Add the fetching of user JSON by github login with a token header

2021-12-19 09:43:13 -07:00 · 2021-12-19 09:43:13 -07:00 · 323e1f7367
commit 323e1f7367
parent f4b9772ec2
3 changed files with 47 additions and 0 deletions
--- a/crates/server/src/api.rs
+++ b/crates/server/src/api.rs
@ -0,0 +1,43 @@
+use crate::{AppState, Request, RequestExt as _};
+use async_trait::async_trait;
+use std::sync::Arc;
+
+pub fn add_routes(app: &mut tide::Server<Arc<AppState>>) {
+    app.at("/users/:github_login").get(get_user);
+}
+
+async fn get_user(request: Request) -> tide::Result {
+    request.require_token().await?;
+
+    let user = request
+        .db()
+        .get_user_by_github_login(request.param("github_login")?)
+        .await?
+        .ok_or_else(|| surf::Error::from_str(404, "user not found"))?;
+
+    Ok(tide::Response::builder(200)
+        .body(tide::Body::from_json(&user)?)
+        .build())
+}
+
+#[async_trait]
+pub trait RequestExt {
+    async fn require_token(&self) -> tide::Result<()>;
+}
+
+#[async_trait]
+impl RequestExt for Request {
+    async fn require_token(&self) -> tide::Result<()> {
+        let token = self
+            .header("Authorization")
+            .and_then(|header| header.get(0))
+            .and_then(|header| header.as_str().strip_prefix("token "))
+            .ok_or_else(|| surf::Error::from_str(403, "invalid authorization header"))?;
+
+        if token == self.state().config.api_token {
+            Ok(())
+        } else {
+            Err(tide::Error::from_str(403, "invalid authorization token"))
+        }
+    }
+}