From aeef8e49315eaf019a8822d67b4abcfd6df227fb Mon Sep 17 00:00:00 2001
From: greysoh <me@greysoh.dev>
Date: Sun, 21 Apr 2024 20:08:16 -0400
Subject: [PATCH] feature: Implement user lookups.

---
 routes/NextNet API/Lookup User.bru | 18 +++++++++
 src/index.ts                       |  6 ++-
 src/libs/permissions.ts            |  8 ++--
 src/routes/user/lookup.ts          | 60 ++++++++++++++++++++++++++++++
 4 files changed, 87 insertions(+), 5 deletions(-)
 create mode 100644 routes/NextNet API/Lookup User.bru
 create mode 100644 src/routes/user/lookup.ts

diff --git a/routes/NextNet API/Lookup User.bru b/routes/NextNet API/Lookup User.bru
new file mode 100644
index 0000000..d413e85
--- /dev/null
+++ b/routes/NextNet API/Lookup User.bru	
@@ -0,0 +1,18 @@
+meta {
+  name: Lookup User
+  type: http
+  seq: 7
+}
+
+post {
+  url: http://127.0.0.1:3000/api/v1/users/lookup
+  body: json
+  auth: none
+}
+
+body:json {
+  {
+    "token": "5e2cb92a338a832d385790861312eb85d69f46f82317bfa984ac5e3517368ab5a827897b0f9775a9181b02fa3b9cffed7e59e5b3111d5bdc37f729156caf5f",
+    "name": "Greyson Hofer"
+  }
+}
diff --git a/src/index.ts b/src/index.ts
index 89fcca0..483babb 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -11,8 +11,9 @@ import { route as backendCreate } from "./routes/backends/create.js";
 
 import { route as forwardCreate } from "./routes/forward/create.js";
 
-import { route as userRemove } from "./routes/user/remove.js";
 import { route as userCreate } from "./routes/user/create.js";
+import { route as userRemove } from "./routes/user/remove.js";
+import { route as userLookup } from "./routes/user/lookup.js";
 import { route as userLogin } from "./routes/user/login.js";
 
 const prisma = new PrismaClient();
@@ -45,8 +46,9 @@ backendCreate(fastify, prisma, sessionTokens, serverOptions);
 
 forwardCreate(fastify, prisma, sessionTokens, serverOptions);
 
-userRemove(fastify, prisma, sessionTokens, serverOptions);
 userCreate(fastify, prisma, sessionTokens, serverOptions);
+userRemove(fastify, prisma, sessionTokens, serverOptions);
+userLookup(fastify, prisma, sessionTokens, serverOptions);
 userLogin(fastify, prisma, sessionTokens, serverOptions);
 
 // Run the server!
diff --git a/src/libs/permissions.ts b/src/libs/permissions.ts
index 0788a1e..f82e282 100644
--- a/src/libs/permissions.ts
+++ b/src/libs/permissions.ts
@@ -9,7 +9,7 @@ export const permissionListDisabled: Record<string, boolean> = {
   "routes.edit":        false,
   "routes.visible":     false,
 
-  "backends.add":       false,  
+  "backends.add":       false,
   "backends.remove":    false,
   "backends.start":     false,
   "backends.stop":      false,
@@ -17,10 +17,12 @@ export const permissionListDisabled: Record<string, boolean> = {
   "backends.visible":   false,
   "backends.secretVis": false,
 
-  "permissions.see":    false, 
+  "permissions.see":    false,
 
   "users.add":          false,
-  "users.remove":       false
+  "users.remove":       false,
+  "users.lookup":       false,
+  "users.edit":         false,
 };
 
 // FIXME: This solution fucking sucks.
diff --git a/src/routes/user/lookup.ts b/src/routes/user/lookup.ts
new file mode 100644
index 0000000..e1909d1
--- /dev/null
+++ b/src/routes/user/lookup.ts
@@ -0,0 +1,60 @@
+import type { PrismaClient } from "@prisma/client";
+import type { FastifyInstance } from "fastify";
+
+import { ServerOptions, SessionToken } from "../../libs/types.js";
+import { hasPermissionByToken } from "../../libs/permissions.js";
+
+export function route(fastify: FastifyInstance, prisma: PrismaClient, tokens: Record<number, SessionToken[]>, options: ServerOptions) {
+  function hasPermission(token: string, permissionList: string[]): Promise<boolean> {
+    return hasPermissionByToken(permissionList, token, tokens, prisma);
+  };
+
+  fastify.post("/api/v1/users/lookup", {
+    schema: {
+      body: {
+        type: "object",
+        required: ["token"],
+
+        properties: {
+          token:            { type: "string" },
+          name:             { type: "string" },
+          email:            { type: "string" },
+          isServiceAccount: { type: "boolean" }
+        }
+      }
+    }
+  }, async(req, res) => {
+    // @ts-ignore
+    const body: {
+      token: string,
+      name?: string,
+      email?: string,
+      isServiceAccount?: boolean
+    } = req.body;
+
+    if (!await hasPermission(body.token, [
+      "users.lookup"
+    ])) {
+      return res.status(403).send({
+        error: "Unauthorized"
+      });
+    };
+
+    const users = await prisma.user.findMany({
+      where: {
+        name: body.name,
+        email: body.email,
+        isRootServiceAccount: body.isServiceAccount
+      }
+    });
+
+    return {
+      success: true,
+      data: users.map((i) => ({
+        name: i.name,
+        email: i.email,
+        isServiceAccount: i.isRootServiceAccount
+      }))
+    }
+  });
+}
\ No newline at end of file