use crate::{ graphql::types::{ alert, jwt::{self, Authentication}, position, user::find_user, }, state::AppState, }; use async_graphql::{Context, Error, FieldResult, Object}; /// Mutation struct pub struct Mutation; #[Object] impl Mutation { /// Make GraphQL login /// /// Example: /// ```text /// curl -X POST http://localhost:8000/graphql \ /// -H "Content-Type: application/json" \ /// -d '{ /// "query": "mutation Login($input: LoginCredentials!) { login(input: $input) { accessToken tokenType userId } }", /// "variables": { /// "input": { /// "email": "***", /// "password": "***" /// } /// } /// }' /// ``` async fn login<'ctx>( &self, ctx: &Context<'ctx>, input: jwt::LoginCredentials, ) -> FieldResult { let state = ctx.data::().expect("Can't connect to db"); let client = &*state.client; let password = sha256::digest(input.password); let rows = client .query( "SELECT id FROM users WHERE email = $1 AND password = $2", &[&input.email, &password], ) .await .unwrap(); let id: Vec = rows.iter().map(|row| row.get(0)).collect(); if id.len() == 1 { // Create a new claim using the found ID let claims = jwt::Claims::new(id[0]); let token = claims.get_token().unwrap(); Ok(jwt::AuthBody::new(token, id[0])) } else { Err(Error::new("Invalid email or password")) } } /// Make GraphQL request to create new position to track /// /// Example: /// ```text /// curl -X POST http://localhost:8000/graphql \ /// -H "Content-Type: application/json" \ /// -H "Authorization: Bearer ***" \ /// -d '{ /// "query": "mutation NewPosition($input: PositionInput!) { newPosition(input: $input) { id userId createdAt latitude longitude movingActivity } }", /// "variables": { /// "input": { /// "latitude": 44.50800643571219, /// "longitude": 11.299600981136905, /// "movingActivity": "STILL" /// } /// } /// }' /// ``` async fn new_position<'ctx>( &self, ctx: &Context<'ctx>, input: position::PositionInput, ) -> FieldResult { let state = ctx.data::().expect("Can't connect to db"); let client = &*state.client; let auth: &Authentication = ctx.data().unwrap(); match auth { Authentication::NotLogged => Err(Error::new("Can't find the owner")), Authentication::Logged(claims) => { let rows = client .query( "INSERT INTO positions (user_id, location, activity) VALUES ( $1, ST_SetSRID(ST_MakePoint($2, $3), 4326), $4 ) RETURNING id, user_id, extract(epoch from created_at)::double precision as created_at, ST_Y(location::geometry) AS latitude, ST_X(location::geometry) AS longitude, activity ", &[ &claims.user_id, &input.longitude, &input.latitude, &input.moving_activity, ], ) .await .unwrap(); let positions: Vec = rows .iter() .map(|row| position::Position { id: row.get("id"), user_id: row.get("user_id"), created_at: row.get::<_, f64>("created_at") as i64, latitude: row.get("latitude"), longitude: row.get("longitude"), moving_activity: row.get("activity"), }) .collect(); Ok(positions[0].clone()) } } } /// Make GraphQL request to create new alert. Only for admins. /// /// Example: /// ```text /// curl -X POST http://localhost:8000/graphql \ /// -H "Content-Type: application/json" \ /// -H "Authorization: Bearer ****" \ /// -d '{ /// "query": "mutation NewAlert($input: AlertInput!) { newAlert(input: $input) { id createdAt level } }", /// "variables": { /// "input": { /// "points": [ /// { "latitude": 44.490025, "longitude": 11.311499}, /// { "latitude": 44.490361, "longitude": 11.327903}, /// { "latitude": 44.497280, "longitude": 11.327776}, /// { "latitude": 44.498321, "longitude": 11.312145}, /// { "latitude": 44.490025, "longitude": 11.311498} /// ], /// "level": "TWO" /// } /// } /// } async fn new_alert<'ctx>( &self, ctx: &Context<'ctx>, input: alert::AlertInput, ) -> FieldResult { let state = ctx.data::().expect("Can't connect to db"); let client = &*state.client; let auth: &Authentication = ctx.data().unwrap(); match auth { Authentication::NotLogged => Err(Error::new("Can't find the owner")), Authentication::Logged(claims) => { let claim_user = find_user(client, claims.user_id) .await .expect("Should not be here"); if !claim_user.is_admin { return Err(Error::new("Unauthorized")); } let points: String = input .points .iter() .map(|x| { format!( "ST_SetSRID(ST_MakePoint({}, {}), 4326)", x.longitude, x.latitude ) }) .collect::>() .join(","); let polygon = format!( "ST_MakePolygon( ST_MakeLine( ARRAY[{}] ) )", points ); match client .query(&format!("SELECT ST_IsValid({}) as is_valid", polygon), &[]) .await { Ok(rows) => { let valids: Vec = rows .iter() .map(|row| alert::PolygonValid { is_valid: row.get("is_valid"), }) .collect(); if valids[0].is_valid == false { return Err(Error::new("Polygon is not valid")); } } Err(e) => return Err(e.into()), }; let query = format!( "INSERT INTO alerts (user_id, area, level) VALUES($1, {}, $2) RETURNING id, user_id, extract(epoch from created_at)::double precision as created_at, ST_AsText(area) as area, ST_AsText( ST_Buffer( area::geography, CASE WHEN level = 'One' THEN 0 WHEN level = 'Two' THEN 1000 WHEN level = 'Three' THEN 2000 ELSE 0 END ) ) as extended_area, level, reached_users", polygon ); match client.query(&query, &[&claims.user_id, &input.level]).await { Ok(rows) => { let alerts: Vec = rows .iter() .map(|row| alert::Alert { id: row.get("id"), user_id: row.get("user_id"), created_at: row.get::<_, f64>("created_at") as i64, area: row.get("area"), extended_area: row.get("extended_area"), level: row.get("level"), reached_users: row.get("reached_users"), }) .collect(); // TODO: Send notifications Ok(alerts[0].clone()) } Err(e) => Err(e.into()), } } } } }