wireapp · battermann · Sep 20, 2022 · Sep 16, 2022 · Sep 16, 2022 · Sep 16, 2022
@@ -0,0 +1 @@
+The `POST /delete` endpoint of the account API is now migrated to servant
@@ -384,6 +384,17 @@ type AccountAPI =
         :> ReqBody '[JSON] NewUserPublic
         :> MultiVerb 'POST '[JSON] RegisterResponses (Either RegisterError RegisterSuccess)
     )
+    -- This endpoint can lead to the following events being sent:
+    -- UserDeleted event to contacts of deleted user
+    -- MemberLeave event to members for all conversations the user was in (via galley)
+    :<|> Named
+           "verify-delete"
+           ( Summary "Verify account deletion with a code."
+               :> CanThrow 'InvalidCode
+               :> "delete"
+               :> ReqBody '[JSON] VerifyDeleteUser
+               :> MultiVerb 'POST '[JSON] '[RespondEmpty 200 "Deletion is initiated."] ()
+           )
 
 type PrekeyAPI =
   Named

@@ -102,7 +102,6 @@ models =
     User.modelUser,
     User.modelEmailUpdate,
     User.modelDelete,
-    User.modelVerifyDelete,
     User.Activation.modelActivate,
     User.Activation.modelSendActivationCode,
     User.Activation.modelActivationResponse,

@@ -109,7 +109,6 @@ module Wire.API.User
     modelEmailUpdate,
     modelUser,
     modelUserIdList,
-    modelVerifyDelete,
 
     -- * 2nd factor auth
     VerificationAction (..),
@@ -1312,30 +1311,17 @@ data VerifyDeleteUser = VerifyDeleteUser
   }
   deriving stock (Eq, Show, Generic)
   deriving (Arbitrary) via (GenericUniform VerifyDeleteUser)
-
-modelVerifyDelete :: Doc.Model
-modelVerifyDelete = Doc.defineModel "VerifyDelete" $ do
-  Doc.description "Data for verifying an account deletion."
-  Doc.property "key" Doc.string' $
-    Doc.description "The identifying key of the account (i.e. user ID)."
-  Doc.property "code" Doc.string' $
-    Doc.description "The verification code."
+  deriving (ToJSON, FromJSON, S.ToSchema) via (Schema VerifyDeleteUser)
 
 mkVerifyDeleteUser :: Code.Key -> Code.Value -> VerifyDeleteUser
 mkVerifyDeleteUser = VerifyDeleteUser
 
-instance ToJSON VerifyDeleteUser where
-  toJSON d =
-    A.object
-      [ "key" A..= verifyDeleteUserKey d,
-        "code" A..= verifyDeleteUserCode d
-      ]
-
-instance FromJSON VerifyDeleteUser where
-  parseJSON = A.withObject "VerifyDeleteUser" $ \o ->
-    VerifyDeleteUser
-      <$> o A..: "key"
-      <*> o A..: "code"
+instance ToSchema VerifyDeleteUser where
+  schema =
+    objectWithDocModifier "VerifyDeleteUser" (description ?~ "Data for verifying an account deletion.") $
+      VerifyDeleteUser
+        <$> verifyDeleteUserKey .= fieldWithDocModifier "key" (description ?~ "The identifying key of the account (i.e. user ID).") schema
+        <*> verifyDeleteUserCode .= fieldWithDocModifier "code" (description ?~ "The verification code.") schema
 
 -- | A response for a pending deletion code.
 newtype DeletionCodeTimeout = DeletionCodeTimeout

@@ -222,7 +222,9 @@ servantSitemap = userAPI :<|> selfAPI :<|> accountAPI :<|> clientAPI :<|> prekey
         :<|> Named @"change-handle" changeHandle
 
     accountAPI :: ServerT AccountAPI (Handler r)
-    accountAPI = Named @"register" createUser
+    accountAPI =
+      Named @"register" createUser
+        :<|> Named @"verify-delete" verifyDeleteUser
 
     clientAPI :: ServerT ClientAPI (Handler r)
     clientAPI =
@@ -309,20 +311,6 @@ sitemap ::
     r =>
   Routes Doc.ApiBuilder (Handler r) ()
 sitemap = do
-  -- This endpoint can lead to the following events being sent:
-  -- UserDeleted event to contacts of deleted user
-  -- MemberLeave event to members for all conversations the user was in (via galley)
-  post "/delete" (continue verifyDeleteUserH) $
-    jsonRequest @Public.VerifyDeleteUser
-      .&. accept "application" "json"
-  document "POST" "verifyDeleteUser" $ do
-    Doc.summary "Verify account deletion with a code."
-    Doc.body (Doc.ref Public.modelVerifyDelete) $
-      Doc.description "JSON body"
-    Doc.response 200 "Deletion is initiated." Doc.end
-    Doc.errorResponse (errorToWai @'E.InvalidCode)
-
-  -- TODO: put delete here, too?
   -- /activate, /password-reset ----------------------------------
 
   -- This endpoint can lead to the following events being sent:
@@ -989,11 +977,8 @@ deleteSelfUser ::
 deleteSelfUser u body =
   API.deleteSelfUser u (Public.deleteUserPassword body) !>> deleteUserError
 
-verifyDeleteUserH :: JsonRequest Public.VerifyDeleteUser ::: JSON -> (Handler r) Response
-verifyDeleteUserH (r ::: _) = do
-  body <- parseJsonBody r
-  API.verifyDeleteUser body !>> deleteUserError
-  pure (setStatus status200 empty)
+verifyDeleteUser :: Public.VerifyDeleteUser -> Handler r ()
+verifyDeleteUser body = API.verifyDeleteUser body !>> deleteUserError
 
 updateUserEmail :: Member BlacklistStore r => UserId -> UserId -> Public.EmailUpdate -> (Handler r) ()
 updateUserEmail zuserId emailOwnerId (Public.EmailUpdate email) = do
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		The `POST /delete` endpoint of the account API is now migrated to servant
Copy link Contributor fisx Sep 19, 2022 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. we should probably condense the changelog a little once all these small PRs are merged? battermann reacted with thumbs up emoji