411 lines
11 KiB
Go
411 lines
11 KiB
Go
package user
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"time"
|
|
|
|
"codeberg.org/pronounscc/pronouns.cc/backend/common"
|
|
"codeberg.org/pronounscc/pronouns.cc/backend/db"
|
|
"codeberg.org/pronounscc/pronouns.cc/backend/log"
|
|
"codeberg.org/pronounscc/pronouns.cc/backend/server"
|
|
"emperror.dev/errors"
|
|
"github.com/go-chi/render"
|
|
"github.com/google/uuid"
|
|
"github.com/rs/xid"
|
|
)
|
|
|
|
type PatchUserRequest struct {
|
|
Username *string `json:"name"`
|
|
DisplayName *string `json:"display_name"`
|
|
Bio *string `json:"bio"`
|
|
MemberTitle *string `json:"member_title"`
|
|
Links *[]string `json:"links"`
|
|
Names *[]db.FieldEntry `json:"names"`
|
|
Pronouns *[]db.PronounEntry `json:"pronouns"`
|
|
Fields *[]db.Field `json:"fields"`
|
|
Avatar *string `json:"avatar"`
|
|
Timezone *string `json:"timezone"`
|
|
ListPrivate *bool `json:"list_private"`
|
|
CustomPreferences *db.CustomPreferences `json:"custom_preferences"`
|
|
Flags *[]xid.ID `json:"flags"`
|
|
}
|
|
|
|
// patchUser parses a PatchUserRequest and updates the user with the given ID.
|
|
func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
|
|
ctx := r.Context()
|
|
|
|
claims, _ := server.ClaimsFromContext(ctx)
|
|
|
|
if !claims.TokenWrite {
|
|
return server.APIError{Code: server.ErrMissingPermissions, Details: "This token is read-only"}
|
|
}
|
|
|
|
var req PatchUserRequest
|
|
err := render.Decode(r, &req)
|
|
if err != nil {
|
|
return server.APIError{Code: server.ErrBadRequest}
|
|
}
|
|
|
|
// get existing user, for comparison later
|
|
u, err := s.DB.User(ctx, claims.UserID)
|
|
if err != nil {
|
|
return errors.Wrap(err, "getting existing user")
|
|
}
|
|
|
|
// validate that *something* is set
|
|
if req.Username == nil &&
|
|
req.DisplayName == nil &&
|
|
req.Bio == nil &&
|
|
req.MemberTitle == nil &&
|
|
req.ListPrivate == nil &&
|
|
req.Links == nil &&
|
|
req.Fields == nil &&
|
|
req.Names == nil &&
|
|
req.Pronouns == nil &&
|
|
req.Avatar == nil &&
|
|
req.CustomPreferences == nil &&
|
|
req.Flags == nil {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: "Data must not be empty",
|
|
}
|
|
}
|
|
|
|
// validate display name/bio
|
|
if common.StringLength(req.Username) > db.MaxUsernameLength {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("Name name too long (max %d, current %d)", db.MaxUsernameLength, common.StringLength(req.Username)),
|
|
}
|
|
}
|
|
if common.StringLength(req.DisplayName) > db.MaxDisplayNameLength {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("Display name too long (max %d, current %d)", db.MaxDisplayNameLength, common.StringLength(req.DisplayName)),
|
|
}
|
|
}
|
|
if common.StringLength(req.Bio) > db.MaxUserBioLength {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("Bio too long (max %d, current %d)", db.MaxUserBioLength, common.StringLength(req.Bio)),
|
|
}
|
|
}
|
|
|
|
// validate timezone
|
|
if req.Timezone != nil {
|
|
if *req.Timezone != "" {
|
|
_, err := time.LoadLocation(*req.Timezone)
|
|
if err != nil {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("%q is not a valid timezone", *req.Timezone),
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// validate links
|
|
if req.Links != nil {
|
|
if len(*req.Links) > db.MaxUserLinksLength {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("Too many links (max %d, current %d)", db.MaxUserLinksLength, len(*req.Links)),
|
|
}
|
|
}
|
|
|
|
for i, link := range *req.Links {
|
|
if len(link) > db.MaxLinkLength {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("Link %d too long (max %d, current %d)", i, db.MaxLinkLength, len(link)),
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// validate flag length
|
|
if req.Flags != nil {
|
|
if len(*req.Flags) > db.MaxPrideFlags {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("Too many flags (max %d, current %d)", len(*req.Flags), db.MaxPrideFlags),
|
|
}
|
|
}
|
|
}
|
|
|
|
// validate custom preferences
|
|
if req.CustomPreferences != nil {
|
|
if count := len(*req.CustomPreferences); count > db.MaxFields {
|
|
return server.APIError{Code: server.ErrBadRequest, Details: fmt.Sprintf("Too many custom preferences (max %d, current %d)", db.MaxFields, count)}
|
|
}
|
|
|
|
for k, v := range *req.CustomPreferences {
|
|
_, err := uuid.Parse(k)
|
|
if err != nil {
|
|
return server.APIError{Code: server.ErrBadRequest, Details: "One or more custom preference IDs is not a UUID."}
|
|
}
|
|
if s := v.Validate(); s != "" {
|
|
return server.APIError{Code: server.ErrBadRequest, Details: s}
|
|
}
|
|
}
|
|
}
|
|
customPreferences := u.CustomPreferences
|
|
if req.CustomPreferences != nil {
|
|
customPreferences = *req.CustomPreferences
|
|
}
|
|
|
|
if err := validateSlicePtr("name", req.Names, customPreferences); err != nil {
|
|
return *err
|
|
}
|
|
|
|
if err := validateSlicePtr("pronoun", req.Pronouns, customPreferences); err != nil {
|
|
return *err
|
|
}
|
|
|
|
if err := validateSlicePtr("field", req.Fields, customPreferences); err != nil {
|
|
return *err
|
|
}
|
|
|
|
// update avatar
|
|
var avatarHash *string = nil
|
|
if req.Avatar != nil {
|
|
if *req.Avatar == "" {
|
|
if u.Avatar != nil {
|
|
err = s.DB.DeleteUserAvatar(ctx, u.ID, *u.Avatar)
|
|
if err != nil {
|
|
log.Errorf("deleting user avatar: %v", err)
|
|
return errors.Wrap(err, "deleting avatar")
|
|
}
|
|
}
|
|
avatarHash = req.Avatar
|
|
} else {
|
|
webp, jpg, err := s.DB.ConvertAvatar(*req.Avatar)
|
|
if err != nil {
|
|
if err == db.ErrInvalidDataURI {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: "invalid avatar data URI",
|
|
}
|
|
} else if err == db.ErrInvalidContentType {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: "invalid avatar content type",
|
|
}
|
|
}
|
|
|
|
log.Errorf("converting user avatar: %v", err)
|
|
return err
|
|
}
|
|
|
|
hash, err := s.DB.WriteUserAvatar(ctx, claims.UserID, webp, jpg)
|
|
if err != nil {
|
|
log.Errorf("uploading user avatar: %v", err)
|
|
return err
|
|
}
|
|
avatarHash = &hash
|
|
|
|
// delete current avatar if user has one
|
|
if u.Avatar != nil {
|
|
err = s.DB.DeleteUserAvatar(ctx, claims.UserID, *u.Avatar)
|
|
if err != nil {
|
|
log.Errorf("deleting existing avatar: %v", err)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// start transaction
|
|
tx, err := s.DB.Begin(ctx)
|
|
if err != nil {
|
|
log.Errorf("creating transaction: %v", err)
|
|
return err
|
|
}
|
|
defer tx.Rollback(ctx)
|
|
|
|
// update username
|
|
if req.Username != nil && *req.Username != u.Username {
|
|
err = s.DB.UpdateUsername(ctx, tx, claims.UserID, *req.Username)
|
|
if err != nil {
|
|
switch err {
|
|
case db.ErrUsernameTaken:
|
|
return server.APIError{Code: server.ErrUsernameTaken}
|
|
case db.ErrInvalidUsername:
|
|
return server.APIError{Code: server.ErrInvalidUsername}
|
|
default:
|
|
return errors.Wrap(err, "updating username")
|
|
}
|
|
}
|
|
}
|
|
|
|
u, err = s.DB.UpdateUser(ctx, tx, claims.UserID, req.DisplayName, req.Bio, req.MemberTitle, req.ListPrivate, req.Links, avatarHash, req.Timezone, req.CustomPreferences)
|
|
if err != nil && errors.Cause(err) != db.ErrNothingToUpdate {
|
|
log.Errorf("updating user: %v", err)
|
|
return err
|
|
}
|
|
|
|
if req.Names != nil || req.Pronouns != nil {
|
|
names := u.Names
|
|
pronouns := u.Pronouns
|
|
|
|
if req.Names != nil {
|
|
names = *req.Names
|
|
}
|
|
if req.Pronouns != nil {
|
|
pronouns = *req.Pronouns
|
|
}
|
|
|
|
err = s.DB.SetUserNamesPronouns(ctx, tx, claims.UserID, names, pronouns)
|
|
if err != nil {
|
|
log.Errorf("setting names for member %v: %v", claims.UserID, err)
|
|
return err
|
|
}
|
|
u.Names = names
|
|
u.Pronouns = pronouns
|
|
}
|
|
|
|
var fields []db.Field
|
|
if req.Fields != nil {
|
|
err = s.DB.SetUserFields(ctx, tx, claims.UserID, *req.Fields)
|
|
if err != nil {
|
|
log.Errorf("setting fields for user %v: %v", claims.UserID, err)
|
|
return err
|
|
}
|
|
fields = *req.Fields
|
|
} else {
|
|
fields, err = s.DB.UserFields(ctx, claims.UserID)
|
|
if err != nil {
|
|
log.Errorf("getting fields for user %v: %v", claims.UserID, err)
|
|
return err
|
|
}
|
|
}
|
|
|
|
// update flags
|
|
if req.Flags != nil {
|
|
err = s.DB.SetUserFlags(ctx, tx, claims.UserID, *req.Flags)
|
|
if err != nil {
|
|
if err == db.ErrInvalidFlagID {
|
|
return server.APIError{Code: server.ErrBadRequest, Details: "One or more flag IDs are unknown"}
|
|
}
|
|
|
|
log.Errorf("updating flags for user %v: %v", claims.UserID, err)
|
|
return err
|
|
}
|
|
}
|
|
|
|
// update last active time
|
|
err = s.DB.UpdateActiveTime(ctx, tx, claims.UserID)
|
|
if err != nil {
|
|
log.Errorf("updating last active time for user %v: %v", claims.UserID, err)
|
|
return err
|
|
}
|
|
|
|
err = tx.Commit(ctx)
|
|
if err != nil {
|
|
log.Errorf("committing transaction: %v", err)
|
|
return err
|
|
}
|
|
|
|
// get fedi instance name if the user has a linked fedi account
|
|
var fediInstance *string
|
|
if u.FediverseAppID != nil {
|
|
app, err := s.DB.FediverseAppByID(ctx, *u.FediverseAppID)
|
|
if err == nil {
|
|
fediInstance = &app.Instance
|
|
}
|
|
}
|
|
|
|
// get flags to return (we need to return full flag objects, not the array of IDs in the request body)
|
|
flags, err := s.DB.UserFlags(ctx, u.ID)
|
|
if err != nil {
|
|
log.Errorf("getting user flags: %v", err)
|
|
return err
|
|
}
|
|
|
|
// echo the updated user back on success
|
|
render.JSON(w, r, GetMeResponse{
|
|
GetUserResponse: dbUserToResponse(u, fields, nil, flags),
|
|
CreatedAt: u.ID.Time(),
|
|
Timezone: u.Timezone,
|
|
MaxInvites: u.MaxInvites,
|
|
IsAdmin: u.IsAdmin,
|
|
ListPrivate: u.ListPrivate,
|
|
LastSIDReroll: u.LastSIDReroll,
|
|
Discord: u.Discord,
|
|
DiscordUsername: u.DiscordUsername,
|
|
Tumblr: u.Tumblr,
|
|
TumblrUsername: u.TumblrUsername,
|
|
Google: u.Google,
|
|
GoogleUsername: u.GoogleUsername,
|
|
Fediverse: u.Fediverse,
|
|
FediverseUsername: u.FediverseUsername,
|
|
FediverseInstance: fediInstance,
|
|
})
|
|
return nil
|
|
}
|
|
|
|
type validator interface {
|
|
Validate(custom db.CustomPreferences) string
|
|
}
|
|
|
|
// validateSlicePtr validates a slice of validators.
|
|
// If the slice is nil, a nil error is returned (assuming that the field is not required)
|
|
func validateSlicePtr[T validator](typ string, slice *[]T, custom db.CustomPreferences) *server.APIError {
|
|
if slice == nil {
|
|
return nil
|
|
}
|
|
|
|
max := db.MaxFields
|
|
if typ != "field" {
|
|
max = db.FieldEntriesLimit
|
|
}
|
|
|
|
// max 25 fields
|
|
if len(*slice) > max {
|
|
return &server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("Too many %ss (max %d, current %d)", typ, max, len(*slice)),
|
|
}
|
|
}
|
|
|
|
// validate all fields
|
|
for i, pronouns := range *slice {
|
|
if s := pronouns.Validate(custom); s != "" {
|
|
return &server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("%s %d: %s", typ, i+1, s),
|
|
}
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (s *Server) rerollUserSID(w http.ResponseWriter, r *http.Request) error {
|
|
ctx := r.Context()
|
|
|
|
claims, _ := server.ClaimsFromContext(ctx)
|
|
|
|
if !claims.TokenWrite {
|
|
return server.APIError{Code: server.ErrMissingPermissions, Details: "This token is read-only"}
|
|
}
|
|
|
|
u, err := s.DB.User(ctx, claims.UserID)
|
|
if err != nil {
|
|
return errors.Wrap(err, "getting existing user")
|
|
}
|
|
|
|
if time.Now().Add(-time.Hour).Before(u.LastSIDReroll) {
|
|
return server.APIError{Code: server.ErrRerollingTooQuickly}
|
|
}
|
|
|
|
newID, err := s.DB.RerollUserSID(ctx, u.ID)
|
|
if err != nil {
|
|
return errors.Wrap(err, "updating user SID")
|
|
}
|
|
|
|
u.SID = newID
|
|
render.JSON(w, r, dbUserToResponse(u, nil, nil, nil))
|
|
return nil
|
|
}
|