SpacetimeDB/crates/cli/src/subcommands/lock.rs at 6c0ad7fe8b3fc089843ae50d2d9764c100a27cc9 · clockworklabs/SpacetimeDB · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
use crate::common_args;
use crate::config::Config;
use crate::subcommands::db_arg_resolution::{load_config_db_targets, resolve_database_arg};
use crate::util::{add_auth_header_opt, database_identity, get_auth_header};
use clap::{Arg, ArgMatches};

pub fn cli() -> clap::Command {
    clap::Command::new("lock")
        .about("Lock a database to prevent accidental deletion")
        .long_about(
            "Lock a database to prevent it from being deleted.\n\n\
             A locked database cannot be deleted until it is unlocked with `spacetime unlock`.\n\
             This is a safety mechanism to protect production databases from accidental deletion.",
        )
        .arg(
            Arg::new("database")
                .required(false)
                .help("The name or identity of the database to lock"),
        )
        .arg(common_args::server().help("The nickname, host name or URL of the server hosting the database"))
        .arg(
            Arg::new("no_config")
                .long("no-config")
                .action(clap::ArgAction::SetTrue)
                .help("Ignore spacetime.json configuration"),
        )
        .after_help("Run `spacetime help lock` for more detailed information.\n")
}

pub async fn exec(mut config: Config, args: &ArgMatches) -> Result<(), anyhow::Error> {
    let server_from_cli = args.get_one::<String>("server").map(|s| s.as_ref());
    let no_config = args.get_flag("no_config");
    let database_arg = args.get_one::<String>("database").map(|s| s.as_str());
    let config_targets = load_config_db_targets(no_config)?;
    let resolved = resolve_database_arg(
        database_arg,
        config_targets.as_deref(),
        "spacetime lock [database] [--no-config]",
    )?;
    let server = server_from_cli.or(resolved.server.as_deref());

    let identity = database_identity(&config, &resolved.database, server).await?;
    let host_url = config.get_host_url(server)?;
    let auth_header = get_auth_header(&mut config, false, server, true).await?;
    let client = reqwest::Client::new();

    let mut builder = client.post(format!("{host_url}/v1/database/{identity}/lock"));
    builder = add_auth_header_opt(builder, &auth_header);

    let response = builder.send().await?;
    response.error_for_status()?;

    println!(
        "Database {} is now locked. It cannot be deleted until unlocked.",
        identity
    );
    Ok(())
}