t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases 4 Packages Wiki Activity Actions
tetratto/crates/app/src/routes/api/v1/apps.rs

241 lines
6.5 KiB
Rust
Raw Blame History

use crate::{
get_user_from_token,
routes::api::v1::{
CreateGrant, UpdateAppHomepage, UpdateAppQuotaStatus, UpdateAppRedirect, UpdateAppScopes,
UpdateAppTitle,
},
State,
};
use axum::{Extension, Json, extract::Path, response::IntoResponse};
use axum_extra::extract::CookieJar;
use tetratto_core::model::{
apps::{AppQuota, ThirdPartyApp},
oauth::{AuthGrant, PkceChallengeMethod},
permissions::FinePermission,
ApiReturn, Error,
};
use tetratto_shared::{hash::random_id, unix_epoch_timestamp};
use super::CreateApp;
pub async fn create_request(
jar: CookieJar,
Extension(data): Extension<State>,
Json(req): Json<CreateApp>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
match data
.create_app(ThirdPartyApp::new(
req.title,
user.id,
req.homepage,
req.redirect,
))
.await
{
Ok(s) => Json(ApiReturn {
ok: true,
message: "App created".to_string(),
payload: s.id.to_string(),
}),
Err(e) => Json(e.into()),
}
}
pub async fn update_title_request(
jar: CookieJar,
Extension(data): Extension<State>,
Path(id): Path<usize>,
Json(req): Json<UpdateAppTitle>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
match data.update_app_title(id, &user, &req.title).await {
Ok(_) => Json(ApiReturn {
ok: true,
message: "App updated".to_string(),
payload: (),
}),
Err(e) => Json(e.into()),
}
}
pub async fn update_homepage_request(
jar: CookieJar,
Extension(data): Extension<State>,
Path(id): Path<usize>,
Json(req): Json<UpdateAppHomepage>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
match data.update_app_homepage(id, &user, &req.homepage).await {
Ok(_) => Json(ApiReturn {
ok: true,
message: "App updated".to_string(),
payload: (),
}),
Err(e) => Json(e.into()),
}
}
pub async fn update_redirect_request(
jar: CookieJar,
Extension(data): Extension<State>,
Path(id): Path<usize>,
Json(req): Json<UpdateAppRedirect>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
match data.update_app_redirect(id, &user, &req.redirect).await {
Ok(_) => Json(ApiReturn {
ok: true,
message: "App updated".to_string(),
payload: (),
}),
Err(e) => Json(e.into()),
}
}
pub async fn update_quota_status_request(
jar: CookieJar,
Extension(data): Extension<State>,
Path(id): Path<usize>,
Json(req): Json<UpdateAppQuotaStatus>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
if !user.permissions.check(FinePermission::MANAGE_APPS) {
return Json(Error::NotAllowed.into());
}
match data.update_app_quota_status(id, req.quota_status).await {
Ok(_) => Json(ApiReturn {
ok: true,
message: "App updated".to_string(),
payload: (),
}),
Err(e) => Json(e.into()),
}
}
pub async fn update_scopes_request(
jar: CookieJar,
Extension(data): Extension<State>,
Path(id): Path<usize>,
Json(req): Json<UpdateAppScopes>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
match data.update_app_scopes(id, &user, req.scopes).await {
Ok(_) => Json(ApiReturn {
ok: true,
message: "App updated".to_string(),
payload: (),
}),
Err(e) => Json(e.into()),
}
}
pub async fn delete_request(
jar: CookieJar,
Extension(data): Extension<State>,
Path(id): Path<usize>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
match data.delete_app(id, &user).await {
Ok(_) => Json(ApiReturn {
ok: true,
message: "App deleted".to_string(),
payload: (),
}),
Err(e) => Json(e.into()),
}
}
pub async fn grant_request(
jar: CookieJar,
Extension(data): Extension<State>,
Path(id): Path<usize>,
Json(req): Json<CreateGrant>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let mut user = match get_user_from_token!(jar, data) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
let app = match data.get_app_by_id(id).await {
Ok(a) => a,
Err(e) => return Json(e.into()),
};
if user.get_grant_by_app_id(id).is_some() {
return Json(Error::MiscError("This app already has a grant".to_string()).into());
}
// check number of existing grants
if app.quota_status == AppQuota::Limited && app.grants >= 5 {
return Json(
Error::MiscError(
"This app has reached its limit. Tell the owner to apply for an extension"
.to_string(),
)
.into(),
);
}
// ...
let grant = AuthGrant {
app: app.id,
challenge: req.challenge,
method: PkceChallengeMethod::S256,
token: random_id(),
last_updated: unix_epoch_timestamp(),
scopes: app.scopes.clone(),
};
user.grants.push(grant.clone());
match data.update_user_grants(user.id, user.grants).await {
Ok(_) => {
if let Err(e) = data.incr_app_grants(id).await {
return Json(e.into());
}
Json(ApiReturn {
ok: true,
message: "User updated".to_string(),
payload: Some(grant.token),
})
}
Err(e) => Json(e.into()),
}
}
View git blame Copy permalink