403 lines
11 KiB
Go
403 lines
11 KiB
Go
package member
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"codeberg.org/pronounscc/pronouns.cc/backend/common"
|
|
"codeberg.org/pronounscc/pronouns.cc/backend/db"
|
|
"codeberg.org/pronounscc/pronouns.cc/backend/log"
|
|
"codeberg.org/pronounscc/pronouns.cc/backend/server"
|
|
"emperror.dev/errors"
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/go-chi/render"
|
|
"github.com/jackc/pgx/v5"
|
|
"github.com/rs/xid"
|
|
)
|
|
|
|
type PatchMemberRequest struct {
|
|
Name *string `json:"name"`
|
|
Bio *string `json:"bio"`
|
|
DisplayName *string `json:"display_name"`
|
|
Links *[]string `json:"links"`
|
|
Names *[]db.FieldEntry `json:"names"`
|
|
Pronouns *[]db.PronounEntry `json:"pronouns"`
|
|
Fields *[]db.Field `json:"fields"`
|
|
Avatar *string `json:"avatar"`
|
|
Unlisted *bool `json:"unlisted"`
|
|
Flags *[]xid.ID `json:"flags"`
|
|
}
|
|
|
|
func (s *Server) patchMember(w http.ResponseWriter, r *http.Request) error {
|
|
ctx := r.Context()
|
|
|
|
claims, _ := server.ClaimsFromContext(ctx)
|
|
|
|
if !claims.TokenWrite {
|
|
return server.APIError{Code: server.ErrMissingPermissions, Details: "This token is read-only"}
|
|
}
|
|
|
|
u, err := s.DB.User(ctx, claims.UserID)
|
|
if err != nil {
|
|
return errors.Wrap(err, "getting user")
|
|
}
|
|
|
|
var m db.Member
|
|
if id, err := xid.FromString(chi.URLParam(r, "memberRef")); err == nil {
|
|
log.Debugf("%v/%v is xid", chi.URLParam(r, "memberRef"), id)
|
|
|
|
m, err = s.DB.Member(ctx, id)
|
|
if err != nil {
|
|
if err == db.ErrMemberNotFound {
|
|
return server.APIError{Code: server.ErrMemberNotFound}
|
|
}
|
|
|
|
return errors.Wrap(err, "getting member")
|
|
}
|
|
} else {
|
|
id, err := common.ParseSnowflake(chi.URLParam(r, "memberRef"))
|
|
if err != nil {
|
|
return server.APIError{Code: server.ErrMemberNotFound}
|
|
}
|
|
|
|
m, err = s.DB.MemberBySnowflake(ctx, common.MemberID(id))
|
|
if err != nil {
|
|
if err == db.ErrMemberNotFound {
|
|
return server.APIError{Code: server.ErrMemberNotFound}
|
|
}
|
|
|
|
return errors.Wrap(err, "getting member")
|
|
}
|
|
}
|
|
|
|
if m.UserID != claims.UserID {
|
|
return server.APIError{Code: server.ErrNotOwnMember}
|
|
}
|
|
|
|
var req PatchMemberRequest
|
|
err = render.Decode(r, &req)
|
|
if err != nil {
|
|
return server.APIError{Code: server.ErrBadRequest}
|
|
}
|
|
|
|
// validate that *something* is set
|
|
if req.DisplayName == nil &&
|
|
req.Name == nil &&
|
|
req.Bio == nil &&
|
|
req.Unlisted == nil &&
|
|
req.Links == nil &&
|
|
req.Fields == nil &&
|
|
req.Names == nil &&
|
|
req.Pronouns == nil &&
|
|
req.Avatar == nil &&
|
|
req.Flags == nil {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: "Data must not be empty",
|
|
}
|
|
}
|
|
|
|
// trim whitespace from strings
|
|
if req.Name != nil {
|
|
*req.Name = strings.TrimSpace(*req.Name)
|
|
}
|
|
if req.DisplayName != nil {
|
|
*req.DisplayName = strings.TrimSpace(*req.DisplayName)
|
|
}
|
|
if req.Bio != nil {
|
|
*req.Bio = strings.TrimSpace(*req.Bio)
|
|
}
|
|
|
|
if req.Name != nil && *req.Name == "" {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: "Name must not be empty",
|
|
}
|
|
} else if req.Name != nil && len(*req.Name) > 100 {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: "Name may not be longer than 100 characters",
|
|
}
|
|
}
|
|
|
|
// validate member name
|
|
if req.Name != nil {
|
|
if !db.MemberNameValid(*req.Name) {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: "Member name cannot contain any of the following: @, \\, ?, !, #, /, \\, [, ], \", ', $, %, &, (, ), +, <, =, >, ^, |, ~, `, , and cannot be one or two periods.",
|
|
}
|
|
}
|
|
}
|
|
|
|
// validate display name/bio
|
|
if common.StringLength(req.Name) > db.MaxMemberNameLength {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("Name name too long (max %d, current %d)", db.MaxMemberNameLength, common.StringLength(req.Name)),
|
|
}
|
|
}
|
|
if common.StringLength(req.DisplayName) > db.MaxDisplayNameLength {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("Display name too long (max %d, current %d)", db.MaxDisplayNameLength, common.StringLength(req.DisplayName)),
|
|
}
|
|
}
|
|
if common.StringLength(req.Bio) > db.MaxUserBioLength {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("Bio too long (max %d, current %d)", db.MaxUserBioLength, common.StringLength(req.Name)),
|
|
}
|
|
}
|
|
|
|
// validate links
|
|
if req.Links != nil {
|
|
if len(*req.Links) > db.MaxUserLinksLength {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("Too many links (max %d, current %d)", db.MaxUserLinksLength, len(*req.Links)),
|
|
}
|
|
}
|
|
|
|
for i, link := range *req.Links {
|
|
if len(link) > db.MaxLinkLength {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("Link %d too long (max %d, current %d)", i, db.MaxLinkLength, len(link)),
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// validate flag length
|
|
if req.Flags != nil {
|
|
if len(*req.Flags) > db.MaxPrideFlags {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: fmt.Sprintf("Too many flags (max %d, current %d)", len(*req.Flags), db.MaxPrideFlags),
|
|
}
|
|
}
|
|
}
|
|
|
|
if err := validateSlicePtr("name", req.Names, u.CustomPreferences); err != nil {
|
|
return *err
|
|
}
|
|
|
|
if err := validateSlicePtr("pronoun", req.Pronouns, u.CustomPreferences); err != nil {
|
|
return *err
|
|
}
|
|
|
|
if err := validateSlicePtr("field", req.Fields, u.CustomPreferences); err != nil {
|
|
return *err
|
|
}
|
|
|
|
// update avatar
|
|
var avatarHash *string = nil
|
|
if req.Avatar != nil {
|
|
if *req.Avatar == "" {
|
|
if m.Avatar != nil {
|
|
err = s.DB.DeleteMemberAvatar(ctx, m.ID, *m.Avatar)
|
|
if err != nil {
|
|
log.Errorf("deleting member avatar: %v", err)
|
|
return errors.Wrap(err, "deleting avatar")
|
|
}
|
|
}
|
|
avatarHash = req.Avatar
|
|
} else {
|
|
webp, jpg, err := s.DB.ConvertAvatar(*req.Avatar)
|
|
if err != nil {
|
|
if err == db.ErrInvalidDataURI {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: "invalid avatar data URI",
|
|
}
|
|
} else if err == db.ErrInvalidContentType {
|
|
return server.APIError{
|
|
Code: server.ErrBadRequest,
|
|
Details: "invalid avatar content type",
|
|
}
|
|
}
|
|
|
|
log.Errorf("converting member avatar: %v", err)
|
|
return errors.Wrap(err, "converting member avatar")
|
|
}
|
|
|
|
hash, err := s.DB.WriteMemberAvatar(ctx, m.ID, webp, jpg)
|
|
if err != nil {
|
|
log.Errorf("uploading member avatar: %v", err)
|
|
return errors.Wrap(err, "writing member avatar")
|
|
}
|
|
avatarHash = &hash
|
|
|
|
// delete current avatar if member has one
|
|
if m.Avatar != nil {
|
|
err = s.DB.DeleteMemberAvatar(ctx, m.ID, *m.Avatar)
|
|
if err != nil {
|
|
log.Errorf("deleting existing avatar: %v", err)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// start transaction
|
|
tx, err := s.DB.Begin(ctx)
|
|
if err != nil {
|
|
log.Errorf("creating transaction: %v", err)
|
|
return errors.Wrap(err, "creating transaction")
|
|
}
|
|
defer func() {
|
|
err := tx.Rollback(ctx)
|
|
if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
|
|
log.Error("rolling back transaction:", err)
|
|
}
|
|
}()
|
|
|
|
m, err = s.DB.UpdateMember(ctx, tx, m.ID, req.Name, req.DisplayName, req.Bio, req.Unlisted, req.Links, avatarHash)
|
|
if err != nil {
|
|
switch errors.Cause(err) {
|
|
case db.ErrNothingToUpdate:
|
|
case db.ErrMemberNameInUse:
|
|
return server.APIError{Code: server.ErrMemberNameInUse}
|
|
default:
|
|
log.Errorf("updating member: %v", err)
|
|
return errors.Wrap(err, "updating member in db")
|
|
}
|
|
|
|
}
|
|
|
|
if req.Names != nil || req.Pronouns != nil {
|
|
names := m.Names
|
|
pronouns := m.Pronouns
|
|
|
|
if req.Names != nil {
|
|
names = *req.Names
|
|
}
|
|
if req.Pronouns != nil {
|
|
pronouns = *req.Pronouns
|
|
}
|
|
|
|
err = s.DB.SetMemberNamesPronouns(ctx, tx, m.ID, names, pronouns)
|
|
if err != nil {
|
|
log.Errorf("setting names for member %v: %v", m.ID, err)
|
|
return errors.Wrap(err, "setting names/pronouns")
|
|
}
|
|
m.Names = names
|
|
m.Pronouns = pronouns
|
|
}
|
|
|
|
var fields []db.Field
|
|
if req.Fields != nil {
|
|
err = s.DB.SetMemberFields(ctx, tx, m.ID, *req.Fields)
|
|
if err != nil {
|
|
log.Errorf("setting fields for member %v: %v", m.ID, err)
|
|
return errors.Wrap(err, "setting fields")
|
|
}
|
|
fields = *req.Fields
|
|
} else {
|
|
fields, err = s.DB.MemberFields(ctx, m.ID)
|
|
if err != nil {
|
|
log.Errorf("getting fields for member %v: %v", m.ID, err)
|
|
return errors.Wrap(err, "getting fields")
|
|
}
|
|
}
|
|
|
|
// update flags
|
|
if req.Flags != nil {
|
|
err = s.DB.SetMemberFlags(ctx, tx, m.ID, *req.Flags)
|
|
if err != nil {
|
|
if err == db.ErrInvalidFlagID {
|
|
return server.APIError{Code: server.ErrBadRequest, Details: "One or more flag IDs are unknown"}
|
|
}
|
|
|
|
log.Errorf("updating flags for member %v: %v", m.ID, err)
|
|
return errors.Wrap(err, "updating flags")
|
|
}
|
|
}
|
|
|
|
// update last active time
|
|
err = s.DB.UpdateActiveTime(ctx, tx, claims.UserID)
|
|
if err != nil {
|
|
log.Errorf("updating last active time for user %v: %v", claims.UserID, err)
|
|
return errors.Wrap(err, "updating last active time")
|
|
}
|
|
|
|
err = tx.Commit(ctx)
|
|
if err != nil {
|
|
log.Errorf("committing transaction: %v", err)
|
|
return errors.Wrap(err, "committing transaction")
|
|
}
|
|
|
|
// get flags to return (we need to return full flag objects, not the array of IDs in the request body)
|
|
flags, err := s.DB.MemberFlags(ctx, m.ID)
|
|
if err != nil {
|
|
log.Errorf("getting user flags: %v", err)
|
|
return errors.Wrap(err, "getting flags")
|
|
}
|
|
|
|
// echo the updated member back on success
|
|
render.JSON(w, r, dbMemberToMember(u, m, fields, flags, true))
|
|
return nil
|
|
}
|
|
|
|
func (s *Server) rerollMemberSID(w http.ResponseWriter, r *http.Request) (err error) {
|
|
ctx := r.Context()
|
|
|
|
claims, _ := server.ClaimsFromContext(ctx)
|
|
|
|
if !claims.TokenWrite {
|
|
return server.APIError{Code: server.ErrMissingPermissions, Details: "This token is read-only"}
|
|
}
|
|
|
|
var m db.Member
|
|
if id, err := xid.FromString(chi.URLParam(r, "memberRef")); err == nil {
|
|
m, err = s.DB.Member(ctx, id)
|
|
if err != nil {
|
|
if err == db.ErrMemberNotFound {
|
|
return server.APIError{Code: server.ErrMemberNotFound}
|
|
}
|
|
|
|
log.Errorf("getting user %v: %v", id, err)
|
|
return errors.Wrap(err, "getting user")
|
|
}
|
|
} else {
|
|
id, err := common.ParseSnowflake(chi.URLParam(r, "memberRef"))
|
|
if err != nil {
|
|
return server.APIError{Code: server.ErrMemberNotFound}
|
|
}
|
|
|
|
m, err = s.DB.MemberBySnowflake(ctx, common.MemberID(id))
|
|
if err != nil {
|
|
if err == db.ErrMemberNotFound {
|
|
return server.APIError{Code: server.ErrMemberNotFound}
|
|
}
|
|
|
|
log.Errorf("getting user %v: %v", id, err)
|
|
return errors.Wrap(err, "getting user")
|
|
}
|
|
}
|
|
|
|
u, err := s.DB.User(ctx, claims.UserID)
|
|
if err != nil {
|
|
return errors.Wrap(err, "getting user")
|
|
}
|
|
|
|
if m.UserID != claims.UserID {
|
|
return server.APIError{Code: server.ErrNotOwnMember}
|
|
}
|
|
|
|
if time.Now().Add(-time.Hour).Before(u.LastSIDReroll) {
|
|
return server.APIError{Code: server.ErrRerollingTooQuickly}
|
|
}
|
|
|
|
newID, err := s.DB.RerollMemberSID(ctx, u.ID, m.ID)
|
|
if err != nil {
|
|
return errors.Wrap(err, "updating member SID")
|
|
}
|
|
|
|
m.SID = newID
|
|
render.JSON(w, r, dbMemberToMember(u, m, nil, nil, true))
|
|
return nil
|
|
}
|