appks/service/workspace/domains.rs

use serde::{Deserialize, Serialize};
use uuid::Uuid;

use crate::error::AppError;
use crate::models::common::Role;
use crate::models::workspaces::{Workspace, WorkspaceDomain};
use crate::service::WorkspaceService;
use crate::session::Session;

use super::util::{clamp_limit_offset, ensure_affected, required_text};

#[derive(Deserialize, Serialize, Clone, Debug, utoipa::ToSchema)]
pub struct AddDomainParams {
    pub domain: String,
}

impl WorkspaceService {
    pub async fn workspace_domains(
        &self,
        ctx: &Session,
        ws: &Workspace,
        limit: i64,
        offset: i64,
    ) -> Result<Vec<WorkspaceDomain>, AppError> {
        let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
        self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
            .await?;
        let (limit, offset) = clamp_limit_offset(limit, offset);
        sqlx::query_as::<_, WorkspaceDomain>(
            "SELECT id, workspace_id, domain, verification_token_hash, is_primary, is_verified, \
             verified_at, created_at, updated_at FROM workspace_domain \
             WHERE workspace_id = $1 ORDER BY is_primary DESC, created_at ASC LIMIT $2 OFFSET $3",
        )
        .bind(ws.id)
        .bind(limit)
        .bind(offset)
        .fetch_all(self.ctx.db.reader())
        .await
        .map_err(AppError::Database)
    }

    pub async fn workspace_add_domain(
        &self,
        ctx: &Session,
        ws: &Workspace,
        params: AddDomainParams,
    ) -> Result<WorkspaceDomain, AppError> {
        let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
        self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
            .await?;
        let domain = required_text(params.domain, "domain")?.to_lowercase();

        let is_first = sqlx::query_scalar::<_, i64>(
            "SELECT COUNT(*) FROM workspace_domain WHERE workspace_id = $1",
        )
        .bind(ws.id)
        .fetch_one(self.ctx.db.reader())
        .await
        .map_err(AppError::Database)?
            == 0;

        let token = Self::generate_domain_verification_token();
        let token_hash = sha256_hex(token.as_bytes());
        let now = chrono::Utc::now();

        let mut txn = self
            .ctx
            .db
            .writer()
            .begin()
            .await
            .map_err(|_| AppError::TxnError)?;
        sqlx::query("SET LOCAL app.current_user_id = $1")
            .bind(user_uid)
            .execute(&mut *txn)
            .await
            .map_err(AppError::Database)?;

        let result = sqlx::query_as::<_, WorkspaceDomain>(
            "INSERT INTO workspace_domain (id, workspace_id, domain, verification_token_hash, is_primary, is_verified, created_at, updated_at) \
             VALUES ($1, $2, $3, $4, $5, false, $6, $6) \
             RETURNING id, workspace_id, domain, verification_token_hash, is_primary, is_verified, verified_at, created_at, updated_at",
        )
        .bind(Uuid::now_v7())
        .bind(ws.id)
        .bind(&domain)
        .bind(&token_hash)
        .bind(is_first)
        .bind(now)
        .fetch_one(&mut *txn)
        .await
        .map_err(AppError::Database)?;

        txn.commit().await.map_err(|_| AppError::TxnError)?;
        Ok(result)
    }

    pub async fn workspace_verify_domain(
        &self,
        ctx: &Session,
        ws: &Workspace,
        domain_id: Uuid,
    ) -> Result<(), AppError> {
        let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
        self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
            .await?;
        let now = chrono::Utc::now();

        let mut txn = self
            .ctx
            .db
            .writer()
            .begin()
            .await
            .map_err(|_| AppError::TxnError)?;
        sqlx::query("SET LOCAL app.current_user_id = $1")
            .bind(user_uid)
            .execute(&mut *txn)
            .await
            .map_err(AppError::Database)?;

        let result = sqlx::query(
            "UPDATE workspace_domain SET is_verified = true, verified_at = $1, updated_at = $1 \
             WHERE id = $2 AND workspace_id = $3 AND is_verified = false",
        )
        .bind(now)
        .bind(domain_id)
        .bind(ws.id)
        .execute(&mut *txn)
        .await
        .map_err(AppError::Database)?;
        ensure_affected(
            result.rows_affected(),
            "domain not found or already verified",
        )?;

        txn.commit().await.map_err(|_| AppError::TxnError)?;
        Ok(())
    }

    pub async fn workspace_set_primary_domain(
        &self,
        ctx: &Session,
        ws: &Workspace,
        domain_id: Uuid,
    ) -> Result<(), AppError> {
        let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
        self.ensure_workspace_role_at_least(user_uid, &ws, Role::Owner)
            .await?;
        let now = chrono::Utc::now();

        let mut txn = self
            .ctx
            .db
            .writer()
            .begin()
            .await
            .map_err(|_| AppError::TxnError)?;
        sqlx::query("SET LOCAL app.current_user_id = $1")
            .bind(user_uid)
            .execute(&mut *txn)
            .await
            .map_err(AppError::Database)?;

        let domain = sqlx::query_as::<_, WorkspaceDomain>(
            "SELECT id, workspace_id, domain, verification_token_hash, is_primary, is_verified, \
             verified_at, created_at, updated_at FROM workspace_domain \
             WHERE id = $1 AND workspace_id = $2",
        )
        .bind(domain_id)
        .bind(ws.id)
        .fetch_optional(&mut *txn)
        .await
        .map_err(AppError::Database)?
        .ok_or(AppError::NotFound("domain not found".into()))?;

        if !domain.is_verified {
            return Err(AppError::BadRequest(
                "domain must be verified before setting as primary".into(),
            ));
        }

        sqlx::query("UPDATE workspace_domain SET is_primary = false, updated_at = $1 WHERE workspace_id = $2 AND is_primary = true")
            .bind(now)
            .bind(ws.id)
            .execute(&mut *txn)
            .await
            .map_err(AppError::Database)?;

        sqlx::query("UPDATE workspace_domain SET is_primary = true, updated_at = $1 WHERE id = $2")
            .bind(now)
            .bind(domain_id)
            .execute(&mut *txn)
            .await
            .map_err(AppError::Database)?;

        txn.commit().await.map_err(|_| AppError::TxnError)?;
        Ok(())
    }

    pub async fn workspace_delete_domain(
        &self,
        ctx: &Session,
        ws: &Workspace,
        domain_id: Uuid,
    ) -> Result<(), AppError> {
        let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
        self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
            .await?;

        let is_primary = sqlx::query_scalar::<_, bool>(
            "SELECT is_primary FROM workspace_domain WHERE id = $1 AND workspace_id = $2",
        )
        .bind(domain_id)
        .bind(ws.id)
        .fetch_optional(self.ctx.db.reader())
        .await
        .map_err(AppError::Database)?
        .ok_or(AppError::NotFound("domain not found".into()))?;

        if is_primary {
            return Err(AppError::BadRequest("cannot delete primary domain".into()));
        }

        let mut txn = self
            .ctx
            .db
            .writer()
            .begin()
            .await
            .map_err(|_| AppError::TxnError)?;
        sqlx::query("SET LOCAL app.current_user_id = $1")
            .bind(user_uid)
            .execute(&mut *txn)
            .await
            .map_err(AppError::Database)?;

        let result =
            sqlx::query("DELETE FROM workspace_domain WHERE id = $1 AND workspace_id = $2")
                .bind(domain_id)
                .bind(ws.id)
                .execute(&mut *txn)
                .await
                .map_err(AppError::Database)?;
        ensure_affected(result.rows_affected(), "domain not found")?;

        txn.commit().await.map_err(|_| AppError::TxnError)?;
        Ok(())
    }

    fn generate_domain_verification_token() -> String {
        (0..32)
            .map(|_| format!("{:02x}", rand::random::<u8>()))
            .collect()
    }
}

use crate::service::util::sha256_hex;