add: developer panel

crates/app/src/routes/api/v1/auth/profile.rs

@@ -3,8 +3,8 @@ use crate::{
     get_user_from_token,
     model::{ApiReturn, Error},
     routes::api::v1::{
-        AppendAssociations, DeleteUser, DisableTotp, UpdateUserIsVerified, UpdateUserPassword,
-        UpdateUserRole, UpdateUserUsername,
+        AppendAssociations, DeleteUser, DisableTotp, RefreshGrantToken, UpdateUserIsVerified,
+        UpdateUserPassword, UpdateUserRole, UpdateUserUsername,
     },
     State,
 };
@@ -31,7 +31,10 @@ use tetratto_core::{
 
 #[cfg(feature = "redis")]
 use tetratto_core::cache::redis::Commands;
-use tetratto_shared::hash;
+use tetratto_shared::{
+    hash::{self, random_id},
+    unix_epoch_timestamp,
+};
 
 pub async fn redirect_from_id(
     Extension(data): Extension<State>,
@@ -717,3 +720,104 @@ pub async fn get_user_gpa_request(
         payload: Some(gpa),
     });
 }
+
+/// Remove a grant token.
+pub async fn remove_grant_request(
+    jar: CookieJar,
+    Path((user_id, app_id)): Path<(usize, usize)>,
+    Extension(data): Extension<State>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let mut user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    if user_id != user.id && !user.permissions.check(FinePermission::MANAGE_USERS) {
+        return Json(Error::NotAllowed.into());
+    }
+
+    if user.get_grant_by_app_id(app_id).is_none() {
+        return Json(Error::GeneralNotFound("grant".to_string()).into());
+    }
+
+    // remove grant
+    user.grants
+        .remove(user.grants.iter().position(|x| x.app == app_id).unwrap());
+
+    if let Err(e) = data.decr_app_grants(app_id).await {
+        return Json(e.into());
+    }
+
+    // update grants
+    match data.update_user_grants(user_id, user.grants).await {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "User updated".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
+
+/// Refresh a grant token.
+pub async fn refresh_grant_request(
+    jar: CookieJar,
+    Path((user_id, app_id)): Path<(usize, usize)>,
+    Extension(data): Extension<State>,
+    Json(req): Json<RefreshGrantToken>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let mut user = if let Some(token) = jar.get("Atto-Grant") {
+        match data
+            .get_user_by_grant_token(&token.to_string().replace("Atto-Grant=", ""), false)
+            .await
+        {
+            Ok((grant, ua)) => {
+                if grant.check_verifier(&req.verifier).is_err() {
+                    return Json(Error::NotAllowed.into());
+                }
+
+                if ua.permissions.check_banned() {
+                    tetratto_core::model::auth::User::banned()
+                } else {
+                    ua
+                }
+            }
+            Err(_) => return Json(Error::NotAllowed.into()),
+        }
+    } else {
+        return Json(Error::NotAllowed.into());
+    };
+
+    if user_id != user.id && !user.permissions.check(FinePermission::MANAGE_USERS) {
+        return Json(Error::NotAllowed.into());
+    }
+
+    let mut grant = match user.get_grant_by_app_id(app_id) {
+        Some(g) => g.to_owned(),
+        None => return Json(Error::GeneralNotFound("grant".to_string()).into()),
+    };
+
+    // remove grant
+    user.grants
+        .remove(user.grants.iter().position(|x| x.app == app_id).unwrap());
+
+    // refresh token
+    let token = random_id();
+    grant.token = token.clone();
+    grant.last_updated = unix_epoch_timestamp();
+
+    // add grant
+    user.grants.push(grant);
+
+    // update grants
+    match data.update_user_grants(user_id, user.grants).await {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "User updated".to_string(),
+            payload: Some(token),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}