Cors and getting a single ticket via its id (#31)

* feat: cors allow everything

* feat: cors and method to get a single ticket via its id

* chore: formatting

Author: CodeF0x

Cargo.toml

@@ -17,6 +17,7 @@ argonautica = "0.2.0"
 hmac = "0.12.1"
 jwt = "0.16.0"
 sha2 = "0.10.7"
+actix-cors = "0.6.4"
 
 [dev-dependencies]
-run_script = "0.10.1"
+run_script = "0.10.1"

src/database.rs

@@ -72,6 +72,13 @@ pub fn get_all_tickets(connection: &mut SqliteConnection) -> QueryResult<Vec<Sql
     tickets.load::<SqliteTicket>(connection)
 }
 
+pub fn get_single_ticket(
+    ticket_id: i32,
+    connection: &mut SqliteConnection,
+) -> QueryResult<SqliteTicket> {
+    tickets.filter(id.eq(ticket_id)).get_result(connection)
+}
+
 pub fn delete_ticket(
     connection: &mut SqliteConnection,
     ticked_id: i32,

src/main.rs

@@ -9,7 +9,8 @@ mod test_helpers;
 
 use crate::database::{
     create_ticket, create_user, delete_ticket, edit_ticket, filter_tickets_in_database,
-    get_all_tickets, get_user_by_email, remove_session_from_db, write_session_to_db, DataBase,
+    get_all_tickets, get_single_ticket, get_user_by_email, remove_session_from_db,
+    write_session_to_db, DataBase,
 };
 use crate::middleware::validator;
 use crate::models::{NewSession, NewUser, Ticket, TokenClaims};
@@ -18,8 +19,9 @@ use crate::status_messages::{
     CANNOT_LOGOUT, ERROR_COULD_NOT_CREATE_TICKET, ERROR_COULD_NOT_CREATE_USER,
     ERROR_COULD_NOT_DELETE, ERROR_COULD_NOT_GET, ERROR_COULD_NOT_UPDATE, ERROR_INCORRECT_PASSWORD,
     ERROR_INVALID_ID, ERROR_NOT_FOUND, ERROR_NOT_LOGGED_IN, ERROR_NO_USER_FOUND,
-    ERROR_USER_ALREADY_EXISTS, SUCCESS_LOGIN, SUCCESS_LOGOUT,
+    ERROR_USER_ALREADY_EXISTS, SUCCESS_LOGOUT,
 };
+use actix_cors::Cors;
 use actix_web::cookie::time::Duration;
 use actix_web::cookie::Cookie;
 use actix_web::web::{Json, Path};
@@ -39,15 +41,20 @@ async fn main() -> Result<()> {
     HttpServer::new(move || {
         let bearer_middleware = HttpAuthentication::bearer(validator);
 
-        App::new().service(signup).service(login).service(
-            web::scope("")
-                .wrap(bearer_middleware)
-                .service(create)
-                .service(get_tickets)
-                .service(delete)
-                .service(edit)
-                .service(filter_tickets)
-                .service(logout),
+        let cors = Cors::permissive().allow_any_method().allow_any_origin();
+
+        App::new().wrap(cors).service(
+            web::scope("/api").service(signup).service(login).service(
+                web::scope("")
+                    .wrap(bearer_middleware)
+                    .service(create)
+                    .service(get_tickets)
+                    .service(get_ticket)
+                    .service(delete)
+                    .service(edit)
+                    .service(filter_tickets)
+                    .service(logout),
+            ),
         )
     })
     .bind(("localhost", 8080))?
@@ -84,6 +91,22 @@ async fn get_tickets() -> impl Responder {
     }
 }
 
+#[get("/tickets/{id}")]
+async fn get_ticket(ticket_id: Path<i32>) -> impl Responder {
+    let mut database = DataBase::new();
+    let ticket_id = ticket_id.into_inner();
+
+    match get_single_ticket(ticket_id, &mut database.connection) {
+        Ok(ticket) => HttpResponse::Ok().json(ticket.to_ticket()),
+        Err(err) => match err {
+            Error::NotFound => {
+                HttpResponse::NotFound().json(format!("{} {}", ERROR_NOT_FOUND, ticket_id))
+            }
+            _ => HttpResponse::InternalServerError().json(ERROR_COULD_NOT_GET),
+        },
+    }
+}
+
 #[post("/filter")]
 async fn filter_tickets(payload: Json<FilterPayload>) -> impl Responder {
     let mut database = DataBase::new();
@@ -211,10 +234,10 @@ async fn login(payload: Json<LoginPayload>) -> impl Responder {
                     &mut database.connection,
                 );
 
-                let bearer_cookie = Cookie::build("cira-bearer-token", token_str)
-                    .http_only(true)
+                let bearer_cookie = Cookie::build("cira-bearer-token", &token_str)
+                    .http_only(false)
                     .finish();
-                HttpResponse::Ok().cookie(bearer_cookie).json(SUCCESS_LOGIN)
+                HttpResponse::Ok().cookie(bearer_cookie).body(token_str)
             } else {
                 HttpResponse::Unauthorized().json(ERROR_INCORRECT_PASSWORD)
             }
@@ -897,4 +920,37 @@ mod tests {
             assert_eq!(response.status().as_u16(), StatusCode::UNAUTHORIZED);
         }
     }
+
+    mod get_ticket {
+        use super::*;
+        use crate::get_ticket;
+        use crate::models::Ticket;
+        use actix_web::http::StatusCode;
+
+        #[actix_web::test]
+        #[serial]
+        async fn test_get_ticket() {
+            setup_database();
+
+            let app = test::init_service(App::new().service(get_ticket)).await;
+            let req = TestRequest::get().uri("/tickets/1").to_request();
+
+            let response: Ticket = test::call_and_read_body_json(&app, req).await;
+
+            assert_eq!(response.id, 1);
+        }
+
+        #[actix_web::test]
+        #[serial]
+        async fn not_found() {
+            setup_database();
+
+            let app = test::init_service(App::new().service(get_ticket)).await;
+            let req = TestRequest::get().uri("/tickets/333").to_request();
+
+            let response = test::call_service(&app, req).await;
+
+            assert_eq!(response.status().as_u16(), StatusCode::NOT_FOUND);
+        }
+    }
 }

src/schema.rs

@@ -29,6 +29,4 @@ diesel::table! {
     }
 }
 
-// gets reformatted every time running diesel migration
-#[rustfmt::skip]
 diesel::allow_tables_to_appear_in_same_query!(sessions, tickets, users,);

src/status_messages.rs

@@ -2,7 +2,7 @@
 pub const ERROR_NOT_FOUND: &str = "Could not find ticket with id";
 pub const ERROR_INVALID_ID: &str = "ID must be an integer higher than 0";
 pub const ERROR_COULD_NOT_CREATE_TICKET: &str = "Could not create ticket";
-pub const ERROR_COULD_NOT_GET: &str = "Could not get tickets";
+pub const ERROR_COULD_NOT_GET: &str = "Could not get ticket(s)";
 pub const ERROR_COULD_NOT_UPDATE: &str = "Could not update ticket with id";
 pub const ERROR_COULD_NOT_DELETE: &str = "Could not delete ticket with id";
 pub const CANNOT_LOGOUT: &str = "Could not log you out";
@@ -13,5 +13,4 @@ pub const ERROR_NO_USER_FOUND: &str = "No user found";
 pub const ERROR_USER_ALREADY_EXISTS: &str = "User with that email already exists";
 
 // success messages
-pub const SUCCESS_LOGIN: &str = "Successfully logged in";
 pub const SUCCESS_LOGOUT: &str = "Successfully logged out";