pronounsfu/backend/routes/user/patch_user.go

package user

import (
	"fmt"
	"net/http"

	"codeberg.org/u1f320/pronouns.cc/backend/db"
	"codeberg.org/u1f320/pronouns.cc/backend/log"
	"codeberg.org/u1f320/pronouns.cc/backend/server"
	"emperror.dev/errors"
	"github.com/go-chi/render"
)

type PatchUserRequest struct {
	Username    *string            `json:"username"`
	DisplayName *string            `json:"display_name"`
	Bio         *string            `json:"bio"`
	Links       *[]string          `json:"links"`
	Names       *[]db.FieldEntry   `json:"names"`
	Pronouns    *[]db.PronounEntry `json:"pronouns"`
	Fields      *[]db.Field        `json:"fields"`
	Avatar      *string            `json:"avatar"`
}

// patchUser parses a PatchUserRequest and updates the user with the given ID.
func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
	ctx := r.Context()

	claims, _ := server.ClaimsFromContext(ctx)

	var req PatchUserRequest
	err := render.Decode(r, &req)
	if err != nil {
		return server.APIError{Code: server.ErrBadRequest}
	}

	// get existing user, for comparison later
	u, err := s.DB.User(ctx, claims.UserID)
	if err != nil {
		return errors.Wrap(err, "getting existing user")
	}

	// validate that *something* is set
	if req.Username == nil &&
		req.DisplayName == nil &&
		req.Bio == nil &&
		req.Links == nil &&
		req.Fields == nil &&
		req.Names == nil &&
		req.Pronouns == nil &&
		req.Avatar == nil {
		return server.APIError{
			Code:    server.ErrBadRequest,
			Details: "Data must not be empty",
		}
	}

	// validate display name/bio
	if req.DisplayName != nil && len(*req.DisplayName) > db.MaxDisplayNameLength {
		return server.APIError{
			Code:    server.ErrBadRequest,
			Details: fmt.Sprintf("Display name too long (max %d, current %d)", db.MaxDisplayNameLength, len(*req.DisplayName)),
		}
	}
	if req.Bio != nil && len(*req.Bio) > db.MaxUserBioLength {
		return server.APIError{
			Code:    server.ErrBadRequest,
			Details: fmt.Sprintf("Bio too long (max %d, current %d)", db.MaxUserBioLength, len(*req.Bio)),
		}
	}

	// validate links
	if req.Links != nil {
		if len(*req.Links) > db.MaxUserLinksLength {
			return server.APIError{
				Code:    server.ErrBadRequest,
				Details: fmt.Sprintf("Too many links (max %d, current %d)", db.MaxUserLinksLength, len(*req.Links)),
			}
		}

		for i, link := range *req.Links {
			if len(link) > db.MaxLinkLength {
				return server.APIError{
					Code:    server.ErrBadRequest,
					Details: fmt.Sprintf("Link %d too long (max %d, current %d)", i, db.MaxLinkLength, len(link)),
				}
			}
		}
	}

	if err := validateSlicePtr("name", req.Names); err != nil {
		return *err
	}

	if err := validateSlicePtr("pronoun", req.Pronouns); err != nil {
		return *err
	}

	if err := validateSlicePtr("field", req.Fields); err != nil {
		return *err
	}

	// update avatar
	var avatarHash *string = nil
	if req.Avatar != nil {
		if *req.Avatar == "" {
			if u.Avatar != nil {
				err = s.DB.DeleteUserAvatar(ctx, u.ID, *u.Avatar)
				if err != nil {
					log.Errorf("deleting user avatar: %v", err)
					return errors.Wrap(err, "deleting avatar")
				}
			}
			avatarHash = req.Avatar
		} else {
			webp, jpg, err := s.DB.ConvertAvatar(*req.Avatar)
			if err != nil {
				if err == db.ErrInvalidDataURI {
					return server.APIError{
						Code:    server.ErrBadRequest,
						Details: "invalid avatar data URI",
					}
				} else if err == db.ErrInvalidContentType {
					return server.APIError{
						Code:    server.ErrBadRequest,
						Details: "invalid avatar content type",
					}
				}

				log.Errorf("converting user avatar: %v", err)
				return err
			}

			hash, err := s.DB.WriteUserAvatar(ctx, claims.UserID, webp, jpg)
			if err != nil {
				log.Errorf("uploading user avatar: %v", err)
				return err
			}
			avatarHash = &hash
		}
	}

	// start transaction
	tx, err := s.DB.Begin(ctx)
	if err != nil {
		log.Errorf("creating transaction: %v", err)
		return err
	}
	defer tx.Rollback(ctx)

	// update username
	if req.Username != nil && *req.Username != u.Username {
		err = s.DB.UpdateUsername(ctx, tx, claims.UserID, *req.Username)
		if err != nil {
			switch err {
			case db.ErrUsernameTaken:
				return server.APIError{Code: server.ErrUsernameTaken}
			case db.ErrInvalidUsername:
				return server.APIError{Code: server.ErrInvalidUsername}
			default:
				return errors.Wrap(err, "updating username")
			}
		}
	}

	u, err = s.DB.UpdateUser(ctx, tx, claims.UserID, req.DisplayName, req.Bio, req.Links, avatarHash)
	if err != nil && errors.Cause(err) != db.ErrNothingToUpdate {
		log.Errorf("updating user: %v", err)
		return err
	}

	if req.Names != nil || req.Pronouns != nil {
		names := u.Names
		pronouns := u.Pronouns

		if req.Names != nil {
			names = *req.Names
		}
		if req.Pronouns != nil {
			pronouns = *req.Pronouns
		}

		err = s.DB.SetUserNamesPronouns(ctx, tx, claims.UserID, names, pronouns)
		if err != nil {
			log.Errorf("setting names for member %v: %v", claims.UserID, err)
			return err
		}
		u.Names = names
		u.Pronouns = pronouns
	}

	var fields []db.Field
	if req.Fields != nil {
		err = s.DB.SetUserFields(ctx, tx, claims.UserID, *req.Fields)
		if err != nil {
			log.Errorf("setting fields for user %v: %v", claims.UserID, err)
			return err
		}
		fields = *req.Fields
	} else {
		fields, err = s.DB.UserFields(ctx, claims.UserID)
		if err != nil {
			log.Errorf("getting fields for user %v: %v", claims.UserID, err)
			return err
		}
	}

	err = tx.Commit(ctx)
	if err != nil {
		log.Errorf("committing transaction: %v", err)
		return err
	}

	// get fedi instance name if the user has a linked fedi account
	var fediInstance *string
	if u.FediverseAppID != nil {
		app, err := s.DB.FediverseAppByID(ctx, *u.FediverseAppID)
		if err == nil {
			fediInstance = &app.Instance
		}
	}

	// echo the updated user back on success
	render.JSON(w, r, GetMeResponse{
		GetUserResponse:   dbUserToResponse(u, fields, nil),
		MaxInvites:        u.MaxInvites,
		Discord:           u.Discord,
		DiscordUsername:   u.DiscordUsername,
		Fediverse:         u.Fediverse,
		FediverseUsername: u.FediverseUsername,
		FediverseInstance: fediInstance,
	})
	return nil
}

type validator interface {
	Validate() string
}

// validateSlicePtr validates a slice of validators.
// If the slice is nil, a nil error is returned (assuming that the field is not required)
func validateSlicePtr[T validator](typ string, slice *[]T) *server.APIError {
	if slice == nil {
		return nil
	}

	max := db.MaxFields
	if typ != "field" {
		max = db.FieldEntriesLimit
	}

	// max 25 fields
	if len(*slice) > max {
		return &server.APIError{
			Code:    server.ErrBadRequest,
			Details: fmt.Sprintf("Too many %ss (max %d, current %d)", typ, max, len(*slice)),
		}
	}

	// validate all fields
	for i, pronouns := range *slice {
		if s := pronouns.Validate(); s != "" {
			return &server.APIError{
				Code:    server.ErrBadRequest,
				Details: fmt.Sprintf("%s %d: %s", typ, i+1, s),
			}
		}
	}

	return nil
}
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`package user`

			`import (`
			`"fmt"`
			`"net/http"`

			`"codeberg.org/u1f320/pronouns.cc/backend/db"`
			`"codeberg.org/u1f320/pronouns.cc/backend/log"`
			`"codeberg.org/u1f320/pronouns.cc/backend/server"`
			`"emperror.dev/errors"`
			`"github.com/go-chi/render"`
			`)`

			`type PatchUserRequest struct {`
feat: read/write improved names/pronouns for users, read/write improved fields/names/pronouns for members 2023-01-30 15:50:17 -08:00			Username *string `json:"username"`
			DisplayName *string `json:"display_name"`
			Bio *string `json:"bio"`
			Links *[]string `json:"links"`
			Names *[]db.FieldEntry `json:"names"`
			Pronouns *[]db.PronounEntry `json:"pronouns"`
			Fields *[]db.Field `json:"fields"`
			Avatar *string `json:"avatar"`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`}`

			`// patchUser parses a PatchUserRequest and updates the user with the given ID.`
			`func (s Server) patchUser(w http.ResponseWriter, r http.Request) error {`
			`ctx := r.Context()`

			`claims, _ := server.ClaimsFromContext(ctx)`

			`var req PatchUserRequest`
			`err := render.Decode(r, &req)`
			`if err != nil {`
			`return server.APIError{Code: server.ErrBadRequest}`
			`}`

feat(backend): allow changing username in PATCH /users/@me 2022-12-22 16:31:43 -08:00			`// get existing user, for comparison later`
			`u, err := s.DB.User(ctx, claims.UserID)`
			`if err != nil {`
			`return errors.Wrap(err, "getting existing user")`
			`}`

feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`// validate that something is set`
feat(backend): allow changing username in PATCH /users/@me 2022-12-22 16:31:43 -08:00			`if req.Username == nil &&`
			`req.DisplayName == nil &&`
fix: make PATCH /users/@me work with names/pronouns 2022-09-15 15:48:43 -07:00			`req.Bio == nil &&`
			`req.Links == nil &&`
			`req.Fields == nil &&`
			`req.Names == nil &&`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`req.Pronouns == nil &&`
			`req.Avatar == nil {`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`return server.APIError{`
			`Code: server.ErrBadRequest,`
			`Details: "Data must not be empty",`
			`}`
			`}`

			`// validate display name/bio`
			`if req.DisplayName != nil && len(*req.DisplayName) > db.MaxDisplayNameLength {`
			`return server.APIError{`
			`Code: server.ErrBadRequest,`
			`Details: fmt.Sprintf("Display name too long (max %d, current %d)", db.MaxDisplayNameLength, len(*req.DisplayName)),`
			`}`
			`}`
			`if req.Bio != nil && len(*req.Bio) > db.MaxUserBioLength {`
			`return server.APIError{`
			`Code: server.ErrBadRequest,`
			`Details: fmt.Sprintf("Bio too long (max %d, current %d)", db.MaxUserBioLength, len(*req.Bio)),`
			`}`
			`}`

			`// validate links`
			`if req.Links != nil {`
			`if len(*req.Links) > db.MaxUserLinksLength {`
			`return server.APIError{`
			`Code: server.ErrBadRequest,`
			`Details: fmt.Sprintf("Too many links (max %d, current %d)", db.MaxUserLinksLength, len(*req.Links)),`
			`}`
			`}`

			`for i, link := range *req.Links {`
			`if len(link) > db.MaxLinkLength {`
			`return server.APIError{`
			`Code: server.ErrBadRequest,`
			`Details: fmt.Sprintf("Link %d too long (max %d, current %d)", i, db.MaxLinkLength, len(link)),`
			`}`
			`}`
			`}`
			`}`

feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`if err := validateSlicePtr("name", req.Names); err != nil {`
fix(backend): return 400 error on bad request, not 500 2023-03-13 17:30:46 -07:00			`return *err`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`}`
fix(api): don't panic if PATCH /users/@me does not have "fields" set 2022-06-17 07:10:32 -07:00
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`if err := validateSlicePtr("pronoun", req.Pronouns); err != nil {`
fix(backend): return 400 error on bad request, not 500 2023-03-13 17:30:46 -07:00			`return *err`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`}`

			`if err := validateSlicePtr("field", req.Fields); err != nil {`
fix(backend): return 400 error on bad request, not 500 2023-03-13 17:30:46 -07:00			`return *err`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`}`

feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`// update avatar`
feat: hashes in avatar file names (closes #19) 2023-03-12 18:04:09 -07:00			`var avatarHash *string = nil`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`if req.Avatar != nil {`
feat(backend): add delete avatar logic 2023-03-12 18:19:03 -07:00			`if *req.Avatar == "" {`
			`if u.Avatar != nil {`
			`err = s.DB.DeleteUserAvatar(ctx, u.ID, *u.Avatar)`
			`if err != nil {`
			`log.Errorf("deleting user avatar: %v", err)`
			`return errors.Wrap(err, "deleting avatar")`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`}`
			`}`
feat(backend): add delete avatar logic 2023-03-12 18:19:03 -07:00			`avatarHash = req.Avatar`
			`} else {`
			`webp, jpg, err := s.DB.ConvertAvatar(*req.Avatar)`
			`if err != nil {`
			`if err == db.ErrInvalidDataURI {`
			`return server.APIError{`
			`Code: server.ErrBadRequest,`
			`Details: "invalid avatar data URI",`
			`}`
			`} else if err == db.ErrInvalidContentType {`
			`return server.APIError{`
			`Code: server.ErrBadRequest,`
			`Details: "invalid avatar content type",`
			`}`
			`}`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00
feat(backend): add delete avatar logic 2023-03-12 18:19:03 -07:00			`log.Errorf("converting user avatar: %v", err)`
			`return err`
			`}`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00
feat(backend): add delete avatar logic 2023-03-12 18:19:03 -07:00			`hash, err := s.DB.WriteUserAvatar(ctx, claims.UserID, webp, jpg)`
			`if err != nil {`
			`log.Errorf("uploading user avatar: %v", err)`
			`return err`
			`}`
			`avatarHash = &hash`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`}`
			`}`

feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`// start transaction`
			`tx, err := s.DB.Begin(ctx)`
			`if err != nil {`
			`log.Errorf("creating transaction: %v", err)`
			`return err`
			`}`
			`defer tx.Rollback(ctx)`

feat(backend): allow changing username in PATCH /users/@me 2022-12-22 16:31:43 -08:00			`// update username`
			`if req.Username != nil && *req.Username != u.Username {`
			`err = s.DB.UpdateUsername(ctx, tx, claims.UserID, *req.Username)`
			`if err != nil {`
			`switch err {`
			`case db.ErrUsernameTaken:`
			`return server.APIError{Code: server.ErrUsernameTaken}`
			`case db.ErrInvalidUsername:`
			`return server.APIError{Code: server.ErrInvalidUsername}`
			`default:`
			`return errors.Wrap(err, "updating username")`
			`}`
			`}`
			`}`

feat: hashes in avatar file names (closes #19) 2023-03-12 18:04:09 -07:00			`u, err = s.DB.UpdateUser(ctx, tx, claims.UserID, req.DisplayName, req.Bio, req.Links, avatarHash)`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`if err != nil && errors.Cause(err) != db.ErrNothingToUpdate {`
			`log.Errorf("updating user: %v", err)`
			`return err`
			`}`

feat: read/write improved names/pronouns for users, read/write improved fields/names/pronouns for members 2023-01-30 15:50:17 -08:00			`if req.Names != nil \|\| req.Pronouns != nil {`
			`names := u.Names`
			`pronouns := u.Pronouns`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00
feat: read/write improved names/pronouns for users, read/write improved fields/names/pronouns for members 2023-01-30 15:50:17 -08:00			`if req.Names != nil {`
			`names = *req.Names`
			`}`
			`if req.Pronouns != nil {`
			`pronouns = *req.Pronouns`
fix: make PATCH /users/@me work with names/pronouns 2022-09-15 15:48:43 -07:00			`}`

feat: read/write improved names/pronouns for users, read/write improved fields/names/pronouns for members 2023-01-30 15:50:17 -08:00			`err = s.DB.SetUserNamesPronouns(ctx, tx, claims.UserID, names, pronouns)`
fix: make PATCH /users/@me work with names/pronouns 2022-09-15 15:48:43 -07:00			`if err != nil {`
feat: read/write improved names/pronouns for users, read/write improved fields/names/pronouns for members 2023-01-30 15:50:17 -08:00			`log.Errorf("setting names for member %v: %v", claims.UserID, err)`
fix: make PATCH /users/@me work with names/pronouns 2022-09-15 15:48:43 -07:00			`return err`
			`}`
feat: read/write improved names/pronouns for users, read/write improved fields/names/pronouns for members 2023-01-30 15:50:17 -08:00			`u.Names = names`
			`u.Pronouns = pronouns`
fix: make PATCH /users/@me work with names/pronouns 2022-09-15 15:48:43 -07:00			`}`

feat: read/write improved names/pronouns for users, read/write improved fields/names/pronouns for members 2023-01-30 15:50:17 -08:00			`var fields []db.Field`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`if req.Fields != nil {`
			`err = s.DB.SetUserFields(ctx, tx, claims.UserID, *req.Fields)`
			`if err != nil {`
			`log.Errorf("setting fields for user %v: %v", claims.UserID, err)`
			`return err`
			`}`
fix: make PATCH /users/@me work with names/pronouns 2022-09-15 15:48:43 -07:00			`fields = *req.Fields`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`} else {`
			`fields, err = s.DB.UserFields(ctx, claims.UserID)`
			`if err != nil {`
			`log.Errorf("getting fields for user %v: %v", claims.UserID, err)`
			`return err`
			`}`
			`}`

			`err = tx.Commit(ctx)`
			`if err != nil {`
			`log.Errorf("committing transaction: %v", err)`
			`return err`
			`}`

fix(backend): return fedi info in /users/@me routes 2023-03-17 06:14:31 -07:00			`// get fedi instance name if the user has a linked fedi account`
			`var fediInstance *string`
			`if u.FediverseAppID != nil {`
			`app, err := s.DB.FediverseAppByID(ctx, *u.FediverseAppID)`
			`if err == nil {`
			`fediInstance = &app.Instance`
			`}`
			`}`

feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`// echo the updated user back on success`
feat(backend): add max invites to /users/@me responses, use token ID for DELETE /auth/tokens/{id} 2023-03-13 09:01:36 -07:00			`render.JSON(w, r, GetMeResponse{`
fix(backend): return fedi info in /users/@me routes 2023-03-17 06:14:31 -07:00			`GetUserResponse: dbUserToResponse(u, fields, nil),`
			`MaxInvites: u.MaxInvites,`
			`Discord: u.Discord,`
			`DiscordUsername: u.DiscordUsername,`
			`Fediverse: u.Fediverse,`
			`FediverseUsername: u.FediverseUsername,`
			`FediverseInstance: fediInstance,`
feat(backend): add max invites to /users/@me responses, use token ID for DELETE /auth/tokens/{id} 2023-03-13 09:01:36 -07:00			`})`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`return nil`
			`}`

			`type validator interface {`
			`Validate() string`
			`}`

			`// validateSlicePtr validates a slice of validators.`
			`// If the slice is nil, a nil error is returned (assuming that the field is not required)`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`func validateSlicePtr[T validator](typ string, slice []T) server.APIError {`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`if slice == nil {`
			`return nil`
			`}`

feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`max := db.MaxFields`
			`if typ != "field" {`
			`max = db.FieldEntriesLimit`
			`}`

feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`// max 25 fields`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`if len(*slice) > max {`
			`return &server.APIError{`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`Code: server.ErrBadRequest,`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`Details: fmt.Sprintf("Too many %ss (max %d, current %d)", typ, max, len(*slice)),`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`}`
			`}`

			`// validate all fields`
			`for i, pronouns := range *slice {`
			`if s := pronouns.Validate(); s != "" {`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`return &server.APIError{`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`Code: server.ErrBadRequest,`
fix(backend): return 400 error on bad request, not 500 2023-03-13 17:30:46 -07:00			`Details: fmt.Sprintf("%s %d: %s", typ, i+1, s),`
feat: add user names/pronouns to GET /users/{userRef} and PATCH /users/@me 2022-09-08 05:00:41 -07:00			`}`
			`}`
			`}`

feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 05:54:15 -07:00			`return nil`
			`}`