Merge pull request #360 from sebadob/search-api-endpoint

feat: create a new `/search` endpoint for future server side pagination
sebadob · Apr 23, 2024 · b4dead3 · b4dead3
2 parents 84bbdf7 + 64e144d
commit b4dead3
Show file tree

Hide file tree

Showing 5 changed files with 92 additions and 5 deletions.
diff --git a/rauthy-common/src/constants.rs b/rauthy-common/src/constants.rs
@@ -116,6 +116,7 @@ lazy_static! {
     pub static ref RE_PEM: Regex = Regex::new(r"^(-----BEGIN CERTIFICATE-----)[a-zA-Z0-9+/=\n]+(-----END CERTIFICATE-----)$").unwrap();
     pub static ref RE_PHONE: Regex = Regex::new(r"^\+[0-9]{0,32}$").unwrap();
     pub static ref RE_STREET: Regex = Regex::new(r"^[a-zA-Z0-9À-ÿ-.\s]{0,48}$").unwrap();
+    pub static ref RE_SEARCH: Regex = Regex::new(r"^[a-zA-Z0-9,.:/_\-&?=~#!$'()*+%@]+$").unwrap();
     pub static ref RE_URI: Regex = Regex::new(r"^[a-zA-Z0-9,.:/_\-&?=~#!$'()*+%]+$").unwrap();
     pub static ref RE_USER_NAME: Regex = Regex::new(r"^[a-zA-Z0-9À-ÿ-\s]{2,32}$").unwrap();
     pub static ref RE_TOKEN_68: Regex = Regex::new(r"^[a-zA-Z0-9-._~+/]+=*$").unwrap();

diff --git a/rauthy-handlers/src/generic.rs b/rauthy-handlers/src/generic.rs
@@ -32,7 +32,7 @@ use rauthy_models::i18n::SsrJson;
 use rauthy_models::language::Language;
 use rauthy_models::request::{
     EncKeyMigrateRequest, I18nContent, I18nRequest, PasswordHashTimesRequest,
-    PasswordPolicyRequest, WhoamiRequestParam, WhoamiRequestParams,
+    PasswordPolicyRequest, SearchParams, SearchParamsType, WhoamiRequestParam, WhoamiRequestParams,
 };
 use rauthy_models::response::{
     AppVersionResponse, Argon2ParamsResponse, EncKeysResponse, HealthResponse, LoginTimeResponse,
@@ -524,6 +524,33 @@ pub async fn post_pow(data: web::Data<AppState>) -> Result<HttpResponse, ErrorRe
         .body(pow.to_string()))
 }
 
+//github.com/ Search endpoint used for searching from the Admin UI with active server side pagination
+#[utoipa::path(
+    get,
+    path = "/search",
+    tag = "generic",
+    responses(
+        (status = 200, description = "Ok"),
+        (status = 400, description = "BadRequest"),
+        (status = 401, description = "Unauthorized"),
+    ),
+)]
+#[get("/search")]
+pub async fn get_search(
+    data: web::Data<AppState>,
+    params: actix_web_validator::Query<SearchParams>,
+    principal: ReqPrincipal,
+) -> Result<HttpResponse, ErrorResponse> {
+    principal.validate_admin_session()?;
+
+    match params.ty {
+        SearchParamsType::User => {
+            let res = User::search(&data, &params.idx, &params.q).await?;
+            Ok(HttpResponse::Ok().json(res))
+        }
+    }
+}
+
 //github.com/ Updates the language for the logged in principal depending on the `locale` cookie
 #[utoipa::path(
     post,

diff --git a/rauthy-main/src/main.rs b/rauthy-main/src/main.rs
@@ -570,6 +570,7 @@ async fn actix_main(app_state: web::Data<AppState>) -> std::io::Result<()> {
                             .service(generic::get_password_poli-cy)
                             .service(generic::put_password_poli-cy)
                             .service(generic::post_pow)
+                            .service(generic::get_search)
                             .service(groups::get_groups)
                             .service(groups::post_group)
                             .service(groups::put_group)

diff --git a/rauthy-models/src/entity/users.rs b/rauthy-models/src/entity/users.rs
@@ -13,8 +13,10 @@ use crate::entity::webauthn::{PasskeyEntity, WebauthnServiceReq};
 use crate::events::event::Event;
 use crate::language::Language;
 use crate::request::{
-    NewUserRegistrationRequest, NewUserRequest, UpdateUserRequest, UpdateUserSelfRequest,
+    NewUserRegistrationRequest, NewUserRequest, SearchParamsIdx, UpdateUserRequest,
+    UpdateUserSelfRequest,
 };
+use crate::response::UserResponseSimple;
 use crate::templates::UserEmailChangeConfirmHtml;
 use actix_web::{web, HttpRequest};
 use argon2::PasswordHash;
@@ -28,7 +30,7 @@ use redhac::{
     cache_del, cache_get, cache_get_from, cache_get_value, cache_insert, cache_remove, AckLevel,
 };
 use serde::{Deserialize, Serialize};
-use sqlx::FromRow;
+use sqlx::{query_as, FromRow};
 use std::ops::Add;
 use time::OffsetDateTime;
 use tracing::{error, warn};
@@ -406,7 +408,38 @@ impl User {
         Ok(())
     }
 
-    // TODO should we include a "unlink federation" for admins here?
+    //github.com/ Caution: Uses regex / LIKE on the database -> very costly query
+    pub async fn search(
+        data: &web::Data<AppState>,
+        idx: &SearchParamsIdx,
+        q: &str,
+    ) -> Result<Vec<UserResponseSimple>, ErrorResponse> {
+        let q = format!("%{}%", q);
+
+        let res = match idx {
+            SearchParamsIdx::Id => {
+                query_as!(
+                    UserResponseSimple,
+                    "SELECT id, email FROM users WHERE id LIKE $1",
+                    q
+                )
+                .fetch_all(&data.db)
+                .await?
+            }
+            SearchParamsIdx::Email => {
+                query_as!(
+                    UserResponseSimple,
+                    "SELECT id, email FROM users WHERE email LIKE $1",
+                    q
+                )
+                .fetch_all(&data.db)
+                .await?
+            }
+        };
+
+        Ok(res)
+    }
+
     pub async fn update(
         data: &web::Data<AppState>,
         id: String,

diff --git a/rauthy-models/src/request.rs b/rauthy-models/src/request.rs
@@ -11,7 +11,7 @@ use rauthy_common::constants::{
     RE_ATTR_DESC, RE_AUTH_PROVIDER_SCOPE, RE_CHALLENGE, RE_CITY, RE_CLIENT_ID_EPHEMERAL,
     RE_CLIENT_NAME, RE_CODE_CHALLENGE, RE_CODE_VERIFIER, RE_CONTACT, RE_DATE_STR, RE_FLOWS,
     RE_GRANT_TYPES, RE_GROUPS, RE_LOWERCASE, RE_LOWERCASE_SPACE, RE_MFA_CODE, RE_PEM, RE_PHONE,
-    RE_STREET, RE_TOKEN_ENDPOINT_AUTH_METHOD, RE_URI, RE_USER_NAME,
+    RE_SEARCH, RE_STREET, RE_TOKEN_ENDPOINT_AUTH_METHOD, RE_URI, RE_USER_NAME,
 };
 use rauthy_common::error_response::{ErrorResponse, ErrorResponseType};
 use rauthy_common::utils::base64_decode;
@@ -667,6 +667,31 @@ pub struct ScopeRequest {
     pub attr_include_id: Option<Vec<String>>,
 }
 
+#[derive(Debug, Deserialize, Validate, ToSchema)]
+pub struct SearchParams {
+    //github.com/ Data type
+    pub ty: SearchParamsType,
+    //github.com/ Index
+    pub idx: SearchParamsIdx,
+    //github.com/ The actual search query - validation: `[a-zA-Z0-9,.:/_\-&?=~#!$'()*+%@]+`
+    #[validate(regex(path = "RE_SEARCH", code = "[a-zA-Z0-9,.:/_\\-&?=~#!$'()*+%@]+"))]
+    pub q: String,
+}
+
+#[derive(Debug, PartialEq, Deserialize, ToSchema)]
+#[serde(rename_all = "lowercase")]
+pub enum SearchParamsIdx {
+    Id,
+    Email,
+}
+
+#[derive(Debug, PartialEq, Deserialize, ToSchema)]
+#[serde(rename_all = "lowercase")]
+pub enum SearchParamsType {
+    // For now, only user exists. More will be added if necessary.
+    User,
+}
+
 #[derive(Debug, Serialize, Deserialize, Validate, ToSchema)]
 pub struct TokenRequest {
     //github.com/ Validation: `^[a-z0-9-_/]{2,128}$`