This commit is contained in:
c0repwn3r 2023-03-26 18:50:45 -04:00
parent 2b7213021a
commit d34c45429f
Signed by: core
GPG Key ID: FDBF740DADDCEECF
3 changed files with 80 additions and 1 deletions

View File

@ -73,6 +73,7 @@ async fn main() -> std::io::Result<()> {
.service(routes::v1::code_3fa::get_3fa_code)
.service(routes::v1::user_add::add_user_request)
.service(routes::v1::user_get::get_user_request)
.service(routes::v1::user_del::delete_user_request)
})
.bind(("127.0.0.1", 8080))?
.run()

View File

@ -1,3 +1,4 @@
pub mod code_3fa;
pub mod user_add;
pub mod user_get;
pub mod user_del;

77
src/routes/v1/user_del.rs Normal file
View File

@ -0,0 +1,77 @@
use actix_web::{HttpResponse, web};
use actix_web::post;
use actix_web::web::{Data, Json};
use log::error;
use serde::{Serialize, Deserialize};
use crate::error::{APIError, APIErrorResponse};
use crate::models::{NewUser, User};
use crate::PgPool;
use diesel::prelude::*;
use crate::tokens::{Scope, token_has_scope};
#[derive(Serialize, Deserialize, Clone)]
pub struct UserDeleteRequest {
pub token: String,
pub id: i32
}
#[derive(Serialize, Deserialize, Clone)]
pub struct UserDeleteResponse {
pub num_deleted: usize
}
#[post("/v1/user/remove")]
pub async fn delete_user_request(pool: Data<PgPool>, req: Json<UserDeleteRequest>) -> HttpResponse {
use crate::schema::users;
if !token_has_scope(&req.token, &Scope::UserRemove) {
return HttpResponse::Unauthorized().json(APIErrorResponse {
errors: vec![
APIError {
code: "ERR_MISSING_SCOPE".to_string(),
message: "This endpoint requires the user:remove scope".to_string(),
}
],
})
}
let req_clone = req.clone();
let pool_clone = pool.clone();
let results = match web::block(move || {
let mut conn = pool_clone.get().expect("Unable to get db pool");
diesel::delete(users::table.filter(users::id.eq(req_clone.id))).execute(&mut conn)
}).await {
Ok(r) => r,
Err(e) => {
error!("Database error: {}", e);
return HttpResponse::InternalServerError().json(APIErrorResponse {
errors: vec![
APIError {
code: "ERR_BLOCKING_ERROR".to_string(),
message: "There was an error running the database request. Please try again later.".to_string()
}
]
})
}
};
let num_deleted = match results {
Ok(r) => r,
Err(e) => {
error!("Database error: {}", e);
return HttpResponse::InternalServerError().json(APIErrorResponse {
errors: vec![
APIError {
code: "ERR_DB_ERROR".to_string(),
message: "There was an error deleting the user. Please try again later.".to_string()
}
]
})
}
};
HttpResponse::Ok().json(UserDeleteResponse {
num_deleted,
})
}