tetratto/crates/app/src/routes/api/v1/auth/ipbans.rs

use crate::{
    get_app_from_key, get_user_from_token,
    model::{ApiReturn, Error},
    routes::api::v1::CreateIpBan,
    State,
};
use axum::{extract::Path, http::HeaderMap, response::IntoResponse, Extension, Json};
use crate::cookie::CookieJar;
use tetratto_core::model::{addr::RemoteAddr, auth::IpBan, permissions::FinePermission};

/// Check if the given IP is banned.
pub async fn check_request(
    headers: HeaderMap,
    Path(ip): Path<String>,
    Extension(data): Extension<State>,
) -> impl IntoResponse {
    let data = &(data.read().await).0;
    if get_app_from_key!(data, headers).is_none() {
        return Json(Error::NotAllowed.into());
    }

    Json(ApiReturn {
        ok: true,
        message: "Success".to_string(),
        payload: data
            .get_ipban_by_addr(&RemoteAddr::from(ip.as_str()))
            .await
            .is_ok(),
    })
}

/// Create a new IP ban.
pub async fn create_request(
    jar: CookieJar,
    Path(ip): Path<String>,
    Extension(data): Extension<State>,
    Json(req): Json<CreateIpBan>,
) -> impl IntoResponse {
    let data = &(data.read().await).0;
    let user = match get_user_from_token!(jar, data) {
        Some(ua) => ua,
        None => return Json(Error::NotAllowed.into()),
    };

    if !user.permissions.check(FinePermission::MANAGE_BANS) {
        return Json(Error::NotAllowed.into());
    }

    match data
        .create_ipban(IpBan::new(
            RemoteAddr::from(ip.as_str()).prefix(None),
            user.id,
            req.reason,
        ))
        .await
    {
        Ok(_) => Json(ApiReturn {
            ok: true,
            message: "IP ban created".to_string(),
            payload: (),
        }),
        Err(e) => Json(e.into()),
    }
}

/// Delete the given IP ban.
pub async fn delete_request(
    jar: CookieJar,
    Path(ip): Path<String>,
    Extension(data): Extension<State>,
) -> impl IntoResponse {
    let data = &(data.read().await).0;
    let user = match get_user_from_token!(jar, data) {
        Some(ua) => ua,
        None => return Json(Error::NotAllowed.into()),
    };

    if !user.permissions.check(FinePermission::MANAGE_BANS) {
        return Json(Error::NotAllowed.into());
    }

    match data.delete_ipban(&ip, user).await {
        Ok(_) => Json(ApiReturn {
            ok: true,
            message: "IP ban deleted".to_string(),
            payload: (),
        }),
        Err(e) => Json(e.into()),
    }
}