summaryrefslogtreecommitdiffstats
path: root/rust/src/endpoints.rs
diff options
context:
space:
mode:
Diffstat (limited to 'rust/src/endpoints.rs')
-rw-r--r--rust/src/endpoints.rs51
1 files changed, 51 insertions, 0 deletions
diff --git a/rust/src/endpoints.rs b/rust/src/endpoints.rs
index 2f30a7fa..0dd69efd 100644
--- a/rust/src/endpoints.rs
+++ b/rust/src/endpoints.rs
@@ -1221,4 +1221,55 @@ impl Api for Server {
};
Box::new(futures::done(Ok(ret)))
}
+
+ fn create_auth_token(
+ &self,
+ editor_id: String,
+ duration_seconds: Option<i32>,
+ context: &Context,
+ ) -> Box<dyn Future<Item = CreateAuthTokenResponse, Error = ApiError> + Send> {
+ let conn = self.db_pool.get().expect("db_pool error");
+ let ret = match conn
+ .transaction(|| {
+ let auth_context = self.auth_confectionary.require_auth(
+ &conn,
+ &context.auth_data,
+ Some("create_auth_token"),
+ )?;
+ auth_context.require_role(FatcatRole::Superuser)?;
+ // create an auth token. default to 31 day duration
+ let duration = match duration_seconds {
+ Some(seconds) => {
+ assert!(seconds >= 1);
+ chrono::Duration::seconds(seconds.into())
+ }
+ None => chrono::Duration::days(31),
+ };
+ // TODO: does logic checking if account is locked happen elsewhere?
+ let token = self
+ .auth_confectionary
+ .create_token(FatcatId::from_str(&editor_id)?, Some(duration))?;
+ let result = AuthTokenResult { token };
+ Ok(result)
+ })
+ .map_err(|e: Error| FatcatError::from(e))
+ {
+ Ok(result) => {
+ self.metrics.incr("account.create_token").ok();
+ CreateAuthTokenResponse::Success(result)
+ }
+ Err(fe) => match fe {
+ InvalidCredentials(_) | InsufficientPrivileges(_) => {
+ CreateAuthTokenResponse::Forbidden(fe.into())
+ }
+ DatabaseError(_) | InternalError(_) => {
+ error!("{}", fe);
+ capture_fail(&fe);
+ CreateAuthTokenResponse::GenericError(fe.into())
+ }
+ _ => CreateAuthTokenResponse::BadRequest(fe.into()),
+ },
+ };
+ Box::new(futures::done(Ok(ret)))
+ }
}