1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
use actix_identity::Identity;
use actix_web::{HttpResponse, Responder, Result, get, web};
use crate::{
app::App,
storage::sql::user::{User, UserId, UserIdStub},
};
/// Get all registered users.
#[utoipa::path(
responses(
(
status = OK,
description = "Users found in database and fetched",
body = Vec<User>,
),
(
status = UNAUTHORIZED,
description = "You did not login before calling this endpoint",
),
(
status = INTERNAL_SERVER_ERROR,
description = "Server encountered error",
body = String
)
),
)]
#[get("/users")]
async fn users(app: web::Data<App>, _user: Identity) -> Result<impl Responder> {
let output = User::get_all(&app).await?;
Ok(HttpResponse::Ok().json(output))
}
/// Get an specific user by id.
#[utoipa::path(
responses(
(
status = OK,
description = "User found in database and fetched",
body = User,
),
(
status = NOT_FOUND,
description = "User not found in database"
),
(
status = UNAUTHORIZED,
description = "You did not login before calling this endpoint",
),
(
status = FORBIDDEN,
description = "The current logged in user is not allowed to access this end-point."
),
(
status = INTERNAL_SERVER_ERROR,
description = "Server encountered error",
body = String
)
),
params(
(
"id" = UserId,
description = "User id"
),
)
)]
#[get("/user/{id}")]
async fn user_by_id(
id: web::Path<UserIdStub>,
app: web::Data<App>,
user: Identity,
) -> Result<impl Responder> {
let id: UserId = id.into_inner().into();
if user.id().expect("to have one") != id.to_string() {
return Ok(HttpResponse::Forbidden()
.body("You must be logged-in as the same user, you request the info for."));
}
match User::from_id(&app, id).await? {
Some(user) => Ok(HttpResponse::Ok().json(user)),
None => Ok(HttpResponse::NotFound().finish()),
}
}
|
