ducky/devices

Paddy 2015-12-22 Parent:ad63b888f899 Child:51ad0db105c8

18:b2fdf827758e Browse Files

Add endpoint for retrieving devices. Add an endpoint for retrieving devices, either as a list or by ID. Stub endpoints for updating and deleting devices., along with TODOs marking them as things to still be completed. (Right now, accessing those endpoints is an insta-panic.) Simplify our handleCreateDevices by returning StatusUnauthorized if AuthUser fails, so we can reserve StatusForbidden for when auth succeeds but access is still denied. Also, delay the instantiation and allocation of a Response variable until we're actually going to use it. Create a handleGetDevices handler that authenticates the user, and if no ID is set, returns a list of all their Devices. If one or more IDs are set, only those Devices are returned. If ScopeViewPushToken is one of the scopes associated with the request, the push tokens for each Device will be included in the response. Otherwise, they will be omitted.

apiv1/endpoints.go apiv1/handlers.go apiv1/scopes.go 

     1.1 --- a/apiv1/endpoints.go	Sat Dec 19 00:30:16 2015 -0800
     1.2 +++ b/apiv1/endpoints.go	Tue Dec 22 06:57:07 2015 -0500
     1.3 @@ -13,6 +13,13 @@
     1.4  func GetRouter(ctx context.Context) http.Handler {
     1.5  	var router trout.Router
     1.6  	router.Endpoint("/").Methods("POST").Handler(api.ContextWrapper(ctx, api.ContextHandler(handleCreateDevices)))
     1.7 +	router.Endpoint("/").Methods("GET").Handler(api.ContextWrapper(ctx, api.ContextHandler(handleGetDevices)))
     1.8 +	router.Endpoint("/{id}").Methods("GET").Handler(api.ContextWrapper(ctx, api.ContextHandler(handleGetDevices)))
     1.9 +	// TODO(paddy): add the update handler
    1.10 +	router.Endpoint("/{id}").Methods("PATCH").Handler(api.ContextWrapper(ctx, api.ContextHandler(nil)))
    1.11 +	// TODO(paddy): add the delete handler
    1.12 +	router.Endpoint("/").Methods("DELETE").Handler(api.ContextWrapper(ctx, api.ContextHandler(nil)))
    1.13 +	router.Endpoint("/{id}").Methods("DELETE").Handler(api.ContextWrapper(ctx, api.ContextHandler(nil)))
    1.14  
    1.15  	return router
    1.16  }

     2.1 --- a/apiv1/handlers.go	Sat Dec 19 00:30:16 2015 -0800
     2.2 +++ b/apiv1/handlers.go	Tue Dec 22 06:57:07 2015 -0500
     2.3 @@ -7,6 +7,8 @@
     2.4  
     2.5  	"code.secondbit.org/api.hg"
     2.6  	"code.secondbit.org/ducky/devices.hg"
     2.7 +	"code.secondbit.org/trout.hg"
     2.8 +	"code.secondbit.org/uuid.hg"
     2.9  
    2.10  	"golang.org/x/net/context"
    2.11  )
    2.12 @@ -17,15 +19,10 @@
    2.13  
    2.14  func handleCreateDevices(ctx context.Context, w http.ResponseWriter, r *http.Request) {
    2.15  	var req createRequest
    2.16 -	var resp Response
    2.17  
    2.18  	userID, err := api.AuthUser(r)
    2.19  	if err != nil {
    2.20 -		if err == api.ErrUserIDNotSet {
    2.21 -			api.Encode(w, r, http.StatusUnauthorized, Response{Errors: api.AccessDeniedError})
    2.22 -			return
    2.23 -		}
    2.24 -		api.Encode(w, r, http.StatusForbidden, Response{Errors: api.AccessDeniedError})
    2.25 +		api.Encode(w, r, http.StatusUnauthorized, Response{Errors: api.AccessDeniedError})
    2.26  		return
    2.27  	}
    2.28  
    2.29 @@ -80,8 +77,67 @@
    2.30  		api.Encode(w, r, http.StatusInternalServerError, Response{Errors: api.ActOfGodError})
    2.31  		return
    2.32  	}
    2.33 +	var resp Response
    2.34  	for _, device := range createdDevices {
    2.35  		resp.Devices = append(resp.Devices, apiDeviceFromCore(device, api.CheckScopes(passedScopes, ScopeViewPushToken.ID)))
    2.36  	}
    2.37  	api.Encode(w, r, http.StatusCreated, resp)
    2.38  }
    2.39 +
    2.40 +func handleGetDevices(ctx context.Context, w http.ResponseWriter, r *http.Request) {
    2.41 +	userID, err := api.AuthUser(r)
    2.42 +	if err != nil {
    2.43 +		api.Encode(w, r, http.StatusUnauthorized, Response{Errors: api.AccessDeniedError})
    2.44 +		return
    2.45 +	}
    2.46 +
    2.47 +	passedScopes := api.GetScopes(r)
    2.48 +	if !api.CheckScopes(passedScopes, ScopeViewDevices.ID) {
    2.49 +		api.Encode(w, r, http.StatusForbidden, Response{Errors: api.AccessDeniedError})
    2.50 +		return
    2.51 +	}
    2.52 +
    2.53 +	var retrievedDevices []devices.Device
    2.54 +	requestedIDStrs := r.URL.Query()["id"]
    2.55 +	requestedIDStrs = append(requestedIDStrs, trout.RequestVars(r)[http.CanonicalHeaderKey("id")]...)
    2.56 +
    2.57 +	if len(requestedIDStrs) < 1 {
    2.58 +		retrievedDevices, err = devices.ListByOwner(userID, ctx)
    2.59 +		if err != nil {
    2.60 +			log.Printf("Error listing devices: %+v\n", err)
    2.61 +			api.Encode(w, r, http.StatusInternalServerError, Response{Errors: api.ActOfGodError})
    2.62 +			return
    2.63 +		}
    2.64 +	} else {
    2.65 +		requestedIDs := make([]uuid.ID, 0, len(requestedIDStrs))
    2.66 +		var reqErrs []api.RequestError
    2.67 +		for pos, idStr := range requestedIDStrs {
    2.68 +			id, err := uuid.Parse(idStr)
    2.69 +			if err != nil {
    2.70 +				reqErrs = append(reqErrs, api.RequestError{Slug: api.RequestErrInvalidFormat, Param: fmt.Sprintf("id[%d]", pos)})
    2.71 +				continue
    2.72 +			}
    2.73 +			requestedIDs = append(requestedIDs, id)
    2.74 +		}
    2.75 +		if len(reqErrs) > 0 {
    2.76 +			api.Encode(w, r, http.StatusBadRequest, Response{Errors: reqErrs})
    2.77 +			return
    2.78 +		}
    2.79 +		getDevices, err := devices.GetMany(requestedIDs, ctx)
    2.80 +		if err != nil {
    2.81 +			api.Encode(w, r, http.StatusInternalServerError, Response{Errors: api.ActOfGodError})
    2.82 +			return
    2.83 +		}
    2.84 +		for _, device := range getDevices {
    2.85 +			if device.Owner.Equal(userID) {
    2.86 +				retrievedDevices = append(retrievedDevices, device)
    2.87 +			}
    2.88 +		}
    2.89 +	}
    2.90 +
    2.91 +	var resp Response
    2.92 +	for _, device := range retrievedDevices {
    2.93 +		resp.Devices = append(resp.Devices, apiDeviceFromCore(device, api.CheckScopes(passedScopes, ScopeViewPushToken.ID)))
    2.94 +	}
    2.95 +	api.Encode(w, r, http.StatusOK, resp)
    2.96 +}

     3.1 --- a/apiv1/scopes.go	Sat Dec 19 00:30:16 2015 -0800
     3.2 +++ b/apiv1/scopes.go	Tue Dec 22 06:57:07 2015 -0500
     3.3 @@ -11,6 +11,14 @@
     3.4  		Description: "View the push tokens that allow sending messages and notifications to your device. This can be used to force your device to open links, and should be granted with extreme caution.",
     3.5  	}
     3.6  
     3.7 +	// ScopeViewDevices is a Scope that grants access to viewing the Devices
     3.8 +	// that belong to a user.
     3.9 +	ScopeViewDevices = scopeTypes.Scope{
    3.10 +		ID:          "https://scopes.useducky.com/devices/view",
    3.11 +		Name:        "View devices.",
    3.12 +		Description: "View the devices that are associated with your account.",
    3.13 +	}
    3.14 +
    3.15  	// ScopeImport is a Scope that grants access to bulk importing Devices. It grants
    3.16  	// what equates to admin permissions, including the ability to create Devices for
    3.17  	// other users, and thus should be granted with extreme caution.