GKaszewski/thoughts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement friends API with routes to get friends list and update thought visibility logic

Browse Source
This commit is contained in:
Gabriel Kaszewski
2025-09-06 22:14:47 +02:00
parent bf7c6501c6
commit dc92945962
11 changed files with 241 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
thoughts-backend/api/src/routers/api_key.rs
View File

@@ -16,7 +16,7 @@ use sea_orm::prelude::Uuid;
#[utoipa::path( #[utoipa::path(
get, get,
path = "/me/api-keys", path = "",
responses( responses(
(status = 200, description = "List of API keys", body = ApiKeyListSchema), (status = 200, description = "List of API keys", body = ApiKeyListSchema),
(status = 401, description = "Unauthorized", body = ApiErrorResponse), (status = 401, description = "Unauthorized", body = ApiErrorResponse),
@@ -36,7 +36,7 @@ async fn get_keys(
#[utoipa::path( #[utoipa::path(
post, post,
path = "/me/api-keys", path = "",
request_body = ApiKeyRequest, request_body = ApiKeyRequest,
responses( responses(
(status = 201, description = "API key created", body = ApiKeyResponse), (status = 201, description = "API key created", body = ApiKeyResponse),
@@ -63,7 +63,7 @@ async fn create_key(
#[utoipa::path( #[utoipa::path(
delete, delete,
path = "/me/api-keys/{key_id}", path = "/{key_id}",
responses( responses(
(status = 204, description = "API key deleted"), (status = 204, description = "API key deleted"),
(status = 401, description = "Unauthorized", body = ApiErrorResponse), (status = 401, description = "Unauthorized", body = ApiErrorResponse),

24
thoughts-backend/api/src/routers/friends.rs Normal file
View File

@@ -0,0 +1,24 @@
use crate::{error::ApiError, extractor::AuthUser};
use app::{persistence::user, state::AppState};
use axum::{extract::State, response::IntoResponse, routing::get, Json, Router};
use models::schemas::user::UserListSchema;
#[utoipa::path(
get,
path = "",
responses(
(status = 200, description = "List of authenticated user's friends", body = UserListSchema)
),
security(("bearer_auth" = []))
)]
async fn get_friends_list(
State(state): State<AppState>,
auth_user: AuthUser,
) -> Result<impl IntoResponse, ApiError> {
let friends = user::get_friends(&state.conn, auth_user.id).await?;
Ok(Json(UserListSchema::from(friends)))
}
pub fn create_friends_router() -> Router<AppState> {
Router::new().route("/", get(get_friends_list))
}

2
thoughts-backend/api/src/routers/mod.rs
View File

@@ -3,6 +3,7 @@ use axum::Router;
pub mod api_key; pub mod api_key;
pub mod auth; pub mod auth;
pub mod feed; pub mod feed;
pub mod friends;
pub mod root; pub mod root;
pub mod tag; pub mod tag;
pub mod thought; pub mod thought;
@@ -28,6 +29,7 @@ pub fn create_router(state: AppState) -> Router {
.nest("/thoughts", create_thought_router()) .nest("/thoughts", create_thought_router())
.nest("/feed", create_feed_router()) .nest("/feed", create_feed_router())
.nest("/tags", tag::create_tag_router()) .nest("/tags", tag::create_tag_router())
.nest("/friends", friends::create_friends_router())
.with_state(state) .with_state(state)
.layer(cors) .layer(cors)
} }

37
thoughts-backend/api/src/routers/thought.rs
View File

@@ -2,7 +2,7 @@ use axum::{
extract::{Path, State}, extract::{Path, State},
http::StatusCode, http::StatusCode,
response::IntoResponse, response::IntoResponse,
routing::{delete, post}, routing::{get, post},
Router, Router,
}; };
@@ -16,11 +16,40 @@ use sea_orm::prelude::Uuid;
use crate::{ use crate::{
error::ApiError, error::ApiError,
extractor::{AuthUser, Json, Valid}, extractor::{AuthUser, Json, OptionalAuthUser, Valid},
federation, federation,
models::{ApiErrorResponse, ParamsErrorResponse}, models::{ApiErrorResponse, ParamsErrorResponse},
}; };
#[utoipa::path(
get,
path = "/{id}",
params(
("id" = Uuid, Path, description = "Thought ID")
),
responses(
(status = 200, description = "Thought found", body = ThoughtSchema),
(status = 404, description = "Not Found", body = ApiErrorResponse)
)
)]
async fn get_thought_by_id(
State(state): State<AppState>,
Path(id): Path<Uuid>,
viewer: OptionalAuthUser,
) -> Result<impl IntoResponse, ApiError> {
let viewer_id = viewer.0.map(|u| u.id);
let thought = get_thought(&state.conn, id, viewer_id)
.await?
.ok_or(UserError::NotFound)?;
let author = app::persistence::user::get_user(&state.conn, thought.author_id)
.await?
.ok_or(UserError::NotFound)?;
let schema = ThoughtSchema::from_models(&thought, &author);
Ok(Json(schema))
}
#[utoipa::path( #[utoipa::path(
post, post,
path = "", path = "",
@@ -77,7 +106,7 @@ async fn thoughts_delete(
auth_user: AuthUser, auth_user: AuthUser,
Path(id): Path<Uuid>, Path(id): Path<Uuid>,
) -> Result<impl IntoResponse, ApiError> { ) -> Result<impl IntoResponse, ApiError> {
let thought = get_thought(&state.conn, id) let thought = get_thought(&state.conn, id, Some(auth_user.id))
.await? .await?
.ok_or(UserError::NotFound)?; .ok_or(UserError::NotFound)?;
@@ -92,5 +121,5 @@ async fn thoughts_delete(
pub fn create_thought_router() -> Router<AppState> { pub fn create_thought_router() -> Router<AppState> {
Router::new() Router::new()
.route("/", post(thoughts_post)) .route("/", post(thoughts_post))
.route("/{id}", delete(thoughts_delete)) .route("/{id}", get(get_thought_by_id).delete(thoughts_delete))
} }

32
thoughts-backend/app/src/persistence/thought.rs
View File

@@ -45,8 +45,36 @@ pub async fn create_thought(
Ok(new_thought) Ok(new_thought)
} }
pub async fn get_thought(db: &DbConn, thought_id: Uuid) -> Result<Option<thought::Model>, DbErr> { pub async fn get_thought(
thought::Entity::find_by_id(thought_id).one(db).await db: &DbConn,
thought_id: Uuid,
viewer_id: Option<Uuid>,
) -> Result<Option<thought::Model>, DbErr> {
let thought = thought::Entity::find_by_id(thought_id).one(db).await?;
match thought {
Some(t) => {
if t.visibility == thought::Visibility::Public {
return Ok(Some(t));
}
if let Some(viewer) = viewer_id {
if t.author_id == viewer {
return Ok(Some(t));
}
if t.visibility == thought::Visibility::FriendsOnly {
let author_friends = follow::get_friend_ids(db, t.author_id).await?;
if author_friends.contains(&viewer) {
return Ok(Some(t));
}
}
}
Ok(None)
}
None => Ok(None),
}
} }
pub async fn delete_thought(db: &DbConn, thought_id: Uuid) -> Result<(), DbErr> { pub async fn delete_thought(db: &DbConn, thought_id: Uuid) -> Result<(), DbErr> {

10
thoughts-backend/app/src/persistence/user.rs
View File

@@ -9,7 +9,7 @@ use models::params::user::{CreateUserParams, UpdateUserParams};
use models::queries::user::UserQuery; use models::queries::user::UserQuery;
use crate::error::UserError; use crate::error::UserError;
use crate::persistence::follow::{get_follower_ids, get_following_ids}; use crate::persistence::follow::{get_follower_ids, get_following_ids, get_friend_ids};
pub async fn create_user( pub async fn create_user(
db: &DbConn, db: &DbConn,
@@ -142,6 +142,14 @@ pub async fn get_top_friends(db: &DbConn, user_id: Uuid) -> Result<Vec<user::Mod
.await .await
} }
pub async fn get_friends(db: &DbConn, user_id: Uuid) -> Result<Vec<user::Model>, DbErr> {
let friend_ids = get_friend_ids(db, user_id).await?;
if friend_ids.is_empty() {
return Ok(vec![]);
}
get_users_by_ids(db, friend_ids).await
}
pub async fn get_following(db: &DbConn, user_id: Uuid) -> Result<Vec<user::Model>, DbErr> { pub async fn get_following(db: &DbConn, user_id: Uuid) -> Result<Vec<user::Model>, DbErr> {
let following_ids = get_following_ids(db, user_id).await?; let following_ids = get_following_ids(db, user_id).await?;
if following_ids.is_empty() { if following_ids.is_empty() {

12
thoughts-backend/doc/src/friends.rs Normal file
View File

@@ -0,0 +1,12 @@
use utoipa::OpenApi;
use api::models::{ApiErrorResponse, ParamsErrorResponse};
use api::routers::friends::*;
use models::schemas::user::{UserListSchema, UserSchema};
#[derive(OpenApi)]
#[openapi(
paths(get_friends_list,),
components(schemas(UserListSchema, ApiErrorResponse, ParamsErrorResponse, UserSchema))
)]
pub(super) struct FriendsApi;

3
thoughts-backend/doc/src/lib.rs
View File

@@ -9,6 +9,7 @@ use utoipa_swagger_ui::SwaggerUi;
mod api_key; mod api_key;
mod auth; mod auth;
mod feed; mod feed;
mod friends;
mod root; mod root;
mod tag; mod tag;
mod thought; mod thought;
@@ -24,6 +25,7 @@ mod user;
(path = "/thoughts", api = thought::ThoughtApi), (path = "/thoughts", api = thought::ThoughtApi),
(path = "/feed", api = feed::FeedApi), (path = "/feed", api = feed::FeedApi),
(path = "/tags", api = tag::TagApi), (path = "/tags", api = tag::TagApi),
(path = "/friends", api = friends::FriendsApi),
), ),
tags( tags(
(name = "root", description = "Root API"), (name = "root", description = "Root API"),
@@ -32,6 +34,7 @@ mod user;
(name = "thought", description = "Thoughts API"), (name = "thought", description = "Thoughts API"),
(name = "feed", description = "Feed API"), (name = "feed", description = "Feed API"),
(name = "tag", description = "Tag Discovery API"), (name = "tag", description = "Tag Discovery API"),
(name = "friends", description = "Friends API"),
), ),
modifiers(&SecurityAddon), modifiers(&SecurityAddon),
)] )]

2
thoughts-backend/doc/src/thought.rs
View File

@@ -7,7 +7,7 @@ use utoipa::OpenApi;
#[derive(OpenApi)] #[derive(OpenApi)]
#[openapi( #[openapi(
paths(thoughts_post, thoughts_delete), paths(thoughts_post, thoughts_delete, get_thought_by_id),
components(schemas( components(schemas(
CreateThoughtParams, CreateThoughtParams,
ThoughtSchema, ThoughtSchema,

38
thoughts-backend/tests/api/follow.rs
View File

@@ -122,3 +122,41 @@ async fn test_follow_lists() {
assert_eq!(v["following"].as_array().unwrap().len(), 1); assert_eq!(v["following"].as_array().unwrap().len(), 1);
assert_eq!(v["following"][0]["username"], "userB"); assert_eq!(v["following"][0]["username"], "userB");
} }
#[tokio::test]
async fn test_get_friends_list() {
let app = setup().await;
let user_a = create_user_with_password(&app.db, "userA", "password123", "a@a.com").await;
let user_b = create_user_with_password(&app.db, "userB", "password123", "b@b.com").await;
let user_c = create_user_with_password(&app.db, "userC", "password123", "c@c.com").await;
// --- Create relationships ---
// A and B are friends (reciprocal follow)
app::persistence::follow::follow_user(&app.db, user_a.id, user_b.id)
.await
.unwrap();
app::persistence::follow::follow_user(&app.db, user_b.id, user_a.id)
.await
.unwrap();
// A follows C, but C does not follow A back
app::persistence::follow::follow_user(&app.db, user_a.id, user_c.id)
.await
.unwrap();
// --- Test as user_a ---
let jwt_a = login_user(app.router.clone(), "userA", "password123").await;
let response = make_jwt_request(app.router.clone(), "/friends", "GET", None, &jwt_a).await;
assert_eq!(response.status(), StatusCode::OK);
let body = response.into_body().collect().await.unwrap().to_bytes();
let v: Value = serde_json::from_slice(&body).unwrap();
let friends_list = v["users"].as_array().unwrap();
assert_eq!(friends_list.len(), 1, "User A should only have one friend");
assert_eq!(
friends_list[0]["username"], "userB",
"User B should be in User A's friend list"
);
}

86
thoughts-backend/tests/api/thought.rs
View File

@@ -163,3 +163,89 @@ async fn test_thought_visibility() {
"Unauthenticated guest should see only public posts" "Unauthenticated guest should see only public posts"
); );
} }
async fn post_thought_and_get_id(
router: &Router,
content: &str,
visibility: &str,
token: &str,
) -> String {
let body = json!({ "content": content, "visibility": visibility }).to_string();
let response = make_jwt_request(router.clone(), "/thoughts", "POST", Some(body), token).await;
assert_eq!(response.status(), StatusCode::CREATED);
let body = response.into_body().collect().await.unwrap().to_bytes();
let v: Value = serde_json::from_slice(&body).unwrap();
v["id"].as_str().unwrap().to_string()
}
#[tokio::test]
async fn test_get_thought_by_id_visibility() {
let app = setup().await;
let author = create_user_with_password(&app.db, "author", "password123", "a@a.com").await;
let friend = create_user_with_password(&app.db, "friend", "password123", "f@f.com").await;
let _stranger = create_user_with_password(&app.db, "stranger", "password123", "s@s.com").await;
// Make author and friend follow each other
follow::follow_user(&app.db, author.id, friend.id)
.await
.unwrap();
follow::follow_user(&app.db, friend.id, author.id)
.await
.unwrap();
let author_jwt = login_user(app.router.clone(), "author", "password123").await;
let friend_jwt = login_user(app.router.clone(), "friend", "password123").await;
let stranger_jwt = login_user(app.router.clone(), "stranger", "password123").await;
// Author posts one of each visibility
let public_id = post_thought_and_get_id(&app.router, "public", "Public", &author_jwt).await;
let friends_id =
post_thought_and_get_id(&app.router, "friends", "FriendsOnly", &author_jwt).await;
let private_id = post_thought_and_get_id(&app.router, "private", "Private", &author_jwt).await;
// --- Test Assertions ---
// 1. Public thought
let public_url = format!("/thoughts/{}", public_id);
assert_eq!(
make_get_request(app.router.clone(), &public_url, None)
.await
.status(),
StatusCode::OK,
"Guest should see public thought"
);
// 2. Friends-only thought
let friends_url = format!("/thoughts/{}", friends_id);
assert_eq!(
make_jwt_request(app.router.clone(), &friends_url, "GET", None, &friend_jwt)
.await
.status(),
StatusCode::OK,
"Friend should see friends-only thought"
);
assert_eq!(
make_jwt_request(app.router.clone(), &friends_url, "GET", None, &stranger_jwt)
.await
.status(),
StatusCode::NOT_FOUND,
"Stranger should NOT see friends-only thought"
);
// 3. Private thought
let private_url = format!("/thoughts/{}", private_id);
assert_eq!(
make_jwt_request(app.router.clone(), &private_url, "GET", None, &author_jwt)
.await
.status(),
StatusCode::OK,
"Author should see their private thought"
);
assert_eq!(
make_jwt_request(app.router.clone(), &private_url, "GET", None, &friend_jwt)
.await
.status(),
StatusCode::NOT_FOUND,
"Friend should NOT see private thought"
);
}