summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTyler Murphy <tylermurphy534@gmail.com>2023-02-02 16:15:19 -0500
committerTyler Murphy <tylermurphy534@gmail.com>2023-02-02 16:15:19 -0500
commitecb815043a2dc4cb453f620eb30598223de74d9a (patch)
tree50a5bccc85056389fca1f8df79ab151e0259bc77
parentdont show load posts button if no posts (diff)
downloadxssbook-ecb815043a2dc4cb453f620eb30598223de74d9a.tar.gz
xssbook-ecb815043a2dc4cb453f620eb30598223de74d9a.tar.bz2
xssbook-ecb815043a2dc4cb453f620eb30598223de74d9a.zip
api docs
Diffstat
-rw-r--r--public/api.html542
-rw-r--r--public/css/api.css128
-rw-r--r--src/api/posts.rs2
-rw-r--r--src/public/pages.rs5
4 files changed, 676 insertions, 1 deletions
diff --git a/public/api.html b/public/api.html
new file mode 100644
index 0000000..6e6086a
--- /dev/null
+++ b/public/api.html
@@ -0,0 +1,542 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <link rel="stylesheet" href="/css/main.css">
+ <link rel="stylesheet" href="/css/header.css">
+ <link rel="stylesheet" href="/css/console.css">
+ <link rel="stylesheet" href="/css/api.css">
+ <title>XSSBook - API Documentation</title>
+</head>
+<body>
+ <div id="header">
+ <span class="logo"><a href="/">xssbook</a></span>
+ <span class="gtext desc" style="margin-left: 6em; font-size: 2em; color: #606770">API Documentation</span>
+ </div>
+ <div id="docs">
+ <div>
+ <div class="endpoint">
+ <span class="method post">POST</span>
+ <span class="uri">/api/auth/register</span>
+ <span class="desc">Registeres a new account</span>
+ </div>
+ <div class="info">
+ <h2>Body</h2>
+ <div class="body">
+ <span>{</span><br>
+ <span class="key">"firstname"</span> : <span class="string">"[Object"</span><br>
+ <span class="key">"lastname"</span> : <span class="string">"object]"</span><br>
+ <span class="key">"email"</span> : <span class="string">"object@object.object"</span><br>
+ <span class="key">"password"</span> : <span class="string">"i love js"</span><br>
+ <span class="key">"gender"</span> : <span class="string">"lettuce"</span><br>
+ <span class="key">"day"</span> : <span class="number">1</span><br>
+ <span class="key">"month"</span> : <span class="number">1</span><br>
+ <span class="key">"year"</span> : <span class="number">1970</span><br>
+ <span>}</span><br>
+ </div>
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">201</span>
+ <span class="pdesc">Successfully created new user, auth cookie is returned</span>
+ </div>
+ <div>
+ <span class="ptype">400</span>
+ <span class="pdesc">Body does not match paramaters</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method post">POST</span>
+ <span class="uri">/api/auth/login</span>
+ <span class="desc">Logs into an existing account</span>
+ </div>
+ <div class="info">
+ <h2>Body</h2>
+ <div class="body">
+ <span>{</span><br>
+ <span class="key">"email"</span> : <span class="string">"object@object.object"</span><br>
+ <span class="key">"password"</span> : <span class="string">"i love js"</span><br>
+ <span>}</span><br>
+ </div>
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Successfully logged in, auth cookie is returned</span>
+ </div>
+ <div>
+ <span class="ptype">400</span>
+ <span class="pdesc">Body does not match paramaters, or email/password is already in use</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method post">POST</span>
+ <span class="uri">/api/auth/logout</span>
+ <span class="desc">Logs out of an logged in account</span>
+ <span class="auth"><span>auth</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Successfully logged out</span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">Failed to log out user</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method post">POST</span>
+ <span class="uri">/api/posts/create</span>
+ <span class="desc">Creates a new post</span>
+ <span class="auth"><span>auth</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Body</h2>
+ <div class="body">
+ <span>{</span><br>
+ <span class="key">"content"</span> : <span class="string">"Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua."</span><br>
+ <span>}</span><br>
+ </div>
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">201</span>
+ <span class="pdesc">Successfully created post</span>
+ </div>
+ <div>
+ <span class="ptype">400</span>
+ <span class="pdesc">Body does not match paramaters</span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">Failed to create post</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method post">POST</span>
+ <span class="uri">/api/posts/page</span>
+ <span class="desc">Load a section of posts from newest to oldest</span>
+ <span class="auth"><span>auth</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Body</h2>
+ <div class="body">
+ <span>{</span><br>
+ <span class="key">"page"</span> : <span class="number">0</span><br>
+ <span>}</span><br>
+ </div>
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Returns posts in <span>application/json</span></span>
+ </div>
+ <div>
+ <span class="ptype">400</span>
+ <span class="pdesc">Body does not match paramaters</span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">Failed to fetch posts</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method post">POST</span>
+ <span class="uri">/api/posts/user</span>
+ <span class="desc">Load a section of posts from newest to oldest from a specific user</span>
+ <span class="auth"><span>auth</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Body</h2>
+ <div class="body">
+ <span>{</span><br>
+ <span class="key">"user_id"</span> : <span class="number">3</span><br>
+ <span class="key">"page"</span> : <span class="number">0</span><br>
+ <span>}</span><br>
+ </div>
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Returns posts in <span>application/json</span></span>
+ </div>
+ <div>
+ <span class="ptype">400</span>
+ <span class="pdesc">Body does not match paramaters</span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">Failed to fetch posts</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method patch">PATCH</span>
+ <span class="uri">/api/posts/comment</span>
+ <span class="desc">Adds a comment to a post</span>
+ <span class="auth"><span>auth</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Body</h2>
+ <div class="body">
+ <span>{</span><br>
+ <span class="key">"content"</span> : <span class="string">"This is a very good post"</span><br>
+ <span class="key">"post_id"</span> : <span class="number">0</span><br>
+ <span>}</span><br>
+ </div>
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Successfully added comment</span>
+ </div>
+ <div>
+ <span class="ptype">400</span>
+ <span class="pdesc">Body does not match paramaters</span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">Failed to add comment</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method patch">PATCH</span>
+ <span class="uri">/api/posts/like</span>
+ <span class="desc">Set like status on a post</span>
+ <span class="auth"><span>auth</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Body</h2>
+ <div class="body">
+ <span>{</span><br>
+ <span class="key">"state"</span> : <span class="bool">true</span><br>
+ <span class="key">"post_id"</span> : <span class="number">0</span><br>
+ <span>}</span><br>
+ </div>
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Successfully set like status</span>
+ </div>
+ <div>
+ <span class="ptype">400</span>
+ <span class="pdesc">Body does not match paramaters</span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">Failed to set like status</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method post">POST</span>
+ <span class="uri">/api/users/load</span>
+ <span class="desc">Load a requested set of users</span>
+ <span class="auth"><span>auth</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Body</h2>
+ <div class="body">
+ <span>{</span><br>
+ <span class="key">"ids"</span> : [<span class="number">0</span>,<span class="number">3</span>,<span class="number">7</span>]<br>
+ <span>}</span><br>
+ </div>
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Returns users in <span>application/json</span></span>
+ </div>
+ <div>
+ <span class="ptype">400</span>
+ <span class="pdesc">Body does not match paramaters</span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">Failed to fetch users</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method post">POST</span>
+ <span class="uri">/api/users/page</span>
+ <span class="desc">Load a section of users from newest to oldest</span>
+ <span class="auth"><span>auth</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Body</h2>
+ <div class="body">
+ <span>{</span><br>
+ <span class="key">"page"</span> : <span class="number">0</span><br>
+ <span>}</span><br>
+ </div>
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Returns users in <span>application/json</span></span>
+ </div>
+ <div>
+ <span class="ptype">400</span>
+ <span class="pdesc">Body does not match paramaters</span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">Failed to fetch users</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method post">POST</span>
+ <span class="uri">/api/users/self</span>
+ <span class="desc">Returns current authenticated user (whoami)</span>
+ <span class="auth"><span>auth</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Returns authed user in <span>application/json</span></span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">Failed to fetch user</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method put">PUT</span>
+ <span class="uri">/api/users/avatar</span>
+ <span class="desc">Set your current profile avatar</span>
+ <span class="auth"><span>auth</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Body</h2>
+ <div class="body">
+ PNG sent as a binary blob
+ </div>
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Successfully updated avatar</span>
+ </div>
+ <div>
+ <span class="ptype">400</span>
+ <span class="pdesc">Invalid PNG or disallowed size</span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">Failed to update avatar</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method put">PUT</span>
+ <span class="uri">/api/users/banner</span>
+ <span class="desc">Set your current profile banner</span>
+ <span class="auth"><span>auth</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Body</h2>
+ <div class="body">
+ PNG sent as a binary blob
+ </div>
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Successfully updated banner</span>
+ </div>
+ <div>
+ <span class="ptype">400</span>
+ <span class="pdesc">Invalid PNG or disallowed size</span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">Failed to update banner</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method post">POST</span>
+ <span class="uri">/api/admin/auth</span>
+ <span class="desc">Authenticates on the admin panel</span>
+ </div>
+ <div class="info">
+ <h2>Body</h2>
+ <div class="body">
+ <span>{</span><br>
+ <span class="key">"secret"</span> : <span class="string">"admin"</span><br>
+ <span>}</span><br>
+ </div>
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Successfully authed, admin cookie returned</span>
+ </div>
+ <div>
+ <span class="ptype">400</span>
+ <span class="pdesc">Body does match parameters, or invalid admin scret</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method post">POST</span>
+ <span class="uri">/api/admin/query</span>
+ <span class="desc">Run a SQL query on the database</span>
+ <span class="auth"><span>admin</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Body</h2>
+ <div class="body">
+ <span>{</span><br>
+ <span class="key">"query"</span> : <span class="string">"DROP TABLE users;"</span><br>
+ <span>}</span><br>
+ </div>
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Successfully ran SQL query</span>
+ </div>
+ <div>
+ <span class="ptype">400</span>
+ <span class="pdesc">Body does match parameters</span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">SQL query error</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method post">POST</span>
+ <span class="uri">/api/admin/posts</span>
+ <span class="desc">Returns the entire posts table</span>
+ <span class="auth"><span>admin</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Returns sql table in <span>text/html</span></span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">Failed to fetch data</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method post">POST</span>
+ <span class="uri">/api/admin/users</span>
+ <span class="desc">Returns the entire users table</span>
+ <span class="auth"><span>admin</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Returns sql table in <span>text/html</span></span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">Failed to fetch data</span>
+ </div>
+ </div>
+ </div>
+ <div>
+ <div class="endpoint">
+ <span class="method post">POST</span>
+ <span class="uri">/api/admin/sessions</span>
+ <span class="desc">Returns the entire posts sessions</span>
+ <span class="auth"><span>admin</span> cookie is required for authentication</span>
+ </div>
+ <div class="info">
+ <h2>Responses</h2>
+ <div>
+ <span class="ptype">200</span>
+ <span class="pdesc">Returns sql table in <span>text/html</span></span>
+ </div>
+ <div>
+ <span class="ptype">401</span>
+ <span class="pdesc">Unauthorized</span>
+ </div>
+ <div>
+ <span class="ptype">500</span>
+ <span class="pdesc">Failed to fetch data</span>
+ </div>
+ </div>
+ </div>
+ </div>
+</body> \ No newline at end of file
diff --git a/public/css/api.css b/public/css/api.css
new file mode 100644
index 0000000..8358538
--- /dev/null
+++ b/public/css/api.css
@@ -0,0 +1,128 @@
+body {
+ margin: 0;
+ padding: 0;
+ background-color: #181818;
+ overflow-x: hidden;
+ font-family: sfpro;
+}
+
+#docs {
+ margin-top: 5.5em;
+ width: 100%;
+ display: flex;
+ flex-direction: column;
+ align-items: center;
+}
+
+#docs>div {
+ display: block;
+ max-width: 100%;
+ width: 100em;
+ background-color: #242424;
+ border-radius: .5em;
+ padding: 1em;
+ box-shadow: 0 2px 4px rgba(0, 0, 0, .05), 0 8px 16px rgba(0, 0, 0, .05);
+ margin-bottom: 2em;
+}
+
+.endpoint {
+ width: 100%;
+ height: 3em;
+ display: flex;
+ align-items: center;
+ flex-direction: row;
+}
+
+.method {
+ font-family: sfprobold;
+ font-size: 1em;
+ color: #e2ded6;
+ display: flex;
+ justify-content: center;
+ align-items: center;
+ border-radius: 3px;
+ width: 5em;
+ height: 2em;
+ margin-left: .5em;
+}
+
+.uri {
+ margin-left: 1em;
+ font-size: 1.25em;
+ display: inline-block;
+ font-family: sfprobold;
+}
+
+.auth {
+ flex: 1;
+ text-align: right;
+ padding-right: 20px;
+ font-size: 1.25em;
+}
+
+.desc {
+ margin-left: 2em;
+}
+
+.info {
+ width: 100%;
+ font-family: sfpro;
+ display: flex;
+ flex-direction: column;
+}
+
+h2 {
+ border-bottom: 1px solid #e2ded6;
+ margin-top: 0;
+ padding: 10px;
+ font-size: 20px;
+}
+
+.info div {
+ width: calc(100% - 4em);
+ margin-left: 2em;
+ padding-bottom: .5em;
+}
+
+.ptype {
+ font-size: 1.25em;
+ width: 20em;
+ display: inline-block;
+}
+
+.auth span, .ptype span, .pdesc span {
+ color: orange;
+}
+
+.bigger {
+ width: 100%;
+ margin-left: 2em;
+}
+
+.pdesc {
+ font-size: 1em;
+ display: inline-block;
+}
+
+.body {
+ padding: 20px !important;
+ width: calc(100% - 4em - 40px) !important;
+ display: block;
+ background-color: #181818;
+}
+
+.post {
+ background-color: #853fe0ff;
+}
+
+.patch {
+ background-color: #e0773f;
+}
+
+.put {
+ background-color: #bfa354;
+}
+
+.key {
+ margin-left: 40px;
+} \ No newline at end of file
diff --git a/src/api/posts.rs b/src/api/posts.rs
index d85fb98..6aa074f 100644
--- a/src/api/posts.rs
+++ b/src/api/posts.rs
@@ -119,7 +119,7 @@ async fn comment(
Json(body): Json<PostCommentRequest>,
) -> Response {
let Ok(mut post) = Post::from_post_id(body.post_id) else {
- return ResponseCode::InternalServerError.text("Failed to fetch posts")
+ return ResponseCode::InternalServerError.text("Failed to add comment")
};
if let Err(err) = post.comment(user.user_id, body.content) {
diff --git a/src/public/pages.rs b/src/public/pages.rs
index 1614d81..196a441 100644
--- a/src/public/pages.rs
+++ b/src/public/pages.rs
@@ -48,6 +48,10 @@ async fn admin() -> Response {
super::serve("/admin.html").await
}
+async fn api() -> Response {
+ super::serve("/api.html").await
+}
+
async fn wordpress(_: Log) -> Response {
ResponseCode::ImATeapot.text("Hello i am a teapot owo")
}
@@ -62,4 +66,5 @@ pub fn router() -> Router {
.route("/console", get(console))
.route("/wp-admin", get(wordpress))
.route("/admin", get(admin))
+ .route("/docs", get(api))
}
generated by cgit v1.2.3-freya (git 2.51.0) at 2025-09-21 22:53:07 +0000