320 lines
8.3 KiB
Go
320 lines
8.3 KiB
Go
package httpRequest
|
|
|
|
import (
|
|
json2 "encoding/json"
|
|
"net/http"
|
|
"time"
|
|
|
|
"go-socket/packages/convertions"
|
|
"go-socket/packages/globals"
|
|
"go-socket/packages/minio"
|
|
|
|
"go-socket/packages/cache"
|
|
"go-socket/packages/passwords"
|
|
"go-socket/packages/postgresql"
|
|
"go-socket/packages/tokens"
|
|
"go-socket/packages/types"
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
func HandleUserNewToken(response http.ResponseWriter, request *http.Request) {
|
|
if !postValidCheckWithResponseOnFail(&response, request, postNormal) {
|
|
return
|
|
}
|
|
|
|
username := request.FormValue("username")
|
|
if len(username) < 4 {
|
|
http.Error(response, "no or short username", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
password := request.FormValue("password")
|
|
|
|
if len(password) < 8 {
|
|
http.Error(response, "no or short passwords", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
var (
|
|
user *types.User
|
|
err error
|
|
ctx = request.Context()
|
|
)
|
|
|
|
user, err = cache.CacheGetUserByName(username)
|
|
if err != nil {
|
|
user = &types.User{Name: username}
|
|
if err = postgresql.UserGetStandardInfoByName(ctx, user); err != nil {
|
|
http.Error(response, "bad login", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
if err = postgresql.GetWholeUser(ctx, user); err != nil {
|
|
http.Error(response, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
}
|
|
|
|
err = bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password))
|
|
if err != nil {
|
|
http.Error(response, "bad login", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
token, err := tokens.TokenCreate(user.Id)
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
json, err := json2.Marshal(types.LoginReturn{Token: token, UserId: user.Id})
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
response.WriteHeader(http.StatusCreated)
|
|
response.Write(json)
|
|
}
|
|
|
|
func HandleUserNew(response http.ResponseWriter, request *http.Request) {
|
|
if !postValidCheckWithResponseOnFail(&response, request, postNormal) {
|
|
return
|
|
}
|
|
|
|
username := request.FormValue("username")
|
|
if len(username) < 4 {
|
|
http.Error(response, "no or short username", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
password := request.FormValue("password")
|
|
if len(password) < 8 {
|
|
http.Error(response, "no or short passwords", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
hashedPassword, err := passwords.PasswordHash(password)
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
newUser := &types.User{
|
|
Name: username,
|
|
PasswordHash: hashedPassword,
|
|
Color: types.Rgba{}.GetRandom(),
|
|
CreatedAt: time.Now(),
|
|
}
|
|
|
|
ctx := request.Context()
|
|
|
|
err = postgresql.UserSave(ctx, newUser)
|
|
if err != nil {
|
|
http.Error(response, "name taken", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
response.WriteHeader(http.StatusCreated)
|
|
}
|
|
|
|
func HandleUserDelete(response http.ResponseWriter, request *http.Request) {
|
|
if !postValidCheckWithResponseOnFail(&response, request, postNormal) {
|
|
return
|
|
}
|
|
ctx := request.Context()
|
|
|
|
userId, err := tokens.TokenValidateGetId(request.FormValue("token"))
|
|
if err != nil {
|
|
http.Error(response, "invalid token", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
err = postgresql.UserDelete(ctx, userId)
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
cache.CacheDeleteUser(userId)
|
|
response.WriteHeader(http.StatusAccepted)
|
|
}
|
|
|
|
func HandleUserModProfile(response http.ResponseWriter, request *http.Request) {
|
|
if !postValidCheckWithResponseOnFail(&response, request, postNormal) {
|
|
return
|
|
}
|
|
|
|
ctx := request.Context()
|
|
user, err := getUserByToken(ctx, request.FormValue("token"))
|
|
if err != nil {
|
|
http.Error(response, "invalid token", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
var updateList types.UserProfileUpdateList
|
|
|
|
if pronouns := request.FormValue("pronouns"); pronouns != "" {
|
|
if len(pronouns) > 32 {
|
|
http.Error(response, "pronouns too long", http.StatusBadRequest)
|
|
return
|
|
}
|
|
user.Pronouns = pronouns
|
|
updateList.Pronouns = true
|
|
}
|
|
|
|
if description := request.FormValue("description"); description != "" {
|
|
if len(description) > 256 {
|
|
http.Error(response, "description too long", http.StatusBadRequest)
|
|
return
|
|
}
|
|
user.Description = description
|
|
updateList.Description = true
|
|
}
|
|
|
|
if colorStr := request.FormValue("color"); colorStr != "" {
|
|
color, err := convertions.StringToRgba(colorStr)
|
|
if err != nil {
|
|
http.Error(response, "invalid color", http.StatusBadRequest)
|
|
return
|
|
}
|
|
user.Color = color
|
|
updateList.Color = true
|
|
}
|
|
|
|
err = postgresql.UserUpdateProfile(ctx, user, updateList)
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
response.WriteHeader(http.StatusAccepted)
|
|
}
|
|
|
|
func HandleUserModAvatar(response http.ResponseWriter, request *http.Request) {
|
|
if !postValidCheckWithResponseOnFail(&response, request, postAvatar) {
|
|
return
|
|
}
|
|
ctx := request.Context()
|
|
|
|
user, err := getUserByToken(ctx, request.Header.Get("token"))
|
|
if err != nil {
|
|
http.Error(response, "invalid token", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
request.Body = http.MaxBytesReader(response, request.Body, int64(globals.MaxPostWithAvatar))
|
|
|
|
if err = request.ParseMultipartForm(int64(globals.MaxPostBytes)); err != nil {
|
|
http.Error(response, "invalid multipart form", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
conn, ok := getConnectionWithResponseOnFail(&response, request, user)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
file, header, err := request.FormFile("file")
|
|
if err != nil {
|
|
http.Error(response, "missing file", http.StatusBadRequest)
|
|
return
|
|
}
|
|
defer file.Close()
|
|
|
|
isImg, contentType, err := isImage(file)
|
|
if err != nil || !isImg {
|
|
http.Error(response, "invalid file", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if user.Avatar != "" {
|
|
err = minio.Delete(ctx, string(minio.UserAvatarPrefix)+user.Avatar)
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
}
|
|
|
|
key := minio.GetKey(conn.Id, contentType, minio.File)
|
|
if err = minio.Upload(ctx, key, file, header.Size, contentType, map[string]string{
|
|
"originalName": header.Filename,
|
|
"uploaderId": user.Id.String(),
|
|
}); err != nil {
|
|
http.Error(response, "upload failed", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
user.Avatar = key[len(minio.UserAvatarPrefix):]
|
|
err = postgresql.UserUpdateProfile(ctx, user, types.UserProfileUpdateList{Avatar: true})
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
response.WriteHeader(http.StatusAccepted)
|
|
}
|
|
|
|
func HandleUserModProfileBg(response http.ResponseWriter, request *http.Request) {
|
|
if !postValidCheckWithResponseOnFail(&response, request, postProfileBg) {
|
|
return
|
|
}
|
|
ctx := request.Context()
|
|
|
|
user, err := getUserByToken(ctx, request.Header.Get("token"))
|
|
if err != nil {
|
|
http.Error(response, "invalid token", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
request.Body = http.MaxBytesReader(response, request.Body, int64(globals.MaxPostWithProfileBg))
|
|
|
|
if err = request.ParseMultipartForm(int64(globals.MaxPostBytes)); err != nil {
|
|
http.Error(response, "invalid multipart form", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
conn, ok := getConnectionWithResponseOnFail(&response, request, user)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
file, header, err := request.FormFile("file")
|
|
if err != nil {
|
|
http.Error(response, "missing file", http.StatusBadRequest)
|
|
return
|
|
}
|
|
defer file.Close()
|
|
|
|
isImg, contentType, err := isImage(file)
|
|
if err != nil || !isImg {
|
|
http.Error(response, "invalid file", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if user.ProfileBg != "" {
|
|
err = minio.Delete(ctx, string(minio.UserProfileBgPrefix)+user.ProfileBg)
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
}
|
|
|
|
key := minio.GetKey(conn.Id, contentType, minio.UserProfileBg)
|
|
if err = minio.Upload(ctx, key, file, header.Size, contentType, map[string]string{
|
|
"originalName": header.Filename,
|
|
"uploaderId": user.Id.String(),
|
|
}); err != nil {
|
|
http.Error(response, "upload failed", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
user.ProfileBg = key[len(minio.UserProfileBgPrefix):]
|
|
err = postgresql.UserUpdateProfile(ctx, user, types.UserProfileUpdateList{ProfileBg: true})
|
|
if err != nil {
|
|
http.Error(response, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
response.WriteHeader(http.StatusAccepted)
|
|
}
|