Add endpoint for retrieving devices.
Add an endpoint for retrieving devices, either as a list or by ID.
Stub endpoints for updating and deleting devices., along with TODOs marking them
as things to still be completed. (Right now, accessing those endpoints is an
insta-panic.)
Simplify our handleCreateDevices by returning StatusUnauthorized if AuthUser
fails, so we can reserve StatusForbidden for when auth succeeds but access is
still denied. Also, delay the instantiation and allocation of a Response
variable until we're actually going to use it.
Create a handleGetDevices handler that authenticates the user, and if no ID is
set, returns a list of all their Devices. If one or more IDs are set, only those
Devices are returned. If ScopeViewPushToken is one of the scopes associated with
the request, the push tokens for each Device will be included in the response.
Otherwise, they will be omitted.
7 "code.secondbit.org/api.hg"
8 "code.secondbit.org/ducky/devices.hg"
9 "code.secondbit.org/uuid.hg"
13 errUnauthorizedLastSeen = errors.New("not authorized to set last seen")
14 errUnauthorizedCreated = errors.New("not authorized to set created")
15 errUnauthorizedOwner = errors.New("not authorized to set owner")
16 errInvalidDeviceType = errors.New("device type invalid")
17 errDeviceNameTooShort = errors.New("device name too short")
18 errDeviceNameTooLong = errors.New("device name too long")
21 // Device represents a device as exposed through the API. It is its
22 // own type as the business logic and the API have different requirements
23 // for the Device type, and require different representations.
25 ID uuid.ID `json:"id"`
26 Name string `json:"name,omitempty"`
27 Owner uuid.ID `json:"owner,omitempty"`
28 Type devices.DeviceType `json:"type,omitempty"`
29 Created time.Time `json:"created,omitempty"`
30 LastSeen time.Time `json:"lastSeen,omitempty"`
31 PushToken string `json:"pushToken,omitempty"`
34 // DeviceChange represents a set of changes to a device that will be used
35 // to update that device. It is its own type as the business logic and the
36 // API have different requirements for the DeviceChange type, and require
37 // different representations.
38 type DeviceChange struct {
39 DeviceID uuid.ID `json:"id"`
40 Name *string `json:"name,omitempty"`
41 Owner *uuid.ID `json:"owner,omitempty"`
42 Type *devices.DeviceType `json:"type,omitempty"`
43 LastSeen *time.Time `json:"lastSeen,omitempty"`
44 PushToken *string `json:"pushToken,omitempty"`
47 func apiDeviceFromCore(d devices.Device, includePushToken bool) Device {
57 device.PushToken = d.PushToken
62 func changeFromAPI(d DeviceChange) devices.DeviceChange {
63 return devices.DeviceChange{
69 PushToken: d.PushToken,
73 func createDevicesFromChanges(changes []DeviceChange) []devices.Device {
74 newDevices := make([]devices.Device, 0, len(changes))
75 for _, change := range changes {
76 newDevices = append(newDevices, devices.ApplyChange(devices.Device{}, changeFromAPI(change)))
81 func validateDeviceCreation(d devices.Device, scopes []string, user uuid.ID) error {
82 canImport := api.CheckScopes(scopes, ScopeImport.ID)
83 canCreateOtherUserDevices := api.CheckScopes(scopes, ScopeCreateOtherUserDevices.ID)
84 if !d.LastSeen.IsZero() && !canImport {
85 return errUnauthorizedLastSeen
87 if !d.Created.IsZero() && !canImport {
88 return errUnauthorizedCreated
90 if !d.Owner.Equal(user) && !canCreateOtherUserDevices {
91 return errUnauthorizedOwner
93 if !devices.IsValidDeviceType(d.Type) {
94 return errInvalidDeviceType
96 if len(d.Name) < devices.MinDeviceNameLength {
97 return errDeviceNameTooShort
99 if len(d.Name) > devices.MaxDeviceNameLength {
100 return errDeviceNameTooLong