Basic user access endpoint

2025-11-04 15:00:19 +01:00 · 2022-12-30 14:20:48 -05:00 · 2022-12-30 14:20:48 -05:00 · bd86e3d951
commit bd86e3d951
parent b131d676c4
9 changed files with 95 additions and 23 deletions
--- a/server/server.go
+++ b/server/server.go
@ -45,6 +45,7 @@ import (
 		reset daily limits for users
 		Account usage not updated "in real time"
 		max token issue limit
+		user db startup queries -> foreign keys
 		Sync:
 			- "mute" setting
 			- figure out what settings are "web" or "phone"
@ -101,6 +102,7 @@ var (
 	accountPasswordPath            = "/v1/account/password"
 	accountSettingsPath            = "/v1/account/settings"
 	accountSubscriptionPath        = "/v1/account/subscription"
+	accountAccessPath              = "/v1/account/access"
 	accountSubscriptionSingleRegex = regexp.MustCompile(`^/v1/account/subscription/([-_A-Za-z0-9]{16})$`)
 	matrixPushPath                 = "/_matrix/push/v1/notify"
 	staticRegex                    = regexp.MustCompile(`^/static/.+`)
@ -357,6 +359,8 @@ func (s *Server) handleInternal(w http.ResponseWriter, r *http.Request, v *visit
 		return s.ensureUser(s.handleAccountSubscriptionChange)(w, r, v)
 	} else if r.Method == http.MethodDelete && accountSubscriptionSingleRegex.MatchString(r.URL.Path) {
 		return s.ensureUser(s.handleAccountSubscriptionDelete)(w, r, v)
+	} else if r.Method == http.MethodPost && r.URL.Path == accountAccessPath {
+		return s.ensureUser(s.handleAccountAccessAdd)(w, r, v)
 	} else if r.Method == http.MethodGet && r.URL.Path == matrixPushPath {
 		return s.handleMatrixDiscovery(w)
 	} else if r.Method == http.MethodGet && staticRegex.MatchString(r.URL.Path) {
--- a/server/server_account.go
+++ b/server/server_account.go
@ -307,3 +307,22 @@ func (s *Server) handleAccountSubscriptionDelete(w http.ResponseWriter, r *http.
 	w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this
 	return nil
 }
+
+func (s *Server) handleAccountAccessAdd(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	req, err := readJSONWithLimit[apiAccountAccessRequest](r.Body, jsonBodyBytesLimit)
+	if err != nil {
+		return err
+	}
+	if !topicRegex.MatchString(req.Topic) {
+		return errHTTPBadRequestTopicInvalid
+	}
+	if err := s.userManager.AllowAccess(v.user.Name, req.Topic, true, true); err != nil {
+		return err
+	}
+	if err := s.userManager.AllowAccess(user.Everyone, req.Topic, false, false); err != nil {
+		return err
+	}
+	w.Header().Set("Content-Type", "application/json")
+	w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this
+	return nil
+}
--- a/server/types.go
+++ b/server/types.go
@ -266,3 +266,8 @@ type apiAccountResponse struct {
 	Limits        *apiAccountLimits       `json:"limits,omitempty"`
 	Stats         *apiAccountStats        `json:"stats,omitempty"`
 }
+
+type apiAccountAccessRequest struct {
+	Topic  string `json:"topic"`
+	Access string `json:"access"`
+}