chore(api)!: new user update endpoint

Currently, the endpoint for updating a user is a PATCH to `/users/:id/data`, where `:id` corresponds to the user being updated. However, there's potential indirection when conflicting IDs are sent, such as: ``` PATCH /api/users/6682e893bda48253abd4ddee/data HTTP/1.1 Host: localhost X-ID: 6682e89a7dc345449ac95be2 Content-Type: application/json ``` To resolve this, we are introducing a new endpoint `/users` where we exclusively use the user's ID from the headers. **NOTE:** The old endpoint `/users/:id/data` remains functional but is now marked as **DEPRECATED** for compatibility purposes.
shellhub-io · Jul 2, 2024 · 53bbb3c · 53bbb3c
1 parent 9461414
commit 53bbb3c
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/api/routes/routes.go b/api/routes/routes.go
@@ -64,6 +64,7 @@ func NewRouter(service services.Service) *echo.Echo {
 	publicAPI.DELETE(DeleteAPIKeyURL, gateway.Handler(handler.DeleteAPIKey), middleware.BlockAPIKey, middleware.RequiresPermission(authorizer.APIKeyDelete))
 
 	publicAPI.PATCH(URLUpdateUser, gateway.Handler(handler.UpdateUser), middleware.BlockAPIKey)
+	publicAPI.PATCH(URLDeprecatedUpdateUser, gateway.Handler(handler.UpdateUser), middleware.BlockAPIKey)                 // WARN: DEPRECATED.
 	publicAPI.PATCH(URLDeprecatedUpdateUserPassword, gateway.Handler(handler.UpdateUserPassword), middleware.BlockAPIKey) // WARN: DEPRECATED.
 
 	publicAPI.GET(GetDeviceListURL, middleware.Authorize(gateway.Handler(handler.GetDeviceList)))

diff --git a/api/routes/user.go b/api/routes/user.go
@@ -10,7 +10,8 @@ import (
 )
 
 const (
-	URLUpdateUser                   = "/users/:id/data"
+	URLUpdateUser                   = "/users"
+	URLDeprecatedUpdateUser         = "/users/:id/data"
 	URLDeprecatedUpdateUserPassword = "/users/:id/password" //nolint:gosec
 )
 

diff --git a/api/routes/user_test.go b/api/routes/user_test.go
@@ -130,7 +130,7 @@ func TestUpdateUser(t *testing.T) {
 			data, err := json.Marshal(tc.body)
 			require.NoError(t, err)
 
-			req := httptest.NewRequest(http.MethodPatch, fmt.Sprintf("/api/users/%s/data", tc.headers["X-ID"]), strings.NewReader(string(data)))
+			req := httptest.NewRequest(http.MethodPatch, "/api/users", strings.NewReader(string(data)))
 			req.Header.Set("Content-Type", "application/json")
 			for k, v := range tc.headers {
 				req.Header.Set(k, v)