1 use crate::{captcha_espeak_wav_base64, Perform};
2 use actix_web::web::Data;
5 use captcha::{gen, Difficulty};
7 use lemmy_api_common::{
9 collect_moderated_communities,
10 community::{GetFollowedCommunities, GetFollowedCommunitiesResponse},
11 get_local_user_view_from_jwt,
13 password_length_check,
16 use lemmy_db_queries::{
17 diesel_option_overwrite,
18 diesel_option_overwrite_to_url,
21 community::Community_,
22 local_user::LocalUser_,
23 password_reset_request::PasswordResetRequest_,
25 person_mention::PersonMention_,
27 private_message::PrivateMessage_,
32 use lemmy_db_schema::{
37 local_user::{LocalUser, LocalUserForm},
39 password_reset_request::*,
43 private_message::PrivateMessage,
48 comment_report_view::CommentReportView,
49 comment_view::CommentQueryBuilder,
50 local_user_view::LocalUserView,
51 post_report_view::PostReportView,
53 use lemmy_db_views_actor::{
54 community_follower_view::CommunityFollowerView,
55 person_mention_view::{PersonMentionQueryBuilder, PersonMentionView},
56 person_view::PersonViewSafe,
62 settings::structs::Settings,
63 utils::{generate_random_string, is_valid_preferred_username, naive_from_unix},
68 use lemmy_websocket::{
69 messages::{CaptchaItem, SendAllMessage, SendUserRoomMessage},
73 use std::str::FromStr;
75 #[async_trait::async_trait(?Send)]
76 impl Perform for Login {
77 type Response = LoginResponse;
81 context: &Data<LemmyContext>,
82 _websocket_id: Option<ConnectionId>,
83 ) -> Result<LoginResponse, LemmyError> {
84 let data: &Login = &self;
86 // Fetch that username / email
87 let username_or_email = data.username_or_email.clone();
88 let local_user_view = match blocking(context.pool(), move |conn| {
89 LocalUserView::find_by_email_or_name(conn, &username_or_email)
94 Err(_e) => return Err(ApiError::err("couldnt_find_that_username_or_email").into()),
97 // Verify the password
98 let valid: bool = verify(
100 &local_user_view.local_user.password_encrypted,
104 return Err(ApiError::err("password_incorrect").into());
109 jwt: Claims::jwt(local_user_view.local_user.id.0)?,
114 #[async_trait::async_trait(?Send)]
115 impl Perform for GetCaptcha {
116 type Response = GetCaptchaResponse;
120 context: &Data<LemmyContext>,
121 _websocket_id: Option<ConnectionId>,
122 ) -> Result<Self::Response, LemmyError> {
123 let captcha_settings = Settings::get().captcha();
125 if !captcha_settings.enabled {
126 return Ok(GetCaptchaResponse { ok: None });
129 let captcha = match captcha_settings.difficulty.as_str() {
130 "easy" => gen(Difficulty::Easy),
131 "medium" => gen(Difficulty::Medium),
132 "hard" => gen(Difficulty::Hard),
133 _ => gen(Difficulty::Medium),
136 let answer = captcha.chars_as_string();
138 let png_byte_array = captcha.as_png().expect("failed to generate captcha");
140 let png = base64::encode(png_byte_array);
142 let uuid = uuid::Uuid::new_v4().to_string();
144 let wav = captcha_espeak_wav_base64(&answer).ok();
146 let captcha_item = CaptchaItem {
148 uuid: uuid.to_owned(),
149 expires: naive_now() + Duration::minutes(10), // expires in 10 minutes
152 // Stores the captcha item on the queue
153 context.chat_server().do_send(captcha_item);
155 Ok(GetCaptchaResponse {
156 ok: Some(CaptchaResponse { png, uuid, wav }),
161 #[async_trait::async_trait(?Send)]
162 impl Perform for SaveUserSettings {
163 type Response = LoginResponse;
167 context: &Data<LemmyContext>,
168 _websocket_id: Option<ConnectionId>,
169 ) -> Result<LoginResponse, LemmyError> {
170 let data: &SaveUserSettings = &self;
171 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
173 let avatar = diesel_option_overwrite_to_url(&data.avatar)?;
174 let banner = diesel_option_overwrite_to_url(&data.banner)?;
175 let email = diesel_option_overwrite(&data.email);
176 let bio = diesel_option_overwrite(&data.bio);
177 let preferred_username = diesel_option_overwrite(&data.preferred_username);
178 let matrix_user_id = diesel_option_overwrite(&data.matrix_user_id);
180 if let Some(Some(bio)) = &bio {
181 if bio.chars().count() > 300 {
182 return Err(ApiError::err("bio_length_overflow").into());
186 if let Some(Some(preferred_username)) = &preferred_username {
187 if !is_valid_preferred_username(preferred_username.trim()) {
188 return Err(ApiError::err("invalid_username").into());
192 let local_user_id = local_user_view.local_user.id;
193 let person_id = local_user_view.person.id;
194 let password_encrypted = match &data.new_password {
195 Some(new_password) => {
196 match &data.new_password_verify {
197 Some(new_password_verify) => {
198 password_length_check(&new_password)?;
200 // Make sure passwords match
201 if new_password != new_password_verify {
202 return Err(ApiError::err("passwords_dont_match").into());
205 // Check the old password
206 match &data.old_password {
207 Some(old_password) => {
209 verify(old_password, &local_user_view.local_user.password_encrypted)
212 return Err(ApiError::err("password_incorrect").into());
214 let new_password = new_password.to_owned();
215 let user = blocking(context.pool(), move |conn| {
216 LocalUser::update_password(conn, local_user_id, &new_password)
219 user.password_encrypted
221 None => return Err(ApiError::err("password_incorrect").into()),
224 None => return Err(ApiError::err("passwords_dont_match").into()),
227 None => local_user_view.local_user.password_encrypted,
230 let default_listing_type = data.default_listing_type;
231 let default_sort_type = data.default_sort_type;
233 let person_form = PersonForm {
234 name: local_user_view.person.name,
240 updated: Some(naive_now()),
248 last_refreshed_at: None,
249 shared_inbox_url: None,
252 let person_res = blocking(context.pool(), move |conn| {
253 Person::update(conn, person_id, &person_form)
256 let _updated_person: Person = match person_res {
259 return Err(ApiError::err("user_already_exists").into());
263 let local_user_form = LocalUserForm {
269 show_nsfw: data.show_nsfw,
270 theme: data.theme.to_owned(),
272 default_listing_type,
273 lang: data.lang.to_owned(),
274 show_avatars: data.show_avatars,
275 send_notifications_to_email: data.send_notifications_to_email,
278 let local_user_res = blocking(context.pool(), move |conn| {
279 LocalUser::update(conn, local_user_id, &local_user_form)
282 let updated_local_user = match local_user_res {
285 let err_type = if e.to_string()
286 == "duplicate key value violates unique constraint \"local_user_email_key\""
288 "email_already_exists"
290 "user_already_exists"
293 return Err(ApiError::err(err_type).into());
299 jwt: Claims::jwt(updated_local_user.id.0)?,
304 #[async_trait::async_trait(?Send)]
305 impl Perform for AddAdmin {
306 type Response = AddAdminResponse;
310 context: &Data<LemmyContext>,
311 websocket_id: Option<ConnectionId>,
312 ) -> Result<AddAdminResponse, LemmyError> {
313 let data: &AddAdmin = &self;
314 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
316 // Make sure user is an admin
317 is_admin(&local_user_view)?;
319 let added = data.added;
320 let added_person_id = data.person_id;
321 let added_admin = match blocking(context.pool(), move |conn| {
322 LocalUser::add_admin(conn, added_person_id, added)
328 return Err(ApiError::err("couldnt_update_user").into());
333 let form = ModAddForm {
334 mod_person_id: local_user_view.person.id,
335 other_person_id: added_admin.person_id,
336 removed: Some(!data.added),
339 blocking(context.pool(), move |conn| ModAdd::create(conn, &form)).await??;
341 let site_creator_id = blocking(context.pool(), move |conn| {
342 Site::read(conn, 1).map(|s| s.creator_id)
346 let mut admins = blocking(context.pool(), move |conn| PersonViewSafe::admins(conn)).await??;
347 let creator_index = admins
349 .position(|r| r.person.id == site_creator_id)
350 .context(location_info!())?;
351 let creator_person = admins.remove(creator_index);
352 admins.insert(0, creator_person);
354 let res = AddAdminResponse { admins };
356 context.chat_server().do_send(SendAllMessage {
357 op: UserOperation::AddAdmin,
358 response: res.clone(),
366 #[async_trait::async_trait(?Send)]
367 impl Perform for BanPerson {
368 type Response = BanPersonResponse;
372 context: &Data<LemmyContext>,
373 websocket_id: Option<ConnectionId>,
374 ) -> Result<BanPersonResponse, LemmyError> {
375 let data: &BanPerson = &self;
376 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
378 // Make sure user is an admin
379 is_admin(&local_user_view)?;
382 let banned_person_id = data.person_id;
383 let ban_person = move |conn: &'_ _| Person::ban_person(conn, banned_person_id, ban);
384 if blocking(context.pool(), ban_person).await?.is_err() {
385 return Err(ApiError::err("couldnt_update_user").into());
388 // Remove their data if that's desired
389 if data.remove_data {
391 blocking(context.pool(), move |conn: &'_ _| {
392 Post::update_removed_for_creator(conn, banned_person_id, None, true)
397 blocking(context.pool(), move |conn: &'_ _| {
398 Community::update_removed_for_creator(conn, banned_person_id, true)
403 blocking(context.pool(), move |conn: &'_ _| {
404 Comment::update_removed_for_creator(conn, banned_person_id, true)
410 let expires = match data.expires {
411 Some(time) => Some(naive_from_unix(time)),
415 let form = ModBanForm {
416 mod_person_id: local_user_view.person.id,
417 other_person_id: data.person_id,
418 reason: data.reason.to_owned(),
419 banned: Some(data.ban),
423 blocking(context.pool(), move |conn| ModBan::create(conn, &form)).await??;
425 let person_id = data.person_id;
426 let person_view = blocking(context.pool(), move |conn| {
427 PersonViewSafe::read(conn, person_id)
431 let res = BanPersonResponse {
436 context.chat_server().do_send(SendAllMessage {
437 op: UserOperation::BanPerson,
438 response: res.clone(),
446 #[async_trait::async_trait(?Send)]
447 impl Perform for GetReplies {
448 type Response = GetRepliesResponse;
452 context: &Data<LemmyContext>,
453 _websocket_id: Option<ConnectionId>,
454 ) -> Result<GetRepliesResponse, LemmyError> {
455 let data: &GetReplies = &self;
456 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
458 let sort = SortType::from_str(&data.sort)?;
460 let page = data.page;
461 let limit = data.limit;
462 let unread_only = data.unread_only;
463 let person_id = local_user_view.person.id;
464 let replies = blocking(context.pool(), move |conn| {
465 CommentQueryBuilder::create(conn)
467 .unread_only(unread_only)
468 .recipient_id(person_id)
469 .my_person_id(person_id)
476 Ok(GetRepliesResponse { replies })
480 #[async_trait::async_trait(?Send)]
481 impl Perform for GetPersonMentions {
482 type Response = GetPersonMentionsResponse;
486 context: &Data<LemmyContext>,
487 _websocket_id: Option<ConnectionId>,
488 ) -> Result<GetPersonMentionsResponse, LemmyError> {
489 let data: &GetPersonMentions = &self;
490 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
492 let sort = SortType::from_str(&data.sort)?;
494 let page = data.page;
495 let limit = data.limit;
496 let unread_only = data.unread_only;
497 let person_id = local_user_view.person.id;
498 let mentions = blocking(context.pool(), move |conn| {
499 PersonMentionQueryBuilder::create(conn)
500 .recipient_id(person_id)
501 .my_person_id(person_id)
503 .unread_only(unread_only)
510 Ok(GetPersonMentionsResponse { mentions })
514 #[async_trait::async_trait(?Send)]
515 impl Perform for MarkPersonMentionAsRead {
516 type Response = PersonMentionResponse;
520 context: &Data<LemmyContext>,
521 _websocket_id: Option<ConnectionId>,
522 ) -> Result<PersonMentionResponse, LemmyError> {
523 let data: &MarkPersonMentionAsRead = &self;
524 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
526 let person_mention_id = data.person_mention_id;
527 let read_person_mention = blocking(context.pool(), move |conn| {
528 PersonMention::read(conn, person_mention_id)
532 if local_user_view.person.id != read_person_mention.recipient_id {
533 return Err(ApiError::err("couldnt_update_comment").into());
536 let person_mention_id = read_person_mention.id;
537 let read = data.read;
539 move |conn: &'_ _| PersonMention::update_read(conn, person_mention_id, read);
540 if blocking(context.pool(), update_mention).await?.is_err() {
541 return Err(ApiError::err("couldnt_update_comment").into());
544 let person_mention_id = read_person_mention.id;
545 let person_id = local_user_view.person.id;
546 let person_mention_view = blocking(context.pool(), move |conn| {
547 PersonMentionView::read(conn, person_mention_id, Some(person_id))
551 Ok(PersonMentionResponse {
557 #[async_trait::async_trait(?Send)]
558 impl Perform for MarkAllAsRead {
559 type Response = GetRepliesResponse;
563 context: &Data<LemmyContext>,
564 _websocket_id: Option<ConnectionId>,
565 ) -> Result<GetRepliesResponse, LemmyError> {
566 let data: &MarkAllAsRead = &self;
567 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
569 let person_id = local_user_view.person.id;
570 let replies = blocking(context.pool(), move |conn| {
571 CommentQueryBuilder::create(conn)
572 .my_person_id(person_id)
573 .recipient_id(person_id)
581 // TODO: this should probably be a bulk operation
582 // Not easy to do as a bulk operation,
583 // because recipient_id isn't in the comment table
584 for comment_view in &replies {
585 let reply_id = comment_view.comment.id;
586 let mark_as_read = move |conn: &'_ _| Comment::update_read(conn, reply_id, true);
587 if blocking(context.pool(), mark_as_read).await?.is_err() {
588 return Err(ApiError::err("couldnt_update_comment").into());
592 // Mark all user mentions as read
593 let update_person_mentions =
594 move |conn: &'_ _| PersonMention::mark_all_as_read(conn, person_id);
595 if blocking(context.pool(), update_person_mentions)
599 return Err(ApiError::err("couldnt_update_comment").into());
602 // Mark all private_messages as read
603 let update_pm = move |conn: &'_ _| PrivateMessage::mark_all_as_read(conn, person_id);
604 if blocking(context.pool(), update_pm).await?.is_err() {
605 return Err(ApiError::err("couldnt_update_private_message").into());
608 Ok(GetRepliesResponse { replies: vec![] })
612 #[async_trait::async_trait(?Send)]
613 impl Perform for PasswordReset {
614 type Response = PasswordResetResponse;
618 context: &Data<LemmyContext>,
619 _websocket_id: Option<ConnectionId>,
620 ) -> Result<PasswordResetResponse, LemmyError> {
621 let data: &PasswordReset = &self;
624 let email = data.email.clone();
625 let local_user_view = match blocking(context.pool(), move |conn| {
626 LocalUserView::find_by_email(conn, &email)
631 Err(_e) => return Err(ApiError::err("couldnt_find_that_username_or_email").into()),
634 // Generate a random token
635 let token = generate_random_string();
638 let token2 = token.clone();
639 let local_user_id = local_user_view.local_user.id;
640 blocking(context.pool(), move |conn| {
641 PasswordResetRequest::create_token(conn, local_user_id, &token2)
645 // Email the pure token to the user.
646 // TODO no i18n support here.
647 let email = &local_user_view.local_user.email.expect("email");
648 let subject = &format!("Password reset for {}", local_user_view.person.name);
649 let hostname = &Settings::get().get_protocol_and_hostname();
650 let html = &format!("<h1>Password Reset Request for {}</h1><br><a href={}/password_change/{}>Click here to reset your password</a>", local_user_view.person.name, hostname, &token);
651 match send_email(subject, email, &local_user_view.person.name, html) {
653 Err(_e) => return Err(ApiError::err(&_e).into()),
656 Ok(PasswordResetResponse {})
660 #[async_trait::async_trait(?Send)]
661 impl Perform for PasswordChange {
662 type Response = LoginResponse;
666 context: &Data<LemmyContext>,
667 _websocket_id: Option<ConnectionId>,
668 ) -> Result<LoginResponse, LemmyError> {
669 let data: &PasswordChange = &self;
671 // Fetch the user_id from the token
672 let token = data.token.clone();
673 let local_user_id = blocking(context.pool(), move |conn| {
674 PasswordResetRequest::read_from_token(conn, &token).map(|p| p.local_user_id)
678 password_length_check(&data.password)?;
680 // Make sure passwords match
681 if data.password != data.password_verify {
682 return Err(ApiError::err("passwords_dont_match").into());
685 // Update the user with the new password
686 let password = data.password.clone();
687 let updated_local_user = match blocking(context.pool(), move |conn| {
688 LocalUser::update_password(conn, local_user_id, &password)
693 Err(_e) => return Err(ApiError::err("couldnt_update_user").into()),
698 jwt: Claims::jwt(updated_local_user.id.0)?,
703 #[async_trait::async_trait(?Send)]
704 impl Perform for GetReportCount {
705 type Response = GetReportCountResponse;
709 context: &Data<LemmyContext>,
710 websocket_id: Option<ConnectionId>,
711 ) -> Result<GetReportCountResponse, LemmyError> {
712 let data: &GetReportCount = &self;
713 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
715 let person_id = local_user_view.person.id;
716 let community_id = data.community;
718 collect_moderated_communities(person_id, community_id, context.pool()).await?;
721 if community_ids.is_empty() {
722 GetReportCountResponse {
728 let ids = community_ids.clone();
729 let comment_reports = blocking(context.pool(), move |conn| {
730 CommentReportView::get_report_count(conn, &ids)
734 let ids = community_ids.clone();
735 let post_reports = blocking(context.pool(), move |conn| {
736 PostReportView::get_report_count(conn, &ids)
740 GetReportCountResponse {
741 community: data.community,
748 context.chat_server().do_send(SendUserRoomMessage {
749 op: UserOperation::GetReportCount,
750 response: res.clone(),
751 local_recipient_id: local_user_view.local_user.id,
759 #[async_trait::async_trait(?Send)]
760 impl Perform for GetFollowedCommunities {
761 type Response = GetFollowedCommunitiesResponse;
765 context: &Data<LemmyContext>,
766 _websocket_id: Option<ConnectionId>,
767 ) -> Result<GetFollowedCommunitiesResponse, LemmyError> {
768 let data: &GetFollowedCommunities = &self;
769 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
771 let person_id = local_user_view.person.id;
772 let communities = match blocking(context.pool(), move |conn| {
773 CommunityFollowerView::for_person(conn, person_id)
777 Ok(communities) => communities,
778 _ => return Err(ApiError::err("system_err_login").into()),
782 Ok(GetFollowedCommunitiesResponse { communities })
projects / lemmy.git / blob