gitdata.ai/appks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6a8e9780734839890110155d3c33df5afba7ce46
appks/service/workspace/domains.rs
T
zhenyi 563381c1ca feat: init
2026-06-07 11:30:56 +08:00

264 lines
8.5 KiB
Rust
Raw Blame History

use serde::{Deserialize, Serialize};
use uuid::Uuid;
use crate::error::AppError;
use crate::models::common::Role;
use crate::models::workspaces::WorkspaceDomain;
use crate::service::WorkspaceService;
use crate::session::Session;
use super::util::{clamp_limit_offset, ensure_affected, required_text};
#[derive(Deserialize, Serialize, Clone, Debug, utoipa::ToSchema)]
pub struct AddDomainParams {
pub domain: String,
}
impl WorkspaceService {
pub async fn workspace_domains(
&self,
ctx: &Session,
workspace_id: Uuid,
limit: i64,
offset: i64,
) -> Result<Vec<WorkspaceDomain>, AppError> {
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
let ws = self.find_workspace_by_id(workspace_id).await?;
self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
.await?;
let (limit, offset) = clamp_limit_offset(limit, offset);
sqlx::query_as::<_, WorkspaceDomain>(
"SELECT id, workspace_id, domain, verification_token_hash, is_primary, is_verified, \
verified_at, created_at, updated_at FROM workspace_domain \
WHERE workspace_id = $1 ORDER BY is_primary DESC, created_at ASC LIMIT $2 OFFSET $3",
)
.bind(workspace_id)
.bind(limit)
.bind(offset)
.fetch_all(self.ctx.db.reader())
.await
.map_err(AppError::Database)
}
pub async fn workspace_add_domain(
&self,
ctx: &Session,
workspace_id: Uuid,
params: AddDomainParams,
) -> Result<WorkspaceDomain, AppError> {
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
let ws = self.find_workspace_by_id(workspace_id).await?;
self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
.await?;
let domain = required_text(params.domain, "domain")?.to_lowercase();
let is_first = sqlx::query_scalar::<_, i64>(
"SELECT COUNT(*) FROM workspace_domain WHERE workspace_id = $1",
)
.bind(workspace_id)
.fetch_one(self.ctx.db.reader())
.await
.map_err(AppError::Database)?
== 0;
let token = Self::generate_domain_verification_token();
let token_hash = sha256_hex(token.as_bytes());
let now = chrono::Utc::now();
let mut txn = self
.ctx
.db
.writer()
.begin()
.await
.map_err(|_| AppError::TxnError)?;
sqlx::query("SET LOCAL app.current_user_id = $1")
.bind(user_uid)
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
let result = sqlx::query_as::<_, WorkspaceDomain>(
"INSERT INTO workspace_domain (id, workspace_id, domain, verification_token_hash, is_primary, is_verified, created_at, updated_at) \
VALUES ($1, $2, $3, $4, $5, false, $6, $6) \
RETURNING id, workspace_id, domain, verification_token_hash, is_primary, is_verified, verified_at, created_at, updated_at",
)
.bind(Uuid::now_v7())
.bind(workspace_id)
.bind(&domain)
.bind(&token_hash)
.bind(is_first)
.bind(now)
.fetch_one(&mut *txn)
.await
.map_err(AppError::Database)?;
txn.commit().await.map_err(|_| AppError::TxnError)?;
Ok(result)
}
pub async fn workspace_verify_domain(
&self,
ctx: &Session,
workspace_id: Uuid,
domain_id: Uuid,
) -> Result<(), AppError> {
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
let ws = self.find_workspace_by_id(workspace_id).await?;
self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
.await?;
let now = chrono::Utc::now();
let mut txn = self
.ctx
.db
.writer()
.begin()
.await
.map_err(|_| AppError::TxnError)?;
sqlx::query("SET LOCAL app.current_user_id = $1")
.bind(user_uid)
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
let result = sqlx::query(
"UPDATE workspace_domain SET is_verified = true, verified_at = $1, updated_at = $1 \
WHERE id = $2 AND workspace_id = $3 AND is_verified = false",
)
.bind(now)
.bind(domain_id)
.bind(workspace_id)
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
ensure_affected(
result.rows_affected(),
"domain not found or already verified",
)?;
txn.commit().await.map_err(|_| AppError::TxnError)?;
Ok(())
}
pub async fn workspace_set_primary_domain(
&self,
ctx: &Session,
workspace_id: Uuid,
domain_id: Uuid,
) -> Result<(), AppError> {
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
let ws = self.find_workspace_by_id(workspace_id).await?;
self.ensure_workspace_role_at_least(user_uid, &ws, Role::Owner)
.await?;
let now = chrono::Utc::now();
let mut txn = self
.ctx
.db
.writer()
.begin()
.await
.map_err(|_| AppError::TxnError)?;
sqlx::query("SET LOCAL app.current_user_id = $1")
.bind(user_uid)
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
let domain = sqlx::query_as::<_, WorkspaceDomain>(
"SELECT id, workspace_id, domain, verification_token_hash, is_primary, is_verified, \
verified_at, created_at, updated_at FROM workspace_domain \
WHERE id = $1 AND workspace_id = $2",
)
.bind(domain_id)
.bind(workspace_id)
.fetch_optional(&mut *txn)
.await
.map_err(AppError::Database)?
.ok_or(AppError::NotFound("domain not found".into()))?;
if !domain.is_verified {
return Err(AppError::BadRequest(
"domain must be verified before setting as primary".into(),
));
}
sqlx::query("UPDATE workspace_domain SET is_primary = false, updated_at = $1 WHERE workspace_id = $2 AND is_primary = true")
.bind(now)
.bind(workspace_id)
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
sqlx::query("UPDATE workspace_domain SET is_primary = true, updated_at = $1 WHERE id = $2")
.bind(now)
.bind(domain_id)
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
txn.commit().await.map_err(|_| AppError::TxnError)?;
Ok(())
}
pub async fn workspace_delete_domain(
&self,
ctx: &Session,
workspace_id: Uuid,
domain_id: Uuid,
) -> Result<(), AppError> {
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
let ws = self.find_workspace_by_id(workspace_id).await?;
self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
.await?;
let is_primary = sqlx::query_scalar::<_, bool>(
"SELECT is_primary FROM workspace_domain WHERE id = $1 AND workspace_id = $2",
)
.bind(domain_id)
.bind(workspace_id)
.fetch_optional(self.ctx.db.reader())
.await
.map_err(AppError::Database)?
.ok_or(AppError::NotFound("domain not found".into()))?;
if is_primary {
return Err(AppError::BadRequest("cannot delete primary domain".into()));
}
let mut txn = self
.ctx
.db
.writer()
.begin()
.await
.map_err(|_| AppError::TxnError)?;
sqlx::query("SET LOCAL app.current_user_id = $1")
.bind(user_uid)
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
let result =
sqlx::query("DELETE FROM workspace_domain WHERE id = $1 AND workspace_id = $2")
.bind(domain_id)
.bind(workspace_id)
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
ensure_affected(result.rows_affected(), "domain not found")?;
txn.commit().await.map_err(|_| AppError::TxnError)?;
Ok(())
}
fn generate_domain_verification_token() -> String {
(0..32)
.map(|_| format!("{:02x}", rand::random::<u8>()))
.collect()
}
}
use crate::service::util::sha256_hex;
Reference in New Issue View Git Blame Copy Permalink