From d1b1538f276b794ce120826715d8de7dc5411760 Mon Sep 17 00:00:00 2001
From: Jose Celano <josecelano@gmail.com>
Date: Mon, 29 Jul 2024 16:56:48 +0100
Subject: [PATCH] feat: [#974] new API endpoint to upload pre-existing keys

You can test it with:

```console
curl -X POST http://localhost:1212/api/v1/keys?token=MyAccessToken \
     -H "Content-Type: application/json" \
     -d '{
           "key": "Xc1L4PbQJSFGlrgSRZl8wxSFAuMa21z7",
           "seconds_valid": 7200
         }'
```

The `key` field is optional. If it's not provided a random key will be
generated.
---
 src/core/auth.rs                              |  2 +-
 src/core/mod.rs                               | 38 ++++++++++++--
 src/servers/apis/v1/context/auth_key/forms.rs |  8 +++
 .../apis/v1/context/auth_key/handlers.rs      | 51 ++++++++++++++++++-
 src/servers/apis/v1/context/auth_key/mod.rs   |  1 +
 .../apis/v1/context/auth_key/responses.rs     | 15 +++++-
 .../apis/v1/context/auth_key/routes.rs        |  8 ++-
 src/servers/apis/v1/responses.rs              |  3 +-
 8 files changed, 115 insertions(+), 11 deletions(-)
 create mode 100644 src/servers/apis/v1/context/auth_key/forms.rs

diff --git a/src/core/auth.rs b/src/core/auth.rs
index 94d455d7e..00ded71ef 100644
--- a/src/core/auth.rs
+++ b/src/core/auth.rs
@@ -152,7 +152,7 @@ pub struct Key(String);
 /// ```
 ///
 /// If the string does not contains a valid key, the parser function will return this error.
-#[derive(Debug, PartialEq, Eq)]
+#[derive(Debug, PartialEq, Eq, Display)]
 pub struct ParseKeyError;
 
 impl FromStr for Key {
diff --git a/src/core/mod.rs b/src/core/mod.rs
index 64d5e2c9a..1040ae555 100644
--- a/src/core/mod.rs
+++ b/src/core/mod.rs
@@ -453,6 +453,7 @@ use std::panic::Location;
 use std::sync::Arc;
 use std::time::Duration;
 
+use auth::ExpiringKey;
 use databases::driver::Driver;
 use derive_more::Constructor;
 use tokio::sync::mpsc::error::SendError;
@@ -460,9 +461,9 @@ use torrust_tracker_clock::clock::Time;
 use torrust_tracker_configuration::v2::database;
 use torrust_tracker_configuration::{AnnouncePolicy, Core, TORRENT_PEERS_LIMIT};
 use torrust_tracker_primitives::info_hash::InfoHash;
-use torrust_tracker_primitives::peer;
 use torrust_tracker_primitives::swarm_metadata::SwarmMetadata;
 use torrust_tracker_primitives::torrent_metrics::TorrentsMetrics;
+use torrust_tracker_primitives::{peer, DurationSinceUnixEpoch};
 use torrust_tracker_torrent_repository::entry::EntrySync;
 use torrust_tracker_torrent_repository::repository::Repository;
 use tracing::debug;
@@ -804,6 +805,37 @@ impl Tracker {
     /// Will return a `database::Error` if unable to add the `auth_key` to the database.
     pub async fn generate_auth_key(&self, lifetime: Duration) -> Result<auth::ExpiringKey, databases::error::Error> {
         let auth_key = auth::generate(lifetime);
+
+        self.database.add_key_to_keys(&auth_key)?;
+        self.keys.write().await.insert(auth_key.key.clone(), auth_key.clone());
+        Ok(auth_key)
+    }
+
+    /// It adds a pre-generated authentication key.
+    ///
+    /// Authentication keys are used by HTTP trackers.
+    ///
+    /// # Context: Authentication
+    ///
+    /// # Errors
+    ///
+    /// Will return a `database::Error` if unable to add the `auth_key` to the
+    /// database. For example, if the key already exist.
+    ///
+    /// # Arguments
+    ///
+    /// * `lifetime` - The duration in seconds for the new key. The key will be
+    ///   no longer valid after `lifetime` seconds.
+    pub async fn add_auth_key(
+        &self,
+        key: Key,
+        valid_until: DurationSinceUnixEpoch,
+    ) -> Result<auth::ExpiringKey, databases::error::Error> {
+        let auth_key = ExpiringKey { key, valid_until };
+
+        // code-review: should we return a friendly error instead of the DB 
+        // constrain error when the key already exist? For now, it's returning
+        // the specif error for each DB driver when a UNIQUE constrain fails.
         self.database.add_key_to_keys(&auth_key)?;
         self.keys.write().await.insert(auth_key.key.clone(), auth_key.clone());
         Ok(auth_key)
@@ -816,10 +848,6 @@ impl Tracker {
     /// # Errors
     ///
     /// Will return a `database::Error` if unable to remove the `key` to the database.
-    ///
-    /// # Panics
-    ///
-    /// Will panic if key cannot be converted into a valid `Key`.
     pub async fn remove_auth_key(&self, key: &Key) -> Result<(), databases::error::Error> {
         self.database.remove_key_from_keys(key)?;
         self.keys.write().await.remove(key);
diff --git a/src/servers/apis/v1/context/auth_key/forms.rs b/src/servers/apis/v1/context/auth_key/forms.rs
new file mode 100644
index 000000000..9c023ab72
--- /dev/null
+++ b/src/servers/apis/v1/context/auth_key/forms.rs
@@ -0,0 +1,8 @@
+use serde::{Deserialize, Serialize};
+
+#[derive(Serialize, Deserialize, Debug)]
+pub struct AddKeyForm {
+    #[serde(rename = "key")]
+    pub opt_key: Option<String>,
+    pub seconds_valid: u64,
+}
diff --git a/src/servers/apis/v1/context/auth_key/handlers.rs b/src/servers/apis/v1/context/auth_key/handlers.rs
index 792d9507e..d68fa0317 100644
--- a/src/servers/apis/v1/context/auth_key/handlers.rs
+++ b/src/servers/apis/v1/context/auth_key/handlers.rs
@@ -3,17 +3,66 @@ use std::str::FromStr;
 use std::sync::Arc;
 use std::time::Duration;
 
-use axum::extract::{Path, State};
+use axum::extract::{self, Path, State};
 use axum::response::Response;
 use serde::Deserialize;
+use torrust_tracker_clock::clock::Time;
 
+use super::forms::AddKeyForm;
 use super::responses::{
     auth_key_response, failed_to_delete_key_response, failed_to_generate_key_response, failed_to_reload_keys_response,
+    invalid_auth_key_duration_response, invalid_auth_key_response,
 };
 use crate::core::auth::Key;
 use crate::core::Tracker;
 use crate::servers::apis::v1::context::auth_key::resources::AuthKey;
 use crate::servers::apis::v1::responses::{invalid_auth_key_param_response, ok_response};
+use crate::CurrentClock;
+
+/// It handles the request to add a new authentication key.
+///
+/// It returns these types of responses:
+///
+/// - `200` with a json [`AuthKey`]
+///    resource. If the key was generated successfully.
+/// - `400` with an error if the key couldn't been added because of an invalid
+///    request.
+/// - `500` with serialized error in debug format. If the key couldn't be
+///    generated.
+///
+/// Refer to the [API endpoint documentation](crate::servers::apis::v1::context::auth_key#generate-a-new-authentication-key)
+/// for more information about this endpoint.
+pub async fn add_auth_key_handler(
+    State(tracker): State<Arc<Tracker>>,
+    extract::Json(add_key_form): extract::Json<AddKeyForm>,
+) -> Response {
+    match add_key_form.opt_key {
+        Some(pre_existing_key) => {
+            let Some(valid_until) = CurrentClock::now_add(&Duration::from_secs(add_key_form.seconds_valid)) else {
+                return invalid_auth_key_duration_response(add_key_form.seconds_valid);
+            };
+
+            let key = pre_existing_key.parse::<Key>();
+
+            match key {
+                Ok(key) => match tracker.add_auth_key(key, valid_until).await {
+                    Ok(auth_key) => auth_key_response(&AuthKey::from(auth_key)),
+                    Err(e) => failed_to_generate_key_response(e),
+                },
+                Err(e) => invalid_auth_key_response(&pre_existing_key, &e),
+            }
+        }
+        None => {
+            match tracker
+                .generate_auth_key(Duration::from_secs(add_key_form.seconds_valid))
+                .await
+            {
+                Ok(auth_key) => auth_key_response(&AuthKey::from(auth_key)),
+                Err(e) => failed_to_generate_key_response(e),
+            }
+        }
+    }
+}
 
 /// It handles the request to generate a new authentication key.
 ///
diff --git a/src/servers/apis/v1/context/auth_key/mod.rs b/src/servers/apis/v1/context/auth_key/mod.rs
index 330249b58..b00d7a2cb 100644
--- a/src/servers/apis/v1/context/auth_key/mod.rs
+++ b/src/servers/apis/v1/context/auth_key/mod.rs
@@ -119,6 +119,7 @@
 //!     "status": "ok"
 //! }
 //! ```
+pub mod forms;
 pub mod handlers;
 pub mod resources;
 pub mod responses;
diff --git a/src/servers/apis/v1/context/auth_key/responses.rs b/src/servers/apis/v1/context/auth_key/responses.rs
index 51be162c5..a29d2f885 100644
--- a/src/servers/apis/v1/context/auth_key/responses.rs
+++ b/src/servers/apis/v1/context/auth_key/responses.rs
@@ -4,8 +4,9 @@ use std::error::Error;
 use axum::http::{header, StatusCode};
 use axum::response::{IntoResponse, Response};
 
+use crate::core::auth::ParseKeyError;
 use crate::servers::apis::v1::context::auth_key::resources::AuthKey;
-use crate::servers::apis::v1::responses::unhandled_rejection_response;
+use crate::servers::apis::v1::responses::{bad_request_response, unhandled_rejection_response};
 
 /// `200` response that contains the `AuthKey` resource as json.
 ///
@@ -22,6 +23,8 @@ pub fn auth_key_response(auth_key: &AuthKey) -> Response {
         .into_response()
 }
 
+// Error responses
+
 /// `500` error response when a new authentication key cannot be generated.
 #[must_use]
 pub fn failed_to_generate_key_response<E: Error>(e: E) -> Response {
@@ -40,3 +43,13 @@ pub fn failed_to_delete_key_response<E: Error>(e: E) -> Response {
 pub fn failed_to_reload_keys_response<E: Error>(e: E) -> Response {
     unhandled_rejection_response(format!("failed to reload keys: {e}"))
 }
+
+#[must_use]
+pub fn invalid_auth_key_response(auth_key: &str, error: &ParseKeyError) -> Response {
+    bad_request_response(&format!("Invalid URL: invalid auth key: string \"{auth_key}\", {error}"))
+}
+
+#[must_use]
+pub fn invalid_auth_key_duration_response(duration: u64) -> Response {
+    bad_request_response(&format!("Invalid URL: invalid auth key duration: \"{duration}\""))
+}
diff --git a/src/servers/apis/v1/context/auth_key/routes.rs b/src/servers/apis/v1/context/auth_key/routes.rs
index 003ee5af4..9452f2c0f 100644
--- a/src/servers/apis/v1/context/auth_key/routes.rs
+++ b/src/servers/apis/v1/context/auth_key/routes.rs
@@ -11,7 +11,7 @@ use std::sync::Arc;
 use axum::routing::{get, post};
 use axum::Router;
 
-use super::handlers::{delete_auth_key_handler, generate_auth_key_handler, reload_keys_handler};
+use super::handlers::{add_auth_key_handler, delete_auth_key_handler, generate_auth_key_handler, reload_keys_handler};
 use crate::core::Tracker;
 
 /// It adds the routes to the router for the [`auth_key`](crate::servers::apis::v1::context::auth_key) API context.
@@ -30,5 +30,9 @@ pub fn add(prefix: &str, router: Router, tracker: Arc<Tracker>) -> Router {
                 .with_state(tracker.clone()),
         )
         // Keys command
-        .route(&format!("{prefix}/keys/reload"), get(reload_keys_handler).with_state(tracker))
+        .route(
+            &format!("{prefix}/keys/reload"),
+            get(reload_keys_handler).with_state(tracker.clone()),
+        )
+        .route(&format!("{prefix}/keys"), post(add_auth_key_handler).with_state(tracker))
 }
diff --git a/src/servers/apis/v1/responses.rs b/src/servers/apis/v1/responses.rs
index ecaf90098..d2c52ac40 100644
--- a/src/servers/apis/v1/responses.rs
+++ b/src/servers/apis/v1/responses.rs
@@ -61,7 +61,8 @@ pub fn invalid_auth_key_param_response(invalid_key: &str) -> Response {
     bad_request_response(&format!("Invalid auth key id param \"{invalid_key}\""))
 }
 
-fn bad_request_response(body: &str) -> Response {
+#[must_use]
+pub fn bad_request_response(body: &str) -> Response {
     (
         StatusCode::BAD_REQUEST,
         [(header::CONTENT_TYPE, "text/plain; charset=utf-8")],