PluralKit/crates/api/src/middleware/params.rs

use axum::{
    extract::{Request, State},
    http::StatusCode,
    middleware::Next,
    response::Response,
    routing::url_params::UrlParams,
};

use sqlx::{Postgres, types::Uuid};
use tracing::error;

use crate::auth::AuthState;
use crate::{ApiContext, util::json_err};
use pluralkit_models::PKSystem;

// move this somewhere else
fn parse_hid(hid: &str) -> String {
    if hid.len() > 7 || hid.len() < 5 {
        hid.to_string()
    } else {
        hid.to_lowercase().replace("-", "")
    }
}

pub async fn params(State(ctx): State<ApiContext>, mut req: Request, next: Next) -> Response {
    let pms = match req.extensions().get::<UrlParams>() {
        None => Vec::new(),
        Some(UrlParams::Params(pms)) => pms.clone(),
        _ => {
            return json_err(
                StatusCode::BAD_REQUEST,
                r#"{"message":"400: Bad Request","code": 0}"#.to_string(),
            )
            .into();
        }
    };

    for (key, value) in pms {
        match key.as_ref() {
            "system_id" => match value.as_str() {
                "@me" => {
                    let Some(system_id) = req
                        .extensions()
                        .get::<AuthState>()
                        .expect("missing auth state")
                        .system_id()
                    else {
                        return json_err(
                            StatusCode::UNAUTHORIZED,
                            r#"{"message":"401: Missing or invalid Authorization header","code": 0}"#.to_string(),
                        )
                        .into();
                    };

                    match sqlx::query_as::<Postgres, PKSystem>(
                        "select * from systems where id = $1",
                    )
                    .bind(system_id)
                    .fetch_optional(&ctx.db)
                    .await
                    {
                        Ok(Some(system)) => {
                            req.extensions_mut().insert(system);
                        }
                        Ok(None) => {
                            error!(
                                ?system_id,
                                "could not find previously authenticated system in db"
                            );
                            return json_err(
                                StatusCode::INTERNAL_SERVER_ERROR,
                                r#"{"message": "500: Internal Server Error", "code": 0}"#
                                    .to_string(),
                            );
                        }
                        Err(err) => {
                            error!(
                                ?err,
                                "failed to query previously authenticated system in db"
                            );
                            return json_err(
                                StatusCode::INTERNAL_SERVER_ERROR,
                                r#"{"message": "500: Internal Server Error", "code": 0}"#
                                    .to_string(),
                            );
                        }
                    }
                }
                id => {
                    println!("a {id}");
                    match match Uuid::parse_str(id) {
                        Ok(uuid) => sqlx::query_as::<Postgres, PKSystem>(
                            "select * from systems where uuid = $1",
                        )
                        .bind(uuid),
                        Err(_) => match id.parse::<i64>() {
                            Ok(parsed) => sqlx::query_as::<Postgres, PKSystem>(
                                "select * from systems where id = (select system from accounts where uid = $1)"
                            )
                            .bind(parsed),
                            Err(_) => sqlx::query_as::<Postgres, PKSystem>(
                                "select * from systems where hid = $1",
                            )
                            .bind(parse_hid(id))
                        },
                    }
                    .fetch_optional(&ctx.db)
                    .await
                    {
                        Ok(Some(system)) => {
                            req.extensions_mut().insert(system);
                        }
                        Ok(None) => {
                            return json_err(
                                StatusCode::NOT_FOUND,
                                r#"{"message":"System not found.","code":20001}"#.to_string(),
                            )
                        }
                        Err(err) => {
                            error!(?err, ?id, "failed to query system from path in db");
                            return json_err(
                                StatusCode::INTERNAL_SERVER_ERROR,
                                r#"{"message": "500: Internal Server Error", "code": 0}"#
                                    .to_string(),
                            );
                        }
                    }
                }
            },
            "member_id" => {}
            "group_id" => {}
            "switch_id" => {}
            "guild_id" => {}
            _ => {}
        }
    }

    next.run(req).await
}
feat(api): allow unauthed requests to /systems/:id/settings 2025-05-28 23:00:39 +00:00			`use axum::{`
			`extract::{Request, State},`
			`http::StatusCode,`
			`middleware::Next,`
			`response::Response,`
			`routing::url_params::UrlParams,`
			`};`

chore: bump rust edition to 2024 2025-09-01 03:36:13 +00:00			`use sqlx::{Postgres, types::Uuid};`
feat(api): allow unauthed requests to /systems/:id/settings 2025-05-28 23:00:39 +00:00			`use tracing::error;`

			`use crate::auth::AuthState;`
chore: bump rust edition to 2024 2025-09-01 03:36:13 +00:00			`use crate::{ApiContext, util::json_err};`
feat(api): allow unauthed requests to /systems/:id/settings 2025-05-28 23:00:39 +00:00			`use pluralkit_models::PKSystem;`

fix(api): allow hids in uppercase and with dashes; document this 2025-06-09 05:39:44 +00:00			`// move this somewhere else`
			`fn parse_hid(hid: &str) -> String {`
			`if hid.len() > 7 \|\| hid.len() < 5 {`
			`hid.to_string()`
			`} else {`
			`hid.to_lowercase().replace("-", "")`
			`}`
			`}`

feat(api): allow unauthed requests to /systems/:id/settings 2025-05-28 23:00:39 +00:00			`pub async fn params(State(ctx): State<ApiContext>, mut req: Request, next: Next) -> Response {`
			`let pms = match req.extensions().get::<UrlParams>() {`
			`None => Vec::new(),`
			`Some(UrlParams::Params(pms)) => pms.clone(),`
			`_ => {`
			`return json_err(`
			`StatusCode::BAD_REQUEST,`
fix(api): use correct json key for errors 2025-07-05 17:31:02 +00:00			`r#"{"message":"400: Bad Request","code": 0}"#.to_string(),`
feat(api): allow unauthed requests to /systems/:id/settings 2025-05-28 23:00:39 +00:00			`)`
chore: bump rust edition to 2024 2025-09-01 03:36:13 +00:00			`.into();`
feat(api): allow unauthed requests to /systems/:id/settings 2025-05-28 23:00:39 +00:00			`}`
			`};`

			`for (key, value) in pms {`
			`match key.as_ref() {`
			`"system_id" => match value.as_str() {`
			`"@me" => {`
			`let Some(system_id) = req`
			`.extensions()`
			`.get::<AuthState>()`
			`.expect("missing auth state")`
			`.system_id()`
			`else {`
			`return json_err(`
			`StatusCode::UNAUTHORIZED,`
fix(api): use correct json key for errors 2025-07-05 17:31:02 +00:00			`r#"{"message":"401: Missing or invalid Authorization header","code": 0}"#.to_string(),`
feat(api): allow unauthed requests to /systems/:id/settings 2025-05-28 23:00:39 +00:00			`)`
			`.into();`
			`};`

			`match sqlx::query_as::<Postgres, PKSystem>(`
			`"select * from systems where id = $1",`
			`)`
			`.bind(system_id)`
			`.fetch_optional(&ctx.db)`
			`.await`
			`{`
			`Ok(Some(system)) => {`
			`req.extensions_mut().insert(system);`
			`}`
			`Ok(None) => {`
			`error!(`
			`?system_id,`
			`"could not find previously authenticated system in db"`
			`);`
			`return json_err(`
			`StatusCode::INTERNAL_SERVER_ERROR,`
			`r#"{"message": "500: Internal Server Error", "code": 0}"#`
			`.to_string(),`
			`);`
			`}`
			`Err(err) => {`
			`error!(`
			`?err,`
			`"failed to query previously authenticated system in db"`
			`);`
			`return json_err(`
			`StatusCode::INTERNAL_SERVER_ERROR,`
			`r#"{"message": "500: Internal Server Error", "code": 0}"#`
			`.to_string(),`
			`);`
			`}`
			`}`
			`}`
			`id => {`
fix(api): forgot about discord id lookup 2025-06-09 20:14:38 +00:00			`println!("a {id}");`
feat(api): allow unauthed requests to /systems/:id/settings 2025-05-28 23:00:39 +00:00			`match match Uuid::parse_str(id) {`
			`Ok(uuid) => sqlx::query_as::<Postgres, PKSystem>(`
			`"select * from systems where uuid = $1",`
			`)`
			`.bind(uuid),`
fix(api): forgot about discord id lookup 2025-06-09 20:14:38 +00:00			`Err(_) => match id.parse::<i64>() {`
			`Ok(parsed) => sqlx::query_as::<Postgres, PKSystem>(`
			`"select * from systems where id = (select system from accounts where uid = $1)"`
			`)`
			`.bind(parsed),`
			`Err(_) => sqlx::query_as::<Postgres, PKSystem>(`
			`"select * from systems where hid = $1",`
			`)`
			`.bind(parse_hid(id))`
			`},`
feat(api): allow unauthed requests to /systems/:id/settings 2025-05-28 23:00:39 +00:00			`}`
			`.fetch_optional(&ctx.db)`
			`.await`
			`{`
			`Ok(Some(system)) => {`
			`req.extensions_mut().insert(system);`
			`}`
			`Ok(None) => {`
			`return json_err(`
			`StatusCode::NOT_FOUND,`
			`r#"{"message":"System not found.","code":20001}"#.to_string(),`
			`)`
			`}`
			`Err(err) => {`
			`error!(?err, ?id, "failed to query system from path in db");`
			`return json_err(`
			`StatusCode::INTERNAL_SERVER_ERROR,`
			`r#"{"message": "500: Internal Server Error", "code": 0}"#`
			`.to_string(),`
			`);`
			`}`
			`}`
			`}`
			`},`
			`"member_id" => {}`
			`"group_id" => {}`
			`"switch_id" => {}`
			`"guild_id" => {}`
			`_ => {}`
			`}`
			`}`

			`next.run(req).await`
			`}`