feat: add user lookup to api

lets you use an access token and a uuid to look up users on the instance
2025-05-01 07:06:58 +02:00 · 2025-05-01 07:06:58 +02:00 · 0b25e3fb87
commit 0b25e3fb87
parent 83872ed7a6
2 changed files with 68 additions and 0 deletions
--- a/src/api/v1/mod.rs
+++ b/src/api/v1/mod.rs
@ -2,9 +2,11 @@ use actix_web::{Scope, web};

 mod stats;
 mod auth;
+mod user;

 pub fn web() -> Scope {
    web::scope("/v1")
        .service(stats::res)
        .service(auth::web())
+        .service(user::res)
 }
--- a/src/api/v1/user.rs
+++ b/src/api/v1/user.rs
@ -0,0 +1,66 @@
+use actix_web::{error, post, web, Error, HttpResponse};
+use serde::{Deserialize, Serialize};
+use futures::StreamExt;
+
+use crate::{api::v1::auth::check_access_token, Data};
+
+#[derive(Deserialize)]
+struct AuthenticationRequest {
+    access_token: String,
+}
+
+#[derive(Serialize)]
+struct Response {
+    uuid: String,
+    username: String,
+    display_name: String,
+}
+
+const MAX_SIZE: usize = 262_144;
+
+#[post("/user/{uuid}")]
+pub async fn res(mut payload: web::Payload, path: web::Path<(String,)>, data: web::Data<Data>) -> Result<HttpResponse, Error> {
+    let mut body = web::BytesMut::new();
+    while let Some(chunk) = payload.next().await {
+        let chunk = chunk?;
+        // limit max size of in-memory payload
+        if (body.len() + chunk.len()) > MAX_SIZE {
+            return Err(error::ErrorBadRequest("overflow"));
+        }
+        body.extend_from_slice(&chunk);
+    }
+
+    let request = path.into_inner().0;
+
+    let authentication_request = serde_json::from_slice::<AuthenticationRequest>(&body)?;
+
+    let authorized = check_access_token(authentication_request.access_token, data.pool.clone()).await;
+
+    if authorized.is_err() {
+        return Ok(authorized.unwrap_err())
+    }
+
+    let uuid = authorized.unwrap();
+
+    if request == "me" {
+        let row = sqlx::query_as(&format!("SELECT username, display_name FROM users WHERE uuid = '{}'", uuid))
+            .fetch_one(&data.pool)
+            .await
+            .unwrap();
+
+        let (username, display_name): (String, Option<String>) = row;
+
+        return Ok(HttpResponse::Ok().json(Response { uuid: uuid.to_string(), username, display_name: display_name.unwrap_or_default() }))
+    } else {
+        println!("{}", request);
+        if let Ok(row) = sqlx::query_as(&format!("SELECT CAST(uuid as VARCHAR), username, display_name FROM users WHERE uuid = '{}'", request))
+            .fetch_one(&data.pool)
+            .await {
+            let (uuid, username, display_name): (String, String, Option<String>) = row;
+
+            return Ok(HttpResponse::Ok().json(Response { uuid, username, display_name: display_name.unwrap_or_default() }))
+        }
+
+        Ok(HttpResponse::NotFound().finish())
+    }
+}