From 159da81b8d877ad8001df88c1963782c318b7f1c Mon Sep 17 00:00:00 2001
From: Jef Roosens <roosensjef@gmail.com>
Date: Sun, 22 Aug 2021 22:35:07 +0200
Subject: [PATCH] Started on user management routes

---
 src/auth.rs         |  1 -
 src/db/users.rs     | 24 ++++++++++++++++++++++--
 src/errors.rs       |  2 ++
 src/routes/admin.rs | 22 ++++++++++++++++++++--
 4 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/src/auth.rs b/src/auth.rs
index 613c210..efd991d 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -81,7 +81,6 @@ pub fn generate_jwt_token(conn: &PgConnection, user: &User) -> crate::Result<JWT
         (current_time + chrono::Duration::seconds(crate::REFRESH_TOKEN_EXP_SECONDS)).naive_utc();
 
     // Store refresh token in database
-    // TODO add expires_at here (it's what's causing the errors)
     insert_into(refresh_tokens::refresh_tokens)
         .values(NewRefreshToken {
             token: refresh_token.to_vec(),
diff --git a/src/db/users.rs b/src/db/users.rs
index 7b5a642..b1bcfe6 100644
--- a/src/db/users.rs
+++ b/src/db/users.rs
@@ -1,5 +1,5 @@
 use diesel::{prelude::*, AsChangeset, Insertable, Queryable};
-use serde::Serialize;
+use serde::{Serialize, Deserialize};
 use uuid::Uuid;
 
 use crate::{
@@ -19,7 +19,7 @@ pub struct User
     pub admin: bool,
 }
 
-#[derive(Insertable, AsChangeset)]
+#[derive(Insertable, AsChangeset, Deserialize)]
 #[table_name = "users"]
 pub struct NewUser
 {
@@ -32,3 +32,23 @@ pub fn all(conn: &PgConnection) -> crate::Result<Vec<User>>
 {
     users.load::<User>(conn).map_err(|_| RBError::DBError)
 }
+
+pub fn find(conn: &PgConnection, user_id: Uuid) -> Option<User> {
+    users.find(user_id).first::<User>(conn).ok()
+}
+
+pub fn create(conn: &PgConnection, new_user: &NewUser) -> crate::Result<()> {
+    let count = diesel::insert_into(users).values(new_user).execute(conn).map_err(|_| RBError::DBError)?;
+
+    if count == 0 {
+        return Err(RBError::DuplicateUser);
+    }
+
+    Ok(())
+}
+
+pub fn delete(conn: &PgConnection, user_id: Uuid) -> crate::Result<()> {
+    diesel::delete(users.filter(id.eq(user_id))).execute(conn).map_err(|_| RBError::DBError)?;
+
+    Ok(())
+}
diff --git a/src/errors.rs b/src/errors.rs
index bc3243f..7072dab 100644
--- a/src/errors.rs
+++ b/src/errors.rs
@@ -28,6 +28,7 @@ pub enum RBError
     InvalidRefreshToken,
     DuplicateRefreshToken,
     DBError,
+    DuplicateUser,
 }
 
 impl<'r> Responder<'r, 'static> for RBError
@@ -46,6 +47,7 @@ impl<'r> Responder<'r, 'static> for RBError
             RBError::InvalidRefreshToken | RBError::DuplicateRefreshToken => {
                 (Status::Unauthorized, "Invalid refresh token.")
             }
+            RBError::DuplicateUser => (Status::Conflict, "User already exists"),
             _ => (Status::InternalServerError, "Internal server error"),
         };
 
diff --git a/src/routes/admin.rs b/src/routes/admin.rs
index db3ecc2..1ddce97 100644
--- a/src/routes/admin.rs
+++ b/src/routes/admin.rs
@@ -1,11 +1,14 @@
-use rb::db::users::User;
+use rb::db::users::{User, NewUser};
+use rb::db::users as db_users;
+use rb::errors::RBError;
 use rocket::serde::json::Json;
+use uuid::Uuid;
 
 use crate::{guards::Admin, RbDbConn};
 
 pub fn routes() -> Vec<rocket::Route>
 {
-    routes![get_users]
+    routes![get_users, get_user_info]
 }
 
 #[get("/users")]
@@ -13,3 +16,18 @@ async fn get_users(admin: Admin, conn: RbDbConn) -> rb::Result<Json<Vec<User>>>
 {
     Ok(Json(conn.run(|c| rb::db::users::all(c)).await?))
 }
+
+#[post("/users", data="<user>")]
+async fn create_user(admin: Admin, conn: RbDbConn, user: Json<NewUser>) -> rb::Result<()> {
+    Ok(conn.run(move |c| db_users::create(c, &user.into_inner())).await?)
+}
+
+#[get("/users/<user_id_str>")]
+async fn get_user_info(_admin: Admin, conn: RbDbConn, user_id_str: String) -> rb::Result<Json<User>> {
+    let user_id = Uuid::parse_str(&user_id_str).map_err(|_| RBError::UnknownUser)?;
+
+    match conn.run(move |c| db_users::find(c, user_id)).await {
+        Some(user) => Ok(Json(user)),
+        None => Err(RBError::UnknownUser),
+    }
+}