use crate::{ get_user_from_token, routes::api::v1::{ CreateGrant, UpdateAppHomepage, UpdateAppQuotaStatus, UpdateAppRedirect, UpdateAppScopes, UpdateAppTitle, }, State, }; use axum::{Extension, Json, extract::Path, response::IntoResponse}; use axum_extra::extract::CookieJar; use tetratto_core::model::{ apps::{AppQuota, ThirdPartyApp}, oauth::{AuthGrant, PkceChallengeMethod}, permissions::FinePermission, ApiReturn, Error, }; use tetratto_shared::{hash::random_id, unix_epoch_timestamp}; use super::CreateApp; pub async fn create_request( jar: CookieJar, Extension(data): Extension, Json(req): Json, ) -> impl IntoResponse { let data = &(data.read().await).0; let user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; match data .create_app(ThirdPartyApp::new( req.title, user.id, req.homepage, req.redirect, )) .await { Ok(s) => Json(ApiReturn { ok: true, message: "App created".to_string(), payload: s.id.to_string(), }), Err(e) => Json(e.into()), } } pub async fn update_title_request( jar: CookieJar, Extension(data): Extension, Path(id): Path, Json(req): Json, ) -> impl IntoResponse { let data = &(data.read().await).0; let user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; match data.update_app_title(id, &user, &req.title).await { Ok(_) => Json(ApiReturn { ok: true, message: "App updated".to_string(), payload: (), }), Err(e) => Json(e.into()), } } pub async fn update_homepage_request( jar: CookieJar, Extension(data): Extension, Path(id): Path, Json(req): Json, ) -> impl IntoResponse { let data = &(data.read().await).0; let user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; match data.update_app_homepage(id, &user, &req.homepage).await { Ok(_) => Json(ApiReturn { ok: true, message: "App updated".to_string(), payload: (), }), Err(e) => Json(e.into()), } } pub async fn update_redirect_request( jar: CookieJar, Extension(data): Extension, Path(id): Path, Json(req): Json, ) -> impl IntoResponse { let data = &(data.read().await).0; let user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; match data.update_app_redirect(id, &user, &req.redirect).await { Ok(_) => Json(ApiReturn { ok: true, message: "App updated".to_string(), payload: (), }), Err(e) => Json(e.into()), } } pub async fn update_quota_status_request( jar: CookieJar, Extension(data): Extension, Path(id): Path, Json(req): Json, ) -> impl IntoResponse { let data = &(data.read().await).0; let user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; if !user.permissions.check(FinePermission::MANAGE_APPS) { return Json(Error::NotAllowed.into()); } match data.update_app_quota_status(id, req.quota_status).await { Ok(_) => Json(ApiReturn { ok: true, message: "App updated".to_string(), payload: (), }), Err(e) => Json(e.into()), } } pub async fn update_scopes_request( jar: CookieJar, Extension(data): Extension, Path(id): Path, Json(req): Json, ) -> impl IntoResponse { let data = &(data.read().await).0; let user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; match data.update_app_scopes(id, &user, req.scopes).await { Ok(_) => Json(ApiReturn { ok: true, message: "App updated".to_string(), payload: (), }), Err(e) => Json(e.into()), } } pub async fn delete_request( jar: CookieJar, Extension(data): Extension, Path(id): Path, ) -> impl IntoResponse { let data = &(data.read().await).0; let user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; match data.delete_app(id, &user).await { Ok(_) => Json(ApiReturn { ok: true, message: "App deleted".to_string(), payload: (), }), Err(e) => Json(e.into()), } } pub async fn grant_request( jar: CookieJar, Extension(data): Extension, Path(id): Path, Json(req): Json, ) -> impl IntoResponse { let data = &(data.read().await).0; let mut user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; let app = match data.get_app_by_id(id).await { Ok(a) => a, Err(e) => return Json(e.into()), }; if user.get_grant_by_app_id(id).is_some() { return Json(Error::MiscError("This app already has a grant".to_string()).into()); } // check number of existing grants if app.quota_status == AppQuota::Limited && app.grants >= 5 { return Json( Error::MiscError( "This app has reached its limit. Tell the owner to apply for an extension" .to_string(), ) .into(), ); } // ... let grant = AuthGrant { app: app.id, challenge: req.challenge, method: PkceChallengeMethod::S256, token: random_id(), last_updated: unix_epoch_timestamp(), scopes: app.scopes.clone(), }; user.grants.push(grant.clone()); match data.update_user_grants(user.id, user.grants).await { Ok(_) => { if let Err(e) = data.incr_app_grants(id).await { return Json(e.into()); } Json(ApiReturn { ok: true, message: "User updated".to_string(), payload: Some(grant.token), }) } Err(e) => Json(e.into()), } }