pronounsfu/backend/routes/user/patch_user.go

package user

import (
	"fmt"
	"net/http"

	"codeberg.org/u1f320/pronouns.cc/backend/db"
	"codeberg.org/u1f320/pronouns.cc/backend/log"
	"codeberg.org/u1f320/pronouns.cc/backend/server"
	"emperror.dev/errors"
	"github.com/go-chi/render"
)

type PatchUserRequest struct {
	Username    *string       `json:"username"`
	DisplayName *string       `json:"display_name"`
	Bio         *string       `json:"bio"`
	Links       *[]string     `json:"links"`
	Names       *[]db.Name    `json:"names"`
	Pronouns    *[]db.Pronoun `json:"pronouns"`
	Fields      *[]db.Field   `json:"fields"`
	Avatar      *string       `json:"avatar"`
}

// patchUser parses a PatchUserRequest and updates the user with the given ID.
// TODO: could this be refactored to be less repetitive? names, pronouns, and fields are all validated in the same way
func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
	ctx := r.Context()

	claims, _ := server.ClaimsFromContext(ctx)

	var req PatchUserRequest
	err := render.Decode(r, &req)
	if err != nil {
		return server.APIError{Code: server.ErrBadRequest}
	}

	// get existing user, for comparison later
	u, err := s.DB.User(ctx, claims.UserID)
	if err != nil {
		return errors.Wrap(err, "getting existing user")
	}

	// validate that *something* is set
	if req.Username == nil &&
		req.DisplayName == nil &&
		req.Bio == nil &&
		req.Links == nil &&
		req.Fields == nil &&
		req.Names == nil &&
		req.Pronouns == nil &&
		req.Avatar == nil {
		return server.APIError{
			Code:    server.ErrBadRequest,
			Details: "Data must not be empty",
		}
	}

	// validate display name/bio
	if req.DisplayName != nil && len(*req.DisplayName) > db.MaxDisplayNameLength {
		return server.APIError{
			Code:    server.ErrBadRequest,
			Details: fmt.Sprintf("Display name too long (max %d, current %d)", db.MaxDisplayNameLength, len(*req.DisplayName)),
		}
	}
	if req.Bio != nil && len(*req.Bio) > db.MaxUserBioLength {
		return server.APIError{
			Code:    server.ErrBadRequest,
			Details: fmt.Sprintf("Bio too long (max %d, current %d)", db.MaxUserBioLength, len(*req.Bio)),
		}
	}

	// validate links
	if req.Links != nil {
		if len(*req.Links) > db.MaxUserLinksLength {
			return server.APIError{
				Code:    server.ErrBadRequest,
				Details: fmt.Sprintf("Too many links (max %d, current %d)", db.MaxUserLinksLength, len(*req.Links)),
			}
		}

		for i, link := range *req.Links {
			if len(link) > db.MaxLinkLength {
				return server.APIError{
					Code:    server.ErrBadRequest,
					Details: fmt.Sprintf("Link %d too long (max %d, current %d)", i, db.MaxLinkLength, len(link)),
				}
			}
		}
	}

	if err := validateSlicePtr("name", req.Names); err != nil {
		return err
	}

	if err := validateSlicePtr("pronoun", req.Pronouns); err != nil {
		return err
	}

	if err := validateSlicePtr("field", req.Fields); err != nil {
		return err
	}

	// update avatar
	var avatarURLs []string = nil
	if req.Avatar != nil {
		webp, jpg, err := s.DB.ConvertAvatar(*req.Avatar)
		if err != nil {
			if err == db.ErrInvalidDataURI {
				return server.APIError{
					Code:    server.ErrBadRequest,
					Details: "invalid avatar data URI",
				}
			} else if err == db.ErrInvalidContentType {
				return server.APIError{
					Code:    server.ErrBadRequest,
					Details: "invalid avatar content type",
				}
			}

			log.Errorf("converting user avatar: %v", err)
			return err
		}

		webpURL, jpgURL, err := s.DB.WriteUserAvatar(ctx, claims.UserID, webp, jpg)
		if err != nil {
			log.Errorf("uploading user avatar: %v", err)
			return err
		}
		avatarURLs = []string{webpURL, jpgURL}
	}

	// start transaction
	tx, err := s.DB.Begin(ctx)
	if err != nil {
		log.Errorf("creating transaction: %v", err)
		return err
	}
	defer tx.Rollback(ctx)

	// update username
	if req.Username != nil && *req.Username != u.Username {
		err = s.DB.UpdateUsername(ctx, tx, claims.UserID, *req.Username)
		if err != nil {
			switch err {
			case db.ErrUsernameTaken:
				return server.APIError{Code: server.ErrUsernameTaken}
			case db.ErrInvalidUsername:
				return server.APIError{Code: server.ErrInvalidUsername}
			default:
				return errors.Wrap(err, "updating username")
			}
		}
	}

	u, err = s.DB.UpdateUser(ctx, tx, claims.UserID, req.DisplayName, req.Bio, req.Links, avatarURLs)
	if err != nil && errors.Cause(err) != db.ErrNothingToUpdate {
		log.Errorf("updating user: %v", err)
		return err
	}

	var fields []db.Field

	if req.Names != nil {
		err = s.DB.SetUserNames(ctx, tx, claims.UserID, *req.Names)
		if err != nil {
			log.Errorf("setting names for user %v: %v", claims.UserID, err)
			return err
		}
		u.Names = *req.Names
	}

	if req.Pronouns != nil {
		err = s.DB.SetUserPronouns(ctx, tx, claims.UserID, *req.Pronouns)
		if err != nil {
			log.Errorf("setting pronouns for user %v: %v", claims.UserID, err)
			return err
		}
		u.Pronouns = *req.Pronouns
	}

	if req.Fields != nil {
		err = s.DB.SetUserFields(ctx, tx, claims.UserID, *req.Fields)
		if err != nil {
			log.Errorf("setting fields for user %v: %v", claims.UserID, err)
			return err
		}
		fields = *req.Fields
	} else {
		fields, err = s.DB.UserFields(ctx, claims.UserID)
		if err != nil {
			log.Errorf("getting fields for user %v: %v", claims.UserID, err)
			return err
		}
	}

	err = tx.Commit(ctx)
	if err != nil {
		log.Errorf("committing transaction: %v", err)
		return err
	}

	// echo the updated user back on success
	render.JSON(w, r, dbUserToResponse(u, fields, nil))
	return nil
}

type validator interface {
	Validate() string
}

// validateSlicePtr validates a slice of validators.
// If the slice is nil, a nil error is returned (assuming that the field is not required)
func validateSlicePtr[T validator](typ string, slice *[]T) *server.APIError {
	if slice == nil {
		return nil
	}

	max := db.MaxFields
	if typ != "field" {
		max = db.FieldEntriesLimit
	}

	// max 25 fields
	if len(*slice) > max {
		return &server.APIError{
			Code:    server.ErrBadRequest,
			Details: fmt.Sprintf("Too many %ss (max %d, current %d)", typ, max, len(*slice)),
		}
	}

	// validate all fields
	for i, pronouns := range *slice {
		if s := pronouns.Validate(); s != "" {
			return &server.APIError{
				Code:    server.ErrBadRequest,
				Details: fmt.Sprintf("%s %d: %s", typ, i, s),
			}
		}
	}

	return nil
}
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`package user`

			`import (`
			`"fmt"`
			`"net/http"`

			`"codeberg.org/u1f320/pronouns.cc/backend/db"`
			`"codeberg.org/u1f320/pronouns.cc/backend/log"`
			`"codeberg.org/u1f320/pronouns.cc/backend/server"`
			`"emperror.dev/errors"`
			`"github.com/go-chi/render"`
			`)`

			`type PatchUserRequest struct {`
feat(backend): allow changing username in PATCH /users/@me 2022-12-22 16:31:43 -08:00			Username *string `json:"username"`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			DisplayName *string `json:"display_name"`
			Bio *string `json:"bio"`
			Links *[]string `json:"links"`
			Names *[]db.Name `json:"names"`
			Pronouns *[]db.Pronoun `json:"pronouns"`
			Fields *[]db.Field `json:"fields"`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			Avatar *string `json:"avatar"`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`}`

			`// patchUser parses a PatchUserRequest and updates the user with the given ID.`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`// TODO: could this be refactored to be less repetitive? names, pronouns, and fields are all validated in the same way`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`func (s Server) patchUser(w http.ResponseWriter, r http.Request) error {`
			`ctx := r.Context()`

			`claims, _ := server.ClaimsFromContext(ctx)`

			`var req PatchUserRequest`
			`err := render.Decode(r, &req)`
			`if err != nil {`
			`return server.APIError{Code: server.ErrBadRequest}`
			`}`

feat(backend): allow changing username in PATCH /users/@me 2022-12-22 16:31:43 -08:00			`// get existing user, for comparison later`
			`u, err := s.DB.User(ctx, claims.UserID)`
			`if err != nil {`
			`return errors.Wrap(err, "getting existing user")`
			`}`

feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`// validate that something is set`
feat(backend): allow changing username in PATCH /users/@me 2022-12-22 16:31:43 -08:00			`if req.Username == nil &&`
			`req.DisplayName == nil &&`
fix: make PATCH /users/@me work with names/pronouns 2022-09-15 15:48:43 -07:00			`req.Bio == nil &&`
			`req.Links == nil &&`
			`req.Fields == nil &&`
			`req.Names == nil &&`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`req.Pronouns == nil &&`
			`req.Avatar == nil {`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`return server.APIError{`
			`Code: server.ErrBadRequest,`
			`Details: "Data must not be empty",`
			`}`
			`}`

			`// validate display name/bio`
			`if req.DisplayName != nil && len(*req.DisplayName) > db.MaxDisplayNameLength {`
			`return server.APIError{`
			`Code: server.ErrBadRequest,`
			`Details: fmt.Sprintf("Display name too long (max %d, current %d)", db.MaxDisplayNameLength, len(*req.DisplayName)),`
			`}`
			`}`
			`if req.Bio != nil && len(*req.Bio) > db.MaxUserBioLength {`
			`return server.APIError{`
			`Code: server.ErrBadRequest,`
			`Details: fmt.Sprintf("Bio too long (max %d, current %d)", db.MaxUserBioLength, len(*req.Bio)),`
			`}`
			`}`

			`// validate links`
			`if req.Links != nil {`
			`if len(*req.Links) > db.MaxUserLinksLength {`
			`return server.APIError{`
			`Code: server.ErrBadRequest,`
			`Details: fmt.Sprintf("Too many links (max %d, current %d)", db.MaxUserLinksLength, len(*req.Links)),`
			`}`
			`}`

			`for i, link := range *req.Links {`
			`if len(link) > db.MaxLinkLength {`
			`return server.APIError{`
			`Code: server.ErrBadRequest,`
			`Details: fmt.Sprintf("Link %d too long (max %d, current %d)", i, db.MaxLinkLength, len(link)),`
			`}`
			`}`
			`}`
			`}`

feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`if err := validateSlicePtr("name", req.Names); err != nil {`
			`return err`
			`}`
fix(api): don't panic if PATCH /users/@me does not have "fields" set 2022-06-17 07:10:32 -07:00
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`if err := validateSlicePtr("pronoun", req.Pronouns); err != nil {`
			`return err`
			`}`

			`if err := validateSlicePtr("field", req.Fields); err != nil {`
			`return err`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`}`

feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`// update avatar`
			`var avatarURLs []string = nil`
			`if req.Avatar != nil {`
			`webp, jpg, err := s.DB.ConvertAvatar(*req.Avatar)`
			`if err != nil {`
			`if err == db.ErrInvalidDataURI {`
			`return server.APIError{`
			`Code: server.ErrBadRequest,`
			`Details: "invalid avatar data URI",`
			`}`
			`} else if err == db.ErrInvalidContentType {`
			`return server.APIError{`
			`Code: server.ErrBadRequest,`
			`Details: "invalid avatar content type",`
			`}`
			`}`

			`log.Errorf("converting user avatar: %v", err)`
			`return err`
			`}`

			`webpURL, jpgURL, err := s.DB.WriteUserAvatar(ctx, claims.UserID, webp, jpg)`
			`if err != nil {`
			`log.Errorf("uploading user avatar: %v", err)`
			`return err`
			`}`
			`avatarURLs = []string{webpURL, jpgURL}`
			`}`

feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`// start transaction`
			`tx, err := s.DB.Begin(ctx)`
			`if err != nil {`
			`log.Errorf("creating transaction: %v", err)`
			`return err`
			`}`
			`defer tx.Rollback(ctx)`

feat(backend): allow changing username in PATCH /users/@me 2022-12-22 16:31:43 -08:00			`// update username`
			`if req.Username != nil && *req.Username != u.Username {`
			`err = s.DB.UpdateUsername(ctx, tx, claims.UserID, *req.Username)`
			`if err != nil {`
			`switch err {`
			`case db.ErrUsernameTaken:`
			`return server.APIError{Code: server.ErrUsernameTaken}`
			`case db.ErrInvalidUsername:`
			`return server.APIError{Code: server.ErrInvalidUsername}`
			`default:`
			`return errors.Wrap(err, "updating username")`
			`}`
			`}`
			`}`

			`u, err = s.DB.UpdateUser(ctx, tx, claims.UserID, req.DisplayName, req.Bio, req.Links, avatarURLs)`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`if err != nil && errors.Cause(err) != db.ErrNothingToUpdate {`
			`log.Errorf("updating user: %v", err)`
			`return err`
			`}`

feat: read/write improved fields for users, read improved names/pronouns for users 2023-01-14 08:33:18 -08:00			`var fields []db.Field`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00
fix: make PATCH /users/@me work with names/pronouns 2022-09-15 15:48:43 -07:00			`if req.Names != nil {`
			`err = s.DB.SetUserNames(ctx, tx, claims.UserID, *req.Names)`
			`if err != nil {`
			`log.Errorf("setting names for user %v: %v", claims.UserID, err)`
			`return err`
			`}`
feat: read/write improved fields for users, read improved names/pronouns for users 2023-01-14 08:33:18 -08:00			`u.Names = *req.Names`
fix: make PATCH /users/@me work with names/pronouns 2022-09-15 15:48:43 -07:00			`}`

			`if req.Pronouns != nil {`
			`err = s.DB.SetUserPronouns(ctx, tx, claims.UserID, *req.Pronouns)`
			`if err != nil {`
			`log.Errorf("setting pronouns for user %v: %v", claims.UserID, err)`
			`return err`
			`}`
feat: read/write improved fields for users, read improved names/pronouns for users 2023-01-14 08:33:18 -08:00			`u.Pronouns = *req.Pronouns`
fix: make PATCH /users/@me work with names/pronouns 2022-09-15 15:48:43 -07:00			`}`

feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`if req.Fields != nil {`
			`err = s.DB.SetUserFields(ctx, tx, claims.UserID, *req.Fields)`
			`if err != nil {`
			`log.Errorf("setting fields for user %v: %v", claims.UserID, err)`
			`return err`
			`}`
fix: make PATCH /users/@me work with names/pronouns 2022-09-15 15:48:43 -07:00			`fields = *req.Fields`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`} else {`
			`fields, err = s.DB.UserFields(ctx, claims.UserID)`
			`if err != nil {`
			`log.Errorf("getting fields for user %v: %v", claims.UserID, err)`
			`return err`
			`}`
			`}`

			`err = tx.Commit(ctx)`
			`if err != nil {`
			`log.Errorf("committing transaction: %v", err)`
			`return err`
			`}`

			`// echo the updated user back on success`
feat: read/write improved fields for users, read improved names/pronouns for users 2023-01-14 08:33:18 -08:00			`render.JSON(w, r, dbUserToResponse(u, fields, nil))`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`return nil`
			`}`

			`type validator interface {`
			`Validate() string`
			`}`

			`// validateSlicePtr validates a slice of validators.`
			`// If the slice is nil, a nil error is returned (assuming that the field is not required)`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`func validateSlicePtr[T validator](typ string, slice []T) server.APIError {`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`if slice == nil {`
			`return nil`
			`}`

feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`max := db.MaxFields`
			`if typ != "field" {`
			`max = db.FieldEntriesLimit`
			`}`

feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`// max 25 fields`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`if len(*slice) > max {`
			`return &server.APIError{`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`Code: server.ErrBadRequest,`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`Details: fmt.Sprintf("Too many %ss (max %d, current %d)", typ, max, len(*slice)),`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`}`
			`}`

			`// validate all fields`
			`for i, pronouns := range *slice {`
			`if s := pronouns.Validate(); s != "" {`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`return &server.APIError{`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`Code: server.ErrBadRequest,`
			`Details: fmt.Sprintf("%s %d: %s", typ, i, s),`
			`}`
			`}`
			`}`

feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`return nil`
			`}`