2025-09-14 16:19:44 -04:00
|
|
|
use axum::{
|
|
|
|
|
extract::{Path, State},
|
|
|
|
|
response::IntoResponse,
|
|
|
|
|
};
|
2025-10-25 05:32:22 +00:00
|
|
|
use interim_pgtypes::escape_identifier;
|
2025-09-14 16:19:44 -04:00
|
|
|
use serde::Deserialize;
|
|
|
|
|
use sqlx::query;
|
|
|
|
|
use uuid::Uuid;
|
|
|
|
|
|
|
|
|
|
use crate::{
|
2025-09-23 13:08:51 -07:00
|
|
|
app::AppDbConn,
|
2025-10-22 00:43:53 -07:00
|
|
|
errors::AppError,
|
2025-09-14 16:19:44 -04:00
|
|
|
navigator::Navigator,
|
|
|
|
|
settings::Settings,
|
|
|
|
|
user::CurrentUser,
|
2025-09-23 13:08:51 -07:00
|
|
|
workspace_pooler::{RoleAssignment, WorkspacePooler},
|
2025-10-25 05:32:22 +00:00
|
|
|
workspace_utils::{
|
|
|
|
|
TABLE_OWNER_ROLE_PREFIX, TABLE_READER_ROLE_PREFIX, TABLE_WRITER_ROLE_PREFIX,
|
|
|
|
|
},
|
2025-09-14 16:19:44 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#[derive(Debug, Deserialize)]
|
|
|
|
|
pub(super) struct PathParams {
|
|
|
|
|
workspace_id: Uuid,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// HTTP POST handler for creating a managed Postgres table within a workspace
|
|
|
|
|
/// database. Upon success, it redirects the client back to the workspace
|
|
|
|
|
/// homepage, which is expected to display a list of available tables including
|
|
|
|
|
/// the newly created one.
|
|
|
|
|
///
|
|
|
|
|
/// This handler expects 1 path parameter named `workspace_id` which should
|
|
|
|
|
/// deserialize to a UUID.
|
|
|
|
|
pub(super) async fn post(
|
|
|
|
|
State(settings): State<Settings>,
|
|
|
|
|
State(mut pooler): State<WorkspacePooler>,
|
|
|
|
|
CurrentUser(user): CurrentUser,
|
|
|
|
|
navigator: Navigator,
|
|
|
|
|
AppDbConn(mut app_db): AppDbConn,
|
|
|
|
|
Path(PathParams { workspace_id }): Path<PathParams>,
|
|
|
|
|
) -> Result<impl IntoResponse, AppError> {
|
2025-10-22 00:43:53 -07:00
|
|
|
// FIXME: CSRF, Check workspace authorization.
|
2025-09-14 16:19:44 -04:00
|
|
|
|
2025-10-22 00:43:53 -07:00
|
|
|
const NAME_LEN_WORDS: usize = 3;
|
|
|
|
|
let table_name = interim_namegen::default_generator()
|
|
|
|
|
.with_separator('_')
|
|
|
|
|
.generate_name(NAME_LEN_WORDS);
|
|
|
|
|
|
|
|
|
|
let mut root_client = pooler
|
2025-09-14 16:19:44 -04:00
|
|
|
// FIXME: Should this be scoped down to the unprivileged role after
|
|
|
|
|
// setting up the table owner?
|
|
|
|
|
.acquire_for(workspace_id, RoleAssignment::Root)
|
|
|
|
|
.await?;
|
|
|
|
|
|
2025-10-22 00:43:53 -07:00
|
|
|
let user_rolname = format!(
|
|
|
|
|
"{prefix}{user_id}",
|
|
|
|
|
prefix = settings.db_role_prefix,
|
|
|
|
|
user_id = user.id.simple()
|
|
|
|
|
);
|
|
|
|
|
let rolname_uuid = Uuid::new_v4().simple();
|
2025-10-25 05:32:22 +00:00
|
|
|
let rolname_table_owner = format!("{TABLE_OWNER_ROLE_PREFIX}{rolname_uuid}");
|
|
|
|
|
let rolname_table_reader = format!("{TABLE_READER_ROLE_PREFIX}{rolname_uuid}");
|
|
|
|
|
let rolname_table_writer = format!("{TABLE_WRITER_ROLE_PREFIX}{rolname_uuid}");
|
|
|
|
|
for rolname in [
|
|
|
|
|
&rolname_table_owner,
|
|
|
|
|
&rolname_table_reader,
|
|
|
|
|
&rolname_table_writer,
|
|
|
|
|
] {
|
2025-10-22 00:43:53 -07:00
|
|
|
query(&format!("create role {0}", escape_identifier(rolname)))
|
|
|
|
|
.execute(root_client.get_conn())
|
|
|
|
|
.await?;
|
|
|
|
|
query(&format!(
|
|
|
|
|
"grant {0} to {1} with admin option",
|
|
|
|
|
escape_identifier(rolname),
|
|
|
|
|
escape_identifier(&user_rolname)
|
2025-09-14 16:19:44 -04:00
|
|
|
))
|
2025-10-22 00:43:53 -07:00
|
|
|
.execute(root_client.get_conn())
|
|
|
|
|
.await?;
|
|
|
|
|
}
|
2025-10-25 05:32:22 +00:00
|
|
|
|
2025-09-14 16:19:44 -04:00
|
|
|
query(&format!(
|
|
|
|
|
r#"
|
|
|
|
|
create table {0}.{1} (
|
|
|
|
|
_id uuid primary key not null default uuidv7(),
|
2025-10-01 22:36:19 -07:00
|
|
|
_created_by text default current_user,
|
2025-10-22 00:43:53 -07:00
|
|
|
_created_at timestamptz not null default now()
|
2025-09-14 16:19:44 -04:00
|
|
|
)
|
|
|
|
|
"#,
|
|
|
|
|
escape_identifier(&settings.phono_table_namespace),
|
2025-10-22 00:43:53 -07:00
|
|
|
escape_identifier(&table_name),
|
2025-09-14 16:19:44 -04:00
|
|
|
))
|
2025-10-22 00:43:53 -07:00
|
|
|
.execute(root_client.get_conn())
|
2025-09-14 16:19:44 -04:00
|
|
|
.await?;
|
2025-10-25 05:32:22 +00:00
|
|
|
query(&format!(
|
|
|
|
|
"alter table {nsp}.{ident} owner to {owner}",
|
|
|
|
|
nsp = escape_identifier(&settings.phono_table_namespace),
|
|
|
|
|
ident = escape_identifier(&table_name),
|
|
|
|
|
owner = escape_identifier(&rolname_table_owner),
|
|
|
|
|
))
|
|
|
|
|
.execute(root_client.get_conn())
|
|
|
|
|
.await?;
|
2025-09-14 16:19:44 -04:00
|
|
|
query(&format!(
|
2025-10-22 00:43:53 -07:00
|
|
|
"grant select on {0}.{1} to {2}",
|
2025-09-14 16:19:44 -04:00
|
|
|
escape_identifier(&settings.phono_table_namespace),
|
2025-10-22 00:43:53 -07:00
|
|
|
escape_identifier(&table_name),
|
|
|
|
|
escape_identifier(&rolname_table_reader),
|
2025-09-14 16:19:44 -04:00
|
|
|
))
|
2025-10-22 00:43:53 -07:00
|
|
|
.execute(root_client.get_conn())
|
2025-09-14 16:19:44 -04:00
|
|
|
.await?;
|
2025-10-25 05:32:22 +00:00
|
|
|
query(&format!(
|
|
|
|
|
"grant delete, truncate on {0}.{1} to {2}",
|
|
|
|
|
escape_identifier(&settings.phono_table_namespace),
|
|
|
|
|
escape_identifier(&table_name),
|
|
|
|
|
escape_identifier(&rolname_table_writer),
|
|
|
|
|
))
|
|
|
|
|
.execute(root_client.get_conn())
|
|
|
|
|
.await?;
|
2025-09-14 16:19:44 -04:00
|
|
|
|
|
|
|
|
Ok(navigator.workspace_page(workspace_id).redirect_to())
|
|
|
|
|
}
|
