Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add GraphQL API for managing rooms #399

Merged
merged 140 commits into from
Dec 14, 2020
Merged
Show file tree
Hide file tree
Changes from 38 commits
Commits
Show all changes
140 commits
Select commit Hold shift + click to select a range
98ed136
GraphQL API WIP
robertlong Jul 16, 2020
55b1260
Fix formatting and remove inspect
robertlong Jul 16, 2020
bd512d5
Use a changeset error handling middleware
robertlong Jul 16, 2020
3da617c
Add pagination to public rooms query
robertlong Jul 16, 2020
d396147
Add myRooms and authenticated routes
robertlong Jul 16, 2020
8ea148a
Add favorite rooms query
robertlong Jul 16, 2020
c28f8fb
Add more room and scene fields
robertlong Jul 16, 2020
6e718e1
Use dataloader for batch fetching scenes
robertlong Jul 16, 2020
b269d9b
Fix typo in comment
johnshaughnessy Jul 30, 2020
ada6276
specify preferred json codec
johnshaughnessy Jul 30, 2020
bdc1f8d
Add test cases for room query
johnshaughnessy Jul 30, 2020
125769c
DRY up tests
johnshaughnessy Jul 30, 2020
6883a09
Remove unused "variables" from tests
johnshaughnessy Jul 30, 2020
1a5853f
DRY : add assign_creator function
johnshaughnessy Jul 30, 2020
b585a8c
Rename put_auth_header_for_email
johnshaughnessy Jul 30, 2020
002f1e9
DRY: put_auth_header_for_account
johnshaughnessy Jul 30, 2020
66d8c4a
DRY: graphql query
johnshaughnessy Jul 30, 2020
b7c55e5
Don't need to hit the iql api
johnshaughnessy Jul 30, 2020
96d27c8
Test room creation. Add default creator assignment
johnshaughnessy Jul 30, 2020
6b4c0b6
Specify json_codec
johnshaughnessy Jul 30, 2020
fec3753
Add room name to mutation result
johnshaughnessy Jul 30, 2020
012d040
Test pagination
johnshaughnessy Jul 30, 2020
0e3f85e
Fix warnings
johnshaughnessy Jul 30, 2020
8f2611c
Formatting
johnshaughnessy Jul 30, 2020
e60ddff
Add mutation for updating room name
johnshaughnessy Aug 17, 2020
2f4c8bb
Add capabilities to room resolver
johnshaughnessy Aug 24, 2020
ee0a66c
Refactor for readability
johnshaughnessy Aug 24, 2020
4afe9d6
Broadcast changes to anyone connected to the hub channel
johnshaughnessy Aug 24, 2020
5a81895
Add ability to update member_permissions
johnshaughnessy Aug 24, 2020
81726e7
Remove unused vars
johnshaughnessy Aug 24, 2020
15d6475
Add some documentation for the API
johnshaughnessy Aug 25, 2020
c5e89eb
Fixup doc
johnshaughnessy Aug 25, 2020
5dc75b3
Add ability to modify allow_promotion
johnshaughnessy Aug 25, 2020
57a052f
Add descriptions to graphql objects/fields
johnshaughnessy Aug 26, 2020
20328ed
Add descriptions to scene types
johnshaughnessy Aug 26, 2020
67dd3c0
Match on Repo.update errors
johnshaughnessy Aug 27, 2020
342c165
Make specifying a room name optional. Add other fields
johnshaughnessy Aug 27, 2020
1b06615
Authorization is enforced on a per-resolver basis
johnshaughnessy Aug 28, 2020
568548f
Fix failing test case for allow_promotion
johnshaughnessy Sep 9, 2020
f8f8477
Add helper script for setting Authorization header
johnshaughnessy Sep 9, 2020
dcc8672
Remove duplicate field
johnshaughnessy Sep 9, 2020
634f0f4
Setup guardian_db and ApiTokens
johnshaughnessy Sep 18, 2020
6de2ca2
Show that revoked token cannot be verified in test
johnshaughnessy Sep 18, 2020
8c0e869
Confer permissions onto api tokens
johnshaughnessy Sep 18, 2020
c8ac232
Remove hub_refresh_by_api
johnshaughnessy Sep 28, 2020
3841cbb
Add primitive timing info as middleware
johnshaughnessy Sep 29, 2020
01a6331
Build up middleware incrementally
johnshaughnessy Sep 29, 2020
5a47417
Merge remote-tracking branch 'origin/feature/api-tokens' into feature…
johnshaughnessy Sep 29, 2020
18b4b62
Verify the permissions on graphql api usage
johnshaughnessy Sep 30, 2020
02c76c3
Start handling auth_errors in the plug
johnshaughnessy Sep 30, 2020
028c3ae
Update guardian so we can avoid halt on error
johnshaughnessy Sep 30, 2020
693204d
Add guardian_phoenix after guardian upgrade
johnshaughnessy Sep 30, 2020
1d9fedd
Fix tests. Check for token in middleware.
johnshaughnessy Oct 1, 2020
5f03033
Tighten up error handling / reporting
johnshaughnessy Oct 1, 2020
5aa730c
Add TODO's from talking with Dom
johnshaughnessy Oct 2, 2020
61e097d
Rename return_error -> put_error_result
johnshaughnessy Oct 9, 2020
81c84e8
Rename Context -> AddAbsintheContext
johnshaughnessy Oct 9, 2020
5c6b08c
Rename context.ex -> add_absinthe_context.ex
johnshaughnessy Oct 9, 2020
d9caf59
Remove unused middleware. Rename PutErrorResult
johnshaughnessy Oct 9, 2020
85301be
Add mix task for generating api tokens
johnshaughnessy Oct 10, 2020
edb17af
Remove unused middleware
johnshaughnessy Oct 10, 2020
b7eabe2
Implement scopes and app_tokens
johnshaughnessy Oct 13, 2020
6db7fcf
Modify helper mix task for generating tokens
johnshaughnessy Oct 13, 2020
f365bca
Remove insert auth header helper
johnshaughnessy Oct 13, 2020
e699e8b
Minor changes
johnshaughnessy Oct 16, 2020
f96f226
Remove unnecessary middleware
johnshaughnessy Oct 16, 2020
69902c7
Rename Ret.ApiToken -> Ret.Api.Token
johnshaughnessy Oct 16, 2020
f652f0c
Update room access pattern for user and app tokens
johnshaughnessy Oct 19, 2020
9a5c089
Fix tests and warnings
johnshaughnessy Oct 19, 2020
dc45130
Generate random room names
johnshaughnessy Oct 20, 2020
5084f61
Reimplement create and update room with auth
johnshaughnessy Oct 20, 2020
05d8008
Add some notes for graphiql testing
johnshaughnessy Oct 20, 2020
a279ce5
Remove unused middleware
johnshaughnessy Oct 20, 2020
b9a7175
Remove commented code
johnshaughnessy Oct 20, 2020
82108fd
Remove unused permissions
johnshaughnessy Oct 20, 2020
a386b8f
Remove IO.inspect
johnshaughnessy Oct 20, 2020
b876e86
Fix warnings
johnshaughnessy Oct 21, 2020
1de05d7
Implement can? for :reticulum_app_token
johnshaughnessy Oct 21, 2020
e2eec9b
Put generated token onto clipboard
johnshaughnessy Oct 21, 2020
6f5a4e6
Check permissions for getting public rooms
johnshaughnessy Oct 21, 2020
f121458
Remove unused function
johnshaughnessy Oct 21, 2020
2eb4934
Remove unused function
johnshaughnessy Oct 21, 2020
497d97c
Remove outdated tests
johnshaughnessy Oct 21, 2020
550863c
Add comments
johnshaughnessy Oct 22, 2020
7f1c1cb
Lengthen ttl
johnshaughnessy Oct 22, 2020
9f23b27
Create API token module. Replace jwt's in API
johnshaughnessy Oct 28, 2020
dfaf3f8
Remove guardian db
johnshaughnessy Oct 28, 2020
884893b
Remove unused secrets
johnshaughnessy Oct 28, 2020
3040fb4
Remove unused function
johnshaughnessy Oct 28, 2020
8dc209c
Removed unused alias/import
johnshaughnessy Oct 28, 2020
c88e0a0
(Re)Implement revoke for tokens
johnshaughnessy Oct 28, 2020
272003d
Fix introspection queries and invalid token errors
johnshaughnessy Oct 28, 2020
c5096c7
Check for introspection types how Absinthe does
johnshaughnessy Oct 28, 2020
75a2087
Fix warnings
johnshaughnessy Oct 28, 2020
6c22990
Remove TODO
johnshaughnessy Oct 28, 2020
d3bf787
Fix tests
johnshaughnessy Oct 28, 2020
300bf33
Add sample graphiql workspace
johnshaughnessy Oct 28, 2020
a32f840
Format
johnshaughnessy Oct 28, 2020
6f810a4
Update API Guide
johnshaughnessy Oct 28, 2020
8a2e6f4
Remove graphiql notes
johnshaughnessy Oct 28, 2020
737b716
Update scopes table in guide
johnshaughnessy Oct 28, 2020
04ee343
Update formatting in guide
johnshaughnessy Oct 28, 2020
8d0d6df
Update justification in guide table
johnshaughnessy Oct 28, 2020
560da97
Remove unused error message
johnshaughnessy Oct 29, 2020
275cfde
Move dataloader config
johnshaughnessy Oct 29, 2020
617a3bf
Change title of guide
johnshaughnessy Oct 29, 2020
59153bf
Do not assume xclip exists
johnshaughnessy Nov 13, 2020
0df81f4
Check write_rooms scope to allow update_hub
johnshaughnessy Nov 13, 2020
c856764
Remove things from documentation that are not done
johnshaughnessy Nov 13, 2020
aa718ae
Check hub_bindings before allowed embeds
johnshaughnessy Nov 13, 2020
f8919ab
Remove API credentials expiration
johnshaughnessy Nov 17, 2020
a088b2f
Include rooms whose entry mode is invite
johnshaughnessy Nov 17, 2020
8ef4ba1
Return more specific token error: :token_revoked
johnshaughnessy Nov 17, 2020
6d19640
Return scene or scene_listing in room result
johnshaughnessy Nov 17, 2020
e7aa161
Add json scalar type for user_data
johnshaughnessy Nov 17, 2020
6d1999b
Add missing close parenthesis
johnshaughnessy Nov 17, 2020
465f637
Add indexes and prevent null in credentials table schema
johnshaughnessy Nov 17, 2020
6afdb17
Fix query for favorite rooms
johnshaughnessy Nov 17, 2020
0c9638f
Define internal functions with defp
johnshaughnessy Nov 17, 2020
9009d96
Fix call to internal function
johnshaughnessy Nov 17, 2020
4923a66
Remove max_page_size
johnshaughnessy Nov 17, 2020
016d737
Fix credential changeset validation/constraints
johnshaughnessy Nov 17, 2020
832898b
Do not have all tokens end in "09"
johnshaughnessy Nov 17, 2020
50f7df6
Prefix the sid to the rest of the token
johnshaughnessy Nov 17, 2020
ec55da4
Update comment for Can impl for Atom
johnshaughnessy Nov 17, 2020
0eabfb3
Add create_room function for api
johnshaughnessy Nov 18, 2020
4d1d9c8
Fixup scene changes and member permissions
johnshaughnessy Nov 19, 2020
ec9cd68
Fix member perm parsing: return ArgumentError
johnshaughnessy Nov 19, 2020
7059fdd
Remove unused test queries
johnshaughnessy Nov 19, 2020
461de60
Update workspace
johnshaughnessy Dec 7, 2020
4bdde03
PR feedback
johnshaughnessy Dec 14, 2020
70bb8a5
Remove issued_at field
johnshaughnessy Dec 14, 2020
a02026d
Add (regular) API to manage (graphql) credentials
johnshaughnessy Dec 9, 2020
2b633c1
Expand admin account permissions
johnshaughnessy Dec 10, 2020
e448b99
Remove create_accounts scope
johnshaughnessy Dec 14, 2020
80c275d
Create test helper
johnshaughnessy Dec 14, 2020
3b49320
PR Feedback
johnshaughnessy Dec 14, 2020
ca9ab00
Require a server-level flag for graphql api
johnshaughnessy Dec 14, 2020
d3adae7
lint
johnshaughnessy Dec 14, 2020
2de8003
Merge pull request #436 from mozilla/feature/credentials-api
johnshaughnessy Dec 14, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
237 changes: 237 additions & 0 deletions guides/api.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,237 @@
# Overview
Reticulum includes a [GraphQL](https://graphql.org/) API to better allow you to customize the app to your specific needs.

## Accessing the API
The API can be accessed by sending `GET` or `POST` requests to `/api/v2/`.
Requests can be sent in code with an `HTTP` client library, on the command line with a tool like `curl`, with a GraphQL-specific client library, or any other tool that speaks `HTTP`. There is also an interactive GUI for accessing the API available at `/api/v2/graphiql`.

## Authenticating requests
Most requests sent to the API need to be authenticated. To authenticate a request, add the http header `Authorization` with value `Bearer: <your API token>`. Currently, your API token is the same as your account token, which you can find with the following steps:
- Navigate to the homepage
- Sign in
- Open the developer console of your browser. (
Instructions for opening the console in firefox: https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Opening_the_Web_Console
Instructions for chrome: https://developers.google.com/web/tools/chrome-devtools/open)
- Type `window.APP.store.state.credentials.token` into the console and press enter.
- Your token should be returned surrounded by quotations marks (`"<your API token here>"`)

It is likely that the authentication method will change in future releases of the API to include something like API tokens whose permissions can be limited to specific scopes, so that people are not encouraged to share admin account tokens. Sharing account tokens is dangerous - don't do it.

## Passing arguments
We use a library called [`absinthe`](http://absinthe-graphql.org/) to power the `GraphQL` API. This library automatically converts between `camelCase` (a typical convention in `javascript`) and `snake_case` (a typical convention in `elixir`). For this reason, you will send and receive arguments and values in `camelCase`, but will see the corresponding values in `elixir` code as `snake_case`.

## Rooms
The following examples show the capabilities of creating, querying, and modifying rooms. The code for these commands and object types can be found in [`/lib/ret_web/schema/room_types.ex`](../lib/ret_web/schema/room_types.ex)

### Create a room
Request:
```
mutation {
createRoom(name:"My Fun Get-Together"){
id
}
}
```
Response:
```js
{
"data": {
"createRoom": {
"id": "3FqxixG"
}
}
}
```

### Querying Rooms
Room queries return a `RoomList` object, which paginates responses. For a specific page or page size, pass the `page` or `pageSize` arguments along with the request.

#### My rooms
Request:
```
query {
myRooms(page: 1, pageSize: 10) {
entries {
name,
id,
scene {
... on Scene {
id,
name
}
... on SceneListing{
id,
name
}
}
}
}
}
```
Response:
```js
{
"data": {
"myRooms": {
"entries": [
{
"id": "3FqxixG",
"name": "My Fun Get-Together",
"scene": null
},
{
"id": "FmNKVjL",
"name": "Foo",
"scene": {
"id": "tXkCgJw",
"name": "Crater 2"
}
},
"scene": {
"id": "74VD2Et",
"name": "Crater"
}
]
}
}
}
```

#### Query my favorite rooms
Request:
```
query {
myFavorites {
entries {
name,
id
}
}
}
```
Response:
```js
{
"data": {
"favoriteRooms": {
"entries": [
{
"id": "4jByd2w",
"name": "Uniform Ready Social"
},
{
"id": "5wQhhbG",
"name": "Angelic Vibrant Spot"
},
{
"id": "RmNv2k2",
"name": "Golden Perfect Volume"
},
]
}
}
}
```


#### Query public rooms
Request:
```
query {
publicRooms {
entries {
name,
id
}
}
}
```
Response:
```js
{
"data": {
"publicRooms": {
"entries": [
{
"id": "z7LQiNi",
"name": "Big Time Room"
},
{
"id": "SVnhCWq",
"name": "sdafasdf"
}
]
}
}
}
```

### Updating rooms
#### Set room properties like `name`, `description`, and `roomSize`
```
mutation {
updateRoom(
id:"FmNKVjL",
name:"Foo bar baz",
description:"Some description",
roomSize:15,
) {
id
}
}
```
#### Change the scene of a given room:
```
mutation {
updateRoom(
id:"FmNKVjL",
sceneId: "74VD2Et",
) {
id
}
}
```

#### Change member permissions in the room:
```
mutation {
updateRoom(
id:"FmNKVjL",
memberPermissions: {
fly: true,
spawnEmoji: true,
spawnDrawing: true,
pinObjects: false,
spawnCamera: false,
spawnAndMoveMedia: true
}
) {
id
}
}
```
### Change everything all in one go:

```
mutation {
updateRoom(
id:"FmNKVjL",
name:"Foo bar baz",
description:"Some description",
roomSize:15,
sceneId: "74VD2Et",
memberPermissions: {
fly: true,
spawnEmoji: true,
spawnDrawing: true,
pinObjects: false,
spawnCamera: false,
spawnAndMoveMedia: true
}
) {
id
}
}
```


92 changes: 88 additions & 4 deletions lib/ret/hub.ex
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@ defmodule Ret.Hub do
RoomAssigner,
BitFieldUtils,
HubRoleMembership,
AppConfig
AppConfig,
AccountFavorite
}

alias Ret.Hub.{HubSlug}
Expand Down Expand Up @@ -133,6 +134,14 @@ defmodule Ret.Hub do
|> changeset(scene_or_scene_listing, params)
end

def create(params) do
scene_or_scene_listing = get_scene_or_scene_listing(params)

%Hub{}
|> changeset(scene_or_scene_listing, params)
|> Repo.insert()
end

defp get_scene_or_scene_listing(params) do
if is_nil(params["scene_id"]) do
SceneListing.get_random_default_scene_listing()
Expand All @@ -141,13 +150,46 @@ defmodule Ret.Hub do
end
end

def get_scene_or_scene_listing_by_id(nil) do
SceneListing.get_random_default_scene_listing()
end

def get_scene_or_scene_listing_by_id(id) do
Scene.scene_or_scene_listing_by_sid(id)
end
johnshaughnessy marked this conversation as resolved.
Show resolved Hide resolved

def get_by_entry_code_string(entry_code_string) when is_binary(entry_code_string) do
case Integer.parse(entry_code_string) do
{entry_code, _} -> Hub |> Repo.get_by(entry_code: entry_code)
_ -> nil
end
end

def get_my_rooms(account, params) do
Hub
|> where([h], h.created_by_account_id == ^account.account_id and h.entry_mode == ^"allow")
johnshaughnessy marked this conversation as resolved.
Show resolved Hide resolved
|> order_by(desc: :inserted_at)
|> preload(^Hub.hub_preloads())
johnshaughnessy marked this conversation as resolved.
Show resolved Hide resolved
|> Repo.paginate(params)
end

def get_favorite_rooms(account, params) do
Hub
|> where([h], h.entry_mode == ^"allow")
|> join(:inner, [h], f in AccountFavorite, on: f.hub_id == h.hub_id and f.account_id == ^account.account_id)
|> order_by([h, f], desc: f.last_activated_at)
|> preload(^Hub.hub_preloads())
|> Repo.paginate(params)
end

def get_public_rooms(params) do
Hub
|> where([h], h.allow_promotion and h.entry_mode == ^"allow")
|> order_by(desc: :inserted_at)
|> preload(^Hub.hub_preloads())
|> Repo.paginate(params)
end

def changeset(%Hub{} = hub, %Scene{} = scene, attrs) do
hub
|> changeset(nil, attrs)
Expand Down Expand Up @@ -189,9 +231,9 @@ defmodule Ret.Hub do
attrs["member_permissions"] |> Map.new(fn {k, v} -> {String.to_atom(k), v} end) |> member_permissions_to_int
end

def add_member_permissions_update_to_changeset(changeset, hub, attrs) do
defp add_member_permissions_update_to_changeset(changeset, hub, member_permissions) do
member_permissions =
Map.merge(member_permissions_for_hub(hub), attrs["member_permissions"])
Map.merge(member_permissions_for_hub(hub), member_permissions)
|> Map.new(fn {k, v} -> {String.to_atom(k), v} end)
|> member_permissions_to_int

Expand All @@ -212,7 +254,7 @@ defmodule Ret.Hub do
end

def add_promotion_to_changeset(changeset, attrs) do
changeset |> put_change(:allow_promotion, !!attrs["allow_promotion"])
changeset |> put_change(:allow_promotion, !!attrs["allow_promotion"] || !!attrs.allow_promotion)
end

def changeset_for_new_seen_occupant_count(%Hub{} = hub, occupant_count) do
Expand Down Expand Up @@ -349,6 +391,15 @@ defmodule Ret.Hub do
hub.room_size || AppConfig.get_cached_config_value("features|default_room_size")
end

def scene_or_scene_listing_for(%Hub{} = hub) do
case hub.scene || hub.scene_listing do
nil -> nil
%Scene{state: :removed} -> nil
%SceneListing{state: :delisted} -> nil
scene -> scene
end
end

defp changeset_for_new_entry_code(%Hub{} = hub) do
hub
|> Ecto.Changeset.change()
Expand Down Expand Up @@ -542,6 +593,39 @@ defmodule Ret.Hub do
|> Map.new(fn {k, v} -> {Atom.to_string(k), v} end)
end

def member_permissions_for_hub_as_atoms(%Hub{} = hub) do
hub.member_permissions
|> BitFieldUtils.permissions_to_map(@member_permissions)
end

def maybe_add_member_permissions(changeset, hub, %{"member_permissions" => member_permissions}) do
add_member_permissions_update_to_changeset(
changeset,
hub,
member_permissions
)
end

def maybe_add_member_permissions(changeset, hub, %{:member_permissions => member_permissions}) do
add_member_permissions_update_to_changeset(
changeset,
hub,
Map.new(member_permissions, fn {k, v} -> {Atom.to_string(k), v} end)
)
end

def maybe_add_member_permissions(changeset, _hub, _params) do
changeset
end

def maybe_add_promotion(changeset, account, hub, %{"allow_promotion" => _} = hub_params),
do: changeset |> Hub.maybe_add_promotion_to_changeset(account, hub, hub_params)

def maybe_add_promotion(changeset, account, hub, %{allow_promotion: _} = hub_params),
do: changeset |> Hub.maybe_add_promotion_to_changeset(account, hub, hub_params)

def maybe_add_promotion(changeset, _account, _hub, _), do: changeset

# The account argument here can be a Ret.Account, a Ret.OAuthProvider or nil.
def perms_for_account(%Ret.Hub{} = hub, account) do
%{
Expand Down
2 changes: 1 addition & 1 deletion lib/ret/repo.ex
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
defmodule Ret.Repo do
use Ecto.Repo, otp_app: :ret, adapter: Ecto.Adapters.Postgres
use Scrivener, page_size: 20
use Scrivener, page_size: 20, max_page_size: 50
johnshaughnessy marked this conversation as resolved.
Show resolved Hide resolved

def init(_, opts) do
{:ok, Keyword.put(opts, :url, System.get_env("DATABASE_URL"))}
Expand Down
Loading