This commit is contained in:
Tyler Murphy 2023-02-02 16:15:19 -05:00
parent 556cbdf168
commit ecb815043a
4 changed files with 676 additions and 1 deletions

542
public/api.html Normal file
View file

@ -0,0 +1,542 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" href="/css/main.css">
<link rel="stylesheet" href="/css/header.css">
<link rel="stylesheet" href="/css/console.css">
<link rel="stylesheet" href="/css/api.css">
<title>XSSBook - API Documentation</title>
</head>
<body>
<div id="header">
<span class="logo"><a href="/">xssbook</a></span>
<span class="gtext desc" style="margin-left: 6em; font-size: 2em; color: #606770">API Documentation</span>
</div>
<div id="docs">
<div>
<div class="endpoint">
<span class="method post">POST</span>
<span class="uri">/api/auth/register</span>
<span class="desc">Registeres a new account</span>
</div>
<div class="info">
<h2>Body</h2>
<div class="body">
<span>{</span><br>
<span class="key">"firstname"</span> : <span class="string">"[Object"</span><br>
<span class="key">"lastname"</span> : <span class="string">"object]"</span><br>
<span class="key">"email"</span> : <span class="string">"object@object.object"</span><br>
<span class="key">"password"</span> : <span class="string">"i love js"</span><br>
<span class="key">"gender"</span> : <span class="string">"lettuce"</span><br>
<span class="key">"day"</span> : <span class="number">1</span><br>
<span class="key">"month"</span> : <span class="number">1</span><br>
<span class="key">"year"</span> : <span class="number">1970</span><br>
<span>}</span><br>
</div>
<h2>Responses</h2>
<div>
<span class="ptype">201</span>
<span class="pdesc">Successfully created new user, auth cookie is returned</span>
</div>
<div>
<span class="ptype">400</span>
<span class="pdesc">Body does not match paramaters</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method post">POST</span>
<span class="uri">/api/auth/login</span>
<span class="desc">Logs into an existing account</span>
</div>
<div class="info">
<h2>Body</h2>
<div class="body">
<span>{</span><br>
<span class="key">"email"</span> : <span class="string">"object@object.object"</span><br>
<span class="key">"password"</span> : <span class="string">"i love js"</span><br>
<span>}</span><br>
</div>
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Successfully logged in, auth cookie is returned</span>
</div>
<div>
<span class="ptype">400</span>
<span class="pdesc">Body does not match paramaters, or email/password is already in use</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method post">POST</span>
<span class="uri">/api/auth/logout</span>
<span class="desc">Logs out of an logged in account</span>
<span class="auth"><span>auth</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Successfully logged out</span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">Failed to log out user</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method post">POST</span>
<span class="uri">/api/posts/create</span>
<span class="desc">Creates a new post</span>
<span class="auth"><span>auth</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Body</h2>
<div class="body">
<span>{</span><br>
<span class="key">"content"</span> : <span class="string">"Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua."</span><br>
<span>}</span><br>
</div>
<h2>Responses</h2>
<div>
<span class="ptype">201</span>
<span class="pdesc">Successfully created post</span>
</div>
<div>
<span class="ptype">400</span>
<span class="pdesc">Body does not match paramaters</span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">Failed to create post</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method post">POST</span>
<span class="uri">/api/posts/page</span>
<span class="desc">Load a section of posts from newest to oldest</span>
<span class="auth"><span>auth</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Body</h2>
<div class="body">
<span>{</span><br>
<span class="key">"page"</span> : <span class="number">0</span><br>
<span>}</span><br>
</div>
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Returns posts in <span>application/json</span></span>
</div>
<div>
<span class="ptype">400</span>
<span class="pdesc">Body does not match paramaters</span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">Failed to fetch posts</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method post">POST</span>
<span class="uri">/api/posts/user</span>
<span class="desc">Load a section of posts from newest to oldest from a specific user</span>
<span class="auth"><span>auth</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Body</h2>
<div class="body">
<span>{</span><br>
<span class="key">"user_id"</span> : <span class="number">3</span><br>
<span class="key">"page"</span> : <span class="number">0</span><br>
<span>}</span><br>
</div>
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Returns posts in <span>application/json</span></span>
</div>
<div>
<span class="ptype">400</span>
<span class="pdesc">Body does not match paramaters</span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">Failed to fetch posts</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method patch">PATCH</span>
<span class="uri">/api/posts/comment</span>
<span class="desc">Adds a comment to a post</span>
<span class="auth"><span>auth</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Body</h2>
<div class="body">
<span>{</span><br>
<span class="key">"content"</span> : <span class="string">"This is a very good post"</span><br>
<span class="key">"post_id"</span> : <span class="number">0</span><br>
<span>}</span><br>
</div>
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Successfully added comment</span>
</div>
<div>
<span class="ptype">400</span>
<span class="pdesc">Body does not match paramaters</span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">Failed to add comment</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method patch">PATCH</span>
<span class="uri">/api/posts/like</span>
<span class="desc">Set like status on a post</span>
<span class="auth"><span>auth</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Body</h2>
<div class="body">
<span>{</span><br>
<span class="key">"state"</span> : <span class="bool">true</span><br>
<span class="key">"post_id"</span> : <span class="number">0</span><br>
<span>}</span><br>
</div>
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Successfully set like status</span>
</div>
<div>
<span class="ptype">400</span>
<span class="pdesc">Body does not match paramaters</span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">Failed to set like status</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method post">POST</span>
<span class="uri">/api/users/load</span>
<span class="desc">Load a requested set of users</span>
<span class="auth"><span>auth</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Body</h2>
<div class="body">
<span>{</span><br>
<span class="key">"ids"</span> : [<span class="number">0</span>,<span class="number">3</span>,<span class="number">7</span>]<br>
<span>}</span><br>
</div>
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Returns users in <span>application/json</span></span>
</div>
<div>
<span class="ptype">400</span>
<span class="pdesc">Body does not match paramaters</span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">Failed to fetch users</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method post">POST</span>
<span class="uri">/api/users/page</span>
<span class="desc">Load a section of users from newest to oldest</span>
<span class="auth"><span>auth</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Body</h2>
<div class="body">
<span>{</span><br>
<span class="key">"page"</span> : <span class="number">0</span><br>
<span>}</span><br>
</div>
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Returns users in <span>application/json</span></span>
</div>
<div>
<span class="ptype">400</span>
<span class="pdesc">Body does not match paramaters</span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">Failed to fetch users</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method post">POST</span>
<span class="uri">/api/users/self</span>
<span class="desc">Returns current authenticated user (whoami)</span>
<span class="auth"><span>auth</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Returns authed user in <span>application/json</span></span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">Failed to fetch user</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method put">PUT</span>
<span class="uri">/api/users/avatar</span>
<span class="desc">Set your current profile avatar</span>
<span class="auth"><span>auth</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Body</h2>
<div class="body">
PNG sent as a binary blob
</div>
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Successfully updated avatar</span>
</div>
<div>
<span class="ptype">400</span>
<span class="pdesc">Invalid PNG or disallowed size</span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">Failed to update avatar</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method put">PUT</span>
<span class="uri">/api/users/banner</span>
<span class="desc">Set your current profile banner</span>
<span class="auth"><span>auth</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Body</h2>
<div class="body">
PNG sent as a binary blob
</div>
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Successfully updated banner</span>
</div>
<div>
<span class="ptype">400</span>
<span class="pdesc">Invalid PNG or disallowed size</span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">Failed to update banner</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method post">POST</span>
<span class="uri">/api/admin/auth</span>
<span class="desc">Authenticates on the admin panel</span>
</div>
<div class="info">
<h2>Body</h2>
<div class="body">
<span>{</span><br>
<span class="key">"secret"</span> : <span class="string">"admin"</span><br>
<span>}</span><br>
</div>
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Successfully authed, admin cookie returned</span>
</div>
<div>
<span class="ptype">400</span>
<span class="pdesc">Body does match parameters, or invalid admin scret</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method post">POST</span>
<span class="uri">/api/admin/query</span>
<span class="desc">Run a SQL query on the database</span>
<span class="auth"><span>admin</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Body</h2>
<div class="body">
<span>{</span><br>
<span class="key">"query"</span> : <span class="string">"DROP TABLE users;"</span><br>
<span>}</span><br>
</div>
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Successfully ran SQL query</span>
</div>
<div>
<span class="ptype">400</span>
<span class="pdesc">Body does match parameters</span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">SQL query error</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method post">POST</span>
<span class="uri">/api/admin/posts</span>
<span class="desc">Returns the entire posts table</span>
<span class="auth"><span>admin</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Returns sql table in <span>text/html</span></span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">Failed to fetch data</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method post">POST</span>
<span class="uri">/api/admin/users</span>
<span class="desc">Returns the entire users table</span>
<span class="auth"><span>admin</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Returns sql table in <span>text/html</span></span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">Failed to fetch data</span>
</div>
</div>
</div>
<div>
<div class="endpoint">
<span class="method post">POST</span>
<span class="uri">/api/admin/sessions</span>
<span class="desc">Returns the entire posts sessions</span>
<span class="auth"><span>admin</span> cookie is required for authentication</span>
</div>
<div class="info">
<h2>Responses</h2>
<div>
<span class="ptype">200</span>
<span class="pdesc">Returns sql table in <span>text/html</span></span>
</div>
<div>
<span class="ptype">401</span>
<span class="pdesc">Unauthorized</span>
</div>
<div>
<span class="ptype">500</span>
<span class="pdesc">Failed to fetch data</span>
</div>
</div>
</div>
</div>
</body>

128
public/css/api.css Normal file
View file

@ -0,0 +1,128 @@
body {
margin: 0;
padding: 0;
background-color: #181818;
overflow-x: hidden;
font-family: sfpro;
}
#docs {
margin-top: 5.5em;
width: 100%;
display: flex;
flex-direction: column;
align-items: center;
}
#docs>div {
display: block;
max-width: 100%;
width: 100em;
background-color: #242424;
border-radius: .5em;
padding: 1em;
box-shadow: 0 2px 4px rgba(0, 0, 0, .05), 0 8px 16px rgba(0, 0, 0, .05);
margin-bottom: 2em;
}
.endpoint {
width: 100%;
height: 3em;
display: flex;
align-items: center;
flex-direction: row;
}
.method {
font-family: sfprobold;
font-size: 1em;
color: #e2ded6;
display: flex;
justify-content: center;
align-items: center;
border-radius: 3px;
width: 5em;
height: 2em;
margin-left: .5em;
}
.uri {
margin-left: 1em;
font-size: 1.25em;
display: inline-block;
font-family: sfprobold;
}
.auth {
flex: 1;
text-align: right;
padding-right: 20px;
font-size: 1.25em;
}
.desc {
margin-left: 2em;
}
.info {
width: 100%;
font-family: sfpro;
display: flex;
flex-direction: column;
}
h2 {
border-bottom: 1px solid #e2ded6;
margin-top: 0;
padding: 10px;
font-size: 20px;
}
.info div {
width: calc(100% - 4em);
margin-left: 2em;
padding-bottom: .5em;
}
.ptype {
font-size: 1.25em;
width: 20em;
display: inline-block;
}
.auth span, .ptype span, .pdesc span {
color: orange;
}
.bigger {
width: 100%;
margin-left: 2em;
}
.pdesc {
font-size: 1em;
display: inline-block;
}
.body {
padding: 20px !important;
width: calc(100% - 4em - 40px) !important;
display: block;
background-color: #181818;
}
.post {
background-color: #853fe0ff;
}
.patch {
background-color: #e0773f;
}
.put {
background-color: #bfa354;
}
.key {
margin-left: 40px;
}

View file

@ -119,7 +119,7 @@ async fn comment(
Json(body): Json<PostCommentRequest>, Json(body): Json<PostCommentRequest>,
) -> Response { ) -> Response {
let Ok(mut post) = Post::from_post_id(body.post_id) else { let Ok(mut post) = Post::from_post_id(body.post_id) else {
return ResponseCode::InternalServerError.text("Failed to fetch posts") return ResponseCode::InternalServerError.text("Failed to add comment")
}; };
if let Err(err) = post.comment(user.user_id, body.content) { if let Err(err) = post.comment(user.user_id, body.content) {

View file

@ -48,6 +48,10 @@ async fn admin() -> Response {
super::serve("/admin.html").await super::serve("/admin.html").await
} }
async fn api() -> Response {
super::serve("/api.html").await
}
async fn wordpress(_: Log) -> Response { async fn wordpress(_: Log) -> Response {
ResponseCode::ImATeapot.text("Hello i am a teapot owo") ResponseCode::ImATeapot.text("Hello i am a teapot owo")
} }
@ -62,4 +66,5 @@ pub fn router() -> Router {
.route("/console", get(console)) .route("/console", get(console))
.route("/wp-admin", get(wordpress)) .route("/wp-admin", get(wordpress))
.route("/admin", get(admin)) .route("/admin", get(admin))
.route("/docs", get(api))
} }