Expose add/delete moderator endpoints

2021-04-27 13:48:34 +10:00 · 2021-04-27 13:48:34 +10:00 · 18108dddfd
parent de16e74d53
commit 18108dddfd
2 changed files with 59 additions and 3 deletions
--- a/src/handlers.rs
+++ b/src/handlers.rs
@ -658,6 +658,18 @@ pub fn get_deleted_messages(

 // Moderation

+pub async fn add_moderator_public(
+    body: models::ChangeModeratorRequestBody, auth_token: &str,
+) -> Result<Response, Rejection> {
+    let pool = storage::pool_by_room_id(&body.room_id);
+    let (has_authorization_level, _) =
+        has_authorization_level(auth_token, AuthorizationLevel::Moderator, &pool)?;
+    if !has_authorization_level {
+        return Err(warp::reject::custom(Error::Unauthorized));
+    }
+    return add_moderator(body).await;
+}
+
 // Not publicly exposed.
 pub async fn add_moderator(
    body: models::ChangeModeratorRequestBody,
@ -680,6 +692,18 @@ pub async fn add_moderator(
    return Ok(warp::reply::json(&json).into_response());
 }

+pub async fn delete_moderator_public(
+    body: models::ChangeModeratorRequestBody, auth_token: &str,
+) -> Result<Response, Rejection> {
+    let pool = storage::pool_by_room_id(&body.room_id);
+    let (has_authorization_level, _) =
+        has_authorization_level(auth_token, AuthorizationLevel::Moderator, &pool)?;
+    if !has_authorization_level {
+        return Err(warp::reject::custom(Error::Unauthorized));
+    }
+    return delete_moderator(body).await;
+}
+
 // Not publicly exposed.
 pub async fn delete_moderator(
    body: models::ChangeModeratorRequestBody,
--- a/src/rpc.rs
+++ b/src/rpc.rs
@ -54,7 +54,7 @@ pub async fn handle_rpc_call(rpc_call: RpcCall) -> Result<Response, Rejection> {
        "POST" => return handle_post_request(rpc_call, &path, auth_token).await,
        "DELETE" => {
            let pool = get_pool_for_room(&rpc_call)?;
-            return handle_delete_request(&path, auth_token, &pool);
+            return handle_delete_request(rpc_call, &path, auth_token, &pool).await;
        }
        _ => {
            warn!("Ignoring RPC call with invalid or unused HTTP method: {}.", rpc_call.method);
@ -272,6 +272,18 @@ async fn handle_post_request(
            };
            return handlers::claim_auth_token(&json.public_key, &auth_token, &pool);
        }
+        "moderators" => {
+            reject_if_file_server_mode(path)?;
+            let body: models::ChangeModeratorRequestBody =
+                match serde_json::from_str(&rpc_call.body) {
+                    Ok(message) => message,
+                    Err(e) => {
+                        warn!("Couldn't parse JSON from: {} due to error: {}.", rpc_call.body, e);
+                        return Err(warp::reject::custom(Error::InvalidRpcCall));
+                    }
+                };
+            return handlers::add_moderator_public(body, &auth_token).await;
+        }
        _ => {
            warn!("Ignoring RPC call with invalid or unused endpoint: {}.", path);
            return Err(warp::reject::custom(Error::InvalidRpcCall));
@ -279,8 +291,9 @@ async fn handle_post_request(
    }
 }

-fn handle_delete_request(
-    path: &str, auth_token: Option<String>, pool: &storage::DatabaseConnectionPool,
+async fn handle_delete_request(
+    rpc_call: RpcCall, path: &str, auth_token: Option<String>,
+    pool: &storage::DatabaseConnectionPool,
 ) -> Result<Response, Rejection> {
    // Check that the auth token is present
    let auth_token = auth_token.ok_or(warp::reject::custom(Error::NoAuthToken))?;
@ -317,6 +330,25 @@ fn handle_delete_request(
        reject_if_file_server_mode(path)?;
        return handlers::delete_auth_token(&auth_token, pool);
    }
+    // DELETE /moderators/:public_key
+    if path == "moderators" {
+        reject_if_file_server_mode(path)?;
+        let components: Vec<&str> = path.split("/").collect(); // Split on subsequent slashes
+        if components.len() != 2 {
+            warn!("Invalid endpoint: {}.", path);
+            return Err(warp::reject::custom(Error::InvalidRpcCall));
+        }
+        let public_key = components[1].to_string();
+        let room_id = match get_room_id(&rpc_call) {
+            Some(room_id) => room_id,
+            None => {
+                warn!("Missing room ID.");
+                return Err(warp::reject::custom(Error::InvalidRpcCall));
+            }
+        };
+        let body = models::ChangeModeratorRequestBody { public_key, room_id };
+        return handlers::delete_moderator_public(body, &auth_token).await;
+    }
    // Unrecognized endpoint
    warn!("Ignoring RPC call with invalid or unused endpoint: {}.", path);
    return Err(warp::reject::custom(Error::InvalidRpcCall));