Hexbear is the engine that powers Chapochat. It is a customization of the Lemmy project.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1781 lines
48 KiB

use crate::{
api::{claims::Claims, APIError, Oper, Perform},
apub::ApubObjectType,
blocking,
is_within_message_char_limit,
websocket::{
server::{JoinUserRoom, SendAllMessage, SendUserRoomMessage},
UserOperation,
WebsocketInfo,
},
DbPool,
LemmyError,
};
use bcrypt::verify;
use lemmy_db::{
comment::*,
comment_view::*,
community::*,
community_settings::{CommunitySettings, CommunitySettingsForm},
community_view::*,
moderator::*,
naive_now,
password_reset_request::*,
post::*,
post_view::*,
private_message::*,
private_message_view::*,
site::*,
site_view::*,
user::*,
user_mention::*,
user_mention_view::*,
user_tag::*,
user_view::*,
Crud,
Followable,
Joinable,
ListingType,
SortType,
};
use lemmy_utils::{
generate_actor_keypair,
generate_random_string,
is_valid_username,
make_apub_endpoint,
naive_from_unix,
remove_slurs,
send_email,
settings::Settings,
slur_check,
slurs_vec_to_str,
EndpointType,
};
use log::{error, info};
use serde::{Deserialize, Serialize};
use std::{collections::BTreeMap, env, str::FromStr};
#[derive(Serialize, Deserialize, Debug)]
pub struct Login {
username_or_email: String,
password: String,
captcha_id: String,
}
#[derive(Serialize, Deserialize)]
pub struct Register {
pub username: String,
pub email: Option<String>,
pub password: String,
pub password_verify: String,
pub admin: bool,
pub sitemod: bool,
pub show_nsfw: bool,
pub captcha_id: String,
pub pronouns: Option<String>,
}
#[derive(Serialize, Deserialize)]
pub struct SaveUserSettings {
show_nsfw: bool,
theme: String,
default_sort_type: i16,
default_listing_type: i16,
lang: String,
avatar: Option<String>,
email: Option<String>,
matrix_user_id: Option<String>,
new_password: Option<String>,
new_password_verify: Option<String>,
old_password: Option<String>,
show_avatars: bool,
send_notifications_to_email: bool,
auth: String,
}
#[derive(Serialize, Deserialize)]
pub struct LoginResponse {
pub jwt: String,
}
#[derive(Serialize, Deserialize)]
pub struct GetUserDetails {
user_id: Option<i32>,
username: Option<String>,
sort: String,
page: Option<i64>,
limit: Option<i64>,
community_id: Option<i32>,
saved_only: bool,
auth: Option<String>,
}
#[derive(Serialize, Deserialize)]
pub struct GetUserDetailsResponse {
user: UserView,
follows: Vec<CommunityFollowerView>,
moderates: Vec<CommunityModeratorView>,
comments: Vec<CommentView>,
posts: Vec<PostView>,
admins: Vec<UserView>,
sitemods: Vec<UserView>,
}
#[derive(Serialize, Deserialize)]
pub struct GetRepliesResponse {
replies: Vec<ReplyView>,
}
#[derive(Serialize, Deserialize)]
pub struct GetUserMentionsResponse {
mentions: Vec<UserMentionView>,
}
#[derive(Serialize, Deserialize)]
pub struct MarkAllAsRead {
auth: String,
}
#[derive(Serialize, Deserialize)]
pub struct AddAdmin {
user_id: i32,
added: bool,
auth: String,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct AddAdminResponse {
admins: Vec<UserView>,
}
#[derive(Serialize, Deserialize)]
pub struct AddSitemod {
user_id: i32,
added: bool,
auth: String,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct AddSitemodResponse {
sitemods: Vec<UserView>,
}
#[derive(Serialize, Deserialize)]
pub struct BanUser {
user_id: i32,
ban: bool,
reason: Option<String>,
expires: Option<i64>,
auth: String,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct BanUserResponse {
user: UserView,
banned: bool,
}
#[derive(Serialize, Deserialize)]
pub struct GetReplies {
sort: String,
page: Option<i64>,
limit: Option<i64>,
unread_only: bool,
auth: String,
}
#[derive(Serialize, Deserialize)]
pub struct GetUserMentions {
sort: String,
page: Option<i64>,
limit: Option<i64>,
unread_only: bool,
auth: String,
}
#[derive(Serialize, Deserialize)]
pub struct EditUserMention {
user_mention_id: i32,
read: Option<bool>,
auth: String,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct UserMentionResponse {
mention: UserMentionView,
}
#[derive(Serialize, Deserialize)]
pub struct DeleteAccount {
password: String,
auth: String,
}
#[derive(Serialize, Deserialize)]
pub struct PasswordReset {
email: String,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct PasswordResetResponse {}
#[derive(Serialize, Deserialize)]
pub struct PasswordChange {
token: String,
password: String,
password_verify: String,
}
#[derive(Serialize, Deserialize)]
pub struct CreatePrivateMessage {
content: String,
pub recipient_id: i32,
auth: String,
}
#[derive(Serialize, Deserialize)]
pub struct EditPrivateMessage {
edit_id: i32,
content: Option<String>,
deleted: Option<bool>,
read: Option<bool>,
auth: String,
}
#[derive(Serialize, Deserialize)]
pub struct GetPrivateMessages {
unread_only: bool,
page: Option<i64>,
limit: Option<i64>,
auth: String,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct PrivateMessagesResponse {
messages: Vec<PrivateMessageView>,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct PrivateMessageResponse {
pub message: PrivateMessageView,
}
#[derive(Serialize, Deserialize, Debug)]
pub struct UserJoin {
auth: String,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct UserJoinResponse {
pub user_id: i32,
}
#[derive(Deserialize)]
struct CaptchaResponse {
success: bool,
#[serde(rename = "error-codes")]
error_codes: Option<Vec<String>>,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct GetUserTag {
user: i32,
community: Option<i32>,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct SetUserTag {
tag: String,
value: Option<String>,
auth: String,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct UserTagResponse {
user: i32,
#[serde(skip_serializing_if = "Option::is_none")]
community: Option<i32>,
tags: UserTagsSchema,
}
#[derive(Serialize, Deserialize, Clone)]
struct UserTagsSchema {
#[serde(skip_serializing_if = "Option::is_none")]
pronouns: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
tendency: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
favorite_food: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
flair: Option<String>,
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<SetUserTag> {
type Response = UserTagResponse;
async fn perform(
&self,
pool: &DbPool,
_websocket_info: Option<WebsocketInfo>,
) -> Result<UserTagResponse, LemmyError> {
let data: &SetUserTag = &self.data;
let key = data.tag.clone();
let value = data.value.clone();
let mut tags = BTreeMap::new();
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user = claims.id;
if let Some(v) = data.value.clone() {
tags.insert(key.clone(), v);
}
match blocking(pool, move |conn| UserTag::set_key(conn, user, key, value)).await? {
Ok(usertag) => Ok(UserTagResponse {
user,
community: None,
tags: serde_json::from_value(usertag.tags)?,
}),
Err(e) => Err(LemmyError::from(e)),
}
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<GetUserTag> {
type Response = UserTagResponse;
async fn perform(
&self,
pool: &DbPool,
_websocket_info: Option<WebsocketInfo>,
) -> Result<UserTagResponse, LemmyError> {
let data: &GetUserTag = &self.data;
let user = data.user;
// Check if user exists
let user_exists = blocking(pool, move |conn| User_::read(conn, user))
.await?
.is_ok();
if !user_exists {
return Err(APIError::err("user_doesnt_exist").into());
}
match blocking(pool, move |conn| UserTag::read(conn, user)).await? {
Ok(usertag) => Ok(UserTagResponse {
user,
community: None,
tags: serde_json::from_value(usertag.tags)?,
}),
Err(diesel::result::Error::NotFound) => {
let empty = UserTagsSchema {
// I hate this
pronouns: None,
tendency: None,
favorite_food: None,
flair: None,
};
Ok(UserTagResponse {
user,
community: None,
tags: empty,
})
}
Err(e) => Err(LemmyError::from(e)),
}
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<Login> {
type Response = LoginResponse;
async fn perform(
&self,
pool: &DbPool,
_websocket_info: Option<WebsocketInfo>,
) -> Result<LoginResponse, LemmyError> {
let secret_key: String = match env::var("HCAPTCHA_SECRET_KEY") {
Ok(key) => key,
Err(_e) => "0x0000000000000000000000000000000000000000".to_string(),
};
let data: &Login = &self.data;
let client = reqwest::Client::new();
let body = [
("secret", secret_key),
("response", data.captcha_id.clone()),
];
let res = client
.post("https://hcaptcha.com/siteverify")
.form(&body)
.send()
.await?;
//println!("received {:?}", &res.text());
let parsed_response: CaptchaResponse = res.json().await?;
if !parsed_response.success {
let err_string: String = format!(
"invalid_captcha;{}",
&parsed_response
.error_codes
.unwrap()
.join(";")
.replace("-", "_")
);
return Err(APIError::err(&err_string).into());
}
// Fetch that username / email
let username_or_email = data.username_or_email.clone();
let user = match blocking(pool, move |conn| {
Claims::find_by_email_or_username(conn, &username_or_email)
})
.await?
{
Ok(user) => user,
Err(_e) => return Err(APIError::err("invalid_login_credentials").into()),
};
// Verify the password
let valid: bool = verify(&data.password, &user.password_encrypted).unwrap_or(false);
if !valid {
return Err(APIError::err("invalid_login_credentials").into());
}
// Return the jwt
Ok(LoginResponse {
jwt: Claims::jwt(user, Settings::get().hostname),
})
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<Register> {
type Response = LoginResponse;
async fn perform(
&self,
pool: &DbPool,
_websocket_info: Option<WebsocketInfo>,
) -> Result<LoginResponse, LemmyError> {
let secret_key: String = match env::var("HCAPTCHA_SECRET_KEY") {
Ok(key) => key,
Err(_e) => "0x0000000000000000000000000000000000000000".to_string(),
};
let data: &Register = &self.data;
// Make sure there are no admins
// We put this first because there is no captcha when setting up the site.
// We bypass captcha check if an admin is legitimately being created
let any_admins = blocking(pool, move |conn| {
UserView::admins(conn).map(|a| a.is_empty())
})
.await??;
if data.admin && !any_admins {
return Err(APIError::err("admin_already_created").into());
}
if !data.admin {
let client = reqwest::Client::new();
let body = [
("secret", secret_key),
("response", data.captcha_id.clone()),
];
let res = client
.post("https://hcaptcha.com/siteverify")
.form(&body)
.send()
.await?;
//println!("received {:?}", &res.text());
let parsed_response: CaptchaResponse = res.json().await?;
if !parsed_response.success {
let err_string: String = format!(
"invalid_captcha;{}",
&parsed_response
.error_codes
.unwrap()
.join(";")
.replace("-", "_")
);
return Err(APIError::err(&err_string).into());
}
}
// Make sure site has open registration
if let Ok(site) = blocking(pool, move |conn| SiteView::read(conn)).await? {
let site: SiteView = site;
if !site.open_registration {
return Err(APIError::err("registration_closed").into());
}
}
// Make sure passwords match
if data.password != data.password_verify {
return Err(APIError::err("passwords_dont_match").into());
}
if let Err(slurs) = slur_check(&data.username) {
return Err(APIError::err(&slurs_vec_to_str(slurs)).into());
}
let user_keypair = generate_actor_keypair()?;
if !is_valid_username(&data.username) {
return Err(APIError::err("invalid_username").into());
}
let email = match &data.email {
Some(email) => {
if email.trim().is_empty() {
None
} else {
Some(email.trim().to_lowercase())
}
}
None => None,
};
// Register the new user
let user_form = UserForm {
name: data.username.to_owned(),
email,
matrix_user_id: None,
avatar: None,
password_encrypted: data.password.to_owned(),
preferred_username: None,
updated: None,
admin: data.admin,
sitemod: data.sitemod,
banned: false,
show_nsfw: data.show_nsfw,
theme: "darkly".into(),
default_sort_type: SortType::Hot as i16,
default_listing_type: ListingType::Subscribed as i16,
lang: "browser".into(),
show_avatars: true,
send_notifications_to_email: false,
actor_id: make_apub_endpoint(EndpointType::User, &data.username).to_string(),
bio: None,
local: true,
private_key: Some(user_keypair.private_key),
public_key: Some(user_keypair.public_key),
last_refreshed_at: None,
};
// Create the user
let inserted_user = match blocking(pool, move |conn| User_::register(conn, &user_form)).await? {
Ok(user) => user,
Err(e) => {
let err_type = if e.to_string()
== "duplicate key value violates unique constraint \"user__email_key\""
{
"email_already_exists"
} else {
"user_already_exists"
};
return Err(APIError::err(err_type).into());
}
};
let main_community_keypair = generate_actor_keypair()?;
// Create the main community if it doesn't exist
let main_community = match blocking(pool, move |conn| Community::read(conn, 2)).await? {
Ok(c) => c,
Err(_e) => {
let default_community_name = "main";
let community_form = CommunityForm {
name: default_community_name.to_string(),
title: "The Default Community".to_string(),
description: Some("The Default Community".to_string()),
category_id: 1,
nsfw: false,
creator_id: inserted_user.id,
removed: None,
deleted: None,
updated: None,
actor_id: make_apub_endpoint(EndpointType::Community, default_community_name).to_string(),
local: true,
private_key: Some(main_community_keypair.private_key),
public_key: Some(main_community_keypair.public_key),
last_refreshed_at: None,
published: None,
};
let main_community =
blocking(pool, move |conn| Community::create(conn, &community_form)).await??;
// Initialize community settings
let community_id = main_community.id;
let community_settings_form = CommunitySettingsForm {
id: community_id,
read_only: false,
private: false,
post_links: true,
comment_images: 1,
};
let _inserted_settings = blocking(pool, move |conn| {
CommunitySettings::create(conn, &community_settings_form)
})
.await??;
main_community
}
};
// Sign them up for main community no matter what
let community_follower_form = CommunityFollowerForm {
community_id: main_community.id,
user_id: inserted_user.id,
};
let follow = move |conn: &'_ _| CommunityFollower::follow(conn, &community_follower_form);
if blocking(pool, follow).await?.is_err() {
return Err(APIError::err("community_follower_already_exists").into());
};
// If its an admin, add them as a mod and follower to main
if data.admin {
let community_moderator_form = CommunityModeratorForm {
community_id: main_community.id,
user_id: inserted_user.id,
};
let join = move |conn: &'_ _| CommunityModerator::join(conn, &community_moderator_form);
if blocking(pool, join).await?.is_err() {
return Err(APIError::err("community_moderator_already_exists").into());
}
}
// Add their pronouns if they specified at account registration
if let Some(pronouns) = data.pronouns.clone() {
let user_id = inserted_user.id;
blocking(pool, move |conn| {
UserTag::set_key(conn, user_id, "pronouns".to_string(), Some(pronouns))
})
.await??;
}
// Return the jwt
Ok(LoginResponse {
jwt: Claims::jwt(inserted_user, Settings::get().hostname),
})
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<SaveUserSettings> {
type Response = LoginResponse;
async fn perform(
&self,
pool: &DbPool,
_websocket_info: Option<WebsocketInfo>,
) -> Result<LoginResponse, LemmyError> {
let data: &SaveUserSettings = &self.data;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let read_user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
let email = match &data.email {
Some(email) => {
if email.trim().is_empty() {
None
} else {
Some(email.trim().to_lowercase())
}
}
None => read_user.email,
};
// temporarily disable avitars
let avatar = None;
/*
let avatar = match &data.avatar {
Some(avatar) => Some(avatar.to_owned()),
None => read_user.avatar,
};
*/
let password_encrypted = match &data.new_password {
Some(new_password) => {
match &data.new_password_verify {
Some(new_password_verify) => {
// Make sure passwords match
if new_password != new_password_verify {
return Err(APIError::err("passwords_dont_match").into());
}
// Check the old password
match &data.old_password {
Some(old_password) => {
let valid: bool =
verify(old_password, &read_user.password_encrypted).unwrap_or(false);
if !valid {
return Err(APIError::err("password_incorrect").into());
}
let new_password = new_password.to_owned();
let user = blocking(pool, move |conn| {
User_::update_password(conn, user_id, &new_password)
})
.await??;
user.password_encrypted
}
None => return Err(APIError::err("password_incorrect").into()),
}
}
None => return Err(APIError::err("passwords_dont_match").into()),
}
}
None => read_user.password_encrypted,
};
let user_form = UserForm {
name: read_user.name,
email,
matrix_user_id: data.matrix_user_id.to_owned(),
avatar,
password_encrypted,
preferred_username: read_user.preferred_username,
updated: Some(naive_now()),
admin: read_user.admin,
sitemod: read_user.sitemod,
banned: read_user.banned,
show_nsfw: data.show_nsfw,
theme: data.theme.to_owned(),
default_sort_type: data.default_sort_type,
default_listing_type: data.default_listing_type,
lang: data.lang.to_owned(),
show_avatars: data.show_avatars,
send_notifications_to_email: data.send_notifications_to_email,
actor_id: read_user.actor_id,
bio: read_user.bio,
local: read_user.local,
private_key: read_user.private_key,
public_key: read_user.public_key,
last_refreshed_at: None,
};
let res = blocking(pool, move |conn| User_::update(conn, user_id, &user_form)).await?;
let updated_user: User_ = match res {
Ok(user) => user,
Err(e) => {
let err_type = if e.to_string()
== "duplicate key value violates unique constraint \"user__email_key\""
{
"email_already_exists"
} else {
"user_already_exists"
};
return Err(APIError::err(err_type).into());
}
};
// Return the jwt
Ok(LoginResponse {
jwt: Claims::jwt(updated_user, Settings::get().hostname),
})
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<GetUserDetails> {
type Response = GetUserDetailsResponse;
async fn perform(
&self,
pool: &DbPool,
_websocket_info: Option<WebsocketInfo>,
) -> Result<GetUserDetailsResponse, LemmyError> {
let data: &GetUserDetails = &self.data;
let user_claims: Option<Claims> = match &data.auth {
Some(auth) => match Claims::decode(&auth) {
Ok(claims) => Some(claims.claims),
Err(_e) => None,
},
None => None,
};
let user_id = match &user_claims {
Some(claims) => Some(claims.id),
None => None,
};
let show_nsfw = match &user_claims {
Some(claims) => claims.show_nsfw,
None => false,
};
let sort = SortType::from_str(&data.sort)?;
let username = data
.username
.to_owned()
.unwrap_or_else(|| "admin".to_string());
let user_details_id = match data.user_id {
Some(id) => id,
None => {
let user = blocking(pool, move |conn| User_::read_from_name(conn, &username)).await?;
match user {
Ok(user) => user.id,
Err(_e) => return Err(APIError::err("couldnt_find_that_username_or_email").into()),
}
}
};
let mut user_view = blocking(pool, move |conn| UserView::read(conn, user_details_id)).await??;
let page = data.page;
let limit = data.limit;
let saved_only = data.saved_only;
let community_id = data.community_id;
let (posts, comments) = blocking(pool, move |conn| {
let mut posts_query = PostQueryBuilder::create(conn)
.sort(&sort)
.show_nsfw(show_nsfw)
.saved_only(saved_only)
.for_community_id(community_id)
.my_user_id(user_id)
.page(page)
.limit(limit);
let mut comments_query = CommentQueryBuilder::create(conn)
.sort(&sort)
.saved_only(saved_only)
.my_user_id(user_id)
.page(page)
.limit(limit);
// If its saved only, you don't care what creator it was
// Or, if its not saved, then you only want it for that specific creator
if !saved_only {
posts_query = posts_query.for_creator_id(user_details_id);
comments_query = comments_query.for_creator_id(user_details_id);
}
let posts = posts_query.list()?;
let comments = comments_query.list()?;
Ok((posts, comments)) as Result<_, LemmyError>
})
.await??;
let follows = blocking(pool, move |conn| {
CommunityFollowerView::for_user(conn, user_details_id)
})
.await??;
let moderates = blocking(pool, move |conn| {
CommunityModeratorView::for_user(conn, user_details_id)
})
.await??;
let site_creator_id =
blocking(pool, move |conn| Site::read(conn, 1).map(|s| s.creator_id)).await??;
let mut admins = blocking(pool, move |conn| UserView::admins(conn)).await??;
let creator_index = admins.iter().position(|r| r.id == site_creator_id).unwrap();
let creator_user = admins.remove(creator_index);
admins.insert(0, creator_user);
let sitemods = blocking(pool, move |conn| UserView::sitemods(conn)).await??;
// If its not the same user, remove the email, and settings
// TODO an if let chain would be better here, but can't figure it out
// TODO separate out settings into its own thing
if user_id.is_none() || user_details_id != user_id.unwrap_or(0) {
user_view.email = None;
}
// temporarily disable avitars
user_view.avatar = None;
// Return the jwt
Ok(GetUserDetailsResponse {
user: user_view,
follows,
moderates,
comments,
posts,
admins,
sitemods
})
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<AddAdmin> {
type Response = AddAdminResponse;
async fn perform(
&self,
pool: &DbPool,
websocket_info: Option<WebsocketInfo>,
) -> Result<AddAdminResponse, LemmyError> {
let data: &AddAdmin = &self.data;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
// Make sure user is an admin
let is_admin = move |conn: &'_ _| UserView::read(conn, user_id).map(|u| u.admin);
if !blocking(pool, is_admin).await?? {
return Err(APIError::err("not_an_admin").into());
}
let added = data.added;
let added_user_id = data.user_id;
let add_admin = move |conn: &'_ _| User_::add_admin(conn, added_user_id, added);
if blocking(pool, add_admin).await?.is_err() {
return Err(APIError::err("couldnt_update_user").into());
}
// Mod tables
let form = ModAddForm {
mod_user_id: user_id,
other_user_id: data.user_id,
removed: Some(!data.added),
};
blocking(pool, move |conn| ModAdd::create(conn, &form)).await??;
let site_creator_id =
blocking(pool, move |conn| Site::read(conn, 1).map(|s| s.creator_id)).await??;
let mut admins = blocking(pool, move |conn| UserView::admins(conn)).await??;
let creator_index = admins.iter().position(|r| r.id == site_creator_id).unwrap();
let creator_user = admins.remove(creator_index);
admins.insert(0, creator_user);
let res = AddAdminResponse { admins };
if let Some(ws) = websocket_info {
ws.chatserver.do_send(SendAllMessage {
op: UserOperation::AddAdmin,
response: res.clone(),
my_id: ws.id,
});
}
Ok(res)
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<AddSitemod> {
type Response = AddSitemodResponse;
async fn perform(
&self,
pool: &DbPool,
websocket_info: Option<WebsocketInfo>,
) -> Result<AddSitemodResponse, LemmyError> {
let data: &AddSitemod = &self.data;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
// Make sure user is an admin
let is_admin = move |conn: &'_ _| UserView::read(conn, user_id).map(|u| u.admin);
if !blocking(pool, is_admin).await?? {
return Err(APIError::err("not_an_admin").into());
}
let added = data.added;
let added_user_id = data.user_id;
let add_sitemod = move |conn: &'_ _| User_::add_sitemod(conn, added_user_id, added);
if blocking(pool, add_sitemod).await?.is_err() {
return Err(APIError::err("couldnt_update_user").into());
}
// Mod tables
let form = ModAddForm {
mod_user_id: user_id,
other_user_id: data.user_id,
removed: Some(!data.added),
};
blocking(pool, move |conn| ModAdd::create(conn, &form)).await??;
let sitemods = blocking(pool, move |conn| UserView::sitemods(conn)).await??;
let res = AddSitemodResponse { sitemods };
if let Some(ws) = websocket_info {
ws.chatserver.do_send(SendAllMessage {
op: UserOperation::AddSitemod,
response: res.clone(),
my_id: ws.id,
});
}
Ok(res)
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<BanUser> {
type Response = BanUserResponse;
async fn perform(
&self,
pool: &DbPool,
websocket_info: Option<WebsocketInfo>,
) -> Result<BanUserResponse, LemmyError> {
let data: &BanUser = &self.data;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
// Make sure user is an admin or sitemod
let user = blocking(pool, move |conn| User_::read(&conn, user_id)).await??;
if !user.admin || !user.sitemod {
return Err(APIError::err("not_an_admin_or_sitemod").into());
}
let ban = data.ban;
let banned_user_id = data.user_id;
let ban_user = move |conn: &'_ _| User_::ban_user(conn, banned_user_id, ban);
if blocking(pool, ban_user).await?.is_err() {
return Err(APIError::err("couldnt_update_user").into());
}
// Mod tables
let expires = match data.expires {
Some(time) => Some(naive_from_unix(time)),
None => None,
};
let form = ModBanForm {
mod_user_id: user_id,
other_user_id: data.user_id,
reason: data.reason.to_owned(),
banned: Some(data.ban),
expires,
};
blocking(pool, move |conn| ModBan::create(conn, &form)).await??;
let user_id = data.user_id;
let user_view = blocking(pool, move |conn| UserView::read(conn, user_id)).await??;
let res = BanUserResponse {
user: user_view,
banned: data.ban,
};
if let Some(ws) = websocket_info {
ws.chatserver.do_send(SendAllMessage {
op: UserOperation::BanUser,
response: res.clone(),
my_id: ws.id,
});
}
Ok(res)
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<GetReplies> {
type Response = GetRepliesResponse;
async fn perform(
&self,
pool: &DbPool,
_websocket_info: Option<WebsocketInfo>,
) -> Result<GetRepliesResponse, LemmyError> {
let data: &GetReplies = &self.data;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let sort = SortType::from_str(&data.sort)?;
let page = data.page;
let limit = data.limit;
let unread_only = data.unread_only;
let replies = blocking(pool, move |conn| {
ReplyQueryBuilder::create(conn, user_id)
.sort(&sort)
.unread_only(unread_only)
.page(page)
.limit(limit)
.list()
})
.await??;
Ok(GetRepliesResponse { replies })
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<GetUserMentions> {
type Response = GetUserMentionsResponse;
async fn perform(
&self,
pool: &DbPool,
_websocket_info: Option<WebsocketInfo>,
) -> Result<GetUserMentionsResponse, LemmyError> {
let data: &GetUserMentions = &self.data;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let sort = SortType::from_str(&data.sort)?;
let page = data.page;
let limit = data.limit;
let unread_only = data.unread_only;
let mentions = blocking(pool, move |conn| {
UserMentionQueryBuilder::create(conn, user_id)
.sort(&sort)
.unread_only(unread_only)
.page(page)
.limit(limit)
.list()
})
.await??;
Ok(GetUserMentionsResponse { mentions })
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<EditUserMention> {
type Response = UserMentionResponse;
async fn perform(
&self,
pool: &DbPool,
_websocket_info: Option<WebsocketInfo>,
) -> Result<UserMentionResponse, LemmyError> {
let data: &EditUserMention = &self.data;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let user_mention_id = data.user_mention_id;
let read_user_mention =
blocking(pool, move |conn| UserMention::read(conn, user_mention_id)).await??;
if user_id != read_user_mention.recipient_id {
return Err(APIError::err("couldnt_update_comment").into());
}
let user_mention_form = UserMentionForm {
recipient_id: read_user_mention.recipient_id,
comment_id: read_user_mention.comment_id,
read: data.read.to_owned(),
};
let user_mention_id = read_user_mention.id;
let update_mention =
move |conn: &'_ _| UserMention::update(conn, user_mention_id, &user_mention_form);
if blocking(pool, update_mention).await?.is_err() {
return Err(APIError::err("couldnt_update_comment").into());
};
let user_mention_id = read_user_mention.id;
let user_mention_view = blocking(pool, move |conn| {
UserMentionView::read(conn, user_mention_id, user_id)
})
.await??;
Ok(UserMentionResponse {
mention: user_mention_view,
})
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<MarkAllAsRead> {
type Response = GetRepliesResponse;
async fn perform(
&self,
pool: &DbPool,
_websocket_info: Option<WebsocketInfo>,
) -> Result<GetRepliesResponse, LemmyError> {
let data: &MarkAllAsRead = &self.data;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let replies = blocking(pool, move |conn| {
ReplyQueryBuilder::create(conn, user_id)
.unread_only(true)
.page(1)
.limit(999)
.list()
})
.await??;
// TODO: this should probably be a bulk operation
for reply in &replies {
let reply_id = reply.id;
let mark_as_read = move |conn: &'_ _| Comment::mark_as_read(conn, reply_id);
if blocking(pool, mark_as_read).await?.is_err() {
return Err(APIError::err("couldnt_update_comment").into());
}
}
// Mentions
let mentions = blocking(pool, move |conn| {
UserMentionQueryBuilder::create(conn, user_id)
.unread_only(true)
.page(1)
.limit(999)
.list()
})
.await??;
// TODO: this should probably be a bulk operation
for mention in &mentions {
let mention_form = UserMentionForm {
recipient_id: mention.to_owned().recipient_id,
comment_id: mention.to_owned().id,
read: Some(true),
};
let user_mention_id = mention.user_mention_id;
let update_mention =
move |conn: &'_ _| UserMention::update(conn, user_mention_id, &mention_form);
if blocking(pool, update_mention).await?.is_err() {
return Err(APIError::err("couldnt_update_comment").into());
}
}
// messages
let messages = blocking(pool, move |conn| {
PrivateMessageQueryBuilder::create(conn, user_id)
.page(1)
.limit(999)
.unread_only(true)
.list()
})
.await??;
// TODO: this should probably be a bulk operation
for message in &messages {
let private_message_form = PrivateMessageForm {
content: message.to_owned().content,
creator_id: message.to_owned().creator_id,
recipient_id: message.to_owned().recipient_id,
deleted: None,
read: Some(true),
updated: None,
ap_id: message.to_owned().ap_id,
local: message.local,
published: None,
};
let message_id = message.id;
let update_pm =
move |conn: &'_ _| PrivateMessage::update(conn, message_id, &private_message_form);
if blocking(pool, update_pm).await?.is_err() {
return Err(APIError::err("couldnt_update_private_message").into());
}
}
Ok(GetRepliesResponse { replies: vec![] })
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<DeleteAccount> {
type Response = LoginResponse;
async fn perform(
&self,
pool: &DbPool,
_websocket_info: Option<WebsocketInfo>,
) -> Result<LoginResponse, LemmyError> {
let data: &DeleteAccount = &self.data;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
// Verify the password
let valid: bool = verify(&data.password, &user.password_encrypted).unwrap_or(false);
if !valid {
return Err(APIError::err("password_incorrect").into());
}
// Comments
let comments = blocking(pool, move |conn| {
CommentQueryBuilder::create(conn)
.for_creator_id(user_id)
.limit(std::i64::MAX)
.list()
})
.await??;
// TODO: this should probably be a bulk operation
for comment in &comments {
let comment_id = comment.id;
let permadelete = move |conn: &'_ _| Comment::permadelete(conn, comment_id);
if blocking(pool, permadelete).await?.is_err() {
return Err(APIError::err("couldnt_update_comment").into());
}
}
// Posts
let posts = blocking(pool, move |conn| {
PostQueryBuilder::create(conn)
.sort(&SortType::New)
.for_creator_id(user_id)
.limit(std::i64::MAX)
.list()
})
.await??;
// TODO: this should probably be a bulk operation
for post in &posts {
let post_id = post.id;
let permadelete = move |conn: &'_ _| Post::permadelete(conn, post_id);
if blocking(pool, permadelete).await?.is_err() {
return Err(APIError::err("couldnt_update_post").into());
}
}
Ok(LoginResponse {
jwt: data.auth.to_owned(),
})
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<PasswordReset> {
type Response = PasswordResetResponse;
async fn perform(
&self,
pool: &DbPool,
_websocket_info: Option<WebsocketInfo>,
) -> Result<PasswordResetResponse, LemmyError> {
let data: &PasswordReset = &self.data;
// Fetch that email
let email = data.email.clone();
let user = match blocking(pool, move |conn| User_::find_by_email(conn, &email)).await? {
Ok(user) => user,
// We want to avoid tipping anyone off about what usernames and emails are on the server, so we should always return the same message.
Err(_e) => {
info!("Failed to find user via email for password reset: {}", _e);
return Ok(PasswordResetResponse {});
}
};
// Generate a random token
let token = generate_random_string();
// Insert the row
let token2 = token.clone();
let user_id = user.id;
blocking(pool, move |conn| {
PasswordResetRequest::create_token(conn, user_id, &token2)
})
.await??;
// Email the pure token to the user.
// TODO no i18n support here.
let user_email = &user.email.expect("email");
let subject = &format!("Password reset for {}", user.name);
let hostname = &format!("https://{}", Settings::get().hostname); //TODO add https for now.
let html = &format!("<h1>Password Reset Request for {}</h1><br><a href={}/password_change/{}>Click here to reset your password</a>", user.name, hostname, &token);
match send_email(subject, user_email, &user.name, html) {
Ok(_o) => _o,
// We want to avoid tipping anyone off about what usernames and emails are on the server, so we should always return the same message.
Err(_e) => {
info!("Failed to send email: {}", _e);
return Ok(PasswordResetResponse {});
}
};
Ok(PasswordResetResponse {})
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<PasswordChange> {
type Response = LoginResponse;
async fn perform(
&self,
pool: &DbPool,
_websocket_info: Option<WebsocketInfo>,
) -> Result<LoginResponse, LemmyError> {
let data: &PasswordChange = &self.data;
// Fetch the user_id from the token
let token = data.token.clone();
let user_id = blocking(pool, move |conn| {
PasswordResetRequest::read_from_token(conn, &token).map(|p| p.user_id)
})
.await??;
// Make sure passwords match
if data.password != data.password_verify {
return Err(APIError::err("passwords_dont_match").into());
}
// Update the user with the new password
let password = data.password.clone();
let updated_user = match blocking(pool, move |conn| {
User_::update_password(conn, user_id, &password)
})
.await?
{
Ok(user) => user,
Err(_e) => return Err(APIError::err("couldnt_update_user").into()),
};
// Return the jwt
Ok(LoginResponse {
jwt: Claims::jwt(updated_user, Settings::get().hostname),
})
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<CreatePrivateMessage> {
type Response = PrivateMessageResponse;
async fn perform(
&self,
pool: &DbPool,
websocket_info: Option<WebsocketInfo>,
) -> Result<PrivateMessageResponse, LemmyError> {
let data: &CreatePrivateMessage = &self.data;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let hostname = &format!("https://{}", Settings::get().hostname);
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
let content_slurs_removed = remove_slurs(&data.content.to_owned());
if !is_within_message_char_limit(&data.content) {
return Err(APIError::err("message_too_long").into());
}
let private_message_form = PrivateMessageForm {
content: content_slurs_removed.to_owned(),
creator_id: user_id,
recipient_id: data.recipient_id,
deleted: None,
read: None,
updated: None,
ap_id: "http://fake.com".into(),
local: true,
published: None,
};
let inserted_private_message = match blocking(pool, move |conn| {
PrivateMessage::create(conn, &private_message_form)
})
.await?
{
Ok(private_message) => private_message,
Err(_e) => {
return Err(APIError::err("couldnt_create_private_message").into());
}
};
let inserted_private_message_id = inserted_private_message.id;
let updated_private_message = match blocking(pool, move |conn| {
let apub_id = make_apub_endpoint(
EndpointType::PrivateMessage,
&inserted_private_message_id.to_string(),
)
.to_string();
PrivateMessage::update_ap_id(&conn, inserted_private_message_id, apub_id)
})
.await?
{
Ok(private_message) => private_message,
Err(_e) => return Err(APIError::err("couldnt_create_private_message").into()),
};
updated_private_message
.send_create(&user, &self.client, pool)
.await?;
// Send notifications to the recipient
let recipient_id = data.recipient_id;
let recipient_user = blocking(pool, move |conn| User_::read(conn, recipient_id)).await??;
if recipient_user.send_notifications_to_email {
if let Some(email) = recipient_user.email {
let subject = &format!(
"{} - Private Message from {}",
Settings::get().hostname,
claims.username
);
let html = &format!(
"<h1>Private Message</h1><br><div>{} - {}</div><br><a href={}/inbox>inbox</a>",
claims.username, &content_slurs_removed, hostname
);
match send_email(subject, &email, &recipient_user.name, html) {
Ok(_o) => _o,
Err(e) => error!("{}", e),
};
}
}
let message = blocking(pool, move |conn| {
PrivateMessageView::read(conn, inserted_private_message.id)
})
.await??;
let res = PrivateMessageResponse { message };
if let Some(ws) = websocket_info {
ws.chatserver.do_send(SendUserRoomMessage {
op: UserOperation::CreatePrivateMessage,
response: res.clone(),
recipient_id: recipient_user.id,
my_id: ws.id,
});
}
Ok(res)
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<EditPrivateMessage> {
type Response = PrivateMessageResponse;
async fn perform(
&self,
pool: &DbPool,
websocket_info: Option<WebsocketInfo>,
) -> Result<PrivateMessageResponse, LemmyError> {
let data: &EditPrivateMessage = &self.data;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let edit_id = data.edit_id;
let orig_private_message =
blocking(pool, move |conn| PrivateMessage::read(conn, edit_id)).await??;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Check to make sure they are the creator (or the recipient marking as read
if !(data.read.is_some() && orig_private_message.recipient_id.eq(&user_id)
|| orig_private_message.creator_id.eq(&user_id))
{
return Err(APIError::err("no_private_message_edit_allowed").into());
}
let content_slurs_removed = match &data.content {
Some(content) => remove_slurs(content),
None => orig_private_message.content.clone(),
};
let private_message_form = {
if data.read.is_some() {
PrivateMessageForm {
content: orig_private_message.content.to_owned(),
creator_id: orig_private_message.creator_id,
recipient_id: orig_private_message.recipient_id,
read: data.read.to_owned(),
updated: orig_private_message.updated,
deleted: Some(orig_private_message.deleted),
ap_id: orig_private_message.ap_id,
local: orig_private_message.local,
published: None,
}
} else {
PrivateMessageForm {
content: content_slurs_removed,
creator_id: orig_private_message.creator_id,
recipient_id: orig_private_message.recipient_id,
deleted: data.deleted.to_owned(),
read: Some(orig_private_message.read),
updated: Some(naive_now()),
ap_id: orig_private_message.ap_id,
local: orig_private_message.local,
published: None,
}
}
};
let edit_id = data.edit_id;
let updated_private_message = match blocking(pool, move |conn| {
PrivateMessage::update(conn, edit_id, &private_message_form)
})
.await?
{
Ok(private_message) => private_message,
Err(_e) => return Err(APIError::err("couldnt_update_private_message").into()),
};
if data.read.is_none() {
if let Some(deleted) = data.deleted.to_owned() {
if deleted {
updated_private_message
.send_delete(&user, &self.client, pool)
.await?;
} else {
updated_private_message
.send_undo_delete(&user, &self.client, pool)
.await?;
}
} else {
updated_private_message
.send_update(&user, &self.client, pool)
.await?;
}
} else {
updated_private_message
.send_update(&user, &self.client, pool)
.await?;
}
let edit_id = data.edit_id;
let message = blocking(pool, move |conn| PrivateMessageView::read(conn, edit_id)).await??;
let res = PrivateMessageResponse { message };
if let Some(ws) = websocket_info {
ws.chatserver.do_send(SendUserRoomMessage {
op: UserOperation::EditPrivateMessage,
response: res.clone(),
recipient_id: orig_private_message.recipient_id,
my_id: ws.id,
});
}
Ok(res)
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<GetPrivateMessages> {
type Response = PrivateMessagesResponse;
async fn perform(
&self,
pool: &DbPool,
_websocket_info: Option<WebsocketInfo>,
) -> Result<PrivateMessagesResponse, LemmyError> {
let data: &GetPrivateMessages = &self.data;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let page = data.page;
let limit = data.limit;
let unread_only = data.unread_only;
let messages = blocking(pool, move |conn| {
PrivateMessageQueryBuilder::create(&conn, user_id)
.page(page)
.limit(limit)
.unread_only(unread_only)
.list()
})
.await??;
Ok(PrivateMessagesResponse { messages })
}
}
#[async_trait::async_trait(?Send)]
impl Perform for Oper<UserJoin> {
type Response = UserJoinResponse;
async fn perform(
&self,
_pool: &DbPool,
websocket_info: Option<WebsocketInfo>,
) -> Result<UserJoinResponse, LemmyError> {
let data: &UserJoin = &self.data;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
if let Some(ws) = websocket_info {
if let Some(id) = ws.id {
ws.chatserver.do_send(JoinUserRoom { user_id, id });
}
}
Ok(UserJoinResponse { user_id })
}
}