fix(api): don't require '@me' string on own-system-only endpoints

This commit is contained in:
spiral 2021-11-28 18:33:41 -05:00
parent e85073665e
commit 318b9b5b66
No known key found for this signature in database
GPG Key ID: A6059F0CA0E1BD31
4 changed files with 42 additions and 26 deletions

View File

@ -14,10 +14,13 @@ public class DiscordControllerV2: PKControllerBase
public DiscordControllerV2(IServiceProvider svc) : base(svc) { } public DiscordControllerV2(IServiceProvider svc) : base(svc) { }
[HttpGet("systems/@me/guilds/{guild_id}")] [HttpGet("systems/{systemRef}/guilds/{guild_id}")]
public async Task<IActionResult> SystemGuildGet(ulong guild_id) public async Task<IActionResult> SystemGuildGet(string systemRef, ulong guild_id)
{ {
var system = await ResolveSystem("@me"); var system = await ResolveSystem(systemRef);
if (ContextFor(system) != LookupContext.ByOwner)
throw Errors.GenericMissingPermissions;
var settings = await _repo.GetSystemGuild(guild_id, system.Id, false); var settings = await _repo.GetSystemGuild(guild_id, system.Id, false);
if (settings == null) if (settings == null)
throw Errors.SystemGuildNotFound; throw Errors.SystemGuildNotFound;
@ -29,10 +32,13 @@ public class DiscordControllerV2: PKControllerBase
return Ok(settings.ToJson(member?.Hid)); return Ok(settings.ToJson(member?.Hid));
} }
[HttpPatch("systems/@me/guilds/{guild_id}")] [HttpPatch("systems/{systemRef}/guilds/{guild_id}")]
public async Task<IActionResult> DoSystemGuildPatch(ulong guild_id, [FromBody] JObject data) public async Task<IActionResult> DoSystemGuildPatch(string systemRef, ulong guild_id, [FromBody] JObject data)
{ {
var system = await ResolveSystem("@me"); var system = await ResolveSystem(systemRef);
if (ContextFor(system) != LookupContext.ByOwner)
throw Errors.GenericMissingPermissions;
var settings = await _repo.GetSystemGuild(guild_id, system.Id, false); var settings = await _repo.GetSystemGuild(guild_id, system.Id, false);
if (settings == null) if (settings == null)
throw Errors.SystemGuildNotFound; throw Errors.SystemGuildNotFound;

View File

@ -77,14 +77,16 @@ public class SwitchControllerV2: PKControllerBase
} }
[HttpPost("systems/@me/switches")] [HttpPost("systems/{systemRef}/switches")]
public async Task<IActionResult> SwitchCreate([FromBody] PostSwitchParams data) public async Task<IActionResult> SwitchCreate(string systemRef, [FromBody] PostSwitchParams data)
{ {
var system = await ResolveSystem(systemRef);
if (ContextFor(system) != LookupContext.ByOwner)
throw Errors.GenericMissingPermissions;
if (data.Members.Distinct().Count() != data.Members.Count) if (data.Members.Distinct().Count() != data.Members.Count)
throw Errors.DuplicateMembersInList; throw Errors.DuplicateMembersInList;
var system = await ResolveSystem("@me");
if (data.Timestamp != null && await _repo.GetSwitches(system.Id).Select(x => x.Timestamp) if (data.Timestamp != null && await _repo.GetSwitches(system.Id).Select(x => x.Timestamp)
.ContainsAsync(data.Timestamp.Value)) .ContainsAsync(data.Timestamp.Value))
throw Errors.SameSwitchTimestampError; throw Errors.SameSwitchTimestampError;
@ -155,11 +157,15 @@ public class SwitchControllerV2: PKControllerBase
}); });
} }
[HttpPatch("systems/@me/switches/{switchRef}")] [HttpPatch("systems/{systemRef}/switches/{switchRef}")]
public async Task<IActionResult> SwitchPatch(string switchRef, [FromBody] JObject data) public async Task<IActionResult> SwitchPatch(string systemRef, string switchRef, [FromBody] JObject data)
{ {
// for now, don't need to make a PatchObject for this, since it's only one param // for now, don't need to make a PatchObject for this, since it's only one param
var system = await ResolveSystem(systemRef);
if (ContextFor(system) != LookupContext.ByOwner)
throw Errors.GenericMissingPermissions;
if (!Guid.TryParse(switchRef, out var switchId)) if (!Guid.TryParse(switchRef, out var switchId))
throw Errors.InvalidSwitchId; throw Errors.InvalidSwitchId;
@ -169,10 +175,6 @@ public class SwitchControllerV2: PKControllerBase
var value = Instant.FromDateTimeOffset(DateTime.Parse(valueStr).ToUniversalTime()); var value = Instant.FromDateTimeOffset(DateTime.Parse(valueStr).ToUniversalTime());
var system = await ResolveSystem("@me");
if (system == null)
throw Errors.SystemNotFound;
var sw = await _repo.GetSwitchByUuid(switchId); var sw = await _repo.GetSwitchByUuid(switchId);
if (sw == null || system.Id != sw.System) if (sw == null || system.Id != sw.System)
throw Errors.SwitchNotFoundPublic; throw Errors.SwitchNotFoundPublic;
@ -191,15 +193,18 @@ public class SwitchControllerV2: PKControllerBase
}); });
} }
[HttpPatch("systems/@me/switches/{switchRef}/members")] [HttpPatch("systems/{systemRef}/switches/{switchRef}/members")]
public async Task<IActionResult> SwitchMemberPatch(string switchRef, [FromBody] JArray data) public async Task<IActionResult> SwitchMemberPatch(string systemRef, string switchRef, [FromBody] JArray data)
{ {
var system = await ResolveSystem(systemRef);
if (ContextFor(system) != LookupContext.ByOwner)
throw Errors.GenericMissingPermissions;
if (!Guid.TryParse(switchRef, out var switchId)) if (!Guid.TryParse(switchRef, out var switchId))
throw Errors.SwitchNotFound;
if (data.Distinct().Count() != data.Count) if (data.Distinct().Count() != data.Count)
throw Errors.DuplicateMembersInList; throw Errors.DuplicateMembersInList;
var system = await ResolveSystem("@me");
var sw = await _repo.GetSwitchByUuid(switchId); var sw = await _repo.GetSwitchByUuid(switchId);
if (sw == null) if (sw == null)
@ -235,13 +240,16 @@ public class SwitchControllerV2: PKControllerBase
}); });
} }
[HttpDelete("systems/@me/switches/{switchRef}")] [HttpDelete("systems/{systemRef}/switches/{switchRef}")]
public async Task<IActionResult> SwitchDelete(string switchRef) public async Task<IActionResult> SwitchDelete(string systemRef, string switchRef)
{ {
var system = await ResolveSystem(systemRef);
if (ContextFor(system) != LookupContext.ByOwner)
throw Errors.GenericMissingPermissions;
if (!Guid.TryParse(switchRef, out var switchId)) if (!Guid.TryParse(switchRef, out var switchId))
throw Errors.InvalidSwitchId; throw Errors.InvalidSwitchId;
var system = await ResolveSystem("@me");
var sw = await _repo.GetSwitchByUuid(switchId); var sw = await _repo.GetSwitchByUuid(switchId);
if (sw == null || system.Id != sw.System) if (sw == null || system.Id != sw.System)
throw Errors.SwitchNotFoundPublic; throw Errors.SwitchNotFoundPublic;

View File

@ -72,6 +72,7 @@ public static class Errors
{ {
public static PKError GenericBadRequest = new(400, 0, "400: Bad Request"); public static PKError GenericBadRequest = new(400, 0, "400: Bad Request");
public static PKError GenericAuthError = new(401, 0, "401: Missing or invalid Authorization header"); public static PKError GenericAuthError = new(401, 0, "401: Missing or invalid Authorization header");
public static PKError GenericMissingPermissions = new(403, 0, "403: Missing permissions to access this resource");
public static PKError SystemNotFound = new(404, 20001, "System not found."); public static PKError SystemNotFound = new(404, 20001, "System not found.");
public static PKError MemberNotFound = new(404, 20002, "Member not found."); public static PKError MemberNotFound = new(404, 20002, "Member not found.");

View File

@ -204,7 +204,8 @@ Takes an array of member references as input. (An empty list is accepted.) Retur
--- ---
## Switches ## Switches
*`switchRef` must be a switch's UUID. On POST/PATCH/DELETE endpoints, `systemRef` must be `@me`.* *`switchRef` must be a switch's UUID. `systemRef` can be a system's short (5-character) ID, a system's UUID, the ID of a Discord account linked to the system, or the string `@me` to refer to the currently authenticated system.*
### Get System Switches ### Get System Switches