From 68d8d80758d17e3695deeec4163710699e1b6014 Mon Sep 17 00:00:00 2001 From: puripuri2100 Date: Sat, 28 Oct 2023 14:01:02 +0900 Subject: [PATCH] =?UTF-8?q?=E8=AA=8D=E8=A8=BC=E5=91=A8=E3=82=8A=E3=82=92?= =?UTF-8?q?=E5=90=84API=E3=81=AB=E5=AE=9F=E8=A3=85=20get=E7=B3=BB=E3=81=AF?= =?UTF-8?q?=E6=A8=A9=E9=99=90=E4=B8=8D=E8=A6=81=E3=81=A7insert=E3=81=A8upd?= =?UTF-8?q?ate=E3=81=AFEquipmentManager=E4=BB=A5=E4=B8=8A=E3=80=81delete?= =?UTF-8?q?=E3=81=AFAdministrator=E3=81=A8=E3=81=84=E3=81=86=E5=88=86?= =?UTF-8?q?=E5=89=B2=E3=81=A7=E4=B8=80=E6=97=A6=E5=AE=9F=E8=A3=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/app.rs | 23 +++++--- src/app/container.rs | 28 ++++++---- src/app/lending.rs | 127 +++++++++++++++++++++++++------------------ src/app/spot.rs | 93 +++++++++++++++++++------------ 4 files changed, 165 insertions(+), 106 deletions(-) diff --git a/src/app.rs b/src/app.rs index 1348cfa..972a4ec 100644 --- a/src/app.rs +++ b/src/app.rs @@ -124,7 +124,8 @@ pub async fn app(bind: SocketAddr) -> Result<()> { post({ info!("POST /insert_lending"); let conn = Arc::clone(&conn); - move |body| lending::insert_lending(body, conn) + move |TypedHeader(Authorization(bearer)): TypedHeader>, + body| lending::insert_lending(bearer, body, conn) }), ) .route( @@ -132,7 +133,8 @@ pub async fn app(bind: SocketAddr) -> Result<()> { post({ info!("POST /update_lending"); let conn = Arc::clone(&conn); - move |body| lending::update_lending(body, conn) + move |TypedHeader(Authorization(bearer)): TypedHeader>, + body| lending::update_lending(bearer, body, conn) }), ) .route( @@ -140,9 +142,10 @@ pub async fn app(bind: SocketAddr) -> Result<()> { post({ info!("POST /returned_lending"); let conn = Arc::clone(&conn); - move |Query(query)| { + move |TypedHeader(Authorization(bearer)): TypedHeader>, + Query(query)| { let now = Utc::now(); - lending::returned_lending(query, now, conn) + lending::returned_lending(bearer, query, now, conn) } }), ) @@ -175,7 +178,8 @@ pub async fn app(bind: SocketAddr) -> Result<()> { post({ info!("POST /insert_spot"); let conn = Arc::clone(&conn); - move |body| spot::insert_spot(body, conn) + move |TypedHeader(Authorization(bearer)): TypedHeader>, + body| spot::insert_spot(bearer, body, conn) }), ) .route( @@ -183,7 +187,8 @@ pub async fn app(bind: SocketAddr) -> Result<()> { post({ info!("POST /update_spot"); let conn = Arc::clone(&conn); - move |body| spot::update_spot(body, conn) + move |TypedHeader(Authorization(bearer)): TypedHeader>, + body| spot::update_spot(bearer, body, conn) }), ) .route( @@ -207,7 +212,8 @@ pub async fn app(bind: SocketAddr) -> Result<()> { delete({ info!("DELETE /delete_spot"); let conn = Arc::clone(&conn); - move |Query(query)| spot::delte_spot(query, conn) + move |TypedHeader(Authorization(bearer)): TypedHeader>, + Query(query)| spot::delte_spot(bearer, query, conn) }), ) .route( @@ -215,7 +221,8 @@ pub async fn app(bind: SocketAddr) -> Result<()> { post({ info!("POST /insert_container"); let conn = Arc::clone(&conn); - move |body| container::insert_container(body, conn) + move |TypedHeader(Authorization(bearer)): TypedHeader>, + body| container::insert_container(bearer, body, conn) }), ) .route( diff --git a/src/app/container.rs b/src/app/container.rs index d3cc456..058e376 100644 --- a/src/app/container.rs +++ b/src/app/container.rs @@ -1,22 +1,30 @@ +use crate::certification::{get_role, Role}; use crate::{ - error_handling::{result_to_handler_with_log, ReturnData}, + error_handling::{result_to_handler, result_to_handler_with_log, QrError, ReturnData}, Container, }; -use axum::extract::Json; +use axum::{extract::Json, headers::authorization::Bearer}; use sqlx::{pool::Pool, postgres::Postgres}; use std::sync::Arc; use tracing::*; pub async fn insert_container( + bearer: Bearer, Json(container): Json, conn: Arc>, ) -> ReturnData<()> { - info!("Try insert container: {container:?}"); - let res = crate::database::insert_container::insert_container(&*conn, container.clone()).await; - result_to_handler_with_log( - |_| Some(format!("Success insert container[{}]", &container.id)), - |e| Some(format!("{e} [{}]", &container.id)), - &res, - ) - .await + let role = get_role(&*conn, bearer.token()).await; + if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role { + info!("Try insert container: {container:?}"); + let res = + crate::database::insert_container::insert_container(&*conn, container.clone()).await; + result_to_handler_with_log( + |_| Some(format!("Success insert container[{}]", &container.id)), + |e| Some(format!("{e} [{}]", &container.id)), + &res, + ) + .await + } else { + result_to_handler(&Err(QrError::Authorized)).await + } } diff --git a/src/app/lending.rs b/src/app/lending.rs index d2a533f..646aa71 100644 --- a/src/app/lending.rs +++ b/src/app/lending.rs @@ -1,8 +1,9 @@ +use crate::certification::{get_role, Role}; use crate::{ - error_handling::{result_to_handler_with_log, QrError, ReturnData}, + error_handling::{result_to_handler, result_to_handler_with_log, QrError, ReturnData}, Lending, }; -use axum::extract::Json; +use axum::{extract::Json, headers::authorization::Bearer}; use chrono::{DateTime, Utc}; use sqlx::{pool::Pool, postgres::Postgres}; use std::collections::HashMap; @@ -13,70 +14,82 @@ use uuid::Uuid; /// 備品情報の登録を行うエンドポイント /// - https://github.com/sohosai/qr-backend/issues/11 pub async fn insert_lending( + bearer: Bearer, Json(lending): Json, conn: Arc>, ) -> ReturnData<()> { - info!("Try insert lending: {lending:?}"); - let res = crate::database::insert_lending::insert_lending(&*conn, lending.clone()).await; - result_to_handler_with_log( - |_| Some(format!("Success insert lending[{}]", &lending.id)), - |e| Some(format!("{e}[{}]", &lending.id)), - &res, - ) - .await + let role = get_role(&*conn, bearer.token()).await; + if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role { + info!("Try insert lending: {lending:?}"); + let res = crate::database::insert_lending::insert_lending(&*conn, lending.clone()).await; + result_to_handler_with_log( + |_| Some(format!("Success insert lending[{}]", &lending.id)), + |e| Some(format!("{e}[{}]", &lending.id)), + &res, + ) + .await + } else { + result_to_handler(&Err(QrError::Authorized)).await + } } pub async fn returned_lending( + bearer: Bearer, query: HashMap, returned_at: DateTime, conn: Arc>, ) -> ReturnData<()> { use crate::database::get_one_fixtures::*; use crate::database::returned_lending::*; - match (query.get("id"), query.get("qr_id")) { - (Some(id), _) => { - let uuid_opt = Uuid::parse_str(id).ok(); - if let Some(uuid) = uuid_opt { - info!("Try get fixtures with uuid: {uuid}"); - let res = returned_lending(&*conn, uuid, returned_at).await; - result_to_handler_with_log( - |_| Some(format!("Success returned lending with uuid[{uuid}]")), - |e| Some(format!("{e} uuid[{uuid}]")), - &res, - ) - .await - } else { - let err = Err(QrError::BrokenUuid(id.to_string())); - result_to_handler_with_log(|_| None, |e| Some(e.to_string()), &err).await - } - } - (_, Some(qr_id)) => { - info!("Try get fixtures with qr_id: {qr_id}"); - let fixtures = get_one_fixtures(&*conn, IdType::QrId(qr_id.clone())).await; - match fixtures { - Ok(fixtures) => { - let res = returned_lending(&*conn, fixtures.id, returned_at).await; + let role = get_role(&*conn, bearer.token()).await; + if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role { + match (query.get("id"), query.get("qr_id")) { + (Some(id), _) => { + let uuid_opt = Uuid::parse_str(id).ok(); + if let Some(uuid) = uuid_opt { + info!("Try get fixtures with uuid: {uuid}"); + let res = returned_lending(&*conn, uuid, returned_at).await; result_to_handler_with_log( - |_| Some(format!("Success returned lending with qr_id[{qr_id}]")), - |e| Some(format!("{e} qr_id[{qr_id}]")), + |_| Some(format!("Success returned lending with uuid[{uuid}]")), + |e| Some(format!("{e} uuid[{uuid}]")), &res, ) .await + } else { + let err = Err(QrError::BrokenUuid(id.to_string())); + result_to_handler_with_log(|_| None, |e| Some(e.to_string()), &err).await } - Err(e) => { - result_to_handler_with_log( - |_| None, - |e| Some(format!("{e} qr_id[{qr_id}]")), - &Err(e), - ) - .await + } + (_, Some(qr_id)) => { + info!("Try get fixtures with qr_id: {qr_id}"); + let fixtures = get_one_fixtures(&*conn, IdType::QrId(qr_id.clone())).await; + match fixtures { + Ok(fixtures) => { + let res = returned_lending(&*conn, fixtures.id, returned_at).await; + result_to_handler_with_log( + |_| Some(format!("Success returned lending with qr_id[{qr_id}]")), + |e| Some(format!("{e} qr_id[{qr_id}]")), + &res, + ) + .await + } + Err(e) => { + result_to_handler_with_log( + |_| None, + |e| Some(format!("{e} qr_id[{qr_id}]")), + &Err(e), + ) + .await + } } } + _ => { + let err = Err(QrError::UrlQuery("qr_id, id".to_string())); + result_to_handler_with_log(|_| None, |e| Some(e.to_string()), &err).await + } } - _ => { - let err = Err(QrError::UrlQuery("qr_id, id".to_string())); - result_to_handler_with_log(|_| None, |e| Some(e.to_string()), &err).await - } + } else { + result_to_handler(&Err(QrError::Authorized)).await } } @@ -216,15 +229,21 @@ pub async fn get_is_lending( } pub async fn update_lending( + bearer: Bearer, Json(lending): Json, conn: Arc>, ) -> ReturnData<()> { - info!("Try update lending: {lending:?}"); - let res = crate::database::update_lending::update_lending(&*conn, lending.clone()).await; - result_to_handler_with_log( - |_| Some(format!("Success update lending[{}]", lending.id)), - |e| Some(format!("{e} lending[{}]", lending.id)), - &res, - ) - .await + let role = get_role(&*conn, bearer.token()).await; + if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role { + info!("Try update lending: {lending:?}"); + let res = crate::database::update_lending::update_lending(&*conn, lending.clone()).await; + result_to_handler_with_log( + |_| Some(format!("Success update lending[{}]", lending.id)), + |e| Some(format!("{e} lending[{}]", lending.id)), + &res, + ) + .await + } else { + result_to_handler(&Err(QrError::Authorized)).await + } } diff --git a/src/app/spot.rs b/src/app/spot.rs index 20c549b..8a7d5ac 100644 --- a/src/app/spot.rs +++ b/src/app/spot.rs @@ -1,35 +1,54 @@ +use crate::certification::{get_role, Role}; use crate::{ - error_handling::{result_to_handler_with_log, QrError, ReturnData}, + error_handling::{result_to_handler, result_to_handler_with_log, QrError, ReturnData}, Spot, }; -use axum::extract::Json; +use axum::{extract::Json, headers::authorization::Bearer}; use sqlx::{pool::Pool, postgres::Postgres}; use std::collections::HashMap; use std::sync::Arc; use tracing::*; /// 地点情報の登録を行うエンドポイント -pub async fn insert_spot(Json(spot): Json, conn: Arc>) -> ReturnData<()> { - info!("Try insert spot: {spot:?}"); - let res = crate::database::insert_spot::insert_spot(&*conn, spot.clone()).await; - result_to_handler_with_log( - |_| Some(format!("Success insert spot[{}]", &spot.name)), - |e| Some(format!("{e} spot[{}]", &spot.name)), - &res, - ) - .await +pub async fn insert_spot( + bearer: Bearer, + Json(spot): Json, + conn: Arc>, +) -> ReturnData<()> { + let role = get_role(&*conn, bearer.token()).await; + if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role { + info!("Try insert spot: {spot:?}"); + let res = crate::database::insert_spot::insert_spot(&*conn, spot.clone()).await; + result_to_handler_with_log( + |_| Some(format!("Success insert spot[{}]", &spot.name)), + |e| Some(format!("{e} spot[{}]", &spot.name)), + &res, + ) + .await + } else { + result_to_handler(&Err(QrError::Authorized)).await + } } /// 地点情報の更新を行うエンドポイント -pub async fn update_spot(Json(spot): Json, conn: Arc>) -> ReturnData<()> { - info!("Try update spot: {spot:?}"); - let res = crate::database::update_spot::update_spot(&*conn, spot.clone()).await; - result_to_handler_with_log( - |_| Some(format!("Success update spot[{}]", &spot.name)), - |e| Some(format!("{e} spot[{}]", &spot.name)), - &res, - ) - .await +pub async fn update_spot( + bearer: Bearer, + Json(spot): Json, + conn: Arc>, +) -> ReturnData<()> { + let role = get_role(&*conn, bearer.token()).await; + if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role { + info!("Try update spot: {spot:?}"); + let res = crate::database::update_spot::update_spot(&*conn, spot.clone()).await; + result_to_handler_with_log( + |_| Some(format!("Success update spot[{}]", &spot.name)), + |e| Some(format!("{e} spot[{}]", &spot.name)), + &res, + ) + .await + } else { + result_to_handler(&Err(QrError::Authorized)).await + } } /// 地点情報の取得を行うエンドポイント @@ -69,23 +88,29 @@ pub async fn get_spot_list(conn: Arc>) -> ReturnData> { /// 地点情報の削除を行うエンドポイント pub async fn delte_spot( + bearer: Bearer, query: HashMap, conn: Arc>, ) -> ReturnData<()> { - match query.get("name") { - Some(name) => { - info!("Try get one spot info: {name}"); - let res = crate::database::delete_spot::delete_spot(&*conn, name).await; - result_to_handler_with_log( - |_| Some(format!("Success delete spot[{name}]")), - |e| Some(format!("{e} spot[{name}]")), - &res, - ) - .await - } - None => { - let err = Err(QrError::UrlQuery("name".to_string())); - result_to_handler_with_log(|_| None, |e| Some(e.to_string()), &err).await + let role = get_role(&*conn, bearer.token()).await; + if Ok(Role::Administrator) == role { + match query.get("name") { + Some(name) => { + info!("Try get one spot info: {name}"); + let res = crate::database::delete_spot::delete_spot(&*conn, name).await; + result_to_handler_with_log( + |_| Some(format!("Success delete spot[{name}]")), + |e| Some(format!("{e} spot[{name}]")), + &res, + ) + .await + } + None => { + let err = Err(QrError::UrlQuery("name".to_string())); + result_to_handler_with_log(|_| None, |e| Some(e.to_string()), &err).await + } } + } else { + result_to_handler(&Err(QrError::Authorized)).await } }