Skip to content

Commit

Permalink
認証周りを各APIに実装
Browse files Browse the repository at this point in the history 
get系は権限不要でinsertとupdateはEquipmentManager以上、deleteはAdministratorという分割で一旦実装
  • Loading branch information
@puripuri2100
puripuri2100 committed Oct 28, 2023
1 parent 976778b commit 68d8d80
Show file tree
Hide file tree
Showing 4 changed files with 165 additions and 106 deletions.
23 changes: 15 additions & 8 deletions src/app.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,25 +124,28 @@ pub async fn app(bind: SocketAddr) -> Result<()> {
post({
info!("POST /insert_lending");
let conn = Arc::clone(&conn);
move |body| lending::insert_lending(body, conn)
move |TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
body| lending::insert_lending(bearer, body, conn)
}),
)
.route(
"/update_lending",
post({
info!("POST /update_lending");
let conn = Arc::clone(&conn);
move |body| lending::update_lending(body, conn)
move |TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
body| lending::update_lending(bearer, body, conn)
}),
)
.route(
"/returned_lending",
post({
info!("POST /returned_lending");
let conn = Arc::clone(&conn);
move |Query(query)| {
move |TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
Query(query)| {
let now = Utc::now();
lending::returned_lending(query, now, conn)
lending::returned_lending(bearer, query, now, conn)
}
}),
)
Expand Down Expand Up @@ -175,15 +178,17 @@ pub async fn app(bind: SocketAddr) -> Result<()> {
post({
info!("POST /insert_spot");
let conn = Arc::clone(&conn);
move |body| spot::insert_spot(body, conn)
move |TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
body| spot::insert_spot(bearer, body, conn)
}),
)
.route(
"/update_spot",
post({
info!("POST /update_spot");
let conn = Arc::clone(&conn);
move |body| spot::update_spot(body, conn)
move |TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
body| spot::update_spot(bearer, body, conn)
}),
)
.route(
Expand All @@ -207,15 +212,17 @@ pub async fn app(bind: SocketAddr) -> Result<()> {
delete({
info!("DELETE /delete_spot");
let conn = Arc::clone(&conn);
move |Query(query)| spot::delte_spot(query, conn)
move |TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
Query(query)| spot::delte_spot(bearer, query, conn)
}),
)
.route(
"/insert_container",
post({
info!("POST /insert_container");
let conn = Arc::clone(&conn);
move |body| container::insert_container(body, conn)
move |TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
body| container::insert_container(bearer, body, conn)
}),
)
.route(
Expand Down
28 changes: 18 additions & 10 deletions src/app/container.rs
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,30 @@
use crate::certification::{get_role, Role};
use crate::{
error_handling::{result_to_handler_with_log, ReturnData},
error_handling::{result_to_handler, result_to_handler_with_log, QrError, ReturnData},
Container,
};
use axum::extract::Json;
use axum::{extract::Json, headers::authorization::Bearer};
use sqlx::{pool::Pool, postgres::Postgres};
use std::sync::Arc;
use tracing::*;

pub async fn insert_container(
bearer: Bearer,
Json(container): Json<Container>,
conn: Arc<Pool<Postgres>>,
) -> ReturnData<()> {
info!("Try insert container: {container:?}");
let res = crate::database::insert_container::insert_container(&*conn, container.clone()).await;
result_to_handler_with_log(
|_| Some(format!("Success insert container[{}]", &container.id)),
|e| Some(format!("{e} [{}]", &container.id)),
&res,
)
.await
let role = get_role(&*conn, bearer.token()).await;
if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role {
info!("Try insert container: {container:?}");
let res =
crate::database::insert_container::insert_container(&*conn, container.clone()).await;
result_to_handler_with_log(
|_| Some(format!("Success insert container[{}]", &container.id)),
|e| Some(format!("{e} [{}]", &container.id)),
&res,
)
.await
} else {
result_to_handler(&Err(QrError::Authorized)).await
}
}
127 changes: 73 additions & 54 deletions src/app/lending.rs
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
use crate::certification::{get_role, Role};
use crate::{
error_handling::{result_to_handler_with_log, QrError, ReturnData},
error_handling::{result_to_handler, result_to_handler_with_log, QrError, ReturnData},
Lending,
};
use axum::extract::Json;
use axum::{extract::Json, headers::authorization::Bearer};
use chrono::{DateTime, Utc};
use sqlx::{pool::Pool, postgres::Postgres};
use std::collections::HashMap;
Expand All @@ -13,70 +14,82 @@ use uuid::Uuid;
/// 備品情報の登録を行うエンドポイント
/// - https://github.com/sohosai/qr-backend/issues/11
pub async fn insert_lending(
bearer: Bearer,
Json(lending): Json<Lending>,
conn: Arc<Pool<Postgres>>,
) -> ReturnData<()> {
info!("Try insert lending: {lending:?}");
let res = crate::database::insert_lending::insert_lending(&*conn, lending.clone()).await;
result_to_handler_with_log(
|_| Some(format!("Success insert lending[{}]", &lending.id)),
|e| Some(format!("{e}[{}]", &lending.id)),
&res,
)
.await
let role = get_role(&*conn, bearer.token()).await;
if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role {
info!("Try insert lending: {lending:?}");
let res = crate::database::insert_lending::insert_lending(&*conn, lending.clone()).await;
result_to_handler_with_log(
|_| Some(format!("Success insert lending[{}]", &lending.id)),
|e| Some(format!("{e}[{}]", &lending.id)),
&res,
)
.await
} else {
result_to_handler(&Err(QrError::Authorized)).await
}
}

pub async fn returned_lending(
bearer: Bearer,
query: HashMap<String, String>,
returned_at: DateTime<Utc>,
conn: Arc<Pool<Postgres>>,
) -> ReturnData<()> {
use crate::database::get_one_fixtures::*;
use crate::database::returned_lending::*;
match (query.get("id"), query.get("qr_id")) {
(Some(id), _) => {
let uuid_opt = Uuid::parse_str(id).ok();
if let Some(uuid) = uuid_opt {
info!("Try get fixtures with uuid: {uuid}");
let res = returned_lending(&*conn, uuid, returned_at).await;
result_to_handler_with_log(
|_| Some(format!("Success returned lending with uuid[{uuid}]")),
|e| Some(format!("{e} uuid[{uuid}]")),
&res,
)
.await
} else {
let err = Err(QrError::BrokenUuid(id.to_string()));
result_to_handler_with_log(|_| None, |e| Some(e.to_string()), &err).await
}
}
(_, Some(qr_id)) => {
info!("Try get fixtures with qr_id: {qr_id}");
let fixtures = get_one_fixtures(&*conn, IdType::QrId(qr_id.clone())).await;
match fixtures {
Ok(fixtures) => {
let res = returned_lending(&*conn, fixtures.id, returned_at).await;
let role = get_role(&*conn, bearer.token()).await;
if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role {
match (query.get("id"), query.get("qr_id")) {
(Some(id), _) => {
let uuid_opt = Uuid::parse_str(id).ok();
if let Some(uuid) = uuid_opt {
info!("Try get fixtures with uuid: {uuid}");
let res = returned_lending(&*conn, uuid, returned_at).await;
result_to_handler_with_log(
|_| Some(format!("Success returned lending with qr_id[{qr_id}]")),
|e| Some(format!("{e} qr_id[{qr_id}]")),
|_| Some(format!("Success returned lending with uuid[{uuid}]")),
|e| Some(format!("{e} uuid[{uuid}]")),
&res,
)
.await
} else {
let err = Err(QrError::BrokenUuid(id.to_string()));
result_to_handler_with_log(|_| None, |e| Some(e.to_string()), &err).await
}
Err(e) => {
result_to_handler_with_log(
|_| None,
|e| Some(format!("{e} qr_id[{qr_id}]")),
&Err(e),
)
.await
}
(_, Some(qr_id)) => {
info!("Try get fixtures with qr_id: {qr_id}");
let fixtures = get_one_fixtures(&*conn, IdType::QrId(qr_id.clone())).await;
match fixtures {
Ok(fixtures) => {
let res = returned_lending(&*conn, fixtures.id, returned_at).await;
result_to_handler_with_log(
|_| Some(format!("Success returned lending with qr_id[{qr_id}]")),
|e| Some(format!("{e} qr_id[{qr_id}]")),
&res,
)
.await
}
Err(e) => {
result_to_handler_with_log(
|_| None,
|e| Some(format!("{e} qr_id[{qr_id}]")),
&Err(e),
)
.await
}
}
}
_ => {
let err = Err(QrError::UrlQuery("qr_id, id".to_string()));
result_to_handler_with_log(|_| None, |e| Some(e.to_string()), &err).await
}
}
_ => {
let err = Err(QrError::UrlQuery("qr_id, id".to_string()));
result_to_handler_with_log(|_| None, |e| Some(e.to_string()), &err).await
}
} else {
result_to_handler(&Err(QrError::Authorized)).await
}
}

Expand Down Expand Up @@ -216,15 +229,21 @@ pub async fn get_is_lending(
}

pub async fn update_lending(
bearer: Bearer,
Json(lending): Json<Lending>,
conn: Arc<Pool<Postgres>>,
) -> ReturnData<()> {
info!("Try update lending: {lending:?}");
let res = crate::database::update_lending::update_lending(&*conn, lending.clone()).await;
result_to_handler_with_log(
|_| Some(format!("Success update lending[{}]", lending.id)),
|e| Some(format!("{e} lending[{}]", lending.id)),
&res,
)
.await
let role = get_role(&*conn, bearer.token()).await;
if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role {
info!("Try update lending: {lending:?}");
let res = crate::database::update_lending::update_lending(&*conn, lending.clone()).await;
result_to_handler_with_log(
|_| Some(format!("Success update lending[{}]", lending.id)),
|e| Some(format!("{e} lending[{}]", lending.id)),
&res,
)
.await
} else {
result_to_handler(&Err(QrError::Authorized)).await
}
}
Loading

0 comments on commit 68d8d80

Please sign in to comment.