package httpRequest import ( json2 "encoding/json" "net/http" "time" "go-socket/packages/convertions" "go-socket/packages/globals" "go-socket/packages/minio" "go-socket/packages/cache" "go-socket/packages/passwords" "go-socket/packages/postgresql" "go-socket/packages/tokens" "go-socket/packages/types" "golang.org/x/crypto/bcrypt" ) func HandleUserNewToken(response http.ResponseWriter, request *http.Request) { if !postValidCheckWithResponseOnFail(&response, request, postNormal) { return } username := request.FormValue("username") if len(username) < 4 { http.Error(response, "no or short username", http.StatusBadRequest) return } password := request.FormValue("password") if len(password) < 8 { http.Error(response, "no or short passwords", http.StatusBadRequest) return } var ( user *types.User err error ctx = request.Context() ) user, err = cache.CacheGetUserByName(username) if err != nil { user = &types.User{Name: username} if err = postgresql.UserGetStandardInfoByName(ctx, user); err != nil { http.Error(response, "bad login", http.StatusUnauthorized) return } if err = postgresql.GetWholeUser(ctx, user); err != nil { http.Error(response, err.Error(), http.StatusInternalServerError) return } } err = bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password)) if err != nil { http.Error(response, "bad login", http.StatusUnauthorized) return } token, err := tokens.TokenCreate(user.Id) if err != nil { http.Error(response, "internal server error", http.StatusInternalServerError) return } json, err := json2.Marshal(types.LoginReturn{Token: token, UserId: user.Id}) if err != nil { http.Error(response, "internal server error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusCreated) response.Write(json) } func HandleUserNew(response http.ResponseWriter, request *http.Request) { if !postValidCheckWithResponseOnFail(&response, request, postNormal) { return } username := request.FormValue("username") if len(username) < 4 { http.Error(response, "no or short username", http.StatusBadRequest) return } password := request.FormValue("password") if len(password) < 8 { http.Error(response, "no or short passwords", http.StatusBadRequest) return } hashedPassword, err := passwords.PasswordHash(password) if err != nil { http.Error(response, "internal server error", http.StatusInternalServerError) return } newUser := &types.User{ Name: username, PasswordHash: hashedPassword, Color: types.Rgba{}.GetRandom(), CreatedAt: time.Now(), } ctx := request.Context() err = postgresql.UserSave(ctx, newUser) if err != nil { http.Error(response, "name taken", http.StatusUnauthorized) return } response.WriteHeader(http.StatusCreated) } func HandleUserDelete(response http.ResponseWriter, request *http.Request) { if !postValidCheckWithResponseOnFail(&response, request, postNormal) { return } ctx := request.Context() userId, err := tokens.TokenValidateGetId(request.FormValue("token")) if err != nil { http.Error(response, "invalid token", http.StatusUnauthorized) return } err = postgresql.UserDelete(ctx, userId) if err != nil { http.Error(response, "internal server error", http.StatusInternalServerError) return } cache.CacheDeleteUser(userId) response.WriteHeader(http.StatusAccepted) } func HandleUserModProfile(response http.ResponseWriter, request *http.Request) { if !postValidCheckWithResponseOnFail(&response, request, postNormal) { return } ctx := request.Context() user, err := getUserByToken(ctx, request.FormValue("token")) if err != nil { http.Error(response, "invalid token", http.StatusUnauthorized) return } var updateList types.UserProfileUpdateList if pronouns := request.FormValue("pronouns"); pronouns != "" { if len(pronouns) > 32 { http.Error(response, "pronouns too long", http.StatusBadRequest) return } user.Pronouns = pronouns updateList.Pronouns = true } if description := request.FormValue("description"); description != "" { if len(description) > 256 { http.Error(response, "description too long", http.StatusBadRequest) return } user.Description = description updateList.Description = true } if colorStr := request.FormValue("color"); colorStr != "" { color, err := convertions.StringToRgba(colorStr) if err != nil { http.Error(response, "invalid color", http.StatusBadRequest) return } user.Color = color updateList.Color = true } err = postgresql.UserUpdateProfile(ctx, user, updateList) if err != nil { http.Error(response, "internal server error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) } func HandleUserModAvatar(response http.ResponseWriter, request *http.Request) { if !postValidCheckWithResponseOnFail(&response, request, postAvatar) { return } ctx := request.Context() user, err := getUserByToken(ctx, request.Header.Get("token")) if err != nil { http.Error(response, "invalid token", http.StatusUnauthorized) return } request.Body = http.MaxBytesReader(response, request.Body, int64(globals.MaxPostWithAvatar)) if err = request.ParseMultipartForm(int64(globals.MaxPostBytes)); err != nil { http.Error(response, "invalid multipart form", http.StatusBadRequest) return } file, header, err := request.FormFile("file") if err != nil { http.Error(response, "missing file", http.StatusBadRequest) return } defer file.Close() isImg, contentType, err := isImage(file) if err != nil || !isImg { http.Error(response, "invalid file", http.StatusBadRequest) return } if user.Avatar != "" { err = minio.Delete(ctx, user.Avatar) if err != nil { http.Error(response, "internal server error", http.StatusInternalServerError) return } } key := minio.GetKey(minio.GetKeyOptions{ UserId: user.Id, MimeType: contentType, UploadType: minio.UserAvatar, }) if err = minio.Upload(ctx, key, file, header.Size, contentType, map[string]string{ "originalName": header.Filename, "uploaderId": user.Id.String(), }); err != nil { http.Error(response, "upload failed", http.StatusInternalServerError) return } user.Avatar = key err = postgresql.UserUpdateProfile(ctx, user, types.UserProfileUpdateList{Avatar: true}) if err != nil { http.Error(response, "internal server error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) } func HandleUserModProfileBg(response http.ResponseWriter, request *http.Request) { if !postValidCheckWithResponseOnFail(&response, request, postProfileBg) { return } ctx := request.Context() user, err := getUserByToken(ctx, request.Header.Get("token")) if err != nil { http.Error(response, "invalid token", http.StatusUnauthorized) return } request.Body = http.MaxBytesReader(response, request.Body, int64(globals.MaxPostWithProfileBg)) if err = request.ParseMultipartForm(int64(globals.MaxPostBytes)); err != nil { http.Error(response, "invalid multipart form", http.StatusBadRequest) return } file, header, err := request.FormFile("file") if err != nil { http.Error(response, "missing file", http.StatusBadRequest) return } defer file.Close() isImg, contentType, err := isImage(file) if err != nil || !isImg { http.Error(response, "invalid file", http.StatusBadRequest) return } if user.ProfileBg != "" { err = minio.Delete(ctx, user.ProfileBg) if err != nil { http.Error(response, "internal server error", http.StatusInternalServerError) return } } key := minio.GetKey(minio.GetKeyOptions{ UserId: user.Id, MimeType: contentType, UploadType: minio.UserProfileBg, }) if err = minio.Upload(ctx, key, file, header.Size, contentType, map[string]string{ "originalName": header.Filename, "uploaderId": user.Id.String(), }); err != nil { http.Error(response, "upload failed", http.StatusInternalServerError) return } user.ProfileBg = key err = postgresql.UserUpdateProfile(ctx, user, types.UserProfileUpdateList{ProfileBg: true}) if err != nil { http.Error(response, "internal server error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) } func HandleUserGetUser(response http.ResponseWriter, request *http.Request) { if !postValidCheckWithResponseOnFail(&response, request, postNormal) { return } ctx := request.Context() _, err := getUserByToken(ctx, request.FormValue("token")) if err != nil { http.Error(response, "invalid token", http.StatusUnauthorized) return } targetId, err := convertions.ConvertStringUuid(request.FormValue("targetid")) if err != nil { http.Error(response, "invalid userid", http.StatusUnauthorized) return } target, err := getUserById(ctx, targetId) if err != nil { http.Error(response, "invalid userid", http.StatusUnauthorized) return } json, err := json2.Marshal(target) if err != nil { http.Error(response, "json parse error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) response.Write(json) }