351 lines
8.9 KiB
Go
351 lines
8.9 KiB
Go
package httpRequest
|
|
|
|
import (
|
|
json2 "encoding/json"
|
|
"net/http"
|
|
"time"
|
|
|
|
"go-socket/packages/config"
|
|
"go-socket/packages/convertions"
|
|
"go-socket/packages/minio"
|
|
|
|
"go-socket/packages/cache"
|
|
"go-socket/packages/passwords"
|
|
"go-socket/packages/postgresql"
|
|
"go-socket/packages/tokens"
|
|
"go-socket/packages/types"
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
func HandleUserNewToken(response http.ResponseWriter, request *http.Request) {
|
|
if !validCheckWithResponseOnFail(&response, request, normal) {
|
|
return
|
|
}
|
|
|
|
username := request.FormValue("username")
|
|
if len(username) < 4 {
|
|
http.Error(response, "no or short username", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
password := request.FormValue("password")
|
|
|
|
if len(password) < 8 {
|
|
http.Error(response, "no or short passwords", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
var (
|
|
user *types.User
|
|
err error
|
|
ctx = request.Context()
|
|
)
|
|
|
|
user, err = cache.GetUserByName(username)
|
|
if err != nil {
|
|
user = &types.User{Name: username}
|
|
if err = postgresql.UserGetStandardInfoByName(ctx, user); err != nil {
|
|
http.Error(response, "bad login", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
if err = postgresql.GetWholeUser(ctx, user); err != nil {
|
|
http.Error(response, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
}
|
|
|
|
err = bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password))
|
|
if err != nil {
|
|
http.Error(response, "bad login", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
token, err := tokens.TokenCreate(user.Id)
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
json, err := json2.Marshal(types.LoginReturn{Token: token, UserId: user.Id})
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
response.WriteHeader(http.StatusCreated)
|
|
response.Write(json)
|
|
}
|
|
|
|
func HandleUserNew(response http.ResponseWriter, request *http.Request) {
|
|
if !validCheckWithResponseOnFail(&response, request, normal) {
|
|
return
|
|
}
|
|
|
|
username := request.FormValue("username")
|
|
if len(username) < 4 {
|
|
http.Error(response, "no or short username", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
password := request.FormValue("password")
|
|
if len(password) < 8 {
|
|
http.Error(response, "no or short passwords", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
hashedPassword, err := passwords.PasswordHash(password)
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
newUser := &types.User{
|
|
Name: username,
|
|
PasswordHash: hashedPassword,
|
|
Color: types.Rgba{}.GetRandom(),
|
|
CreatedAt: time.Now(),
|
|
}
|
|
|
|
ctx := request.Context()
|
|
|
|
err = postgresql.UserSave(ctx, newUser)
|
|
if err != nil {
|
|
http.Error(response, "name taken", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
response.WriteHeader(http.StatusCreated)
|
|
}
|
|
|
|
func HandleUserDelete(response http.ResponseWriter, request *http.Request) {
|
|
if !validCheckWithResponseOnFail(&response, request, normal) {
|
|
return
|
|
}
|
|
ctx := request.Context()
|
|
|
|
userId, err := tokens.TokenValidateGetId(request.Header.Get("token"))
|
|
if err != nil {
|
|
http.Error(response, "invalid token", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
err = postgresql.UserDelete(ctx, userId)
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
cache.DeleteUser(userId)
|
|
response.WriteHeader(http.StatusAccepted)
|
|
}
|
|
|
|
func HandleUserModProfile(response http.ResponseWriter, request *http.Request) {
|
|
if !validCheckWithResponseOnFail(&response, request, normal) {
|
|
return
|
|
}
|
|
|
|
ctx := request.Context()
|
|
user, err := getUserByToken(ctx, request.Header.Get("token"))
|
|
if err != nil {
|
|
http.Error(response, "invalid token", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
var updateList types.UserProfileUpdateList
|
|
|
|
if pronouns := request.FormValue("pronouns"); pronouns != "" {
|
|
if len(pronouns) > 32 {
|
|
http.Error(response, "pronouns too long", http.StatusBadRequest)
|
|
return
|
|
}
|
|
user.Pronouns = pronouns
|
|
updateList.Pronouns = true
|
|
}
|
|
|
|
if description := request.FormValue("description"); description != "" {
|
|
if len(description) > 256 {
|
|
http.Error(response, "description too long", http.StatusBadRequest)
|
|
return
|
|
}
|
|
user.Description = description
|
|
updateList.Description = true
|
|
}
|
|
|
|
if colorStr := request.FormValue("color"); colorStr != "" {
|
|
color, err := convertions.StringToRgba(colorStr)
|
|
if err != nil {
|
|
http.Error(response, "invalid color", http.StatusBadRequest)
|
|
return
|
|
}
|
|
user.Color = color
|
|
updateList.Color = true
|
|
}
|
|
|
|
err = postgresql.UserUpdateProfile(ctx, user, updateList)
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
response.WriteHeader(http.StatusAccepted)
|
|
}
|
|
|
|
func HandleUserModAvatar(response http.ResponseWriter, request *http.Request) {
|
|
if !validCheckWithResponseOnFail(&response, request, avatar) {
|
|
return
|
|
}
|
|
ctx := request.Context()
|
|
|
|
user, err := getUserByToken(ctx, request.Header.Get("token"))
|
|
if err != nil {
|
|
http.Error(response, "invalid token", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
request.Body = http.MaxBytesReader(response, request.Body, int64(config.MaxRequestWithAvatarBytes))
|
|
|
|
if err = request.ParseMultipartForm(int64(config.MaxRequestBytes)); err != nil {
|
|
http.Error(response, "invalid multipart form", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
file, header, err := request.FormFile("file")
|
|
if err != nil {
|
|
http.Error(response, "missing file", http.StatusBadRequest)
|
|
return
|
|
}
|
|
defer file.Close()
|
|
|
|
isImg, contentType, err := isImage(file)
|
|
if err != nil || !isImg {
|
|
http.Error(response, "invalid file", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if user.Avatar != "" {
|
|
err = minio.Delete(ctx, user.Avatar)
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
}
|
|
|
|
key := minio.GetKey(minio.GetKeyOptions{
|
|
UserId: user.Id,
|
|
MimeType: contentType,
|
|
UploadType: minio.UserAvatar,
|
|
})
|
|
if err = minio.Upload(ctx, key, file, header.Size, contentType, map[string]string{
|
|
"originalName": header.Filename,
|
|
"uploaderId": user.Id.String(),
|
|
}); err != nil {
|
|
http.Error(response, "upload failed", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
user.Avatar = key
|
|
err = postgresql.UserUpdateProfile(ctx, user, types.UserProfileUpdateList{Avatar: true})
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
response.WriteHeader(http.StatusAccepted)
|
|
}
|
|
|
|
func HandleUserModProfileBg(response http.ResponseWriter, request *http.Request) {
|
|
if !validCheckWithResponseOnFail(&response, request, profileBg) {
|
|
return
|
|
}
|
|
ctx := request.Context()
|
|
|
|
user, err := getUserByToken(ctx, request.Header.Get("token"))
|
|
if err != nil {
|
|
http.Error(response, "invalid token", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
request.Body = http.MaxBytesReader(response, request.Body, int64(config.MaxRequestWithProfileBgBytes))
|
|
|
|
if err = request.ParseMultipartForm(int64(config.MaxRequestBytes)); err != nil {
|
|
http.Error(response, "invalid multipart form", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
file, header, err := request.FormFile("file")
|
|
if err != nil {
|
|
http.Error(response, "missing file", http.StatusBadRequest)
|
|
return
|
|
}
|
|
defer file.Close()
|
|
|
|
isImg, contentType, err := isImage(file)
|
|
if err != nil || !isImg {
|
|
http.Error(response, "invalid file", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if user.ProfileBg != "" {
|
|
err = minio.Delete(ctx, user.ProfileBg)
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
}
|
|
|
|
key := minio.GetKey(minio.GetKeyOptions{
|
|
UserId: user.Id,
|
|
MimeType: contentType,
|
|
UploadType: minio.UserProfileBg,
|
|
})
|
|
if err = minio.Upload(ctx, key, file, header.Size, contentType, map[string]string{
|
|
"originalName": header.Filename,
|
|
"uploaderId": user.Id.String(),
|
|
}); err != nil {
|
|
http.Error(response, "upload failed", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
user.ProfileBg = key
|
|
err = postgresql.UserUpdateProfile(ctx, user, types.UserProfileUpdateList{ProfileBg: true})
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
response.WriteHeader(http.StatusAccepted)
|
|
}
|
|
|
|
func HandleUserGetUser(response http.ResponseWriter, request *http.Request) {
|
|
if !validCheckWithResponseOnFail(&response, request, normal) {
|
|
return
|
|
}
|
|
ctx := request.Context()
|
|
|
|
_, err := getUserByToken(ctx, request.Header.Get("token"))
|
|
if err != nil {
|
|
http.Error(response, "invalid token", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
targetId, err := convertions.StringToUuid(request.URL.Query().Get("targetid"))
|
|
if err != nil {
|
|
http.Error(response, "invalid userid", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
target, err := getUserById(ctx, targetId)
|
|
if err != nil {
|
|
http.Error(response, "invalid userid", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
json, err := json2.Marshal(target)
|
|
if err != nil {
|
|
http.Error(response, "json parse error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
response.WriteHeader(http.StatusAccepted)
|
|
response.Write(json)
|
|
}
|