Skip to content

Commit d7e7d66

Browse files
committed
refactor: update event and organizer routes to use user context for authorization; enhance API token validation and migration for api_tokens table
1 parent 5884432 commit d7e7d66

9 files changed

Lines changed: 1005 additions & 268 deletions

File tree

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
.cursor/mcp.json
Lines changed: 25 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,26 @@
1-
CREATE TABLE api_tokens (
2-
id BIGSERIAL PRIMARY KEY,
3-
account_id BIGINT NOT NULL REFERENCES accounts(id) ON DELETE CASCADE,
4-
token_hmac BYTEA NOT NULL UNIQUE,
5-
label TEXT NOT NULL DEFAULT '',
6-
token_last_four TEXT NOT NULL,
7-
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
8-
last_used_at TIMESTAMPTZ
9-
);
1+
DO $$
2+
BEGIN
3+
IF EXISTS (
4+
SELECT 1
5+
FROM information_schema.columns
6+
WHERE table_schema = 'public'
7+
AND table_name = 'api_tokens'
8+
AND column_name = 'token'
9+
) THEN
10+
ALTER TABLE api_tokens DROP CONSTRAINT IF EXISTS api_tokens_token_key;
11+
ALTER TABLE api_tokens DROP COLUMN token;
12+
TRUNCATE api_tokens RESTART IDENTITY;
13+
END IF;
14+
END $$;
1015

11-
CREATE INDEX idx_api_tokens_account_id ON api_tokens(account_id);
16+
ALTER TABLE api_tokens ADD COLUMN IF NOT EXISTS account_id BIGINT REFERENCES accounts(id) ON DELETE CASCADE;
17+
ALTER TABLE api_tokens ADD COLUMN IF NOT EXISTS token_hmac BYTEA;
18+
ALTER TABLE api_tokens ADD COLUMN IF NOT EXISTS label TEXT NOT NULL DEFAULT '';
19+
ALTER TABLE api_tokens ADD COLUMN IF NOT EXISTS token_last_four TEXT NOT NULL DEFAULT '';
20+
ALTER TABLE api_tokens ADD COLUMN IF NOT EXISTS last_used_at TIMESTAMPTZ;
21+
22+
ALTER TABLE api_tokens ALTER COLUMN account_id SET NOT NULL;
23+
ALTER TABLE api_tokens ALTER COLUMN token_hmac SET NOT NULL;
24+
25+
CREATE UNIQUE INDEX IF NOT EXISTS api_tokens_token_hmac_key ON api_tokens (token_hmac);
26+
CREATE INDEX IF NOT EXISTS idx_api_tokens_account_id ON api_tokens (account_id);

backend/src/error.rs

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,22 @@ impl AppError {
5050
Self::ServiceUnavailable(msg.into())
5151
}
5252

53+
pub(crate) fn http_status(&self) -> StatusCode {
54+
self.status_code()
55+
}
56+
57+
pub(crate) fn safe_jsonrpc_message(&self) -> String {
58+
match self {
59+
AppError::NotFound { message } => message.clone(),
60+
AppError::Validation(message) => message.clone(),
61+
AppError::Unauthorized(message) => message.clone(),
62+
AppError::ServiceUnavailable(_) => "service unavailable".to_string(),
63+
AppError::Internal(_) | AppError::Sqlx(_) | AppError::Serde(_) | AppError::Email(_) => {
64+
"request failed".to_string()
65+
}
66+
}
67+
}
68+
5369
fn status_code(&self) -> StatusCode {
5470
match self {
5571
AppError::NotFound { .. } => StatusCode::NOT_FOUND,

backend/src/main.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -256,6 +256,7 @@ async fn main() {
256256

257257
let app = Router::new()
258258
.merge(api)
259+
.merge(routes::mcp::router())
259260
.layer(cors)
260261
.layer(SetResponseHeaderLayer::overriding(
261262
header::X_FRAME_OPTIONS,

0 commit comments

Comments
 (0)