Merge pull request #12433 from Turbo87/trustpub-list-by-user

trustpub/list: Add support for `user_id` query parameter

Author: Turbo87

src/auth.rs

@@ -68,6 +68,7 @@ pub struct AuthCheck {
     allow_token: bool,
     endpoint_scope: Option<EndpointScope>,
     crate_name: Option<String>,
+    allow_any_crate_scope: bool,
 }
 
 impl AuthCheck {
@@ -79,6 +80,7 @@ impl AuthCheck {
             allow_token: true,
             endpoint_scope: None,
             crate_name: None,
+            allow_any_crate_scope: false,
         }
     }
 
@@ -88,6 +90,7 @@ impl AuthCheck {
             allow_token: false,
             endpoint_scope: None,
             crate_name: None,
+            allow_any_crate_scope: false,
         }
     }
 
@@ -96,6 +99,7 @@ impl AuthCheck {
             allow_token: self.allow_token,
             endpoint_scope: Some(endpoint_scope),
             crate_name: self.crate_name.clone(),
+            allow_any_crate_scope: self.allow_any_crate_scope,
         }
     }
 
@@ -104,6 +108,20 @@ impl AuthCheck {
             allow_token: self.allow_token,
             endpoint_scope: self.endpoint_scope,
             crate_name: Some(crate_name.to_string()),
+            allow_any_crate_scope: self.allow_any_crate_scope,
+        }
+    }
+
+    /// Allow tokens with any crate scope without specifying a particular crate.
+    ///
+    /// Use this for endpoints that deal with multiple crates at once, where the
+    /// caller will handle crate scope filtering manually.
+    pub fn allow_any_crate_scope(&self) -> Self {
+        Self {
+            allow_token: self.allow_token,
+            endpoint_scope: self.endpoint_scope,
+            crate_name: self.crate_name.clone(),
+            allow_any_crate_scope: true,
         }
     }
 
@@ -170,7 +188,8 @@ impl AuthCheck {
             (Some(token_scopes), _) if token_scopes.is_empty() => true,
 
             // The token has crate scopes, but the endpoint does not deal with crates.
-            (Some(_), None) => false,
+            // However, if allow_any_crate_scope is set, we allow it (caller handles filtering).
+            (Some(_), None) => self.allow_any_crate_scope,
 
             // The token is NOT a legacy token, and the endpoint allows a certain endpoint scope or a legacy token.
             (Some(token_scopes), Some(crate_name)) => token_scopes

src/controllers/trustpub/github_configs/list.rs

@@ -6,13 +6,13 @@ use crate::controllers::helpers::pagination::{
 use crate::controllers::krate::load_crate;
 use crate::controllers::trustpub::github_configs::json::{self, ListResponse, ListResponseMeta};
 use crate::util::RequestUtils;
-use crate::util::errors::{AppResult, bad_request};
+use crate::util::errors::{AppResult, bad_request, forbidden};
 use axum::Json;
 use axum::extract::{FromRequestParts, Query};
 use crates_io_database::models::OwnerKind;
 use crates_io_database::models::token::EndpointScope;
 use crates_io_database::models::trustpub::GitHubConfig;
-use crates_io_database::schema::{crate_owners, trustpub_configs_github};
+use crates_io_database::schema::{crate_owners, crates, trustpub_configs_github};
 use diesel::dsl::{exists, select};
 use diesel::prelude::*;
 use diesel_async::RunQueryDsl;
@@ -26,7 +26,10 @@ use serde::Deserialize;
 pub struct ListQueryParams {
     /// Name of the crate to list Trusted Publishing configurations for.
     #[serde(rename = "crate")]
-    pub krate: String,
+    pub krate: Option<String>,
+
+    /// User ID to list Trusted Publishing configurations for all crates owned by the user.
+    pub user_id: Option<i32>,
 }
 
 /// List Trusted Publishing configurations for GitHub Actions.
@@ -42,17 +45,34 @@ pub async fn list_trustpub_github_configs(
     state: AppState,
     params: ListQueryParams,
     parts: Parts,
+) -> AppResult<Json<ListResponse>> {
+    match (&params.krate, params.user_id) {
+        (Some(krate), None) => list_by_crate(state, krate, parts).await,
+        (None, Some(user_id)) => list_by_user(state, user_id, parts).await,
+        (Some(_), Some(_)) => Err(bad_request(
+            "Cannot specify both `crate` and `user_id` query parameters",
+        )),
+        (None, None) => Err(bad_request(
+            "Must specify either `crate` or `user_id` query parameter",
+        )),
+    }
+}
+
+async fn list_by_crate(
+    state: AppState,
+    krate_name: &str,
+    parts: Parts,
 ) -> AppResult<Json<ListResponse>> {
     let mut conn = state.db_read().await?;
 
     let auth = AuthCheck::default()
         .with_endpoint_scope(EndpointScope::TrustedPublishing)
-        .for_crate(&params.krate)
+        .for_crate(krate_name)
         .check(&parts, &mut conn)
         .await?;
     let auth_user = auth.user();
 
-    let krate = load_crate(&mut conn, &params.krate).await?;
+    let krate = load_crate(&mut conn, krate_name).await?;
 
     // Check if the authenticated user is an owner of the crate
     let is_owner = select(exists(
@@ -69,40 +89,111 @@ pub async fn list_trustpub_github_configs(
         return Err(bad_request("You are not an owner of this crate"));
     }
 
+    paginated_response(&mut conn, &[krate.id], &parts).await
+}
+
+async fn list_by_user(
+    state: AppState,
+    user_id: i32,
+    parts: Parts,
+) -> AppResult<Json<ListResponse>> {
+    let mut conn = state.db_read().await?;
+
+    let auth = AuthCheck::default()
+        .with_endpoint_scope(EndpointScope::TrustedPublishing)
+        .allow_any_crate_scope()
+        .check(&parts, &mut conn)
+        .await?;
+
+    // Reject legacy tokens for this endpoint
+    auth.reject_legacy_tokens()?;
+
+    let auth_user = auth.user();
+
+    // Verify the authenticated user matches the requested user_id
+    if auth_user.id != user_id {
+        return Err(forbidden(
+            "this action requires authentication as the specified user",
+        ));
+    }
+
+    // Get crate scopes from the token (if any)
+    let crate_scopes = auth.api_token().and_then(|t| t.crate_scopes.as_ref());
+
+    // Get all crate IDs owned by the user
+    let mut owned_crates: Vec<(i32, String)> = crate_owners::table
+        .inner_join(crates::table)
+        .filter(crate_owners::owner_id.eq(user_id))
+        .filter(crate_owners::owner_kind.eq(OwnerKind::User))
+        .filter(crate_owners::deleted.eq(false))
+        .select((crates::id, crates::name))
+        .load(&mut conn)
+        .await?;
+
+    // Filter by crate scopes if the token has any
+    if let Some(scopes) = crate_scopes
+        && !scopes.is_empty()
+    {
+        owned_crates.retain(|(_, name)| scopes.iter().any(|scope| scope.matches(name)));
+    }
+
+    let crate_ids: Vec<i32> = owned_crates.iter().map(|(id, _)| *id).collect();
+
+    paginated_response(&mut conn, &crate_ids, &parts).await
+}
+
+async fn paginated_response(
+    conn: &mut diesel_async::AsyncPgConnection,
+    crate_ids: &[i32],
+    parts: &Parts,
+) -> AppResult<Json<ListResponse>> {
     let pagination = PaginationOptions::builder()
         .enable_seek(true)
         .enable_pages(false)
-        .gather(&parts)?;
-
-    let (configs, total, next_page) =
-        list_configs(&mut conn, krate.id, &pagination, &parts).await?;
-
-    let github_configs = configs
-        .into_iter()
-        .map(|config| json::GitHubConfig {
-            id: config.id,
-            krate: krate.name.clone(),
-            repository_owner: config.repository_owner,
-            repository_owner_id: config.repository_owner_id,
-            repository_name: config.repository_name,
-            workflow_filename: config.workflow_filename,
-            environment: config.environment,
-            created_at: config.created_at,
-        })
-        .collect();
+        .gather(parts)?;
+
+    let (configs, total, next_page) = list_configs(conn, crate_ids, &pagination, parts).await?;
+
+    let github_configs = configs.into_iter().map(to_json_config).collect();
 
     Ok(Json(ListResponse {
         github_configs,
         meta: ListResponseMeta { total, next_page },
     }))
 }
 
+fn to_json_config(config: ConfigWithCrateName) -> json::GitHubConfig {
+    let crate_name = config.crate_name;
+    let config = config.config;
+
+    json::GitHubConfig {
+        id: config.id,
+        krate: crate_name,
+        repository_owner: config.repository_owner,
+        repository_owner_id: config.repository_owner_id,
+        repository_name: config.repository_name,
+        workflow_filename: config.workflow_filename,
+        environment: config.environment,
+        created_at: config.created_at,
+    }
+}
+
+#[derive(Debug, HasQuery)]
+#[diesel(base_query = trustpub_configs_github::table.inner_join(crates::table))]
+#[diesel(check_for_backend(diesel::pg::Pg))]
+struct ConfigWithCrateName {
+    #[diesel(select_expression = crates::name)]
+    crate_name: String,
+    #[diesel(embed)]
+    config: GitHubConfig,
+}
+
 async fn list_configs(
     conn: &mut diesel_async::AsyncPgConnection,
-    crate_id: i32,
+    crate_ids: &[i32],
     options: &PaginationOptions,
     req: &Parts,
-) -> AppResult<(Vec<GitHubConfig>, i64, Option<String>)> {
+) -> AppResult<(Vec<ConfigWithCrateName>, i64, Option<String>)> {
     use seek::*;
 
     let seek = Seek::Id;
@@ -113,8 +204,8 @@ async fn list_configs(
     );
 
     let make_base_query = || {
-        GitHubConfig::query()
-            .filter(trustpub_configs_github::crate_id.eq(crate_id))
+        ConfigWithCrateName::query()
+            .filter(trustpub_configs_github::crate_id.eq_any(crate_ids))
             .into_boxed()
     };
 
@@ -126,7 +217,7 @@ async fn list_configs(
         query = query.filter(trustpub_configs_github::id.gt(id));
     }
 
-    let data: Vec<GitHubConfig> = query.load(conn).await?;
+    let data = query.load(conn).await?;
 
     let next_page = next_seek_params(&data, options, |last| seek.to_payload(last))?
         .map(|p| req.query_with_params(p));
@@ -162,8 +253,8 @@ where
 }
 
 mod seek {
+    use super::ConfigWithCrateName;
     use crate::controllers::helpers::pagination::seek;
-    use crates_io_database::models::trustpub::GitHubConfig;
 
     seek!(
         pub enum Seek {
@@ -172,9 +263,11 @@ mod seek {
     );
 
     impl Seek {
-        pub(crate) fn to_payload(&self, record: &GitHubConfig) -> SeekPayload {
+        pub(crate) fn to_payload(&self, record: &ConfigWithCrateName) -> SeekPayload {
             match *self {
-                Seek::Id => SeekPayload::Id(Id { id: record.id }),
+                Seek::Id => SeekPayload::Id(Id {
+                    id: record.config.id,
+                }),
             }
         }
     }