Plume/src/api/mod.rs

#![warn(clippy::too_many_arguments)]
use rocket::{
    request::{Form, Request},
    response::{self, Responder},
};
use rocket_contrib::json::Json;

use plume_common::utils::random_hex;
use plume_models::{api_tokens::*, apps::App, db_conn::DbConn, users::User, Error};

type Api<T> = Result<Json<T>, ApiError>;

#[derive(Debug)]
pub struct ApiError(Error);

impl From<Error> for ApiError {
    fn from(err: Error) -> ApiError {
        ApiError(err)
    }
}

impl<'r> Responder<'r> for ApiError {
    fn respond_to(self, req: &Request<'_>) -> response::Result<'r> {
        match self.0 {
            Error::NotFound => Json(json!({
                "error": "Not found"
            }))
            .respond_to(req),
            Error::Unauthorized => Json(json!({
                "error": "You are not authorized to access this resource"
            }))
            .respond_to(req),
            _ => Json(json!({
                "error": "Server error"
            }))
            .respond_to(req),
        }
    }
}

#[derive(FromForm)]
pub struct OAuthRequest {
    client_id: String,
    client_secret: String,
    password: String,
    username: String,
    scopes: String,
}

#[get("/oauth2?<query..>")]
pub fn oauth(query: Form<OAuthRequest>, conn: DbConn) -> Result<Json<serde_json::Value>, ApiError> {
    let app = App::find_by_client_id(&conn, &query.client_id)?;
    if app.client_secret == query.client_secret {
        if let Ok(user) = User::login(&conn, &query.username, &query.password) {
            let token = ApiToken::insert(
                &conn,
                NewApiToken {
                    app_id: app.id,
                    user_id: user.id,
                    value: random_hex(),
                    scopes: query.scopes.clone(),
                },
            )?;
            Ok(Json(json!({
                "token": token.value
            })))
        } else {
            Ok(Json(json!({
                "error": "Invalid credentials"
            })))
        }
    } else {
        Ok(Json(json!({
            "error": "Invalid client_secret"
        })))
    }
}

pub mod apps;
pub mod authorization;
pub mod posts;
Refactor with the help of Clippy (#462) We add clippy as our build — also rectifying the missing `plume-cli` build! In the next step we follow clippy's advise and fix some of the "simple" mistakes in our code, such as style or map usage. Finally, we refactor some hard bits that need extraction of new types, or refactoring of function call-types, especially those that thread thru macros, and, of course functions with ~15 parameters should probably be rethought. 2019-03-19 14:37:56 +01:00			`#![warn(clippy::too_many_arguments)]`
Run 'cargo fmt' to format code (#489) 2019-03-20 17:56:17 +01:00			`use rocket::{`
			`request::{Form, Request},`
			`response::{self, Responder},`
			`};`
Use Ructe (#327) All the template are now compiled at compile-time with the `ructe` crate. I preferred to use it instead of askama because it allows more complex Rust expressions, where askama only supports a small subset of expressions and doesn't allow them everywhere (for instance, `{{ macro!() \| filter }}` would result in a parsing error). The diff is quite huge, but there is normally no changes in functionality. Fixes #161 and unblocks #110 and #273 2018-12-06 18:54:16 +01:00			`use rocket_contrib::json::Json;`
Add an ApiToken model, and an endpoint to get one 2018-10-22 15:30:04 +02:00
			`use plume_common::utils::random_hex;`
Replace PlumeRocket.conn with DbConn 2021-01-30 13:44:29 +01:00			`use plume_models::{api_tokens::*, apps::App, db_conn::DbConn, users::User, Error};`
Add an ApiToken model, and an endpoint to get one 2018-10-22 15:30:04 +02:00
Remove Canapi (#540) * Remove Canapi It added more complexity than it helped. * Fail if there are many blog, but none was specified * cargo fmt 2019-04-28 23:17:21 +02:00			`type Api<T> = Result<Json<T>, ApiError>;`

Avoid panics (#392) - Use `Result` as much as possible - Display errors instead of panicking TODO (maybe in another PR? this one is already quite big): - Find a way to merge Ructe/ErrorPage types, so that we can have routes returning `Result<X, ErrorPage>` instead of panicking when we have an `Error` - Display more details about the error, to make it easier to debug (sorry, this isn't going to be fun to review, the diff is huge, but it is always the same changes) 2018-12-29 09:36:07 +01:00			`#[derive(Debug)]`
			`pub struct ApiError(Error);`

			`impl From<Error> for ApiError {`
			`fn from(err: Error) -> ApiError {`
			`ApiError(err)`
			`}`
			`}`

			`impl<'r> Responder<'r> for ApiError {`
Rust 2018! (#726) 2020-01-21 07:02:03 +01:00			`fn respond_to(self, req: &Request<'_>) -> response::Result<'r> {`
Avoid panics (#392) - Use `Result` as much as possible - Display errors instead of panicking TODO (maybe in another PR? this one is already quite big): - Find a way to merge Ructe/ErrorPage types, so that we can have routes returning `Result<X, ErrorPage>` instead of panicking when we have an `Error` - Display more details about the error, to make it easier to debug (sorry, this isn't going to be fun to review, the diff is huge, but it is always the same changes) 2018-12-29 09:36:07 +01:00			`match self.0 {`
			`Error::NotFound => Json(json!({`
			`"error": "Not found"`
Run 'cargo fmt' to format code (#489) 2019-03-20 17:56:17 +01:00			`}))`
			`.respond_to(req),`
Avoid panics (#392) - Use `Result` as much as possible - Display errors instead of panicking TODO (maybe in another PR? this one is already quite big): - Find a way to merge Ructe/ErrorPage types, so that we can have routes returning `Result<X, ErrorPage>` instead of panicking when we have an `Error` - Display more details about the error, to make it easier to debug (sorry, this isn't going to be fun to review, the diff is huge, but it is always the same changes) 2018-12-29 09:36:07 +01:00			`Error::Unauthorized => Json(json!({`
			`"error": "You are not authorized to access this resource"`
Run 'cargo fmt' to format code (#489) 2019-03-20 17:56:17 +01:00			`}))`
			`.respond_to(req),`
Avoid panics (#392) - Use `Result` as much as possible - Display errors instead of panicking TODO (maybe in another PR? this one is already quite big): - Find a way to merge Ructe/ErrorPage types, so that we can have routes returning `Result<X, ErrorPage>` instead of panicking when we have an `Error` - Display more details about the error, to make it easier to debug (sorry, this isn't going to be fun to review, the diff is huge, but it is always the same changes) 2018-12-29 09:36:07 +01:00			`_ => Json(json!({`
			`"error": "Server error"`
Run 'cargo fmt' to format code (#489) 2019-03-20 17:56:17 +01:00			`}))`
			`.respond_to(req),`
Avoid panics (#392) - Use `Result` as much as possible - Display errors instead of panicking TODO (maybe in another PR? this one is already quite big): - Find a way to merge Ructe/ErrorPage types, so that we can have routes returning `Result<X, ErrorPage>` instead of panicking when we have an `Error` - Display more details about the error, to make it easier to debug (sorry, this isn't going to be fun to review, the diff is huge, but it is always the same changes) 2018-12-29 09:36:07 +01:00			`}`
			`}`
			`}`

Add an ApiToken model, and an endpoint to get one 2018-10-22 15:30:04 +02:00			`#[derive(FromForm)]`
Use Ructe (#327) All the template are now compiled at compile-time with the `ructe` crate. I preferred to use it instead of askama because it allows more complex Rust expressions, where askama only supports a small subset of expressions and doesn't allow them everywhere (for instance, `{{ macro!() \| filter }}` would result in a parsing error). The diff is quite huge, but there is normally no changes in functionality. Fixes #161 and unblocks #110 and #273 2018-12-06 18:54:16 +01:00			`pub struct OAuthRequest {`
Add an ApiToken model, and an endpoint to get one 2018-10-22 15:30:04 +02:00			`client_id: String,`
			`client_secret: String,`
			`password: String,`
			`username: String,`
			`scopes: String,`
			`}`

Use Ructe (#327) All the template are now compiled at compile-time with the `ructe` crate. I preferred to use it instead of askama because it allows more complex Rust expressions, where askama only supports a small subset of expressions and doesn't allow them everywhere (for instance, `{{ macro!() \| filter }}` would result in a parsing error). The diff is quite huge, but there is normally no changes in functionality. Fixes #161 and unblocks #110 and #273 2018-12-06 18:54:16 +01:00			`#[get("/oauth2?<query..>")]`
Replace PlumeRocket.conn with DbConn 2021-01-30 13:44:29 +01:00			`pub fn oauth(query: Form<OAuthRequest>, conn: DbConn) -> Result<Json<serde_json::Value>, ApiError> {`
			`let app = App::find_by_client_id(&conn, &query.client_id)?;`
Add an ApiToken model, and an endpoint to get one 2018-10-22 15:30:04 +02:00			`if app.client_secret == query.client_secret {`
Replace PlumeRocket.conn with DbConn 2021-01-30 13:44:29 +01:00			`if let Ok(user) = User::login(&conn, &query.username, &query.password) {`
refactor login first step toward ldap should have no functionnal change 2020-10-03 13:21:31 +02:00			`let token = ApiToken::insert(`
Replace PlumeRocket.conn with DbConn 2021-01-30 13:44:29 +01:00			`&conn,`
refactor login first step toward ldap should have no functionnal change 2020-10-03 13:21:31 +02:00			`NewApiToken {`
			`app_id: app.id,`
			`user_id: user.id,`
			`value: random_hex(),`
			`scopes: query.scopes.clone(),`
			`},`
			`)?;`
			`Ok(Json(json!({`
			`"token": token.value`
			`})))`
Add an ApiToken model, and an endpoint to get one 2018-10-22 15:30:04 +02:00			`} else {`
Avoid panics (#392) - Use `Result` as much as possible - Display errors instead of panicking TODO (maybe in another PR? this one is already quite big): - Find a way to merge Ructe/ErrorPage types, so that we can have routes returning `Result<X, ErrorPage>` instead of panicking when we have an `Error` - Display more details about the error, to make it easier to debug (sorry, this isn't going to be fun to review, the diff is huge, but it is always the same changes) 2018-12-29 09:36:07 +01:00			`Ok(Json(json!({`
Make it impossible to know if an username is used or not with the API 2018-10-23 11:50:52 +02:00			`"error": "Invalid credentials"`
Avoid panics (#392) - Use `Result` as much as possible - Display errors instead of panicking TODO (maybe in another PR? this one is already quite big): - Find a way to merge Ructe/ErrorPage types, so that we can have routes returning `Result<X, ErrorPage>` instead of panicking when we have an `Error` - Display more details about the error, to make it easier to debug (sorry, this isn't going to be fun to review, the diff is huge, but it is always the same changes) 2018-12-29 09:36:07 +01:00			`})))`
Add an ApiToken model, and an endpoint to get one 2018-10-22 15:30:04 +02:00			`}`
			`} else {`
Avoid panics (#392) - Use `Result` as much as possible - Display errors instead of panicking TODO (maybe in another PR? this one is already quite big): - Find a way to merge Ructe/ErrorPage types, so that we can have routes returning `Result<X, ErrorPage>` instead of panicking when we have an `Error` - Display more details about the error, to make it easier to debug (sorry, this isn't going to be fun to review, the diff is huge, but it is always the same changes) 2018-12-29 09:36:07 +01:00			`Ok(Json(json!({`
Add an ApiToken model, and an endpoint to get one 2018-10-22 15:30:04 +02:00			`"error": "Invalid client_secret"`
Avoid panics (#392) - Use `Result` as much as possible - Display errors instead of panicking TODO (maybe in another PR? this one is already quite big): - Find a way to merge Ructe/ErrorPage types, so that we can have routes returning `Result<X, ErrorPage>` instead of panicking when we have an `Error` - Display more details about the error, to make it easier to debug (sorry, this isn't going to be fun to review, the diff is huge, but it is always the same changes) 2018-12-29 09:36:07 +01:00			`})))`
Add an ApiToken model, and an endpoint to get one 2018-10-22 15:30:04 +02:00			`}`
			`}`

Add an API endpoint to register apps 2018-10-21 18:22:27 +02:00			`pub mod apps;`
New request guard: Authorization<Action, Scope> Filter requests that don't have an API token authorized to read or write a specific scope; 2018-10-23 11:37:24 +02:00			`pub mod authorization;`
Add canapi and try to use for the API 2018-09-19 16:49:34 +02:00			`pub mod posts;`