add app CRUD and public store API endpoints

2026-01-18 21:05:41 +01:00
parent 8601bb5ba3
commit 1bc112047d
4 changed files with 1158 additions and 14 deletions
--- a/portal/internal/api/handlers/apps.go
+++ b/portal/internal/api/handlers/apps.go
@@ -0,0 +1,511 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/omixlab/mosis-portal/internal/api/middleware"
+	"github.com/omixlab/mosis-portal/internal/database"
+)
+
+// AppHandler handles app-related endpoints
+type AppHandler struct {
+	db *database.DB
+}
+
+// NewAppHandler creates a new app handler
+func NewAppHandler(db *database.DB) *AppHandler {
+	return &AppHandler{db: db}
+}
+
+// CreateAppRequest is the request body for creating an app
+type CreateAppRequest struct {
+	PackageID   string `json:"package_id" validate:"required,package_id"`
+	Name        string `json:"name" validate:"required,min=1,max=50"`
+	Description string `json:"description,omitempty" validate:"max=500"`
+	Category    string `json:"category,omitempty" validate:"max=50"`
+}
+
+// UpdateAppRequest is the request body for updating an app
+type UpdateAppRequest struct {
+	Name        *string  `json:"name,omitempty" validate:"omitempty,min=1,max=50"`
+	Description *string  `json:"description,omitempty" validate:"omitempty,max=500"`
+	Category    *string  `json:"category,omitempty" validate:"omitempty,max=50"`
+	Tags        []string `json:"tags,omitempty" validate:"omitempty,max=10,dive,max=30"`
+}
+
+// List lists the developer's apps
+func (h *AppHandler) List(w http.ResponseWriter, r *http.Request) {
+	developerID := middleware.GetDeveloperID(r.Context())
+	if developerID == "" {
+		Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	// Parse query parameters
+	status := r.URL.Query().Get("status")
+	page, _ := strconv.Atoi(r.URL.Query().Get("page"))
+	limit, _ := strconv.Atoi(r.URL.Query().Get("limit"))
+
+	if page < 1 {
+		page = 1
+	}
+	if limit < 1 || limit > 100 {
+		limit = 20
+	}
+
+	apps, total, err := h.db.ListApps(r.Context(), developerID, status, page, limit)
+	if err != nil {
+		Error(w, "failed to list apps: "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	JSON(w, http.StatusOK, map[string]interface{}{
+		"apps":  apps,
+		"total": total,
+		"pagination": map[string]interface{}{
+			"page":        page,
+			"limit":       limit,
+			"total":       total,
+			"total_pages": (total + limit - 1) / limit,
+		},
+	})
+}
+
+// Create creates a new app
+func (h *AppHandler) Create(w http.ResponseWriter, r *http.Request) {
+	developerID := middleware.GetDeveloperID(r.Context())
+	if developerID == "" {
+		Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	var req CreateAppRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		Error(w, "invalid request body", http.StatusBadRequest)
+		return
+	}
+
+	// Validate package ID format
+	if !isValidPackageID(req.PackageID) {
+		Error(w, "invalid package_id format (must be like com.example.app)", http.StatusBadRequest)
+		return
+	}
+
+	// Check if package_id already exists
+	existing, _ := h.db.GetAppByPackageID(r.Context(), req.PackageID)
+	if existing != nil {
+		Error(w, "package_id already exists", http.StatusConflict)
+		return
+	}
+
+	app, err := h.db.CreateApp(r.Context(), &database.App{
+		DeveloperID: developerID,
+		PackageID:   req.PackageID,
+		Name:        req.Name,
+		Description: req.Description,
+		Category:    req.Category,
+		Status:      "draft",
+	})
+	if err != nil {
+		Error(w, "failed to create app: "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	JSON(w, http.StatusCreated, app)
+}
+
+// Get retrieves a specific app
+func (h *AppHandler) Get(w http.ResponseWriter, r *http.Request) {
+	developerID := middleware.GetDeveloperID(r.Context())
+	if developerID == "" {
+		Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	appID := chi.URLParam(r, "appID")
+	app, err := h.db.GetApp(r.Context(), appID)
+	if err != nil {
+		Error(w, "app not found", http.StatusNotFound)
+		return
+	}
+
+	// Verify ownership
+	if app.DeveloperID != developerID {
+		Error(w, "forbidden", http.StatusForbidden)
+		return
+	}
+
+	JSON(w, http.StatusOK, app)
+}
+
+// Update updates an app
+func (h *AppHandler) Update(w http.ResponseWriter, r *http.Request) {
+	developerID := middleware.GetDeveloperID(r.Context())
+	if developerID == "" {
+		Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	appID := chi.URLParam(r, "appID")
+	app, err := h.db.GetApp(r.Context(), appID)
+	if err != nil {
+		Error(w, "app not found", http.StatusNotFound)
+		return
+	}
+
+	// Verify ownership
+	if app.DeveloperID != developerID {
+		Error(w, "forbidden", http.StatusForbidden)
+		return
+	}
+
+	var req UpdateAppRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		Error(w, "invalid request body", http.StatusBadRequest)
+		return
+	}
+
+	// Apply updates
+	if req.Name != nil {
+		app.Name = *req.Name
+	}
+	if req.Description != nil {
+		app.Description = *req.Description
+	}
+	if req.Category != nil {
+		app.Category = *req.Category
+	}
+	if req.Tags != nil {
+		app.Tags = req.Tags
+	}
+
+	if err := h.db.UpdateApp(r.Context(), app); err != nil {
+		Error(w, "failed to update app: "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	JSON(w, http.StatusOK, app)
+}
+
+// Delete deletes an app
+func (h *AppHandler) Delete(w http.ResponseWriter, r *http.Request) {
+	developerID := middleware.GetDeveloperID(r.Context())
+	if developerID == "" {
+		Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	appID := chi.URLParam(r, "appID")
+	app, err := h.db.GetApp(r.Context(), appID)
+	if err != nil {
+		Error(w, "app not found", http.StatusNotFound)
+		return
+	}
+
+	// Verify ownership
+	if app.DeveloperID != developerID {
+		Error(w, "forbidden", http.StatusForbidden)
+		return
+	}
+
+	// Check if app has published versions
+	hasPublished, err := h.db.AppHasPublishedVersions(r.Context(), appID)
+	if err != nil {
+		Error(w, "failed to check versions: "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	if hasPublished {
+		Error(w, "cannot delete app with published versions", http.StatusBadRequest)
+		return
+	}
+
+	if err := h.db.DeleteApp(r.Context(), appID); err != nil {
+		Error(w, "failed to delete app: "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	JSON(w, http.StatusOK, map[string]bool{"success": true})
+}
+
+// ListVersions lists versions for an app
+func (h *AppHandler) ListVersions(w http.ResponseWriter, r *http.Request) {
+	developerID := middleware.GetDeveloperID(r.Context())
+	if developerID == "" {
+		Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	appID := chi.URLParam(r, "appID")
+	app, err := h.db.GetApp(r.Context(), appID)
+	if err != nil {
+		Error(w, "app not found", http.StatusNotFound)
+		return
+	}
+
+	// Verify ownership
+	if app.DeveloperID != developerID {
+		Error(w, "forbidden", http.StatusForbidden)
+		return
+	}
+
+	// Parse query parameters
+	status := r.URL.Query().Get("status")
+	page, _ := strconv.Atoi(r.URL.Query().Get("page"))
+	limit, _ := strconv.Atoi(r.URL.Query().Get("limit"))
+
+	if page < 1 {
+		page = 1
+	}
+	if limit < 1 || limit > 100 {
+		limit = 20
+	}
+
+	versions, total, err := h.db.ListVersions(r.Context(), appID, status, page, limit)
+	if err != nil {
+		Error(w, "failed to list versions: "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	JSON(w, http.StatusOK, map[string]interface{}{
+		"versions": versions,
+		"total":    total,
+		"pagination": map[string]interface{}{
+			"page":        page,
+			"limit":       limit,
+			"total":       total,
+			"total_pages": (total + limit - 1) / limit,
+		},
+	})
+}
+
+// CreateVersionRequest is the request body for creating a version
+type CreateVersionRequest struct {
+	VersionName  string `json:"version_name" validate:"required"`
+	VersionCode  int    `json:"version_code" validate:"required,min=1"`
+	ReleaseNotes string `json:"release_notes,omitempty" validate:"max=5000"`
+}
+
+// CreateVersion creates a new app version
+func (h *AppHandler) CreateVersion(w http.ResponseWriter, r *http.Request) {
+	developerID := middleware.GetDeveloperID(r.Context())
+	if developerID == "" {
+		Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	appID := chi.URLParam(r, "appID")
+	app, err := h.db.GetApp(r.Context(), appID)
+	if err != nil {
+		Error(w, "app not found", http.StatusNotFound)
+		return
+	}
+
+	// Verify ownership
+	if app.DeveloperID != developerID {
+		Error(w, "forbidden", http.StatusForbidden)
+		return
+	}
+
+	var req CreateVersionRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		Error(w, "invalid request body", http.StatusBadRequest)
+		return
+	}
+
+	// Check if version code already exists
+	exists, err := h.db.VersionCodeExists(r.Context(), appID, req.VersionCode)
+	if err != nil {
+		Error(w, "failed to check version: "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+	if exists {
+		Error(w, "version_code already exists for this app", http.StatusConflict)
+		return
+	}
+
+	version, err := h.db.CreateVersion(r.Context(), &database.AppVersion{
+		AppID:        appID,
+		VersionName:  req.VersionName,
+		VersionCode:  req.VersionCode,
+		ReleaseNotes: req.ReleaseNotes,
+		Status:       "draft",
+	})
+	if err != nil {
+		Error(w, "failed to create version: "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	// Generate upload URL (for now, just a placeholder path)
+	uploadURL := "/packages/" + appID + "/" + version.ID + ".mosis"
+	uploadExpires := time.Now().Add(1 * time.Hour).Format(time.RFC3339)
+
+	JSON(w, http.StatusCreated, map[string]interface{}{
+		"version":        version,
+		"upload_url":     uploadURL,
+		"upload_expires": uploadExpires,
+	})
+}
+
+// GetVersion retrieves a specific version
+func (h *AppHandler) GetVersion(w http.ResponseWriter, r *http.Request) {
+	developerID := middleware.GetDeveloperID(r.Context())
+	if developerID == "" {
+		Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	appID := chi.URLParam(r, "appID")
+	versionID := chi.URLParam(r, "versionID")
+
+	app, err := h.db.GetApp(r.Context(), appID)
+	if err != nil {
+		Error(w, "app not found", http.StatusNotFound)
+		return
+	}
+
+	// Verify ownership
+	if app.DeveloperID != developerID {
+		Error(w, "forbidden", http.StatusForbidden)
+		return
+	}
+
+	version, err := h.db.GetVersion(r.Context(), versionID)
+	if err != nil || version.AppID != appID {
+		Error(w, "version not found", http.StatusNotFound)
+		return
+	}
+
+	JSON(w, http.StatusOK, version)
+}
+
+// SubmitVersion submits a version for review
+func (h *AppHandler) SubmitVersion(w http.ResponseWriter, r *http.Request) {
+	developerID := middleware.GetDeveloperID(r.Context())
+	if developerID == "" {
+		Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	appID := chi.URLParam(r, "appID")
+	versionID := chi.URLParam(r, "versionID")
+
+	app, err := h.db.GetApp(r.Context(), appID)
+	if err != nil {
+		Error(w, "app not found", http.StatusNotFound)
+		return
+	}
+
+	// Verify ownership
+	if app.DeveloperID != developerID {
+		Error(w, "forbidden", http.StatusForbidden)
+		return
+	}
+
+	version, err := h.db.GetVersion(r.Context(), versionID)
+	if err != nil || version.AppID != appID {
+		Error(w, "version not found", http.StatusNotFound)
+		return
+	}
+
+	// Check current status
+	if version.Status != "draft" && version.Status != "rejected" {
+		Error(w, "version cannot be submitted (current status: "+version.Status+")", http.StatusBadRequest)
+		return
+	}
+
+	// Check if package is uploaded
+	if version.PackageURL == "" {
+		Error(w, "package must be uploaded before submitting", http.StatusBadRequest)
+		return
+	}
+
+	version.Status = "review"
+	if err := h.db.UpdateVersionStatus(r.Context(), versionID, "review"); err != nil {
+		Error(w, "failed to submit version: "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	JSON(w, http.StatusOK, version)
+}
+
+// PublishVersion publishes an approved version
+func (h *AppHandler) PublishVersion(w http.ResponseWriter, r *http.Request) {
+	developerID := middleware.GetDeveloperID(r.Context())
+	if developerID == "" {
+		Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	appID := chi.URLParam(r, "appID")
+	versionID := chi.URLParam(r, "versionID")
+
+	app, err := h.db.GetApp(r.Context(), appID)
+	if err != nil {
+		Error(w, "app not found", http.StatusNotFound)
+		return
+	}
+
+	// Verify ownership
+	if app.DeveloperID != developerID {
+		Error(w, "forbidden", http.StatusForbidden)
+		return
+	}
+
+	version, err := h.db.GetVersion(r.Context(), versionID)
+	if err != nil || version.AppID != appID {
+		Error(w, "version not found", http.StatusNotFound)
+		return
+	}
+
+	// Check current status - must be approved
+	if version.Status != "approved" {
+		Error(w, "version must be approved before publishing (current status: "+version.Status+")", http.StatusBadRequest)
+		return
+	}
+
+	now := time.Now()
+	version.Status = "published"
+	version.PublishedAt = &now
+
+	if err := h.db.PublishVersion(r.Context(), versionID); err != nil {
+		Error(w, "failed to publish version: "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	// Update app status to published
+	if app.Status == "draft" {
+		app.Status = "published"
+		h.db.UpdateAppStatus(r.Context(), appID, "published")
+	}
+
+	JSON(w, http.StatusOK, version)
+}
+
+// isValidPackageID validates package ID format (com.example.app)
+func isValidPackageID(id string) bool {
+	if len(id) < 5 || len(id) > 100 {
+		return false
+	}
+	// Simple validation: lowercase letters, digits, and dots; must have at least 2 dots
+	dots := 0
+	for i, c := range id {
+		if c == '.' {
+			dots++
+			// No consecutive dots, no leading/trailing dots
+			if i == 0 || i == len(id)-1 {
+				return false
+			}
+			continue
+		}
+		if (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || c == '_' {
+			continue
+		}
+		return false
+	}
+	return dots >= 2
+}
--- a/portal/internal/api/handlers/store.go
+++ b/portal/internal/api/handlers/store.go
@@ -0,0 +1,120 @@
+package handlers
+
+import (
+	"net/http"
+	"strconv"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/omixlab/mosis-portal/internal/database"
+)
+
+// StoreHandler handles public store endpoints
+type StoreHandler struct {
+	db *database.DB
+}
+
+// NewStoreHandler creates a new store handler
+func NewStoreHandler(db *database.DB) *StoreHandler {
+	return &StoreHandler{db: db}
+}
+
+// ListApps returns published apps for the store
+func (h *StoreHandler) ListApps(w http.ResponseWriter, r *http.Request) {
+	// Parse query parameters
+	query := r.URL.Query().Get("q")
+	category := r.URL.Query().Get("category")
+	sort := r.URL.Query().Get("sort")
+	page, _ := strconv.Atoi(r.URL.Query().Get("page"))
+	limit, _ := strconv.Atoi(r.URL.Query().Get("limit"))
+
+	if page < 1 {
+		page = 1
+	}
+	if limit < 1 || limit > 100 {
+		limit = 20
+	}
+
+	apps, total, err := h.db.ListPublishedApps(r.Context(), query, category, sort, page, limit)
+	if err != nil {
+		Error(w, "failed to list apps: "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	JSON(w, http.StatusOK, map[string]interface{}{
+		"apps":  apps,
+		"total": total,
+		"pagination": map[string]interface{}{
+			"page":        page,
+			"limit":       limit,
+			"total":       total,
+			"total_pages": (total + limit - 1) / limit,
+		},
+	})
+}
+
+// GetApp returns a published app by package ID
+func (h *StoreHandler) GetApp(w http.ResponseWriter, r *http.Request) {
+	packageID := chi.URLParam(r, "packageID")
+
+	app, err := h.db.GetPublishedApp(r.Context(), packageID)
+	if err != nil {
+		Error(w, "app not found", http.StatusNotFound)
+		return
+	}
+
+	JSON(w, http.StatusOK, app)
+}
+
+// Download returns download info for the latest version of an app
+func (h *StoreHandler) Download(w http.ResponseWriter, r *http.Request) {
+	packageID := chi.URLParam(r, "packageID")
+
+	version, err := h.db.GetLatestPublishedVersion(r.Context(), packageID)
+	if err != nil {
+		Error(w, "no published version found", http.StatusNotFound)
+		return
+	}
+
+	JSON(w, http.StatusOK, map[string]interface{}{
+		"download_url": version.PackageURL,
+		"version":      version.VersionName,
+		"version_code": version.VersionCode,
+		"size":         version.PackageSize,
+		"signature":    version.Signature,
+	})
+}
+
+// DownloadVersion returns download info for a specific version
+func (h *StoreHandler) DownloadVersion(w http.ResponseWriter, r *http.Request) {
+	packageID := chi.URLParam(r, "packageID")
+	versionCodeStr := chi.URLParam(r, "versionCode")
+
+	versionCode, err := strconv.Atoi(versionCodeStr)
+	if err != nil {
+		Error(w, "invalid version code", http.StatusBadRequest)
+		return
+	}
+
+	version, err := h.db.GetPublishedVersionByCode(r.Context(), packageID, versionCode)
+	if err != nil {
+		Error(w, "version not found", http.StatusNotFound)
+		return
+	}
+
+	JSON(w, http.StatusOK, map[string]interface{}{
+		"download_url": version.PackageURL,
+		"version":      version.VersionName,
+		"version_code": version.VersionCode,
+		"size":         version.PackageSize,
+		"signature":    version.Signature,
+	})
+}
+
+// CheckUpdates checks for app updates
+func (h *StoreHandler) CheckUpdates(w http.ResponseWriter, r *http.Request) {
+	// Parse request body for installed apps
+	// For now, return empty updates
+	JSON(w, http.StatusOK, map[string]interface{}{
+		"updates": []interface{}{},
+	})
+}
--- a/portal/internal/api/router.go
+++ b/portal/internal/api/router.go
@@ -32,6 +32,8 @@ func NewRouter(cfg *config.Config, db *database.DB) http.Handler {
 	)
 	authMiddleware := middleware.NewAuthMiddleware(jwtManager, db)
 	authHandler := handlers.NewAuthHandler(oauthManager, jwtManager, db)
+	appHandler := handlers.NewAppHandler(db)
+	storeHandler := handlers.NewStoreHandler(db)

 	// Health check
 	r.Get("/health", func(w http.ResponseWriter, r *http.Request) {
@@ -63,19 +65,19 @@ func NewRouter(cfg *config.Config, db *database.DB) http.Handler {

 			// Developer apps
 			r.Route("/apps", func(r chi.Router) {
-				r.Get("/", handlers.NotImplemented)
-				r.Post("/", handlers.NotImplemented)
-				r.Get("/{appID}", handlers.NotImplemented)
-				r.Patch("/{appID}", handlers.NotImplemented)
-				r.Delete("/{appID}", handlers.NotImplemented)
+				r.Get("/", appHandler.List)
+				r.Post("/", appHandler.Create)
+				r.Get("/{appID}", appHandler.Get)
+				r.Patch("/{appID}", appHandler.Update)
+				r.Delete("/{appID}", appHandler.Delete)

 				// Versions
 				r.Route("/{appID}/versions", func(r chi.Router) {
-					r.Get("/", handlers.NotImplemented)
-					r.Post("/", handlers.NotImplemented)
-					r.Get("/{versionID}", handlers.NotImplemented)
-					r.Post("/{versionID}/submit", handlers.NotImplemented)
-					r.Post("/{versionID}/publish", handlers.NotImplemented)
+					r.Get("/", appHandler.ListVersions)
+					r.Post("/", appHandler.CreateVersion)
+					r.Get("/{versionID}", appHandler.GetVersion)
+					r.Post("/{versionID}/submit", appHandler.SubmitVersion)
+					r.Post("/{versionID}/publish", appHandler.PublishVersion)
 				})
 			})

@@ -96,10 +98,11 @@ func NewRouter(cfg *config.Config, db *database.DB) http.Handler {

 		// Public store endpoints
 		r.Route("/store", func(r chi.Router) {
-			r.Get("/apps", handlers.NotImplemented)
-			r.Get("/apps/{appID}", handlers.NotImplemented)
-			r.Get("/apps/{appID}/download", handlers.NotImplemented)
-			r.Get("/apps/updates", handlers.NotImplemented)
+			r.Get("/apps", storeHandler.ListApps)
+			r.Get("/apps/updates", storeHandler.CheckUpdates)
+			r.Get("/apps/{packageID}", storeHandler.GetApp)
+			r.Get("/apps/{packageID}/download", storeHandler.Download)
+			r.Get("/apps/{packageID}/versions/{versionCode}/download", storeHandler.DownloadVersion)
 		})

 		// Telemetry (API key auth preferred, but can work without for initial setup)