Finish adding API routes

We haven't tested them yet.

Co-Authored-By: Max Brunsfeld <maxbrunsfeld@gmail.com>

crates/collab/src/api.rs

@@ -1,59 +1,62 @@
 use crate::{
-    db::{Db, User, UserId},
+    auth,
-    AppState, Result,
+    db::{User, UserId},
+    AppState, Error, Result,
 };
 use anyhow::anyhow;
 use axum::{
     body::Body,
-    extract::Path,
+    extract::{Path, Query},
-    http::{Request, StatusCode},
+    http::StatusCode,
-    response::{IntoResponse, Response},
+    routing::{delete, get, post, put},
-    routing::{get, put},
     Json, Router,
 };
-use serde::Deserialize;
+use serde::{Deserialize, Serialize};
 use std::sync::Arc;
 
 pub fn add_routes(router: Router<Body>, app: Arc<AppState>) -> Router<Body> {
     router
         .route("/users", {
             let app = app.clone();
-            get(move |req| get_users(req, app))
+            get(move || get_users(app))
         })
         .route("/users", {
             let app = app.clone();
-            get(move |params| create_user(params, app))
+            post(move |params| create_user(params, app))
         })
         .route("/users/:id", {
             let app = app.clone();
             put(move |user_id, params| update_user(user_id, params, app))
         })
+        .route("/users/:id", {
+            let app = app.clone();
+            delete(move |user_id| destroy_user(user_id, app))
+        })
+        .route("/users/:github_login", {
+            let app = app.clone();
+            get(move |github_login| get_user(github_login, app))
+        })
+        .route("/users/:github_login/access_tokens", {
+            let app = app.clone();
+            post(move |github_login, params| create_access_token(github_login, params, app))
+        })
 }
 
-// pub fn add_routes(app: &mut tide::Server<Arc<AppState>>) {
+async fn get_users(app: Arc<AppState>) -> Result<Json<Vec<User>>> {
-//     app.at("/users").get(get_users);
-//     app.at("/users").post(create_user);
-//     app.at("/users/:id").put(update_user);
-//     app.at("/users/:id").delete(destroy_user);
-//     app.at("/users/:github_login").get(get_user);
-//     app.at("/users/:github_login/access_tokens")
-//         .post(create_access_token);
-// }
-
-async fn get_users(request: Request<Body>, app: Arc<AppState>) -> Result<Json<Vec<User>>> {
-    // request.require_token().await?;
-
     let users = app.db.get_all_users().await?;
     Ok(Json(users))
 }
 
 #[derive(Deserialize)]
-struct CreateUser {
+struct CreateUserParams {
     github_login: String,
     admin: bool,
 }
 
-async fn create_user(Json(params): Json<CreateUser>, app: Arc<AppState>) -> Result<Json<User>> {
+async fn create_user(
+    Json(params): Json<CreateUserParams>,
+    app: Arc<AppState>,
+) -> Result<Json<User>> {
     let user_id = app
         .db
         .create_user(&params.github_login, params.admin)
@@ -69,102 +72,88 @@ async fn create_user(Json(params): Json<CreateUser>, app: Arc<AppState>) -> Resu
 }
 
 #[derive(Deserialize)]
-struct UpdateUser {
+struct UpdateUserParams {
     admin: bool,
 }
 
 async fn update_user(
     Path(user_id): Path<i32>,
-    Json(params): Json<UpdateUser>,
+    Json(params): Json<UpdateUserParams>,
     app: Arc<AppState>,
-) -> Result<impl IntoResponse> {
+) -> Result<()> {
-    let user_id = UserId(user_id);
+    app.db
-    app.db.set_user_is_admin(user_id, params.admin).await?;
+        .set_user_is_admin(UserId(user_id), params.admin)
+        .await?;
     Ok(())
 }
 
-// async fn update_user(mut request: Request) -> tide::Result {
+async fn destroy_user(Path(user_id): Path<i32>, app: Arc<AppState>) -> Result<()> {
-//     request.require_token().await?;
+    app.db.destroy_user(UserId(user_id)).await?;
+    Ok(())
+}
 
-//     #[derive(Deserialize)]
+async fn get_user(Path(login): Path<String>, app: Arc<AppState>) -> Result<Json<User>> {
-//     struct Params {
+    let user = app
-//         admin: bool,
+        .db
-//     }
+        .get_user_by_github_login(&login)
+        .await?
+        .ok_or_else(|| anyhow!("user not found"))?;
+    Ok(Json(user))
+}
 
-//     request
+#[derive(Deserialize)]
-//         .db()
+struct CreateAccessTokenQueryParams {
-//         .set_user_is_admin(user_id, params.admin)
+    public_key: String,
-//         .await?;
+    impersonate: Option<String>,
+}
 
-//     Ok(tide::Response::builder(StatusCode::Ok).build())
+#[derive(Serialize)]
-// }
+struct CreateAccessTokenResponse {
+    user_id: UserId,
+    encrypted_access_token: String,
+}
 
-// async fn destroy_user(request: Request) -> tide::Result {
+async fn create_access_token(
-//     request.require_token().await?;
+    Path(login): Path<String>,
-//     let user_id = UserId(
+    Query(params): Query<CreateAccessTokenQueryParams>,
-//         request
+    app: Arc<AppState>,
-//             .param("id")?
+) -> Result<Json<CreateAccessTokenResponse>> {
-//             .parse::<i32>()
+    //     request.require_token().await?;
-//             .map_err(|error| surf::Error::from_str(StatusCode::BadRequest, error.to_string()))?,
-//     );
 
-//     request.db().destroy_user(user_id).await?;
+    let user = app
+        .db
+        .get_user_by_github_login(&login)
+        .await?
+        .ok_or_else(|| anyhow!("user not found"))?;
 
-//     Ok(tide::Response::builder(StatusCode::Ok).build())
+    let mut user_id = user.id;
-// }
+    if let Some(impersonate) = params.impersonate {
+        if user.admin {
+            if let Some(impersonated_user) = app.db.get_user_by_github_login(&impersonate).await? {
+                user_id = impersonated_user.id;
+            } else {
+                return Err(Error::Http(
+                    StatusCode::UNPROCESSABLE_ENTITY,
+                    format!("user {impersonate} does not exist"),
+                ));
+            }
+        } else {
+            return Err(Error::Http(
+                StatusCode::UNAUTHORIZED,
+                format!("you do not have permission to impersonate other users"),
+            ));
+        }
+    }
 
-// async fn create_access_token(request: Request) -> tide::Result {
+    let access_token = auth::create_access_token(app.db.as_ref(), user_id).await?;
-//     request.require_token().await?;
+    let encrypted_access_token =
+        auth::encrypt_access_token(&access_token, params.public_key.clone())?;
 
-//     let user = request
+    Ok(Json(CreateAccessTokenResponse {
-//         .db()
+        user_id,
-//         .get_user_by_github_login(request.param("github_login")?)
+        encrypted_access_token,
-//         .await?
+    }))
-//         .ok_or_else(|| surf::Error::from_str(StatusCode::NotFound, "user not found"))?;
+}
-
-//     #[derive(Deserialize)]
-//     struct QueryParams {
-//         public_key: String,
-//         impersonate: Option<String>,
-//     }
-
-//     let query_params: QueryParams = request.query().map_err(|_| {
-//         surf::Error::from_str(StatusCode::UnprocessableEntity, "invalid query params")
-//     })?;
-
-//     let mut user_id = user.id;
-//     if let Some(impersonate) = query_params.impersonate {
-//         if user.admin {
-//             if let Some(impersonated_user) =
-//                 request.db().get_user_by_github_login(&impersonate).await?
-//             {
-//                 user_id = impersonated_user.id;
-//             } else {
-//                 return Ok(tide::Response::builder(StatusCode::UnprocessableEntity)
-//                     .body(format!(
-//                         "Can't impersonate non-existent user {}",
-//                         impersonate
-//                     ))
-//                     .build());
-//             }
-//         } else {
-//             return Ok(tide::Response::builder(StatusCode::Unauthorized)
-//                 .body(format!(
-//                     "Can't impersonate user {} because the real user isn't an admin",
-//                     impersonate
-//                 ))
-//                 .build());
-//         }
-//     }
-
-//     let access_token = auth::create_access_token(request.db().as_ref(), user_id).await?;
-//     let encrypted_access_token =
-//         auth::encrypt_access_token(&access_token, query_params.public_key.clone())?;
-
-//     Ok(tide::Response::builder(StatusCode::Ok)
-//         .body(json!({"user_id": user_id, "encrypted_access_token": encrypted_access_token}))
-//         .build())
-// }
 
 // #[async_trait]
 // pub trait RequestExt {

crates/collab/src/auth.rs

@@ -1,18 +1,10 @@
-// use super::{
+use super::db::{self, UserId};
-//     db::{self, UserId},
+use anyhow::{Context, Result};
-//     errors::TideResultExt,
+use rand::thread_rng;
-// };
+use scrypt::{
-// use crate::Request;
+    password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString},
-// use anyhow::{anyhow, Context};
+    Scrypt,
-// use rand::thread_rng;
+};
-// use rpc::auth as zed_auth;
-// use scrypt::{
-//     password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString},
-//     Scrypt,
-// };
-// use std::convert::TryFrom;
-// use surf::StatusCode;
-// use tide::Error;
 
 // pub async fn process_auth_header(request: &Request) -> tide::Result<UserId> {
 //     let mut auth_header = request
@@ -58,45 +50,45 @@
 //     Ok(user_id)
 // }
 
-// const MAX_ACCESS_TOKENS_TO_STORE: usize = 8;
+const MAX_ACCESS_TOKENS_TO_STORE: usize = 8;
 
-// pub async fn create_access_token(db: &dyn db::Db, user_id: UserId) -> tide::Result<String> {
+pub async fn create_access_token(db: &dyn db::Db, user_id: UserId) -> Result<String> {
-//     let access_token = zed_auth::random_token();
+    let access_token = rpc::auth::random_token();
-//     let access_token_hash =
+    let access_token_hash =
-//         hash_access_token(&access_token).context("failed to hash access token")?;
+        hash_access_token(&access_token).context("failed to hash access token")?;
-//     db.create_access_token_hash(user_id, &access_token_hash, MAX_ACCESS_TOKENS_TO_STORE)
+    db.create_access_token_hash(user_id, &access_token_hash, MAX_ACCESS_TOKENS_TO_STORE)
-//         .await?;
+        .await?;
-//     Ok(access_token)
+    Ok(access_token)
-// }
+}
 
-// fn hash_access_token(token: &str) -> tide::Result<String> {
+fn hash_access_token(token: &str) -> Result<String> {
-//     // Avoid slow hashing in debug mode.
+    // Avoid slow hashing in debug mode.
-//     let params = if cfg!(debug_assertions) {
+    let params = if cfg!(debug_assertions) {
-//         scrypt::Params::new(1, 1, 1).unwrap()
+        scrypt::Params::new(1, 1, 1).unwrap()
-//     } else {
+    } else {
-//         scrypt::Params::recommended()
+        scrypt::Params::recommended()
-//     };
+    };
 
-//     Ok(Scrypt
+    Ok(Scrypt
-//         .hash_password(
+        .hash_password(
-//             token.as_bytes(),
+            token.as_bytes(),
-//             None,
+            None,
-//             params,
+            params,
-//             &SaltString::generate(thread_rng()),
+            &SaltString::generate(thread_rng()),
-//         )?
+        )?
-//         .to_string())
+        .to_string())
-// }
+}
 
-// pub fn encrypt_access_token(access_token: &str, public_key: String) -> tide::Result<String> {
+pub fn encrypt_access_token(access_token: &str, public_key: String) -> Result<String> {
-//     let native_app_public_key =
+    let native_app_public_key =
-//         zed_auth::PublicKey::try_from(public_key).context("failed to parse app public key")?;
+        rpc::auth::PublicKey::try_from(public_key).context("failed to parse app public key")?;
-//     let encrypted_access_token = native_app_public_key
+    let encrypted_access_token = native_app_public_key
-//         .encrypt_string(&access_token)
+        .encrypt_string(&access_token)
-//         .context("failed to encrypt access token with public key")?;
+        .context("failed to encrypt access token with public key")?;
-//     Ok(encrypted_access_token)
+    Ok(encrypted_access_token)
-// }
+}
 
-// pub fn verify_access_token(token: &str, hash: &str) -> tide::Result<bool> {
+pub fn verify_access_token(token: &str, hash: &str) -> Result<bool> {
-//     let hash = PasswordHash::new(hash)?;
+    let hash = PasswordHash::new(hash)?;
-//     Ok(Scrypt.verify_password(token.as_bytes(), &hash).is_ok())
+    Ok(Scrypt.verify_password(token.as_bytes(), &hash).is_ok())
-// }
+}

crates/collab/src/main.rs

@@ -94,33 +94,47 @@ pub async fn run_server(
     Ok(())
 }
 
-type Result<T> = std::result::Result<T, Error>;
+pub type Result<T> = std::result::Result<T, Error>;
 
-struct Error(anyhow::Error);
+pub enum Error {
+    Http(StatusCode, String),
+    Internal(anyhow::Error),
+}
 
 impl<E> From<E> for Error
 where
     E: Into<anyhow::Error>,
 {
     fn from(error: E) -> Self {
-        Self(error.into())
+        Self::Internal(error.into())
     }
 }
 
 impl IntoResponse for Error {
     fn into_response(self) -> axum::response::Response {
-        (StatusCode::INTERNAL_SERVER_ERROR, format!("{}", &self.0)).into_response()
+        match self {
+            Error::Http(code, message) => (code, message).into_response(),
+            Error::Internal(error) => {
+                (StatusCode::INTERNAL_SERVER_ERROR, format!("{}", &error)).into_response()
+            }
+        }
     }
 }
 
 impl std::fmt::Debug for Error {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        self.0.fmt(f)
+        match self {
+            Error::Http(code, message) => (code, message).fmt(f),
+            Error::Internal(error) => error.fmt(f),
+        }
     }
 }
 
 impl std::fmt::Display for Error {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        self.0.fmt(f)
+        match self {
+            Error::Http(code, message) => write!(f, "{code}: {message}"),
+            Error::Internal(error) => error.fmt(f),
+        }
     }
 }