aykhans/slash-e
1
0
Fork 0
mirror of https://github.com/aykhans/slash-e.git synced 2025-07-03 20:21:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: implement api v1 for users

Browse Source
This commit is contained in:
Steven
2023-06-20 16:53:31 +08:00
parent 6004a2f657
commit 06926c31dd
8 changed files with 155 additions and 537 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
api/v1/auth.go
View File

@ -5,7 +5,6 @@ import (
"fmt"
"net/http"
"github.com/boojack/shortify/api"
"github.com/boojack/shortify/server/auth"
"github.com/boojack/shortify/store"
"github.com/labstack/echo/v4"
@ -38,7 +37,7 @@ func (s *APIV1Service) registerAuthRoutes(g *echo.Group, secret string) {
return echo.NewHTTPError(http.StatusBadRequest, "Malformatted signin request").SetInternal(err)
}
user, err := s.Store.GetUserV1(ctx, &store.FindUser{
user, err := s.Store.GetUser(ctx, &store.FindUser{
Username: &signin.Username,
})
if err != nil {
@ -79,7 +78,7 @@ func (s *APIV1Service) registerAuthRoutes(g *echo.Group, secret string) {
}
user.PasswordHash = string(passwordHash)
existingUsers, err := s.Store.FindUserList(ctx, &api.UserFind{})
existingUsers, err := s.Store.ListUsers(ctx, &store.FindUser{})
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find existing users").SetInternal(err)
}
@ -90,7 +89,7 @@ func (s *APIV1Service) registerAuthRoutes(g *echo.Group, secret string) {
user.Role = store.RoleUser
}
user, err = s.Store.CreateUserV1(ctx, user)
user, err = s.Store.CreateUser(ctx, user)
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create user").SetInternal(err)
}

158
api/v1/user.go
View File

@ -1,12 +1,15 @@
package v1
import (
"encoding/json"
"fmt"
"net/http"
"net/mail"
"strconv"
"github.com/boojack/shortify/store"
"github.com/labstack/echo/v4"
"golang.org/x/crypto/bcrypt"
)
// Role is the type of a role.
@ -38,46 +41,42 @@ type User struct {
RowStatus RowStatus `json:"rowStatus"`
// Domain specific fields
Email string `json:"email"`
DisplayName string `json:"displayName"`
PasswordHash string `json:"-"`
Role Role `json:"role"`
UserSettingList []*UserSetting `json:"userSettingList"`
Username string `json:"username"`
Nickname string `json:"nickname"`
Email string `json:"email"`
Role Role `json:"role"`
}
type UserCreate struct {
Email string `json:"email"`
DisplayName string `json:"displayName"`
Password string `json:"password"`
PasswordHash string `json:"-"`
Role Role `json:"-"`
type CreateUserRequest struct {
Username string `json:"username"`
Nickname string `json:"nickname"`
Email string `json:"email"`
Password string `json:"password"`
Role Role `json:"-"`
}
func (create UserCreate) Validate() error {
if len(create.Email) < 3 {
return fmt.Errorf("email is too short, minimum length is 6")
func (create CreateUserRequest) Validate() error {
if len(create.Username) < 3 {
return fmt.Errorf("username is too short, minimum length is 3")
}
if !validateEmail(create.Email) {
if create.Nickname != "" && len(create.Nickname) < 3 {
return fmt.Errorf("username is too short, minimum length is 3")
}
if create.Email != "" && !validateEmail(create.Email) {
return fmt.Errorf("invalid email format")
}
if len(create.Password) < 3 {
return fmt.Errorf("password is too short, minimum length is 6")
return fmt.Errorf("password is too short, minimum length is 3")
}
return nil
}
type UserPatch struct {
ID int
// Standard fields
RowStatus *RowStatus `json:"rowStatus"`
// Domain specific fields
Email *string `json:"email"`
DisplayName *string `json:"displayName"`
Password *string `json:"password"`
PasswordHash *string `json:"-"`
type PatchUserRequest struct {
RowStatus *RowStatus `json:"rowStatus"`
Email *string `json:"email"`
DisplayName *string `json:"displayName"`
Password *string `json:"password"`
}
type UserDelete struct {
@ -86,7 +85,13 @@ type UserDelete struct {
func (s *APIV1Service) registerUserRoutes(g *echo.Group) {
g.GET("/user", func(c echo.Context) error {
return c.String(200, "GET /user")
ctx := c.Request().Context()
userList, err := s.Store.ListUsers(ctx, &store.FindUser{})
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user list").SetInternal(err)
}
return c.JSON(http.StatusOK, userList)
})
// GET /api/user/me is used to check if the user is logged in.
@ -97,7 +102,7 @@ func (s *APIV1Service) registerUserRoutes(g *echo.Group) {
return echo.NewHTTPError(http.StatusUnauthorized, "Missing auth session")
}
user, err := s.Store.GetUserV1(ctx, &store.FindUser{
user, err := s.Store.GetUser(ctx, &store.FindUser{
ID: &userID,
})
if err != nil {
@ -106,6 +111,101 @@ func (s *APIV1Service) registerUserRoutes(g *echo.Group) {
return c.JSON(http.StatusOK, user)
})
g.GET("/user/:id", func(c echo.Context) error {
ctx := c.Request().Context()
userID, err := strconv.Atoi(c.Param("id"))
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, "Malformatted user id").SetInternal(err)
}
user, err := s.Store.GetUser(ctx, &store.FindUser{
ID: &userID,
})
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
}
return c.JSON(http.StatusOK, user)
})
g.PATCH("/user/:id", func(c echo.Context) error {
ctx := c.Request().Context()
userID, err := strconv.Atoi(c.Param("id"))
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("id"))).SetInternal(err)
}
currentUserID, ok := c.Get(getUserIDContextKey()).(int)
if !ok {
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
}
if currentUserID != userID {
return echo.NewHTTPError(http.StatusForbidden, "Access forbidden for current session user").SetInternal(err)
}
userPatch := &PatchUserRequest{}
if err := json.NewDecoder(c.Request().Body).Decode(userPatch); err != nil {
return echo.NewHTTPError(http.StatusBadRequest, "Malformatted patch user request").SetInternal(err)
}
updateUser := &store.UpdateUser{
ID: currentUserID,
}
if userPatch.Email != nil && !validateEmail(*userPatch.Email) {
return echo.NewHTTPError(http.StatusBadRequest, "Invalid email format")
}
if userPatch.Password != nil && *userPatch.Password != "" {
passwordHash, err := bcrypt.GenerateFromPassword([]byte(*userPatch.Password), bcrypt.DefaultCost)
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate password hash").SetInternal(err)
}
passwordHashStr := string(passwordHash)
updateUser.PasswordHash = &passwordHashStr
}
user, err := s.Store.UpdateUser(ctx, updateUser)
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to update user").SetInternal(err)
}
return c.JSON(http.StatusOK, user)
})
g.DELETE("/user/:id", func(c echo.Context) error {
ctx := c.Request().Context()
currentUserID, ok := c.Get(getUserIDContextKey()).(int)
if !ok {
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
}
currentUser, err := s.Store.GetUser(ctx, &store.FindUser{
ID: &currentUserID,
})
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
}
if currentUser == nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Current session user not found with ID: %d", currentUserID)).SetInternal(err)
}
if currentUser.Role != store.RoleAdmin {
return echo.NewHTTPError(http.StatusForbidden, "Access forbidden for current session user").SetInternal(err)
}
userID, err := strconv.Atoi(c.Param("id"))
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("id"))).SetInternal(err)
}
if err := s.Store.DeleteUser(ctx, &store.DeleteUser{
ID: userID,
}); err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to delete user").SetInternal(err)
}
return c.JSON(http.StatusOK, true)
})
}
// validateEmail validates the email.