BasicOIDC/src/controllers/admin_api.rs

use crate::actors::users_actor;
use actix::Addr;
use actix_web::{web, HttpResponse, Responder};

use crate::actors::users_actor::{DeleteUserRequest, FindUserByUsername, UsersActor};
use crate::data::action_logger::{Action, ActionLogger};
use crate::data::critical_route::CriticalRoute;
use crate::data::current_user::CurrentUser;
use crate::data::user::UserID;
use crate::utils::string_utils;

#[derive(serde::Deserialize)]
pub struct FindUserNameReq {
    username: String,
}

#[derive(serde::Serialize)]
struct FindUserResult {
    user_id: Option<String>,
}

pub async fn find_username(
    _critical: CriticalRoute,
    req: web::Form<FindUserNameReq>,
    users: web::Data<Addr<UsersActor>>,
) -> impl Responder {
    if !string_utils::is_acceptable_login(&req.username) {
        return HttpResponse::BadRequest().json("Invalid login!");
    }

    let res = users
        .send(FindUserByUsername(req.0.username))
        .await
        .unwrap();
    HttpResponse::Ok().json(FindUserResult {
        user_id: res.0.map(|r| r.uid.0),
    })
}

#[derive(serde::Deserialize)]
pub struct DeleteUserReq {
    user_id: UserID,
}

pub async fn delete_user(
    _critical: CriticalRoute,
    user: CurrentUser,
    req: web::Form<DeleteUserReq>,
    users: web::Data<Addr<UsersActor>>,
    action_logger: ActionLogger,
) -> impl Responder {
    if user.uid == req.user_id {
        return HttpResponse::BadRequest().body("You can not remove your own account!");
    }

    let user = match users
        .send(users_actor::GetUserRequest(req.user_id.clone()))
        .await
        .unwrap()
        .0
    {
        None => return HttpResponse::NotFound().body("Could not find a user to remove!"),
        Some(u) => u,
    };

    let res = users.send(DeleteUserRequest(req.0.user_id)).await.unwrap();
    if res {
        action_logger.log(Action::AdminDeleteUser(&user));
        HttpResponse::Ok().finish()
    } else {
        HttpResponse::InternalServerError().finish()
    }
}
Log all user actions on stdout 2022-11-19 12:38:24 +00:00			`use crate::actors::users_actor;`
Dynamically check username 2022-04-07 15:57:10 +00:00			`use actix::Addr;`
Merge factors type for authentication 2022-11-11 11:26:02 +00:00			`use actix_web::{web, HttpResponse, Responder};`
Dynamically check username 2022-04-07 15:57:10 +00:00
Can delete user account 2022-04-08 15:54:51 +00:00			`use crate::actors::users_actor::{DeleteUserRequest, FindUserByUsername, UsersActor};`
Log all user actions on stdout 2022-11-19 12:38:24 +00:00			`use crate::data::action_logger::{Action, ActionLogger};`
Enforce 2FA for user admin routes 2024-03-27 20:03:49 +00:00			`use crate::data::critical_route::CriticalRoute;`
Can delete user account 2022-04-08 15:54:51 +00:00			`use crate::data::current_user::CurrentUser;`
			`use crate::data::user::UserID;`
Check login before logging it 2024-02-19 18:11:13 +00:00			`use crate::utils::string_utils;`
Dynamically check username 2022-04-07 15:57:10 +00:00
			`#[derive(serde::Deserialize)]`
			`pub struct FindUserNameReq {`
			`username: String,`
			`}`

			`#[derive(serde::Serialize)]`
			`struct FindUserResult {`
			`user_id: Option<String>,`
			`}`

Merge factors type for authentication 2022-11-11 11:26:02 +00:00			`pub async fn find_username(`
Enforce 2FA for user admin routes 2024-03-27 20:03:49 +00:00			`_critical: CriticalRoute,`
Merge factors type for authentication 2022-11-11 11:26:02 +00:00			`req: web::Form<FindUserNameReq>,`
			`users: web::Data<Addr<UsersActor>>,`
			`) -> impl Responder {`
Check login before logging it 2024-02-19 18:11:13 +00:00			`if !string_utils::is_acceptable_login(&req.username) {`
			`return HttpResponse::BadRequest().json("Invalid login!");`
			`}`

Merge factors type for authentication 2022-11-11 11:26:02 +00:00			`let res = users`
			`.send(FindUserByUsername(req.0.username))`
			`.await`
			`.unwrap();`
Dynamically check username 2022-04-07 15:57:10 +00:00			`HttpResponse::Ok().json(FindUserResult {`
Merge factors type for authentication 2022-11-11 11:26:02 +00:00			`user_id: res.0.map(\|r\| r.uid.0),`
Dynamically check username 2022-04-07 15:57:10 +00:00			`})`
Can delete user account 2022-04-08 15:54:51 +00:00			`}`

			`#[derive(serde::Deserialize)]`
			`pub struct DeleteUserReq {`
			`user_id: UserID,`
			`}`

Merge factors type for authentication 2022-11-11 11:26:02 +00:00			`pub async fn delete_user(`
Enforce 2FA for user admin routes 2024-03-27 20:03:49 +00:00			`_critical: CriticalRoute,`
Merge factors type for authentication 2022-11-11 11:26:02 +00:00			`user: CurrentUser,`
			`req: web::Form<DeleteUserReq>,`
			`users: web::Data<Addr<UsersActor>>,`
Log all user actions on stdout 2022-11-19 12:38:24 +00:00			`action_logger: ActionLogger,`
Merge factors type for authentication 2022-11-11 11:26:02 +00:00			`) -> impl Responder {`
Can delete user account 2022-04-08 15:54:51 +00:00			`if user.uid == req.user_id {`
			`return HttpResponse::BadRequest().body("You can not remove your own account!");`
			`}`

Log all user actions on stdout 2022-11-19 12:38:24 +00:00			`let user = match users`
			`.send(users_actor::GetUserRequest(req.user_id.clone()))`
			`.await`
			`.unwrap()`
			`.0`
			`{`
			`None => return HttpResponse::NotFound().body("Could not find a user to remove!"),`
			`Some(u) => u,`
			`};`

Can delete user account 2022-04-08 15:54:51 +00:00			`let res = users.send(DeleteUserRequest(req.0.user_id)).await.unwrap();`
Simplify delete user call syntax 2022-11-19 15:46:40 +00:00			`if res {`
Log all user actions on stdout 2022-11-19 12:38:24 +00:00			`action_logger.log(Action::AdminDeleteUser(&user));`
Can delete user account 2022-04-08 15:54:51 +00:00			`HttpResponse::Ok().finish()`
			`} else {`
			`HttpResponse::InternalServerError().finish()`
			`}`
			`}`