ducky/devices
ducky/devices/apiv1/handlers.go
Add endpoint for retrieving devices. Add an endpoint for retrieving devices, either as a list or by ID. Stub endpoints for updating and deleting devices., along with TODOs marking them as things to still be completed. (Right now, accessing those endpoints is an insta-panic.) Simplify our handleCreateDevices by returning StatusUnauthorized if AuthUser fails, so we can reserve StatusForbidden for when auth succeeds but access is still denied. Also, delay the instantiation and allocation of a Response variable until we're actually going to use it. Create a handleGetDevices handler that authenticates the user, and if no ID is set, returns a list of all their Devices. If one or more IDs are set, only those Devices are returned. If ScopeViewPushToken is one of the scopes associated with the request, the push tokens for each Device will be included in the response. Otherwise, they will be omitted.
| paddy@15 | 1 package apiv1 |
| paddy@15 | 2 |
| paddy@15 | 3 import ( |
| paddy@17 | 4 "fmt" |
| paddy@15 | 5 "log" |
| paddy@15 | 6 "net/http" |
| paddy@15 | 7 |
| paddy@15 | 8 "code.secondbit.org/api.hg" |
| paddy@15 | 9 "code.secondbit.org/ducky/devices.hg" |
| paddy@18 | 10 "code.secondbit.org/trout.hg" |
| paddy@18 | 11 "code.secondbit.org/uuid.hg" |
| paddy@15 | 12 |
| paddy@15 | 13 "golang.org/x/net/context" |
| paddy@15 | 14 ) |
| paddy@15 | 15 |
| paddy@15 | 16 type createRequest struct { |
| paddy@15 | 17 Devices []DeviceChange `json:"devices"` |
| paddy@15 | 18 } |
| paddy@15 | 19 |
| paddy@15 | 20 func handleCreateDevices(ctx context.Context, w http.ResponseWriter, r *http.Request) { |
| paddy@15 | 21 var req createRequest |
| paddy@16 | 22 |
| paddy@16 | 23 userID, err := api.AuthUser(r) |
| paddy@16 | 24 if err != nil { |
| paddy@18 | 25 api.Encode(w, r, http.StatusUnauthorized, Response{Errors: api.AccessDeniedError}) |
| paddy@16 | 26 return |
| paddy@16 | 27 } |
| paddy@16 | 28 |
| paddy@16 | 29 err = api.Decode(r, &req) |
| paddy@15 | 30 if err != nil { |
| paddy@15 | 31 api.Encode(w, r, http.StatusBadRequest, Response{Errors: api.InvalidFormatError}) |
| paddy@15 | 32 return |
| paddy@15 | 33 } |
| paddy@15 | 34 |
| paddy@15 | 35 devicesToCreate := createDevicesFromChanges(req.Devices) |
| paddy@16 | 36 passedScopes := api.GetScopes(r) |
| paddy@17 | 37 for pos, device := range devicesToCreate { |
| paddy@16 | 38 err := validateDeviceCreation(device, passedScopes, userID) |
| paddy@16 | 39 if err == nil { |
| paddy@16 | 40 continue |
| paddy@16 | 41 } |
| paddy@16 | 42 var requestErr api.RequestError |
| paddy@16 | 43 switch err { |
| paddy@16 | 44 case errUnauthorizedLastSeen: |
| paddy@16 | 45 requestErr.Slug = api.RequestErrAccessDenied |
| paddy@17 | 46 requestErr.Field = fmt.Sprintf("devices/%d/lastSeen", pos) |
| paddy@16 | 47 case errUnauthorizedCreated: |
| paddy@16 | 48 requestErr.Slug = api.RequestErrAccessDenied |
| paddy@17 | 49 requestErr.Field = fmt.Sprintf("devices/%d/created", pos) |
| paddy@16 | 50 case errUnauthorizedOwner: |
| paddy@16 | 51 requestErr.Slug = api.RequestErrAccessDenied |
| paddy@17 | 52 requestErr.Field = fmt.Sprintf("devices/%d/owner", pos) |
| paddy@16 | 53 case errInvalidDeviceType: |
| paddy@16 | 54 requestErr.Slug = api.RequestErrInvalidValue |
| paddy@17 | 55 requestErr.Field = fmt.Sprintf("devices/%d/type", pos) |
| paddy@16 | 56 case errDeviceNameTooShort: |
| paddy@17 | 57 if len(device.Name) == 0 { |
| paddy@17 | 58 requestErr.Slug = api.RequestErrMissing |
| paddy@17 | 59 } else { |
| paddy@17 | 60 requestErr.Slug = api.RequestErrInsufficient |
| paddy@17 | 61 } |
| paddy@17 | 62 requestErr.Field = fmt.Sprintf("devices/%d/name", pos) |
| paddy@16 | 63 case errDeviceNameTooLong: |
| paddy@16 | 64 requestErr.Slug = api.RequestErrOverflow |
| paddy@17 | 65 requestErr.Field = fmt.Sprintf("devices/%d/name", pos) |
| paddy@16 | 66 } |
| paddy@16 | 67 if requestErr.Slug != "" { |
| paddy@16 | 68 api.Encode(w, r, http.StatusBadRequest, Response{Errors: []api.RequestError{requestErr}}) |
| paddy@15 | 69 return |
| paddy@15 | 70 } |
| paddy@16 | 71 api.Encode(w, r, http.StatusInternalServerError, Response{Errors: api.ActOfGodError}) |
| paddy@15 | 72 } |
| paddy@15 | 73 createdDevices, err := devices.CreateMany(devicesToCreate, ctx) |
| paddy@15 | 74 if err != nil { |
| paddy@15 | 75 // BUG(paddy): we should filter out non-internal errors here and expose better error responses |
| paddy@15 | 76 log.Printf("Error creating devices: %+v\n", err) |
| paddy@15 | 77 api.Encode(w, r, http.StatusInternalServerError, Response{Errors: api.ActOfGodError}) |
| paddy@15 | 78 return |
| paddy@15 | 79 } |
| paddy@18 | 80 var resp Response |
| paddy@15 | 81 for _, device := range createdDevices { |
| paddy@16 | 82 resp.Devices = append(resp.Devices, apiDeviceFromCore(device, api.CheckScopes(passedScopes, ScopeViewPushToken.ID))) |
| paddy@15 | 83 } |
| paddy@15 | 84 api.Encode(w, r, http.StatusCreated, resp) |
| paddy@15 | 85 } |
| paddy@18 | 86 |
| paddy@18 | 87 func handleGetDevices(ctx context.Context, w http.ResponseWriter, r *http.Request) { |
| paddy@18 | 88 userID, err := api.AuthUser(r) |
| paddy@18 | 89 if err != nil { |
| paddy@18 | 90 api.Encode(w, r, http.StatusUnauthorized, Response{Errors: api.AccessDeniedError}) |
| paddy@18 | 91 return |
| paddy@18 | 92 } |
| paddy@18 | 93 |
| paddy@18 | 94 passedScopes := api.GetScopes(r) |
| paddy@18 | 95 if !api.CheckScopes(passedScopes, ScopeViewDevices.ID) { |
| paddy@18 | 96 api.Encode(w, r, http.StatusForbidden, Response{Errors: api.AccessDeniedError}) |
| paddy@18 | 97 return |
| paddy@18 | 98 } |
| paddy@18 | 99 |
| paddy@18 | 100 var retrievedDevices []devices.Device |
| paddy@18 | 101 requestedIDStrs := r.URL.Query()["id"] |
| paddy@18 | 102 requestedIDStrs = append(requestedIDStrs, trout.RequestVars(r)[http.CanonicalHeaderKey("id")]...) |
| paddy@18 | 103 |
| paddy@18 | 104 if len(requestedIDStrs) < 1 { |
| paddy@18 | 105 retrievedDevices, err = devices.ListByOwner(userID, ctx) |
| paddy@18 | 106 if err != nil { |
| paddy@18 | 107 log.Printf("Error listing devices: %+v\n", err) |
| paddy@18 | 108 api.Encode(w, r, http.StatusInternalServerError, Response{Errors: api.ActOfGodError}) |
| paddy@18 | 109 return |
| paddy@18 | 110 } |
| paddy@18 | 111 } else { |
| paddy@18 | 112 requestedIDs := make([]uuid.ID, 0, len(requestedIDStrs)) |
| paddy@18 | 113 var reqErrs []api.RequestError |
| paddy@18 | 114 for pos, idStr := range requestedIDStrs { |
| paddy@18 | 115 id, err := uuid.Parse(idStr) |
| paddy@18 | 116 if err != nil { |
| paddy@18 | 117 reqErrs = append(reqErrs, api.RequestError{Slug: api.RequestErrInvalidFormat, Param: fmt.Sprintf("id[%d]", pos)}) |
| paddy@18 | 118 continue |
| paddy@18 | 119 } |
| paddy@18 | 120 requestedIDs = append(requestedIDs, id) |
| paddy@18 | 121 } |
| paddy@18 | 122 if len(reqErrs) > 0 { |
| paddy@18 | 123 api.Encode(w, r, http.StatusBadRequest, Response{Errors: reqErrs}) |
| paddy@18 | 124 return |
| paddy@18 | 125 } |
| paddy@18 | 126 getDevices, err := devices.GetMany(requestedIDs, ctx) |
| paddy@18 | 127 if err != nil { |
| paddy@18 | 128 api.Encode(w, r, http.StatusInternalServerError, Response{Errors: api.ActOfGodError}) |
| paddy@18 | 129 return |
| paddy@18 | 130 } |
| paddy@18 | 131 for _, device := range getDevices { |
| paddy@18 | 132 if device.Owner.Equal(userID) { |
| paddy@18 | 133 retrievedDevices = append(retrievedDevices, device) |
| paddy@18 | 134 } |
| paddy@18 | 135 } |
| paddy@18 | 136 } |
| paddy@18 | 137 |
| paddy@18 | 138 var resp Response |
| paddy@18 | 139 for _, device := range retrievedDevices { |
| paddy@18 | 140 resp.Devices = append(resp.Devices, apiDeviceFromCore(device, api.CheckScopes(passedScopes, ScopeViewPushToken.ID))) |
| paddy@18 | 141 } |
| paddy@18 | 142 api.Encode(w, r, http.StatusOK, resp) |
| paddy@18 | 143 } |