1 use crate::{captcha_as_wav_base64, Perform};
2 use actix_web::web::Data;
5 use captcha::{gen, Difficulty};
7 use lemmy_api_common::{
9 collect_moderated_communities,
10 community::{GetFollowedCommunities, GetFollowedCommunitiesResponse},
11 get_local_user_view_from_jwt,
13 password_length_check,
16 use lemmy_db_queries::{
17 diesel_option_overwrite,
18 diesel_option_overwrite_to_url,
21 local_user::LocalUser_,
22 password_reset_request::PasswordResetRequest_,
24 person_mention::PersonMention_,
26 private_message::PrivateMessage_,
31 use lemmy_db_schema::{
35 local_user::{LocalUser, LocalUserForm},
37 password_reset_request::*,
41 private_message::PrivateMessage,
46 comment_report_view::CommentReportView,
47 comment_view::CommentQueryBuilder,
48 local_user_view::LocalUserView,
49 post_report_view::PostReportView,
51 use lemmy_db_views_actor::{
52 community_follower_view::CommunityFollowerView,
53 person_mention_view::{PersonMentionQueryBuilder, PersonMentionView},
54 person_view::PersonViewSafe,
60 settings::structs::Settings,
61 utils::{generate_random_string, is_valid_display_name, is_valid_matrix_id, naive_from_unix},
66 use lemmy_websocket::{
67 messages::{CaptchaItem, SendAllMessage, SendUserRoomMessage},
71 use std::str::FromStr;
73 #[async_trait::async_trait(?Send)]
74 impl Perform for Login {
75 type Response = LoginResponse;
79 context: &Data<LemmyContext>,
80 _websocket_id: Option<ConnectionId>,
81 ) -> Result<LoginResponse, LemmyError> {
82 let data: &Login = &self;
84 // Fetch that username / email
85 let username_or_email = data.username_or_email.clone();
86 let local_user_view = match blocking(context.pool(), move |conn| {
87 LocalUserView::find_by_email_or_name(conn, &username_or_email)
92 Err(_e) => return Err(ApiError::err("couldnt_find_that_username_or_email").into()),
95 // Verify the password
96 let valid: bool = verify(
98 &local_user_view.local_user.password_encrypted,
102 return Err(ApiError::err("password_incorrect").into());
107 jwt: Claims::jwt(local_user_view.local_user.id.0)?,
112 #[async_trait::async_trait(?Send)]
113 impl Perform for GetCaptcha {
114 type Response = GetCaptchaResponse;
118 context: &Data<LemmyContext>,
119 _websocket_id: Option<ConnectionId>,
120 ) -> Result<Self::Response, LemmyError> {
121 let captcha_settings = Settings::get().captcha();
123 if !captcha_settings.enabled {
124 return Ok(GetCaptchaResponse { ok: None });
127 let captcha = match captcha_settings.difficulty.as_str() {
128 "easy" => gen(Difficulty::Easy),
129 "medium" => gen(Difficulty::Medium),
130 "hard" => gen(Difficulty::Hard),
131 _ => gen(Difficulty::Medium),
134 let answer = captcha.chars_as_string();
136 let png = captcha.as_base64().expect("failed to generate captcha");
138 let uuid = uuid::Uuid::new_v4().to_string();
140 let wav = captcha_as_wav_base64(&captcha);
142 let captcha_item = CaptchaItem {
144 uuid: uuid.to_owned(),
145 expires: naive_now() + Duration::minutes(10), // expires in 10 minutes
148 // Stores the captcha item on the queue
149 context.chat_server().do_send(captcha_item);
151 Ok(GetCaptchaResponse {
152 ok: Some(CaptchaResponse { png, wav, uuid }),
157 #[async_trait::async_trait(?Send)]
158 impl Perform for SaveUserSettings {
159 type Response = LoginResponse;
163 context: &Data<LemmyContext>,
164 _websocket_id: Option<ConnectionId>,
165 ) -> Result<LoginResponse, LemmyError> {
166 let data: &SaveUserSettings = &self;
167 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
169 let avatar = diesel_option_overwrite_to_url(&data.avatar)?;
170 let banner = diesel_option_overwrite_to_url(&data.banner)?;
171 let email = diesel_option_overwrite(&data.email);
172 let bio = diesel_option_overwrite(&data.bio);
173 let display_name = diesel_option_overwrite(&data.display_name);
174 let matrix_user_id = diesel_option_overwrite(&data.matrix_user_id);
176 if let Some(Some(bio)) = &bio {
177 if bio.chars().count() > 300 {
178 return Err(ApiError::err("bio_length_overflow").into());
182 if let Some(Some(display_name)) = &display_name {
183 if !is_valid_display_name(display_name.trim()) {
184 return Err(ApiError::err("invalid_username").into());
188 if let Some(Some(matrix_user_id)) = &matrix_user_id {
189 if !is_valid_matrix_id(matrix_user_id) {
190 return Err(ApiError::err("invalid_matrix_id").into());
194 let local_user_id = local_user_view.local_user.id;
195 let person_id = local_user_view.person.id;
196 let default_listing_type = data.default_listing_type;
197 let default_sort_type = data.default_sort_type;
198 let password_encrypted = local_user_view.local_user.password_encrypted;
200 let person_form = PersonForm {
201 name: local_user_view.person.name,
207 updated: Some(naive_now()),
216 last_refreshed_at: None,
217 shared_inbox_url: None,
221 let person_res = blocking(context.pool(), move |conn| {
222 Person::update(conn, person_id, &person_form)
225 let _updated_person: Person = match person_res {
228 return Err(ApiError::err("user_already_exists").into());
232 let local_user_form = LocalUserForm {
236 show_nsfw: data.show_nsfw,
237 show_scores: data.show_scores,
238 theme: data.theme.to_owned(),
240 default_listing_type,
241 lang: data.lang.to_owned(),
242 show_avatars: data.show_avatars,
243 send_notifications_to_email: data.send_notifications_to_email,
246 let local_user_res = blocking(context.pool(), move |conn| {
247 LocalUser::update(conn, local_user_id, &local_user_form)
250 let updated_local_user = match local_user_res {
253 let err_type = if e.to_string()
254 == "duplicate key value violates unique constraint \"local_user_email_key\""
256 "email_already_exists"
258 "user_already_exists"
261 return Err(ApiError::err(err_type).into());
267 jwt: Claims::jwt(updated_local_user.id.0)?,
272 #[async_trait::async_trait(?Send)]
273 impl Perform for ChangePassword {
274 type Response = LoginResponse;
278 context: &Data<LemmyContext>,
279 _websocket_id: Option<ConnectionId>,
280 ) -> Result<LoginResponse, LemmyError> {
281 let data: &ChangePassword = &self;
282 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
284 password_length_check(&data.new_password)?;
286 // Make sure passwords match
287 if data.new_password != data.new_password_verify {
288 return Err(ApiError::err("passwords_dont_match").into());
291 // Check the old password
292 let valid: bool = verify(
294 &local_user_view.local_user.password_encrypted,
298 return Err(ApiError::err("password_incorrect").into());
301 let local_user_id = local_user_view.local_user.id;
302 let new_password = data.new_password.to_owned();
303 let updated_local_user = blocking(context.pool(), move |conn| {
304 LocalUser::update_password(conn, local_user_id, &new_password)
310 jwt: Claims::jwt(updated_local_user.id.0)?,
315 #[async_trait::async_trait(?Send)]
316 impl Perform for AddAdmin {
317 type Response = AddAdminResponse;
321 context: &Data<LemmyContext>,
322 websocket_id: Option<ConnectionId>,
323 ) -> Result<AddAdminResponse, LemmyError> {
324 let data: &AddAdmin = &self;
325 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
327 // Make sure user is an admin
328 is_admin(&local_user_view)?;
330 let added = data.added;
331 let added_person_id = data.person_id;
332 let added_admin = match blocking(context.pool(), move |conn| {
333 Person::add_admin(conn, added_person_id, added)
339 return Err(ApiError::err("couldnt_update_user").into());
344 let form = ModAddForm {
345 mod_person_id: local_user_view.person.id,
346 other_person_id: added_admin.id,
347 removed: Some(!data.added),
350 blocking(context.pool(), move |conn| ModAdd::create(conn, &form)).await??;
352 let site_creator_id = blocking(context.pool(), move |conn| {
353 Site::read(conn, 1).map(|s| s.creator_id)
357 let mut admins = blocking(context.pool(), move |conn| PersonViewSafe::admins(conn)).await??;
358 let creator_index = admins
360 .position(|r| r.person.id == site_creator_id)
361 .context(location_info!())?;
362 let creator_person = admins.remove(creator_index);
363 admins.insert(0, creator_person);
365 let res = AddAdminResponse { admins };
367 context.chat_server().do_send(SendAllMessage {
368 op: UserOperation::AddAdmin,
369 response: res.clone(),
377 #[async_trait::async_trait(?Send)]
378 impl Perform for BanPerson {
379 type Response = BanPersonResponse;
383 context: &Data<LemmyContext>,
384 websocket_id: Option<ConnectionId>,
385 ) -> Result<BanPersonResponse, LemmyError> {
386 let data: &BanPerson = &self;
387 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
389 // Make sure user is an admin
390 is_admin(&local_user_view)?;
393 let banned_person_id = data.person_id;
394 let ban_person = move |conn: &'_ _| Person::ban_person(conn, banned_person_id, ban);
395 if blocking(context.pool(), ban_person).await?.is_err() {
396 return Err(ApiError::err("couldnt_update_user").into());
399 // Remove their data if that's desired
400 if data.remove_data {
402 blocking(context.pool(), move |conn: &'_ _| {
403 Post::update_removed_for_creator(conn, banned_person_id, None, true)
408 // Remove all communities where they're the top mod
409 // TODO couldn't get group by's working in diesel,
410 // for now, remove the communities manually
413 blocking(context.pool(), move |conn: &'_ _| {
414 Comment::update_removed_for_creator(conn, banned_person_id, true)
420 let expires = data.expires.map(naive_from_unix);
422 let form = ModBanForm {
423 mod_person_id: local_user_view.person.id,
424 other_person_id: data.person_id,
425 reason: data.reason.to_owned(),
426 banned: Some(data.ban),
430 blocking(context.pool(), move |conn| ModBan::create(conn, &form)).await??;
432 let person_id = data.person_id;
433 let person_view = blocking(context.pool(), move |conn| {
434 PersonViewSafe::read(conn, person_id)
438 let res = BanPersonResponse {
443 context.chat_server().do_send(SendAllMessage {
444 op: UserOperation::BanPerson,
445 response: res.clone(),
453 #[async_trait::async_trait(?Send)]
454 impl Perform for GetReplies {
455 type Response = GetRepliesResponse;
459 context: &Data<LemmyContext>,
460 _websocket_id: Option<ConnectionId>,
461 ) -> Result<GetRepliesResponse, LemmyError> {
462 let data: &GetReplies = &self;
463 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
465 let sort = SortType::from_str(&data.sort)?;
467 let page = data.page;
468 let limit = data.limit;
469 let unread_only = data.unread_only;
470 let person_id = local_user_view.person.id;
471 let replies = blocking(context.pool(), move |conn| {
472 CommentQueryBuilder::create(conn)
474 .unread_only(unread_only)
475 .recipient_id(person_id)
476 .my_person_id(person_id)
483 Ok(GetRepliesResponse { replies })
487 #[async_trait::async_trait(?Send)]
488 impl Perform for GetPersonMentions {
489 type Response = GetPersonMentionsResponse;
493 context: &Data<LemmyContext>,
494 _websocket_id: Option<ConnectionId>,
495 ) -> Result<GetPersonMentionsResponse, LemmyError> {
496 let data: &GetPersonMentions = &self;
497 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
499 let sort = SortType::from_str(&data.sort)?;
501 let page = data.page;
502 let limit = data.limit;
503 let unread_only = data.unread_only;
504 let person_id = local_user_view.person.id;
505 let mentions = blocking(context.pool(), move |conn| {
506 PersonMentionQueryBuilder::create(conn)
507 .recipient_id(person_id)
508 .my_person_id(person_id)
510 .unread_only(unread_only)
517 Ok(GetPersonMentionsResponse { mentions })
521 #[async_trait::async_trait(?Send)]
522 impl Perform for MarkPersonMentionAsRead {
523 type Response = PersonMentionResponse;
527 context: &Data<LemmyContext>,
528 _websocket_id: Option<ConnectionId>,
529 ) -> Result<PersonMentionResponse, LemmyError> {
530 let data: &MarkPersonMentionAsRead = &self;
531 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
533 let person_mention_id = data.person_mention_id;
534 let read_person_mention = blocking(context.pool(), move |conn| {
535 PersonMention::read(conn, person_mention_id)
539 if local_user_view.person.id != read_person_mention.recipient_id {
540 return Err(ApiError::err("couldnt_update_comment").into());
543 let person_mention_id = read_person_mention.id;
544 let read = data.read;
546 move |conn: &'_ _| PersonMention::update_read(conn, person_mention_id, read);
547 if blocking(context.pool(), update_mention).await?.is_err() {
548 return Err(ApiError::err("couldnt_update_comment").into());
551 let person_mention_id = read_person_mention.id;
552 let person_id = local_user_view.person.id;
553 let person_mention_view = blocking(context.pool(), move |conn| {
554 PersonMentionView::read(conn, person_mention_id, Some(person_id))
558 Ok(PersonMentionResponse {
564 #[async_trait::async_trait(?Send)]
565 impl Perform for MarkAllAsRead {
566 type Response = GetRepliesResponse;
570 context: &Data<LemmyContext>,
571 _websocket_id: Option<ConnectionId>,
572 ) -> Result<GetRepliesResponse, LemmyError> {
573 let data: &MarkAllAsRead = &self;
574 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
576 let person_id = local_user_view.person.id;
577 let replies = blocking(context.pool(), move |conn| {
578 CommentQueryBuilder::create(conn)
579 .my_person_id(person_id)
580 .recipient_id(person_id)
588 // TODO: this should probably be a bulk operation
589 // Not easy to do as a bulk operation,
590 // because recipient_id isn't in the comment table
591 for comment_view in &replies {
592 let reply_id = comment_view.comment.id;
593 let mark_as_read = move |conn: &'_ _| Comment::update_read(conn, reply_id, true);
594 if blocking(context.pool(), mark_as_read).await?.is_err() {
595 return Err(ApiError::err("couldnt_update_comment").into());
599 // Mark all user mentions as read
600 let update_person_mentions =
601 move |conn: &'_ _| PersonMention::mark_all_as_read(conn, person_id);
602 if blocking(context.pool(), update_person_mentions)
606 return Err(ApiError::err("couldnt_update_comment").into());
609 // Mark all private_messages as read
610 let update_pm = move |conn: &'_ _| PrivateMessage::mark_all_as_read(conn, person_id);
611 if blocking(context.pool(), update_pm).await?.is_err() {
612 return Err(ApiError::err("couldnt_update_private_message").into());
615 Ok(GetRepliesResponse { replies: vec![] })
619 #[async_trait::async_trait(?Send)]
620 impl Perform for PasswordReset {
621 type Response = PasswordResetResponse;
625 context: &Data<LemmyContext>,
626 _websocket_id: Option<ConnectionId>,
627 ) -> Result<PasswordResetResponse, LemmyError> {
628 let data: &PasswordReset = &self;
631 let email = data.email.clone();
632 let local_user_view = match blocking(context.pool(), move |conn| {
633 LocalUserView::find_by_email(conn, &email)
638 Err(_e) => return Err(ApiError::err("couldnt_find_that_username_or_email").into()),
641 // Generate a random token
642 let token = generate_random_string();
645 let token2 = token.clone();
646 let local_user_id = local_user_view.local_user.id;
647 blocking(context.pool(), move |conn| {
648 PasswordResetRequest::create_token(conn, local_user_id, &token2)
652 // Email the pure token to the user.
653 // TODO no i18n support here.
654 let email = &local_user_view.local_user.email.expect("email");
655 let subject = &format!("Password reset for {}", local_user_view.person.name);
656 let hostname = &Settings::get().get_protocol_and_hostname();
657 let html = &format!("<h1>Password Reset Request for {}</h1><br><a href={}/password_change/{}>Click here to reset your password</a>", local_user_view.person.name, hostname, &token);
658 match send_email(subject, email, &local_user_view.person.name, html) {
660 Err(_e) => return Err(ApiError::err(&_e).into()),
663 Ok(PasswordResetResponse {})
667 #[async_trait::async_trait(?Send)]
668 impl Perform for PasswordChange {
669 type Response = LoginResponse;
673 context: &Data<LemmyContext>,
674 _websocket_id: Option<ConnectionId>,
675 ) -> Result<LoginResponse, LemmyError> {
676 let data: &PasswordChange = &self;
678 // Fetch the user_id from the token
679 let token = data.token.clone();
680 let local_user_id = blocking(context.pool(), move |conn| {
681 PasswordResetRequest::read_from_token(conn, &token).map(|p| p.local_user_id)
685 password_length_check(&data.password)?;
687 // Make sure passwords match
688 if data.password != data.password_verify {
689 return Err(ApiError::err("passwords_dont_match").into());
692 // Update the user with the new password
693 let password = data.password.clone();
694 let updated_local_user = match blocking(context.pool(), move |conn| {
695 LocalUser::update_password(conn, local_user_id, &password)
700 Err(_e) => return Err(ApiError::err("couldnt_update_user").into()),
705 jwt: Claims::jwt(updated_local_user.id.0)?,
710 #[async_trait::async_trait(?Send)]
711 impl Perform for GetReportCount {
712 type Response = GetReportCountResponse;
716 context: &Data<LemmyContext>,
717 websocket_id: Option<ConnectionId>,
718 ) -> Result<GetReportCountResponse, LemmyError> {
719 let data: &GetReportCount = &self;
720 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
722 let person_id = local_user_view.person.id;
723 let community_id = data.community;
725 collect_moderated_communities(person_id, community_id, context.pool()).await?;
728 if community_ids.is_empty() {
729 GetReportCountResponse {
735 let ids = community_ids.clone();
736 let comment_reports = blocking(context.pool(), move |conn| {
737 CommentReportView::get_report_count(conn, &ids)
741 let ids = community_ids.clone();
742 let post_reports = blocking(context.pool(), move |conn| {
743 PostReportView::get_report_count(conn, &ids)
747 GetReportCountResponse {
748 community: data.community,
755 context.chat_server().do_send(SendUserRoomMessage {
756 op: UserOperation::GetReportCount,
757 response: res.clone(),
758 local_recipient_id: local_user_view.local_user.id,
766 #[async_trait::async_trait(?Send)]
767 impl Perform for GetFollowedCommunities {
768 type Response = GetFollowedCommunitiesResponse;
772 context: &Data<LemmyContext>,
773 _websocket_id: Option<ConnectionId>,
774 ) -> Result<GetFollowedCommunitiesResponse, LemmyError> {
775 let data: &GetFollowedCommunities = &self;
776 let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
778 let person_id = local_user_view.person.id;
779 let communities = match blocking(context.pool(), move |conn| {
780 CommunityFollowerView::for_person(conn, person_id)
784 Ok(communities) => communities,
785 _ => return Err(ApiError::err("system_err_login").into()),
789 Ok(GetFollowedCommunitiesResponse { communities })
projects / lemmy.git / blob