various: simplify code; work on security and performance

Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I9a5114addcab5fbff430ab2b919b83466a6a6964

crates/pinakes-server/src/routes/plugins.rs

@@ -0,0 +1,149 @@
+use axum::Json;
+use axum::extract::{Path, State};
+
+use crate::dto::*;
+use crate::error::ApiError;
+use crate::state::AppState;
+
+/// List all installed plugins
+pub async fn list_plugins(
+    State(state): State<AppState>,
+) -> Result<Json<Vec<PluginResponse>>, ApiError> {
+    let plugin_manager = state.plugin_manager.as_ref().ok_or_else(|| {
+        ApiError(pinakes_core::error::PinakesError::InvalidOperation(
+            "Plugin system is not enabled".to_string(),
+        ))
+    })?;
+
+    let plugins = plugin_manager.list_plugins().await;
+    let mut responses = Vec::with_capacity(plugins.len());
+    for meta in plugins {
+        let enabled = plugin_manager.is_plugin_enabled(&meta.id).await;
+        responses.push(PluginResponse::new(meta, enabled));
+    }
+    Ok(Json(responses))
+}
+
+/// Get a specific plugin by ID
+pub async fn get_plugin(
+    State(state): State<AppState>,
+    Path(id): Path<String>,
+) -> Result<Json<PluginResponse>, ApiError> {
+    let plugin_manager = state.plugin_manager.as_ref().ok_or_else(|| {
+        ApiError(pinakes_core::error::PinakesError::InvalidOperation(
+            "Plugin system is not enabled".to_string(),
+        ))
+    })?;
+
+    let plugin = plugin_manager.get_plugin(&id).await.ok_or_else(|| {
+        ApiError(pinakes_core::error::PinakesError::NotFound(format!(
+            "Plugin not found: {}",
+            id
+        )))
+    })?;
+
+    let enabled = plugin_manager.is_plugin_enabled(&id).await;
+    Ok(Json(PluginResponse::new(plugin, enabled)))
+}
+
+/// Install a plugin from URL or file path
+pub async fn install_plugin(
+    State(state): State<AppState>,
+    Json(req): Json<InstallPluginRequest>,
+) -> Result<Json<PluginResponse>, ApiError> {
+    let plugin_manager = state.plugin_manager.as_ref().ok_or_else(|| {
+        ApiError(pinakes_core::error::PinakesError::InvalidOperation(
+            "Plugin system is not enabled".to_string(),
+        ))
+    })?;
+
+    let plugin_id = plugin_manager
+        .install_plugin(&req.source)
+        .await
+        .map_err(|e| {
+            ApiError(pinakes_core::error::PinakesError::InvalidOperation(
+                format!("Failed to install plugin: {}", e),
+            ))
+        })?;
+
+    let plugin = plugin_manager.get_plugin(&plugin_id).await.ok_or_else(|| {
+        ApiError(pinakes_core::error::PinakesError::NotFound(
+            "Plugin installed but not found".to_string(),
+        ))
+    })?;
+
+    let enabled = plugin_manager.is_plugin_enabled(&plugin_id).await;
+    Ok(Json(PluginResponse::new(plugin, enabled)))
+}
+
+/// Uninstall a plugin
+pub async fn uninstall_plugin(
+    State(state): State<AppState>,
+    Path(id): Path<String>,
+) -> Result<Json<serde_json::Value>, ApiError> {
+    let plugin_manager = state.plugin_manager.as_ref().ok_or_else(|| {
+        ApiError(pinakes_core::error::PinakesError::InvalidOperation(
+            "Plugin system is not enabled".to_string(),
+        ))
+    })?;
+
+    plugin_manager.uninstall_plugin(&id).await.map_err(|e| {
+        ApiError(pinakes_core::error::PinakesError::InvalidOperation(
+            format!("Failed to uninstall plugin: {}", e),
+        ))
+    })?;
+
+    Ok(Json(serde_json::json!({"uninstalled": true})))
+}
+
+/// Enable or disable a plugin
+pub async fn toggle_plugin(
+    State(state): State<AppState>,
+    Path(id): Path<String>,
+    Json(req): Json<TogglePluginRequest>,
+) -> Result<Json<serde_json::Value>, ApiError> {
+    let plugin_manager = state.plugin_manager.as_ref().ok_or_else(|| {
+        ApiError(pinakes_core::error::PinakesError::InvalidOperation(
+            "Plugin system is not enabled".to_string(),
+        ))
+    })?;
+
+    if req.enabled {
+        plugin_manager.enable_plugin(&id).await.map_err(|e| {
+            ApiError(pinakes_core::error::PinakesError::InvalidOperation(
+                format!("Failed to enable plugin: {}", e),
+            ))
+        })?;
+    } else {
+        plugin_manager.disable_plugin(&id).await.map_err(|e| {
+            ApiError(pinakes_core::error::PinakesError::InvalidOperation(
+                format!("Failed to disable plugin: {}", e),
+            ))
+        })?;
+    }
+
+    Ok(Json(serde_json::json!({
+        "id": id,
+        "enabled": req.enabled
+    })))
+}
+
+/// Reload a plugin (for development)
+pub async fn reload_plugin(
+    State(state): State<AppState>,
+    Path(id): Path<String>,
+) -> Result<Json<serde_json::Value>, ApiError> {
+    let plugin_manager = state.plugin_manager.as_ref().ok_or_else(|| {
+        ApiError(pinakes_core::error::PinakesError::InvalidOperation(
+            "Plugin system is not enabled".to_string(),
+        ))
+    })?;
+
+    plugin_manager.reload_plugin(&id).await.map_err(|e| {
+        ApiError(pinakes_core::error::PinakesError::InvalidOperation(
+            format!("Failed to reload plugin: {}", e),
+        ))
+    })?;
+
+    Ok(Json(serde_json::json!({"reloaded": true})))
+}