feat(rocie-server): Implement basic user handling and authentication

1 files changed, 85 insertions, 0 deletions

diff --git a/crates/rocie-server/src/api/get/auth/user.rs b/crates/rocie-server/src/api/get/auth/user.rs
new file mode 100644
index 0000000..e4a5046
--- /dev/null
+++ b/crates/rocie-server/src/api/get/auth/user.rs
@@ -0,0 +1,85 @@
+use actix_identity::Identity;
+use actix_web::{HttpResponse, Responder, Result, get, web};
+
+use crate::{
+    app::App,
+    storage::sql::user::{User, UserId, UserIdStub},
+};
+
+/// Get all registered users.
+#[utoipa::path(
+    responses(
+        (
+            status = OK,
+            description = "Users found in database and fetched",
+            body = Vec<User>,
+        ),
+        (
+            status = UNAUTHORIZED,
+            description = "You did not login before calling this endpoint",
+        ),
+        (
+            status = INTERNAL_SERVER_ERROR,
+            description = "Server encountered error",
+            body = String
+        )
+    ),
+)]
+#[get("/users")]
+async fn users(app: web::Data<App>, _user: Identity) -> Result<impl Responder> {
+    let output = User::get_all(&app).await?;
+
+    Ok(HttpResponse::Ok().json(output))
+}
+
+/// Get an specific user by id.
+#[utoipa::path(
+    responses(
+        (
+            status = OK,
+            description = "User found in database and fetched",
+            body = User,
+        ),
+        (
+            status = NOT_FOUND,
+            description = "User not found in database"
+        ),
+        (
+            status = UNAUTHORIZED,
+            description = "You did not login before calling this endpoint",
+        ),
+        (
+            status = FORBIDDEN,
+            description = "The current logged in user is not allowed to access this end-point."
+        ),
+        (
+            status = INTERNAL_SERVER_ERROR,
+            description = "Server encountered error",
+            body = String
+        )
+    ),
+    params(
+        (
+            "id" = UserId,
+            description = "User id"
+        ),
+    )
+)]
+#[get("/user/{id}")]
+async fn user_by_id(
+    id: web::Path<UserIdStub>,
+    app: web::Data<App>,
+    user: Identity,
+) -> Result<impl Responder> {
+    let id: UserId = id.into_inner().into();
+
+    if user.id().expect("to have one") != id.to_string() {
+        return Ok(HttpResponse::Forbidden()
+            .body("You must be logged-in as the same user, you request the info for."));
+    }
+
+    match User::from_id(&app, id).await? {
+        Some(user) => Ok(HttpResponse::Ok().json(user)),
+        None => Ok(HttpResponse::NotFound().finish()),
+    }
+}