Add API endpoint for setting config value

LucaBernstein · Apr 11, 2023 · f51d319 · f51d319
1 parent 749abf3
commit f51d319
Show file tree

Hide file tree

Showing 5 changed files with 100 additions and 8 deletions.
diff --git a/api/config/config.go b/api/config/config.go
@@ -1,6 +1,8 @@
 package config
 
 import (
+	"fmt"
+	"log"
 	"net/http"
 	"strings"
 
@@ -51,3 +53,45 @@ func (r *Router) ReadConfig(c *gin.Context) {
 
 	c.JSON(http.StatusOK, settings)
 }
+
+type SettingsPost struct {
+	Setting string      `json:"setting"`
+	Value   interface{} `json:"value"`
+}
+
+func (r *Router) SetConfig(c *gin.Context) {
+	tgChatId := c.GetInt64("tgChatId")
+	var setting SettingsPost
+	err := c.ShouldBindJSON(&setting)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": err.Error(),
+		})
+		return
+	}
+	if setting.Setting == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "could not read setting to update from body",
+		})
+		return
+	}
+	if setting.Setting == helpers.USERSET_ADM {
+		c.JSON(http.StatusUnauthorized, gin.H{
+			"error": "granting admin priviledges via API is not allowed",
+		})
+		return
+	}
+	if setting.Value == nil {
+		setting.Value = ""
+	}
+	log.Printf("Setting for user %d %s=%v", tgChatId, setting.Setting, setting.Value)
+	// TODO: Value assertions (int, string, bool)
+	err = r.bc.Repo.SetUserSetting(setting.Setting, fmt.Sprintf("%v", setting.Value), tgChatId)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": err.Error(),
+		})
+		return
+	}
+	c.Status(http.StatusOK)
+}
diff --git a/api/config/config_test.go b/api/config/config_test.go
@@ -7,6 +7,7 @@ import (
 	"testing"
 
 	"github.com/LucaBernstein/beancount-bot-tg/api/config"
+	"github.com/LucaBernstein/beancount-bot-tg/api/helpers/apiTest"
 	"github.com/LucaBernstein/beancount-bot-tg/bot/botTest"
 	"github.com/LucaBernstein/beancount-bot-tg/db"
 	"github.com/LucaBernstein/beancount-bot-tg/helpers"
@@ -41,7 +42,7 @@ func AllSettingsTypes() ([]string, error) {
 }
 
 func TestFullConfigMap(t *testing.T) {
-	token, mockBc, msg := botTest.MockBcApiUser(t, 786)
+	token, mockBc, msg := apiTest.MockBcApiUser(t, 786)
 	err := PromoteAdmin(msg.Chat.ID)
 	botTest.HandleErr(t, err)
 
@@ -69,3 +70,48 @@ func TestFullConfigMap(t *testing.T) {
 }
 
 // TODO: For setting, check, that user cannot elevate to admin!
+func TestSetConfig(t *testing.T) {
+	token, mockBc, _ := apiTest.MockBcApiUser(t, 427)
+
+	r := gin.Default()
+	g := r.Group("")
+	config.NewRouter(mockBc).Hook(g)
+
+	// Set tzOffset
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest("POST", "/", strings.NewReader(`{"setting":"user.tzOffset", "value":12}`))
+	req.Header.Add("Authorization", "Bearer "+token)
+	req.Header.Add("Content-Type", "application/json")
+	r.ServeHTTP(w, req)
+
+	assert.Equal(t, 200, w.Result().StatusCode)
+
+	// Granting admin priviledges should not work
+	w = httptest.NewRecorder()
+	req, _ = http.NewRequest("POST", "/", strings.NewReader(`{"setting":"user.isAdmin", "value":true}`))
+	req.Header.Add("Authorization", "Bearer "+token)
+	req.Header.Add("Content-Type", "application/json")
+	r.ServeHTTP(w, req)
+
+	assert.Equal(t, 401, w.Result().StatusCode)
+
+	// No settings field should fail
+	w = httptest.NewRecorder()
+	req, _ = http.NewRequest("POST", "/", strings.NewReader(`{"value":true}`))
+	req.Header.Add("Authorization", "Bearer "+token)
+	req.Header.Add("Content-Type", "application/json")
+	r.ServeHTTP(w, req)
+
+	assert.Equal(t, 400, w.Result().StatusCode)
+
+	// Unsetting with null should work
+	w = httptest.NewRecorder()
+	req, _ = http.NewRequest("POST", "/", strings.NewReader(`{"setting":"user.currency", "value": null}`))
+	req.Header.Add("Authorization", "Bearer "+token)
+	req.Header.Add("Content-Type", "application/json")
+	r.ServeHTTP(w, req)
+
+	assert.Equal(t, 200, w.Result().StatusCode)
+
+	// TODO: Enhance functionality coverage by looking at actual db states
+}
diff --git a/api/config/router.go b/api/config/router.go
@@ -20,4 +20,5 @@ func (r *Router) Hook(g *gin.RouterGroup) {
 	g.Use(helpers.AttachChatId(r.bc))
 
 	g.GET("/", r.ReadConfig)
+	g.POST("/", r.SetConfig)
 }
diff --git a/bot/botTest/mockBotApiUser.go → api/helpers/apiTest/mockBotApiUser.go b/bot/botTest/mockBotApiUser.go → api/helpers/apiTest/mockBotApiUser.go
@@ -1,9 +1,10 @@
-package botTest
+package apiTest
 
 import (
 	"testing"
 
 	"github.com/LucaBernstein/beancount-bot-tg/bot"
+	"github.com/LucaBernstein/beancount-bot-tg/bot/botTest"
 	"github.com/LucaBernstein/beancount-bot-tg/db"
 	"github.com/LucaBernstein/beancount-bot-tg/db/crud"
 	"github.com/LucaBernstein/beancount-bot-tg/helpers"
@@ -18,13 +19,13 @@ func MockBcApiUser(t *testing.T, id int64) (token string, mockBc *bot.BotControl
 
 	msg := &telebot.Message{Chat: &telebot.Chat{ID: id}, Sender: &telebot.User{ID: id}}
 	err := mockBc.Repo.EnrichUserData(msg)
-	HandleErr(t, err)
+	botTest.HandleErr(t, err)
 	err = mockBc.Repo.SetUserSetting(helpers.USERSET_ENABLEAPI, "true", msg.Chat.ID)
-	HandleErr(t, err)
+	botTest.HandleErr(t, err)
 	nonce, err := mockBc.Repo.CreateApiVerification(msg.Chat.ID)
-	HandleErr(t, err)
+	botTest.HandleErr(t, err)
 	token, err = mockBc.Repo.VerifyApiToken(msg.Chat.ID, nonce)
-	HandleErr(t, err)
+	botTest.HandleErr(t, err)
 
 	return token, mockBc, msg
 }
diff --git a/api/helpers/chatId_test.go b/api/helpers/chatId_test.go
@@ -6,13 +6,13 @@ import (
 	"testing"
 
 	"github.com/LucaBernstein/beancount-bot-tg/api/helpers"
-	"github.com/LucaBernstein/beancount-bot-tg/bot/botTest"
+	"github.com/LucaBernstein/beancount-bot-tg/api/helpers/apiTest"
 	"github.com/gin-gonic/gin"
 	"github.com/stretchr/testify/assert"
 )
 
 func TestChatIdEnrichment(t *testing.T) {
-	token, mockBc, m := botTest.MockBcApiUser(t, 442)
+	token, mockBc, m := apiTest.MockBcApiUser(t, 442)
 	handlerFn := helpers.AttachChatId(mockBc)
 
 	r := gin.Default()