mirror of
https://github.com/PluralKit/PluralKit.git
synced 2026-02-10 15:57:53 +00:00
feat(api): allow unauthed requests to /systems/:id/settings
This commit is contained in:
alyssa
parent
0406c32f6b
commit
0610701252
14 changed files with 334 additions and 70 deletions
123
crates/api/src/middleware/params.rs
Normal file
123
crates/api/src/middleware/params.rs
Normal file
|
|
@ -0,0 +1,123 @@
|
|||
use axum::{
|
||||
extract::{Request, State},
|
||||
http::StatusCode,
|
||||
middleware::Next,
|
||||
response::Response,
|
||||
routing::url_params::UrlParams,
|
||||
};
|
||||
|
||||
use sqlx::{types::Uuid, Postgres};
|
||||
use tracing::error;
|
||||
|
||||
use crate::auth::AuthState;
|
||||
use crate::{util::json_err, ApiContext};
|
||||
use pluralkit_models::PKSystem;
|
||||
|
||||
pub async fn params(State(ctx): State<ApiContext>, mut req: Request, next: Next) -> Response {
|
||||
let pms = match req.extensions().get::<UrlParams>() {
|
||||
None => Vec::new(),
|
||||
Some(UrlParams::Params(pms)) => pms.clone(),
|
||||
_ => {
|
||||
return json_err(
|
||||
StatusCode::BAD_REQUEST,
|
||||
r#"{"error": "400: Bad Request", "code": 0}"#.to_string(),
|
||||
)
|
||||
.into()
|
||||
}
|
||||
};
|
||||
|
||||
for (key, value) in pms {
|
||||
match key.as_ref() {
|
||||
"system_id" => match value.as_str() {
|
||||
"@me" => {
|
||||
let Some(system_id) = req
|
||||
.extensions()
|
||||
.get::<AuthState>()
|
||||
.expect("missing auth state")
|
||||
.system_id()
|
||||
else {
|
||||
return json_err(
|
||||
StatusCode::UNAUTHORIZED,
|
||||
r#"{"error": "401: Missing or invalid Authorization header", "code": 0}"#.to_string(),
|
||||
)
|
||||
.into();
|
||||
};
|
||||
|
||||
match sqlx::query_as::<Postgres, PKSystem>(
|
||||
"select * from systems where id = $1",
|
||||
)
|
||||
.bind(system_id)
|
||||
.fetch_optional(&ctx.db)
|
||||
.await
|
||||
{
|
||||
Ok(Some(system)) => {
|
||||
req.extensions_mut().insert(system);
|
||||
}
|
||||
Ok(None) => {
|
||||
error!(
|
||||
?system_id,
|
||||
"could not find previously authenticated system in db"
|
||||
);
|
||||
return json_err(
|
||||
StatusCode::INTERNAL_SERVER_ERROR,
|
||||
r#"{"message": "500: Internal Server Error", "code": 0}"#
|
||||
.to_string(),
|
||||
);
|
||||
}
|
||||
Err(err) => {
|
||||
error!(
|
||||
?err,
|
||||
"failed to query previously authenticated system in db"
|
||||
);
|
||||
return json_err(
|
||||
StatusCode::INTERNAL_SERVER_ERROR,
|
||||
r#"{"message": "500: Internal Server Error", "code": 0}"#
|
||||
.to_string(),
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
id => {
|
||||
match match Uuid::parse_str(id) {
|
||||
Ok(uuid) => sqlx::query_as::<Postgres, PKSystem>(
|
||||
"select * from systems where uuid = $1",
|
||||
)
|
||||
.bind(uuid),
|
||||
Err(_) => sqlx::query_as::<Postgres, PKSystem>(
|
||||
"select * from systems where hid = $1",
|
||||
)
|
||||
.bind(id),
|
||||
}
|
||||
.fetch_optional(&ctx.db)
|
||||
.await
|
||||
{
|
||||
Ok(Some(system)) => {
|
||||
req.extensions_mut().insert(system);
|
||||
}
|
||||
Ok(None) => {
|
||||
return json_err(
|
||||
StatusCode::NOT_FOUND,
|
||||
r#"{"message":"System not found.","code":20001}"#.to_string(),
|
||||
)
|
||||
}
|
||||
Err(err) => {
|
||||
error!(?err, ?id, "failed to query system from path in db");
|
||||
return json_err(
|
||||
StatusCode::INTERNAL_SERVER_ERROR,
|
||||
r#"{"message": "500: Internal Server Error", "code": 0}"#
|
||||
.to_string(),
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"member_id" => {}
|
||||
"group_id" => {}
|
||||
"switch_id" => {}
|
||||
"guild_id" => {}
|
||||
_ => {}
|
||||
}
|
||||
}
|
||||
|
||||
next.run(req).await
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue