::from_json(&user)?)`
			`.build())`
			`}`

			`async fn update_user(mut request: Request) -> tide::Result {`
			`request.require_token().await?;`

			`#[derive(Deserialize)]`
			`struct Params {`
			`admin: bool,`
			`}`
			`let user_id = UserId(`
			`request`
			`.param("id")?`
			`.parse::<i32>()`
			`.map_err(\|error\| surf::Error::from_str(StatusCode::BadRequest, error.to_string()))?,`
			`);`
			`let params = request.body_json::<Params>().await?;`

			`request`
			`.db()`
			`.set_user_is_admin(user_id, params.admin)`
			`.await?;`

			`Ok(tide::Response::builder(StatusCode::Ok).build())`
			`}`

Destroy access tokens before destroying users and word-smith method names 2021-12-26 00:46:02 +00:00			`async fn destroy_user(request: Request) -> tide::Result {`
Add delete user endpoint 2021-12-25 18:57:37 +00:00			`request.require_token().await?;`
			`let user_id = UserId(`
			`request`
			`.param("id")?`
			`.parse::<i32>()`
			`.map_err(\|error\| surf::Error::from_str(StatusCode::BadRequest, error.to_string()))?,`
			`);`

Destroy access tokens before destroying users and word-smith method names 2021-12-26 00:46:02 +00:00			`request.db().destroy_user(user_id).await?;`
Add delete user endpoint 2021-12-25 18:57:37 +00:00
			`Ok(tide::Response::builder(StatusCode::Ok).build())`
			`}`

Add an endpoint for creating an access token for a GitHub login 2021-12-21 20:05:32 +00:00			`async fn create_access_token(request: Request) -> tide::Result {`
			`request.require_token().await?;`

			`let user = request`
			`.db()`
			`.get_user_by_github_login(request.param("github_login")?)`
			`.await?`
Enable authentication via the NextJS site 2021-12-22 15:19:19 +00:00			`.ok_or_else(\|\| surf::Error::from_str(StatusCode::NotFound, "user not found"))?;`
			`let access_token = auth::create_access_token(request.db(), user.id).await?;`

			`#[derive(Deserialize)]`
			`struct QueryParams {`
			`public_key: String,`
			`impersonate: Option<String>,`
			`}`

			`let query_params: QueryParams = request.query().map_err(\|_\| {`
			`surf::Error::from_str(StatusCode::UnprocessableEntity, "invalid query params")`
			`})?;`

			`let encrypted_access_token =`
			`auth::encrypt_access_token(&access_token, query_params.public_key.clone())?;`

			`let mut user_id = user.id;`
			`if let Some(impersonate) = query_params.impersonate {`
			`if user.admin {`
			`if let Some(impersonated_user) =`
			`request.db().get_user_by_github_login(&impersonate).await?`
			`{`
			`user_id = impersonated_user.id;`
			`} else {`
			`return Ok(tide::Response::builder(StatusCode::UnprocessableEntity)`
			`.body(format!(`
			`"Can't impersonate non-existent user {}",`
			`impersonate`
			`))`
			`.build());`
			`}`
			`} else {`
			`return Ok(tide::Response::builder(StatusCode::Unauthorized)`
			`.body(format!(`
			`"Can't impersonate user {} because the real user isn't an admin",`
			`impersonate`
			`))`
			`.build());`
			`}`
			`}`
Add an endpoint for creating an access token for a GitHub login 2021-12-21 20:05:32 +00:00
Enable authentication via the NextJS site 2021-12-22 15:19:19 +00:00			`Ok(tide::Response::builder(StatusCode::Ok)`
			`.body(json!({"user_id": user_id, "encrypted_access_token": encrypted_access_token}))`
Add an endpoint for creating an access token for a GitHub login 2021-12-21 20:05:32 +00:00			`.build())`
			`}`

Add the fetching of user JSON by github login with a token header 2021-12-19 16:43:13 +00:00			`#[async_trait]`
			`pub trait RequestExt {`
			`async fn require_token(&self) -> tide::Result<()>;`
			`}`

			`#[async_trait]`
			`impl RequestExt for Request {`
			`async fn require_token(&self) -> tide::Result<()> {`
			`let token = self`
			`.header("Authorization")`
			`.and_then(\|header\| header.get(0))`
			`.and_then(\|header\| header.as_str().strip_prefix("token "))`
			`.ok_or_else(\|\| surf::Error::from_str(403, "invalid authorization header"))?;`

			`if token == self.state().config.api_token {`
			`Ok(())`
			`} else {`
			`Err(tide::Error::from_str(403, "invalid authorization token"))`
			`}`
			`}`
			`}`