gitdata.ai/appks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a0bea3604187ff627277f2a54c01cf63a490cfac
appks/service/workspace/domains.rs
T
zhenyi 420dedbc1e feat(service): expand service layer with new domain operations 
- Add IM service modules: audit, channel roles, custom emojis, forum
  tags, integrations, invitations, repo links, slash commands, stages,
  voice, webhooks
- Add PR service modules: review requests, templates
- Add repo service modules: contributors, release assets, git extras
  (archive, branch rename, commit extras, diff/merge, tag, tree)
- Add user service: social (follow/block)
- Add internal auth service
- Update existing service modules with expanded functionality
- Remove deleted IM modules: articles, delivery trace, drafts,
  follows, messages, polls, presence, reactions, threads
2026-06-10 18:49:32 +08:00

303 lines
9.6 KiB
Rust
Raw Blame History

use serde::{Deserialize, Serialize};
use uuid::Uuid;
use crate::error::AppError;
use crate::models::common::Role;
use crate::models::workspaces::{Workspace, WorkspaceDomain};
use crate::service::WorkspaceService;
use crate::session::Session;
use super::util::{clamp_limit_offset, ensure_affected, required_text, set_local_user_id};
#[derive(Deserialize, Serialize, Clone, Debug, utoipa::ToSchema)]
pub struct AddDomainParams {
pub domain: String,
}
#[derive(Deserialize, Serialize, Clone, Debug, utoipa::ToSchema)]
pub struct UpdateDomainParams {
pub domain: String,
}
impl WorkspaceService {
pub async fn workspace_domains(
&self,
ctx: &Session,
ws: &Workspace,
limit: i64,
offset: i64,
) -> Result<Vec<WorkspaceDomain>, AppError> {
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
.await?;
let (limit, offset) = clamp_limit_offset(limit, offset);
sqlx::query_as::<_, WorkspaceDomain>(
"SELECT id, workspace_id, domain, verification_token_hash, is_primary, is_verified, \
verified_at, created_at, updated_at FROM workspace_domain \
WHERE workspace_id = $1 ORDER BY is_primary DESC, created_at ASC LIMIT $2 OFFSET $3",
)
.bind(ws.id)
.bind(limit)
.bind(offset)
.fetch_all(self.ctx.db.reader())
.await
.map_err(AppError::Database)
}
pub async fn workspace_add_domain(
&self,
ctx: &Session,
ws: &Workspace,
params: AddDomainParams,
) -> Result<WorkspaceDomain, AppError> {
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
.await?;
let domain = required_text(params.domain, "domain")?.to_lowercase();
let is_first = sqlx::query_scalar::<_, i64>(
"SELECT COUNT(*) FROM workspace_domain WHERE workspace_id = $1",
)
.bind(ws.id)
.fetch_one(self.ctx.db.reader())
.await
.map_err(AppError::Database)?
== 0;
let token = Self::generate_domain_verification_token();
let token_hash = sha256_hex(token.as_bytes());
let now = chrono::Utc::now();
let mut txn = self
.ctx
.db
.writer()
.begin()
.await
.map_err(|_| AppError::TxnError)?;
sqlx::query(set_local_user_id(user_uid))
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
let result = sqlx::query_as::<_, WorkspaceDomain>(
"INSERT INTO workspace_domain (id, workspace_id, domain, verification_token_hash, is_primary, is_verified, created_at, updated_at) \
VALUES ($1, $2, $3, $4, $5, false, $6, $6) \
RETURNING id, workspace_id, domain, verification_token_hash, is_primary, is_verified, verified_at, created_at, updated_at",
)
.bind(Uuid::now_v7())
.bind(ws.id)
.bind(&domain)
.bind(&token_hash)
.bind(is_first)
.bind(now)
.fetch_one(&mut *txn)
.await
.map_err(AppError::Database)?;
txn.commit().await.map_err(|_| AppError::TxnError)?;
Ok(result)
}
pub async fn workspace_verify_domain(
&self,
ctx: &Session,
ws: &Workspace,
domain_id: Uuid,
) -> Result<(), AppError> {
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
.await?;
let now = chrono::Utc::now();
let mut txn = self
.ctx
.db
.writer()
.begin()
.await
.map_err(|_| AppError::TxnError)?;
sqlx::query(set_local_user_id(user_uid))
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
let result = sqlx::query(
"UPDATE workspace_domain SET is_verified = true, verified_at = $1, updated_at = $1 \
WHERE id = $2 AND workspace_id = $3 AND is_verified = false",
)
.bind(now)
.bind(domain_id)
.bind(ws.id)
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
ensure_affected(
result.rows_affected(),
"domain not found or already verified",
)?;
txn.commit().await.map_err(|_| AppError::TxnError)?;
Ok(())
}
pub async fn workspace_set_primary_domain(
&self,
ctx: &Session,
ws: &Workspace,
domain_id: Uuid,
) -> Result<(), AppError> {
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
self.ensure_workspace_role_at_least(user_uid, &ws, Role::Owner)
.await?;
let now = chrono::Utc::now();
let mut txn = self
.ctx
.db
.writer()
.begin()
.await
.map_err(|_| AppError::TxnError)?;
sqlx::query(set_local_user_id(user_uid))
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
let domain = sqlx::query_as::<_, WorkspaceDomain>(
"SELECT id, workspace_id, domain, verification_token_hash, is_primary, is_verified, \
verified_at, created_at, updated_at FROM workspace_domain \
WHERE id = $1 AND workspace_id = $2",
)
.bind(domain_id)
.bind(ws.id)
.fetch_optional(&mut *txn)
.await
.map_err(AppError::Database)?
.ok_or(AppError::NotFound("domain not found".into()))?;
if !domain.is_verified {
return Err(AppError::BadRequest(
"domain must be verified before setting as primary".into(),
));
}
sqlx::query("UPDATE workspace_domain SET is_primary = false, updated_at = $1 WHERE workspace_id = $2 AND is_primary = true")
.bind(now)
.bind(ws.id)
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
sqlx::query("UPDATE workspace_domain SET is_primary = true, updated_at = $1 WHERE id = $2")
.bind(now)
.bind(domain_id)
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
txn.commit().await.map_err(|_| AppError::TxnError)?;
Ok(())
}
pub async fn workspace_delete_domain(
&self,
ctx: &Session,
ws: &Workspace,
domain_id: Uuid,
) -> Result<(), AppError> {
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
.await?;
let is_primary = sqlx::query_scalar::<_, bool>(
"SELECT is_primary FROM workspace_domain WHERE id = $1 AND workspace_id = $2",
)
.bind(domain_id)
.bind(ws.id)
.fetch_optional(self.ctx.db.reader())
.await
.map_err(AppError::Database)?
.ok_or(AppError::NotFound("domain not found".into()))?;
if is_primary {
return Err(AppError::BadRequest("cannot delete primary domain".into()));
}
let mut txn = self
.ctx
.db
.writer()
.begin()
.await
.map_err(|_| AppError::TxnError)?;
sqlx::query(set_local_user_id(user_uid))
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
let result =
sqlx::query("DELETE FROM workspace_domain WHERE id = $1 AND workspace_id = $2")
.bind(domain_id)
.bind(ws.id)
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
ensure_affected(result.rows_affected(), "domain not found")?;
txn.commit().await.map_err(|_| AppError::TxnError)?;
Ok(())
}
pub async fn workspace_update_domain(
&self,
ctx: &Session,
ws: &Workspace,
domain_id: Uuid,
params: UpdateDomainParams,
) -> Result<WorkspaceDomain, AppError> {
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
.await?;
let domain = required_text(params.domain, "domain")?.to_lowercase();
let now = chrono::Utc::now();
let mut txn = self
.ctx
.db
.writer()
.begin()
.await
.map_err(|_| AppError::TxnError)?;
sqlx::query(set_local_user_id(user_uid))
.execute(&mut *txn)
.await
.map_err(AppError::Database)?;
let result = sqlx::query_as::<_, WorkspaceDomain>(
"UPDATE workspace_domain SET domain = $1, is_verified = false, verified_at = NULL, updated_at = $2 \
WHERE id = $3 AND workspace_id = $4 \
RETURNING id, workspace_id, domain, verification_token_hash, is_primary, is_verified, verified_at, created_at, updated_at",
)
.bind(&domain)
.bind(now)
.bind(domain_id)
.bind(ws.id)
.fetch_optional(&mut *txn)
.await
.map_err(AppError::Database)?
.ok_or(AppError::NotFound("domain not found".into()))?;
txn.commit().await.map_err(|_| AppError::TxnError)?;
Ok(result)
}
fn generate_domain_verification_token() -> String {
(0..32)
.map(|_| format!("{:02x}", rand::random::<u8>()))
.collect()
}
}
use crate::service::util::sha256_hex;
Reference in New Issue View Git Blame Copy Permalink