pronounsfu/backend/db/user.go

807 lines
19 KiB
Go
Raw Normal View History

2022-05-02 08:19:37 -07:00
package db
import (
"context"
"crypto/sha256"
"encoding/hex"
"fmt"
2022-05-02 08:19:37 -07:00
"regexp"
"strings"
"time"
2022-05-02 08:19:37 -07:00
2023-06-03 07:18:47 -07:00
"codeberg.org/pronounscc/pronouns.cc/backend/common"
"codeberg.org/pronounscc/pronouns.cc/backend/icons"
2022-05-02 08:19:37 -07:00
"emperror.dev/errors"
2023-06-02 18:06:26 -07:00
"github.com/Masterminds/squirrel"
"github.com/bwmarrin/discordgo"
2023-04-03 19:11:03 -07:00
"github.com/georgysavva/scany/v2/pgxscan"
"github.com/jackc/pgx/v5"
"github.com/jackc/pgx/v5/pgconn"
2022-05-02 08:19:37 -07:00
"github.com/rs/xid"
)
type User struct {
ID xid.ID
2023-06-02 18:06:26 -07:00
SID string `db:"sid"`
2022-05-02 08:19:37 -07:00
Username string
DisplayName *string
Bio *string
MemberTitle *string
2023-05-01 17:54:08 -07:00
LastActive time.Time
2022-05-02 08:19:37 -07:00
Avatar *string
Links []string
2022-05-02 08:19:37 -07:00
Names []FieldEntry
Pronouns []PronounEntry
2022-05-05 07:33:44 -07:00
Discord *string
DiscordUsername *string
2022-11-18 06:27:52 -08:00
Fediverse *string
FediverseUsername *string
FediverseAppID *int64
FediverseInstance *string
2023-04-17 18:49:37 -07:00
Tumblr *string
TumblrUsername *string
2023-04-18 13:52:58 -07:00
Google *string
GoogleUsername *string
2023-06-02 18:06:26 -07:00
MaxInvites int
IsAdmin bool
ListPrivate bool
LastSIDReroll time.Time `db:"last_sid_reroll"`
2023-07-30 14:13:35 -07:00
Timezone *string
Settings UserSettings
DeletedAt *time.Time
SelfDelete *bool
DeleteReason *string
CustomPreferences CustomPreferences
2022-05-02 08:19:37 -07:00
}
type CustomPreferences = map[string]CustomPreference
type CustomPreference struct {
Icon string `json:"icon"`
Tooltip string `json:"tooltip"`
Size PreferenceSize `json:"size"`
Muted bool `json:"muted"`
Favourite bool `json:"favourite"`
}
func (c CustomPreference) Validate() string {
if !icons.IsValid(c.Icon) {
return fmt.Sprintf("custom preference icon %q is invalid", c.Icon)
}
if c.Tooltip == "" {
return "custom preference tooltip is empty"
}
if common.StringLength(&c.Tooltip) > FieldEntryMaxLength {
return fmt.Sprintf("custom preference tooltip is too long, max %d characters, is %d characters", FieldEntryMaxLength, common.StringLength(&c.Tooltip))
}
if c.Size != PreferenceSizeLarge && c.Size != PreferenceSizeNormal && c.Size != PreferenceSizeSmall {
return fmt.Sprintf("custom preference size %q is invalid", string(c.Size))
}
return ""
}
type PreferenceSize string
const (
PreferenceSizeLarge PreferenceSize = "large"
PreferenceSizeNormal PreferenceSize = "normal"
PreferenceSizeSmall PreferenceSize = "small"
)
func (u User) NumProviders() (numProviders int) {
if u.Discord != nil {
numProviders++
}
if u.Fediverse != nil {
numProviders++
}
2023-04-17 18:49:37 -07:00
if u.Tumblr != nil {
numProviders++
}
2023-04-18 13:52:58 -07:00
if u.Google != nil {
numProviders++
}
return numProviders
}
2023-07-30 14:13:35 -07:00
// UTCOffset returns the user's UTC offset in seconds. If the user does not have a timezone set, `ok` is false.
func (u User) UTCOffset() (offset int, ok bool) {
if u.Timezone == nil {
return 0, false
}
loc, err := time.LoadLocation(*u.Timezone)
if err != nil {
return 0, false
}
_, offset = time.Now().In(loc).Zone()
return offset, true
}
2023-06-05 07:29:18 -07:00
type Badge int32
const (
BadgeAdmin Badge = 1 << 0
)
2022-05-02 08:19:37 -07:00
// usernames must match this regex
var usernameRegex = regexp.MustCompile(`^[\w-.]{2,40}$`)
2022-05-02 08:19:37 -07:00
// List of usernames that cannot be used, because they could create confusion, conflict with other pages, or cause bugs.
var invalidUsernames = []string{
"..",
"admin",
"administrator",
"mod",
"moderator",
"api",
"page",
"pronouns",
"settings",
"pronouns.cc",
"pronounscc",
}
func UsernameValid(username string) (err error) {
if !usernameRegex.MatchString(username) {
if len(username) < 2 {
return ErrUsernameTooShort
} else if len(username) > 40 {
return ErrUsernameTooLong
}
return ErrInvalidUsername
}
for i := range invalidUsernames {
if strings.EqualFold(username, invalidUsernames[i]) {
return ErrBannedUsername
}
}
return nil
}
2022-05-02 08:19:37 -07:00
const (
ErrUserNotFound = errors.Sentinel("user not found")
2022-05-02 08:19:37 -07:00
ErrUsernameTaken = errors.Sentinel("username is already taken")
2022-05-02 08:19:37 -07:00
ErrInvalidUsername = errors.Sentinel("username contains invalid characters")
ErrUsernameTooShort = errors.Sentinel("username is too short")
ErrUsernameTooLong = errors.Sentinel("username is too long")
ErrBannedUsername = errors.Sentinel("username is banned")
2022-05-02 08:19:37 -07:00
)
const (
MaxUsernameLength = 40
MaxDisplayNameLength = 100
MaxUserBioLength = 1000
MaxUserLinksLength = 25
MaxLinkLength = 256
)
2023-03-13 15:26:12 -07:00
const (
SelfDeleteAfter = 30 * 24 * time.Hour
ModDeleteAfter = 180 * 24 * time.Hour
)
2022-05-02 08:19:37 -07:00
// CreateUser creates a user with the given username.
2022-11-17 17:17:27 -08:00
func (db *DB) CreateUser(ctx context.Context, tx pgx.Tx, username string) (u User, err error) {
2022-05-02 08:19:37 -07:00
// check if the username is valid
// if not, return an error depending on what failed
if err := UsernameValid(username); err != nil {
return u, err
2022-05-02 08:19:37 -07:00
}
2023-06-02 18:06:26 -07:00
sql, args, err := sq.Insert("users").Columns("id", "username", "sid").Values(xid.New(), username, squirrel.Expr("find_free_user_sid()")).Suffix("RETURNING *").ToSql()
2022-05-02 08:19:37 -07:00
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, tx, &u, sql, args...)
2022-05-02 08:19:37 -07:00
if err != nil {
pge := &pgconn.PgError{}
if errors.As(err, &pge) {
// unique constraint violation
2023-05-25 04:40:15 -07:00
if pge.Code == uniqueViolation {
2022-05-02 08:19:37 -07:00
return u, ErrUsernameTaken
}
}
return u, errors.Cause(err)
}
return u, nil
2022-05-02 08:19:37 -07:00
}
2023-03-16 07:50:39 -07:00
func (db *DB) FediverseUser(ctx context.Context, userID string, instanceAppID int64) (u User, err error) {
sql, args, err := sq.Select("*", "(SELECT instance FROM fediverse_apps WHERE id = users.fediverse_app_id) AS fediverse_instance").
From("users").
2023-03-16 07:50:39 -07:00
Where("fediverse = ?", userID).Where("fediverse_app_id = ?", instanceAppID).
ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, db, &u, sql, args...)
if err != nil {
if errors.Cause(err) == pgx.ErrNoRows {
return u, ErrUserNotFound
}
return u, errors.Wrap(err, "executing query")
}
return u, nil
}
func (u *User) UpdateFromFedi(ctx context.Context, ex Execer, userID, username string, appID int64) error {
sql, args, err := sq.Update("users").
Set("fediverse", userID).
Set("fediverse_username", username).
Set("fediverse_app_id", appID).
Where("id = ?", u.ID).
ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = ex.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
u.Fediverse = &userID
u.FediverseUsername = &username
u.FediverseAppID = &appID
return nil
}
2023-03-18 08:54:31 -07:00
func (u *User) UnlinkFedi(ctx context.Context, ex Execer) error {
sql, args, err := sq.Update("users").
Set("fediverse", nil).
Set("fediverse_username", nil).
Set("fediverse_app_id", nil).
Where("id = ?", u.ID).
ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = ex.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
u.Fediverse = nil
u.FediverseUsername = nil
u.FediverseAppID = nil
return nil
}
// DiscordUser fetches a user by Discord user ID.
func (db *DB) DiscordUser(ctx context.Context, discordID string) (u User, err error) {
sql, args, err := sq.Select("*", "(SELECT instance FROM fediverse_apps WHERE id = users.fediverse_app_id) AS fediverse_instance").
From("users").Where("discord = ?", discordID).ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, db, &u, sql, args...)
if err != nil {
if errors.Cause(err) == pgx.ErrNoRows {
return u, ErrUserNotFound
}
return u, errors.Wrap(err, "executing query")
}
return u, nil
}
func (u *User) UpdateFromDiscord(ctx context.Context, ex Execer, du *discordgo.User) error {
sql, args, err := sq.Update("users").
Set("discord", du.ID).
Set("discord_username", du.String()).
Where("id = ?", u.ID).
ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = ex.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
u.Discord = &du.ID
username := du.String()
u.DiscordUsername = &username
return nil
}
2023-03-18 08:54:31 -07:00
func (u *User) UnlinkDiscord(ctx context.Context, ex Execer) error {
sql, args, err := sq.Update("users").
Set("discord", nil).
Set("discord_username", nil).
Where("id = ?", u.ID).
ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = ex.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
u.Discord = nil
u.DiscordUsername = nil
return nil
}
2023-04-17 18:49:37 -07:00
// TumblrUser fetches a user by Tumblr user ID.
func (db *DB) TumblrUser(ctx context.Context, tumblrID string) (u User, err error) {
sql, args, err := sq.Select("*", "(SELECT instance FROM fediverse_apps WHERE id = users.fediverse_app_id) AS fediverse_instance").
From("users").Where("tumblr = ?", tumblrID).ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, db, &u, sql, args...)
if err != nil {
if errors.Cause(err) == pgx.ErrNoRows {
return u, ErrUserNotFound
}
return u, errors.Wrap(err, "executing query")
}
return u, nil
}
func (u *User) UpdateFromTumblr(ctx context.Context, ex Execer, tumblrID, tumblrUsername string) error {
sql, args, err := sq.Update("users").
Set("tumblr", tumblrID).
Set("tumblr_username", tumblrUsername).
Where("id = ?", u.ID).
ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = ex.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
u.Tumblr = &tumblrID
u.TumblrUsername = &tumblrUsername
return nil
}
func (u *User) UnlinkTumblr(ctx context.Context, ex Execer) error {
sql, args, err := sq.Update("users").
Set("tumblr", nil).
Set("tumblr_username", nil).
Where("id = ?", u.ID).
ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = ex.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
u.Tumblr = nil
u.TumblrUsername = nil
return nil
}
2023-04-18 13:52:58 -07:00
// GoogleUser fetches a user by Google user ID.
func (db *DB) GoogleUser(ctx context.Context, googleID string) (u User, err error) {
sql, args, err := sq.Select("*", "(SELECT instance FROM fediverse_apps WHERE id = users.fediverse_app_id) AS fediverse_instance").
From("users").Where("google = ?", googleID).ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, db, &u, sql, args...)
if err != nil {
if errors.Cause(err) == pgx.ErrNoRows {
return u, ErrUserNotFound
}
return u, errors.Wrap(err, "executing query")
}
return u, nil
}
func (u *User) UpdateFromGoogle(ctx context.Context, ex Execer, googleID, googleUsername string) error {
sql, args, err := sq.Update("users").
Set("google", googleID).
Set("google_username", googleUsername).
Where("id = ?", u.ID).
ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = ex.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
u.Google = &googleID
u.GoogleUsername = &googleUsername
return nil
}
func (u *User) UnlinkGoogle(ctx context.Context, ex Execer) error {
sql, args, err := sq.Update("users").
Set("google", nil).
Set("google_username", nil).
Where("id = ?", u.ID).
ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = ex.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
u.Google = nil
u.GoogleUsername = nil
return nil
}
// User gets a user by ID.
func (db *DB) User(ctx context.Context, id xid.ID) (u User, err error) {
sql, args, err := sq.Select("*", "(SELECT instance FROM fediverse_apps WHERE id = users.fediverse_app_id) AS fediverse_instance").
From("users").Where("id = ?", id).ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, db, &u, sql, args...)
if err != nil {
if errors.Cause(err) == pgx.ErrNoRows {
return u, ErrUserNotFound
}
return u, errors.Wrap(err, "getting user from db")
}
return u, nil
}
// Username gets a user by username.
func (db *DB) Username(ctx context.Context, name string) (u User, err error) {
sql, args, err := sq.Select("*").From("users").Where("username = ?", name).ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, db, &u, sql, args...)
if err != nil {
if errors.Cause(err) == pgx.ErrNoRows {
return u, ErrUserNotFound
}
return u, errors.Wrap(err, "getting user from db")
}
return u, nil
}
2023-06-02 18:06:26 -07:00
// UserBySID gets a user by their short ID.
func (db *DB) UserBySID(ctx context.Context, sid string) (u User, err error) {
sql, args, err := sq.Select("*").From("users").Where("sid = ?", sid).ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, db, &u, sql, args...)
if err != nil {
if errors.Cause(err) == pgx.ErrNoRows {
return u, ErrUserNotFound
}
return u, errors.Wrap(err, "getting user from db")
}
return u, nil
}
// UsernameTaken checks if the given username is already taken.
func (db *DB) UsernameTaken(ctx context.Context, username string) (valid, taken bool, err error) {
if err := UsernameValid(username); err != nil {
return false, false, nil
}
err = db.QueryRow(ctx, "select exists (select id from users where username = $1)", username).Scan(&taken)
return true, taken, err
}
// UpdateUsername validates the given username, then updates the given user's name to it if valid.
func (db *DB) UpdateUsername(ctx context.Context, tx pgx.Tx, id xid.ID, newName string) error {
if err := UsernameValid(newName); err != nil {
return err
}
sql, args, err := sq.Update("users").Set("username", newName).Where("id = ?", id).ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = db.Exec(ctx, sql, args...)
if err != nil {
pge := &pgconn.PgError{}
if errors.As(err, &pge) {
// unique constraint violation
2023-05-25 04:40:15 -07:00
if pge.Code == uniqueViolation {
return ErrUsernameTaken
}
}
return errors.Wrap(err, "executing query")
}
return nil
}
func (db *DB) UpdateUser(
ctx context.Context,
tx pgx.Tx, id xid.ID,
displayName, bio *string,
memberTitle *string, listPrivate *bool,
links *[]string,
avatar *string,
2023-08-02 14:24:38 -07:00
timezone *string,
2023-04-19 03:00:21 -07:00
customPreferences *CustomPreferences,
) (u User, err error) {
2023-08-02 14:24:38 -07:00
if displayName == nil && bio == nil && links == nil && avatar == nil && memberTitle == nil && listPrivate == nil && timezone == nil && customPreferences == nil {
sql, args, err := sq.Select("*").From("users").Where("id = ?", id).ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, db, &u, sql, args...)
if err != nil {
return u, errors.Wrap(err, "getting user from db")
}
return u, nil
}
builder := sq.Update("users").Where("id = ?", id).Suffix("RETURNING *")
if displayName != nil {
if *displayName == "" {
builder = builder.Set("display_name", nil)
} else {
builder = builder.Set("display_name", *displayName)
}
}
if bio != nil {
if *bio == "" {
builder = builder.Set("bio", nil)
} else {
builder = builder.Set("bio", *bio)
}
}
if memberTitle != nil {
if *memberTitle == "" {
builder = builder.Set("member_title", nil)
} else {
builder = builder.Set("member_title", *memberTitle)
}
}
2023-08-02 14:24:38 -07:00
if timezone != nil {
if *timezone == "" {
builder = builder.Set("timezone", nil)
} else {
builder = builder.Set("timezone", *timezone)
}
}
if links != nil {
builder = builder.Set("links", *links)
}
if listPrivate != nil {
builder = builder.Set("list_private", *listPrivate)
}
2023-04-19 03:00:21 -07:00
if customPreferences != nil {
builder = builder.Set("custom_preferences", *customPreferences)
}
if avatar != nil {
if *avatar == "" {
builder = builder.Set("avatar", nil)
} else {
builder = builder.Set("avatar", avatar)
}
}
sql, args, err := builder.ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, tx, &u, sql, args...)
if err != nil {
return u, errors.Wrap(err, "executing sql")
}
return u, nil
}
func (db *DB) DeleteUser(ctx context.Context, tx pgx.Tx, id xid.ID, selfDelete bool, reason string) error {
builder := sq.Update("users").Set("deleted_at", time.Now().UTC()).Set("self_delete", selfDelete).Where("id = ?", id)
if !selfDelete {
builder = builder.Set("delete_reason", reason)
}
sql, args, err := builder.ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = tx.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
return nil
}
2023-03-14 08:16:07 -07:00
2023-06-02 18:06:26 -07:00
func (db *DB) RerollUserSID(ctx context.Context, id xid.ID) (newID string, err error) {
sql, args, err := sq.Update("users").
Set("sid", squirrel.Expr("find_free_user_sid()")).
Set("last_sid_reroll", time.Now()).
Where("id = ?", id).
Suffix("RETURNING sid").ToSql()
if err != nil {
return "", errors.Wrap(err, "building sql")
}
err = db.QueryRow(ctx, sql, args...).Scan(&newID)
if err != nil {
return "", errors.Wrap(err, "executing query")
}
return newID, nil
}
2023-03-14 08:16:07 -07:00
func (db *DB) UndoDeleteUser(ctx context.Context, id xid.ID) error {
sql, args, err := sq.Update("users").
Set("deleted_at", nil).
Set("self_delete", nil).
Set("delete_reason", nil).
Where("id = ?", id).ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = db.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
return nil
}
func (db *DB) ForceDeleteUser(ctx context.Context, id xid.ID) error {
sql, args, err := sq.Delete("users").Where("id = ?", id).ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = db.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
return nil
}
func (db *DB) DeleteUserMembers(ctx context.Context, tx pgx.Tx, id xid.ID) error {
sql, args, err := sq.Delete("members").Where("user_id = ?", id).ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = tx.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
return nil
}
func (db *DB) ResetUser(ctx context.Context, tx pgx.Tx, id xid.ID) error {
err := db.SetUserFields(ctx, tx, id, []Field{})
if err != nil {
return errors.Wrap(err, "deleting fields")
}
hasher := sha256.New()
_, err = hasher.Write(id.Bytes())
if err != nil {
return errors.Wrap(err, "hashing user id")
}
hash := hex.EncodeToString(hasher.Sum(nil))
sql, args, err := sq.Update("users").
Set("username", "deleted-"+hash).
Set("display_name", nil).
Set("bio", nil).
Set("links", nil).
Set("names", "[]").
Set("pronouns", "[]").
Set("avatar", nil).
Where("id = ?", id).ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = tx.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
return nil
}
func (db *DB) CleanUser(ctx context.Context, id xid.ID) error {
u, err := db.User(ctx, id)
if err != nil {
return errors.Wrap(err, "getting user")
}
if u.Avatar != nil {
err = db.DeleteUserAvatar(ctx, u.ID, *u.Avatar)
if err != nil {
return errors.Wrap(err, "deleting user avatar")
}
}
var exports []DataExport
err = pgxscan.Select(ctx, db, &exports, "SELECT * FROM data_exports WHERE user_id = $1", u.ID)
if err != nil {
return errors.Wrap(err, "getting export iles")
}
for _, de := range exports {
err = db.DeleteExport(ctx, de)
if err != nil {
continue
}
}
members, err := db.UserMembers(ctx, u.ID, true)
if err != nil {
return errors.Wrap(err, "getting members")
}
for _, m := range members {
if m.Avatar == nil {
continue
}
err = db.DeleteMemberAvatar(ctx, m.ID, *m.Avatar)
if err != nil {
continue
}
}
return nil
}