diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-12-09 13:07:14 +0100 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-12-09 13:07:14 +0100 |
| commit | c91dce4f77ae12453203f0a28b91efb6533cc095 (patch) | |
| tree | 4f50e755dff7f717d45309b08f9fe2c8c87f88bd /crates/rocie-server/src/api | |
| parent | chore(rocie-client): Regenerate (diff) | |
| download | server-c91dce4f77ae12453203f0a28b91efb6533cc095.zip | |
feat(rocie-server): Implement basic user handling and authentication
Diffstat (limited to 'crates/rocie-server/src/api')
22 files changed, 736 insertions, 163 deletions
diff --git a/crates/rocie-server/src/api/get/inventory.rs b/crates/rocie-server/src/api/get/auth/inventory.rs index d1ca436..24a8e3d 100644 --- a/crates/rocie-server/src/api/get/inventory.rs +++ b/crates/rocie-server/src/api/get/auth/inventory.rs @@ -1,8 +1,12 @@ +use actix_identity::Identity; use actix_web::{HttpResponse, Responder, Result, get, web}; use crate::{ app::App, - storage::sql::{product::{ProductId, ProductIdStub}, product_amount::ProductAmount}, + storage::sql::{ + product::{ProductId, ProductIdStub}, + product_amount::ProductAmount, + }, }; /// Get the amount of an product @@ -18,6 +22,10 @@ use crate::{ description = "Product not found in database" ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String @@ -34,6 +42,7 @@ use crate::{ pub(crate) async fn amount_by_id( app: web::Data<App>, id: web::Path<ProductIdStub>, + _user: Identity, ) -> Result<impl Responder> { let id = id.into_inner(); diff --git a/crates/rocie-server/src/api/get/auth/mod.rs b/crates/rocie-server/src/api/get/auth/mod.rs new file mode 100644 index 0000000..c51f6a7 --- /dev/null +++ b/crates/rocie-server/src/api/get/auth/mod.rs @@ -0,0 +1,32 @@ +use actix_web::web; + +pub(crate) mod inventory; +pub(crate) mod product; +pub(crate) mod product_parent; +pub(crate) mod recipe; +pub(crate) mod unit; +pub(crate) mod unit_property; +pub(crate) mod user; + +pub(crate) fn register_paths(cfg: &mut web::ServiceConfig) { + cfg.service(inventory::amount_by_id) + .service(product::product_by_id) + .service(product::product_by_name) + .service(product::product_suggestion_by_name) + .service(product::products_by_product_parent_id_direct) + .service(product::products_by_product_parent_id_indirect) + .service(product::products_in_storage) + .service(product::products_registered) + .service(product_parent::product_parents) + .service(product_parent::product_parents_toplevel) + .service(product_parent::product_parents_under) + .service(recipe::recipe_by_id) + .service(recipe::recipes) + .service(unit::unit_by_id) + .service(unit::units) + .service(unit::units_by_property_id) + .service(unit_property::unit_properties) + .service(unit_property::unit_property_by_id) + .service(user::users) + .service(user::user_by_id); +} diff --git a/crates/rocie-server/src/api/get/product.rs b/crates/rocie-server/src/api/get/auth/product.rs index 4216f9b..1a1e31d 100644 --- a/crates/rocie-server/src/api/get/product.rs +++ b/crates/rocie-server/src/api/get/auth/product.rs @@ -1,3 +1,4 @@ +use actix_identity::Identity; use actix_web::{HttpRequest, HttpResponse, Responder, Result, get, web}; use log::info; use percent_encoding::percent_decode_str; @@ -31,23 +32,43 @@ impl UrlEncodedString { /// Get Product by id #[utoipa::path( responses( - (status = OK, description = "Product found from database", body = Product), - (status = NOT_FOUND, description = "Product not found in database"), - (status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String) + ( + status = OK, + description = "Product found from database", + body = Product + ), + ( + status = NOT_FOUND, + description = "Product not found in database" + ), + ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) ), params( - ("id" = ProductId, description = "Product id" ), + ( + "id" = ProductId, + description = "Product id" + ), ) )] #[get("/product/by-id/{id}")] pub(crate) async fn product_by_id( app: web::Data<App>, id: web::Path<ProductIdStub>, + _user: Identity, ) -> Result<impl Responder> { let id = id.into_inner(); match Product::from_id(&app, id.into()).await? { Some(product) => Ok(HttpResponse::Ok().json(product)), + None => Ok(HttpResponse::NotFound().finish()), } } @@ -55,12 +76,30 @@ pub(crate) async fn product_by_id( /// Get Product by name #[utoipa::path( responses( - (status = OK, description = "Product found from database", body = Product), - (status = NOT_FOUND, description = "Product not found in database"), - (status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String) + ( + status = OK, + description = "Product found from database", + body = Product + ), + ( + status = NOT_FOUND, + description = "Product not found in database" + ), + ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) ), params( - ("name" = String, description = "Name of the product" ), + ( + "name" = String, + description = "Name of the product" + ), ) )] #[get("/product/by-name/{name}")] @@ -68,6 +107,7 @@ pub(crate) async fn product_by_name( app: web::Data<App>, req: HttpRequest, name: web::Path<String>, + _user: Identity, ) -> Result<impl Responder> { drop(name); @@ -80,6 +120,7 @@ pub(crate) async fn product_by_name( match Product::from_name(&app, name).await? { Some(product) => Ok(HttpResponse::Ok().json(product)), + None => Ok(HttpResponse::NotFound().finish()), } } @@ -87,11 +128,26 @@ pub(crate) async fn product_by_name( /// Get Product suggestion by name #[utoipa::path( responses( - (status = OK, description = "Product suggestions found from database", body = Vec<Product>), - (status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String) + ( + status = OK, + description = "Product suggestions found from database", + body = Vec<Product> + ), + ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) ), params( - ("name" = String, description = "Partial name of a product" ), + ( + "name" = String, + description = "Partial name of a product" + ), ) )] #[get("/product/by-part-name/{name}")] @@ -99,6 +155,7 @@ pub(crate) async fn product_suggestion_by_name( app: web::Data<App>, req: HttpRequest, name: web::Path<String>, + _user: Identity, ) -> Result<impl Responder> { drop(name); @@ -122,12 +179,27 @@ pub(crate) async fn product_suggestion_by_name( /// Return all registered products #[utoipa::path( responses( - (status = OK, description = "All products found", body = Vec<Product>), - (status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String) + ( + status = OK, + description = "All products found", + body = Vec<Product> + ), + ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) ), )] #[get("/products_registered/")] -pub(crate) async fn products_registered(app: web::Data<App>) -> Result<impl Responder> { +pub(crate) async fn products_registered( + app: web::Data<App>, + _user: Identity, +) -> Result<impl Responder> { let all = Product::get_all(&app).await?; Ok(HttpResponse::Ok().json(all)) @@ -136,12 +208,27 @@ pub(crate) async fn products_registered(app: web::Data<App>) -> Result<impl Resp /// Return all products, which non-null amount in storage #[utoipa::path( responses( - (status = OK, description = "All products found", body = Vec<Product>), - (status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String) + ( + status = OK, + description = "All products found", + body = Vec<Product> + ), + ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) ), )] #[get("/products_in_storage/")] -pub(crate) async fn products_in_storage(app: web::Data<App>) -> Result<impl Responder> { +pub(crate) async fn products_in_storage( + app: web::Data<App>, + _user: Identity, +) -> Result<impl Responder> { let all = Product::get_all(&app).await?; let mut output_products = Vec::with_capacity(all.len()); @@ -161,18 +248,37 @@ pub(crate) async fn products_in_storage(app: web::Data<App>) -> Result<impl Resp /// This will also return all products below this product parent id #[utoipa::path( responses( - (status = OK, description = "Products found from database", body = Vec<Product>), - (status = NOT_FOUND, description = "Product parent id not found in database"), - (status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String) + ( + status = OK, + description = "Products found from database", + body = Vec<Product> + ), + ( + status = NOT_FOUND, + description = "Product parent id not found in database" + ), + ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) ), params( - ("id" = ProductParentId, description = "Product parent id" ), + ( + "id" = ProductParentId, + description = "Product parent id" + ), ) )] #[get("/product/by-product-parent-id-indirect/{id}")] pub(crate) async fn products_by_product_parent_id_indirect( app: web::Data<App>, id: web::Path<ProductParentIdStub>, + _user: Identity, ) -> Result<impl Responder> { let id = id.into_inner(); @@ -208,18 +314,37 @@ pub(crate) async fn products_by_product_parent_id_indirect( /// This will only return products directly associated with this product parent id #[utoipa::path( responses( - (status = OK, description = "Products found from database", body = Vec<Product>), - (status = NOT_FOUND, description = "Product parent id not found in database"), - (status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String) + ( + status = OK, + description = "Products found from database", + body = Vec<Product> + ), + ( + status = NOT_FOUND, + description = "Product parent id not found in database" + ), + ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) ), params( - ("id" = ProductParentId, description = "Product parent id" ), + ( + "id" = ProductParentId, + description = "Product parent id" + ), ) )] #[get("/product/by-product-parent-id-direct/{id}")] pub(crate) async fn products_by_product_parent_id_direct( app: web::Data<App>, id: web::Path<ProductParentIdStub>, + _user: Identity, ) -> Result<impl Responder> { let id = id.into_inner(); diff --git a/crates/rocie-server/src/api/get/auth/product_parent.rs b/crates/rocie-server/src/api/get/auth/product_parent.rs new file mode 100644 index 0000000..6c3351d --- /dev/null +++ b/crates/rocie-server/src/api/get/auth/product_parent.rs @@ -0,0 +1,111 @@ +use actix_identity::Identity; +use actix_web::{HttpResponse, Responder, error::Result, get, web}; + +use crate::{ + app::App, + storage::sql::product_parent::{ProductParent, ProductParentId, ProductParentIdStub}, +}; + +/// Return all registered product parents +#[utoipa::path( + responses( + ( + status = OK, + description = "All parents found", + body = Vec<ProductParent> + ), + ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) + ), +)] +#[get("/product_parents/")] +pub(crate) async fn product_parents( + app: web::Data<App>, + _user: Identity, +) -> Result<impl Responder> { + let all: Vec<ProductParent> = ProductParent::get_all(&app).await?; + + Ok(HttpResponse::Ok().json(all)) +} + +/// Return all registered product parents, that have no parents themselves +#[utoipa::path( + responses( + ( + status = OK, + description = "All parents found", + body = Vec<ProductParent> + ), + ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) + ), +)] +#[get("/product_parents_toplevel/")] +pub(crate) async fn product_parents_toplevel( + app: web::Data<App>, + _user: Identity, +) -> Result<impl Responder> { + let all: Vec<ProductParent> = ProductParent::get_all(&app) + .await? + .into_iter() + .filter(|parent| parent.parent.is_none()) + .collect(); + + Ok(HttpResponse::Ok().json(all)) +} + +/// Return all parents, that have this parent as parent +#[utoipa::path( + responses( + ( + status = OK, + description = "All parents found", + body = Vec<ProductParent> + ), + ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) + ), + params( + ( + "id" = ProductParentId, + description = "Product parent id" + ), + ), +)] +#[get("/product_parents_under/{id}")] +pub(crate) async fn product_parents_under( + app: web::Data<App>, + id: web::Path<ProductParentIdStub>, + _user: Identity, +) -> Result<impl Responder> { + let id = id.into_inner().into(); + + let all: Vec<_> = ProductParent::get_all(&app) + .await? + .into_iter() + .filter(|parent| parent.parent.is_some_and(|found| found == id)) + .collect(); + + Ok(HttpResponse::Ok().json(all)) +} diff --git a/crates/rocie-server/src/api/get/recipe.rs b/crates/rocie-server/src/api/get/auth/recipe.rs index 70bab39..cb80597 100644 --- a/crates/rocie-server/src/api/get/recipe.rs +++ b/crates/rocie-server/src/api/get/auth/recipe.rs @@ -1,3 +1,4 @@ +use actix_identity::Identity; use actix_web::{HttpResponse, Responder, error::Result, get, web}; use crate::{ @@ -14,6 +15,10 @@ use crate::{ body = Recipe, ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = NOT_FOUND, description = "Recipe not found in database" ), @@ -34,6 +39,7 @@ use crate::{ pub(crate) async fn recipe_by_id( app: web::Data<App>, id: web::Path<RecipeIdStub>, + _user: Identity, ) -> Result<impl Responder> { let id = id.into_inner(); @@ -52,6 +58,10 @@ pub(crate) async fn recipe_by_id( body = Recipe, ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String @@ -59,7 +69,7 @@ pub(crate) async fn recipe_by_id( ), )] #[get("/recipe/all")] -pub(crate) async fn recipes(app: web::Data<App>) -> Result<impl Responder> { +pub(crate) async fn recipes(app: web::Data<App>, _user: Identity) -> Result<impl Responder> { let all = Recipe::get_all(&app).await?; Ok(HttpResponse::Ok().json(all)) diff --git a/crates/rocie-server/src/api/get/unit.rs b/crates/rocie-server/src/api/get/auth/unit.rs index caafaa3..980d9c7 100644 --- a/crates/rocie-server/src/api/get/unit.rs +++ b/crates/rocie-server/src/api/get/auth/unit.rs @@ -1,3 +1,4 @@ +use actix_identity::Identity; use actix_web::{HttpResponse, Responder, Result, get, web}; use crate::{ @@ -17,6 +18,10 @@ use crate::{ body = Vec<Unit> ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String @@ -24,7 +29,7 @@ use crate::{ ), )] #[get("/units/")] -pub(crate) async fn units(app: web::Data<App>) -> Result<impl Responder> { +pub(crate) async fn units(app: web::Data<App>, _user: Identity) -> Result<impl Responder> { let all = Unit::get_all(&app).await?; Ok(HttpResponse::Ok().json(all)) @@ -39,6 +44,10 @@ pub(crate) async fn units(app: web::Data<App>) -> Result<impl Responder> { body = Vec<Unit> ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String @@ -55,6 +64,7 @@ pub(crate) async fn units(app: web::Data<App>) -> Result<impl Responder> { pub(crate) async fn units_by_property_id( app: web::Data<App>, id: web::Path<UnitPropertyIdStub>, + _user: Identity, ) -> Result<impl Responder> { let id = id.into_inner(); let all = Unit::get_all(&app) @@ -75,6 +85,10 @@ pub(crate) async fn units_by_property_id( body = Unit ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = NOT_FOUND, description = "Unit not found in database" ), @@ -95,6 +109,7 @@ pub(crate) async fn units_by_property_id( pub(crate) async fn unit_by_id( app: web::Data<App>, id: web::Path<UnitIdStub>, + _user: Identity, ) -> Result<impl Responder> { let id = id.into_inner(); diff --git a/crates/rocie-server/src/api/get/unit_property.rs b/crates/rocie-server/src/api/get/auth/unit_property.rs index 3160480..f5b070a 100644 --- a/crates/rocie-server/src/api/get/unit_property.rs +++ b/crates/rocie-server/src/api/get/auth/unit_property.rs @@ -1,10 +1,9 @@ +use actix_identity::Identity; use actix_web::{HttpResponse, Responder, Result, get, web}; use crate::{ app::App, - storage::sql::{ - unit_property::{UnitProperty, UnitPropertyId, UnitPropertyIdStub}, - }, + storage::sql::unit_property::{UnitProperty, UnitPropertyId, UnitPropertyIdStub}, }; /// Return all registered unit properties @@ -16,6 +15,10 @@ use crate::{ body = Vec<UnitProperty> ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String @@ -23,7 +26,10 @@ use crate::{ ), )] #[get("/unit-properties/")] -pub(crate) async fn unit_properties(app: web::Data<App>) -> Result<impl Responder> { +pub(crate) async fn unit_properties( + app: web::Data<App>, + _user: Identity, +) -> Result<impl Responder> { let all = UnitProperty::get_all(&app).await?; Ok(HttpResponse::Ok().json(all)) @@ -42,6 +48,10 @@ pub(crate) async fn unit_properties(app: web::Data<App>) -> Result<impl Responde description = "Unit Property not found in database" ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String @@ -58,6 +68,7 @@ pub(crate) async fn unit_properties(app: web::Data<App>) -> Result<impl Responde pub(crate) async fn unit_property_by_id( app: web::Data<App>, id: web::Path<UnitPropertyIdStub>, + _user: Identity, ) -> Result<impl Responder> { let id = id.into_inner(); diff --git a/crates/rocie-server/src/api/get/auth/user.rs b/crates/rocie-server/src/api/get/auth/user.rs new file mode 100644 index 0000000..e4a5046 --- /dev/null +++ b/crates/rocie-server/src/api/get/auth/user.rs @@ -0,0 +1,85 @@ +use actix_identity::Identity; +use actix_web::{HttpResponse, Responder, Result, get, web}; + +use crate::{ + app::App, + storage::sql::user::{User, UserId, UserIdStub}, +}; + +/// Get all registered users. +#[utoipa::path( + responses( + ( + status = OK, + description = "Users found in database and fetched", + body = Vec<User>, + ), + ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) + ), +)] +#[get("/users")] +async fn users(app: web::Data<App>, _user: Identity) -> Result<impl Responder> { + let output = User::get_all(&app).await?; + + Ok(HttpResponse::Ok().json(output)) +} + +/// Get an specific user by id. +#[utoipa::path( + responses( + ( + status = OK, + description = "User found in database and fetched", + body = User, + ), + ( + status = NOT_FOUND, + description = "User not found in database" + ), + ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( + status = FORBIDDEN, + description = "The current logged in user is not allowed to access this end-point." + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) + ), + params( + ( + "id" = UserId, + description = "User id" + ), + ) +)] +#[get("/user/{id}")] +async fn user_by_id( + id: web::Path<UserIdStub>, + app: web::Data<App>, + user: Identity, +) -> Result<impl Responder> { + let id: UserId = id.into_inner().into(); + + if user.id().expect("to have one") != id.to_string() { + return Ok(HttpResponse::Forbidden() + .body("You must be logged-in as the same user, you request the info for.")); + } + + match User::from_id(&app, id).await? { + Some(user) => Ok(HttpResponse::Ok().json(user)), + None => Ok(HttpResponse::NotFound().finish()), + } +} diff --git a/crates/rocie-server/src/api/get/mod.rs b/crates/rocie-server/src/api/get/mod.rs index 487b55c..c6ee9ab 100644 --- a/crates/rocie-server/src/api/get/mod.rs +++ b/crates/rocie-server/src/api/get/mod.rs @@ -1,29 +1,2 @@ -use actix_web::web; - -pub(crate) mod inventory; -pub(crate) mod product; -pub(crate) mod product_parent; -pub(crate) mod recipe; -pub(crate) mod unit; -pub(crate) mod unit_property; - -pub(crate) fn register_paths(cfg: &mut web::ServiceConfig) { - cfg.service(product::product_by_id) - .service(product::product_by_name) - .service(product::product_suggestion_by_name) - .service(product::products_registered) - .service(product::products_in_storage) - .service(product::products_by_product_parent_id_indirect) - .service(product::products_by_product_parent_id_direct) - .service(product_parent::product_parents) - .service(product_parent::product_parents_toplevel) - .service(product_parent::product_parents_under) - .service(recipe::recipe_by_id) - .service(recipe::recipes) - .service(unit::units) - .service(unit::units_by_property_id) - .service(unit::unit_by_id) - .service(unit_property::unit_properties) - .service(unit_property::unit_property_by_id) - .service(inventory::amount_by_id); -} +pub(crate) mod auth; +pub(crate) mod no_auth; diff --git a/crates/rocie-server/src/api/get/no_auth/mod.rs b/crates/rocie-server/src/api/get/no_auth/mod.rs new file mode 100644 index 0000000..38a041c --- /dev/null +++ b/crates/rocie-server/src/api/get/no_auth/mod.rs @@ -0,0 +1,3 @@ +use actix_web::web; + +pub(crate) fn register_paths(cfg: &mut web::ServiceConfig) {} diff --git a/crates/rocie-server/src/api/get/product_parent.rs b/crates/rocie-server/src/api/get/product_parent.rs deleted file mode 100644 index a62397c..0000000 --- a/crates/rocie-server/src/api/get/product_parent.rs +++ /dev/null @@ -1,64 +0,0 @@ -use actix_web::{HttpResponse, Responder, error::Result, get, web}; - -use crate::{ - app::App, - storage::sql::product_parent::{ProductParent, ProductParentId, ProductParentIdStub}, -}; - -/// Return all registered product parents -#[utoipa::path( - responses( - (status = OK, description = "All parents found", body = Vec<ProductParent>), - (status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String) - ), -)] -#[get("/product_parents/")] -pub(crate) async fn product_parents(app: web::Data<App>) -> Result<impl Responder> { - let all: Vec<ProductParent> = ProductParent::get_all(&app).await?; - - Ok(HttpResponse::Ok().json(all)) -} - -/// Return all registered product parents, that have no parents themselves -#[utoipa::path( - responses( - (status = OK, description = "All parents found", body = Vec<ProductParent>), - (status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String) - ), -)] -#[get("/product_parents_toplevel/")] -pub(crate) async fn product_parents_toplevel(app: web::Data<App>) -> Result<impl Responder> { - let all: Vec<ProductParent> = ProductParent::get_all(&app) - .await? - .into_iter() - .filter(|parent| parent.parent.is_none()) - .collect(); - - Ok(HttpResponse::Ok().json(all)) -} - -/// Return all parents, that have this parent as parent -#[utoipa::path( - responses( - (status = OK, description = "All parents found", body = Vec<ProductParent>), - (status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String) - ), - params( - ("id" = ProductParentId, description = "Product parent id" ), - ), -)] -#[get("/product_parents_under/{id}")] -pub(crate) async fn product_parents_under( - app: web::Data<App>, - id: web::Path<ProductParentIdStub>, -) -> Result<impl Responder> { - let id = id.into_inner().into(); - - let all: Vec<_> = ProductParent::get_all(&app) - .await? - .into_iter() - .filter(|parent| parent.parent.is_some_and(|found| found == id)) - .collect(); - - Ok(HttpResponse::Ok().json(all)) -} diff --git a/crates/rocie-server/src/api/set/barcode.rs b/crates/rocie-server/src/api/set/auth/barcode.rs index bb84bbf..1d97852 100644 --- a/crates/rocie-server/src/api/set/barcode.rs +++ b/crates/rocie-server/src/api/set/auth/barcode.rs @@ -1,3 +1,4 @@ +use actix_identity::Identity; use actix_web::{HttpResponse, Responder, Result, post, web}; use log::debug; @@ -22,20 +23,31 @@ use crate::{ description = "Barcode id was not found", ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String, ) ), params( - ("barcode_id" = BarcodeId, description = "The numeric value of the barcode"), - ("times" = u16, description = "How often to buy the barcode"), + ( + "barcode_id" = BarcodeId, + description = "The numeric value of the barcode" + ), + ( + "times" = u16, + description = "How often to buy the barcode" + ), ) )] #[post("/barcode/{barcode_id}/buy/{times}")] pub(crate) async fn buy_barcode( app: web::Data<App>, path: web::Path<(BarcodeIdStub, u16)>, + _user: Identity, ) -> Result<impl Responder> { let (barcode_id, times) = path.into_inner(); @@ -69,13 +81,20 @@ pub(crate) async fn buy_barcode( description = "Barcode id was not found", ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String, ) ), params( - ("id" = BarcodeId, description = "The numeric value of the barcode"), + ( + "id" = BarcodeId, + description = "The numeric value of the barcode" + ), ), request_body = UnitAmount, )] @@ -84,6 +103,7 @@ pub(crate) async fn consume_barcode( app: web::Data<App>, barcode_id: web::Path<BarcodeIdStub>, unit_amount: web::Json<UnitAmount>, + _user: Identity, ) -> Result<impl Responder> { let mut ops = Operations::new("consume barcode unit"); diff --git a/crates/rocie-server/src/api/set/auth/mod.rs b/crates/rocie-server/src/api/set/auth/mod.rs new file mode 100644 index 0000000..4e733a9 --- /dev/null +++ b/crates/rocie-server/src/api/set/auth/mod.rs @@ -0,0 +1,21 @@ +use actix_web::web; + +pub(crate) mod barcode; +pub(crate) mod product; +pub(crate) mod product_parent; +pub(crate) mod recipe; +pub(crate) mod unit; +pub(crate) mod unit_property; +pub(crate) mod user; + +pub(crate) fn register_paths(cfg: &mut web::ServiceConfig) { + cfg.service(product::register_product) + .service(product::associate_barcode) + .service(product_parent::register_product_parent) + .service(recipe::add_recipe) + .service(unit::register_unit) + .service(unit_property::register_unit_property) + .service(barcode::consume_barcode) + .service(barcode::buy_barcode) + .service(user::register_user); +} diff --git a/crates/rocie-server/src/api/set/product.rs b/crates/rocie-server/src/api/set/auth/product.rs index 74a92d2..b2a751f 100644 --- a/crates/rocie-server/src/api/set/product.rs +++ b/crates/rocie-server/src/api/set/auth/product.rs @@ -1,3 +1,4 @@ +use actix_identity::Identity; use actix_web::{HttpResponse, Responder, Result, post, web}; use serde::Deserialize; use utoipa::ToSchema; @@ -40,6 +41,10 @@ struct ProductStub { body = ProductId, ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String, @@ -51,13 +56,15 @@ struct ProductStub { pub(crate) async fn register_product( app: web::Data<App>, product_stub: web::Json<ProductStub>, + _user: Identity, ) -> Result<impl Responder> { + let product_stub = product_stub.into_inner(); let mut ops = Operations::new("register product"); let product = Product::register( - product_stub.name.clone(), - product_stub.description.clone(), - product_stub.parent.into(), + product_stub.name, + product_stub.description, + product_stub.parent, product_stub.unit_property, &mut ops, ); @@ -79,7 +86,11 @@ pub(crate) async fn register_product( description = "Product id not found in database", ), ( - status = FORBIDDEN, + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( + status = BAD_REQUEST, description = "Unit used in request has not been registered yet", body = String, ), @@ -102,13 +113,14 @@ pub(crate) async fn associate_barcode( app: web::Data<App>, id: web::Path<ProductIdStub>, barcode: web::Json<Barcode>, + _user: Identity, ) -> Result<impl Responder> { let mut ops = Operations::new("associated barcode with product"); { let units = Unit::get_all(&app).await?; if !units.into_iter().any(|unit| unit.id == barcode.amount.unit) { - return Ok(HttpResponse::Forbidden() + return Ok(HttpResponse::BadRequest() .body("The used unit has not been registered; it cannot be used.\n")); } } diff --git a/crates/rocie-server/src/api/set/product_parent.rs b/crates/rocie-server/src/api/set/auth/product_parent.rs index f917207..416875b 100644 --- a/crates/rocie-server/src/api/set/product_parent.rs +++ b/crates/rocie-server/src/api/set/auth/product_parent.rs @@ -1,3 +1,4 @@ +use actix_identity::Identity; use actix_web::{HttpResponse, Responder, Result, post, web}; use serde::Deserialize; use utoipa::ToSchema; @@ -28,11 +29,15 @@ struct ProductParentStub { #[utoipa::path( responses( ( - status = 200, + status = OK, description = "Product parent successfully registered in database", body = ProductParentId, ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String, @@ -44,13 +49,15 @@ struct ProductParentStub { pub(crate) async fn register_product_parent( app: web::Data<App>, product_stub: web::Json<ProductParentStub>, + _user: Identity, ) -> Result<impl Responder> { + let product_stub = product_stub.into_inner(); let mut ops = Operations::new("register product parent"); let product = ProductParent::register( - product_stub.name.clone(), - product_stub.description.clone(), - product_stub.parent.into(), + product_stub.name, + product_stub.description, + product_stub.parent, &mut ops, ); diff --git a/crates/rocie-server/src/api/set/recipe.rs b/crates/rocie-server/src/api/set/auth/recipe.rs index bb5be37..43a034e 100644 --- a/crates/rocie-server/src/api/set/recipe.rs +++ b/crates/rocie-server/src/api/set/auth/recipe.rs @@ -1,5 +1,6 @@ use std::path::PathBuf; +use actix_identity::Identity; use actix_web::{HttpResponse, Responder, error::Result, post, web}; use serde::Deserialize; use utoipa::ToSchema; @@ -26,11 +27,15 @@ struct RecipeStub { #[utoipa::path( responses( ( - status = 200, + status = OK, description = "Product parent successfully registered in database", body = RecipeId, ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String, @@ -42,6 +47,7 @@ struct RecipeStub { pub(crate) async fn add_recipe( app: web::Data<App>, stub: web::Json<RecipeStub>, + _user: Identity, ) -> Result<impl Responder> { let stub = stub.into_inner(); let mut ops = Operations::new("add recipe parent"); diff --git a/crates/rocie-server/src/api/set/unit.rs b/crates/rocie-server/src/api/set/auth/unit.rs index 1671918..21d1e11 100644 --- a/crates/rocie-server/src/api/set/unit.rs +++ b/crates/rocie-server/src/api/set/auth/unit.rs @@ -1,3 +1,4 @@ +use actix_identity::Identity; use actix_web::{HttpResponse, Responder, Result, post, web}; use serde::Deserialize; use utoipa::ToSchema; @@ -26,11 +27,15 @@ struct UnitStub { #[utoipa::path( responses( ( - status = 200, + status = OK, description = "Unit successfully registered in database", body = UnitId, ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String, @@ -42,14 +47,16 @@ struct UnitStub { pub(crate) async fn register_unit( app: web::Data<App>, unit: web::Json<UnitStub>, + _user: Identity, ) -> Result<impl Responder> { + let unit = unit.into_inner(); let mut ops = Operations::new("register unit"); let unit = Unit::register( - unit.full_name_singular.clone(), - unit.full_name_plural.clone(), - unit.short_name.clone(), - unit.description.clone(), + unit.full_name_singular, + unit.full_name_plural, + unit.short_name, + unit.description, unit.unit_property, &mut ops, ); diff --git a/crates/rocie-server/src/api/set/unit_property.rs b/crates/rocie-server/src/api/set/auth/unit_property.rs index ca2960f..2958e1f 100644 --- a/crates/rocie-server/src/api/set/unit_property.rs +++ b/crates/rocie-server/src/api/set/auth/unit_property.rs @@ -1,3 +1,4 @@ +use actix_identity::Identity; use actix_web::{HttpResponse, Responder, Result, post, web}; use serde::Deserialize; use utoipa::ToSchema; @@ -24,11 +25,15 @@ struct UnitPropertyStub { #[utoipa::path( responses( ( - status = 200, + status = OK, description = "Unit property successfully registered in database", body = UnitPropertyId, ), ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( status = INTERNAL_SERVER_ERROR, description = "Server encountered error", body = String, @@ -40,6 +45,7 @@ struct UnitPropertyStub { pub(crate) async fn register_unit_property( app: web::Data<App>, unit: web::Json<UnitPropertyStub>, + _user: Identity, ) -> Result<impl Responder> { let mut ops = Operations::new("register unit property"); diff --git a/crates/rocie-server/src/api/set/auth/user.rs b/crates/rocie-server/src/api/set/auth/user.rs new file mode 100644 index 0000000..1f262d5 --- /dev/null +++ b/crates/rocie-server/src/api/set/auth/user.rs @@ -0,0 +1,63 @@ +use actix_identity::Identity; +use actix_web::{HttpResponse, Responder, Result, post, web}; +use serde::Deserialize; +use utoipa::ToSchema; + +use crate::{ + app::App, + storage::sql::{ + insert::Operations, + user::{PasswordHash, User, UserId}, + }, +}; + +#[derive(Deserialize, ToSchema)] +pub(crate) struct UserStub { + /// The name of the new user. + pub(crate) name: String, + + /// The password of the new user. + pub(crate) password: String, + + /// An optional description of the new user. + #[schema(nullable = false)] + pub(crate) description: Option<String>, +} + +/// Register an new User +#[utoipa::path( + responses( + ( + status = OK, + description = "User successfully registered in database", + body = UserId, + ), + ( + status = UNAUTHORIZED, + description = "You did not login before calling this endpoint", + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String, + ) + ), + request_body = UserStub, +)] +#[post("/user/new")] +pub(crate) async fn register_user( + app: web::Data<App>, + new_user: web::Json<UserStub>, + _user: Identity, +) -> Result<impl Responder> { + let user = new_user.into_inner(); + + let mut ops = Operations::new("register user"); + + let password_hash = PasswordHash::from_password(&user.password); + let user = User::register(user.name, password_hash, user.description, &mut ops); + + ops.apply(&app).await?; + + Ok(HttpResponse::Ok().json(user.id)) +} diff --git a/crates/rocie-server/src/api/set/mod.rs b/crates/rocie-server/src/api/set/mod.rs index a6037b9..c6ee9ab 100644 --- a/crates/rocie-server/src/api/set/mod.rs +++ b/crates/rocie-server/src/api/set/mod.rs @@ -1,19 +1,2 @@ -use actix_web::web; - -pub(crate) mod barcode; -pub(crate) mod product; -pub(crate) mod product_parent; -pub(crate) mod recipe; -pub(crate) mod unit; -pub(crate) mod unit_property; - -pub(crate) fn register_paths(cfg: &mut web::ServiceConfig) { - cfg.service(product::register_product) - .service(product::associate_barcode) - .service(product_parent::register_product_parent) - .service(recipe::add_recipe) - .service(unit::register_unit) - .service(unit_property::register_unit_property) - .service(barcode::consume_barcode) - .service(barcode::buy_barcode); -} +pub(crate) mod auth; +pub(crate) mod no_auth; diff --git a/crates/rocie-server/src/api/set/no_auth/mod.rs b/crates/rocie-server/src/api/set/no_auth/mod.rs new file mode 100644 index 0000000..27783fc --- /dev/null +++ b/crates/rocie-server/src/api/set/no_auth/mod.rs @@ -0,0 +1,7 @@ +use actix_web::web; + +pub(crate) mod user; + +pub(crate) fn register_paths(cfg: &mut web::ServiceConfig) { + cfg.service(user::login).service(user::logout).service(user::provision); +} diff --git a/crates/rocie-server/src/api/set/no_auth/user.rs b/crates/rocie-server/src/api/set/no_auth/user.rs new file mode 100644 index 0000000..7acb482 --- /dev/null +++ b/crates/rocie-server/src/api/set/no_auth/user.rs @@ -0,0 +1,131 @@ +use actix_identity::Identity; +use actix_web::{HttpMessage, HttpRequest, HttpResponse, Responder, Result, post, web}; +use serde::{Deserialize, Serialize}; +use utoipa::ToSchema; + +use crate::{ + api::set::auth::user::UserStub, + app::App, + storage::sql::{ + insert::Operations, + user::{PasswordHash, User, UserId}, + }, +}; + +#[derive(ToSchema, Deserialize, Serialize)] +struct LoginInfo { + /// The id of the user. + id: UserId, + + /// The password of the user. + password: String, +} + +/// Log in as a specific user +#[utoipa::path( + responses( + ( + status = OK, + description = "User logged in", + ), + ( + status = NOT_FOUND, + description = "User id not found" + ), + ( + status = FORBIDDEN, + description = "Password did not match" + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) + ), + request_body = LoginInfo, +)] +#[post("/login")] +async fn login( + request: HttpRequest, + app: web::Data<App>, + info: web::Json<LoginInfo>, +) -> Result<impl Responder> { + let info = info.into_inner(); + + if let Some(user) = User::from_id(&app, info.id).await? { + if user.password_hash.verify(&info.password) { + Identity::login(&request.extensions(), info.id.to_string())?; + Ok(HttpResponse::Ok().finish()) + } else { + Ok(HttpResponse::Forbidden().finish()) + } + } else { + Ok(HttpResponse::NotFound().finish()) + } +} + +/// Log the current user out +#[utoipa::path( + responses( + ( + status = OK, + description = "User logged out", + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) + ), +)] +#[post("/logout")] +async fn logout(user: Identity) -> impl Responder { + user.logout(); + HttpResponse::Ok() +} + +/// Provision this instance. +/// +/// This only works, if no users exist yet. +#[utoipa::path( + responses( + ( + status = OK, + description = "User created and logged in", + body = UserId, + ), + ( + status = FORBIDDEN, + description = "Instance already provisioned", + ), + ( + status = INTERNAL_SERVER_ERROR, + description = "Server encountered error", + body = String + ) + ), + request_body = UserStub, +)] +#[post("/provision")] +async fn provision( + request: HttpRequest, + app: web::Data<App>, + new_user: web::Json<UserStub>, +) -> Result<impl Responder> { + if User::get_all(&app).await?.is_empty() { + let user = new_user.into_inner(); + + let mut ops = Operations::new("register user (during provisioning)"); + + let password_hash = PasswordHash::from_password(&user.password); + let user = User::register(user.name, password_hash, user.description, &mut ops); + + ops.apply(&app).await?; + + Identity::login(&request.extensions(), user.id.to_string())?; + + Ok(HttpResponse::Ok().json(user.id)) + } else { + Ok(HttpResponse::Forbidden().finish()) + } +} |