feat(api): public read API (PublicView projection, paginated list + get, OpenAPI)
This commit is contained in:
@@ -9,6 +9,8 @@ axum.workspace = true
|
||||
serde.workspace = true
|
||||
utoipa.workspace = true
|
||||
db = { path = "../db" }
|
||||
domain = { path = "../domain" }
|
||||
uuid.workspace = true
|
||||
|
||||
[dev-dependencies]
|
||||
tokio.workspace = true
|
||||
@@ -16,3 +18,4 @@ tower.workspace = true
|
||||
http-body-util.workspace = true
|
||||
serde_json.workspace = true
|
||||
sqlx.workspace = true
|
||||
domain = { path = "../domain" }
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
mod health;
|
||||
mod openapi;
|
||||
mod public;
|
||||
|
||||
use axum::Router;
|
||||
use db::Db;
|
||||
@@ -20,5 +21,6 @@ pub fn build_app(state: AppState) -> Router {
|
||||
Router::new()
|
||||
.merge(health::routes())
|
||||
.merge(openapi::routes())
|
||||
.merge(public::routes())
|
||||
.with_state(state)
|
||||
}
|
||||
|
||||
@@ -1,12 +1,17 @@
|
||||
use axum::{Json, Router, extract::State, routing::get};
|
||||
use utoipa::OpenApi;
|
||||
|
||||
use crate::{AppState, health};
|
||||
use crate::{AppState, health, public};
|
||||
|
||||
#[derive(OpenApi)]
|
||||
#[openapi(
|
||||
paths(health::live, health::ready),
|
||||
components(schemas(health::Live, health::Ready)),
|
||||
paths(health::live, health::ready, public::list_objects, public::get_object),
|
||||
components(schemas(
|
||||
health::Live,
|
||||
health::Ready,
|
||||
public::PublicView,
|
||||
public::PublicObjectPage
|
||||
)),
|
||||
info(title = "Collection Management System", version = "0.0.0")
|
||||
)]
|
||||
struct ApiDoc;
|
||||
|
||||
@@ -0,0 +1,135 @@
|
||||
//! Public, unauthenticated, read-only surface (`/api/public/**`).
|
||||
//!
|
||||
//! Serves only `public` records as a [`PublicView`] — a projection that carries
|
||||
//! ONLY public-safe fields. The never-public set (location, owner, recorder, dates,
|
||||
//! and any flexible fields) is excluded by construction: the type lacks those fields,
|
||||
//! so leaking one here is impossible. Per-field publishability (to surface selected
|
||||
//! flexible fields) is post-MVP.
|
||||
|
||||
use axum::{
|
||||
Json, Router,
|
||||
extract::{Path, Query, State},
|
||||
http::StatusCode,
|
||||
response::IntoResponse,
|
||||
routing::get,
|
||||
};
|
||||
use domain::{CatalogueObject, ObjectId};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use utoipa::ToSchema;
|
||||
|
||||
use crate::AppState;
|
||||
|
||||
/// A catalogue object as exposed on the public surface (public-safe fields only).
|
||||
#[derive(Serialize, ToSchema)]
|
||||
pub(crate) struct PublicView {
|
||||
/// Stable object id (UUID).
|
||||
pub id: String,
|
||||
pub object_number: String,
|
||||
pub object_name: String,
|
||||
pub brief_description: Option<String>,
|
||||
}
|
||||
|
||||
impl PublicView {
|
||||
fn from_object(object: &CatalogueObject) -> Self {
|
||||
PublicView {
|
||||
id: object.id.to_string(),
|
||||
object_number: object.object_number.clone(),
|
||||
object_name: object.object_name.clone(),
|
||||
brief_description: object.brief_description.clone(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// A page of public objects.
|
||||
#[derive(Serialize, ToSchema)]
|
||||
pub(crate) struct PublicObjectPage {
|
||||
pub items: Vec<PublicView>,
|
||||
/// Total number of public objects (independent of paging).
|
||||
pub total: i64,
|
||||
pub limit: i64,
|
||||
pub offset: i64,
|
||||
}
|
||||
|
||||
/// Pagination query parameters with sane defaults and a hard cap.
|
||||
#[derive(Deserialize)]
|
||||
pub(crate) struct Pagination {
|
||||
limit: Option<i64>,
|
||||
offset: Option<i64>,
|
||||
}
|
||||
|
||||
const DEFAULT_LIMIT: i64 = 50;
|
||||
const MAX_LIMIT: i64 = 200;
|
||||
|
||||
impl Pagination {
|
||||
fn limit(&self) -> i64 {
|
||||
self.limit.unwrap_or(DEFAULT_LIMIT).clamp(1, MAX_LIMIT)
|
||||
}
|
||||
|
||||
fn offset(&self) -> i64 {
|
||||
self.offset.unwrap_or(0).max(0)
|
||||
}
|
||||
}
|
||||
|
||||
/// List public objects (paginated).
|
||||
#[utoipa::path(
|
||||
get,
|
||||
path = "/api/public/objects",
|
||||
params(
|
||||
("limit" = Option<i64>, Query, description = "Max items (1..=200, default 50)"),
|
||||
("offset" = Option<i64>, Query, description = "Items to skip (default 0)")
|
||||
),
|
||||
responses((status = 200, body = PublicObjectPage))
|
||||
)]
|
||||
pub(crate) async fn list_objects(
|
||||
State(state): State<AppState>,
|
||||
Query(page): Query<Pagination>,
|
||||
) -> Result<Json<PublicObjectPage>, StatusCode> {
|
||||
let (limit, offset) = (page.limit(), page.offset());
|
||||
|
||||
let objects = db::catalog::list_public_objects(state.db.pool(), limit, offset)
|
||||
.await
|
||||
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
|
||||
|
||||
let total = db::catalog::count_public_objects(state.db.pool())
|
||||
.await
|
||||
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
|
||||
|
||||
Ok(Json(PublicObjectPage {
|
||||
items: objects.iter().map(PublicView::from_object).collect(),
|
||||
total,
|
||||
limit,
|
||||
offset,
|
||||
}))
|
||||
}
|
||||
|
||||
/// Get one public object by id. Returns 404 if missing OR not public.
|
||||
#[utoipa::path(
|
||||
get,
|
||||
path = "/api/public/objects/{id}",
|
||||
params(("id" = String, Path, description = "Object id (UUID)")),
|
||||
responses(
|
||||
(status = 200, body = PublicView),
|
||||
(status = 404, description = "No public object with that id")
|
||||
)
|
||||
)]
|
||||
pub(crate) async fn get_object(
|
||||
State(state): State<AppState>,
|
||||
Path(id): Path<String>,
|
||||
) -> impl IntoResponse {
|
||||
let Ok(object_id) = id.parse::<ObjectId>() else {
|
||||
return StatusCode::NOT_FOUND.into_response();
|
||||
};
|
||||
|
||||
match db::catalog::public_object_by_id(state.db.pool(), object_id).await {
|
||||
Ok(Some(object)) => Json(PublicView::from_object(&object)).into_response(),
|
||||
Ok(None) => StatusCode::NOT_FOUND.into_response(),
|
||||
Err(_) => StatusCode::INTERNAL_SERVER_ERROR.into_response(),
|
||||
}
|
||||
}
|
||||
|
||||
/// Public routes, parameterized over [`AppState`].
|
||||
pub(crate) fn routes() -> Router<AppState> {
|
||||
Router::new()
|
||||
.route("/api/public/objects", get(list_objects))
|
||||
.route("/api/public/objects/{id}", get(get_object))
|
||||
}
|
||||
@@ -0,0 +1,166 @@
|
||||
use api::{AppState, build_app};
|
||||
use axum::body::Body;
|
||||
use axum::http::{Request, StatusCode};
|
||||
use db::catalog;
|
||||
use domain::{AuditActor, ObjectInput, Visibility};
|
||||
use http_body_util::BodyExt;
|
||||
use sqlx::PgPool;
|
||||
use tower::ServiceExt; // for `oneshot`
|
||||
|
||||
fn state(pool: PgPool) -> AppState {
|
||||
AppState {
|
||||
db: db::Db::from_pool(pool),
|
||||
app_name: "Test".to_string(),
|
||||
}
|
||||
}
|
||||
|
||||
fn object(number: &str, name: &str, visibility: Visibility) -> ObjectInput {
|
||||
ObjectInput {
|
||||
object_number: number.into(),
|
||||
object_name: name.into(),
|
||||
number_of_objects: 1,
|
||||
brief_description: Some("a description".into()),
|
||||
current_location: Some("vault B".into()), // never-public; must NOT appear in output
|
||||
current_owner: Some("the museum".into()), // never-public
|
||||
recorder: None,
|
||||
recording_date: None,
|
||||
visibility,
|
||||
}
|
||||
}
|
||||
|
||||
async fn body_json(resp: axum::http::Response<Body>) -> serde_json::Value {
|
||||
let bytes = resp.into_body().collect().await.unwrap().to_bytes();
|
||||
serde_json::from_slice(&bytes).unwrap()
|
||||
}
|
||||
|
||||
#[sqlx::test(migrations = "../db/migrations")]
|
||||
async fn list_returns_only_public_as_public_view(pool: PgPool) {
|
||||
let db = db::Db::from_pool(pool.clone());
|
||||
let mut tx = db.pool().begin().await.unwrap();
|
||||
catalog::create_object(
|
||||
&mut tx,
|
||||
AuditActor::System,
|
||||
&object("D-1", "draft vase", Visibility::Draft),
|
||||
)
|
||||
.await
|
||||
.unwrap();
|
||||
catalog::create_object(
|
||||
&mut tx,
|
||||
AuditActor::System,
|
||||
&object("P-1", "public vase", Visibility::Public),
|
||||
)
|
||||
.await
|
||||
.unwrap();
|
||||
tx.commit().await.unwrap();
|
||||
|
||||
let app = build_app(state(pool));
|
||||
let resp = app
|
||||
.oneshot(
|
||||
Request::builder()
|
||||
.uri("/api/public/objects")
|
||||
.body(Body::empty())
|
||||
.unwrap(),
|
||||
)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(resp.status(), StatusCode::OK);
|
||||
|
||||
let json = body_json(resp).await;
|
||||
assert_eq!(json["total"], 1);
|
||||
assert_eq!(json["items"].as_array().unwrap().len(), 1);
|
||||
let item = &json["items"][0];
|
||||
assert_eq!(item["object_number"], "P-1");
|
||||
assert_eq!(item["object_name"], "public vase");
|
||||
assert_eq!(item["brief_description"], "a description");
|
||||
assert!(item.get("current_location").is_none());
|
||||
assert!(item.get("current_owner").is_none());
|
||||
assert!(item.get("recorder").is_none());
|
||||
assert!(item.get("visibility").is_none());
|
||||
}
|
||||
|
||||
#[sqlx::test(migrations = "../db/migrations")]
|
||||
async fn get_public_object_returns_it(pool: PgPool) {
|
||||
let db = db::Db::from_pool(pool.clone());
|
||||
let mut tx = db.pool().begin().await.unwrap();
|
||||
let id = catalog::create_object(
|
||||
&mut tx,
|
||||
AuditActor::System,
|
||||
&object("P-1", "public vase", Visibility::Public),
|
||||
)
|
||||
.await
|
||||
.unwrap();
|
||||
tx.commit().await.unwrap();
|
||||
|
||||
let app = build_app(state(pool));
|
||||
let resp = app
|
||||
.oneshot(
|
||||
Request::builder()
|
||||
.uri(format!("/api/public/objects/{id}"))
|
||||
.body(Body::empty())
|
||||
.unwrap(),
|
||||
)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(resp.status(), StatusCode::OK);
|
||||
let json = body_json(resp).await;
|
||||
assert_eq!(json["object_number"], "P-1");
|
||||
assert!(json.get("current_location").is_none());
|
||||
}
|
||||
|
||||
#[sqlx::test(migrations = "../db/migrations")]
|
||||
async fn get_non_public_object_is_404(pool: PgPool) {
|
||||
let db = db::Db::from_pool(pool.clone());
|
||||
let mut tx = db.pool().begin().await.unwrap();
|
||||
let id = catalog::create_object(
|
||||
&mut tx,
|
||||
AuditActor::System,
|
||||
&object("D-1", "draft vase", Visibility::Draft),
|
||||
)
|
||||
.await
|
||||
.unwrap();
|
||||
tx.commit().await.unwrap();
|
||||
|
||||
let app = build_app(state(pool));
|
||||
let resp = app
|
||||
.oneshot(
|
||||
Request::builder()
|
||||
.uri(format!("/api/public/objects/{id}"))
|
||||
.body(Body::empty())
|
||||
.unwrap(),
|
||||
)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(resp.status(), StatusCode::NOT_FOUND); // not 403 — don't leak existence
|
||||
}
|
||||
|
||||
#[sqlx::test(migrations = "../db/migrations")]
|
||||
async fn get_missing_object_is_404(pool: PgPool) {
|
||||
let app = build_app(state(pool));
|
||||
let resp = app
|
||||
.oneshot(
|
||||
Request::builder()
|
||||
.uri(format!("/api/public/objects/{}", domain::ObjectId::new()))
|
||||
.body(Body::empty())
|
||||
.unwrap(),
|
||||
)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(resp.status(), StatusCode::NOT_FOUND);
|
||||
}
|
||||
|
||||
#[sqlx::test(migrations = "../db/migrations")]
|
||||
async fn openapi_lists_the_public_paths(pool: PgPool) {
|
||||
let app = build_app(state(pool));
|
||||
let resp = app
|
||||
.oneshot(
|
||||
Request::builder()
|
||||
.uri("/api-docs/openapi.json")
|
||||
.body(Body::empty())
|
||||
.unwrap(),
|
||||
)
|
||||
.await
|
||||
.unwrap();
|
||||
let json = body_json(resp).await;
|
||||
assert!(json["paths"]["/api/public/objects"].is_object());
|
||||
assert!(json["paths"]["/api/public/objects/{id}"].is_object());
|
||||
}
|
||||
Reference in New Issue
Block a user