Página inicial Explorar Ajuda
Entrar
fszontagh
/
smartbotic-microbit
1
0
Fork 0
Arquivos Issues 1 Pull Requests 0 Wiki
Tree: eac393a1ec
Branches Tags
smartbotic-micr...
/
src
/
routes
/
settings_routes.cpp

settings_routes.cpp 8.3 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215 
  1. #include "settings_routes.hpp"
    2. 

  2. #include "../app.hpp"
    3. 

  3. #include "../stores/settings_store.hpp"
    4. 

  4. #include "../stores/workspace_store.hpp"
    5. 

  5. 

  6. #include <smartbotic/microbit/auth/auth_middleware.hpp>
    7. 

  7. #include <smartbotic/microbit/smtp/smtp_client.hpp>
    8. 

  8. #include <smartbotic/microbit/callerai/callerai_client.hpp>
    9. 

  9. #include <smartbotic/microbit/common/logging.hpp>
    10. 

  10. 

  11. #include <nlohmann/json.hpp>
    12. 

  12. #include <spdlog/spdlog.h>
    13. 

  13. 

  14. #include <string>
    15. 

  15. #include <vector>
    16. 

  16. 

  17. namespace smartbotic::microbit {
    18. 

  18. 

  19. using json = nlohmann::json;
    20. 

  20. 

  21. // Helper: check if user is owner of any workspace
    22. 

  22. static bool isOwnerOfAnyWorkspace(App& app, const std::string& userId) {
    23. 

  23.     auto workspaces = app.workspaceStore()->listUserWorkspaces(userId);
    24. 

  24.     for (const auto& ws : workspaces) {
    25. 

  25.         auto member = app.workspaceStore()->getMember(ws.id, userId);
    26. 

  26.         if (member && member->role == "owner") {
    27. 

  27.             return true;
    28. 

  28.         }
    29. 

  29.     }
    30. 

  30.     return false;
    31. 

  31. }
    32. 

  32. 

  33. // Helper: mask sensitive fields in settings
    34. 

  34. static json maskSensitiveFields(const json& settings) {
    35. 

  35.     json masked = settings;
    36. 

  36. 

  37.     // List of keys whose values should be masked
    38. 

  38.     static const std::vector<std::string> sensitiveKeys = {
    39. 

  39.         "smtp_password", "callerai_api_key", "api_key", "secret", "password"
    40. 

  40.     };
    41. 

  41. 

  42.     for (const auto& key : sensitiveKeys) {
    43. 

  43.         if (masked.contains(key) && masked[key].is_string()) {
    44. 

  44.             std::string val = masked[key].get<std::string>();
    45. 

  45.             if (val.size() > 4) {
    46. 

  46.                 masked[key] = std::string(val.size() - 4, '*') + val.substr(val.size() - 4);
    47. 

  47.             } else if (!val.empty()) {
    48. 

  48.                 masked[key] = "****";
    49. 

  49.             }
    50. 

  50.         }
    51. 

  51.     }
    52. 

  52. 

  53.     return masked;
    54. 

  54. }
    55. 

  55. 

  56. void setupSettingsRoutes(httplib::Server& svr, App& app) {
    57. 

  57. 

  58.     // GET /api/v1/settings -- get global settings (owner of any workspace)
    59. 

  59.     svr.Get("/api/v1/settings", [&app](const httplib::Request& req, httplib::Response& res) {
    60. 

  60.         try {
    61. 

  61.             auto authCtx = app.authMiddleware()->getAuthContext();
    62. 

  62.             if (!authCtx) {
    63. 

  63.                 res.status = 401;
    64. 

  64.                 res.set_content(R"({"error":"Unauthorized"})", "application/json");
    65. 

  65.                 return;
    66. 

  66.             }
    67. 

  67. 

  68.             if (!isOwnerOfAnyWorkspace(app, authCtx->userId)) {
    69. 

  69.                 res.status = 403;
    70. 

  70.                 res.set_content(json{{"error", "Forbidden: requires owner role in at least one workspace"}}.dump(), "application/json");
    71. 

  71.                 return;
    72. 

  72.             }
    73. 

  73. 

  74.             auto settings = app.settingsStore()->getGlobalSettings();
    75. 

  75.             json settingsJson = settings.value_or(json::object());
    76. 

  76. 

  77.             // Mask sensitive fields before returning
    78. 

  78.             json masked = maskSensitiveFields(settingsJson);
    79. 

  79. 

  80.             res.status = 200;
    81. 

  81.             res.set_content(json{{"settings", masked}}.dump(), "application/json");
    82. 

  82. 

  83.         } catch (const std::exception& e) {
    84. 

  84.             spdlog::error("Get settings error: {}", e.what());
    85. 

  85.             res.status = 500;
    86. 

  86.             res.set_content(json{{"error", "Internal server error"}}.dump(), "application/json");
    87. 

  87.         }
    88. 

  88.     });
    89. 

  89. 

  90.     // PUT /api/v1/settings -- update global settings (owner)
    91. 

  91.     svr.Put("/api/v1/settings", [&app](const httplib::Request& req, httplib::Response& res) {
    92. 

  92.         try {
    93. 

  93.             auto authCtx = app.authMiddleware()->getAuthContext();
    94. 

  94.             if (!authCtx) {
    95. 

  95.                 res.status = 401;
    96. 

  96.                 res.set_content(R"({"error":"Unauthorized"})", "application/json");
    97. 

  97.                 return;
    98. 

  98.             }
    99. 

  99. 

  100.             if (!isOwnerOfAnyWorkspace(app, authCtx->userId)) {
    101. 

  101.                 res.status = 403;
    102. 

  102.                 res.set_content(json{{"error", "Forbidden: requires owner role in at least one workspace"}}.dump(), "application/json");
    103. 

  103.                 return;
    104. 

  104.             }
    105. 

  105. 

  106.             auto body = json::parse(req.body);
    107. 

  107. 

  108.             bool updated = app.settingsStore()->updateGlobalSettings(body);
    109. 

  109.             if (!updated) {
    110. 

  110.                 res.status = 500;
    111. 

  111.                 res.set_content(json{{"error", "Failed to update settings"}}.dump(), "application/json");
    112. 

  112.                 return;
    113. 

  113.             }
    114. 

  114. 

  115.             // Return the updated (masked) settings
    116. 

  116.             auto settings = app.settingsStore()->getGlobalSettings();
    117. 

  117.             json settingsJson = settings.value_or(json::object());
    118. 

  118.             json masked = maskSensitiveFields(settingsJson);
    119. 

  119. 

  120.             res.status = 200;
    121. 

  121.             res.set_content(json{{"settings", masked}}.dump(), "application/json");
    122. 

  122. 

  123.         } catch (const json::parse_error& e) {
    124. 

  124.             res.status = 400;
    125. 

  125.             res.set_content(json{{"error", "Invalid JSON"}}.dump(), "application/json");
    126. 

  126.         } catch (const std::invalid_argument& e) {
    127. 

  127.             res.status = 400;
    128. 

  128.             res.set_content(json{{"error", e.what()}}.dump(), "application/json");
    129. 

  129.         } catch (const std::exception& e) {
    130. 

  130.             spdlog::error("Update settings error: {}", e.what());
    131. 

  131.             res.status = 500;
    132. 

  132.             res.set_content(json{{"error", "Internal server error"}}.dump(), "application/json");
    133. 

  133.         }
    134. 

  134.     });
    135. 

  135. 

  136.     // POST /api/v1/settings/test-smtp -- test SMTP connection (owner)
    137. 

  137.     svr.Post("/api/v1/settings/test-smtp", [&app](const httplib::Request& req, httplib::Response& res) {
    138. 

  138.         try {
    139. 

  139.             auto authCtx = app.authMiddleware()->getAuthContext();
    140. 

  140.             if (!authCtx) {
    141. 

  141.                 res.status = 401;
    142. 

  142.                 res.set_content(R"({"error":"Unauthorized"})", "application/json");
    143. 

  143.                 return;
    144. 

  144.             }
    145. 

  145. 

  146.             if (!isOwnerOfAnyWorkspace(app, authCtx->userId)) {
    147. 

  147.                 res.status = 403;
    148. 

  148.                 res.set_content(json{{"error", "Forbidden: requires owner role in at least one workspace"}}.dump(), "application/json");
    149. 

  149.                 return;
    150. 

  150.             }
    151. 

  151. 

  152.             if (!app.smtpClient()) {
    153. 

  153.                 throw std::invalid_argument("SMTP client is not configured");
    154. 

  154.             }
    155. 

  155. 

  156.             bool success = app.smtpClient()->testConnection();
    157. 

  157.             if (success) {
    158. 

  158.                 res.status = 200;
    159. 

  159.                 res.set_content(json{{"message", "SMTP connection successful"}}.dump(), "application/json");
    160. 

  160.             } else {
    161. 

  161.                 res.status = 500;
    162. 

  162.                 res.set_content(json{{"error", "SMTP connection failed"}}.dump(), "application/json");
    163. 

  163.             }
    164. 

  164. 

  165.         } catch (const std::invalid_argument& e) {
    166. 

  166.             res.status = 400;
    167. 

  167.             res.set_content(json{{"error", e.what()}}.dump(), "application/json");
    168. 

  168.         } catch (const std::exception& e) {
    169. 

  169.             spdlog::error("Test SMTP error: {}", e.what());
    170. 

  170.             res.status = 500;
    171. 

  171.             res.set_content(json{{"error", "Internal server error"}}.dump(), "application/json");
    172. 

  172.         }
    173. 

  173.     });
    174. 

  174. 

  175.     // POST /api/v1/settings/test-callerai -- test CallerAI connection (owner)
    176. 

  176.     svr.Post("/api/v1/settings/test-callerai", [&app](const httplib::Request& req, httplib::Response& res) {
    177. 

  177.         try {
    178. 

  178.             auto authCtx = app.authMiddleware()->getAuthContext();
    179. 

  179.             if (!authCtx) {
    180. 

  180.                 res.status = 401;
    181. 

  181.                 res.set_content(R"({"error":"Unauthorized"})", "application/json");
    182. 

  182.                 return;
    183. 

  183.             }
    184. 

  184. 

  185.             if (!isOwnerOfAnyWorkspace(app, authCtx->userId)) {
    186. 

  186.                 res.status = 403;
    187. 

  187.                 res.set_content(json{{"error", "Forbidden: requires owner role in at least one workspace"}}.dump(), "application/json");
    188. 

  188.                 return;
    189. 

  189.             }
    190. 

  190. 

  191.             if (!app.calleraiClient()) {
    192. 

  192.                 throw std::invalid_argument("CallerAI client is not configured");
    193. 

  193.             }
    194. 

  194. 

  195.             bool success = app.calleraiClient()->testConnection();
    196. 

  196.             if (success) {
    197. 

  197.                 res.status = 200;
    198. 

  198.                 res.set_content(json{{"message", "CallerAI connection successful"}}.dump(), "application/json");
    199. 

  199.             } else {
    200. 

  200.                 res.status = 500;
    201. 

  201.                 res.set_content(json{{"error", "CallerAI connection failed"}}.dump(), "application/json");
    202. 

  202.             }
    203. 

  203. 

  204.         } catch (const std::invalid_argument& e) {
    205. 

  205.             res.status = 400;
    206. 

  206.             res.set_content(json{{"error", e.what()}}.dump(), "application/json");
    207. 

  207.         } catch (const std::exception& e) {
    208. 

  208.             spdlog::error("Test CallerAI error: {}", e.what());
    209. 

  209.             res.status = 500;
    210. 

  210.             res.set_content(json{{"error", "Internal server error"}}.dump(), "application/json");
    211. 

  211.         }
    212. 

  212.     });
    213. 

  213. }
    214. 

  214. 

  215. } // namespace smartbotic::microbit
    216.