freshblu-server 0.1.2

HTTP/WebSocket/MQTT server for the FreshBlu IoT messaging platform
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

use axum::{
    extract::{Path, State},
    Json,
};
use freshblu_core::{
    error::FreshBluError,
    permissions::PermissionChecker,
    subscription::{CreateSubscriptionParams, Subscription, SubscriptionType},
};
use std::str::FromStr;
use uuid::Uuid;

use super::AuthenticatedDevice;
use crate::{ApiError, AppState};

type ApiResult<T> = Result<Json<T>, ApiError>;

// POST /devices/:uuid/subscriptions
pub async fn create_subscription(
    State(state): State<AppState>,
    AuthenticatedDevice(actor, _): AuthenticatedDevice,
    Path(subscriber_uuid): Path<Uuid>,
    Json(params): Json<CreateSubscriptionParams>,
) -> ApiResult<Subscription> {
    // Verify actor can create subscriptions for subscriber_uuid
    if actor.uuid != subscriber_uuid {
        // Must have configure.update permission to create subs for another device
        let sub_device = state
            .store
            .get_device(&subscriber_uuid)
            .await?
            .ok_or(FreshBluError::NotFound)
            .map_err(ApiError::from)?;
        let checker = PermissionChecker::new(
            &sub_device.meshblu.whitelists,
            &actor.uuid,
            &subscriber_uuid,
        );
        if !checker.can_configure_update() {
            return Err(FreshBluError::Forbidden.into());
        }
    }

    // Override subscriber_uuid from body with the path parameter
    let params = CreateSubscriptionParams {
        subscriber_uuid,
        ..params
    };

    // Verify permission to subscribe to emitter's events
    let emitter_device = state
        .store
        .get_device(&params.emitter_uuid)
        .await?
        .ok_or(FreshBluError::NotFound)
        .map_err(ApiError::from)?;

    // Use actor.uuid (the authenticated caller) for permission check
    let checker = PermissionChecker::new(
        &emitter_device.meshblu.whitelists,
        &actor.uuid,
        &params.emitter_uuid,
    );

    let allowed = match &params.subscription_type {
        SubscriptionType::BroadcastSent => checker.can_broadcast_sent(),
        SubscriptionType::BroadcastReceived => checker.can_broadcast_received(),
        SubscriptionType::MessageSent => checker.can_message_sent(),
        SubscriptionType::MessageReceived => checker.can_message_received(),
        SubscriptionType::ConfigureSent => checker.can_configure_sent(),
        SubscriptionType::ConfigureReceived => checker.can_configure_received(),
        SubscriptionType::UnregisterSent | SubscriptionType::UnregisterReceived => {
            // Anyone can subscribe to unregister events if they can discover
            checker.can_discover_view()
        }
    };

    if !allowed {
        return Err(FreshBluError::Forbidden.into());
    }

    let sub = state.store.create_subscription(&params).await?;
    Ok(Json(sub))
}

// GET /devices/:uuid/subscriptions
pub async fn list_subscriptions(
    State(state): State<AppState>,
    AuthenticatedDevice(actor, _): AuthenticatedDevice,
    Path(subscriber_uuid): Path<Uuid>,
) -> ApiResult<Vec<Subscription>> {
    // Can only list your own subscriptions (or with configure.update permission)
    if actor.uuid != subscriber_uuid {
        let device = state
            .store
            .get_device(&subscriber_uuid)
            .await?
            .ok_or(FreshBluError::NotFound)
            .map_err(ApiError::from)?;
        let checker =
            PermissionChecker::new(&device.meshblu.whitelists, &actor.uuid, &subscriber_uuid);
        if !checker.can_configure_update() {
            return Err(FreshBluError::Forbidden.into());
        }
    }

    let subs = state.store.get_subscriptions(&subscriber_uuid).await?;
    Ok(Json(subs))
}

// DELETE /devices/:uuid/subscriptions/:emitter_uuid/:sub_type
pub async fn delete_subscription(
    State(state): State<AppState>,
    AuthenticatedDevice(actor, _): AuthenticatedDevice,
    Path((subscriber_uuid, emitter_uuid, sub_type_str)): Path<(Uuid, Uuid, String)>,
) -> ApiResult<serde_json::Value> {
    if actor.uuid != subscriber_uuid {
        let device = state
            .store
            .get_device(&subscriber_uuid)
            .await?
            .ok_or(FreshBluError::NotFound)
            .map_err(ApiError::from)?;
        let checker =
            PermissionChecker::new(&device.meshblu.whitelists, &actor.uuid, &subscriber_uuid);
        if !checker.can_configure_update() {
            return Err(FreshBluError::Forbidden.into());
        }
    }

    let sub_type = SubscriptionType::from_str(&sub_type_str.replace("-", ".")).map_err(|_| {
        ApiError::from(FreshBluError::Validation(
            "invalid subscription type".into(),
        ))
    })?;

    state
        .store
        .delete_subscription(&subscriber_uuid, Some(&emitter_uuid), Some(&sub_type))
        .await?;

    Ok(Json(serde_json::json!({ "deleted": true })))
}