From 4d9ec829a8ae27130719f016621c3c0f9a184cdf Mon Sep 17 00:00:00 2001
From: Howl <the@howl.moe>
Date: Tue, 14 Jun 2016 11:32:11 +0200
Subject: [PATCH] Add token listing at GET /tokens, also add a token-fixing
 tool at /tokens/fix_privileges.

By the way, 100th commit on the API!
---
 app/start.go          |  5 +++
 app/v1/manage_user.go |  1 +
 app/v1/token.go       | 83 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 89 insertions(+)

diff --git a/app/start.go b/app/start.go
index de4fe30..379e9ba 100644
--- a/app/start.go
+++ b/app/start.go
@@ -46,6 +46,7 @@ func Start(conf common.Conf, dbO *sql.DB) *gin.Engine {
 			gv1.GET("/badges", Method(v1.BadgesGET, common.PrivilegeRead))
 			gv1.GET("/beatmaps", Method(v1.BeatmapGET, common.PrivilegeRead))
 			gv1.GET("/leaderboard", Method(v1.LeaderboardGET, common.PrivilegeRead))
+			gv1.GET("/tokens", Method(v1.TokenGET, common.PrivilegeRead))
 
 			// ReadConfidential privilege required
 			gv1.GET("/friends", Method(v1.FriendsGET, common.PrivilegeReadConfidential))
@@ -70,6 +71,10 @@ func Start(conf common.Conf, dbO *sql.DB) *gin.Engine {
 			gv1.GET("/meta/kill", Method(v1.MetaKillGET, common.PrivilegeAPIMeta))
 			gv1.GET("/meta/up_since", Method(v1.MetaUpSinceGET, common.PrivilegeAPIMeta))
 			gv1.GET("/meta/update", Method(v1.MetaUpdateGET, common.PrivilegeAPIMeta))
+
+			// User Managing + meta
+			gv1.GET("/tokens/fix_privileges", Method(v1.TokenFixPrivilegesGET,
+				common.PrivilegeManageUser, common.PrivilegeAPIMeta))
 		}
 
 		api.GET("/status", internals.Status)
diff --git a/app/v1/manage_user.go b/app/v1/manage_user.go
index 684826b..b80aa86 100644
--- a/app/v1/manage_user.go
+++ b/app/v1/manage_user.go
@@ -29,6 +29,7 @@ func UserManageSetAllowedPOST(md common.MethodData) common.CodeMessager {
 		md.Err(err)
 		return Err500
 	}
+	go fixPrivileges(data.UserID, md.DB)
 	query := `
 SELECT users.id, users.username, register_datetime, rank,
 	latest_activity, users_stats.username_aka,
diff --git a/app/v1/token.go b/app/v1/token.go
index 0fdec5c..f1e6db8 100644
--- a/app/v1/token.go
+++ b/app/v1/token.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 
 	"git.zxq.co/ripple/rippleapi/common"
+	"git.zxq.co/ripple/schiavolib"
 	"golang.org/x/crypto/bcrypt"
 )
 
@@ -137,3 +138,85 @@ func TokenSelfDeleteGET(md common.MethodData) common.CodeMessager {
 	}
 	return common.SimpleResponse(200, "Bye!")
 }
+
+type token struct {
+	ID          int    `json:"id"`
+	Privileges  uint64 `json:"privileges"`
+	Description string `json:"description"`
+}
+type tokenResponse struct {
+	common.ResponseBase
+	Tokens []token `json:"token"`
+}
+
+// TokenGET retrieves a list listing all the user's public tokens.
+func TokenGET(md common.MethodData) common.CodeMessager {
+	rows, err := md.DB.Query("SELECT id, privileges, description FROM tokens WHERE user = ? AND private = '0'", md.ID())
+	if err != nil {
+		return Err500
+	}
+	var r tokenResponse
+	for rows.Next() {
+		var t token
+		err = rows.Scan(&t.ID, &t.Privileges, &t.Description)
+		if err != nil {
+			md.Err(err)
+			continue
+		}
+		r.Tokens = append(r.Tokens, t)
+	}
+	r.Code = 200
+	return r
+}
+
+// TokenFixPrivilegesGET fixes the privileges on the token of the given user,
+// or of all the users if no user is given.
+func TokenFixPrivilegesGET(md common.MethodData) common.CodeMessager {
+	id := common.Int(md.C.Query("id"))
+	if md.C.Query("id") == "self" {
+		id = md.ID()
+	}
+	go fixPrivileges(id, md.DB)
+	return common.SimpleResponse(200, "Privilege fixing started!")
+}
+
+func fixPrivileges(user int, db *sql.DB) {
+	var wc string
+	var params = make([]interface{}, 0, 1)
+	if user != 0 {
+		// dirty, but who gives a shit
+		wc = "WHERE user = ?"
+		params = append(params, user)
+	}
+	rows, err := db.Query(`
+SELECT
+	tokens.id, tokens.privileges, users.rank
+FROM tokens
+LEFT JOIN users ON users.id = tokens.user
+`+wc, params...)
+	if err != nil {
+		fmt.Println(err)
+		schiavo.Bunker.Send(err.Error())
+		return
+	}
+	for rows.Next() {
+		var (
+			id       int
+			privsRaw uint64
+			privs    common.Privileges
+			newPrivs common.Privileges
+			rank     int
+		)
+		rows.Scan(&id, &privsRaw, &rank)
+		privs = common.Privileges(privsRaw)
+		newPrivs = privs.CanOnly(rank)
+		if newPrivs != privs {
+			_, err := db.Exec("UPDATE tokens SET privileges = ? WHERE id = ? LIMIT 1", uint64(newPrivs), id)
+			if err != nil {
+				fmt.Println(err)
+				schiavo.Bunker.Send(err.Error())
+				continue
+			}
+		}
+	}
+}