pronounsfu/backend/db/user.go

512 lines
12 KiB
Go

package db
import (
"context"
"crypto/sha256"
"encoding/hex"
"regexp"
"time"
"emperror.dev/errors"
"github.com/bwmarrin/discordgo"
"github.com/georgysavva/scany/pgxscan"
"github.com/jackc/pgconn"
"github.com/jackc/pgx/v4"
"github.com/rs/xid"
)
type User struct {
ID xid.ID
Username string
DisplayName *string
Bio *string
Avatar *string
Links []string
Names []FieldEntry
Pronouns []PronounEntry
Discord *string
DiscordUsername *string
Fediverse *string
FediverseUsername *string
FediverseAppID *int64
FediverseInstance *string
MaxInvites int
IsAdmin bool
DeletedAt *time.Time
SelfDelete *bool
DeleteReason *string
}
func (u User) NumProviders() (numProviders int) {
if u.Discord != nil {
numProviders++
}
if u.Fediverse != nil {
numProviders++
}
return numProviders
}
// usernames must match this regex
var usernameRegex = regexp.MustCompile(`^[\w-.]{2,40}$`)
const (
ErrUserNotFound = errors.Sentinel("user not found")
ErrUsernameTaken = errors.Sentinel("username is already taken")
ErrInvalidUsername = errors.Sentinel("username contains invalid characters")
ErrUsernameTooShort = errors.Sentinel("username is too short")
ErrUsernameTooLong = errors.Sentinel("username is too long")
)
const (
MaxUsernameLength = 40
MaxDisplayNameLength = 100
MaxUserBioLength = 1000
MaxUserLinksLength = 25
MaxLinkLength = 256
)
const (
SelfDeleteAfter = 30 * 24 * time.Hour
ModDeleteAfter = 180 * 24 * time.Hour
)
// CreateUser creates a user with the given username.
func (db *DB) CreateUser(ctx context.Context, tx pgx.Tx, username string) (u User, err error) {
// check if the username is valid
// if not, return an error depending on what failed
if !usernameRegex.MatchString(username) {
if len(username) < 2 {
return u, ErrUsernameTooShort
} else if len(username) > 40 {
return u, ErrUsernameTooLong
}
return u, ErrInvalidUsername
}
sql, args, err := sq.Insert("users").Columns("id", "username").Values(xid.New(), username).Suffix("RETURNING *").ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, tx, &u, sql, args...)
if err != nil {
pge := &pgconn.PgError{}
if errors.As(err, &pge) {
// unique constraint violation
if pge.Code == "23505" {
return u, ErrUsernameTaken
}
}
return u, errors.Cause(err)
}
return u, nil
}
func (db *DB) FediverseUser(ctx context.Context, userID string, instanceAppID int64) (u User, err error) {
sql, args, err := sq.Select("*", "(SELECT instance FROM fediverse_apps WHERE id = users.fediverse_app_id) AS fediverse_instance").
From("users").
Where("fediverse = ?", userID).Where("fediverse_app_id = ?", instanceAppID).
ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, db, &u, sql, args...)
if err != nil {
if errors.Cause(err) == pgx.ErrNoRows {
return u, ErrUserNotFound
}
return u, errors.Wrap(err, "executing query")
}
return u, nil
}
func (u *User) UpdateFromFedi(ctx context.Context, ex Execer, userID, username string, appID int64) error {
sql, args, err := sq.Update("users").
Set("fediverse", userID).
Set("fediverse_username", username).
Set("fediverse_app_id", appID).
Where("id = ?", u.ID).
ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = ex.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
u.Fediverse = &userID
u.FediverseUsername = &username
u.FediverseAppID = &appID
return nil
}
func (u *User) UnlinkFedi(ctx context.Context, ex Execer) error {
sql, args, err := sq.Update("users").
Set("fediverse", nil).
Set("fediverse_username", nil).
Set("fediverse_app_id", nil).
Where("id = ?", u.ID).
ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = ex.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
u.Fediverse = nil
u.FediverseUsername = nil
u.FediverseAppID = nil
return nil
}
// DiscordUser fetches a user by Discord user ID.
func (db *DB) DiscordUser(ctx context.Context, discordID string) (u User, err error) {
sql, args, err := sq.Select("*", "(SELECT instance FROM fediverse_apps WHERE id = users.fediverse_app_id) AS fediverse_instance").
From("users").Where("discord = ?", discordID).ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, db, &u, sql, args...)
if err != nil {
if errors.Cause(err) == pgx.ErrNoRows {
return u, ErrUserNotFound
}
return u, errors.Wrap(err, "executing query")
}
return u, nil
}
func (u *User) UpdateFromDiscord(ctx context.Context, ex Execer, du *discordgo.User) error {
sql, args, err := sq.Update("users").
Set("discord", du.ID).
Set("discord_username", du.String()).
Where("id = ?", u.ID).
ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = ex.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
u.Discord = &du.ID
username := du.String()
u.DiscordUsername = &username
return nil
}
func (u *User) UnlinkDiscord(ctx context.Context, ex Execer) error {
sql, args, err := sq.Update("users").
Set("discord", nil).
Set("discord_username", nil).
Where("id = ?", u.ID).
ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = ex.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
u.Discord = nil
u.DiscordUsername = nil
return nil
}
// User gets a user by ID.
func (db *DB) User(ctx context.Context, id xid.ID) (u User, err error) {
sql, args, err := sq.Select("*", "(SELECT instance FROM fediverse_apps WHERE id = users.fediverse_app_id) AS fediverse_instance").
From("users").Where("id = ?", id).ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, db, &u, sql, args...)
if err != nil {
if errors.Cause(err) == pgx.ErrNoRows {
return u, ErrUserNotFound
}
return u, errors.Wrap(err, "getting user from db")
}
return u, nil
}
// Username gets a user by username.
func (db *DB) Username(ctx context.Context, name string) (u User, err error) {
sql, args, err := sq.Select("*").From("users").Where("username = ?", name).ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, db, &u, sql, args...)
if err != nil {
if errors.Cause(err) == pgx.ErrNoRows {
return u, ErrUserNotFound
}
return u, errors.Wrap(err, "getting user from db")
}
return u, nil
}
// UsernameTaken checks if the given username is already taken.
func (db *DB) UsernameTaken(ctx context.Context, username string) (valid, taken bool, err error) {
if !usernameRegex.MatchString(username) {
return false, false, nil
}
err = db.QueryRow(ctx, "select exists (select id from users where username = $1)", username).Scan(&taken)
return true, taken, err
}
// UpdateUsername validates the given username, then updates the given user's name to it if valid.
func (db *DB) UpdateUsername(ctx context.Context, tx pgx.Tx, id xid.ID, newName string) error {
if !usernameRegex.MatchString(newName) {
return ErrInvalidUsername
}
sql, args, err := sq.Update("users").Set("username", newName).Where("id = ?", id).ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = db.Exec(ctx, sql, args...)
if err != nil {
pge := &pgconn.PgError{}
if errors.As(err, &pge) {
// unique constraint violation
if pge.Code == "23505" {
return ErrUsernameTaken
}
}
return errors.Wrap(err, "executing query")
}
return nil
}
func (db *DB) UpdateUser(
ctx context.Context,
tx pgx.Tx, id xid.ID,
displayName, bio *string,
links *[]string,
avatar *string,
) (u User, err error) {
if displayName == nil && bio == nil && links == nil && avatar == nil {
sql, args, err := sq.Select("*").From("users").Where("id = ?", id).ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, db, &u, sql, args...)
if err != nil {
return u, errors.Wrap(err, "getting user from db")
}
return u, nil
}
builder := sq.Update("users").Where("id = ?", id).Suffix("RETURNING *")
if displayName != nil {
if *displayName == "" {
builder = builder.Set("display_name", nil)
} else {
builder = builder.Set("display_name", *displayName)
}
}
if bio != nil {
if *bio == "" {
builder = builder.Set("bio", nil)
} else {
builder = builder.Set("bio", *bio)
}
}
if links != nil {
builder = builder.Set("links", *links)
}
if avatar != nil {
if *avatar == "" {
builder = builder.Set("avatar", nil)
} else {
builder = builder.Set("avatar", avatar)
}
}
sql, args, err := builder.ToSql()
if err != nil {
return u, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, tx, &u, sql, args...)
if err != nil {
return u, errors.Wrap(err, "executing sql")
}
return u, nil
}
func (db *DB) DeleteUser(ctx context.Context, tx pgx.Tx, id xid.ID, selfDelete bool, reason string) error {
builder := sq.Update("users").Set("deleted_at", time.Now().UTC()).Set("self_delete", selfDelete).Where("id = ?", id)
if !selfDelete {
builder = builder.Set("delete_reason", reason)
}
sql, args, err := builder.ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = tx.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
return nil
}
func (db *DB) UndoDeleteUser(ctx context.Context, id xid.ID) error {
sql, args, err := sq.Update("users").
Set("deleted_at", nil).
Set("self_delete", nil).
Set("delete_reason", nil).
Where("id = ?", id).ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = db.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
return nil
}
func (db *DB) ForceDeleteUser(ctx context.Context, id xid.ID) error {
sql, args, err := sq.Delete("users").Where("id = ?", id).ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = db.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
return nil
}
func (db *DB) DeleteUserMembers(ctx context.Context, tx pgx.Tx, id xid.ID) error {
sql, args, err := sq.Delete("members").Where("user_id = ?", id).ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = tx.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
return nil
}
func (db *DB) ResetUser(ctx context.Context, tx pgx.Tx, id xid.ID) error {
err := db.SetUserFields(ctx, tx, id, []Field{})
if err != nil {
return errors.Wrap(err, "deleting fields")
}
hasher := sha256.New()
_, err = hasher.Write(id.Bytes())
if err != nil {
return errors.Wrap(err, "hashing user id")
}
hash := hex.EncodeToString(hasher.Sum(nil))
sql, args, err := sq.Update("users").
Set("username", "deleted-"+hash).
Set("display_name", nil).
Set("bio", nil).
Set("links", nil).
Set("names", "[]").
Set("pronouns", "[]").
Set("avatar", nil).
Where("id = ?", id).ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = tx.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
return nil
}
func (db *DB) CleanUser(ctx context.Context, id xid.ID) error {
u, err := db.User(ctx, id)
if err != nil {
return errors.Wrap(err, "getting user")
}
if u.Avatar != nil {
err = db.DeleteUserAvatar(ctx, u.ID, *u.Avatar)
if err != nil {
return errors.Wrap(err, "deleting user avatar")
}
}
var exports []DataExport
err = pgxscan.Select(ctx, db, &exports, "SELECT * FROM data_exports WHERE user_id = $1", u.ID)
if err != nil {
return errors.Wrap(err, "getting export iles")
}
for _, de := range exports {
err = db.DeleteExport(ctx, de)
if err != nil {
continue
}
}
members, err := db.UserMembers(ctx, u.ID)
if err != nil {
return errors.Wrap(err, "getting members")
}
for _, m := range members {
if m.Avatar == nil {
continue
}
err = db.DeleteMemberAvatar(ctx, m.ID, *m.Avatar)
if err != nil {
continue
}
}
return nil
}