1 use crate::{captcha_as_wav_base64, Perform};
2 use actix_web::web::Data;
5 use captcha::{gen, Difficulty};
7 use lemmy_api_common::{
9 get_local_user_view_from_jwt,
11 password_length_check,
14 use lemmy_db_schema::{
15 diesel_option_overwrite,
16 diesel_option_overwrite_to_url,
17 from_opt_str_to_opt_enum,
22 local_user::{LocalUser, LocalUserForm},
24 password_reset_request::*,
26 person_block::{PersonBlock, PersonBlockForm},
29 private_message::PrivateMessage,
32 traits::{Blockable, Crud},
36 comment_report_view::CommentReportView,
37 comment_view::{CommentQueryBuilder, CommentView},
38 local_user_view::LocalUserView,
39 post_report_view::PostReportView,
40 private_message_view::PrivateMessageView,
42 use lemmy_db_views_actor::{
43 community_moderator_view::CommunityModeratorView,
44 person_mention_view::{PersonMentionQueryBuilder, PersonMentionView},
45 person_view::PersonViewSafe,
51 utils::{generate_random_string, is_valid_display_name, is_valid_matrix_id, naive_from_unix},
56 use lemmy_websocket::{
57 messages::{CaptchaItem, SendAllMessage},
62 #[async_trait::async_trait(?Send)]
63 impl Perform for Login {
64 type Response = LoginResponse;
66 #[tracing::instrument(skip(context, _websocket_id))]
69 context: &Data<LemmyContext>,
70 _websocket_id: Option<ConnectionId>,
71 ) -> Result<LoginResponse, LemmyError> {
72 let data: &Login = self;
74 // Fetch that username / email
75 let username_or_email = data.username_or_email.clone();
76 let local_user_view = blocking(context.pool(), move |conn| {
77 LocalUserView::find_by_email_or_name(conn, &username_or_email)
80 .map_err(LemmyError::from)
81 .map_err(|e| e.with_message("couldnt_find_that_username_or_email"))?;
83 // Verify the password
84 let valid: bool = verify(
86 &local_user_view.local_user.password_encrypted,
90 return Err(LemmyError::from_message("password_incorrect"));
96 local_user_view.local_user.id.0,
97 &context.secret().jwt_secret,
98 &context.settings().hostname,
105 #[async_trait::async_trait(?Send)]
106 impl Perform for GetCaptcha {
107 type Response = GetCaptchaResponse;
109 #[tracing::instrument(skip(context, _websocket_id))]
112 context: &Data<LemmyContext>,
113 _websocket_id: Option<ConnectionId>,
114 ) -> Result<Self::Response, LemmyError> {
115 let captcha_settings = context.settings().captcha;
117 if !captcha_settings.enabled {
118 return Ok(GetCaptchaResponse { ok: None });
121 let captcha = match captcha_settings.difficulty.as_str() {
122 "easy" => gen(Difficulty::Easy),
123 "medium" => gen(Difficulty::Medium),
124 "hard" => gen(Difficulty::Hard),
125 _ => gen(Difficulty::Medium),
128 let answer = captcha.chars_as_string();
130 let png = captcha.as_base64().expect("failed to generate captcha");
132 let uuid = uuid::Uuid::new_v4().to_string();
134 let wav = captcha_as_wav_base64(&captcha);
136 let captcha_item = CaptchaItem {
138 uuid: uuid.to_owned(),
139 expires: naive_now() + Duration::minutes(10), // expires in 10 minutes
142 // Stores the captcha item on the queue
143 context.chat_server().do_send(captcha_item);
145 Ok(GetCaptchaResponse {
146 ok: Some(CaptchaResponse { png, wav, uuid }),
151 #[async_trait::async_trait(?Send)]
152 impl Perform for SaveUserSettings {
153 type Response = LoginResponse;
155 #[tracing::instrument(skip(context, _websocket_id))]
158 context: &Data<LemmyContext>,
159 _websocket_id: Option<ConnectionId>,
160 ) -> Result<LoginResponse, LemmyError> {
161 let data: &SaveUserSettings = self;
162 let local_user_view =
163 get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
165 let avatar = diesel_option_overwrite_to_url(&data.avatar)?;
166 let banner = diesel_option_overwrite_to_url(&data.banner)?;
167 let email = diesel_option_overwrite(&data.email.clone().map(Sensitive::into_inner));
168 let bio = diesel_option_overwrite(&data.bio);
169 let display_name = diesel_option_overwrite(&data.display_name);
170 let matrix_user_id = diesel_option_overwrite(&data.matrix_user_id);
171 let bot_account = data.bot_account;
173 if let Some(Some(bio)) = &bio {
174 if bio.chars().count() > 300 {
175 return Err(LemmyError::from_message("bio_length_overflow"));
179 if let Some(Some(display_name)) = &display_name {
180 if !is_valid_display_name(
182 context.settings().actor_name_max_length,
184 return Err(LemmyError::from_message("invalid_username"));
188 if let Some(Some(matrix_user_id)) = &matrix_user_id {
189 if !is_valid_matrix_id(matrix_user_id) {
190 return Err(LemmyError::from_message("invalid_matrix_id"));
194 let local_user_id = local_user_view.local_user.id;
195 let person_id = local_user_view.person.id;
196 let default_listing_type = data.default_listing_type;
197 let default_sort_type = data.default_sort_type;
198 let password_encrypted = local_user_view.local_user.password_encrypted;
199 let public_key = local_user_view.person.public_key;
201 let person_form = PersonForm {
202 name: local_user_view.person.name,
208 updated: Some(naive_now()),
217 last_refreshed_at: None,
218 shared_inbox_url: None,
223 blocking(context.pool(), move |conn| {
224 Person::update(conn, person_id, &person_form)
227 .map_err(LemmyError::from)
228 .map_err(|e| e.with_message("user_already_exists"))?;
230 let local_user_form = LocalUserForm {
234 show_nsfw: data.show_nsfw,
235 show_bot_accounts: data.show_bot_accounts,
236 show_scores: data.show_scores,
237 theme: data.theme.to_owned(),
239 default_listing_type,
240 lang: data.lang.to_owned(),
241 show_avatars: data.show_avatars,
242 show_read_posts: data.show_read_posts,
243 show_new_post_notifs: data.show_new_post_notifs,
244 send_notifications_to_email: data.send_notifications_to_email,
247 let local_user_res = blocking(context.pool(), move |conn| {
248 LocalUser::update(conn, local_user_id, &local_user_form)
251 let updated_local_user = match local_user_res {
254 let err_type = if e.to_string()
255 == "duplicate key value violates unique constraint \"local_user_email_key\""
257 "email_already_exists"
259 "user_already_exists"
262 return Err(LemmyError::from(e).with_message(err_type));
269 updated_local_user.id.0,
270 &context.secret().jwt_secret,
271 &context.settings().hostname,
278 #[async_trait::async_trait(?Send)]
279 impl Perform for ChangePassword {
280 type Response = LoginResponse;
282 #[tracing::instrument(skip(self, context, _websocket_id))]
285 context: &Data<LemmyContext>,
286 _websocket_id: Option<ConnectionId>,
287 ) -> Result<LoginResponse, LemmyError> {
288 let data: &ChangePassword = self;
289 let local_user_view =
290 get_local_user_view_from_jwt(data.auth.as_ref(), context.pool(), context.secret()).await?;
292 password_length_check(&data.new_password)?;
294 // Make sure passwords match
295 if data.new_password != data.new_password_verify {
296 return Err(LemmyError::from_message("passwords_dont_match"));
299 // Check the old password
300 let valid: bool = verify(
302 &local_user_view.local_user.password_encrypted,
306 return Err(LemmyError::from_message("password_incorrect"));
309 let local_user_id = local_user_view.local_user.id;
310 let new_password = data.new_password.to_owned();
311 let updated_local_user = blocking(context.pool(), move |conn| {
312 LocalUser::update_password(conn, local_user_id, &new_password)
319 updated_local_user.id.0,
320 &context.secret().jwt_secret,
321 &context.settings().hostname,
328 #[async_trait::async_trait(?Send)]
329 impl Perform for AddAdmin {
330 type Response = AddAdminResponse;
332 #[tracing::instrument(skip(context, websocket_id))]
335 context: &Data<LemmyContext>,
336 websocket_id: Option<ConnectionId>,
337 ) -> Result<AddAdminResponse, LemmyError> {
338 let data: &AddAdmin = self;
339 let local_user_view =
340 get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
342 // Make sure user is an admin
343 is_admin(&local_user_view)?;
345 let added = data.added;
346 let added_person_id = data.person_id;
347 let added_admin = blocking(context.pool(), move |conn| {
348 Person::add_admin(conn, added_person_id, added)
351 .map_err(LemmyError::from)
352 .map_err(|e| e.with_message("couldnt_update_user"))?;
355 let form = ModAddForm {
356 mod_person_id: local_user_view.person.id,
357 other_person_id: added_admin.id,
358 removed: Some(!data.added),
361 blocking(context.pool(), move |conn| ModAdd::create(conn, &form)).await??;
363 let site_creator_id = blocking(context.pool(), move |conn| {
364 Site::read(conn, 1).map(|s| s.creator_id)
368 let mut admins = blocking(context.pool(), PersonViewSafe::admins).await??;
369 let creator_index = admins
371 .position(|r| r.person.id == site_creator_id)
372 .context(location_info!())?;
373 let creator_person = admins.remove(creator_index);
374 admins.insert(0, creator_person);
376 let res = AddAdminResponse { admins };
378 context.chat_server().do_send(SendAllMessage {
379 op: UserOperation::AddAdmin,
380 response: res.clone(),
388 #[async_trait::async_trait(?Send)]
389 impl Perform for BanPerson {
390 type Response = BanPersonResponse;
392 #[tracing::instrument(skip(context, websocket_id))]
395 context: &Data<LemmyContext>,
396 websocket_id: Option<ConnectionId>,
397 ) -> Result<BanPersonResponse, LemmyError> {
398 let data: &BanPerson = self;
399 let local_user_view =
400 get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
402 // Make sure user is an admin
403 is_admin(&local_user_view)?;
406 let banned_person_id = data.person_id;
407 let ban_person = move |conn: &'_ _| Person::ban_person(conn, banned_person_id, ban);
408 blocking(context.pool(), ban_person)
410 .map_err(LemmyError::from)
411 .map_err(|e| e.with_message("couldnt_update_user"))?;
413 // Remove their data if that's desired
414 if data.remove_data.unwrap_or(false) {
416 blocking(context.pool(), move |conn: &'_ _| {
417 Post::update_removed_for_creator(conn, banned_person_id, None, true)
422 // Remove all communities where they're the top mod
423 // for now, remove the communities manually
424 let first_mod_communities = blocking(context.pool(), move |conn: &'_ _| {
425 CommunityModeratorView::get_community_first_mods(conn)
429 // Filter to only this banned users top communities
430 let banned_user_first_communities: Vec<CommunityModeratorView> = first_mod_communities
432 .filter(|fmc| fmc.moderator.id == banned_person_id)
435 for first_mod_community in banned_user_first_communities {
436 blocking(context.pool(), move |conn: &'_ _| {
437 Community::update_removed(conn, first_mod_community.community.id, true)
443 blocking(context.pool(), move |conn: &'_ _| {
444 Comment::update_removed_for_creator(conn, banned_person_id, true)
450 let expires = data.expires.map(naive_from_unix);
452 let form = ModBanForm {
453 mod_person_id: local_user_view.person.id,
454 other_person_id: data.person_id,
455 reason: data.reason.to_owned(),
456 banned: Some(data.ban),
460 blocking(context.pool(), move |conn| ModBan::create(conn, &form)).await??;
462 let person_id = data.person_id;
463 let person_view = blocking(context.pool(), move |conn| {
464 PersonViewSafe::read(conn, person_id)
468 let res = BanPersonResponse {
473 context.chat_server().do_send(SendAllMessage {
474 op: UserOperation::BanPerson,
475 response: res.clone(),
483 #[async_trait::async_trait(?Send)]
484 impl Perform for BlockPerson {
485 type Response = BlockPersonResponse;
487 #[tracing::instrument(skip(context, _websocket_id))]
490 context: &Data<LemmyContext>,
491 _websocket_id: Option<ConnectionId>,
492 ) -> Result<BlockPersonResponse, LemmyError> {
493 let data: &BlockPerson = self;
494 let local_user_view =
495 get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
497 let target_id = data.person_id;
498 let person_id = local_user_view.person.id;
500 // Don't let a person block themselves
501 if target_id == person_id {
502 return Err(LemmyError::from_message("cant_block_yourself"));
505 let person_block_form = PersonBlockForm {
511 let block = move |conn: &'_ _| PersonBlock::block(conn, &person_block_form);
512 blocking(context.pool(), block)
514 .map_err(LemmyError::from)
515 .map_err(|e| e.with_message("person_block_already_exists"))?;
517 let unblock = move |conn: &'_ _| PersonBlock::unblock(conn, &person_block_form);
518 blocking(context.pool(), unblock)
520 .map_err(LemmyError::from)
521 .map_err(|e| e.with_message("person_block_already_exists"))?;
524 // TODO does any federated stuff need to be done here?
526 let person_view = blocking(context.pool(), move |conn| {
527 PersonViewSafe::read(conn, target_id)
531 let res = BlockPersonResponse {
540 #[async_trait::async_trait(?Send)]
541 impl Perform for GetReplies {
542 type Response = GetRepliesResponse;
544 #[tracing::instrument(skip(context, _websocket_id))]
547 context: &Data<LemmyContext>,
548 _websocket_id: Option<ConnectionId>,
549 ) -> Result<GetRepliesResponse, LemmyError> {
550 let data: &GetReplies = self;
551 let local_user_view =
552 get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
554 let sort: Option<SortType> = from_opt_str_to_opt_enum(&data.sort);
556 let page = data.page;
557 let limit = data.limit;
558 let unread_only = data.unread_only;
559 let person_id = local_user_view.person.id;
560 let show_bot_accounts = local_user_view.local_user.show_bot_accounts;
562 let replies = blocking(context.pool(), move |conn| {
563 CommentQueryBuilder::create(conn)
565 .unread_only(unread_only)
566 .recipient_id(person_id)
567 .show_bot_accounts(show_bot_accounts)
568 .my_person_id(person_id)
575 Ok(GetRepliesResponse { replies })
579 #[async_trait::async_trait(?Send)]
580 impl Perform for GetPersonMentions {
581 type Response = GetPersonMentionsResponse;
583 #[tracing::instrument(skip(context, _websocket_id))]
586 context: &Data<LemmyContext>,
587 _websocket_id: Option<ConnectionId>,
588 ) -> Result<GetPersonMentionsResponse, LemmyError> {
589 let data: &GetPersonMentions = self;
590 let local_user_view =
591 get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
593 let sort: Option<SortType> = from_opt_str_to_opt_enum(&data.sort);
595 let page = data.page;
596 let limit = data.limit;
597 let unread_only = data.unread_only;
598 let person_id = local_user_view.person.id;
599 let mentions = blocking(context.pool(), move |conn| {
600 PersonMentionQueryBuilder::create(conn)
601 .recipient_id(person_id)
602 .my_person_id(person_id)
604 .unread_only(unread_only)
611 Ok(GetPersonMentionsResponse { mentions })
615 #[async_trait::async_trait(?Send)]
616 impl Perform for MarkPersonMentionAsRead {
617 type Response = PersonMentionResponse;
619 #[tracing::instrument(skip(context, _websocket_id))]
622 context: &Data<LemmyContext>,
623 _websocket_id: Option<ConnectionId>,
624 ) -> Result<PersonMentionResponse, LemmyError> {
625 let data: &MarkPersonMentionAsRead = self;
626 let local_user_view =
627 get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
629 let person_mention_id = data.person_mention_id;
630 let read_person_mention = blocking(context.pool(), move |conn| {
631 PersonMention::read(conn, person_mention_id)
635 if local_user_view.person.id != read_person_mention.recipient_id {
636 return Err(LemmyError::from_message("couldnt_update_comment"));
639 let person_mention_id = read_person_mention.id;
640 let read = data.read;
642 move |conn: &'_ _| PersonMention::update_read(conn, person_mention_id, read);
643 blocking(context.pool(), update_mention)
645 .map_err(LemmyError::from)
646 .map_err(|e| e.with_message("couldnt_update_comment"))?;
648 let person_mention_id = read_person_mention.id;
649 let person_id = local_user_view.person.id;
650 let person_mention_view = blocking(context.pool(), move |conn| {
651 PersonMentionView::read(conn, person_mention_id, Some(person_id))
655 Ok(PersonMentionResponse {
661 #[async_trait::async_trait(?Send)]
662 impl Perform for MarkAllAsRead {
663 type Response = GetRepliesResponse;
665 #[tracing::instrument(skip(context, _websocket_id))]
668 context: &Data<LemmyContext>,
669 _websocket_id: Option<ConnectionId>,
670 ) -> Result<GetRepliesResponse, LemmyError> {
671 let data: &MarkAllAsRead = self;
672 let local_user_view =
673 get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
675 let person_id = local_user_view.person.id;
676 let replies = blocking(context.pool(), move |conn| {
677 CommentQueryBuilder::create(conn)
678 .my_person_id(person_id)
679 .recipient_id(person_id)
687 // TODO: this should probably be a bulk operation
688 // Not easy to do as a bulk operation,
689 // because recipient_id isn't in the comment table
690 for comment_view in &replies {
691 let reply_id = comment_view.comment.id;
692 let mark_as_read = move |conn: &'_ _| Comment::update_read(conn, reply_id, true);
693 blocking(context.pool(), mark_as_read)
695 .map_err(LemmyError::from)
696 .map_err(|e| e.with_message("couldnt_update_comment"))?;
699 // Mark all user mentions as read
700 let update_person_mentions =
701 move |conn: &'_ _| PersonMention::mark_all_as_read(conn, person_id);
702 blocking(context.pool(), update_person_mentions)
704 .map_err(LemmyError::from)
705 .map_err(|e| e.with_message("couldnt_update_comment"))?;
707 // Mark all private_messages as read
708 let update_pm = move |conn: &'_ _| PrivateMessage::mark_all_as_read(conn, person_id);
709 blocking(context.pool(), update_pm)
711 .map_err(LemmyError::from)
712 .map_err(|e| e.with_message("couldnt_update_private_message"))?;
714 Ok(GetRepliesResponse { replies: vec![] })
718 #[async_trait::async_trait(?Send)]
719 impl Perform for PasswordReset {
720 type Response = PasswordResetResponse;
722 #[tracing::instrument(skip(self, context, _websocket_id))]
725 context: &Data<LemmyContext>,
726 _websocket_id: Option<ConnectionId>,
727 ) -> Result<PasswordResetResponse, LemmyError> {
728 let data: &PasswordReset = self;
731 let email = data.email.clone();
732 let local_user_view = blocking(context.pool(), move |conn| {
733 LocalUserView::find_by_email(conn, &email)
736 .map_err(LemmyError::from)
737 .map_err(|e| e.with_message("couldnt_find_that_username_or_email"))?;
739 // Generate a random token
740 let token = generate_random_string();
743 let token2 = token.clone();
744 let local_user_id = local_user_view.local_user.id;
745 blocking(context.pool(), move |conn| {
746 PasswordResetRequest::create_token(conn, local_user_id, &token2)
750 // Email the pure token to the user.
751 // TODO no i18n support here.
752 let email = &local_user_view.local_user.email.expect("email");
753 let subject = &format!("Password reset for {}", local_user_view.person.name);
754 let protocol_and_hostname = &context.settings().get_protocol_and_hostname();
755 let html = &format!("<h1>Password Reset Request for {}</h1><br><a href={}/password_change/{}>Click here to reset your password</a>", local_user_view.person.name, protocol_and_hostname, &token);
759 &local_user_view.person.name,
763 .map_err(|e| anyhow::anyhow!("{}", e))
764 .map_err(LemmyError::from)
765 .map_err(|e| e.with_message("email_send_failed"))?;
767 Ok(PasswordResetResponse {})
771 #[async_trait::async_trait(?Send)]
772 impl Perform for PasswordChange {
773 type Response = LoginResponse;
775 #[tracing::instrument(skip(self, context, _websocket_id))]
778 context: &Data<LemmyContext>,
779 _websocket_id: Option<ConnectionId>,
780 ) -> Result<LoginResponse, LemmyError> {
781 let data: &PasswordChange = self;
783 // Fetch the user_id from the token
784 let token = data.token.clone();
785 let local_user_id = blocking(context.pool(), move |conn| {
786 PasswordResetRequest::read_from_token(conn, &token).map(|p| p.local_user_id)
790 password_length_check(&data.password)?;
792 // Make sure passwords match
793 if data.password != data.password_verify {
794 return Err(LemmyError::from_message("passwords_dont_match"));
797 // Update the user with the new password
798 let password = data.password.clone();
799 let updated_local_user = blocking(context.pool(), move |conn| {
800 LocalUser::update_password(conn, local_user_id, &password)
803 .map_err(LemmyError::from)
804 .map_err(|e| e.with_message("couldnt_update_user"))?;
809 updated_local_user.id.0,
810 &context.secret().jwt_secret,
811 &context.settings().hostname,
818 #[async_trait::async_trait(?Send)]
819 impl Perform for GetReportCount {
820 type Response = GetReportCountResponse;
822 #[tracing::instrument(skip(context, _websocket_id))]
825 context: &Data<LemmyContext>,
826 _websocket_id: Option<ConnectionId>,
827 ) -> Result<GetReportCountResponse, LemmyError> {
828 let data: &GetReportCount = self;
829 let local_user_view =
830 get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
832 let person_id = local_user_view.person.id;
833 let admin = local_user_view.person.admin;
834 let community_id = data.community_id;
836 let comment_reports = blocking(context.pool(), move |conn| {
837 CommentReportView::get_report_count(conn, person_id, admin, community_id)
841 let post_reports = blocking(context.pool(), move |conn| {
842 PostReportView::get_report_count(conn, person_id, admin, community_id)
846 let res = GetReportCountResponse {
856 #[async_trait::async_trait(?Send)]
857 impl Perform for GetUnreadCount {
858 type Response = GetUnreadCountResponse;
860 #[tracing::instrument(skip(context, _websocket_id))]
863 context: &Data<LemmyContext>,
864 _websocket_id: Option<ConnectionId>,
865 ) -> Result<Self::Response, LemmyError> {
867 let local_user_view =
868 get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
870 let person_id = local_user_view.person.id;
872 let replies = blocking(context.pool(), move |conn| {
873 CommentView::get_unread_replies(conn, person_id)
877 let mentions = blocking(context.pool(), move |conn| {
878 PersonMentionView::get_unread_mentions(conn, person_id)
882 let private_messages = blocking(context.pool(), move |conn| {
883 PrivateMessageView::get_unread_messages(conn, person_id)
887 let res = Self::Response {