Merge pull request #224 from starknet-id/ayush/admin-api-upgrade

feat: add user authentication on user create, issuer category on quest create
lfglabs-dev · Jun 18, 2024 · 0b02284 · 0b02284
2 parents e8afe41 + 4c5534d
commit 0b02284
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 17 deletions.
diff --git a/src/endpoints/admin/quest/create_quest.rs b/src/endpoints/admin/quest/create_quest.rs
@@ -1,20 +1,18 @@
-use crate::models::{ QuestInsertDocument,JWTClaims};
+use crate::models::{JWTClaims, QuestInsertDocument};
 use crate::{models::AppState, utils::get_error};
+use axum::http::HeaderMap;
 use axum::{
     extract::State,
     http::StatusCode,
     response::{IntoResponse, Json},
 };
 use axum_auto_routes::route;
+use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
 use mongodb::bson::{doc, from_document};
 use mongodb::options::FindOneOptions;
 use serde::Deserialize;
 use serde_json::json;
 use std::sync::Arc;
-use axum::http::HeaderMap;
-use jsonwebtoken::{Validation,Algorithm,decode,DecodingKey};
-
-
 
 pub_struct!(Deserialize; CreateQuestQuery {
     name: String,
@@ -28,6 +26,7 @@ pub_struct!(Deserialize; CreateQuestQuery {
     rewards_title: String,
     img_card: String,
     title_card: String,
+    issuer: Option<String>,
 });
 
 #[route(
@@ -59,14 +58,22 @@ pub async fn handler(
         "level": 1,
     };
 
+    let issuer = match user == "super_user" {
+        true => {
+            let result_issuer=(&body.issuer).as_ref().unwrap();
+            result_issuer
+        },
+        false => &user
+    };
+
     let mut new_document = doc! {
         "name": &body.name,
         "desc": &body.desc,
         "disabled": &body.disabled,
         "start_time": &body.start_time,
         "id": &next_id,
         "category":&body.category,
-        "issuer": &user,
+        "issuer": &issuer,
         "rewards_endpoint":"/quests/claimable",
         "rewards_title": &body.rewards_title,
         "rewards_img": &body.rewards_img,
@@ -81,7 +88,7 @@ pub async fn handler(
         None => new_document.insert("expiry", None::<String>),
     };
 
-    match user == "admin" {
+    match issuer == "Starknet ID" {
         true => new_document.insert("experience", 50),
         false => new_document.insert("experience", 10),
     };

diff --git a/src/endpoints/admin/user/create_user.rs b/src/endpoints/admin/user/create_user.rs
@@ -1,17 +1,18 @@
-use crate::models::{LoginDetails};
+use crate::models::{JWTClaims, LoginDetails};
+use crate::utils::calculate_hash;
 use crate::{models::AppState, utils::get_error};
+use axum::http::HeaderMap;
 use axum::{
     extract::State,
     http::StatusCode,
     response::{IntoResponse, Json},
 };
 use axum_auto_routes::route;
-use mongodb::bson::{doc};
+use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
+use mongodb::bson::doc;
 use serde::Deserialize;
 use serde_json::json;
 use std::sync::Arc;
-use crate::utils::calculate_hash;
-
 
 pub_struct!(Deserialize; CreateCustom {
     user: String,
@@ -21,8 +22,15 @@ pub_struct!(Deserialize; CreateCustom {
 #[route(post, "/admin/user/create", crate::endpoints::admin::user::create_user)]
 pub async fn handler(
     State(state): State<Arc<AppState>>,
+    headers: HeaderMap,
     body: Json<CreateCustom>,
 ) -> impl IntoResponse {
+    let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String;
+
+    if user != "super_user" {
+        return get_error("Operation not allowed with your account".to_string());
+    };
+
     let collection = state.db.collection::<LoginDetails>("login_details");
     let hashed_password = calculate_hash(&body.password);
 
@@ -32,12 +40,7 @@ pub async fn handler(
     };
 
     // insert document to boost collection
-    return match collection
-        .insert_one(new_document,
-                    None,
-        )
-        .await
-    {
+    return match collection.insert_one(new_document, None).await {
         Ok(_) => (
             StatusCode::OK,
             Json(json!({"message": "User added successfully"})).into_response(),