Merge pull request #265 from Rustmail/241-external-api-endpoints

feat(api): add external api endpoints for interact with rustmail via external system

Author: Akinator31

Cargo.lock

@@ -0,0 +1,17 @@
+-- Add migration script here
+CREATE TABLE IF NOT EXISTS api_keys (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    key_hash TEXT NOT NULL UNIQUE,
+    name TEXT NOT NULL,
+    permissions TEXT NOT NULL,
+    created_at INTEGER NOT NULL,
+    expires_at INTEGER,
+    last_used_at INTEGER,
+    is_active INTEGER NOT NULL DEFAULT 1
+);
+
+-- Index for faster lookups by hash (used on every API request)
+CREATE INDEX IF NOT EXISTS idx_api_keys_hash ON api_keys(key_hash);
+
+-- Index for active keys only
+CREATE INDEX IF NOT EXISTS idx_api_keys_active ON api_keys(is_active);

migrations/20251120120000_create_api_keys_table.sql

@@ -25,6 +25,9 @@ serde_json = "1.0.145"
 rand = "0.9.2"
 base64 = "0.22.1"
 subtle = "2.6.1"
+prefixed-api-key = "0.3.0"
+sha2 = "0.10.8"
+hex = "0.4.3"
 moka = { version = "0.12", features = ["future"] }
 
 [dependencies.uuid]

rustmail/Cargo.toml

@@ -0,0 +1,82 @@
+use crate::db::operations::{create_api_key, generate_api_key};
+use crate::db::repr::Permission;
+use crate::prelude::types::*;
+use axum::Json;
+use axum::extract::State;
+use axum::http::StatusCode;
+use serde::{Deserialize, Serialize};
+use std::sync::Arc;
+use tokio::sync::Mutex;
+
+#[derive(Deserialize)]
+pub struct CreateApiKeyRequest {
+    pub name: String,
+    pub permissions: Vec<Permission>,
+    pub expires_at: Option<i64>,
+}
+
+#[derive(Serialize)]
+pub struct CreateApiKeyResponse {
+    pub api_key: String,
+    pub id: i64,
+    pub name: String,
+    pub permissions: Vec<Permission>,
+    pub created_at: i64,
+    pub expires_at: Option<i64>,
+}
+
+pub async fn create_api_key_handler(
+    State(bot_state): State<Arc<Mutex<BotState>>>,
+    Json(req): Json<CreateApiKeyRequest>,
+) -> Result<Json<CreateApiKeyResponse>, (StatusCode, String)> {
+    if req.name.trim().is_empty() {
+        return Err((StatusCode::BAD_REQUEST, "Name cannot be empty".to_string()));
+    }
+
+    if req.permissions.is_empty() {
+        return Err((
+            StatusCode::BAD_REQUEST,
+            "At least one permission is required".to_string(),
+        ));
+    }
+
+    let db_pool = {
+        let state_lock = bot_state.lock().await;
+        match &state_lock.db_pool {
+            Some(pool) => pool.clone(),
+            None => {
+                return Err((
+                    StatusCode::INTERNAL_SERVER_ERROR,
+                    "Database not initialized".to_string(),
+                ));
+            }
+        }
+    };
+
+    let (plain_key, key_hash) = match generate_api_key() {
+        Ok(keys) => keys,
+        Err(e) => return Err((StatusCode::INTERNAL_SERVER_ERROR, e)),
+    };
+
+    let api_key = match create_api_key(
+        &db_pool,
+        key_hash,
+        req.name,
+        req.permissions,
+        req.expires_at,
+    )
+    .await
+    {
+        Ok(key) => key,
+        Err(e) => return Err((StatusCode::INTERNAL_SERVER_ERROR, e)),
+    };
+
+    Ok(Json(CreateApiKeyResponse {
+        api_key: plain_key,
+        id: api_key.id,
+        name: api_key.name,
+        permissions: api_key.permissions,
+        created_at: api_key.created_at,
+        expires_at: api_key.expires_at,
+    }))
+}

rustmail/src/api/handler/apikeys/create.rs

@@ -0,0 +1,29 @@
+use crate::db::operations::delete_api_key;
+use crate::prelude::types::*;
+use axum::extract::{Path, State};
+use axum::http::StatusCode;
+use std::sync::Arc;
+use tokio::sync::Mutex;
+
+pub async fn delete_api_key_handler(
+    State(bot_state): State<Arc<Mutex<BotState>>>,
+    Path(id): Path<i64>,
+) -> Result<StatusCode, (StatusCode, String)> {
+    let db_pool = {
+        let state_lock = bot_state.lock().await;
+        match &state_lock.db_pool {
+            Some(pool) => pool.clone(),
+            None => {
+                return Err((
+                    StatusCode::INTERNAL_SERVER_ERROR,
+                    "Database not initialized".to_string(),
+                ))
+            }
+        }
+    };
+
+    match delete_api_key(&db_pool, id).await {
+        Ok(_) => Ok(StatusCode::NO_CONTENT),
+        Err(e) => Err((StatusCode::INTERNAL_SERVER_ERROR, e)),
+    }
+}

rustmail/src/api/handler/apikeys/delete.rs

@@ -0,0 +1,68 @@
+use crate::db::operations::list_api_keys;
+use crate::db::repr::{ApiKey, Permission};
+use crate::prelude::types::*;
+use axum::Json;
+use axum::extract::State;
+use axum::http::StatusCode;
+use serde::Serialize;
+use std::sync::Arc;
+use tokio::sync::Mutex;
+
+#[derive(Serialize)]
+pub struct ApiKeyListItem {
+    pub id: i64,
+    pub name: String,
+    pub permissions: Vec<Permission>,
+    pub created_at: i64,
+    pub expires_at: Option<i64>,
+    pub last_used_at: Option<i64>,
+    pub is_active: bool,
+    pub key_preview: String,
+}
+
+impl From<ApiKey> for ApiKeyListItem {
+    fn from(key: ApiKey) -> Self {
+        let key_preview = if key.key_hash.len() > 12 {
+            format!("{}...", &key.key_hash[..12])
+        } else {
+            key.key_hash.clone()
+        };
+
+        ApiKeyListItem {
+            id: key.id,
+            name: key.name,
+            permissions: key.permissions,
+            created_at: key.created_at,
+            expires_at: key.expires_at,
+            last_used_at: key.last_used_at,
+            is_active: key.is_active,
+            key_preview,
+        }
+    }
+}
+
+pub async fn list_api_keys_handler(
+    State(bot_state): State<Arc<Mutex<BotState>>>,
+) -> Result<Json<Vec<ApiKeyListItem>>, (StatusCode, String)> {
+    let db_pool = {
+        let state_lock = bot_state.lock().await;
+        match &state_lock.db_pool {
+            Some(pool) => pool.clone(),
+            None => {
+                return Err((
+                    StatusCode::INTERNAL_SERVER_ERROR,
+                    "Database not initialized".to_string(),
+                ));
+            }
+        }
+    };
+
+    let api_keys = match list_api_keys(&db_pool).await {
+        Ok(keys) => keys,
+        Err(e) => return Err((StatusCode::INTERNAL_SERVER_ERROR, e)),
+    };
+
+    let response: Vec<ApiKeyListItem> = api_keys.into_iter().map(|k| k.into()).collect();
+
+    Ok(Json(response))
+}

rustmail/src/api/handler/apikeys/list.rs

@@ -0,0 +1,9 @@
+mod create;
+mod delete;
+mod list;
+mod revoke;
+
+pub use create::*;
+pub use delete::*;
+pub use list::*;
+pub use revoke::*;

rustmail/src/api/handler/apikeys/mod.rs

@@ -0,0 +1,29 @@
+use crate::db::operations::revoke_api_key;
+use crate::prelude::types::*;
+use axum::extract::{Path, State};
+use axum::http::StatusCode;
+use std::sync::Arc;
+use tokio::sync::Mutex;
+
+pub async fn revoke_api_key_handler(
+    State(bot_state): State<Arc<Mutex<BotState>>>,
+    Path(id): Path<i64>,
+) -> Result<StatusCode, (StatusCode, String)> {
+    let db_pool = {
+        let state_lock = bot_state.lock().await;
+        match &state_lock.db_pool {
+            Some(pool) => pool.clone(),
+            None => {
+                return Err((
+                    StatusCode::INTERNAL_SERVER_ERROR,
+                    "Database not initialized".to_string(),
+                ))
+            }
+        }
+    };
+
+    match revoke_api_key(&db_pool, id).await {
+        Ok(_) => Ok(StatusCode::NO_CONTENT),
+        Err(e) => Err((StatusCode::INTERNAL_SERVER_ERROR, e)),
+    }
+}

rustmail/src/api/handler/apikeys/revoke.rs

@@ -0,0 +1,3 @@
+pub mod tickets;
+
+pub use tickets::*;

rustmail/src/api/handler/externals/mod.rs

@@ -0,0 +1,41 @@
+use crate::db::repr::{ApiKey, Permission};
+use crate::prelude::api::*;
+use crate::types::BotState;
+use axum::Json;
+use axum::extract::{Extension, State};
+use axum::http::StatusCode;
+use rustmail_types::CreateTicket;
+use std::sync::Arc;
+use tokio::sync::Mutex;
+
+pub async fn handle_external_ticket_create(
+    Extension(api_key): Extension<ApiKey>,
+    State(bot_state): State<Arc<Mutex<BotState>>>,
+    Json(update): Json<CreateTicket>,
+) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
+    check_permission(&api_key, Permission::CreateTicket)
+        .map_err(|e| (StatusCode::FORBIDDEN, format!("{:?}", e)))?;
+
+    let _current_config = {
+        let state = bot_state.lock().await;
+        match &state.config {
+            Some(c) => c.clone(),
+            None => {
+                return Err((
+                    StatusCode::INTERNAL_SERVER_ERROR,
+                    "Configuration not loaded".to_string(),
+                ));
+            }
+        }
+    };
+
+    println!(
+        "API Key #{} creating ticket for Discord ID: {:?}",
+        api_key.id, update.discord_id
+    );
+
+    Ok(Json(serde_json::json!({
+        "status": "ticket created",
+        "message": "Ticket creation endpoint - implementation pending"
+    })))
+}