1use crate::{
2 auth,
3 db::{ProjectId, Signup, SignupInvite, SignupRedemption, User, UserId},
4 rpc::{self, ResultExt},
5 AppState, Error, Result,
6};
7use anyhow::anyhow;
8use axum::{
9 body::Body,
10 extract::{Path, Query},
11 http::{self, Request, StatusCode},
12 middleware::{self, Next},
13 response::IntoResponse,
14 routing::{get, post, put},
15 Extension, Json, Router,
16};
17use axum_extra::response::ErasedJson;
18use serde::{Deserialize, Serialize};
19use serde_json::json;
20use std::{sync::Arc, time::Duration};
21use time::OffsetDateTime;
22use tower::ServiceBuilder;
23use tracing::instrument;
24
25pub fn routes(rpc_server: &Arc<rpc::Server>, state: Arc<AppState>) -> Router<Body> {
26 Router::new()
27 .route("/users", get(get_users).post(create_user))
28 .route(
29 "/users/:id",
30 put(update_user).delete(destroy_user).get(get_user),
31 )
32 .route("/users/:id/access_tokens", post(create_access_token))
33 .route("/bulk_users", post(create_users))
34 .route("/users_with_no_invites", get(get_users_with_no_invites))
35 .route("/invite_codes/:code", get(get_user_for_invite_code))
36 .route("/panic", post(trace_panic))
37 .route("/rpc_server_snapshot", get(get_rpc_server_snapshot))
38 .route(
39 "/user_activity/summary",
40 get(get_top_users_activity_summary),
41 )
42 .route(
43 "/user_activity/timeline/:user_id",
44 get(get_user_activity_timeline),
45 )
46 .route("/user_activity/counts", get(get_active_user_counts))
47 .route("/project_metadata", get(get_project_metadata))
48 .route("/signups", post(create_signup))
49 .route("/signup/redeem", post(redeem_signup))
50 .route("/signups_invites", get(get_signup_invites))
51 .route("/signups_invites_sent", post(record_signup_invites_sent))
52 .layer(
53 ServiceBuilder::new()
54 .layer(Extension(state))
55 .layer(Extension(rpc_server.clone()))
56 .layer(middleware::from_fn(validate_api_token)),
57 )
58}
59
60pub async fn validate_api_token<B>(req: Request<B>, next: Next<B>) -> impl IntoResponse {
61 let token = req
62 .headers()
63 .get(http::header::AUTHORIZATION)
64 .and_then(|header| header.to_str().ok())
65 .ok_or_else(|| {
66 Error::Http(
67 StatusCode::BAD_REQUEST,
68 "missing authorization header".to_string(),
69 )
70 })?
71 .strip_prefix("token ")
72 .ok_or_else(|| {
73 Error::Http(
74 StatusCode::BAD_REQUEST,
75 "invalid authorization header".to_string(),
76 )
77 })?;
78
79 let state = req.extensions().get::<Arc<AppState>>().unwrap();
80
81 if token != state.api_token {
82 Err(Error::Http(
83 StatusCode::UNAUTHORIZED,
84 "invalid authorization token".to_string(),
85 ))?
86 }
87
88 Ok::<_, Error>(next.run(req).await)
89}
90
91#[derive(Debug, Deserialize)]
92struct GetUsersQueryParams {
93 query: Option<String>,
94 page: Option<u32>,
95 limit: Option<u32>,
96}
97
98async fn get_users(
99 Query(params): Query<GetUsersQueryParams>,
100 Extension(app): Extension<Arc<AppState>>,
101) -> Result<Json<Vec<User>>> {
102 let limit = params.limit.unwrap_or(100);
103 let users = if let Some(query) = params.query {
104 app.db.fuzzy_search_users(&query, limit).await?
105 } else {
106 app.db
107 .get_all_users(params.page.unwrap_or(0), limit)
108 .await?
109 };
110 Ok(Json(users))
111}
112
113#[derive(Deserialize, Debug)]
114struct CreateUserParams {
115 github_login: String,
116 invite_code: Option<String>,
117 email_address: Option<String>,
118 admin: bool,
119}
120
121async fn create_user(
122 Json(params): Json<CreateUserParams>,
123 Extension(app): Extension<Arc<AppState>>,
124 Extension(rpc_server): Extension<Arc<rpc::Server>>,
125) -> Result<Json<User>> {
126 let user_id = if let Some(invite_code) = params.invite_code {
127 let invitee_id = app
128 .db
129 .redeem_invite_code(
130 &invite_code,
131 ¶ms.github_login,
132 params.email_address.as_deref(),
133 )
134 .await?;
135 rpc_server
136 .invite_code_redeemed(&invite_code, invitee_id)
137 .await
138 .trace_err();
139 invitee_id
140 } else {
141 app.db
142 .create_user(
143 ¶ms.github_login,
144 params.email_address.as_deref(),
145 params.admin,
146 )
147 .await?
148 };
149
150 let user = app
151 .db
152 .get_user_by_id(user_id)
153 .await?
154 .ok_or_else(|| anyhow!("couldn't find the user we just created"))?;
155
156 Ok(Json(user))
157}
158
159#[derive(Deserialize)]
160struct UpdateUserParams {
161 admin: Option<bool>,
162 invite_count: Option<u32>,
163}
164
165async fn update_user(
166 Path(user_id): Path<i32>,
167 Json(params): Json<UpdateUserParams>,
168 Extension(app): Extension<Arc<AppState>>,
169 Extension(rpc_server): Extension<Arc<rpc::Server>>,
170) -> Result<()> {
171 let user_id = UserId(user_id);
172
173 if let Some(admin) = params.admin {
174 app.db.set_user_is_admin(user_id, admin).await?;
175 }
176
177 if let Some(invite_count) = params.invite_count {
178 app.db.set_invite_count(user_id, invite_count).await?;
179 rpc_server.invite_count_updated(user_id).await.trace_err();
180 }
181
182 Ok(())
183}
184
185async fn destroy_user(
186 Path(user_id): Path<i32>,
187 Extension(app): Extension<Arc<AppState>>,
188) -> Result<()> {
189 app.db.destroy_user(UserId(user_id)).await?;
190 Ok(())
191}
192
193async fn get_user(
194 Path(login): Path<String>,
195 Extension(app): Extension<Arc<AppState>>,
196) -> Result<Json<User>> {
197 let user = app
198 .db
199 .get_user_by_github_login(&login)
200 .await?
201 .ok_or_else(|| Error::Http(StatusCode::NOT_FOUND, "User not found".to_string()))?;
202 Ok(Json(user))
203}
204
205#[derive(Deserialize)]
206struct CreateUsersParams {
207 users: Vec<CreateUsersEntry>,
208}
209
210#[derive(Deserialize)]
211struct CreateUsersEntry {
212 github_login: String,
213 email_address: String,
214 invite_count: usize,
215}
216
217async fn create_users(
218 Json(params): Json<CreateUsersParams>,
219 Extension(app): Extension<Arc<AppState>>,
220) -> Result<Json<Vec<User>>> {
221 let user_ids = app
222 .db
223 .create_users(
224 params
225 .users
226 .into_iter()
227 .map(|params| {
228 (
229 params.github_login,
230 params.email_address,
231 params.invite_count,
232 )
233 })
234 .collect(),
235 )
236 .await?;
237 let users = app.db.get_users_by_ids(user_ids).await?;
238 Ok(Json(users))
239}
240
241#[derive(Debug, Deserialize)]
242struct GetUsersWithNoInvites {
243 invited_by_another_user: bool,
244}
245
246async fn get_users_with_no_invites(
247 Query(params): Query<GetUsersWithNoInvites>,
248 Extension(app): Extension<Arc<AppState>>,
249) -> Result<Json<Vec<User>>> {
250 Ok(Json(
251 app.db
252 .get_users_with_no_invites(params.invited_by_another_user)
253 .await?,
254 ))
255}
256
257#[derive(Debug, Deserialize)]
258struct Panic {
259 version: String,
260 text: String,
261}
262
263#[instrument(skip(panic))]
264async fn trace_panic(panic: Json<Panic>) -> Result<()> {
265 tracing::error!(version = %panic.version, text = %panic.text, "panic report");
266 Ok(())
267}
268
269async fn get_rpc_server_snapshot(
270 Extension(rpc_server): Extension<Arc<rpc::Server>>,
271) -> Result<ErasedJson> {
272 Ok(ErasedJson::pretty(rpc_server.snapshot().await))
273}
274
275#[derive(Deserialize)]
276struct TimePeriodParams {
277 #[serde(with = "time::serde::iso8601")]
278 start: OffsetDateTime,
279 #[serde(with = "time::serde::iso8601")]
280 end: OffsetDateTime,
281}
282
283async fn get_top_users_activity_summary(
284 Query(params): Query<TimePeriodParams>,
285 Extension(app): Extension<Arc<AppState>>,
286) -> Result<ErasedJson> {
287 let summary = app
288 .db
289 .get_top_users_activity_summary(params.start..params.end, 100)
290 .await?;
291 Ok(ErasedJson::pretty(summary))
292}
293
294async fn get_user_activity_timeline(
295 Path(user_id): Path<i32>,
296 Query(params): Query<TimePeriodParams>,
297 Extension(app): Extension<Arc<AppState>>,
298) -> Result<ErasedJson> {
299 let summary = app
300 .db
301 .get_user_activity_timeline(params.start..params.end, UserId(user_id))
302 .await?;
303 Ok(ErasedJson::pretty(summary))
304}
305
306#[derive(Deserialize)]
307struct ActiveUserCountParams {
308 #[serde(flatten)]
309 period: TimePeriodParams,
310 durations_in_minutes: String,
311 #[serde(default)]
312 only_collaborative: bool,
313}
314
315#[derive(Serialize)]
316struct ActiveUserSet {
317 active_time_in_minutes: u64,
318 user_count: usize,
319}
320
321async fn get_active_user_counts(
322 Query(params): Query<ActiveUserCountParams>,
323 Extension(app): Extension<Arc<AppState>>,
324) -> Result<ErasedJson> {
325 let durations_in_minutes = params.durations_in_minutes.split(',');
326 let mut user_sets = Vec::new();
327 for duration in durations_in_minutes {
328 let duration = duration
329 .parse()
330 .map_err(|_| anyhow!("invalid duration: {duration}"))?;
331 user_sets.push(ActiveUserSet {
332 active_time_in_minutes: duration,
333 user_count: app
334 .db
335 .get_active_user_count(
336 params.period.start..params.period.end,
337 Duration::from_secs(duration * 60),
338 params.only_collaborative,
339 )
340 .await?,
341 })
342 }
343 Ok(ErasedJson::pretty(user_sets))
344}
345
346#[derive(Deserialize)]
347struct GetProjectMetadataParams {
348 project_id: u64,
349}
350
351async fn get_project_metadata(
352 Query(params): Query<GetProjectMetadataParams>,
353 Extension(app): Extension<Arc<AppState>>,
354) -> Result<ErasedJson> {
355 let extensions = app
356 .db
357 .get_project_extensions(ProjectId::from_proto(params.project_id))
358 .await?;
359 Ok(ErasedJson::pretty(json!({ "extensions": extensions })))
360}
361
362#[derive(Deserialize)]
363struct CreateAccessTokenQueryParams {
364 public_key: String,
365 impersonate: Option<String>,
366}
367
368#[derive(Serialize)]
369struct CreateAccessTokenResponse {
370 user_id: UserId,
371 encrypted_access_token: String,
372}
373
374async fn create_access_token(
375 Path(login): Path<String>,
376 Query(params): Query<CreateAccessTokenQueryParams>,
377 Extension(app): Extension<Arc<AppState>>,
378) -> Result<Json<CreateAccessTokenResponse>> {
379 // request.require_token().await?;
380
381 let user = app
382 .db
383 .get_user_by_github_login(&login)
384 .await?
385 .ok_or_else(|| anyhow!("user not found"))?;
386
387 let mut user_id = user.id;
388 if let Some(impersonate) = params.impersonate {
389 if user.admin {
390 if let Some(impersonated_user) = app.db.get_user_by_github_login(&impersonate).await? {
391 user_id = impersonated_user.id;
392 } else {
393 return Err(Error::Http(
394 StatusCode::UNPROCESSABLE_ENTITY,
395 format!("user {impersonate} does not exist"),
396 ));
397 }
398 } else {
399 return Err(Error::Http(
400 StatusCode::UNAUTHORIZED,
401 "you do not have permission to impersonate other users".to_string(),
402 ));
403 }
404 }
405
406 let access_token = auth::create_access_token(app.db.as_ref(), user_id).await?;
407 let encrypted_access_token =
408 auth::encrypt_access_token(&access_token, params.public_key.clone())?;
409
410 Ok(Json(CreateAccessTokenResponse {
411 user_id,
412 encrypted_access_token,
413 }))
414}
415
416async fn get_user_for_invite_code(
417 Path(code): Path<String>,
418 Extension(app): Extension<Arc<AppState>>,
419) -> Result<Json<User>> {
420 Ok(Json(app.db.get_user_for_invite_code(&code).await?))
421}
422
423async fn create_signup(
424 Json(params): Json<Signup>,
425 Extension(app): Extension<Arc<AppState>>,
426) -> Result<()> {
427 app.db.create_signup(params).await?;
428 Ok(())
429}
430
431async fn redeem_signup(
432 Json(redemption): Json<SignupRedemption>,
433 Extension(app): Extension<Arc<AppState>>,
434) -> Result<()> {
435 app.db.redeem_signup(redemption).await?;
436 Ok(())
437}
438
439async fn record_signup_invites_sent(
440 Json(params): Json<Vec<SignupInvite>>,
441 Extension(app): Extension<Arc<AppState>>,
442) -> Result<()> {
443 app.db.record_signup_invites_sent(¶ms).await?;
444 Ok(())
445}
446
447#[derive(Deserialize)]
448pub struct GetSignupInvitesParams {
449 pub count: usize,
450}
451
452async fn get_signup_invites(
453 Query(params): Query<GetSignupInvitesParams>,
454 Extension(app): Extension<Arc<AppState>>,
455) -> Result<Json<Vec<SignupInvite>>> {
456 Ok(Json(app.db.get_signup_invites(params.count).await?))
457}