fixes errors

.gitignore

@@ -1,2 +1,10 @@
 /target
 **/*.rs.bk
+
+Cargo.lock
+**/*.sqlite3
+**/.env
+
+package-lock.json
+fontawesome
+

Cargo.toml

@@ -5,3 +5,20 @@ authors = ["Artus <artus@landoftheunicorn.ovh>"]
 edition = "2018"
 
 [dependencies]
+actix-web = "1.0.*"
+actix-files = "*"
+actix-service = "*"
+actix-identity = "*"
+lootalot-db = { version = "0.1", path = "./lootalot_db" }
+dotenv = "*"
+env_logger = "*"
+futures = "0.1"
+diesel = "*"
+serde = "*"
+serde_json = "*"
+actix-cors = "0.1.0"
+
+[workspace]
+members = [
+  "lootalot_db"
+]

README.md

@@ -6,43 +6,21 @@ Un gestionnaire de trésors pour des joueurs de Donjon&Dragons(tm).
 
 ## Fonctionnalités prévues
 
-  * Ajouter des objets "lootés"
+  * Ajouter des objets  
+    ☑ Acheter  
+    ☐ Ajouter un trésor (objet par objet ou par liste)  
   * Répartir les objets entre les joueurs et le groupe  
+    ☑ Demander un objet  
+    ☐ Résoudre un conflit  
+    ☐ Finaliser la répartition après un délai défini  
   * Vendre les objets du groupe et répartir équitablement leur valeur entre les joueurs  
-    * Possibilité d'indiquer une variation du prix de vente pour chaque objet ou globale
+    ☑ Possibilité d'indiquer une variation du prix de vente globale et/ou pour chaque objet  
+    ☐ Possibilité d'indiquer des joueurs exclus de la répartition  
   * Gérer les comptes du groupe et des joueurs  
-  * Historique des transactions par propriétaire
+    ☑ Afficher le solde actuel et la dette envers le groupe  
+    ☑ Mettre à jour facilement  
+  * Historique  
+    ☐ Annuler une action  
+    ☐ Consulter l'historique des objets 'looté' par le groupe  
 
 
-## Base de données
-
-### Objets
-
-L'inventaire des objets qui peuvent être lootés.  
-PK: id
-
-### Propriétaires
-
-Les joueurs sont des propriétaires d'objet.
-Le "groupe" est un propriétaire spécial, avec un ID réservé : 0
-
-La table conserve l'état actuel des finances du propriétaire. L'attribut `dette` représente la dette envers le groupe.
-
-```
-PK: id  
-ATTRS: name, debt (in gp), pp, sp, gp, cp  
-```
-### Propriété
-
-Table associative entre objets et propriétaires (joueurs ou groupe)
-L'ajout d'un objet à un propriétaire est un achat. La suppression, une vente.
-NB: L'historique d'achat est enregistré puis effacé lors de la vente.
-```
-PK: id  
-FK: objets_id, proprietaire_id  
-ATTRS: acquired_date, at_value  
-```
-### Opérations
-
-_Doit-on garder un historique des opérations ?_
-

lootalot_db/Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+name = "lootalot-db"
+version = "0.1.0"
+authors = ["Artus <artus@landoftheunicorn.ovh>"]
+edition = "2018"
+
+[dependencies]
+dotenv = "*"
+diesel_migrations = "*"
+serde = "*"
+serde_derive = "*"
+serde_json = "*"
+
+[dependencies.diesel]
+version = "1.4"
+features = ["sqlite", "r2d2"]

lootalot_db/diesel.toml

@@ -0,0 +1,5 @@
+# For documentation on how to configure this file,
+# see diesel.rs/guides/configuring-diesel-cli
+
+[print_schema]
+file = "src/schema.rs"

lootalot_db/migrations/2019-06-10-123922_create_items/down.sql

@@ -0,0 +1,2 @@
+DROP TABLE items;
+DROP TABLE loot;

lootalot_db/migrations/2019-06-10-123922_create_items/up.sql

@@ -0,0 +1,16 @@
+-- The global inventory of items
+CREATE TABLE items (
+  id INTEGER PRIMARY KEY NOT NULL,
+  name VARCHAR NOT NULL,
+  base_price INTEGER NOT NULL
+);
+
+-- The loot
+CREATE TABLE loot (
+  id INTEGER PRIMARY KEY NOT NULL,
+  name VARCHAR NOT NULL,
+  base_price INTEGER NOT NULL,
+  owner_id INTEGER NOT NULL,
+  FOREIGN KEY (owner_id) REFERENCES players(id)
+);
+

lootalot_db/migrations/2019-06-10-123940_create_players/down.sql

@@ -0,0 +1 @@
+DROP TABLE players;

lootalot_db/migrations/2019-06-10-123940_create_players/up.sql

@@ -0,0 +1,11 @@
+CREATE TABLE players (
+  id INTEGER PRIMARY KEY NOT NULL,
+  name VARCHAR NOT NULL,
+  debt INTEGER DEFAULT 0 NOT NULL, -- debt to the group in copper pieces
+  cp INTEGER DEFAULT 0 NOT NULL,
+  sp INTEGER DEFAULT 0 NOT NULL,
+  gp INTEGER DEFAULT 0 NOT NULL,
+  pp INTEGER DEFAULT 0 NOT NULL
+);
+
+INSERT INTO players (id, name) VALUES (0, 'Groupe');

lootalot_db/migrations/2019-06-21-113950_claims/down.sql

@@ -0,0 +1 @@
+DROP TABLE claims;

lootalot_db/migrations/2019-06-21-113950_claims/up.sql

@@ -0,0 +1,8 @@
+CREATE TABLE claims (
+  id INTEGER PRIMARY KEY NOT NULL,
+  player_id INTEGER NOT NULL,
+  loot_id INTEGER NOT NULL,
+  resolve INTEGER NOT NULL DEFAULT 0,
+  FOREIGN KEY (player_id) REFERENCES players(id),
+  FOREIGN KEY (loot_id) REFERENCES looted(id)
+);

lootalot_db/migrations/2019-10-19-194459_notifications/down.sql

@@ -0,0 +1 @@
+DROP TABLE notifications;

lootalot_db/migrations/2019-10-19-194459_notifications/up.sql

@@ -0,0 +1,6 @@
+CREATE TABLE notifications (
+    id INTEGER PRIMARY KEY NOT NULL,
+    player_id INTEGER NOT NULL,
+    text VARCHAR NOT NULL,
+    FOREIGN KEY (player_id) REFERENCES players(id)
+);

lootalot_db/migrations/2019-10-27-135235_history/down.sql

@@ -0,0 +1 @@
+DROP TABLE history;

lootalot_db/migrations/2019-10-27-135235_history/up.sql

@@ -0,0 +1,8 @@
+CREATE TABLE history (
+       id INTEGER PRIMARY KEY NOT NULL,
+       player_id INTEGER NOT NULL,
+       event_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
+       text VARCHAR NOT NULL,
+       updates VARCHAR,
+       FOREIGN KEY (player_id) REFERENCES players(id)
+);

lootalot_db/src/lib.rs

@@ -0,0 +1,168 @@
+//! Loot-a-lot Database module
+//!
+//! # Description
+//! This module wraps all needed database operations.
+//! It exports a public API for integration with various clients (REST Api, CLI, ...)
+extern crate dotenv;
+#[macro_use]
+extern crate diesel;
+#[macro_use]
+extern crate serde_derive;
+
+use diesel::prelude::*;
+use diesel::query_dsl::RunQueryDsl;
+use diesel::r2d2::{self, ConnectionManager};
+
+pub mod models;
+mod schema;
+
+pub use models::{
+    claim::{Claim, Claims},
+    history::{Event, UpdateList},
+    item::{Inventory, Shop, Item, LootManager},
+    player::{AsPlayer, Player, Players, Wealth},
+};
+
+/// The connection used
+pub type DbConnection = SqliteConnection;
+/// A pool of connections
+pub type Pool = r2d2::Pool<ConnectionManager<DbConnection>>;
+/// The result of a query on DB
+pub type QueryResult<T> = Result<T, diesel::result::Error>;
+pub type UpdateResult = QueryResult<Vec<Update>>;
+
+/// Sets up a connection pool and returns it.
+/// Uses the DATABASE_URL environment variable (must be set)
+pub fn create_pool() -> Pool {
+    let connspec = std::env::var("DATABASE_URL").expect("DATABASE_URL");
+    dbg!(&connspec);
+    let manager = ConnectionManager::<DbConnection>::new(connspec);
+    r2d2::Pool::builder()
+        .build(manager)
+        .expect("Failed to create pool.")
+}
+
+/// Every possible update which can happen during a query
+/// Updates are relative to a Player
+#[derive(Serialize, Deserialize, Debug)]
+pub enum Update {
+    Wealth(Wealth),
+    ItemAdded(Item),
+    ItemRemoved(Item),
+    ItemBought(Item),
+    ItemSold(Item),
+    ClaimAdded(Claim),
+    ClaimRemoved(Claim),
+}
+
+impl Update {
+    /// Change back what has been updated
+    fn undo(&self, conn: &DbConnection, id: i32) -> QueryResult<()> {
+        match self {
+            Update::Wealth(diff) => { AsPlayer(conn, id).update_wealth(-diff.to_gp())?; },
+            Update::ItemAdded(item) => { diesel::delete(crate::schema::loot::table.find(item.id))
+                                         .execute(conn)?; },
+            Update::ItemRemoved(item) => { LootManager(conn, id).add_from(&item)?; },
+            Update::ItemBought(item) => { LootManager(conn, id).change_owner(item.id, models::item::OF_SHOP)?;},
+            Update::ItemSold(item) => { LootManager(conn, models::item::SOLD).change_owner(item.id, id)?; },
+            // Unused for now
+            Update::ClaimAdded(claim) => {},
+            Update::ClaimRemoved(claim) => {},
+        };
+        Ok(())
+    }
+}
+
+/// Every value which can be queried
+#[derive(Debug)]
+pub enum Value {
+    Player(Player),
+    Item(Item),
+    Claim(Claim),
+    ItemList(Vec<Item>),
+    ClaimList(Vec<Claim>),
+    PlayerList(Vec<Player>),
+    Notifications(Vec<String>),
+}
+
+impl serde::Serialize for Value {
+    fn serialize<S: serde::Serializer>(&self, serializer: S) -> Result<S::Ok, S::Error> {
+        match self {
+            Value::Player(v) => v.serialize(serializer),
+            Value::Item(v) => v.serialize(serializer),
+            Value::Claim(v) => v.serialize(serializer),
+            Value::ItemList(v) => v.serialize(serializer),
+            Value::ClaimList(v) => v.serialize(serializer),
+            Value::PlayerList(v) => v.serialize(serializer),
+            Value::Notifications(v) => v.serialize(serializer),
+        }
+    }
+}
+
+
+/// Resolve all pending claims and dispatch claimed items.
+///
+/// When a player gets an item, it's debt is increased by this item sell value
+pub fn resolve_claims(conn: &DbConnection) -> QueryResult<()> {
+    let data = models::claim::Claims(conn).grouped_by_item()?;
+    dbg!(&data);
+    conn.transaction(move || {
+        for (item, mut claims) in data {
+            if claims.len() > 1 {
+                // TODO: better sorting mechanism :)
+                claims.sort_by(|a, b| a.resolve.cmp(&b.resolve));
+            }
+            let winner = claims.get(0).expect("Claims should not be empty !");
+            let player_id = winner.player_id;
+            winner.resolve_claim(conn)?;
+            models::player::AsPlayer(conn, player_id).update_debt(item.sell_value() as i32)?;
+        }
+        Ok(())
+    })
+}
+
+/// Split up and share an certain amount of group money among selected players
+///
+/// The group first solve players debts,
+/// then give what's left.
+///
+/// # Returns
+///
+/// A Wealth update with the amount of money shared with players
+pub fn split_and_share(
+    conn: &DbConnection,
+    amount: i32,
+    players: Vec<i32>,
+) -> UpdateResult {
+    let players = match players.is_empty() {
+        true => Players(conn)
+            .all_except_group()?
+            .iter()
+            .map(|p| p.id)
+            .collect(),
+        false => players
+    };
+    let share = (
+        amount / (players.len() + 1) as i32
+        // +1 share for the group
+    ) as f64;
+    conn.transaction(|| {
+        let mut shared_total = 0.0;
+        for id in players {
+            let player = Players(conn).find(id)?;
+            // Take debt into account
+            match share - player.debt as f64 {
+                rest if rest > 0.0 => {
+                    AsPlayer(conn, id).update_debt(-player.debt)?;
+                    AsPlayer(conn, id).update_wealth(rest)?;
+                    AsPlayer(conn, 0).update_wealth(-rest)?;
+                    shared_total += rest;
+                }
+                _ => {
+                    AsPlayer(conn, id).update_debt(-share as i32)?;
+                }
+            }
+        }
+        Ok(vec!(Update::Wealth(Wealth::from_gp(shared_total))))
+    })
+}

lootalot_db/src/models/claim.rs

@@ -0,0 +1,187 @@
+use diesel::prelude::*;
+
+use crate::{DbConnection, QueryResult, Update, UpdateResult};
+use crate::models::{self, item::Loot};
+use crate::schema::claims;
+
+/// A Claim is a request by a single player on an item from group chest.
+#[derive(Identifiable, Queryable, Associations, Serialize, Deserialize, Clone, Copy, Debug)]
+#[belongs_to(Loot)]
+pub struct Claim {
+    /// DB Identifier
+    pub id: i32,
+    /// ID that references the player making this claim
+    pub player_id: i32,
+    /// ID that references the loot claimed
+    pub loot_id: i32,
+    /// WIP: How bad the player wants this item
+    pub resolve: i32,
+}
+
+impl Claim {
+    /// Resolves this claim (player wins the item) and deletes it
+    pub fn resolve_claim(&self, conn: &DbConnection) -> QueryResult<()> {
+        let loot: Loot = Loot::find(self.loot_id).first(conn)?;
+        loot.set_owner(self.player_id, conn)?;
+        self.remove(conn)?;
+        Ok(())
+    }
+
+    fn remove(&self, conn: &DbConnection) -> QueryResult<()> {
+        diesel::delete(claims::table.find(self.id)).execute(conn)?;
+        Ok(())
+    }
+}
+
+pub struct Claims<'q>(pub &'q DbConnection);
+
+impl<'q> Claims<'q> {
+    /// Get all claims from database
+    pub fn all(&self) -> QueryResult<Vec<Claim>> {
+        claims::table.load(self.0)
+    }
+
+    pub fn by_player(&self, id: i32) -> QueryResult<Vec<Claim>> {
+        claims::table.filter(claims::dsl::player_id.eq(id))
+            .load(self.0)
+    }
+
+    /// Finds a single claim by association of player and loot ids.
+    pub fn find(&self, player_id: i32, loot_id: i32) -> QueryResult<Claim> {
+        claims::table
+            .filter(claims::dsl::player_id.eq(player_id))
+            .filter(claims::dsl::loot_id.eq(loot_id))
+            .first(self.0)
+    }
+
+    /// Adds a claim in database and returns it.
+    ///
+    /// Will validate that the claimed item exists and is
+    /// actually owned by the group.
+    /// Duplicates are also ignored.
+    pub fn add(self, player_id: i32, loot_id: i32) -> UpdateResult {
+        // We need to validate that the claimed item exists
+        // AND is actually owned by group (id 0)
+        let _item = models::item::LootManager(self.0, 0).find(loot_id)?;
+        // We also check if claims does not already exists
+        if let Ok(_) = self.find(player_id, loot_id) {
+            return Err(diesel::result::Error::RollbackTransaction);
+        }
+
+        let claim = NewClaim::new(player_id, loot_id);
+        diesel::insert_into(claims::table)
+            .values(&claim)
+            .execute(self.0)?;
+        // Return the created claim
+        Ok(vec!(
+            Update::ClaimAdded(
+                claims::table
+                    .order(claims::dsl::id.desc())
+                    .first::<Claim>(self.0)?
+            )
+        ))
+    }
+
+    /// Removes a claim from database, returning it
+    pub fn remove(self, player_id: i32, loot_id: i32) -> UpdateResult {
+        let claim = self.find(player_id, loot_id)?;
+        claim.remove(self.0)?;
+        Ok(vec!(
+            Update::ClaimRemoved(claim)
+        ))
+    }
+
+    pub fn filtered_by_loot(&self, loot_id: i32) -> QueryResult<Vec<Claim>> {
+        claims::table
+            .filter(claims::dsl::loot_id.eq(loot_id))
+            .load(self.0)
+    }
+
+    pub(crate) fn delete_for_loot(&self, loot_id: i32) -> QueryResult<usize> {
+        diesel::delete(
+            claims::table
+                .filter(claims::dsl::loot_id.eq(loot_id))
+        )
+            .execute(self.0)
+
+    }
+
+    pub(crate) fn grouped_by_item(&self) -> QueryResult<Vec<(models::item::Item, Vec<Claim>)>> {
+        let group_loot: Vec<Loot> = Loot::owned_by(0).load(self.0)?;
+        let claims = claims::table.load(self.0)?.grouped_by(&group_loot);
+        Ok(group_loot
+            .into_iter()
+            .map(|loot| loot.into_item())
+            .zip(claims)
+            .collect::<Vec<_>>())
+    }
+}
+
+#[derive(Insertable, Debug)]
+#[table_name = "claims"]
+struct NewClaim {
+    player_id: i32,
+    loot_id: i32,
+}
+
+impl NewClaim {
+    fn new(player_id: i32, loot_id: i32) -> Self {
+        Self { player_id, loot_id }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    type TestResult = Result<(), diesel::result::Error>;
+
+    fn test_connection() -> Result<DbConnection, diesel::result::Error> {
+        let conn =
+            DbConnection::establish(":memory:").map_err(|_| diesel::result::Error::NotFound)?;
+        diesel_migrations::run_pending_migrations(&conn)
+            .map_err(|_| diesel::result::Error::NotFound)?;
+        let manager = models::player::Players(&conn);
+        manager.add("Player1", 0.0)?;
+        manager.add("Player2", 0.0)?;
+        crate::LootManager(&conn, 0).add("Epee", 30)?;
+        crate::LootManager(&conn, 1).add("Arc", 20)?;
+        Ok(conn)
+    }
+
+    #[test]
+    fn add_claim() -> TestResult {
+        let conn = test_connection()?;
+        Claims(&conn).add(1, 1)?;
+        assert_eq!(Claims(&conn).all()?.len(), 1);
+        Ok(())
+    }
+
+    #[test]
+    fn cannot_duplicate_by_adding() -> TestResult {
+        let conn = test_connection()?;
+        Claims(&conn).add(1, 1)?;
+        let res = Claims(&conn).add(1, 1);
+        assert_eq!(res.is_err(), true);
+        assert_eq!(Claims(&conn).all()?.len(), 1);
+        Ok(())
+    }
+
+    #[test]
+    fn remove_claim() -> TestResult {
+        let conn = test_connection()?;
+        let claim = Claims(&conn).add(1, 1)?;
+        claim.remove(&conn);
+        assert_eq!(Claims(&conn).all()?.len(), 0);
+        Ok(())
+    }
+
+    #[test]
+    fn cannot_only_claim_from_group() -> TestResult {
+        let conn = test_connection()?;
+        let claim = Claims(&conn).add(1, 2);
+        assert_eq!(claim.is_err(), true);
+        assert_eq!(Claims(&conn).all()?.len(), 0);
+        Ok(())
+    }
+}

lootalot_db/src/models/history.rs

@@ -0,0 +1,105 @@
+use serde_json;
+use diesel::prelude::*;
+use diesel::sql_types::Text;
+use diesel::deserialize::FromSql;
+use diesel::backend::Backend;
+use crate::schema::history;
+use crate::{DbConnection, QueryResult, Update};
+
+#[derive(Debug, FromSqlRow)]
+pub struct UpdateList(Vec<Update>);
+
+impl UpdateList {
+    pub fn inner(&self) -> &Vec<Update> {
+        &self.0
+    }
+
+    pub fn into_inner(self) -> Vec<Update> {
+        self.0
+    }
+}
+
+// TODO: decide if updates is really optionnal or not
+// (like if storing an event without update is usefull ?)
+
+/// An event in history
+#[derive(Debug, Queryable)]
+pub struct Event {
+    id: i32,
+    player_id: i32,
+    event_date: String,
+    text: String,
+    updates: Option<UpdateList>,
+}
+
+impl Event {
+    pub fn name(&self) -> &str {
+        &self.text
+    }
+
+    /// TODO: why a move here ??
+    /// Undo all updates in a single transaction
+    pub fn undo(self, conn: &DbConnection) -> QueryResult<()> {
+        conn.transaction(move || {
+            if let Some(ref updates) = self.updates {
+                for update in updates.inner() {
+                    update.undo(conn, self.player_id)?;
+                }
+            }
+            Ok(())
+        })
+    }
+}
+
+impl<DB: Backend> FromSql<Text, DB> for UpdateList
+where
+    String: FromSql<Text, DB>,
+{
+    fn from_sql(bytes: Option<&DB::RawValue>) -> diesel::deserialize::Result<Self> {
+        let repr = String::from_sql(bytes)?;
+        Ok(UpdateList(serde_json::from_str::<Vec<Update>>(&repr)?))
+    }
+}
+
+
+#[derive(Debug, Insertable)]
+#[table_name = "history"]
+struct NewEvent<'a> {
+    player_id: i32,
+    text: &'a str,
+    updates: Option<String>,
+}
+
+
+/// Insert a new event
+///
+/// # Warning
+/// This actually swallow up conversion errors
+pub fn insert_event(conn: &DbConnection, id: i32, text: &str, updates: &Vec<Update>) -> QueryResult<Event> {
+    diesel::insert_into(history::table)
+        .values(&NewEvent {
+            player_id: id,
+            text,
+            updates: serde_json::to_string(updates).ok(),
+        })
+        .execute(conn)?;
+    history::table
+        .order(history::dsl::id.desc())
+        .first(conn)
+}
+
+pub fn get_last_of_player(conn: &DbConnection, id: i32) -> QueryResult<Event> {
+    history::table
+        .filter(history::dsl::player_id.eq(id))
+        .order(history::dsl::id.desc())
+        .first(conn)
+}
+
+#[cfg(test)]
+mod tests {
+
+    #[test]
+    fn test_insert_event_with_updates() {
+
+    }
+}

lootalot_db/src/models/item.rs

@@ -0,0 +1,279 @@
+use diesel::dsl::{exists, Eq, Filter, Find, Select};
+use diesel::expression::exists::Exists;
+use diesel::prelude::*;
+
+use crate::schema::{items, loot};
+use crate::{Claims, DbConnection, QueryResult, Update, UpdateResult};
+type ItemColumns = (loot::id, loot::name, loot::base_price);
+const ITEM_COLUMNS: ItemColumns = (loot::id, loot::name, loot::base_price);
+type OwnedBy = Select<OwnedLoot, ItemColumns>;
+
+/// Represents a basic item
+#[derive(Debug, Queryable, Serialize, Deserialize, Clone)]
+pub struct Item {
+    pub id: i32,
+    pub name: String,
+    base_price: i32,
+}
+
+impl Item {
+    /// Returns this item value
+    pub fn value(&self) -> f64 {
+        self.base_price as f64
+    }
+
+    /// Returns this item sell value
+    pub fn sell_value(&self) -> f64 {
+        self.base_price as f64 / 2.0
+    }
+
+    fn owned_by(player: i32) -> OwnedBy {
+        Loot::owned_by(player).select(ITEM_COLUMNS)
+    }
+}
+
+// Owner status
+pub(crate) const OF_GROUP: i32 = 0;
+pub(crate) const OF_SHOP: i32 = -1;
+pub(crate) const SOLD: i32 = -2;
+
+type WithOwner = Eq<loot::owner_id, i32>;
+type OwnedLoot = Filter<loot::table, WithOwner>;
+
+/// An owned item
+///
+/// The owner is a Player, the Group, the Merchant
+/// OR the SOLD state.
+#[derive(Identifiable, Debug, Queryable)]
+#[table_name = "loot"]
+pub(crate) struct Loot {
+    id: i32,
+    name: String,
+    base_price: i32,
+    owner_id: i32,
+}
+
+impl Loot {
+    /// A filter on Loot that is owned by given player
+    pub(super) fn owned_by(id: i32) -> OwnedLoot {
+        loot::table.filter(loot::owner_id.eq(id))
+    }
+
+    pub(super) fn set_owner(&self, owner: i32, conn: &DbConnection) -> QueryResult<()> {
+        diesel::update(loot::table.find(self.id))
+            .set(loot::dsl::owner_id.eq(owner))
+            .execute(conn)?;
+        Ok(())
+    }
+
+    pub(super) fn into_item(self) -> Item {
+        Item {
+            id: self.id,
+            name: self.name,
+            base_price: self.base_price,
+        }
+    }
+
+    pub(super) fn find(id: i32) -> Find<loot::table, i32> {
+        loot::table.find(id)
+    }
+}
+
+pub struct Inventory<'q>(pub &'q DbConnection);
+
+impl<'q> Inventory<'q> {
+    /// Get all items from Inventory
+    pub fn all(&self) -> QueryResult<Vec<Item>> {
+        items::table.load::<Item>(self.0)
+    }
+
+    /// Find an item in Inventory
+    pub fn find(&self, item_id: i32) -> QueryResult<Item> {
+        items::table.find(item_id).first::<Item>(self.0)
+    }
+
+    pub fn find_by_name(&self, item_name: &str) -> QueryResult<Item> {
+        Ok(items::table
+            .filter(items::dsl::name.like(item_name))
+            .first(self.0)?)
+    }
+
+    /// Check the inventory against a list of item names
+    ///
+    /// # Returns
+    ///
+    /// A tuple of found items and errors
+    pub fn check_list(&self, item_names: Vec<String>) -> QueryResult<(Vec<Item>, String)> {
+        let all_items = self.all()?;
+        let mut found = Vec::new();
+        let mut errors = String::new();
+        for name in &item_names {
+            match self.find_by_name(name) {
+                Ok(item) => found.push(item),
+                Err(_) => errors.push_str(&format!("{},\n", name)),
+            }
+        }
+        Ok((found, errors))
+    }
+}
+
+/// The shop resource
+pub struct Shop<'q>(pub &'q DbConnection);
+
+impl<'q> Shop<'q> {
+    // Rename to list
+    pub fn all(&self) -> QueryResult<Vec<Item>> {
+        Item::owned_by(OF_SHOP).load(self.0)
+    }
+
+    fn buy_single(&self, buyer: i32, item_id: i32, price_mod: Option<f64>) -> UpdateResult {
+        use crate::AsPlayer;
+        let item = self.get(item_id)?;
+        let sell_price = match price_mod {
+            Some(modifier) => item.base_price as f64 * modifier,
+            None => item.base_price as f64,
+        };
+        self.0.transaction(|| {
+            let mut updates = AsPlayer(self.0, buyer).update_wealth(-sell_price)?;
+            item.set_owner(buyer, self.0)?;
+            updates.push(Update::ItemBought(item.into_item()));
+            Ok(updates)
+        })
+    }
+
+    pub fn buy(&self, items: Vec<(i32, Option<f64>)>, buyer: i32) -> UpdateResult {
+        // TODO: check that player has enough money !
+        let has_enough_gold = true;
+
+        if has_enough_gold {
+            let mut updates = Vec::new();
+            for (item_id, price_mod) in items.into_iter() {
+                updates.append(&mut self.buy_single(buyer, item_id, price_mod)?)
+            }
+            Ok(updates)
+        } else {
+            unimplemented!();
+        }
+    }
+
+    pub(crate) fn get(&self, id: i32) -> QueryResult<Loot> {
+        Loot::owned_by(OF_SHOP).find(&id).first::<Loot>(self.0)
+    }
+
+    pub fn replace_list(&self, items: Vec<Item>) -> QueryResult<()> {
+        use self::loot::dsl::*;
+        self.0.transaction(|| -> QueryResult<()> {
+            // Remove all content
+            diesel::delete(Loot::owned_by(OF_SHOP)).execute(self.0)?;
+            // Adds new list
+            for item in &items {
+                let new_item = NewLoot {
+                    name: &item.name,
+                    base_price: item.base_price,
+                    owner_id: OF_SHOP,
+                };
+                diesel::insert_into(loot)
+                    .values(&new_item)
+                    .execute(self.0)?;
+            }
+            Ok(())
+        })
+    }
+}
+
+/// Manager for a *single* player loot
+pub struct LootManager<'q>(pub &'q DbConnection, pub i32);
+
+impl<'q> LootManager<'q> {
+    /// All items from this player chest
+    pub fn all(&self) -> QueryResult<Vec<Item>> {
+        Ok(Item::owned_by(self.1).load(self.0)?)
+    }
+
+    pub(crate) fn get(&self, item_id: i32) -> QueryResult<Loot> {
+        Ok(Loot::owned_by(self.1).find(item_id).first(self.0)?)
+    }
+
+    pub(crate) fn change_owner(&self, item_id: i32, new_owner: i32) -> QueryResult<()> {
+        Ok(self.get(item_id)?.set_owner(new_owner, self.0)?)
+    }
+
+    /// Finds an item by id
+    ///
+    /// Returns a NotFound error if an item is found by it
+    /// does not belong to this player
+    pub fn find(&self, loot_id: i32) -> QueryResult<Item> {
+        Ok(self.get(loot_id)?.into_item())
+    }
+
+    fn sell_single(&self, loot_id: i32, price_mod: Option<f64>) -> UpdateResult {
+        let to_sell = self.get(loot_id)?;
+        let mut sell_value = to_sell.base_price as f64 / 2.0;
+        if let Some(modifier) = price_mod {
+            sell_value *= modifier;
+        }
+        self.0.transaction(|| {
+            let mut updates = crate::AsPlayer(self.0, self.1).update_wealth(sell_value)?;
+            to_sell.set_owner(SOLD, self.0)?;
+            updates.push(Update::ItemSold(to_sell.into_item()));
+            Ok(updates)
+        })
+    }
+
+    pub fn sell(&self, items: Vec<(i32, Option<f64>)>) -> UpdateResult {
+        self.0.transaction(|| {
+            let mut updates = Vec::new();
+            for (loot_id, price_mod) in items.into_iter() {
+                updates.append(&mut self.sell_single(loot_id, price_mod)?);
+            }
+            Ok(updates)
+        })
+    }
+
+    /// The last item added to the chest
+    pub fn last(&self) -> QueryResult<Item> {
+        Ok(Item::owned_by(self.1)
+            .order(loot::dsl::id.desc())
+            .first(self.0)?)
+    }
+
+    pub(crate) fn add<S: Into<String>>(self, name: S, base_price: i32) -> UpdateResult {
+        self.add_from(&Item {
+            id: 0,
+            name: name.into(),
+            base_price,
+        })
+    }
+
+    /// Adds a copy of the given item inside player chest
+    pub fn add_from(self, item: &Item) -> UpdateResult {
+        let new_item = NewLoot {
+            name: &item.name,
+            base_price: item.base_price,
+            owner_id: self.1,
+        };
+        diesel::insert_into(loot::table)
+            .values(&new_item)
+            .execute(self.0)?;
+        Ok(vec![Update::ItemAdded(self.last()?)])
+    }
+}
+
+/// An item being loot or bought.
+///
+/// The owner is set to 0 in case of looting,
+/// to the id of buying player otherwise.
+#[derive(Insertable)]
+#[table_name = "loot"]
+struct NewLoot<'a> {
+    name: &'a str,
+    base_price: i32,
+    owner_id: i32,
+}
+
+#[derive(Insertable)]
+#[table_name = "items"]
+struct NewItem<'a> {
+    name: &'a str,
+    base_price: i32,
+}

lootalot_db/src/models/mod.rs

@@ -0,0 +1,8 @@
+pub mod claim;
+pub mod item;
+pub mod player;
+pub mod history;
+
+pub use claim::Claim;
+pub use item::Item;
+pub use player::{Player, Wealth};

lootalot_db/src/models/player/mod.rs

@@ -0,0 +1,126 @@
+use crate::schema::players;
+use crate::{DbConnection, QueryResult, Update, UpdateResult};
+use diesel::prelude::*;
+
+mod notification;
+pub mod wealth;
+pub use wealth::Wealth;
+
+/// Representation of a player in database
+#[derive(Identifiable, Queryable, Serialize, Deserialize, Debug)]
+pub struct Player {
+    /// DB Identitier
+    pub id: i32,
+    /// Full name of the character
+    pub name: String,
+    /// Amount of gold coins owed to the group.
+    /// Taking a looted items will increase the debt by it's sell value
+    pub debt: i32,
+    /// Count of copper pieces
+    pub cp: i32,
+    /// Count of silver pieces
+    pub sp: i32,
+    /// Count of gold pieces
+    pub gp: i32,
+    /// Count of platinum pieces
+    pub pp: i32,
+}
+
+/// Manager for players
+pub struct Players<'q>(pub &'q DbConnection);
+
+impl<'q> Players<'q> {
+    /// Get all players from database
+    pub fn all(&self) -> QueryResult<Vec<Player>> {
+        players::table.load(self.0)
+    }
+
+    /// Get all non-group players
+    pub fn all_except_group(&self) -> QueryResult<Vec<Player>> {
+        use diesel::dsl::not;
+        players::table.filter(not(players::id.eq(0))).load(self.0)
+    }
+
+    /// Find a player by id
+    pub fn find(&self, id: i32) -> QueryResult<Player> {
+        players::table.find(id).first(self.0)
+    }
+
+    /// Add a new player with name and starting wealth
+    pub fn add(&self, name: &str, wealth: f64) -> QueryResult<Player> {
+        diesel::insert_into(players::table)
+            .values(&NewPlayer::create(name, wealth))
+            .execute(self.0)?;
+        players::table.order(players::dsl::id.desc()).first(self.0)
+    }
+
+    /// Notify all players of an event
+    pub fn notifiy_all(&self, text: &str) -> QueryResult<()> {
+        for id in self.all()?.into_iter().map(|p| p.id) {
+            self.notify(id, text);
+        }
+        Ok(())
+    }
+
+    /// Notify a single player of an event
+    pub fn notify(&self, id: i32, text: &str) -> QueryResult<()> {
+        let _ = notification::Notification::add(self.0, id, text)?;
+        Ok(())
+    }
+}
+
+/// Wrapper for action of a single player
+pub struct AsPlayer<'q>(pub &'q DbConnection, pub i32);
+
+impl<'q> AsPlayer<'q> {
+    /// Fetch notifications for this player
+    pub fn notifications(&self) -> QueryResult<Vec<String>> {
+        notification::pop_all_for(self.1, self.0)
+    }
+    /// Updates this player's wealth, returning the difference
+    pub fn update_wealth(&self, value_in_gp: f64) -> UpdateResult {
+        use crate::schema::players::dsl::*;
+        let current_wealth = players
+            .find(self.1)
+            .select((cp, sp, gp, pp))
+            .first::<Wealth>(self.0)?;
+        let updated_wealth = Wealth::from_gp(current_wealth.to_gp() + value_in_gp);
+        diesel::update(players)
+            .filter(id.eq(self.1))
+            .set(&updated_wealth)
+            .execute(self.0)?;
+        Ok(vec!(Update::Wealth(updated_wealth - current_wealth)))
+    }
+
+    /// Updates this player's debt
+    pub fn update_debt(&self, value_in_gp: i32) -> QueryResult<()> {
+        diesel::update(players::table.find(self.1))
+            .set(players::dsl::debt.eq(players::dsl::debt + value_in_gp))
+            .execute(self.0)?;
+        Ok(())
+    }
+}
+
+/// Representation of a new player record
+#[derive(Insertable)]
+#[table_name = "players"]
+struct NewPlayer<'a> {
+    name: &'a str,
+    cp: i32,
+    sp: i32,
+    gp: i32,
+    pp: i32,
+}
+
+impl<'a> NewPlayer<'a> {
+    fn create(name: &'a str, wealth_in_gp: f64) -> Self {
+        let (cp, sp, gp, pp) = Wealth::from_gp(wealth_in_gp).as_tuple();
+        Self {
+            name,
+            cp,
+            sp,
+            gp,
+            pp,
+        }
+    }
+}

lootalot_db/src/models/player/notification.rs

@@ -0,0 +1,44 @@
+use diesel::prelude::*;
+use crate::{
+    DbConnection,
+    schema::notifications,
+    models::player::Player,
+};
+
+
+/// Pops all notification for a player, deleting the database entities
+pub(super) fn pop_all_for(id: i32, conn: &DbConnection) -> QueryResult<Vec<String>> {
+    let select = notifications::table.filter(notifications::dsl::player_id.eq(id));
+    let popped = select.load(conn)?;
+    diesel::delete(select).execute(conn)?;
+    Ok(popped.into_iter().map(|n: Notification| n.text).collect())
+}
+
+#[derive(Identifiable, Queryable, Associations, Serialize, Debug)]
+#[belongs_to(Player)]
+pub(super) struct Notification {
+    pub id: i32,
+    pub player_id: i32,
+    pub text: String,
+}
+
+impl Notification {
+    pub(super) fn add<'a, S: Into<&'a str>>(conn: &DbConnection, id: i32, text: S) -> QueryResult<Notification> {
+        diesel::insert_into(notifications::table)
+            .values(&NewNotification {
+                player_id: id,
+                text: text.into(),
+            })
+            .execute(conn)?;
+        notifications::table
+            .order(notifications::dsl::id.desc())
+            .first(conn)
+    }
+}
+
+#[derive(Insertable)]
+#[table_name="notifications"]
+struct NewNotification<'a> {
+    player_id: i32,
+    text: &'a str,
+}

lootalot_db/src/models/player/wealth.rs

@@ -0,0 +1,157 @@
+use crate::schema::players;
+
+/// Unpack a floating value of gold pieces to integer
+/// values of copper, silver, gold and platinum pieces
+///
+/// # Note
+///
+/// The conversion is slightly different than standard rules :
+/// ``` 1pp = 100gp = 1000sp = 10000 cp ```
+///
+fn unpack_gold_value(gold: f64) -> (i32, i32, i32, i32) {
+    let rest = (gold.fract() * 100.0).round() as i32;
+    let gold = gold.trunc() as i32;
+    let pp = gold / 100;
+    let gp = gold % 100;
+    let sp = rest / 10;
+    let cp = rest % 10;
+    (cp, sp, gp, pp)
+}
+
+/// State of a player's wealth
+///
+/// Values are held as individual pieces counts.
+/// Allows conversion from and to a floating amount of gold pieces.
+#[derive(Queryable, AsChangeset, Serialize, Deserialize, PartialEq, Copy, Clone, Debug)]
+#[table_name = "players"]
+pub struct Wealth {
+    pub cp: i32,
+    pub sp: i32,
+    pub gp: i32,
+    pub pp: i32,
+}
+
+impl Wealth {
+    /// Unpack individual pieces counts from gold value
+    ///
+    /// # Examples
+    /// ```
+    /// # use lootalot_db::models::Wealth;
+    /// let wealth = Wealth::from_gp(403.21);
+    /// assert_eq!(wealth.as_tuple(), (1, 2, 3, 4));
+    /// ```
+    pub fn from_gp(gp: f64) -> Self {
+        let (cp, sp, gp, pp) = unpack_gold_value(gp);
+        Self { cp, sp, gp, pp }
+    }
+    /// Convert total value to a floating value in gold pieces
+    ///
+    /// # Examples
+    /// ```
+    /// # use lootalot_db::models::Wealth;
+    /// let wealth = Wealth{ pp: 4, gp: 5, sp: 8, cp: 4};
+    /// assert_eq!(wealth.to_gp(), 405.84);
+    /// ```
+    pub fn to_gp(&self) -> f64 {
+        let i = self.pp * 100 + self.gp;
+        let f = (self.sp * 10 + self.cp) as f64 / 100.0;
+        i as f64 + f
+    }
+    /// Pack the counts inside a tuple, from lower to higher coin value.
+    pub fn as_tuple(&self) -> (i32, i32, i32, i32) {
+        (self.cp, self.sp, self.gp, self.pp)
+    }
+}
+
+
+impl std::ops::Sub for Wealth {
+    type Output = Self;
+    /// What needs to be added to 'other' so that
+    /// the result equals 'self'
+    fn sub(self, other: Self) -> Self {
+        Wealth::from_gp(self.to_gp() - other.to_gp())
+    }
+}
+
+impl std::ops::Add for Wealth {
+    type Output = Self;
+
+    fn add(self, other: Self) -> Self {
+        Wealth::from_gp(self.to_gp() + other.to_gp())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+
+    #[test]
+    fn test_unpack_gold_values() {
+        use super::unpack_gold_value;
+        let test_values = [
+            (0.01, (1, 0, 0, 0)),
+            (0.1, (0, 1, 0, 0)),
+            (1.0, (0, 0, 1, 0)),
+            (1.23, (3, 2, 1, 0)),
+            (1.03, (3, 0, 1, 0)),
+            (100.23, (3, 2, 0, 1)),
+            (-100.23, (-3, -2, -0, -1)),
+            (10189.23, (3, 2, 89, 101)),
+            (141805.9, (0, 9, 5, 1418)),
+            (123141805.9, (0, 9, 5, 1231418)),
+            (-8090.20, (0, -2, -90, -80)),
+        ];
+
+        for (tested, expected) in test_values.into_iter() {
+            assert_eq!(unpack_gold_value(*tested), *expected);
+        }
+    }
+
+    #[test]
+    fn test_negative_wealth() {
+        use super::Wealth;
+
+        assert_eq!(
+            Wealth{ cp: 3, sp: 2, gp: 1, pp: 0 } + Wealth{ cp: -8, pp: 0, sp: 0, gp: 0 },
+            Wealth::from_gp(1.23 - 0.08)
+        )
+
+    }
+    #[test]
+    fn test_negative_wealth_inverse() {
+        use super::Wealth;
+
+        assert_eq!(
+            (Wealth{ cp: 3, sp: 2, gp: 1, pp: 0 } + Wealth{ cp: -8, pp: 0, sp: 0, gp: 0 }).to_gp(),
+            1.23 - 0.08
+        )
+
+    }
+    #[test]
+    fn test_diff_adding() {
+        use super::Wealth;
+
+        // Let say we add 0.08 gp
+        // 1.23 + 0.08 gold is 1.31, diff is cp: -2, sp: +1
+        let old = Wealth::from_gp(1.23);
+        let new = Wealth::from_gp(1.31);
+        let diff = new - old;
+        assert_eq!(diff.as_tuple(), (-2, 1, 0, 0));
+        assert_eq!(diff.to_gp(), 0.08);
+        assert_eq!(new - diff, old);
+
+    }
+    #[test]
+    fn test_diff_subbing() {
+        use super::Wealth;
+
+        // Let say we sub 0.08 gp
+        // 1.31 - 0.08 gold is 1.23, diff is cp: +2, sp: -1
+        let old = Wealth::from_gp(1.31);
+        let new = Wealth::from_gp(1.23);
+        let diff = new - old;
+        assert_eq!(diff.as_tuple(), (2, -1, 0, 0));
+        assert_eq!(diff.to_gp(), -0.08);
+        assert_eq!(new - diff, old);
+    }
+
+}

lootalot_db/src/schema.rs

@@ -0,0 +1,69 @@
+table! {
+    claims (id) {
+        id -> Integer,
+        player_id -> Integer,
+        loot_id -> Integer,
+        resolve -> Integer,
+    }
+}
+
+table! {
+    history (id) {
+        id -> Integer,
+        player_id -> Integer,
+        event_date -> Timestamp,
+        text -> Text,
+        updates -> Nullable<Text>,
+    }
+}
+
+table! {
+    items (id) {
+        id -> Integer,
+        name -> Text,
+        base_price -> Integer,
+    }
+}
+
+table! {
+    loot (id) {
+        id -> Integer,
+        name -> Text,
+        base_price -> Integer,
+        owner_id -> Integer,
+    }
+}
+
+table! {
+    notifications (id) {
+        id -> Integer,
+        player_id -> Integer,
+        text -> Text,
+    }
+}
+
+table! {
+    players (id) {
+        id -> Integer,
+        name -> Text,
+        debt -> Integer,
+        cp -> Integer,
+        sp -> Integer,
+        gp -> Integer,
+        pp -> Integer,
+    }
+}
+
+joinable!(claims -> players (player_id));
+joinable!(history -> players (player_id));
+joinable!(loot -> players (owner_id));
+joinable!(notifications -> players (player_id));
+
+allow_tables_to_appear_in_same_query!(
+    claims,
+    history,
+    items,
+    loot,
+    notifications,
+    players,
+);

src/api.rs

@@ -0,0 +1,297 @@
+use diesel::connection::Connection;
+use lootalot_db::{self as db, DbConnection, Update, Value};
+use std::collections::HashSet;
+
+pub type IdList = Vec<i32>;
+pub type ItemListWithMods = Vec<(i32, Option<f64>)>;
+pub type ItemList = Vec<db::Item>;
+
+#[derive(Serialize, Deserialize, Debug)]
+pub struct BuySellParams {
+    pub items: ItemListWithMods,
+    players: Option<IdList>,
+    global_mod: Option<f64>,
+}
+
+#[derive(Serialize, Deserialize, Debug)]
+pub struct NewGroupLoot {
+    source_name: String,
+    // claims_limit_date: String
+    pub items: ItemList,
+}
+
+#[derive(Serialize, Deserialize, Debug)]
+pub struct NewPlayer {
+    name : String,
+    wealth : f64,
+}
+
+/// A generic response for all queries
+#[derive(Serialize, Debug, Default)]
+pub struct ApiResponse {
+    /// The value requested, if any
+    pub value: Option<Value>,
+    /// A text to notify user, if relevant
+    pub notification: Option<String>,
+    /// A list of updates, if any
+    pub updates: Option<Vec<Update>>,
+    /// A text describing errors, if any
+    pub errors: Option<String>,
+}
+
+impl ApiResponse {
+    fn push_updates(&mut self, mut updates: Vec<db::Update>) {
+        if let Some(v) = self.updates.as_mut() {
+            v.append(&mut updates);
+        } else {
+            self.updates = Some(updates);
+        }
+    }
+
+    fn push_update(&mut self, update: db::Update) {
+        self.push_updates(vec!(update))
+    }
+
+    fn push_error<S: Into<String>>(&mut self, error: S) {
+        if let Some(errors) = self.errors.as_mut() {
+            *errors = format!("{}\n{}", errors, error.into());
+        } else {
+            self.errors = Some(error.into())
+        }
+    }
+
+    fn set_value(&mut self, value: db::Value) {
+        self.value = Some(value);
+    }
+
+    fn notify<S: Into<String>>(&mut self, text: S) {
+        self.notification = Some(text.into());
+    }
+}
+
+pub enum ApiError {
+    DieselError(diesel::result::Error),
+    InvalidAction(String),
+}
+
+pub enum ApiEndpoint {
+    InventoryList,
+    InventoryCheck(Vec<String>),
+    InventoryAdd(String, i32), // db::Inventory(conn)::add(new_item)
+
+    ShopList, // db::Shop(conn)::list()
+    BuyItems(i32, BuySellParams), // db::Shop(conn)::buy(params)
+    RefreshShop(ItemList), // db::Shop(conn)::replace_list(items)
+
+    ClaimsList,
+
+    // db::Players::get returns AsPlayer<'q>
+    PlayerList, //db::Players(conn)::list()
+    PlayerAdd(NewPlayer), //db::Players(conn)::add(player)
+    PlayerFetch(i32), // db::Players(conn)::get(id)
+    PlayerClaims(i32), // db::Players(conn)::get(id).claims()
+    PlayerNotifications(i32), // db::Players(conn)::get(id).notifications()
+    PlayerLoot(i32),// db::Players(conn)::get(id).loot()
+    PlayerUpdateWealth(i32, f64), // db::Players(conn)::get(id).update_wealth(f64)
+    SellItems(i32, BuySellParams), // db::Players(conn)::get(id).sell(params)
+    ClaimItems(i32, IdList), // db::Players(conn)::get(id).claim(items)
+    UndoLastAction(i32), // db::Players(conn)::get(id).undo_last()
+    AddLoot(NewGroupLoot), // db::Group(conn)::add_loot(loot)
+    ResolveClaims, // db::Group(conn)::resolve_claims()
+}
+
+static ERROR_MSG : &str = "Une erreur est survenue";
+
+pub fn execute(
+    conn: &DbConnection,
+    query: ApiEndpoint,
+) -> Result<ApiResponse, diesel::result::Error> {
+    let mut response = ApiResponse::default();
+    // Return an Option<String> that describes what happened.
+    // If there is some value, store the actions in db so that it can be reversed.
+    let action_text: Option<(i32, &str)> = match query {
+        // Inventory
+        ApiEndpoint::InventoryList => {
+            match db::Inventory(conn).all() {
+                Ok(items) => response.set_value(Value::ItemList(items)),
+                Err(_) => response.push_error(ERROR_MSG),
+            }
+            None
+        }
+        ApiEndpoint::InventoryCheck(names) => {
+            match db::Inventory(conn).check_list(names) {
+                Ok((items, errors)) => {
+                    response.set_value(Value::ItemList(items));
+                    response.push_error(errors);
+                }
+                Err(_) => response.push_error(ERROR_MSG),
+            }
+            None
+        }
+        ApiEndpoint::InventoryAdd(name, value) => {
+            response.push_error("Not implemented");
+            None
+        }
+        //Shop
+        ApiEndpoint::ShopList => {
+            match db::Shop(conn).all() {
+                Ok(items) => response.set_value(Value::ItemList(items)),
+                Err(_) => response.push_error(ERROR_MSG),
+            }
+            None
+        }
+        ApiEndpoint::BuyItems(buyer, params) => {
+            match db::Shop(conn).buy(params.items, buyer) {
+                Ok(updates) => {
+                    response.notify("Objets achetés !");
+                    response.push_updates(updates);
+                    Some((buyer, "Achat d'objets"))
+                },
+                Err(_) => {
+                    response.push_error(ERROR_MSG);
+                    None
+                }
+            }
+        }
+        // Players
+        ApiEndpoint::PlayerList => {
+            response.set_value(Value::PlayerList(db::Players(conn).all_except_group()?));
+            None
+        }
+        ApiEndpoint::PlayerFetch(id) => {
+            response.set_value(Value::Player(db::Players(conn).find(id)?));
+            None
+        }
+        ApiEndpoint::ClaimsList => {
+            response.set_value(Value::ClaimList(db::Claims(conn).all()?));
+            None
+        }
+        ApiEndpoint::PlayerClaims(id) => {
+            response.set_value(Value::ClaimList(db::Claims(conn).by_player(id)?));
+            None
+        }
+        ApiEndpoint::PlayerNotifications(id) => {
+            response.set_value(Value::Notifications(
+                db::AsPlayer(conn, id).notifications()?,
+            ));
+            None
+        }
+        ApiEndpoint::PlayerLoot(id) => {
+            response.set_value(Value::ItemList(db::LootManager(conn, id).all()?));
+            None
+        }
+        ApiEndpoint::PlayerUpdateWealth(id, amount) => {
+            response.push_updates(db::AsPlayer(conn, id).update_wealth(amount)?);
+            response.notify(format!("Mis à jour ({}po)!", amount));
+            Some((id, "Argent mis à jour"))
+        }
+        // Behavior differs if player is group or regular.
+        // Group sells item like players then split the total amount among players.
+        ApiEndpoint::SellItems(id, params) => {
+            conn.transaction(|| -> Result<Option<(i32, &str)>, diesel::result::Error> {
+                let mut updates = db::LootManager(conn, id).sell(params.items)?;
+                        let total_amount: i32 = updates.iter()
+                            .filter_map(|u| match u {
+                            Update::Wealth(diff) => Some(diff.to_gp() as i32),
+                            _ => None
+                        }).sum();
+                match id {
+                    0 => {
+                        let players = params.players.unwrap_or_default();
+                        updates.append(
+                            &mut db::split_and_share(conn, total_amount, players)?
+                        );
+                        response.notify("Les objets ont été vendus");
+                        response.push_updates(updates);
+                    }
+                    _ => {
+                        response.notify("Objets vendus !");
+                        response.push_updates(updates);
+                    }
+                }
+                Ok(Some((id, "Vente d'objets")))
+            })?
+        }
+        ApiEndpoint::ClaimItems(id, items) => {
+            conn.transaction(|| -> Result<Option<(i32, &str)>, diesel::result::Error> {
+                let current_claims: HashSet<i32> = db::Claims(conn)
+                    .all()?
+                    .iter()
+                    .filter(|c| c.player_id == id)
+                    .map(|c| c.loot_id)
+                    .collect();
+                let new_claims: HashSet<i32> = items.into_iter().collect();
+                // Claims to delete
+                for item in current_claims.difference(&new_claims) {
+                    response.push_updates(db::Claims(conn).remove(id, *item)?);
+                }
+                // Claims to add
+                for item in new_claims.difference(&current_claims) {
+                    response.push_updates(db::Claims(conn).add(id, *item)?);
+                }
+                Ok(None)
+            })?
+        }
+        ApiEndpoint::UndoLastAction(id) => {
+            if let Ok(event) = db::models::history::get_last_of_player(conn, id) {
+                let name = String::from(event.name());
+                event.undo(conn)?;
+                response.notify(format!("'{}' annulé(e)", name));
+            } else {
+                response.push_error("Aucune action trouvée")
+            };
+            None
+        }
+        // Group actions
+        ApiEndpoint::AddLoot(data) => {
+            let mut added_items = 0;
+            for item in data.items.into_iter() {
+                if let Ok(added) = db::LootManager(conn, 0).add_from(&item) {
+                    response.push_updates(added);
+                    added_items += 1;
+                } else {
+                    response.push_error(format!("Error adding {:?}", item));
+                }
+            }
+            response.notify(format!("{} objets lootés !", added_items));
+            // Notify players through persistent notifications
+            if let Err(e) = db::Players(conn)
+                .notifiy_all("De nouveaux objets ont été ajoutés au coffre de groupe !")
+            {
+                response.push_error(format!("Erreur durant la notification : {:?}", e));
+            };
+            Some((0, "Nouveau loot"))
+        }
+        ApiEndpoint::ResolveClaims => {
+            response.push_error("Not implemented!");
+            None
+        }
+        // Admin actions
+        ApiEndpoint::RefreshShop(items) => {
+            db::Shop(conn).replace_list(items)?;
+            response.notify("Inventaire du marchand renouvelé !");
+            None
+        }
+        ApiEndpoint::PlayerAdd(data) => {
+            db::Players(conn).add(&data.name, data.wealth)?;
+            response.notify("Joueur ajouté !");
+            None
+        }
+    };
+
+    // Store the event if it can be undone.
+    dbg!(&action_text);
+    if let Some((id, text)) = action_text {
+        db::models::history::insert_event(
+            conn,
+            id,
+            text,
+            response
+                .updates
+                .as_ref()
+                .expect("there should be updates in here !"),
+        )?;
+    }
+    // match _action_text -> Save updates in DB
+    Ok(response)
+}

src/main.rs

@@ -1,3 +1,19 @@
+extern crate actix_web;
+extern crate dotenv;
+extern crate env_logger;
+extern crate lootalot_db;
+#[macro_use] extern crate serde;
+
+mod server;
+mod api;
+
 fn main() {
-    println!("Hello, world!");
+    std::env::set_var("RUST_LOG", "actix_web=info");
+    env_logger::init();
+    dotenv::dotenv().ok();
+    // TODO: Build a cli app with complete support of DbApi
+    //       Server is started with 'serve' subcommand
+    //       $ lootalot serve
+    // Start the server.
+    server::serve().ok();
 }

src/server.rs

@@ -0,0 +1,325 @@
+use actix_cors::Cors;
+use actix_files as fs;
+use actix_identity::{CookieIdentityPolicy, Identity, IdentityService, RequestIdentity};
+use actix_service::{Service, Transform};
+use actix_web::{
+    dev::{ServiceRequest, ServiceResponse},
+    http::{header, StatusCode},
+    middleware, web, App, Error, HttpResponse, HttpServer,
+};
+use futures::{
+    future::{ok, Either, FutureResult},
+    Future,
+};
+use serde_json;
+use std::env;
+
+use crate::api;
+use lootalot_db as db;
+
+type AppPool = web::Data<db::Pool>;
+type PlayerId = web::Path<i32>;
+type ItemId = web::Json<i32>;
+type IdList = web::Json<api::IdList>;
+type BuySellParams = web::Json<api::BuySellParams>;
+type NewGroupLoot = web::Json<api::NewGroupLoot>;
+
+type MaybeForbidden =
+    actix_web::Either<Box<dyn Future<Item = HttpResponse, Error = Error>>, HttpResponse>;
+
+/// Wraps call to the database query and convert its result as a async HttpResponse
+fn db_call(
+    pool: AppPool,
+    query: api::ApiEndpoint,
+) -> impl Future<Item = HttpResponse, Error = Error> {
+    let conn = pool.get().unwrap();
+    web::block(move || api::execute(&conn, query)).then(|res| match res {
+        Ok(r) => HttpResponse::Ok().json(r),
+        Err(e) => {
+            dbg!(&e);
+            HttpResponse::InternalServerError().finish()
+        }
+    })
+}
+
+fn restricted_to_group(id: i32, params: (AppPool, api::ApiEndpoint)) -> MaybeForbidden {
+    if id != 0 {
+        actix_web::Either::B(HttpResponse::Forbidden().finish())
+    } else {
+        actix_web::Either::A(Box::new(db_call(params.0, params.1)))
+    }
+}
+
+struct RestrictedAccess;
+
+impl<S, B> Transform<S> for RestrictedAccess
+where
+    S: Service<Request = ServiceRequest, Response = ServiceResponse<B>, Error = Error>,
+    S::Future: 'static,
+{
+    type Request = ServiceRequest;
+    type Response = ServiceResponse<B>;
+    type Error = Error;
+    type InitError = ();
+    type Transform = RestrictedAccessMiddleware<S>;
+    type Future = FutureResult<Self::Transform, Self::InitError>;
+
+    fn new_transform(&self, service: S) -> Self::Future {
+        ok(RestrictedAccessMiddleware { service })
+    }
+}
+
+struct RestrictedAccessMiddleware<S> {
+    service: S,
+}
+
+impl<S, B> Service for RestrictedAccessMiddleware<S>
+where
+    S: Service<Request = ServiceRequest, Response = ServiceResponse<B>, Error = Error>,
+    S::Future: 'static,
+{
+    type Request = ServiceRequest;
+    type Response = ServiceResponse<B>;
+    type Error = Error;
+    type Future = Either<S::Future, FutureResult<Self::Response, Self::Error>>;
+
+    fn poll_ready(&mut self) -> futures::Poll<(), Self::Error> {
+        self.service.poll_ready()
+    }
+
+    fn call(&mut self, req: ServiceRequest) -> Self::Future {
+        let is_logged_in = req.get_identity().is_some();
+
+        if is_logged_in {
+            Either::A(self.service.call(req))
+        } else {
+            Either::B(ok(
+                req.into_response(HttpResponse::Forbidden().finish().into_body())
+            ))
+        }
+    }
+}
+
+fn configure_api(config: &mut web::ServiceConfig) {
+    use api::ApiEndpoint as Q;
+    config.service(
+        web::scope("/api")
+            .wrap(RestrictedAccess)
+            .service(
+                web::scope("/players")
+                    .service(
+                        web::resource("/")
+                            .route(web::get().to_async(|pool| db_call(pool, Q::PlayerList)))
+                            .route(web::post().to_async(
+                                |pool, player: web::Json<api::NewPlayer>| {
+                                    db_call(pool, Q::PlayerAdd(player.into_inner()))
+                                },
+                            )),
+                    ) // List of players
+                    .service(
+                        web::scope("/{player_id}")
+                            /*.route(
+                                "/",
+                                web::get().to_async(|pool, player: PlayerId| {
+                                    db_call(pool, Q::FetchPlayer(*player))
+                                }),
+                            )*/
+                            .route(
+                                "/notifications",
+                                web::get().to_async(|pool, player: PlayerId| {
+                                    db_call(pool, Q::PlayerNotifications(*player))
+                                }),
+                            )
+                            .service(
+                                web::resource("/claims")
+                                    .route(web::get().to_async(|pool, player: PlayerId| {
+                                        db_call(pool, Q::PlayerClaims(*player))
+                                    }))
+                                    .route(web::post().to_async(
+                                        |pool, (player, data): (PlayerId, IdList)| {
+                                            db_call(pool, Q::ClaimItems(*player, data.into_inner()))
+                                        },
+                                    )),
+                            )
+                            .service(
+                                web::resource("/wealth")
+                                    //.route(web::get().to_async(...))
+                                    .route(web::put().to_async(
+                                        |pool, (player, data): (PlayerId, web::Json<f64>)| {
+                                            db_call(pool, Q::PlayerUpdateWealth(*player, *data))
+                                        },
+                                    )),
+                            )
+                            .service(
+                                web::resource("/loot")
+                                    .route(web::get().to_async(|pool, player: PlayerId| {
+                                        db_call(pool, Q::PlayerLoot(*player))
+                                    }))
+                                    .route(web::put().to_async(
+                                        move |pool, (player, data): (PlayerId, BuySellParams)| {
+                                            db_call(pool, Q::BuyItems(*player, data.into_inner()))
+                                        },
+                                    ))
+                                    .route(web::post().to(
+                                        move |pool, (player, data): (PlayerId, NewGroupLoot)| {
+                                            restricted_to_group(
+                                                *player,
+                                                (pool, Q::AddLoot(data.into_inner())),
+                                            )
+                                        },
+                                    ))
+                                    .route(web::delete().to_async(
+                                        move |pool, (player, data): (PlayerId, BuySellParams)| {
+                                            db_call(pool, Q::SellItems(*player, data.into_inner()))
+                                        },
+                                    )),
+                            )
+                            .service(web::scope("/events").route(
+                                "/last",
+                                web::delete().to_async(|pool, player: PlayerId| {
+                                    db_call(pool, Q::UndoLastAction(*player))
+                                }),
+                            )),
+                    ),
+            )
+            .route(
+                "/claims",
+                web::get().to_async(|pool| db_call(pool, Q::ClaimsList)),
+            )
+            .service(
+                web::resource("/shop")
+                    .route(web::get().to_async(|pool| db_call(pool, Q::ShopList)))
+                    .route(
+                        web::post().to_async(|pool, items: web::Json<api::ItemList>| {
+                            db_call(pool, Q::RefreshShop(items.into_inner()))
+                        }),
+                    ),
+            )
+            .service(
+                web::resource("/items")
+                    .route(
+                        web::get().to_async(move |pool: AppPool| db_call(pool, Q::InventoryList)),
+                    )
+                    .route(web::post().to_async(
+                        move |pool: AppPool, items: web::Json<Vec<String>>| {
+                            db_call(pool, Q::InventoryCheck(items.into_inner()))
+                        },
+                    )),
+            ),
+    );
+}
+
+#[derive(Deserialize)]
+struct AuthRequest {
+    key: String,
+}
+
+#[derive(Debug, Copy, Clone, Serialize, Deserialize)]
+enum SessionKind {
+    Player(i32),
+    Admin,
+}
+
+use std::collections::HashMap;
+
+fn check_key(key: &str, db: HashMap<&str, SessionKind>) -> Option<SessionKind> {
+    db.get(&key).map(Clone::clone)
+}
+
+fn login(id: Identity, key: web::Query<AuthRequest>) -> HttpResponse {
+    if let Some(session_kind) = check_key(
+        &key.key.to_string(),
+        [
+            ("0", SessionKind::Player(0)),
+            ("1", SessionKind::Player(1)),
+            ("2", SessionKind::Player(2)),
+            ("admin", SessionKind::Admin),
+        ]
+        .iter()
+        .cloned()
+        .collect::<HashMap<&str, SessionKind>>(),
+    ) {
+        id.remember(serde_json::to_string(&session_kind).expect("Serialize SessionKind error"));
+        HttpResponse::build(StatusCode::TEMPORARY_REDIRECT)
+            .header(header::LOCATION, "/")
+            .finish()
+    } else {
+        HttpResponse::Forbidden().finish()
+    }
+}
+
+fn logout(id: Identity) -> HttpResponse {
+    id.forget();
+    HttpResponse::build(StatusCode::TEMPORARY_REDIRECT)
+        .header(header::LOCATION, "/")
+        .finish()
+}
+
+/// This endpoint shall be called by client,
+/// at initialization, to retrieve the current
+/// logging session info.
+///
+/// # Returns
+///
+/// The player data if a player is logged in
+/// The admin data if the admin is logged in
+/// A Forbidden response otherwise
+fn enter_session(id: Identity, pool: AppPool) -> impl Future<Item = HttpResponse, Error = Error> {
+    let conn = pool.get().unwrap();
+    let logged: SessionKind = id
+        .identity()
+        .map(|s| serde_json::from_str(&s).expect("Deserialize SessionKind error"))
+        // This will fail, fastest way to handle
+        // unlogged case with web::block below
+        .unwrap_or(SessionKind::Player(-1));
+
+    web::block(move || {
+        api::execute(
+            &conn,
+            match logged {
+                SessionKind::Player(id) => api::ApiEndpoint::PlayerFetch(id),
+                SessionKind::Admin => api::ApiEndpoint::PlayerList,
+            },
+        )
+    })
+    .then(|res| match res {
+        Ok(r) => HttpResponse::Ok().json(r.value),
+        Err(e) => {
+            dbg!(&e);
+            HttpResponse::Forbidden().finish()
+        }
+    })
+}
+
+pub fn serve() -> std::io::Result<()> {
+    let domain: String = env::var("DOMAIN").expect("DOMAIN must be set");
+    let pool = db::create_pool();
+    println!("Serving Loot-a-lot on {}", domain);
+
+    let key = [0; 32]; // TODO: Use a real key
+
+    HttpServer::new(move || {
+        App::new()
+            .data(pool.clone())
+            .configure(configure_api)
+            .wrap(
+                Cors::new()
+                    .allowed_origin(&domain)
+                    .allowed_methods(vec!["GET", "POST", "PUT", "DELETE", "OPTIONS"])
+                    .max_age(3600),
+            )
+            .wrap(IdentityService::new(
+                CookieIdentityPolicy::new(&key)
+                    .name("logged-in")
+                    .secure(false),
+            ))
+            //.wrap(middleware::Logger::default())
+            .wrap(middleware::Logger::new("%r -> %s (%{User-Agent}i)"))
+            .route("/session", web::get().to_async(enter_session))
+            .route("/login", web::get().to(login))
+            .route("/logout", web::get().to(logout))
+        //.service(fs::Files::new("/", www_root.clone()).index_file("index.html"))
+    })
+    .bind("127.0.0.1:8088")?
+    .run()
+}