From 0b25e3fb87ce5591b557a2506da65e14eef67c02 Mon Sep 17 00:00:00 2001
From: Radical <radical@radical.fun>
Date: Thu, 1 May 2025 07:06:58 +0200
Subject: [PATCH] feat: add user lookup to api

lets you use an access token and a uuid to look up users on the instance
---
 src/api/v1/mod.rs  |  2 ++
 src/api/v1/user.rs | 66 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 src/api/v1/user.rs

diff --git a/src/api/v1/mod.rs b/src/api/v1/mod.rs
index 368b918..4eb1d63 100644
--- a/src/api/v1/mod.rs
+++ b/src/api/v1/mod.rs
@@ -2,9 +2,11 @@ use actix_web::{Scope, web};
 
 mod stats;
 mod auth;
+mod user;
 
 pub fn web() -> Scope {
     web::scope("/v1")
         .service(stats::res)
         .service(auth::web())
+        .service(user::res)
 }
diff --git a/src/api/v1/user.rs b/src/api/v1/user.rs
new file mode 100644
index 0000000..9287e1b
--- /dev/null
+++ b/src/api/v1/user.rs
@@ -0,0 +1,66 @@
+use actix_web::{error, post, web, Error, HttpResponse};
+use serde::{Deserialize, Serialize};
+use futures::StreamExt;
+
+use crate::{api::v1::auth::check_access_token, Data};
+
+#[derive(Deserialize)]
+struct AuthenticationRequest {
+    access_token: String,
+}
+
+#[derive(Serialize)]
+struct Response {
+    uuid: String,
+    username: String,
+    display_name: String,
+}
+
+const MAX_SIZE: usize = 262_144;
+
+#[post("/user/{uuid}")]
+pub async fn res(mut payload: web::Payload, path: web::Path<(String,)>, data: web::Data<Data>) -> Result<HttpResponse, Error> {
+    let mut body = web::BytesMut::new();
+    while let Some(chunk) = payload.next().await {
+        let chunk = chunk?;
+        // limit max size of in-memory payload
+        if (body.len() + chunk.len()) > MAX_SIZE {
+            return Err(error::ErrorBadRequest("overflow"));
+        }
+        body.extend_from_slice(&chunk);
+    }
+
+    let request = path.into_inner().0;
+
+    let authentication_request = serde_json::from_slice::<AuthenticationRequest>(&body)?;
+
+    let authorized = check_access_token(authentication_request.access_token, data.pool.clone()).await;
+
+    if authorized.is_err() {
+        return Ok(authorized.unwrap_err())
+    }
+
+    let uuid = authorized.unwrap();
+
+    if request == "me" {
+        let row = sqlx::query_as(&format!("SELECT username, display_name FROM users WHERE uuid = '{}'", uuid))
+            .fetch_one(&data.pool)
+            .await
+            .unwrap();
+
+        let (username, display_name): (String, Option<String>) = row;
+
+        return Ok(HttpResponse::Ok().json(Response { uuid: uuid.to_string(), username, display_name: display_name.unwrap_or_default() }))
+    } else {
+        println!("{}", request);
+        if let Ok(row) = sqlx::query_as(&format!("SELECT CAST(uuid as VARCHAR), username, display_name FROM users WHERE uuid = '{}'", request))
+            .fetch_one(&data.pool)
+            .await {
+            let (uuid, username, display_name): (String, String, Option<String>) = row;
+
+            return Ok(HttpResponse::Ok().json(Response { uuid, username, display_name: display_name.unwrap_or_default() }))
+        }
+
+        Ok(HttpResponse::NotFound().finish())
+    }
+}