SimpleCloudNotifier/server/api/handler/api.go

1284 lines
40 KiB
Go
Raw Normal View History

2022-11-18 21:25:40 +01:00
package handler
import (
"blackforestbytes.com/simplecloudnotifier/api/apierr"
"blackforestbytes.com/simplecloudnotifier/common/ginresp"
2022-11-19 15:13:47 +01:00
"blackforestbytes.com/simplecloudnotifier/db"
2022-11-20 00:19:41 +01:00
"blackforestbytes.com/simplecloudnotifier/db/cursortoken"
2022-11-18 21:25:40 +01:00
"blackforestbytes.com/simplecloudnotifier/logic"
2022-11-19 15:13:47 +01:00
"blackforestbytes.com/simplecloudnotifier/models"
2022-11-18 23:12:37 +01:00
"database/sql"
2022-11-20 20:34:18 +01:00
"fmt"
2022-11-18 21:25:40 +01:00
"github.com/gin-gonic/gin"
2022-11-18 23:28:37 +01:00
"gogs.mikescher.com/BlackForestBytes/goext/langext"
2022-11-20 00:19:41 +01:00
"gogs.mikescher.com/BlackForestBytes/goext/mathext"
2022-11-20 20:34:18 +01:00
"gogs.mikescher.com/BlackForestBytes/goext/timeext"
2022-11-18 21:25:40 +01:00
"net/http"
2022-11-20 20:34:18 +01:00
"strings"
"time"
2022-11-18 21:25:40 +01:00
)
type APIHandler struct {
2022-11-19 15:13:47 +01:00
app *logic.Application
database *db.Database
}
func NewAPIHandler(app *logic.Application) APIHandler {
return APIHandler{
app: app,
database: app.Database,
}
2022-11-18 21:25:40 +01:00
}
// CreateUser swaggerdoc
//
// @Summary Create a new user
// @ID api-user-create
//
2022-11-18 23:28:37 +01:00
// @Param post_body body handler.CreateUser.body false " "
2022-11-18 21:25:40 +01:00
//
2022-11-18 23:28:37 +01:00
// @Success 200 {object} models.UserJSON
// @Failure 400 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
2022-11-18 21:25:40 +01:00
//
// @Router /api-v2/users/ [POST]
2022-11-18 21:25:40 +01:00
func (h APIHandler) CreateUser(g *gin.Context) ginresp.HTTPResponse {
type body struct {
2022-11-20 03:06:08 +01:00
FCMToken string `json:"fcm_token" binding:"required"`
2022-11-18 23:28:37 +01:00
ProToken *string `json:"pro_token"`
Username *string `json:"username"`
2022-11-20 03:06:08 +01:00
AgentModel string `json:"agent_model" binding:"required"`
AgentVersion string `json:"agent_version" binding:"required"`
ClientType string `json:"client_type" binding:"required"`
2022-11-18 21:25:40 +01:00
}
var b body
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, nil, nil, &b, nil)
2022-11-18 23:12:37 +01:00
if errResp != nil {
return *errResp
2022-11-18 21:25:40 +01:00
}
2022-11-18 23:12:37 +01:00
defer ctx.Cancel()
2022-11-18 21:25:40 +01:00
var clientType models.ClientType
if b.ClientType == string(models.ClientTypeAndroid) {
clientType = models.ClientTypeAndroid
} else if b.ClientType == string(models.ClientTypeIOS) {
clientType = models.ClientTypeIOS
} else {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 400, apierr.INVALID_CLIENTTYPE, "Invalid ClientType", nil)
2022-11-18 21:25:40 +01:00
}
if b.ProToken != nil {
ptok, err := h.app.VerifyProToken(*b.ProToken)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.FAILED_VERIFY_PRO_TOKEN, "Failed to query purchase status", err)
2022-11-18 21:25:40 +01:00
}
if !ptok {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 400, apierr.INVALID_PRO_TOKEN, "Purchase token could not be verified", nil)
2022-11-18 21:25:40 +01:00
}
}
readKey := h.app.GenerateRandomAuthKey()
sendKey := h.app.GenerateRandomAuthKey()
adminKey := h.app.GenerateRandomAuthKey()
2022-11-19 15:13:47 +01:00
err := h.database.ClearFCMTokens(ctx, b.FCMToken)
2022-11-18 21:25:40 +01:00
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to clear existing fcm tokens", err)
2022-11-18 21:25:40 +01:00
}
if b.ProToken != nil {
2022-11-19 15:13:47 +01:00
err := h.database.ClearProTokens(ctx, *b.ProToken)
2022-11-18 21:25:40 +01:00
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to clear existing fcm tokens", err)
2022-11-18 21:25:40 +01:00
}
}
username := b.Username
if username != nil {
username = langext.Ptr(h.app.NormalizeUsername(*username))
}
userobj, err := h.database.CreateUser(ctx, readKey, sendKey, adminKey, b.ProToken, username)
2022-11-18 21:25:40 +01:00
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to create user in db", err)
2022-11-18 21:25:40 +01:00
}
2022-11-19 15:13:47 +01:00
_, err = h.database.CreateClient(ctx, userobj.UserID, clientType, b.FCMToken, b.AgentModel, b.AgentVersion)
2022-11-18 21:25:40 +01:00
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to create user in db", err)
2022-11-18 21:25:40 +01:00
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, userobj.JSON()))
}
2022-11-18 23:12:37 +01:00
// GetUser swaggerdoc
//
2022-11-19 12:47:23 +01:00
// @Summary Get a user
2022-11-18 23:28:37 +01:00
// @ID api-user-get
2022-11-18 23:12:37 +01:00
//
2022-11-18 23:28:37 +01:00
// @Param uid path int true "UserID"
2022-11-18 23:12:37 +01:00
//
// @Success 200 {object} models.UserJSON
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/users/{uid} [GET]
2022-11-18 21:25:40 +01:00
func (h APIHandler) GetUser(g *gin.Context) ginresp.HTTPResponse {
2022-11-18 23:12:37 +01:00
type uri struct {
UserID int64 `uri:"uid"`
}
var u uri
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, nil, nil)
2022-11-18 23:12:37 +01:00
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionUserRead(u.UserID); permResp != nil {
return *permResp
}
2022-11-19 15:13:47 +01:00
user, err := h.database.GetUser(ctx, u.UserID)
2022-11-18 23:12:37 +01:00
if err == sql.ErrNoRows {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 404, apierr.USER_NOT_FOUND, "User not found", err)
2022-11-18 23:12:37 +01:00
}
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query user", err)
2022-11-18 23:12:37 +01:00
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, user.JSON()))
2022-11-18 21:25:40 +01:00
}
2022-11-18 23:28:37 +01:00
// UpdateUser swaggerdoc
//
2022-11-19 12:47:23 +01:00
// @Summary (Partially) update a user
2022-11-18 23:28:37 +01:00
// @Description The body-values are optional, only send the ones you want to update
// @ID api-user-update
//
// @Param post_body body handler.UpdateUser.body false " "
//
// @Success 200 {object} models.UserJSON
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/users/{uid} [PATCH]
2022-11-18 21:25:40 +01:00
func (h APIHandler) UpdateUser(g *gin.Context) ginresp.HTTPResponse {
2022-11-18 23:28:37 +01:00
type uri struct {
UserID int64 `uri:"uid"`
}
type body struct {
Username *string `json:"username"`
ProToken *string `json:"pro_token"`
}
var u uri
var b body
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, &b, nil)
2022-11-18 23:28:37 +01:00
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionUserAdmin(u.UserID); permResp != nil {
return *permResp
}
if b.Username != nil {
username := langext.Ptr(h.app.NormalizeUsername(*b.Username))
2022-11-18 23:28:37 +01:00
if *username == "" {
username = nil
}
2022-11-19 15:13:47 +01:00
err := h.database.UpdateUserUsername(ctx, u.UserID, b.Username)
2022-11-18 23:28:37 +01:00
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to update user", err)
2022-11-18 23:28:37 +01:00
}
}
if b.ProToken != nil {
ptok, err := h.app.VerifyProToken(*b.ProToken)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.FAILED_VERIFY_PRO_TOKEN, "Failed to query purchase status", err)
2022-11-18 23:28:37 +01:00
}
if !ptok {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 400, apierr.INVALID_PRO_TOKEN, "Purchase token could not be verified", nil)
2022-11-18 23:28:37 +01:00
}
2022-11-19 15:13:47 +01:00
err = h.database.ClearProTokens(ctx, *b.ProToken)
2022-11-18 23:28:37 +01:00
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to clear existing fcm tokens", err)
2022-11-18 23:28:37 +01:00
}
2022-11-19 15:13:47 +01:00
err = h.database.UpdateUserProToken(ctx, u.UserID, b.ProToken)
2022-11-18 23:28:37 +01:00
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to update user", err)
2022-11-18 23:28:37 +01:00
}
}
2022-11-19 15:13:47 +01:00
user, err := h.database.GetUser(ctx, u.UserID)
2022-11-18 23:28:37 +01:00
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query (updated) user", err)
2022-11-18 23:28:37 +01:00
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, user.JSON()))
2022-11-18 21:25:40 +01:00
}
2022-11-19 12:47:23 +01:00
// ListClients swaggerdoc
//
// @Summary List all clients
// @ID api-clients-list
//
// @Param uid path int true "UserID"
//
// @Success 200 {object} handler.ListClients.response
2022-11-19 12:47:23 +01:00
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/users/{uid}/clients [GET]
2022-11-18 21:25:40 +01:00
func (h APIHandler) ListClients(g *gin.Context) ginresp.HTTPResponse {
2022-11-19 12:47:23 +01:00
type uri struct {
UserID int64 `uri:"uid"`
}
type response struct {
2022-11-19 12:47:23 +01:00
Clients []models.ClientJSON `json:"clients"`
}
var u uri
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, nil, nil)
2022-11-19 12:47:23 +01:00
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionUserRead(u.UserID); permResp != nil {
return *permResp
}
2022-11-19 15:13:47 +01:00
clients, err := h.database.ListClients(ctx, u.UserID)
2022-11-19 12:47:23 +01:00
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query clients", err)
2022-11-19 12:47:23 +01:00
}
res := langext.ArrMap(clients, func(v models.Client) models.ClientJSON { return v.JSON() })
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{Clients: res}))
2022-11-18 21:25:40 +01:00
}
2022-11-19 12:50:41 +01:00
// GetClient swaggerdoc
//
2022-11-19 12:59:25 +01:00
// @Summary Get a single clients
2022-11-19 12:50:41 +01:00
// @ID api-clients-get
//
// @Param uid path int true "UserID"
// @Param cid path int true "ClientID"
//
// @Success 200 {object} models.ClientJSON
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/users/{uid}/clients/{cid} [GET]
2022-11-18 21:25:40 +01:00
func (h APIHandler) GetClient(g *gin.Context) ginresp.HTTPResponse {
2022-11-19 12:50:41 +01:00
type uri struct {
UserID int64 `uri:"uid"`
ClientID int64 `uri:"cid"`
}
var u uri
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, nil, nil)
2022-11-19 12:50:41 +01:00
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionUserRead(u.UserID); permResp != nil {
return *permResp
}
2022-11-19 15:13:47 +01:00
client, err := h.database.GetClient(ctx, u.UserID, u.ClientID)
2022-11-19 12:50:41 +01:00
if err == sql.ErrNoRows {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 404, apierr.CLIENT_NOT_FOUND, "Client not found", err)
2022-11-19 12:50:41 +01:00
}
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query client", err)
2022-11-19 12:50:41 +01:00
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, client.JSON()))
2022-11-18 21:25:40 +01:00
}
2022-11-19 12:56:44 +01:00
// AddClient swaggerdoc
//
2022-11-19 12:59:25 +01:00
// @Summary Add a new clients
// @ID api-clients-create
2022-11-19 12:56:44 +01:00
//
2022-11-19 12:59:25 +01:00
// @Param uid path int true "UserID"
2022-11-19 12:56:44 +01:00
//
// @Param post_body body handler.AddClient.body false " "
//
2022-11-19 12:59:25 +01:00
// @Success 200 {object} models.ClientJSON
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
2022-11-19 12:56:44 +01:00
//
// @Router /api-v2/users/{uid}/clients [POST]
2022-11-18 21:25:40 +01:00
func (h APIHandler) AddClient(g *gin.Context) ginresp.HTTPResponse {
2022-11-19 12:56:44 +01:00
type uri struct {
UserID int64 `uri:"uid"`
}
type body struct {
2022-11-20 03:06:08 +01:00
FCMToken string `json:"fcm_token" binding:"required"`
AgentModel string `json:"agent_model" binding:"required"`
AgentVersion string `json:"agent_version" binding:"required"`
ClientType string `json:"client_type" binding:"required"`
2022-11-19 12:56:44 +01:00
}
var u uri
var b body
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, &b, nil)
2022-11-19 12:56:44 +01:00
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
var clientType models.ClientType
if b.ClientType == string(models.ClientTypeAndroid) {
clientType = models.ClientTypeAndroid
} else if b.ClientType == string(models.ClientTypeIOS) {
clientType = models.ClientTypeIOS
} else {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 400, apierr.INVALID_CLIENTTYPE, "Invalid ClientType", nil)
2022-11-19 12:56:44 +01:00
}
if permResp := ctx.CheckPermissionUserAdmin(u.UserID); permResp != nil {
return *permResp
}
2022-11-19 15:13:47 +01:00
client, err := h.database.CreateClient(ctx, u.UserID, clientType, b.FCMToken, b.AgentModel, b.AgentVersion)
2022-11-19 12:56:44 +01:00
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to create user in db", err)
2022-11-19 12:56:44 +01:00
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, client.JSON()))
2022-11-18 21:25:40 +01:00
}
2022-11-19 12:59:25 +01:00
// DeleteClient swaggerdoc
//
// @Summary Delete a client
// @ID api-clients-delete
//
// @Param uid path int true "UserID"
// @Param cid path int true "ClientID"
//
// @Success 200 {object} models.ClientJSON
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/users/{uid}/clients [POST]
2022-11-18 21:25:40 +01:00
func (h APIHandler) DeleteClient(g *gin.Context) ginresp.HTTPResponse {
2022-11-19 12:59:25 +01:00
type uri struct {
UserID int64 `uri:"uid"`
ClientID int64 `uri:"cid"`
}
var u uri
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, nil, nil)
2022-11-19 12:59:25 +01:00
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionUserAdmin(u.UserID); permResp != nil {
return *permResp
}
2022-11-19 15:13:47 +01:00
client, err := h.database.GetClient(ctx, u.UserID, u.ClientID)
2022-11-19 12:59:25 +01:00
if err == sql.ErrNoRows {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 404, apierr.CLIENT_NOT_FOUND, "Client not found", err)
2022-11-19 12:59:25 +01:00
}
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query client", err)
2022-11-19 12:59:25 +01:00
}
2022-11-19 15:13:47 +01:00
err = h.database.DeleteClient(ctx, u.ClientID)
2022-11-19 12:59:25 +01:00
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to delete client", err)
2022-11-19 12:59:25 +01:00
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, client.JSON()))
2022-11-18 21:25:40 +01:00
}
// ListChannels swaggerdoc
//
// @Summary List all channels of a user
// @ID api-channels-list
//
// @Param uid path int true "UserID"
//
// @Success 200 {object} handler.ListChannels.response
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/users/{uid}/channels [GET]
2022-11-18 21:25:40 +01:00
func (h APIHandler) ListChannels(g *gin.Context) ginresp.HTTPResponse {
type uri struct {
UserID int64 `uri:"uid"`
}
type response struct {
Channels []models.ChannelJSON `json:"channels"`
}
var u uri
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, nil, nil)
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionUserRead(u.UserID); permResp != nil {
return *permResp
}
clients, err := h.database.ListChannels(ctx, u.UserID)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query channels", err)
}
res := langext.ArrMap(clients, func(v models.Channel) models.ChannelJSON { return v.JSON() })
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{Channels: res}))
2022-11-18 21:25:40 +01:00
}
// GetChannel swaggerdoc
//
// @Summary List all channels of a user
// @ID api-channels-get
//
// @Param uid path int true "UserID"
// @Param cid path int true "ChannelID"
//
// @Success 200 {object} models.ChannelJSON
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/users/{uid}/channels/{cid} [GET]
2022-11-18 21:25:40 +01:00
func (h APIHandler) GetChannel(g *gin.Context) ginresp.HTTPResponse {
type uri struct {
UserID int64 `uri:"uid"`
ChannelID int64 `uri:"cid"`
}
var u uri
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, nil, nil)
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionUserRead(u.UserID); permResp != nil {
return *permResp
}
channel, err := h.database.GetChannel(ctx, u.UserID, u.ChannelID)
if err == sql.ErrNoRows {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 404, apierr.CHANNEL_NOT_FOUND, "Channel not found", err)
}
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query channel", err)
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, channel.JSON()))
2022-11-18 21:25:40 +01:00
}
2022-11-20 00:30:30 +01:00
// ListChannelMessages swaggerdoc
//
// @Summary List messages of a channel
// @Description The next_page_token is an opaque token, the special value "@start" (or empty-string) is the beginning and "@end" is the end
// @Description Simply start the pagination without a next_page_token and get the next page by calling this endpoint with the returned next_page_token of the last query
// @Description If there are no more entries the token "@end" will be returned
// @Description By default we return long messages with a trimmed body, if trimmed=false is supplied we return full messages (this reduces the max page_size)
// @ID api-channel-messages
//
// @Param query_data query handler.ListChannelMessages.query false " "
//
// @Success 200 {object} handler.ListChannelMessages.response
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/users/{uid}/channels/{cid}/messages [GET]
func (h APIHandler) ListChannelMessages(g *gin.Context) ginresp.HTTPResponse {
type uri struct {
ChannelUserID int64 `uri:"uid"`
ChannelID int64 `uri:"cid"`
}
type query struct {
PageSize *int `form:"page_size"`
NextPageToken *string `form:"next_page_token"`
Filter *string `form:"filter"`
Trimmed *bool `form:"trimmed"`
}
type response struct {
Messages []models.MessageJSON `json:"messages"`
NextPageToken string `json:"next_page_token"`
PageSize int `json:"page_size"`
}
var u uri
var q query
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, &q, nil, nil)
2022-11-20 00:30:30 +01:00
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
trimmed := langext.Coalesce(q.Trimmed, true)
maxPageSize := langext.Conditional(trimmed, 16, 256)
pageSize := mathext.Clamp(langext.Coalesce(q.PageSize, 64), 1, maxPageSize)
if permResp := ctx.CheckPermissionRead(); permResp != nil {
return *permResp
}
channel, err := h.database.GetChannel(ctx, u.ChannelUserID, u.ChannelID)
if err == sql.ErrNoRows {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 404, apierr.CHANNEL_NOT_FOUND, "Channel not found", err)
2022-11-20 00:30:30 +01:00
}
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query channel", err)
2022-11-20 00:30:30 +01:00
}
userid := *ctx.GetPermissionUserID()
sub, err := h.database.GetSubscriptionBySubscriber(ctx, userid, channel.ChannelID)
if err == sql.ErrNoRows {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
2022-11-20 00:30:30 +01:00
}
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query subscription", err)
2022-11-20 00:30:30 +01:00
}
if !sub.Confirmed {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
2022-11-20 00:30:30 +01:00
}
tok, err := cursortoken.Decode(langext.Coalesce(q.NextPageToken, ""))
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.PAGETOKEN_ERROR, "Failed to decode next_page_token", err)
2022-11-20 00:30:30 +01:00
}
messages, npt, err := h.database.ListChannelMessages(ctx, channel.ChannelID, pageSize, tok)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query messages", err)
2022-11-20 00:30:30 +01:00
}
var res []models.MessageJSON
if trimmed {
res = langext.ArrMap(messages, func(v models.Message) models.MessageJSON { return v.TrimmedJSON() })
} else {
res = langext.ArrMap(messages, func(v models.Message) models.MessageJSON { return v.FullJSON() })
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{Messages: res, NextPageToken: npt.Token(), PageSize: pageSize}))
2022-11-18 21:25:40 +01:00
}
// ListUserSubscriptions swaggerdoc
//
// @Summary List all channels of a user
// @ID api-user-subscriptions-list
//
// @Param uid path int true "UserID"
//
// @Success 200 {object} handler.ListUserSubscriptions.response
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/users/{uid}/subscriptions [GET]
2022-11-18 21:25:40 +01:00
func (h APIHandler) ListUserSubscriptions(g *gin.Context) ginresp.HTTPResponse {
type uri struct {
UserID int64 `uri:"uid"`
}
type response struct {
Subscriptions []models.SubscriptionJSON `json:"subscriptions"`
}
var u uri
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, nil, nil)
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionUserRead(u.UserID); permResp != nil {
return *permResp
}
clients, err := h.database.ListSubscriptionsByOwner(ctx, u.UserID)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query channels", err)
}
res := langext.ArrMap(clients, func(v models.Subscription) models.SubscriptionJSON { return v.JSON() })
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{Subscriptions: res}))
2022-11-18 21:25:40 +01:00
}
// ListChannelSubscriptions swaggerdoc
//
// @Summary List all subscriptions of a channel
// @ID api-chan-subscriptions-list
//
// @Param uid path int true "UserID"
// @Param cid path int true "ChannelID"
//
// @Success 200 {object} handler.ListChannelSubscriptions.response
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/users/{uid}/channels/{cid}/subscriptions [GET]
2022-11-18 21:25:40 +01:00
func (h APIHandler) ListChannelSubscriptions(g *gin.Context) ginresp.HTTPResponse {
type uri struct {
UserID int64 `uri:"uid"`
ChannelID int64 `uri:"cid"`
}
type response struct {
Subscriptions []models.SubscriptionJSON `json:"subscriptions"`
}
var u uri
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, nil, nil)
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionUserRead(u.UserID); permResp != nil {
return *permResp
}
_, err := h.database.GetChannel(ctx, u.UserID, u.ChannelID)
if err == sql.ErrNoRows {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 404, apierr.CHANNEL_NOT_FOUND, "Channel not found", err)
}
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query channels", err)
}
clients, err := h.database.ListSubscriptionsByChannel(ctx, u.ChannelID)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query channels", err)
}
res := langext.ArrMap(clients, func(v models.Subscription) models.SubscriptionJSON { return v.JSON() })
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{Subscriptions: res}))
2022-11-18 21:25:40 +01:00
}
// GetSubscription swaggerdoc
//
// @Summary Get a single subscription
// @ID api-subscriptions-get
//
// @Param uid path int true "UserID"
// @Param sid path int true "SubscriptionID"
//
// @Success 200 {object} models.SubscriptionJSON
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/users/{uid}/subscriptions/{sid} [GET]
2022-11-18 21:25:40 +01:00
func (h APIHandler) GetSubscription(g *gin.Context) ginresp.HTTPResponse {
type uri struct {
UserID int64 `uri:"uid"`
SubscriptionID int64 `uri:"sid"`
}
var u uri
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, nil, nil)
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionUserRead(u.UserID); permResp != nil {
return *permResp
}
subscription, err := h.database.GetSubscription(ctx, u.SubscriptionID)
if err == sql.ErrNoRows {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 404, apierr.SUBSCRIPTION_NOT_FOUND, "Subscription not found", err)
}
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query subscription", err)
}
if subscription.SubscriberUserID != u.UserID {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, subscription.JSON()))
2022-11-18 21:25:40 +01:00
}
// CancelSubscription swaggerdoc
//
// @Summary Cancel (delete) subscription
// @ID api-subscriptions-delete
//
// @Param uid path int true "UserID"
// @Param sid path int true "SubscriptionID"
//
// @Success 200 {object} models.SubscriptionJSON
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/users/{uid}/subscriptions/{sid} [DELETE]
2022-11-18 21:25:40 +01:00
func (h APIHandler) CancelSubscription(g *gin.Context) ginresp.HTTPResponse {
type uri struct {
UserID int64 `uri:"uid"`
SubscriptionID int64 `uri:"sid"`
}
var u uri
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, nil, nil)
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionUserAdmin(u.UserID); permResp != nil {
return *permResp
}
subscription, err := h.database.GetSubscription(ctx, u.SubscriptionID)
if err == sql.ErrNoRows {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 404, apierr.SUBSCRIPTION_NOT_FOUND, "Subscription not found", err)
}
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query subscription", err)
}
if subscription.SubscriberUserID != u.UserID && subscription.ChannelOwnerUserID != u.UserID {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
}
err = h.database.DeleteSubscription(ctx, u.SubscriptionID)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to delete subscription", err)
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, subscription.JSON()))
2022-11-18 21:25:40 +01:00
}
// CreateSubscription swaggerdoc
//
// @Summary Creare/Request a subscription
// @ID api-subscriptions-create
//
2022-11-20 00:19:41 +01:00
// @Param uid path int true "UserID"
// @Param query_data query handler.CreateSubscription.query false " "
// @Param post_data body handler.CreateSubscription.body false " "
//
2022-11-20 00:19:41 +01:00
// @Success 200 {object} models.SubscriptionJSON
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/users/{uid}/subscriptions [POST]
2022-11-18 21:25:40 +01:00
func (h APIHandler) CreateSubscription(g *gin.Context) ginresp.HTTPResponse {
type uri struct {
UserID int64 `uri:"uid"`
}
type body struct {
2022-11-20 03:06:08 +01:00
ChannelOwnerUserID int64 `form:"channel_owner_user_id" binding:"required"`
Channel string `form:"channel_name" binding:"required"`
}
type query struct {
ChanSubscribeKey *string `form:"chan_subscribe_key"`
}
var u uri
var q query
var b body
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, &q, &b, nil)
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionUserAdmin(u.UserID); permResp != nil {
return *permResp
}
channel, err := h.database.GetChannelByName(ctx, b.ChannelOwnerUserID, h.app.NormalizeChannelName(b.Channel))
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query channel", err)
}
if channel == nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 400, apierr.CHANNEL_NOT_FOUND, "Channel not found", err)
}
2022-11-20 03:06:08 +01:00
if channel.OwnerUserID != u.UserID && (q.ChanSubscribeKey == nil || *q.ChanSubscribeKey != channel.SubscribeKey) {
2022-11-20 20:34:18 +01:00
ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
2022-11-20 03:06:08 +01:00
}
sub, err := h.database.CreateSubscription(ctx, u.UserID, *channel, channel.OwnerUserID == u.UserID)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to create subscription", err)
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, sub.JSON()))
2022-11-18 21:25:40 +01:00
}
// UpdateSubscription swaggerdoc
//
// @Summary Update a subscription (e.g. confirm)
// @ID api-subscriptions-update
//
// @Param uid path int true "UserID"
// @Param sid path int true "SubscriptionID"
//
// @Success 200 {object} models.SubscriptionJSON
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/users/{uid}/subscriptions/{sid} [PATCH]
func (h APIHandler) UpdateSubscription(g *gin.Context) ginresp.HTTPResponse {
type uri struct {
UserID int64 `uri:"uid"`
SubscriptionID int64 `uri:"sid"`
}
type body struct {
Confirmed *bool `form:"confirmed"`
}
var u uri
var b body
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, &b, nil)
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionUserAdmin(u.UserID); permResp != nil {
return *permResp
}
subscription, err := h.database.GetSubscription(ctx, u.SubscriptionID)
if err == sql.ErrNoRows {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 404, apierr.SUBSCRIPTION_NOT_FOUND, "Subscription not found", err)
}
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query subscription", err)
}
if subscription.ChannelOwnerUserID != u.UserID {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
}
if b.Confirmed != nil {
err = h.database.UpdateSubscriptionConfirmed(ctx, u.SubscriptionID, *b.Confirmed)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to update subscription", err)
}
}
subscription, err = h.database.GetSubscription(ctx, u.SubscriptionID)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query subscription", err)
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, subscription.JSON()))
}
2022-11-20 00:19:41 +01:00
// ListMessages swaggerdoc
//
// @Summary List all (subscribed) messages
// @Description The next_page_token is an opaque token, the special value "@start" (or empty-string) is the beginning and "@end" is the end
// @Description Simply start the pagination without a next_page_token and get the next page by calling this endpoint with the returned next_page_token of the last query
// @Description If there are no more entries the token "@end" will be returned
// @Description By default we return long messages with a trimmed body, if trimmed=false is supplied we return full messages (this reduces the max page_size)
// @ID api-messages-list
//
// @Param query_data query handler.ListMessages.query false " "
//
// @Success 200 {object} handler.ListMessages.response
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/messages [GET]
2022-11-18 21:25:40 +01:00
func (h APIHandler) ListMessages(g *gin.Context) ginresp.HTTPResponse {
2022-11-20 00:19:41 +01:00
type query struct {
PageSize *int `form:"page_size"`
NextPageToken *string `form:"next_page_token"`
Filter *string `form:"filter"`
Trimmed *bool `form:"trimmed"`
}
type response struct {
Messages []models.MessageJSON `json:"messages"`
NextPageToken string `json:"next_page_token"`
PageSize int `json:"page_size"`
}
var q query
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, nil, &q, nil, nil)
2022-11-20 00:19:41 +01:00
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
trimmed := langext.Coalesce(q.Trimmed, true)
maxPageSize := langext.Conditional(trimmed, 16, 256)
pageSize := mathext.Clamp(langext.Coalesce(q.PageSize, 64), 1, maxPageSize)
if permResp := ctx.CheckPermissionRead(); permResp != nil {
return *permResp
}
userid := *ctx.GetPermissionUserID()
tok, err := cursortoken.Decode(langext.Coalesce(q.NextPageToken, ""))
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.PAGETOKEN_ERROR, "Failed to decode next_page_token", err)
2022-11-20 00:19:41 +01:00
}
err = h.database.UpdateUserLastRead(ctx, userid)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to update last-read", err)
2022-11-20 00:19:41 +01:00
}
messages, npt, err := h.database.ListMessages(ctx, userid, pageSize, tok)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query messages", err)
2022-11-20 00:19:41 +01:00
}
var res []models.MessageJSON
if trimmed {
res = langext.ArrMap(messages, func(v models.Message) models.MessageJSON { return v.TrimmedJSON() })
} else {
res = langext.ArrMap(messages, func(v models.Message) models.MessageJSON { return v.FullJSON() })
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{Messages: res, NextPageToken: npt.Token(), PageSize: pageSize}))
2022-11-18 21:25:40 +01:00
}
// GetMessage swaggerdoc
//
2022-11-20 00:19:41 +01:00
// @Summary Get a single message (untrimmed)
// @Description The user must either own the message and request the resource with the READ or ADMIN Key
// @Description Or the user must subscribe to the corresponding channel (and be confirmed) and request the resource with the READ or ADMIN Key
// @Description The returned message is never trimmed
2022-11-20 00:19:41 +01:00
// @ID api-messages-get
//
2022-11-20 00:19:41 +01:00
// @Param mid path int true "SCNMessageID"
//
2022-11-20 00:19:41 +01:00
// @Success 200 {object} models.MessageJSON
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
2022-11-20 00:19:41 +01:00
// @Router /api-v2/messages/{mid} [PATCH]
2022-11-18 21:25:40 +01:00
func (h APIHandler) GetMessage(g *gin.Context) ginresp.HTTPResponse {
type uri struct {
MessageID int64 `uri:"mid"`
}
var u uri
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, nil, nil)
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionAny(); permResp != nil {
return *permResp
}
msg, err := h.database.GetMessage(ctx, u.MessageID)
if err == sql.ErrNoRows {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 404, apierr.MESSAGE_NOT_FOUND, "message not found", err)
}
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query message", err)
}
if !ctx.CheckPermissionMessageReadDirect(msg) {
// either we have direct read permissions (it is our message + read/admin key)
// or we subscribe (+confirmed) to the channel and have read/admin key
if uid := ctx.GetPermissionUserID(); uid != nil && ctx.IsPermissionUserRead() {
sub, err := h.database.GetSubscriptionBySubscriber(ctx, *uid, msg.ChannelID)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query subscription", err)
}
if sub == nil {
// not subbed
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
}
if !sub.Confirmed {
// sub not confirmed
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
}
// => perm okay
} else {
// auth-key is not set or not a user:x variant
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
}
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, msg.FullJSON()))
2022-11-18 21:25:40 +01:00
}
// DeleteMessage swaggerdoc
//
2022-11-20 00:19:41 +01:00
// @Summary Delete a single message
// @Description The user must own the message and request the resource with the ADMIN Key
2022-11-20 00:19:41 +01:00
// @ID api-messages-delete
//
2022-11-20 00:19:41 +01:00
// @Param mid path int true "SCNMessageID"
//
2022-11-20 00:19:41 +01:00
// @Success 200 {object} models.MessageJSON
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
2022-11-20 00:19:41 +01:00
// @Router /api-v2/messages/{mid} [PATCH]
2022-11-18 21:25:40 +01:00
func (h APIHandler) DeleteMessage(g *gin.Context) ginresp.HTTPResponse {
type uri struct {
MessageID int64 `uri:"mid"`
}
var u uri
2022-11-20 03:06:08 +01:00
ctx, errResp := h.app.StartRequest(g, &u, nil, nil, nil)
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionAny(); permResp != nil {
return *permResp
}
msg, err := h.database.GetMessage(ctx, u.MessageID)
if err == sql.ErrNoRows {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 404, apierr.MESSAGE_NOT_FOUND, "message not found", err)
}
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query message", err)
}
if !ctx.CheckPermissionMessageReadDirect(msg) {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
}
err = h.database.DeleteMessage(ctx, msg.SCNMessageID)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to delete message", err)
}
2022-11-20 15:40:19 +01:00
err = h.database.CancelPendingDeliveries(ctx, msg.SCNMessageID)
if err != nil {
2022-11-20 20:34:18 +01:00
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to cancel deliveries", err)
2022-11-20 15:40:19 +01:00
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, msg.FullJSON()))
2022-11-18 21:25:40 +01:00
}
2022-11-20 20:34:18 +01:00
// CreateMessage swaggerdoc
//
// @Summary Create a new message
// @Description This is similar to the main route `POST -> https://scn.blackfrestbytes.com/`
// @Description But this route can change in the future, for long-living scripts etc. it's better to use the normal POST route
// @ID api-messages-create
//
// @Param post_data query handler.CreateMessage.body false " "
//
// @Success 200 {object} models.MessageJSON
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 404 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api-v2/messages [POST]
func (h APIHandler) CreateMessage(g *gin.Context) ginresp.HTTPResponse {
type body struct {
Channel *string `json:"channel"`
ChanKey *string `json:"chan_key"`
Title *string `json:"title"`
Content *string `json:"content"`
Priority *int `json:"priority"`
UserMessageID *string `json:"msg_id"`
SendTimestamp *float64 `json:"timestamp"`
}
var b body
ctx, errResp := h.app.StartRequest(g, nil, nil, &b, nil)
if errResp != nil {
return *errResp
}
defer ctx.Cancel()
if permResp := ctx.CheckPermissionSend(); permResp != nil {
return *permResp
}
userID := *ctx.GetPermissionUserID()
if b.Title != nil {
b.Title = langext.Ptr(strings.TrimSpace(*b.Title))
}
if b.UserMessageID != nil {
b.UserMessageID = langext.Ptr(strings.TrimSpace(*b.UserMessageID))
}
if b.Title == nil {
return ginresp.APIError(g, 400, apierr.MISSING_TITLE, "Missing parameter [[title]]", nil)
}
if b.SendTimestamp != nil && mathext.Abs(*b.SendTimestamp-float64(time.Now().Unix())) > (24*time.Hour).Seconds() {
return ginresp.SendAPIError(g, 400, apierr.TIMESTAMP_OUT_OF_RANGE, -1, "The timestamp mus be within 24 hours of now()", nil)
}
if b.Priority != nil && (*b.Priority != 0 && *b.Priority != 1 && *b.Priority != 2) {
return ginresp.SendAPIError(g, 400, apierr.INVALID_PRIO, 105, "Invalid priority", nil)
}
if len(*b.Title) == 0 {
return ginresp.SendAPIError(g, 400, apierr.NO_TITLE, 103, "No title specified", nil)
}
if b.UserMessageID != nil && len(*b.UserMessageID) > 64 {
return ginresp.SendAPIError(g, 400, apierr.USR_MSG_ID_TOO_LONG, -1, "MessageID too long (64 characters)", nil)
}
channelName := h.app.DefaultChannel
if b.Channel != nil {
channelName = h.app.NormalizeChannelName(*b.Channel)
}
user, err := h.database.GetUser(ctx, userID)
if err == sql.ErrNoRows {
return ginresp.SendAPIError(g, 400, apierr.USER_NOT_FOUND, -1, "User not found", nil)
}
if err != nil {
return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, -1, "Failed to query user", err)
}
if len(*b.Title) > user.MaxTitleLength() {
return ginresp.SendAPIError(g, 400, apierr.TITLE_TOO_LONG, 103, fmt.Sprintf("Title too long (max %d characters)", user.MaxTitleLength()), nil)
}
if b.Content != nil && len(*b.Content) > user.MaxContentLength() {
return ginresp.SendAPIError(g, 400, apierr.CONTENT_TOO_LONG, 104, fmt.Sprintf("Content too long (%d characters; max := %d characters)", len(*b.Content), user.MaxContentLength()), nil)
}
if b.UserMessageID != nil {
msg, err := h.database.GetMessageByUserMessageID(ctx, *b.UserMessageID)
if err != nil {
return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, -1, "Failed to query existing message", err)
}
if msg != nil {
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, msg.FullJSON()))
}
}
if user.QuotaRemainingToday() <= 0 {
return ginresp.SendAPIError(g, 403, apierr.QUOTA_REACHED, -1, fmt.Sprintf("Daily quota reached (%d)", user.QuotaPerDay()), nil)
}
channel, err := h.app.GetOrCreateChannel(ctx, userID, channelName)
if err != nil {
return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, -1, "Failed to query/create channel", err)
}
var sendTimestamp *time.Time = nil
if b.SendTimestamp != nil {
sendTimestamp = langext.Ptr(timeext.UnixFloatSeconds(*b.SendTimestamp))
}
priority := langext.Coalesce(b.Priority, 1)
msg, err := h.database.CreateMessage(ctx, userID, channel, sendTimestamp, *b.Title, b.Content, priority, b.UserMessageID)
if err != nil {
return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, -1, "Failed to create message in db", err)
}
subscriptions, err := h.database.ListSubscriptionsByChannel(ctx, channel.ChannelID)
if err != nil {
return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, -1, "Failed to query subscriptions", err)
}
err = h.database.IncUserMessageCounter(ctx, user)
if err != nil {
return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, -1, "Failed to inc user msg-counter", err)
}
err = h.database.IncChannelMessageCounter(ctx, channel)
if err != nil {
return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, -1, "Failed to inc channel msg-counter", err)
}
for _, sub := range subscriptions {
clients, err := h.database.ListClients(ctx, sub.SubscriberUserID)
if err != nil {
return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, -1, "Failed to query clients", err)
}
if !sub.Confirmed {
continue
}
for _, client := range clients {
fcmDelivID, err := h.app.DeliverMessage(ctx, client, msg)
if err != nil {
_, err = h.database.CreateRetryDelivery(ctx, client, msg)
if err != nil {
return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, -1, "Failed to create delivery", err)
}
} else {
_, err = h.database.CreateSuccessDelivery(ctx, client, msg, *fcmDelivID)
if err != nil {
return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, -1, "Failed to create delivery", err)
}
}
}
}
return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, msg.FullJSON()))
2022-11-18 21:25:40 +01:00
}