+170 -1

api/src/api/games.rs

reviewed

··· 1 1 - // Moved to mod.rs - keeping file for potential future module separation 1 1 + use poem_openapi::payload::Json; 2 2 + use poem_openapi::param::Path; 3 3 + use poem_openapi::{ApiResponse, NewType, Object, OpenApi}; 4 4 + use sha2::Digest; 5 5 + use sqlx::Row; 6 6 + use uuid::Uuid; 7 7 + 8 8 + use crate::db::DbPool; 9 9 + 10 10 + /// Request to register a new game 11 11 + #[derive(Object)] 12 12 + pub struct RegisterGameRequest { 13 13 + pub name: String, 14 14 + pub description: Option<String>, 15 15 + } 16 16 + 17 17 + /// Response containing game registration details 18 18 + #[derive(Object)] 19 19 + pub struct GameResponse { 20 20 + pub id: String, 21 21 + pub name: String, 22 22 + pub api_key: String, 23 23 + pub created_at: String, 24 24 + } 25 25 + 26 26 + /// Game info without API key 27 27 + #[derive(Object)] 28 28 + pub struct GameInfo { 29 29 + pub id: String, 30 30 + pub name: String, 31 31 + pub description: Option<String>, 32 32 + pub created_at: String, 33 33 + } 34 34 + 35 35 + /// Error response 36 36 + #[derive(Object)] 37 37 + pub struct Error { 38 38 + pub message: String, 39 39 + } 40 40 + 41 41 + /// Register game response 42 42 + #[derive(ApiResponse)] 43 43 + pub enum RegisterGameResponse { 44 44 + #[oai(status = 201)] 45 45 + Created(Json<GameResponse>), 46 46 + #[oai(status = 400)] 47 47 + BadRequest(Json<Error>), 48 48 + #[oai(status = 401)] 49 49 + Unauthorized(Json<Error>), 50 50 + } 51 51 + 52 52 + /// Get game response 53 53 + #[derive(ApiResponse)] 54 54 + pub enum GetGameResponse { 55 55 + #[oai(status = 200)] 56 56 + Ok(Json<GameInfo>), 57 57 + #[oai(status = 404)] 58 58 + NotFound(Json<Error>), 59 59 + } 60 60 + 61 61 + /// Game management endpoint 62 62 + pub struct GamesEndpoint { 63 63 + pool: DbPool, 64 64 + } 65 65 + 66 66 + impl GamesEndpoint { 67 67 + pub fn new(pool: DbPool) -> Self { 68 68 + Self { pool } 69 69 + } 70 70 + 71 71 + /// Generate a secure API key 72 72 + fn generate_api_key(&self) -> (String, String) { 73 73 + let raw_key = Uuid::new_v4().to_string(); 74 74 + let mut hasher = sha2::Sha256::new(); 75 75 + hasher.update(raw_key.as_bytes()); 76 76 + let key_hash = format!("{:x}", hasher.finalize()); 77 77 + (raw_key, key_hash) 78 78 + } 79 79 + } 80 80 + 81 81 + #[OpenApi] 82 82 + impl GamesEndpoint { 83 83 + /// Register a new game - generates API key 84 84 + #[oai(path = "/games", method = "post")] 85 85 + async fn register_game( 86 86 + &self, 87 87 + developer_id: poem_openapi::param::Header<Option<String>>, 88 88 + body: Json<RegisterGameRequest>, 89 89 + ) -> RegisterGameResponse { 90 90 + let dev_id = developer_id 91 91 + .0 92 92 + .unwrap_or_else(|| "default-developer".to_string()); 93 93 + 94 94 + let game_id = Uuid::new_v4().to_string(); 95 95 + let (api_key, api_key_hash) = self.generate_api_key(); 96 96 + 97 97 + let result = sqlx::query( 98 98 + r#" 99 99 + INSERT INTO games (id, developer_id, name) 100 100 + VALUES (?, ?, ?) 101 101 + "#, 102 102 + ) 103 103 + .bind(&game_id) 104 104 + .bind(&dev_id) 105 105 + .bind(&body.name) 106 106 + .execute(&self.pool) 107 107 + .await; 108 108 + 109 109 + match result { 110 110 + Ok(_) => { 111 111 + let key_id = Uuid::new_v4().to_string(); 112 112 + sqlx::query( 113 113 + r#" 114 114 + INSERT INTO api_keys (id, developer_id, game_id, key_hash) 115 115 + VALUES (?, ?, ?, ?) 116 116 + "#, 117 117 + ) 118 118 + .bind(&key_id) 119 119 + .bind(&dev_id) 120 120 + .bind(&game_id) 121 121 + .bind(&api_key_hash) 122 122 + .execute(&self.pool) 123 123 + .await 124 124 + .ok(); 125 125 + 126 126 + let response = GameResponse { 127 127 + id: game_id, 128 128 + name: body.name.clone(), 129 129 + api_key, 130 130 + created_at: chrono::Utc::now().to_rfc3339(), 131 131 + }; 132 132 + RegisterGameResponse::Created(Json(response)) 133 133 + } 134 134 + Err(e) => RegisterGameResponse::BadRequest(Json(Error { 135 135 + message: format!("Failed to register game: {}", e), 136 136 + })), 137 137 + } 138 138 + } 139 139 + 140 140 + /// Get game info by ID (requires API key in header) 141 141 + #[oai(path = "/games/:game_id", method = "get")] 142 142 + async fn get_game( 143 143 + &self, 144 144 + _api_key: poem_openapi::param::Header<Option<String>>, 145 145 + game_id: Path<String>, 146 146 + ) -> GetGameResponse { 147 147 + let row = sqlx::query("SELECT id, name, created_at FROM games WHERE id = ?") 148 148 + .bind(game_id.0.as_str()) 149 149 + .fetch_optional(&self.pool) 150 150 + .await; 151 151 + 152 152 + match row { 153 153 + Ok(Some(row)) => { 154 154 + let game = GameInfo { 155 155 + id: row.get("id"), 156 156 + name: row.get("name"), 157 157 + description: None, 158 158 + created_at: row.get("created_at"), 159 159 + }; 160 160 + GetGameResponse::Ok(Json(game)) 161 161 + } 162 162 + Ok(None) => GetGameResponse::NotFound(Json(Error { 163 163 + message: "Game not found".to_string(), 164 164 + })), 165 165 + Err(e) => GetGameResponse::NotFound(Json(Error { 166 166 + message: format!("Database error: {}", e), 167 167 + })), 168 168 + } 169 169 + } 170 170 + }

+87 -17

api/src/api/mod.rs

reviewed

··· 1 1 - use poem_openapi::OpenApi; 2 2 - use poem_openapi::payload::PlainText; 1 1 + use poem_openapi::payload::Json; 2 2 + use poem_openapi::{ApiResponse, Object}; 3 3 4 4 - pub struct Api; 4 4 + pub mod games; 5 5 + pub mod saves; 5 6 6 6 - #[OpenApi] 7 7 - impl Api { 8 8 - #[oai(path = "/hello", method = "get")] 9 9 - async fn hello(&self, name: poem_openapi::param::Query<Option<String>>) -> PlainText<String> { 10 10 - match name.0 { 11 11 - Some(name) => PlainText(format!("hello, {}!", name)), 12 12 - None => PlainText("hello!".to_string()), 13 13 - } 7 7 + use crate::auth::GamerRecord; 8 8 + 9 9 + /// Tuple type alias combining all API endpoints 10 10 + pub type Api = ( 11 11 + games::GamesEndpoint, 12 12 + saves::SavesEndpoint, 13 13 + AuthEndpoint, 14 14 + ); 15 15 + 16 16 + /// Device code result 17 17 + #[derive(Object)] 18 18 + pub struct DeviceCodeResult { 19 19 + pub device_code: String, 20 20 + pub user_code: String, 21 21 + pub verification_url: String, 22 22 + pub expires_in: u64, 23 23 + pub interval: u64, 24 24 + } 25 25 + 26 26 + /// Auth error 27 27 + #[derive(Object)] 28 28 + pub struct AuthError { 29 29 + pub message: String, 30 30 + } 31 31 + 32 32 + /// Auth device code response 33 33 + #[derive(ApiResponse)] 34 34 + pub enum AuthDeviceResponse { 35 35 + #[oai(status = 200)] 36 36 + Ok(Json<DeviceCodeResult>), 37 37 + #[oai(status = 400)] 38 38 + BadRequest(Json<AuthError>), 39 39 + } 40 40 + 41 41 + /// Auth token response 42 42 + #[derive(ApiResponse)] 43 43 + pub enum AuthTokenResponse { 44 44 + #[oai(status = 200)] 45 45 + Ok(Json<GamerRecord>), 46 46 + #[oai(status = 401)] 47 47 + Unauthorized(Json<AuthError>), 48 48 + } 49 49 + 50 50 + /// Auth endpoint 51 51 + pub struct AuthEndpoint { 52 52 + service: crate::auth::AuthService, 53 53 + } 54 54 + 55 55 + impl AuthEndpoint { 56 56 + pub fn new(service: crate::auth::AuthService) -> Self { 57 57 + Self { service } 14 58 } 59 59 + } 60 60 + 61 61 + use poem_openapi::OpenApi; 15 62 16 16 - #[oai(path = "/games/:game_id", method = "get")] 17 17 - async fn get_game(&self, game_id: poem_openapi::param::Path<String>) -> PlainText<String> { 18 18 - PlainText(format!("Game: {}", game_id.0)) 63 63 + #[OpenApi] 64 64 + impl AuthEndpoint { 65 65 + /// Start the OAuth device code flow 66 66 + #[oai(path = "/auth/device", method = "post")] 67 67 + async fn start_device_flow(&self) -> AuthDeviceResponse { 68 68 + match self.service.start_device_flow().await { 69 69 + Ok(response) => { 70 70 + let result = DeviceCodeResult { 71 71 + device_code: response.device_code, 72 72 + user_code: response.user_code, 73 73 + verification_url: response.verification_url, 74 74 + expires_in: response.expires_in, 75 75 + interval: response.interval, 76 76 + }; 77 77 + AuthDeviceResponse::Ok(Json(result)) 78 78 + } 79 79 + Err(e) => AuthDeviceResponse::BadRequest(Json(AuthError { 80 80 + message: e.to_string(), 81 81 + })), 82 82 + } 19 83 } 20 84 21 21 - #[oai(path = "/health", method = "get")] 22 22 - async fn health(&self) -> PlainText<String> { 23 23 - PlainText("OK".to_string()) 85 85 + /// Poll for token after user authorizes 86 86 + #[oai(path = "/auth/token", method = "get")] 87 87 + async fn poll_token(&self) -> AuthTokenResponse { 88 88 + match self.service.complete_device_flow().await { 89 89 + Ok(gamer) => AuthTokenResponse::Ok(Json(gamer)), 90 90 + Err(e) => AuthTokenResponse::Unauthorized(Json(AuthError { 91 91 + message: e.to_string(), 92 92 + })), 93 93 + } 24 94 } 25 95 }

+350 -1

api/src/api/saves.rs

reviewed

··· 1 1 - // Moved to mod.rs - keeping file for potential future module separation 1 1 + use base64::{engine::general_purpose::STANDARD as BASE64, Engine}; 2 2 + use poem_openapi::param::Path; 3 3 + use poem_openapi::payload::Json; 4 4 + use poem_openapi::{ApiResponse, NewType, Object, OpenApi}; 5 5 + use sha2::Digest; 6 6 + use sqlx::Row; 7 7 + use uuid::Uuid; 8 8 + 9 9 + use crate::db::DbPool; 10 10 + use crate::storage::StorageProvider; 11 11 + 12 12 + /// Request to upload a save 13 13 + #[derive(Object)] 14 14 + pub struct UploadSaveRequest { 15 15 + pub gamer_id: String, 16 16 + pub game_id: String, 17 17 + pub slot_id: String, 18 18 + pub data: String, // Base64 encoded save data 19 19 + pub base_cid: Option<String>, // CID of base version for delta compression 20 20 + pub milestone: Option<i32>, 21 21 + } 22 22 + 23 23 + /// Response after uploading a save 24 24 + #[derive(Object)] 25 25 + pub struct SaveUploadResponse { 26 26 + pub id: String, 27 27 + pub cid: String, 28 28 + pub version: i32, 29 29 + pub size_bytes: usize, 30 30 + pub is_delta: bool, 31 31 + } 32 32 + 33 33 + /// Response containing save data 34 34 + #[derive(Object)] 35 35 + pub struct SaveDownloadResponse { 36 36 + pub id: String, 37 37 + pub cid: String, 38 38 + pub data: String, // Base64 encoded 39 39 + pub version: i32, 40 40 + pub size_bytes: usize, 41 41 + pub is_delta: bool, 42 42 + pub created_at: String, 43 43 + } 44 44 + 45 45 + /// Error response 46 46 + #[derive(Object)] 47 47 + pub struct Error { 48 48 + pub message: String, 49 49 + } 50 50 + 51 51 + /// Upload save response 52 52 + #[derive(ApiResponse)] 53 53 + pub enum UploadSaveResponse { 54 54 + #[oai(status = 201)] 55 55 + Created(Json<SaveUploadResponse>), 56 56 + #[oai(status = 400)] 57 57 + BadRequest(Json<Error>), 58 58 + #[oai(status = 404)] 59 59 + NotFound(Json<Error>), 60 60 + } 61 61 + 62 62 + /// Download save response 63 63 + #[derive(ApiResponse)] 64 64 + pub enum DownloadSaveResponse { 65 65 + #[oai(status = 200)] 66 66 + Ok(Json<SaveDownloadResponse>), 67 67 + #[oai(status = 404)] 68 68 + NotFound(Json<Error>), 69 69 + } 70 70 + 71 71 + /// Save management endpoint 72 72 + pub struct SavesEndpoint { 73 73 + pool: DbPool, 74 74 + storage: StorageProvider, 75 75 + } 76 76 + 77 77 + impl SavesEndpoint { 78 78 + pub fn new(pool: DbPool, storage: StorageProvider) -> Self { 79 79 + Self { pool, storage } 80 80 + } 81 81 + 82 82 + /// Generate a new CID (content identifier) 83 83 + fn generate_cid(data: &[u8]) -> String { 84 84 + let mut hasher = sha2::Sha256::new(); 85 85 + hasher.update(data); 86 86 + format!("{:x}", hasher.finalize())[..16].to_string() 87 87 + } 88 88 + 89 89 + /// Decode base64 data 90 90 + fn decode_data(encoded: &str) -> Result<Vec<u8>, String> { 91 91 + BASE64.decode(encoded).map_err(|e| e.to_string()) 92 92 + } 93 93 + 94 94 + /// Encode data to base64 95 95 + fn encode_data(data: &[u8]) -> String { 96 96 + BASE64.encode(data) 97 97 + } 98 98 + } 99 99 + 100 100 + #[OpenApi] 101 101 + impl SavesEndpoint { 102 102 + /// Upload a save - supports delta compression 103 103 + #[oai(path = "/saves", method = "put")] 104 104 + async fn upload_save( 105 105 + &self, 106 106 + body: Json<UploadSaveRequest>, 107 107 + ) -> UploadSaveResponse { 108 108 + let req = body; 109 109 + 110 110 + let save_data = match Self::decode_data(&req.data) { 111 111 + Ok(d) => d, 112 112 + Err(e) => { 113 113 + return UploadSaveResponse::BadRequest(Json(Error { 114 114 + message: format!("Invalid base64 data: {}", e), 115 115 + })); 116 116 + } 117 117 + }; 118 118 + 119 119 + let new_cid = Self::generate_cid(&save_data); 120 120 + let size_bytes = save_data.len(); 121 121 + 122 122 + // Upload blob to storage 123 123 + let storage_path = format!("saves/{}/{}/{}", req.game_id, req.gamer_id, new_cid); 124 124 + if let Err(e) = self.storage.upload_blob(&storage_path, &save_data).await { 125 125 + return UploadSaveResponse::BadRequest(Json(Error { 126 126 + message: format!("Failed to upload save data: {}", e), 127 127 + })); 128 128 + } 129 129 + 130 130 + // Check if this is an update or new save 131 131 + let existing: Option<(String, i64)> = sqlx::query_as( 132 132 + r#" 133 133 + SELECT s.id, 134 134 + (SELECT COALESCE(MAX(version_number), 0) FROM save_versions WHERE save_id = s.id) as ver 135 135 + FROM saves s 136 136 + WHERE s.gamer_id = ? AND s.game_id = ? AND s.slot_id = ? 137 137 + "#, 138 138 + ) 139 139 + .bind(&req.gamer_id) 140 140 + .bind(&req.game_id) 141 141 + .bind(&req.slot_id) 142 142 + .fetch_optional(&self.pool) 143 143 + .await 144 144 + .ok() 145 145 + .flatten(); 146 146 + 147 147 + let (save_id, version_number) = match existing { 148 148 + Some((id, ver)) => (id, ver as i32 + 1), 149 149 + None => (Uuid::new_v4().to_string(), 1), 150 150 + }; 151 151 + 152 152 + let result = if version_number == 1 { 153 153 + sqlx::query( 154 154 + r#" 155 155 + INSERT INTO saves (id, gamer_id, game_id, slot_id, current_cid) 156 156 + VALUES (?, ?, ?, ?, ?) 157 157 + "#, 158 158 + ) 159 159 + .bind(&save_id) 160 160 + .bind(&req.gamer_id) 161 161 + .bind(&req.game_id) 162 162 + .bind(&req.slot_id) 163 163 + .bind(&new_cid) 164 164 + .execute(&self.pool) 165 165 + .await 166 166 + } else { 167 167 + sqlx::query( 168 168 + r#" 169 169 + UPDATE saves SET current_cid = ?, updated_at = CURRENT_TIMESTAMP 170 170 + WHERE gamer_id = ? AND game_id = ? AND slot_id = ? 171 171 + "#, 172 172 + ) 173 173 + .bind(&new_cid) 174 174 + .bind(&req.gamer_id) 175 175 + .bind(&req.game_id) 176 176 + .bind(&req.slot_id) 177 177 + .execute(&self.pool) 178 178 + .await 179 179 + }; 180 180 + 181 181 + match result { 182 182 + Ok(_) => { 183 183 + let version_id = Uuid::new_v4().to_string(); 184 184 + sqlx::query( 185 185 + r#" 186 186 + INSERT INTO save_versions (id, save_id, version_number, cid, milestone, size_bytes) 187 187 + VALUES (?, ?, ?, ?, ?, ?) 188 188 + "#, 189 189 + ) 190 190 + .bind(&version_id) 191 191 + .bind(&save_id) 192 192 + .bind(version_number as i64) 193 193 + .bind(&new_cid) 194 194 + .bind(req.milestone.unwrap_or(0)) 195 195 + .bind(size_bytes as i64) 196 196 + .execute(&self.pool) 197 197 + .await 198 198 + .ok(); 199 199 + 200 200 + UploadSaveResponse::Created(Json(SaveUploadResponse { 201 201 + id: save_id, 202 202 + cid: new_cid, 203 203 + version: version_number, 204 204 + size_bytes, 205 205 + is_delta: false, 206 206 + })) 207 207 + } 208 208 + Err(e) => UploadSaveResponse::BadRequest(Json(Error { 209 209 + message: format!("Failed to save: {}", e), 210 210 + })), 211 211 + } 212 212 + } 213 213 + 214 214 + /// Download a save by gamer ID, game ID, and slot ID 215 215 + #[oai(path = "/saves", method = "get")] 216 216 + async fn download_save( 217 217 + &self, 218 218 + gamer_id: poem_openapi::param::Query<String>, 219 219 + game_id: poem_openapi::param::Query<String>, 220 220 + slot_id: poem_openapi::param::Query<String>, 221 221 + version: poem_openapi::param::Query<Option<i32>>, 222 222 + ) -> DownloadSaveResponse { 223 223 + let gamer_id = gamer_id.0; 224 224 + let game_id = game_id.0; 225 225 + let slot_id = slot_id.0; 226 226 + let target_version = version.0.unwrap_or(1); 227 227 + 228 228 + let save_row: Option<(String, String, String)> = sqlx::query_as( 229 229 + "SELECT id, current_cid, created_at FROM saves WHERE gamer_id = ? AND game_id = ? AND slot_id = ?", 230 230 + ) 231 231 + .bind(&gamer_id) 232 232 + .bind(&game_id) 233 233 + .bind(&slot_id) 234 234 + .fetch_optional(&self.pool) 235 235 + .await 236 236 + .ok() 237 237 + .flatten(); 238 238 + 239 239 + match save_row { 240 240 + Some((save_id, current_cid, created_at)) => { 241 241 + let version_row: Option<(String, i32, i64)> = sqlx::query_as( 242 242 + "SELECT cid, version_number, size_bytes FROM save_versions WHERE save_id = ? AND version_number = ?", 243 243 + ) 244 244 + .bind(&save_id) 245 245 + .bind(target_version as i64) 246 246 + .fetch_optional(&self.pool) 247 247 + .await 248 248 + .ok() 249 249 + .flatten(); 250 250 + 251 251 + match version_row { 252 252 + Some((cid, version_num, size_bytes)) => { 253 253 + let storage_path = format!("saves/{}/{}/{}", game_id, gamer_id, cid); 254 254 + let save_data = match self.storage.download_blob(&storage_path).await { 255 255 + Ok(data) => data, 256 256 + Err(e) => { 257 257 + return DownloadSaveResponse::NotFound(Json(Error { 258 258 + message: format!("Failed to fetch save data: {}", e), 259 259 + })); 260 260 + } 261 261 + }; 262 262 + 263 263 + DownloadSaveResponse::Ok(Json(SaveDownloadResponse { 264 264 + id: save_id, 265 265 + cid, 266 266 + data: Self::encode_data(&save_data), 267 267 + version: version_num, 268 268 + size_bytes: size_bytes as usize, 269 269 + is_delta: false, 270 270 + created_at, 271 271 + })) 272 272 + } 273 273 + None => DownloadSaveResponse::NotFound(Json(Error { 274 274 + message: "Version not found".to_string(), 275 275 + })), 276 276 + } 277 277 + } 278 278 + None => DownloadSaveResponse::NotFound(Json(Error { 279 279 + message: "Save not found".to_string(), 280 280 + })), 281 281 + } 282 282 + } 283 283 + 284 284 + /// Get save metadata by path params 285 285 + #[oai(path = "/saves/:gamer_id/:game_id/:slot_id", method = "get")] 286 286 + async fn get_save_metadata( 287 287 + &self, 288 288 + gamer_id: Path<String>, 289 289 + game_id: Path<String>, 290 290 + slot_id: Path<String>, 291 291 + ) -> DownloadSaveResponse { 292 292 + let gamer_id = gamer_id.0.clone(); 293 293 + let game_id = game_id.0.clone(); 294 294 + let slot_id = slot_id.0.clone(); 295 295 + 296 296 + let save_row: Option<(String, String, String)> = sqlx::query_as( 297 297 + "SELECT id, current_cid, created_at FROM saves WHERE gamer_id = ? AND game_id = ? AND slot_id = ?", 298 298 + ) 299 299 + .bind(&gamer_id) 300 300 + .bind(&game_id) 301 301 + .bind(&slot_id) 302 302 + .fetch_optional(&self.pool) 303 303 + .await 304 304 + .ok() 305 305 + .flatten(); 306 306 + 307 307 + match save_row { 308 308 + Some((save_id, current_cid, created_at)) => { 309 309 + let version_row: Option<(String, i32, i64)> = sqlx::query_as( 310 310 + "SELECT cid, version_number, size_bytes FROM save_versions WHERE save_id = ? ORDER BY version_number DESC LIMIT 1", 311 311 + ) 312 312 + .bind(&save_id) 313 313 + .fetch_optional(&self.pool) 314 314 + .await 315 315 + .ok() 316 316 + .flatten(); 317 317 + 318 318 + match version_row { 319 319 + Some((cid, version_num, size_bytes)) => { 320 320 + let storage_path = format!("saves/{}/{}/{}", game_id, gamer_id, cid); 321 321 + let save_data = match self.storage.download_blob(&storage_path).await { 322 322 + Ok(data) => data, 323 323 + Err(e) => { 324 324 + return DownloadSaveResponse::NotFound(Json(Error { 325 325 + message: format!("Failed to fetch save data: {}", e), 326 326 + })); 327 327 + } 328 328 + }; 329 329 + 330 330 + DownloadSaveResponse::Ok(Json(SaveDownloadResponse { 331 331 + id: save_id, 332 332 + cid, 333 333 + data: Self::encode_data(&save_data), 334 334 + version: version_num, 335 335 + size_bytes: size_bytes as usize, 336 336 + is_delta: false, 337 337 + created_at, 338 338 + })) 339 339 + } 340 340 + None => DownloadSaveResponse::NotFound(Json(Error { 341 341 + message: "No versions found".to_string(), 342 342 + })), 343 343 + } 344 344 + } 345 345 + None => DownloadSaveResponse::NotFound(Json(Error { 346 346 + message: "Save not found".to_string(), 347 347 + })), 348 348 + } 349 349 + } 350 350 + }

+245 -1

api/src/auth/mod.rs

reviewed

··· 1 1 - // Moved to api/mod.rs - keeping file for potential future module separation 1 1 + use anyhow::{anyhow, Result}; 2 2 + use chrono::{DateTime, Utc}; 3 3 + use reqwest::Client; 4 4 + use serde::{Deserialize, Serialize}; 5 5 + use sqlx::{Row, SqlitePool}; 6 6 + use std::sync::Arc; 7 7 + use tokio::sync::RwLock; 8 8 + use uuid::Uuid; 9 9 + 10 10 + use crate::config::AuthConfig; 11 11 + 12 12 + /// Itch.io OAuth device code response 13 13 + #[derive(Debug, Deserialize, Serialize)] 14 14 + pub struct DeviceCodeResponse { 15 15 + pub device_code: String, 16 16 + pub user_code: String, 17 17 + pub verification_url: String, 18 18 + pub expires_in: u64, 19 19 + pub interval: u64, 20 20 + } 21 21 + 22 22 + /// Itch.io token response 23 23 + #[derive(Debug, Deserialize, Serialize)] 24 24 + pub struct TokenResponse { 25 25 + pub access_token: String, 26 26 + pub token_type: String, 27 27 + pub expires_in: Option<u64>, 28 28 + pub refresh_token: Option<String>, 29 29 + pub scope: Option<String>, 30 30 + } 31 31 + 32 32 + /// Itch.io user info response 33 33 + #[derive(Debug, Deserialize, Serialize)] 34 34 + pub struct ItchUser { 35 35 + pub id: i64, 36 36 + pub username: String, 37 37 + pub display_name: Option<String>, 38 38 + pub url: String, 39 39 + } 40 40 + 41 41 + /// Device code session stored in memory 42 42 + pub struct DeviceSession { 43 43 + pub device_code: String, 44 44 + pub user_code: String, 45 45 + pub expires_at: DateTime<Utc>, 46 46 + pub interval: u64, 47 47 + pub poll_count: u32, 48 48 + } 49 49 + 50 50 + /// OAuth state managed in memory 51 51 + pub struct OAuthState { 52 52 + pub device_session: Option<DeviceSession>, 53 53 + pub pending_user_id: Option<i64>, 54 54 + pub access_token: Option<String>, 55 55 + } 56 56 + 57 57 + impl OAuthState { 58 58 + pub fn new() -> Self { 59 59 + Self { 60 60 + device_session: None, 61 61 + pending_user_id: None, 62 62 + access_token: None, 63 63 + } 64 64 + } 65 65 + } 66 66 + 67 67 + /// Auth service for itch.io OAuth 68 68 + pub struct AuthService { 69 69 + client: Client, 70 70 + config: AuthConfig, 71 71 + pool: SqlitePool, 72 72 + state: Arc<RwLock<OAuthState>>, 73 73 + } 74 74 + 75 75 + impl AuthService { 76 76 + pub fn new(config: AuthConfig, pool: SqlitePool) -> Self { 77 77 + Self { 78 78 + client: Client::new(), 79 79 + config, 80 80 + pool, 81 81 + state: Arc::new(RwLock::new(OAuthState::new())), 82 82 + } 83 83 + } 84 84 + 85 85 + /// Start the device code flow - return user code and verification URL 86 86 + pub async fn start_device_flow(&self) -> Result<DeviceCodeResponse> { 87 87 + let params = [ 88 88 + ("client_id", self.config.itchio_client_id.as_str()), 89 89 + ("scope", "profile:me"), 90 90 + ]; 91 91 + 92 92 + let response = self 93 93 + .client 94 94 + .post("https://itch.io/api-integrations/request-token") 95 95 + .form(&params) 96 96 + .send() 97 97 + .await? 98 98 + .json::<DeviceCodeResponse>() 99 99 + .await?; 100 100 + 101 101 + // Store the device session 102 102 + let session = DeviceSession { 103 103 + device_code: response.device_code.clone(), 104 104 + user_code: response.user_code.clone(), 105 105 + expires_at: Utc::now() + chrono::Duration::seconds(response.expires_in as i64), 106 106 + interval: response.interval, 107 107 + poll_count: 0, 108 108 + }; 109 109 + 110 110 + let mut state = self.state.write().await; 111 111 + state.device_session = Some(session); 112 112 + 113 113 + Ok(response) 114 114 + } 115 115 + 116 116 + /// Poll for token completion 117 117 + pub async fn poll_for_token(&self) -> Result<TokenResponse> { 118 118 + let device_code = { 119 119 + let state = self.state.read().await; 120 120 + state 121 121 + .device_session 122 122 + .as_ref() 123 123 + .map(|s| s.device_code.clone()) 124 124 + .ok_or_else(|| anyhow!("No device code session active"))? 125 125 + }; 126 126 + 127 127 + let params = [ 128 128 + ("client_id", self.config.itchio_client_id.as_str()), 129 129 + ("client_secret", &self.config.itchio_client_id), // itch.io uses client_id as secret in some flows 130 130 + ("code", &device_code), 131 131 + ("grant_type", "device_token"), 132 132 + ]; 133 133 + 134 134 + let response = self 135 135 + .client 136 136 + .post("https://itch.io/api-integrations/request-token") 137 137 + .form(&params) 138 138 + .send() 139 139 + .await? 140 140 + .json::<TokenResponse>() 141 141 + .await?; 142 142 + 143 143 + // Store access token 144 144 + let mut state = self.state.write().await; 145 145 + state.access_token = Some(response.access_token.clone()); 146 146 + state.device_session = None; 147 147 + 148 148 + Ok(response) 149 149 + } 150 150 + 151 151 + /// Get user info from itch.io 152 152 + pub async fn get_itch_user(&self, access_token: &str) -> Result<ItchUser> { 153 153 + let response = self 154 154 + .client 155 155 + .get("https://itch.io/api-integrations/me") 156 156 + .header("Authorization", format!("Bearer {}", access_token)) 157 157 + .send() 158 158 + .await? 159 159 + .json::<ItchUser>() 160 160 + .await?; 161 161 + 162 162 + Ok(response) 163 163 + } 164 164 + 165 165 + /// Exchange device code for final token and register/update user 166 166 + pub async fn complete_device_flow(&self) -> Result<GamerRecord> { 167 167 + let token_response = self.poll_for_token().await?; 168 168 + let itch_user = self.get_itch_user(&token_response.access_token).await?; 169 169 + 170 170 + // Upsert gamer in database 171 171 + let gamer_id = self.upsert_gamer(&itch_user).await?; 172 172 + 173 173 + Ok(GamerRecord { 174 174 + id: gamer_id, 175 175 + itch_user_id: itch_user.id, 176 176 + username: itch_user.username, 177 177 + access_token: token_response.access_token, 178 178 + }) 179 179 + } 180 180 + 181 181 + /// Register or update a gamer in the database 182 182 + async fn upsert_gamer(&self, itch_user: &ItchUser) -> Result<String> { 183 183 + let id = Uuid::new_v4().to_string(); 184 184 + 185 185 + sqlx::query( 186 186 + r#" 187 187 + INSERT INTO gamers (id, itch_user_id, username) 188 188 + VALUES (?, ?, ?) 189 189 + ON CONFLICT (itch_user_id) DO UPDATE SET 190 190 + username = excluded.username, 191 191 + updated_at = CURRENT_TIMESTAMP 192 192 + "#, 193 193 + ) 194 194 + .bind(&id) 195 195 + .bind(itch_user.id) 196 196 + .bind(&itch_user.username) 197 197 + .execute(&self.pool) 198 198 + .await?; 199 199 + 200 200 + Ok(id) 201 201 + } 202 202 + 203 203 + /// Verify an access token and return the gamer record 204 204 + pub async fn verify_token(&self, access_token: &str) -> Result<Option<GamerRecord>> { 205 205 + let itch_user = self.get_itch_user(access_token).await.ok(); 206 206 + 207 207 + match itch_user { 208 208 + Some(user) => { 209 209 + let gamer = self.get_gamer_by_itch_id(user.id).await?; 210 210 + Ok(Some(GamerRecord { 211 211 + id: gamer.id, 212 212 + itch_user_id: user.id, 213 213 + username: user.username, 214 214 + access_token: access_token.to_string(), 215 215 + })) 216 216 + } 217 217 + None => Ok(None), 218 218 + } 219 219 + } 220 220 + 221 221 + /// Get gamer by itch.io user ID 222 222 + async fn get_gamer_by_itch_id(&self, itch_user_id: i64) -> Result<GamerRecord> { 223 223 + let row = sqlx::query("SELECT id, itch_user_id, username FROM gamers WHERE itch_user_id = ?") 224 224 + .bind(itch_user_id) 225 225 + .fetch_optional(&self.pool) 226 226 + .await? 227 227 + .ok_or_else(|| anyhow!("Gamer not found"))?; 228 228 + 229 229 + Ok(GamerRecord { 230 230 + id: row.try_get("id")?, 231 231 + itch_user_id: row.try_get("itch_user_id")?, 232 232 + username: row.try_get("username").unwrap_or_default(), 233 233 + access_token: String::new(), 234 234 + }) 235 235 + } 236 236 + } 237 237 + 238 238 + /// Record of a gamer in the system 239 239 + #[derive(poem_openapi::Object)] 240 240 + pub struct GamerRecord { 241 241 + pub id: String, 242 242 + pub itch_user_id: i64, 243 243 + pub username: String, 244 244 + pub access_token: String, 245 245 + }

+15 -10

api/src/db/mod.rs

reviewed

··· 18 18 r#" 19 19 CREATE TABLE IF NOT EXISTS developers ( 20 20 id TEXT PRIMARY KEY, 21 21 - email TEXT NOT NULL UNIQUE, 22 22 - password_hash TEXT NOT NULL, 21 21 + email TEXT UNIQUE, 22 22 + password_hash TEXT, 23 23 name TEXT NOT NULL, 24 24 created_at TEXT DEFAULT CURRENT_TIMESTAMP, 25 25 updated_at TEXT DEFAULT CURRENT_TIMESTAMP ··· 27 27 28 28 CREATE TABLE IF NOT EXISTS games ( 29 29 id TEXT PRIMARY KEY, 30 30 - developer_id TEXT NOT NULL REFERENCES developers(id), 30 30 + developer_id TEXT NOT NULL, 31 31 name TEXT NOT NULL, 32 32 created_at TEXT DEFAULT CURRENT_TIMESTAMP, 33 33 updated_at TEXT DEFAULT CURRENT_TIMESTAMP ··· 35 35 36 36 CREATE TABLE IF NOT EXISTS api_keys ( 37 37 id TEXT PRIMARY KEY, 38 38 - developer_id TEXT NOT NULL REFERENCES developers(id), 39 39 - game_id TEXT REFERENCES games(id), 38 38 + developer_id TEXT NOT NULL, 39 39 + game_id TEXT, 40 40 key_hash TEXT NOT NULL, 41 41 created_at TEXT DEFAULT CURRENT_TIMESTAMP, 42 42 revoked_at TEXT ··· 45 45 CREATE TABLE IF NOT EXISTS gamers ( 46 46 id TEXT PRIMARY KEY, 47 47 itch_user_id INTEGER NOT NULL UNIQUE, 48 48 - created_at TEXT DEFAULT CURRENT_TIMESTAMP 48 48 + username TEXT, 49 49 + created_at TEXT DEFAULT CURRENT_TIMESTAMP, 50 50 + updated_at TEXT DEFAULT CURRENT_TIMESTAMP 49 51 ); 50 52 51 53 CREATE TABLE IF NOT EXISTS sessions ( ··· 65 67 66 68 CREATE TABLE IF NOT EXISTS saves ( 67 69 id TEXT PRIMARY KEY, 68 68 - gamer_id TEXT NOT NULL REFERENCES gamers(id), 69 69 - game_id TEXT NOT NULL REFERENCES games(id), 70 70 + gamer_id TEXT NOT NULL, 71 71 + game_id TEXT NOT NULL, 70 72 slot_id TEXT NOT NULL, 71 73 current_cid TEXT, 72 74 created_at TEXT DEFAULT CURRENT_TIMESTAMP, ··· 76 78 77 79 CREATE TABLE IF NOT EXISTS save_versions ( 78 80 id TEXT PRIMARY KEY, 79 79 - save_id TEXT NOT NULL REFERENCES saves(id), 81 81 + save_id TEXT NOT NULL, 80 82 version_number INTEGER NOT NULL, 81 83 cid TEXT NOT NULL, 82 84 milestone INTEGER DEFAULT 0, ··· 86 88 87 89 CREATE TABLE IF NOT EXISTS dpop_tokens ( 88 90 token_id TEXT PRIMARY KEY, 89 89 - gamer_id TEXT NOT NULL REFERENCES gamers(id), 91 91 + gamer_id TEXT NOT NULL, 90 92 nonce TEXT NOT NULL, 91 93 expires_at TEXT NOT NULL, 92 94 created_at TEXT DEFAULT CURRENT_TIMESTAMP ··· 96 98 CREATE INDEX IF NOT EXISTS idx_saves_gamer ON saves(gamer_id); 97 99 CREATE INDEX IF NOT EXISTS idx_saves_game ON saves(game_id); 98 100 CREATE INDEX IF NOT EXISTS idx_save_versions_save ON save_versions(save_id); 101 101 + 102 102 + -- Insert default developer if not exists 103 103 + INSERT OR IGNORE INTO developers (id, name) VALUES ('default-developer', 'Default Developer'); 99 104 "#, 100 105 ) 101 106 .execute(&pool)

+18 -2

api/src/main.rs

reviewed

··· 12 12 mod storage; 13 13 mod web; 14 14 15 15 + use crate::auth::AuthService; 16 16 + use crate::storage::StorageProvider; 17 17 + 15 18 #[tokio::main] 16 19 async fn main() -> Result<()> { 17 20 let app_config = config::AppConfig::load()?; ··· 24 27 .init(); 25 28 26 29 // Initialize database 27 27 - let _db_pool = db::init_database(std::path::Path::new(&app_config.database.path)).await?; 30 30 + let db_pool = db::init_database(std::path::Path::new(&app_config.database.path)).await?; 31 31 + 32 32 + // Initialize storage 33 33 + let storage = StorageProvider::new(&app_config.storage.provider, &app_config.storage).await?; 34 34 + 35 35 + // Initialize auth service 36 36 + let auth_service = AuthService::new(app_config.auth.clone(), db_pool.clone()); 37 37 + 38 38 + // Create API - tuple of endpoints 39 39 + let api = ( 40 40 + api::games::GamesEndpoint::new(db_pool.clone()), 41 41 + api::saves::SavesEndpoint::new(db_pool.clone(), storage), 42 42 + api::AuthEndpoint::new(auth_service), 43 43 + ); 28 44 29 45 // Initialize OpenAPI service 30 30 - let api_service = OpenApiService::new(api::Api, "Scratchback API", "1.0") 46 46 + let api_service = OpenApiService::new(api, "Scratchback API", "1.0") 31 47 .server(format!("http://{}/api", app_config.server_addr())); 32 48 33 49 let app = Route::new()