1 use crate::{captcha_as_wav_base64, Perform};
2 use actix_web::web::Data;
5 use captcha::{gen, Difficulty};
7 use lemmy_api_common::{
9 collect_moderated_communities,
10 community::{GetFollowedCommunities, GetFollowedCommunitiesResponse},
11 get_local_user_view_from_jwt,
13 password_length_check,
16 use lemmy_db_queries::{
17 diesel_option_overwrite,
18 diesel_option_overwrite_to_url,
21 community::Community_,
22 local_user::LocalUser_,
23 password_reset_request::PasswordResetRequest_,
25 person_mention::PersonMention_,
27 private_message::PrivateMessage_,
32 use lemmy_db_schema::{
37 local_user::{LocalUser, LocalUserForm},
39 password_reset_request::*,
43 private_message::PrivateMessage,
48 comment_report_view::CommentReportView,
49 comment_view::CommentQueryBuilder,
50 local_user_view::LocalUserView,
51 post_report_view::PostReportView,
53 use lemmy_db_views_actor::{
54 community_follower_view::CommunityFollowerView,
55 person_mention_view::{PersonMentionQueryBuilder, PersonMentionView},
56 person_view::PersonViewSafe,
62 settings::structs::Settings,
63 utils::{generate_random_string, is_valid_display_name, is_valid_matrix_id, naive_from_unix},
68 use lemmy_websocket::{
69 messages::{CaptchaItem, SendAllMessage, SendUserRoomMessage},
73 use std::str::FromStr;
75 #[async_trait::async_trait(?Send)]
76 impl Perform for Login {
77 type Response = LoginResponse;
81 context: &Data<LemmyContext>,
82 _websocket_id: Option<ConnectionId>,
83 ) -> Result<LoginResponse, LemmyError> {
84 let data: &Login = &self;
86 // Fetch that username / email
87 let username_or_email = data.username_or_email.clone();
88 let local_user_view = match blocking(context.pool(), move |conn| {
89 LocalUserView::find_by_email_or_name(conn, &username_or_email)
94 Err(_e) => return Err(ApiError::err("couldnt_find_that_username_or_email").into()),
97 // Verify the password
98 let valid: bool = verify(
100 &local_user_view.local_user.password_encrypted,
104 return Err(ApiError::err("password_incorrect").into());
109 jwt: Claims::jwt(local_user_view.local_user.id.0)?,
114 #[async_trait::async_trait(?Send)]
115 impl Perform for GetCaptcha {
116 type Response = GetCaptchaResponse;
120 context: &Data<LemmyContext>,
121 _websocket_id: Option<ConnectionId>,
122 ) -> Result<Self::Response, LemmyError> {
123 let captcha_settings = Settings::get().captcha();
125 if !captcha_settings.enabled {
126 return Ok(GetCaptchaResponse { ok: None });
129 let captcha = match captcha_settings.difficulty.as_str() {
130 "easy" => gen(Difficulty::Easy),
131 "medium" => gen(Difficulty::Medium),
132 "hard" => gen(Difficulty::Hard),
133 _ => gen(Difficulty::Medium),
136 let answer = captcha.chars_as_string();
138 let png = captcha.as_base64().expect("failed to generate captcha");
140 let uuid = uuid::Uuid::new_v4().to_string();
142 let wav = captcha_as_wav_base64(&captcha);
144 let captcha_item = CaptchaItem {
146 uuid: uuid.to_owned(),
147 expires: naive_now() + Duration::minutes(10), // expires in 10 minutes
150 // Stores the captcha item on the queue
151 context.chat_server().do_send(captcha_item);
153 Ok(GetCaptchaResponse {
154 ok: Some(CaptchaResponse { png, wav, uuid }),
159 #[async_trait::async_trait(?Send)]
160 impl Perform for SaveUserSettings {
161 type Response = LoginResponse;
165 context: &Data<LemmyContext>,
166 _websocket_id: Option<ConnectionId>,
167 ) -> Result<LoginResponse, LemmyError> {
168 let data: &SaveUserSettings = &self;
169 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
171 let avatar = diesel_option_overwrite_to_url(&data.avatar)?;
172 let banner = diesel_option_overwrite_to_url(&data.banner)?;
173 let email = diesel_option_overwrite(&data.email);
174 let bio = diesel_option_overwrite(&data.bio);
175 let display_name = diesel_option_overwrite(&data.display_name);
176 let matrix_user_id = diesel_option_overwrite(&data.matrix_user_id);
178 if let Some(Some(bio)) = &bio {
179 if bio.chars().count() > 300 {
180 return Err(ApiError::err("bio_length_overflow").into());
184 if let Some(Some(display_name)) = &display_name {
185 if !is_valid_display_name(display_name.trim()) {
186 return Err(ApiError::err("invalid_username").into());
190 if let Some(Some(matrix_user_id)) = &matrix_user_id {
191 if !is_valid_matrix_id(matrix_user_id) {
192 return Err(ApiError::err("invalid_matrix_id").into());
196 let local_user_id = local_user_view.local_user.id;
197 let person_id = local_user_view.person.id;
198 let default_listing_type = data.default_listing_type;
199 let default_sort_type = data.default_sort_type;
200 let password_encrypted = local_user_view.local_user.password_encrypted;
202 let person_form = PersonForm {
203 name: local_user_view.person.name,
209 updated: Some(naive_now()),
218 last_refreshed_at: None,
219 shared_inbox_url: None,
223 let person_res = blocking(context.pool(), move |conn| {
224 Person::update(conn, person_id, &person_form)
227 let _updated_person: Person = match person_res {
230 return Err(ApiError::err("user_already_exists").into());
234 let local_user_form = LocalUserForm {
238 show_nsfw: data.show_nsfw,
239 show_scores: data.show_scores,
240 theme: data.theme.to_owned(),
242 default_listing_type,
243 lang: data.lang.to_owned(),
244 show_avatars: data.show_avatars,
245 send_notifications_to_email: data.send_notifications_to_email,
248 let local_user_res = blocking(context.pool(), move |conn| {
249 LocalUser::update(conn, local_user_id, &local_user_form)
252 let updated_local_user = match local_user_res {
255 let err_type = if e.to_string()
256 == "duplicate key value violates unique constraint \"local_user_email_key\""
258 "email_already_exists"
260 "user_already_exists"
263 return Err(ApiError::err(err_type).into());
269 jwt: Claims::jwt(updated_local_user.id.0)?,
274 #[async_trait::async_trait(?Send)]
275 impl Perform for ChangePassword {
276 type Response = LoginResponse;
280 context: &Data<LemmyContext>,
281 _websocket_id: Option<ConnectionId>,
282 ) -> Result<LoginResponse, LemmyError> {
283 let data: &ChangePassword = &self;
284 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
286 password_length_check(&data.new_password)?;
288 // Make sure passwords match
289 if data.new_password != data.new_password_verify {
290 return Err(ApiError::err("passwords_dont_match").into());
293 // Check the old password
294 let valid: bool = verify(
296 &local_user_view.local_user.password_encrypted,
300 return Err(ApiError::err("password_incorrect").into());
303 let local_user_id = local_user_view.local_user.id;
304 let new_password = data.new_password.to_owned();
305 let updated_local_user = blocking(context.pool(), move |conn| {
306 LocalUser::update_password(conn, local_user_id, &new_password)
312 jwt: Claims::jwt(updated_local_user.id.0)?,
317 #[async_trait::async_trait(?Send)]
318 impl Perform for AddAdmin {
319 type Response = AddAdminResponse;
323 context: &Data<LemmyContext>,
324 websocket_id: Option<ConnectionId>,
325 ) -> Result<AddAdminResponse, LemmyError> {
326 let data: &AddAdmin = &self;
327 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
329 // Make sure user is an admin
330 is_admin(&local_user_view)?;
332 let added = data.added;
333 let added_person_id = data.person_id;
334 let added_admin = match blocking(context.pool(), move |conn| {
335 Person::add_admin(conn, added_person_id, added)
341 return Err(ApiError::err("couldnt_update_user").into());
346 let form = ModAddForm {
347 mod_person_id: local_user_view.person.id,
348 other_person_id: added_admin.id,
349 removed: Some(!data.added),
352 blocking(context.pool(), move |conn| ModAdd::create(conn, &form)).await??;
354 let site_creator_id = blocking(context.pool(), move |conn| {
355 Site::read(conn, 1).map(|s| s.creator_id)
359 let mut admins = blocking(context.pool(), move |conn| PersonViewSafe::admins(conn)).await??;
360 let creator_index = admins
362 .position(|r| r.person.id == site_creator_id)
363 .context(location_info!())?;
364 let creator_person = admins.remove(creator_index);
365 admins.insert(0, creator_person);
367 let res = AddAdminResponse { admins };
369 context.chat_server().do_send(SendAllMessage {
370 op: UserOperation::AddAdmin,
371 response: res.clone(),
379 #[async_trait::async_trait(?Send)]
380 impl Perform for BanPerson {
381 type Response = BanPersonResponse;
385 context: &Data<LemmyContext>,
386 websocket_id: Option<ConnectionId>,
387 ) -> Result<BanPersonResponse, LemmyError> {
388 let data: &BanPerson = &self;
389 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
391 // Make sure user is an admin
392 is_admin(&local_user_view)?;
395 let banned_person_id = data.person_id;
396 let ban_person = move |conn: &'_ _| Person::ban_person(conn, banned_person_id, ban);
397 if blocking(context.pool(), ban_person).await?.is_err() {
398 return Err(ApiError::err("couldnt_update_user").into());
401 // Remove their data if that's desired
402 if data.remove_data {
404 blocking(context.pool(), move |conn: &'_ _| {
405 Post::update_removed_for_creator(conn, banned_person_id, None, true)
410 blocking(context.pool(), move |conn: &'_ _| {
411 Community::update_removed_for_creator(conn, banned_person_id, true)
416 blocking(context.pool(), move |conn: &'_ _| {
417 Comment::update_removed_for_creator(conn, banned_person_id, true)
423 let expires = data.expires.map(naive_from_unix);
425 let form = ModBanForm {
426 mod_person_id: local_user_view.person.id,
427 other_person_id: data.person_id,
428 reason: data.reason.to_owned(),
429 banned: Some(data.ban),
433 blocking(context.pool(), move |conn| ModBan::create(conn, &form)).await??;
435 let person_id = data.person_id;
436 let person_view = blocking(context.pool(), move |conn| {
437 PersonViewSafe::read(conn, person_id)
441 let res = BanPersonResponse {
446 context.chat_server().do_send(SendAllMessage {
447 op: UserOperation::BanPerson,
448 response: res.clone(),
456 #[async_trait::async_trait(?Send)]
457 impl Perform for GetReplies {
458 type Response = GetRepliesResponse;
462 context: &Data<LemmyContext>,
463 _websocket_id: Option<ConnectionId>,
464 ) -> Result<GetRepliesResponse, LemmyError> {
465 let data: &GetReplies = &self;
466 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
468 let sort = SortType::from_str(&data.sort)?;
470 let page = data.page;
471 let limit = data.limit;
472 let unread_only = data.unread_only;
473 let person_id = local_user_view.person.id;
474 let replies = blocking(context.pool(), move |conn| {
475 CommentQueryBuilder::create(conn)
477 .unread_only(unread_only)
478 .recipient_id(person_id)
479 .my_person_id(person_id)
486 Ok(GetRepliesResponse { replies })
490 #[async_trait::async_trait(?Send)]
491 impl Perform for GetPersonMentions {
492 type Response = GetPersonMentionsResponse;
496 context: &Data<LemmyContext>,
497 _websocket_id: Option<ConnectionId>,
498 ) -> Result<GetPersonMentionsResponse, LemmyError> {
499 let data: &GetPersonMentions = &self;
500 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
502 let sort = SortType::from_str(&data.sort)?;
504 let page = data.page;
505 let limit = data.limit;
506 let unread_only = data.unread_only;
507 let person_id = local_user_view.person.id;
508 let mentions = blocking(context.pool(), move |conn| {
509 PersonMentionQueryBuilder::create(conn)
510 .recipient_id(person_id)
511 .my_person_id(person_id)
513 .unread_only(unread_only)
520 Ok(GetPersonMentionsResponse { mentions })
524 #[async_trait::async_trait(?Send)]
525 impl Perform for MarkPersonMentionAsRead {
526 type Response = PersonMentionResponse;
530 context: &Data<LemmyContext>,
531 _websocket_id: Option<ConnectionId>,
532 ) -> Result<PersonMentionResponse, LemmyError> {
533 let data: &MarkPersonMentionAsRead = &self;
534 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
536 let person_mention_id = data.person_mention_id;
537 let read_person_mention = blocking(context.pool(), move |conn| {
538 PersonMention::read(conn, person_mention_id)
542 if local_user_view.person.id != read_person_mention.recipient_id {
543 return Err(ApiError::err("couldnt_update_comment").into());
546 let person_mention_id = read_person_mention.id;
547 let read = data.read;
549 move |conn: &'_ _| PersonMention::update_read(conn, person_mention_id, read);
550 if blocking(context.pool(), update_mention).await?.is_err() {
551 return Err(ApiError::err("couldnt_update_comment").into());
554 let person_mention_id = read_person_mention.id;
555 let person_id = local_user_view.person.id;
556 let person_mention_view = blocking(context.pool(), move |conn| {
557 PersonMentionView::read(conn, person_mention_id, Some(person_id))
561 Ok(PersonMentionResponse {
567 #[async_trait::async_trait(?Send)]
568 impl Perform for MarkAllAsRead {
569 type Response = GetRepliesResponse;
573 context: &Data<LemmyContext>,
574 _websocket_id: Option<ConnectionId>,
575 ) -> Result<GetRepliesResponse, LemmyError> {
576 let data: &MarkAllAsRead = &self;
577 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
579 let person_id = local_user_view.person.id;
580 let replies = blocking(context.pool(), move |conn| {
581 CommentQueryBuilder::create(conn)
582 .my_person_id(person_id)
583 .recipient_id(person_id)
591 // TODO: this should probably be a bulk operation
592 // Not easy to do as a bulk operation,
593 // because recipient_id isn't in the comment table
594 for comment_view in &replies {
595 let reply_id = comment_view.comment.id;
596 let mark_as_read = move |conn: &'_ _| Comment::update_read(conn, reply_id, true);
597 if blocking(context.pool(), mark_as_read).await?.is_err() {
598 return Err(ApiError::err("couldnt_update_comment").into());
602 // Mark all user mentions as read
603 let update_person_mentions =
604 move |conn: &'_ _| PersonMention::mark_all_as_read(conn, person_id);
605 if blocking(context.pool(), update_person_mentions)
609 return Err(ApiError::err("couldnt_update_comment").into());
612 // Mark all private_messages as read
613 let update_pm = move |conn: &'_ _| PrivateMessage::mark_all_as_read(conn, person_id);
614 if blocking(context.pool(), update_pm).await?.is_err() {
615 return Err(ApiError::err("couldnt_update_private_message").into());
618 Ok(GetRepliesResponse { replies: vec![] })
622 #[async_trait::async_trait(?Send)]
623 impl Perform for PasswordReset {
624 type Response = PasswordResetResponse;
628 context: &Data<LemmyContext>,
629 _websocket_id: Option<ConnectionId>,
630 ) -> Result<PasswordResetResponse, LemmyError> {
631 let data: &PasswordReset = &self;
634 let email = data.email.clone();
635 let local_user_view = match blocking(context.pool(), move |conn| {
636 LocalUserView::find_by_email(conn, &email)
641 Err(_e) => return Err(ApiError::err("couldnt_find_that_username_or_email").into()),
644 // Generate a random token
645 let token = generate_random_string();
648 let token2 = token.clone();
649 let local_user_id = local_user_view.local_user.id;
650 blocking(context.pool(), move |conn| {
651 PasswordResetRequest::create_token(conn, local_user_id, &token2)
655 // Email the pure token to the user.
656 // TODO no i18n support here.
657 let email = &local_user_view.local_user.email.expect("email");
658 let subject = &format!("Password reset for {}", local_user_view.person.name);
659 let hostname = &Settings::get().get_protocol_and_hostname();
660 let html = &format!("<h1>Password Reset Request for {}</h1><br><a href={}/password_change/{}>Click here to reset your password</a>", local_user_view.person.name, hostname, &token);
661 match send_email(subject, email, &local_user_view.person.name, html) {
663 Err(_e) => return Err(ApiError::err(&_e).into()),
666 Ok(PasswordResetResponse {})
670 #[async_trait::async_trait(?Send)]
671 impl Perform for PasswordChange {
672 type Response = LoginResponse;
676 context: &Data<LemmyContext>,
677 _websocket_id: Option<ConnectionId>,
678 ) -> Result<LoginResponse, LemmyError> {
679 let data: &PasswordChange = &self;
681 // Fetch the user_id from the token
682 let token = data.token.clone();
683 let local_user_id = blocking(context.pool(), move |conn| {
684 PasswordResetRequest::read_from_token(conn, &token).map(|p| p.local_user_id)
688 password_length_check(&data.password)?;
690 // Make sure passwords match
691 if data.password != data.password_verify {
692 return Err(ApiError::err("passwords_dont_match").into());
695 // Update the user with the new password
696 let password = data.password.clone();
697 let updated_local_user = match blocking(context.pool(), move |conn| {
698 LocalUser::update_password(conn, local_user_id, &password)
703 Err(_e) => return Err(ApiError::err("couldnt_update_user").into()),
708 jwt: Claims::jwt(updated_local_user.id.0)?,
713 #[async_trait::async_trait(?Send)]
714 impl Perform for GetReportCount {
715 type Response = GetReportCountResponse;
719 context: &Data<LemmyContext>,
720 websocket_id: Option<ConnectionId>,
721 ) -> Result<GetReportCountResponse, LemmyError> {
722 let data: &GetReportCount = &self;
723 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
725 let person_id = local_user_view.person.id;
726 let community_id = data.community;
728 collect_moderated_communities(person_id, community_id, context.pool()).await?;
731 if community_ids.is_empty() {
732 GetReportCountResponse {
738 let ids = community_ids.clone();
739 let comment_reports = blocking(context.pool(), move |conn| {
740 CommentReportView::get_report_count(conn, &ids)
744 let ids = community_ids.clone();
745 let post_reports = blocking(context.pool(), move |conn| {
746 PostReportView::get_report_count(conn, &ids)
750 GetReportCountResponse {
751 community: data.community,
758 context.chat_server().do_send(SendUserRoomMessage {
759 op: UserOperation::GetReportCount,
760 response: res.clone(),
761 local_recipient_id: local_user_view.local_user.id,
769 #[async_trait::async_trait(?Send)]
770 impl Perform for GetFollowedCommunities {
771 type Response = GetFollowedCommunitiesResponse;
775 context: &Data<LemmyContext>,
776 _websocket_id: Option<ConnectionId>,
777 ) -> Result<GetFollowedCommunitiesResponse, LemmyError> {
778 let data: &GetFollowedCommunities = &self;
779 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
781 let person_id = local_user_view.person.id;
782 let communities = match blocking(context.pool(), move |conn| {
783 CommunityFollowerView::for_person(conn, person_id)
787 Ok(communities) => communities,
788 _ => return Err(ApiError::err("system_err_login").into()),
792 Ok(GetFollowedCommunitiesResponse { communities })
projects / lemmy.git / blob