From e60b396e19eab6379e4fc8893562c8d672ec3f49 Mon Sep 17 00:00:00 2001
From: Luna <git@l4.pm>
Date: Sat, 16 Mar 2019 18:18:02 -0300
Subject: [PATCH] admin_api.users: add user search endpoint

---
 docs/admin_api.md                      |  9 ++++-
 litecord/blueprints/admin_api/users.py | 55 ++++++++++++++++++++++++++
 2 files changed, 62 insertions(+), 2 deletions(-)

diff --git a/docs/admin_api.md b/docs/admin_api.md
index 2a5f7c4..ff17d9f 100644
--- a/docs/admin_api.md
+++ b/docs/admin_api.md
@@ -24,9 +24,14 @@ Returns a user object.
 
 ### `GET /users`
 
-Search users.
+Search users. Input is query arguments with the search parameters.
+Returns a list of users
 
-**TODO: query args**
+| field | type | description |
+| --: | :-- | :-- |
+| username | string | username |
+| discriminator | string | discriminator |
+| page | integer | page |
 
 ### `DELETE /users/<user_id>`
 
diff --git a/litecord/blueprints/admin_api/users.py b/litecord/blueprints/admin_api/users.py
index 67690c8..35374f7 100644
--- a/litecord/blueprints/admin_api/users.py
+++ b/litecord/blueprints/admin_api/users.py
@@ -23,6 +23,7 @@ from litecord.auth import admin_check
 from litecord.blueprints.auth import create_user
 from litecord.schemas import validate
 from litecord.admin_schemas import USER_CREATE
+from litecord.errors import BadRequest
 
 bp = Blueprint('users_admin', __name__)
 
@@ -38,3 +39,57 @@ async def _create_user():
         await app.storage.get_user(user_id)
     )
 
+
+def args_try(args: dict, typ, field: str, default):
+    """Try to fetch a value from the request arguments,
+    given a type."""
+    try:
+        return typ(args.get(field, default))
+    except (TypeError, ValueError):
+        raise BadRequest(f'invalid {field} value')
+
+
+@bp.route('', methods=['GET'])
+async def _search_users():
+    await admin_check()
+
+    args = request.args
+
+    username, discrim = args.get('username'), args.get('discriminator')
+
+    per_page = args_try(args, int, 'per_page', 20)
+    page = args_try(args, int, 'page', 0)
+
+    if page < 0:
+        raise BadRequest('invalid page number')
+
+    if per_page > 50:
+        raise BadRequest('invalid per page number')
+
+    # any of those must be available.
+    if not any((username, discrim)):
+        raise BadRequest('must insert username or discrim')
+
+    wheres, args = [], []
+
+    if username:
+        wheres.append("username LIKE '%' || $2 || '%'")
+        args.append(username)
+
+    if discrim:
+        wheres.append(f'discriminator = ${len(args) + 2}')
+        args.append(discrim)
+
+    where_tot = 'WHERE ' if args else ''
+    where_tot += ' AND '.join(wheres)
+
+    rows = await app.db.fetch(f"""
+    SELECT id
+    FROM users
+    {where_tot}
+    ORDER BY id ASC
+    LIMIT {per_page}
+    OFFSET ($1 * {per_page})
+    """, page, *args)
+
+    return jsonify([dict(r) for r in rows])