versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 08:28:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

refactor(api): ♻️ Refactor roles, SSO and timelines to new OpenAPI route format

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-09-16 12:30:05 +02:00
parent 739bbe935b
commit 9e3311e29f
No known key found for this signature in database
6 changed files with 705 additions and 415 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

257
api/api/v1/roles/:id/index.ts
View file

@ -1,8 +1,9 @@
import { apiRoute, applyConfig, auth, handleZodError } from "@/api"; import { apiRoute, applyConfig, auth } from "@/api";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import { z } from "zod"; import { z } from "zod";
import { RolePermissions } from "~/drizzle/schema"; import { RolePermissions } from "~/drizzle/schema";
import { Role } from "~/packages/database-interface/role"; import { Role } from "~/packages/database-interface/role";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET", "POST", "DELETE"], allowedMethods: ["GET", "POST", "DELETE"],
@ -28,76 +29,186 @@ export const schemas = {
id: z.string().uuid(), id: z.string().uuid(),
}), }),
}; };
export default apiRoute((app) =>
app.on(
meta.allowedMethods,
meta.route,
zValidator("param", schemas.param, handleZodError),
auth(meta.auth, meta.permissions),
async (context) => {
const { user } = context.get("auth");
const { id } = context.req.valid("param");
if (!user) { const routeGet = createRoute({
return context.json({ error: "Unauthorized" }, 401); method: "get",
} path: "/api/v1/roles/{id}",
summary: "Get role data",
const userRoles = await Role.getUserRoles( middleware: [auth(meta.auth)],
user.id, request: {
user.data.isAdmin, params: schemas.param,
); },
const role = await Role.fromId(id); responses: {
200: {
if (!role) { description: "Role",
return context.json({ error: "Role not found" }, 404); content: {
} "application/json": {
schema: Role.schema,
switch (context.req.method) { },
case "GET": { },
return context.json(role.toApi());
}
case "POST": {
const userHighestRole = userRoles.reduce((prev, current) =>
prev.data.priority > current.data.priority
? prev
: current,
);
if (role.data.priority > userHighestRole.data.priority) {
return context.json(
{
error: `Cannot assign role '${role.data.name}' with priority ${role.data.priority} to user with highest role priority ${userHighestRole.data.priority}`,
},
403,
);
}
await role.linkUser(user.id);
return context.newResponse(null, 204);
}
case "DELETE": {
const userHighestRole = userRoles.reduce((prev, current) =>
prev.data.priority > current.data.priority
? prev
: current,
);
if (role.data.priority > userHighestRole.data.priority) {
return context.json(
{
error: `Cannot remove role '${role.data.name}' with priority ${role.data.priority} from user with highest role priority ${userHighestRole.data.priority}`,
},
403,
);
}
await role.unlinkUser(user.id);
return context.newResponse(null, 204);
}
}
}, },
), 401: {
); description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
404: {
description: "Role not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
const routePost = createRoute({
method: "post",
path: "/api/v1/roles/{id}",
summary: "Assign role to user",
middleware: [auth(meta.auth, meta.permissions)],
request: {
params: schemas.param,
},
responses: {
204: {
description: "Role assigned",
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
403: {
description: "Forbidden",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
const routeDelete = createRoute({
method: "delete",
path: "/api/v1/roles/{id}",
summary: "Remove role from user",
middleware: [auth(meta.auth, meta.permissions)],
request: {
params: schemas.param,
},
responses: {
204: {
description: "Role removed",
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
403: {
description: "Forbidden",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) => {
app.openapi(routeGet, async (context) => {
const { user } = context.get("auth");
const { id } = context.req.valid("param");
if (!user) {
return context.json({ error: "Unauthorized" }, 401);
}
const role = await Role.fromId(id);
if (!role) {
return context.json({ error: "Role not found" }, 404);
}
return context.json(role.toApi(), 200);
});
app.openapi(routePost, async (context) => {
const { user } = context.get("auth");
const { id } = context.req.valid("param");
if (!user) {
return context.json({ error: "Unauthorized" }, 401);
}
const userRoles = await Role.getUserRoles(user.id, user.data.isAdmin);
const role = await Role.fromId(id);
if (!role) {
return context.json({ error: "Role not found" }, 404);
}
const userHighestRole = userRoles.reduce((prev, current) =>
prev.data.priority > current.data.priority ? prev : current,
);
if (role.data.priority > userHighestRole.data.priority) {
return context.json(
{
error: `Cannot assign role '${role.data.name}' with priority ${role.data.priority} to user with highest role priority ${userHighestRole.data.priority}`,
},
403,
);
}
await role.linkUser(user.id);
return context.newResponse(null, 204);
});
app.openapi(routeDelete, async (context) => {
const { user } = context.get("auth");
const { id } = context.req.valid("param");
if (!user) {
return context.json({ error: "Unauthorized" }, 401);
}
const userRoles = await Role.getUserRoles(user.id, user.data.isAdmin);
const role = await Role.fromId(id);
if (!role) {
return context.json({ error: "Role not found" }, 404);
}
const userHighestRole = userRoles.reduce((prev, current) =>
prev.data.priority > current.data.priority ? prev : current,
);
if (role.data.priority > userHighestRole.data.priority) {
return context.json(
{
error: `Cannot remove role '${role.data.name}' with priority ${role.data.priority} from user with highest role priority ${userHighestRole.data.priority}`,
},
403,
);
}
await role.unlinkUser(user.id);
return context.newResponse(null, 204);
});
});

60
api/api/v1/roles/index.ts
View file

@ -1,5 +1,7 @@
import { apiRoute, applyConfig, auth } from "@/api"; import { apiRoute, applyConfig, auth } from "@/api";
import { createRoute, z } from "@hono/zod-openapi";
import { Role } from "~/packages/database-interface/role"; import { Role } from "~/packages/database-interface/role";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET"], allowedMethods: ["GET"],
@ -13,24 +15,44 @@ export const meta = applyConfig({
route: "/api/v1/roles", route: "/api/v1/roles",
}); });
export default apiRoute((app) => const route = createRoute({
app.on( method: "get",
meta.allowedMethods, path: "/api/v1/roles",
meta.route, summary: "Get user roles",
auth(meta.auth, meta.permissions), middleware: [auth(meta.auth)],
async (context) => { responses: {
const { user } = context.get("auth"); 200: {
description: "User roles",
if (!user) { content: {
return context.json({ error: "Unauthorized" }, 401); "application/json": {
} schema: z.array(Role.schema),
},
const userRoles = await Role.getUserRoles( },
user.id,
user.data.isAdmin,
);
return context.json(userRoles.map((r) => r.toApi()));
}, },
), 401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) =>
app.openapi(route, async (context) => {
const { user } = context.get("auth");
if (!user) {
return context.json({ error: "Unauthorized" }, 401);
}
const userRoles = await Role.getUserRoles(user.id, user.data.isAdmin);
return context.json(
userRoles.map((r) => r.toApi()),
200,
);
}),
); );

242
api/api/v1/sso/:id/index.ts
View file

@ -1,11 +1,12 @@
import { apiRoute, applyConfig, auth, handleZodError } from "@/api"; import { apiRoute, applyConfig, auth } from "@/api";
import { proxyUrl } from "@/response"; import { proxyUrl } from "@/response";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import { eq } from "drizzle-orm"; import { eq } from "drizzle-orm";
import { z } from "zod"; import { z } from "zod";
import { db } from "~/drizzle/db"; import { db } from "~/drizzle/db";
import { OpenIdAccounts, RolePermissions } from "~/drizzle/schema"; import { OpenIdAccounts, RolePermissions } from "~/drizzle/schema";
import { config } from "~/packages/config-manager"; import { config } from "~/packages/config-manager";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET", "DELETE"], allowedMethods: ["GET", "DELETE"],
@ -28,84 +29,161 @@ export const schemas = {
}), }),
}; };
/** const routeGet = createRoute({
* SSO Account Linking management endpoint method: "get",
* A GET request allows the user to list all their linked accounts path: "/api/v1/sso/{id}",
* A POST request allows the user to link a new account summary: "Get linked account",
*/ middleware: [auth(meta.auth, meta.permissions)],
export default apiRoute((app) => request: {
app.on( params: schemas.param,
meta.allowedMethods, },
meta.route, responses: {
zValidator("param", schemas.param, handleZodError), 200: {
auth(meta.auth, meta.permissions), description: "Linked account",
async (context) => { content: {
const { id: issuerId } = context.req.valid("param"); "application/json": {
const { user } = context.get("auth"); schema: z.object({
id: z.string(),
if (!user) { name: z.string(),
return context.json({ error: "Unauthorized" }, 401); icon: z.string().optional(),
} }),
},
const issuer = config.oidc.providers.find( },
(provider) => provider.id === issuerId,
);
if (!issuer) {
return context.json({ error: "Issuer not found" }, 404);
}
switch (context.req.method) {
case "GET": {
// Get all linked accounts
const account = await db.query.OpenIdAccounts.findFirst({
where: (account, { eq, and }) =>
and(
eq(account.userId, account.id),
eq(account.issuerId, issuerId),
),
});
if (!account) {
return context.json(
{
error: "Account not found or is not linked to this issuer",
},
404,
);
}
return context.json({
id: issuer.id,
name: issuer.name,
icon: proxyUrl(issuer.icon) || undefined,
});
}
case "DELETE": {
const account = await db.query.OpenIdAccounts.findFirst({
where: (account, { eq, and }) =>
and(
eq(account.userId, user.id),
eq(account.issuerId, issuerId),
),
});
if (!account) {
return context.json(
{
error: "Account not found or is not linked to this issuer",
},
404,
);
}
await db
.delete(OpenIdAccounts)
.where(eq(OpenIdAccounts.id, account.id));
return context.newResponse(null, 204);
}
}
}, },
), 401: {
); description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
404: {
description: "Account not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
const routeDelete = createRoute({
method: "delete",
path: "/api/v1/sso/{id}",
summary: "Unlink account",
middleware: [auth(meta.auth, meta.permissions)],
request: {
params: schemas.param,
},
responses: {
204: {
description: "Account unlinked",
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
404: {
description: "Account not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) => {
app.openapi(routeGet, async (context) => {
const { id: issuerId } = context.req.valid("param");
const { user } = context.get("auth");
if (!user) {
return context.json({ error: "Unauthorized" }, 401);
}
// Check if issuer exists
const issuer = config.oidc.providers.find(
(provider) => provider.id === issuerId,
);
if (!issuer) {
return context.json({ error: "Issuer not found" }, 404);
}
// Get all linked accounts
const account = await db.query.OpenIdAccounts.findFirst({
where: (account, { eq, and }) =>
and(
eq(account.userId, account.id),
eq(account.issuerId, issuerId),
),
});
if (!account) {
return context.json(
{
error: "Account not found or is not linked to this issuer",
},
404,
);
}
return context.json(
{
id: issuer.id,
name: issuer.name,
icon: proxyUrl(issuer.icon) || undefined,
},
200,
);
});
app.openapi(routeDelete, async (context) => {
const { id: issuerId } = context.req.valid("param");
const { user } = context.get("auth");
if (!user) {
return context.json({ error: "Unauthorized" }, 401);
}
// Check if issuer exists
const issuer = config.oidc.providers.find(
(provider) => provider.id === issuerId,
);
if (!issuer) {
return context.json({ error: "Issuer not found" }, 404);
}
const account = await db.query.OpenIdAccounts.findFirst({
where: (account, { eq, and }) =>
and(
eq(account.userId, user.id),
eq(account.issuerId, issuerId),
),
});
if (!account) {
return context.json(
{
error: "Account not found or is not linked to this issuer",
},
404,
);
}
await db
.delete(OpenIdAccounts)
.where(eq(OpenIdAccounts.id, account.id));
return context.newResponse(null, 204);
});
});

315
api/api/v1/sso/index.ts
View file

@ -1,8 +1,8 @@
import { apiRoute, applyConfig, auth, handleZodError, jsonOrForm } from "@/api"; import { apiRoute, applyConfig, auth, jsonOrForm } from "@/api";
import { oauthRedirectUri } from "@/constants"; import { oauthRedirectUri } from "@/constants";
import { randomString } from "@/math"; import { randomString } from "@/math";
import { proxyUrl } from "@/response"; import { proxyUrl } from "@/response";
import { zValidator } from "@hono/zod-validator"; import { createRoute } from "@hono/zod-openapi";
import { import {
calculatePKCECodeChallenge, calculatePKCECodeChallenge,
discoveryRequest, discoveryRequest,
@ -17,6 +17,7 @@ import {
RolePermissions, RolePermissions,
} from "~/drizzle/schema"; } from "~/drizzle/schema";
import { config } from "~/packages/config-manager"; import { config } from "~/packages/config-manager";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET", "POST"], allowedMethods: ["GET", "POST"],
@ -34,150 +35,204 @@ export const meta = applyConfig({
}); });
export const schemas = { export const schemas = {
json: z json: z.object({
.object({ issuer: z.string(),
issuer: z.string(), }),
})
.partial(),
}; };
/** const routeGet = createRoute({
* SSO Account Linking management endpoint method: "get",
* A GET request allows the user to list all their linked accounts path: "/api/v1/sso",
* A POST request allows the user to link a new account, and returns a link summary: "Get linked accounts",
*/ middleware: [auth(meta.auth)],
export default apiRoute((app) => responses: {
app.on( 200: {
meta.allowedMethods, description: "Linked accounts",
meta.route, content: {
jsonOrForm(), "application/json": {
zValidator("json", schemas.json, handleZodError), schema: z.array(
auth(meta.auth, meta.permissions), z.object({
async (context) => { id: z.string(),
const form = context.req.valid("json"); name: z.string(),
const { user } = context.get("auth"); icon: z.string().optional(),
}),
),
},
},
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
if (!user) { const routePost = createRoute({
return context.json({ error: "Unauthorized" }, 401); method: "post",
} path: "/api/v1/sso",
summary: "Link account",
middleware: [auth(meta.auth), jsonOrForm()],
request: {
body: {
content: {
"application/json": {
schema: schemas.json,
},
"multipart/form-data": {
schema: schemas.json,
},
"application/x-www-form-urlencoded": {
schema: schemas.json,
},
},
},
},
responses: {
200: {
description: "Link URL",
content: {
"application/json": {
schema: z.object({
link: z.string(),
}),
},
},
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
404: {
description: "Issuer not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
switch (context.req.method) { export default apiRoute((app) => {
case "GET": { app.openapi(routeGet, async (context) => {
// Get all linked accounts // const form = context.req.valid("json");
const accounts = await db.query.OpenIdAccounts.findMany({ const { user } = context.get("auth");
where: (User, { eq }) => eq(User.userId, user.id),
});
return context.json( if (!user) {
accounts return context.json({ error: "Unauthorized" }, 401);
.map((account) => { }
const issuer = config.oidc.providers.find(
(provider) =>
provider.id === account.issuerId,
);
if (!issuer) { // Get all linked accounts
return null; const accounts = await db.query.OpenIdAccounts.findMany({
} where: (User, { eq }) => eq(User.userId, user.id),
});
return {
id: issuer.id,
name: issuer.name,
icon: proxyUrl(issuer.icon) || undefined,
};
})
.filter(Boolean) as {
id: string;
name: string;
icon: string | undefined;
}[],
);
}
case "POST": {
if (!form) {
return context.json(
{ error: "Missing issuer in form body" },
400,
);
}
const { issuer: issuerId } = form;
if (!issuerId) {
return context.json(
{ error: "Missing issuer in form body" },
400,
);
}
return context.json(
accounts
.map((account) => {
const issuer = config.oidc.providers.find( const issuer = config.oidc.providers.find(
(provider) => provider.id === issuerId, (provider) => provider.id === account.issuerId,
); );
if (!issuer) { if (!issuer) {
return context.json( return null;
{ error: `Issuer ${issuerId} not found` },
404,
);
} }
const issuerUrl = new URL(issuer.url); return {
id: issuer.id,
name: issuer.name,
icon: proxyUrl(issuer.icon) || undefined,
};
})
.filter(Boolean) as {
id: string;
name: string;
icon: string | undefined;
}[],
200,
);
});
const authServer = await discoveryRequest(issuerUrl, { app.openapi(routePost, async (context) => {
algorithm: "oidc", const { issuer: issuerId } = context.req.valid("json");
}).then((res) => processDiscoveryResponse(issuerUrl, res)); const { user } = context.get("auth");
const codeVerifier = generateRandomCodeVerifier(); if (!user) {
return context.json({ error: "Unauthorized" }, 401);
}
const application = ( const issuer = config.oidc.providers.find(
await db (provider) => provider.id === issuerId,
.insert(Applications) );
.values({
clientId: user.id + randomString(32, "base64"),
name: "Versia",
redirectUri: `${oauthRedirectUri(issuerId)}`,
scopes: "openid profile email",
secret: "",
})
.returning()
)[0];
// Store into database if (!issuer) {
const newFlow = ( return context.json({ error: `Issuer ${issuerId} not found` }, 404);
await db }
.insert(OpenIdLoginFlows)
.values({
codeVerifier,
issuerId,
applicationId: application.id,
})
.returning()
)[0];
const codeChallenge = const issuerUrl = new URL(issuer.url);
await calculatePKCECodeChallenge(codeVerifier);
return context.json({ const authServer = await discoveryRequest(issuerUrl, {
link: `${ algorithm: "oidc",
authServer.authorization_endpoint }).then((res) => processDiscoveryResponse(issuerUrl, res));
}?${new URLSearchParams({
client_id: issuer.client_id, const codeVerifier = generateRandomCodeVerifier();
redirect_uri: `${oauthRedirectUri(
issuerId, const application = (
)}?${new URLSearchParams({ await db
flow: newFlow.id, .insert(Applications)
link: "true", .values({
user_id: user.id, clientId: user.id + randomString(32, "base64"),
})}`, name: "Versia",
response_type: "code", redirectUri: `${oauthRedirectUri(issuerId)}`,
scope: "openid profile email", scopes: "openid profile email",
// PKCE secret: "",
code_challenge_method: "S256", })
code_challenge: codeChallenge, .returning()
}).toString()}`, )[0];
});
} // Store into database
} const newFlow = (
}, await db
), .insert(OpenIdLoginFlows)
); .values({
codeVerifier,
issuerId,
applicationId: application.id,
})
.returning()
)[0];
const codeChallenge = await calculatePKCECodeChallenge(codeVerifier);
return context.json(
{
link: `${authServer.authorization_endpoint}?${new URLSearchParams(
{
client_id: issuer.client_id,
redirect_uri: `${oauthRedirectUri(
issuerId,
)}?${new URLSearchParams({
flow: newFlow.id,
link: "true",
user_id: user.id,
})}`,
response_type: "code",
scope: "openid profile email",
// PKCE
code_challenge_method: "S256",
code_challenge: codeChallenge,
},
).toString()}`,
},
200,
);
});
});

119
api/api/v1/timelines/home.ts
View file

@ -1,15 +1,11 @@
import { import { apiRoute, applyConfig, auth, idValidator } from "@/api";
apiRoute, import { createRoute } from "@hono/zod-openapi";
applyConfig,
auth,
handleZodError,
idValidator,
} from "@/api";
import { zValidator } from "@hono/zod-validator";
import { and, eq, gt, gte, lt, or, sql } from "drizzle-orm"; import { and, eq, gt, gte, lt, or, sql } from "drizzle-orm";
import { z } from "zod"; import { z } from "zod";
import { Notes, RolePermissions } from "~/drizzle/schema"; import { Notes, RolePermissions } from "~/drizzle/schema";
import { Note } from "~/packages/database-interface/note";
import { Timeline } from "~/packages/database-interface/timeline"; import { Timeline } from "~/packages/database-interface/timeline";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET"], allowedMethods: ["GET"],
@ -40,50 +36,69 @@ export const schemas = {
}), }),
}; };
export default apiRoute((app) => const route = createRoute({
app.on( method: "get",
meta.allowedMethods, path: "/api/v1/timelines/home",
meta.route, summary: "Get home timeline",
zValidator("query", schemas.query, handleZodError), middleware: [auth(meta.auth, meta.permissions)],
auth(meta.auth, meta.permissions), request: {
async (context) => { query: schemas.query,
const { max_id, since_id, min_id, limit } = },
context.req.valid("query"); responses: {
200: {
const { user } = context.get("auth"); description: "Home timeline",
content: {
if (!user) { "application/json": {
return context.json({ error: "Unauthorized" }, 401); schema: z.array(Note.schema),
}
const { objects, link } = await Timeline.getNoteTimeline(
and(
and(
max_id ? lt(Notes.id, max_id) : undefined,
since_id ? gte(Notes.id, since_id) : undefined,
min_id ? gt(Notes.id, min_id) : undefined,
),
or(
eq(Notes.authorId, user.id),
sql`EXISTS (SELECT 1 FROM "NoteToMentions" WHERE "NoteToMentions"."noteId" = ${Notes.id} AND "NoteToMentions"."userId" = ${user.id})`,
sql`EXISTS (SELECT 1 FROM "Relationships" WHERE "Relationships"."subjectId" = ${Notes.authorId} AND "Relationships"."ownerId" = ${user.id} AND "Relationships"."following" = true)`,
),
sql`NOT EXISTS (SELECT 1 FROM "Filters" WHERE "Filters"."userId" = ${user.id} AND "Filters"."filter_action" = 'hide' AND EXISTS (SELECT 1 FROM "FilterKeywords" WHERE "FilterKeywords"."filterId" = "Filters"."id" AND "Notes"."content" LIKE '%' || "FilterKeywords"."keyword" || '%') AND "Filters"."context" @> ARRAY['home'])`,
),
limit,
context.req.url,
user.id,
);
return context.json(
await Promise.all(
objects.map(async (note) => note.toApi(user)),
),
200,
{
Link: link,
}, },
); },
}, },
), 401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) =>
app.openapi(route, async (context) => {
const { max_id, since_id, min_id, limit } = context.req.valid("query");
const { user } = context.get("auth");
if (!user) {
return context.json({ error: "Unauthorized" }, 401);
}
const { objects, link } = await Timeline.getNoteTimeline(
and(
and(
max_id ? lt(Notes.id, max_id) : undefined,
since_id ? gte(Notes.id, since_id) : undefined,
min_id ? gt(Notes.id, min_id) : undefined,
),
or(
eq(Notes.authorId, user.id),
sql`EXISTS (SELECT 1 FROM "NoteToMentions" WHERE "NoteToMentions"."noteId" = ${Notes.id} AND "NoteToMentions"."userId" = ${user.id})`,
sql`EXISTS (SELECT 1 FROM "Relationships" WHERE "Relationships"."subjectId" = ${Notes.authorId} AND "Relationships"."ownerId" = ${user.id} AND "Relationships"."following" = true)`,
),
sql`NOT EXISTS (SELECT 1 FROM "Filters" WHERE "Filters"."userId" = ${user.id} AND "Filters"."filter_action" = 'hide' AND EXISTS (SELECT 1 FROM "FilterKeywords" WHERE "FilterKeywords"."filterId" = "Filters"."id" AND "Notes"."content" LIKE '%' || "FilterKeywords"."keyword" || '%') AND "Filters"."context" @> ARRAY['home'])`,
),
limit,
context.req.url,
user.id,
);
return context.json(
await Promise.all(objects.map(async (note) => note.toApi(user))),
200,
{
Link: link,
},
);
}),
); );

127
api/api/v1/timelines/public.ts
View file

@ -1,15 +1,11 @@
import { import { apiRoute, applyConfig, auth, idValidator } from "@/api";
apiRoute, import { createRoute } from "@hono/zod-openapi";
applyConfig,
auth,
handleZodError,
idValidator,
} from "@/api";
import { zValidator } from "@hono/zod-validator";
import { and, gt, gte, lt, sql } from "drizzle-orm"; import { and, gt, gte, lt, sql } from "drizzle-orm";
import { z } from "zod"; import { z } from "zod";
import { Notes, RolePermissions } from "~/drizzle/schema"; import { Notes, RolePermissions } from "~/drizzle/schema";
import { Note } from "~/packages/database-interface/note";
import { Timeline } from "~/packages/database-interface/timeline"; import { Timeline } from "~/packages/database-interface/timeline";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({ export const meta = applyConfig({
allowedMethods: ["GET"], allowedMethods: ["GET"],
@ -51,57 +47,70 @@ export const schemas = {
}), }),
}; };
export default apiRoute((app) => const route = createRoute({
app.on( method: "get",
meta.allowedMethods, path: "/api/v1/timelines/public",
meta.route, summary: "Get public timeline",
zValidator("query", schemas.query, handleZodError), middleware: [auth(meta.auth, meta.permissions)],
auth(meta.auth, meta.permissions), request: {
async (context) => { query: schemas.query,
const { },
max_id, responses: {
since_id, 200: {
min_id, description: "Public timeline",
limit, content: {
local, "application/json": {
remote, schema: z.array(Note.schema),
only_media,
} = context.req.valid("query");
const { user } = context.get("auth");
const { objects, link } = await Timeline.getNoteTimeline(
and(
max_id ? lt(Notes.id, max_id) : undefined,
since_id ? gte(Notes.id, since_id) : undefined,
min_id ? gt(Notes.id, min_id) : undefined,
remote
? sql`EXISTS (SELECT 1 FROM "Users" WHERE "Users"."id" = ${Notes.authorId} AND "Users"."instanceId" IS NOT NULL)`
: undefined,
local
? sql`EXISTS (SELECT 1 FROM "Users" WHERE "Users"."id" = ${Notes.authorId} AND "Users"."instanceId" IS NULL)`
: undefined,
only_media
? sql`EXISTS (SELECT 1 FROM "Attachments" WHERE "Attachments"."noteId" = ${Notes.id})`
: undefined,
user
? sql`NOT EXISTS (SELECT 1 FROM "Filters" WHERE "Filters"."userId" = ${user.id} AND "Filters"."filter_action" = 'hide' AND EXISTS (SELECT 1 FROM "FilterKeywords" WHERE "FilterKeywords"."filterId" = "Filters"."id" AND "Notes"."content" LIKE '%' || "FilterKeywords"."keyword" || '%') AND "Filters"."context" @> ARRAY['public'])`
: undefined,
),
limit,
context.req.url,
user?.id,
);
return context.json(
await Promise.all(
objects.map(async (note) => note.toApi(user)),
),
200,
{
Link: link,
}, },
); },
}, },
), 401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) =>
app.openapi(route, async (context) => {
const { max_id, since_id, min_id, limit, local, remote, only_media } =
context.req.valid("query");
const { user } = context.get("auth");
const { objects, link } = await Timeline.getNoteTimeline(
and(
max_id ? lt(Notes.id, max_id) : undefined,
since_id ? gte(Notes.id, since_id) : undefined,
min_id ? gt(Notes.id, min_id) : undefined,
remote
? sql`EXISTS (SELECT 1 FROM "Users" WHERE "Users"."id" = ${Notes.authorId} AND "Users"."instanceId" IS NOT NULL)`
: undefined,
local
? sql`EXISTS (SELECT 1 FROM "Users" WHERE "Users"."id" = ${Notes.authorId} AND "Users"."instanceId" IS NULL)`
: undefined,
only_media
? sql`EXISTS (SELECT 1 FROM "Attachments" WHERE "Attachments"."noteId" = ${Notes.id})`
: undefined,
user
? sql`NOT EXISTS (SELECT 1 FROM "Filters" WHERE "Filters"."userId" = ${user.id} AND "Filters"."filter_action" = 'hide' AND EXISTS (SELECT 1 FROM "FilterKeywords" WHERE "FilterKeywords"."filterId" = "Filters"."id" AND "Notes"."content" LIKE '%' || "FilterKeywords"."keyword" || '%') AND "Filters"."context" @> ARRAY['public'])`
: undefined,
),
limit,
context.req.url,
user?.id,
);
return context.json(
await Promise.all(objects.map(async (note) => note.toApi(user))),
200,
{
Link: link,
},
);
}),
); );