2025-03-22 22:17:47 -04:00
use super ::* ;
2025-03-23 21:19:16 -04:00
use crate ::cache ::Cache ;
2025-04-02 11:39:51 -04:00
use crate ::model ::moderation ::AuditLogEntry ;
2025-03-23 18:03:11 -04:00
use crate ::model ::{
Error , Result ,
2025-03-25 23:58:27 -04:00
auth ::{ Token , User , UserSettings } ,
2025-03-23 18:03:11 -04:00
permissions ::FinePermission ,
} ;
2025-03-23 18:58:09 -04:00
use crate ::{ auto_method , execute , get , query_row } ;
2025-04-01 16:12:13 -04:00
use pathbufd ::PathBufD ;
use std ::fs ::{ exists , remove_file } ;
2025-03-31 11:45:34 -04:00
use tetratto_shared ::hash ::{ hash_salted , salt } ;
2025-03-22 22:17:47 -04:00
#[ cfg(feature = " sqlite " ) ]
use rusqlite ::Row ;
#[ cfg(feature = " postgres " ) ]
use tokio_postgres ::Row ;
impl DataManager {
/// Get a [`User`] from an SQL row.
pub ( crate ) fn get_user_from_row (
#[ cfg(feature = " sqlite " ) ] x : & Row < '_ > ,
#[ cfg(feature = " postgres " ) ] x : & Row ,
) -> User {
User {
2025-03-29 00:26:56 -04:00
id : get ! ( x ->0 ( isize ) ) as usize ,
created : get ! ( x ->1 ( isize ) ) as usize ,
2025-03-22 22:17:47 -04:00
username : get ! ( x ->2 ( String ) ) ,
password : get ! ( x ->3 ( String ) ) ,
salt : get ! ( x ->4 ( String ) ) ,
settings : serde_json ::from_str ( & get! ( x ->5 ( String ) ) . to_string ( ) ) . unwrap ( ) ,
tokens : serde_json ::from_str ( & get! ( x ->6 ( String ) ) . to_string ( ) ) . unwrap ( ) ,
2025-03-23 16:37:43 -04:00
permissions : FinePermission ::from_bits ( get! ( x ->7 ( u32 ) ) ) . unwrap ( ) ,
2025-03-26 21:46:21 -04:00
is_verified : if get! ( x ->8 ( i8 ) ) = = 1 { true } else { false } ,
2025-03-25 21:19:55 -04:00
// counts
2025-03-29 00:26:56 -04:00
notification_count : get ! ( x ->9 ( isize ) ) as usize ,
follower_count : get ! ( x ->10 ( isize ) ) as usize ,
following_count : get ! ( x ->11 ( isize ) ) as usize ,
2025-03-22 22:17:47 -04:00
}
}
2025-03-25 21:19:55 -04:00
auto_method! ( get_user_by_id ( usize ) @ get_user_from_row -> " SELECT * FROM users WHERE id = $1 " - - name = " user " - - returns = User - - cache - key - tmpl = " atto.user:{} " ) ;
2025-03-23 21:19:16 -04:00
auto_method! ( get_user_by_username ( & str ) @ get_user_from_row -> " SELECT * FROM users WHERE username = $1 " - - name = " user " - - returns = User - - cache - key - tmpl = " atto.user:{} " ) ;
2025-03-22 22:17:47 -04:00
/// Get a user given just their auth token.
///
/// # Arguments
/// * `token` - the token of the user
pub async fn get_user_by_token ( & self , token : & str ) -> Result < User > {
let conn = match self . connect ( ) . await {
Ok ( c ) = > c ,
Err ( e ) = > return Err ( Error ::DatabaseConnection ( e . to_string ( ) ) ) ,
} ;
let res = query_row! (
& conn ,
" SELECT * FROM users WHERE tokens LIKE $1 " ,
& [ & format! ( " % \" {token} \" % " ) ] ,
| x | Ok ( Self ::get_user_from_row ( x ) )
) ;
if res . is_err ( ) {
return Err ( Error ::UserNotFound ) ;
}
Ok ( res . unwrap ( ) )
}
/// Create a new user in the database.
///
/// # Arguments
/// * `data` - a mock [`User`] object to insert
pub async fn create_user ( & self , data : User ) -> Result < ( ) > {
if self . 0. security . registration_enabled = = false {
return Err ( Error ::RegistrationDisabled ) ;
}
// check values
if data . username . len ( ) < 2 {
return Err ( Error ::DataTooShort ( " username " . to_string ( ) ) ) ;
} else if data . username . len ( ) > 32 {
return Err ( Error ::DataTooLong ( " username " . to_string ( ) ) ) ;
}
if data . password . len ( ) < 6 {
return Err ( Error ::DataTooShort ( " password " . to_string ( ) ) ) ;
}
2025-03-31 22:35:11 -04:00
if self . 0. banned_usernames . contains ( & data . username ) {
return Err ( Error ::MiscError ( " This username cannot be used " . to_string ( ) ) ) ;
}
2025-03-30 22:33:07 -04:00
// make sure username isn't taken
if self . get_user_by_username ( & data . username ) . await . is_ok ( ) {
2025-03-31 11:45:34 -04:00
return Err ( Error ::UsernameInUse ) ;
2025-03-30 22:33:07 -04:00
}
2025-03-22 22:17:47 -04:00
// ...
let conn = match self . connect ( ) . await {
Ok ( c ) = > c ,
Err ( e ) = > return Err ( Error ::DatabaseConnection ( e . to_string ( ) ) ) ,
} ;
let res = execute! (
& conn ,
2025-03-26 21:46:21 -04:00
" INSERT INTO users VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12) " ,
2025-03-22 22:17:47 -04:00
& [
2025-03-23 16:37:43 -04:00
& data . id . to_string ( ) . as_str ( ) ,
& data . created . to_string ( ) . as_str ( ) ,
2025-03-30 22:33:07 -04:00
& data . username . to_lowercase ( ) . as_str ( ) ,
2025-03-23 16:37:43 -04:00
& data . password . as_str ( ) ,
& data . salt . as_str ( ) ,
& serde_json ::to_string ( & data . settings ) . unwrap ( ) . as_str ( ) ,
& serde_json ::to_string ( & data . tokens ) . unwrap ( ) . as_str ( ) ,
2025-03-25 18:18:33 -04:00
& ( FinePermission ::DEFAULT . bits ( ) ) . to_string ( ) . as_str ( ) ,
2025-03-26 21:46:21 -04:00
& ( if data . is_verified { 1 } else { 0 } ) . to_string ( ) . as_str ( ) ,
2025-03-25 21:19:55 -04:00
& 0. to_string ( ) . as_str ( ) ,
& 0. to_string ( ) . as_str ( ) ,
2025-03-25 18:18:33 -04:00
& 0. to_string ( ) . as_str ( )
2025-03-22 22:17:47 -04:00
]
) ;
if let Err ( e ) = res {
return Err ( Error ::DatabaseError ( e . to_string ( ) ) ) ;
}
Ok ( ( ) )
}
2025-03-29 00:26:56 -04:00
/// Delete an existing user in the database.
2025-03-22 22:17:47 -04:00
///
/// # Arguments
/// * `id` - the ID of the user
/// * `password` - the current password of the user
/// * `force` - if we should delete even if the given password is incorrect
2025-03-25 21:19:55 -04:00
pub async fn delete_user ( & self , id : usize , password : & str , force : bool ) -> Result < ( ) > {
2025-03-22 22:17:47 -04:00
let user = self . get_user_by_id ( id ) . await ? ;
2025-03-31 11:45:34 -04:00
if ( hash_salted ( password . to_string ( ) , user . salt . clone ( ) ) ! = user . password ) & & ! force {
2025-03-22 22:17:47 -04:00
return Err ( Error ::IncorrectPassword ) ;
}
let conn = match self . connect ( ) . await {
Ok ( c ) = > c ,
Err ( e ) = > return Err ( Error ::DatabaseConnection ( e . to_string ( ) ) ) ,
} ;
2025-03-31 19:31:36 -04:00
let res = execute! ( & conn , " DELETE FROM users WHERE id = $1 " , & [ & ( id as isize ) ] ) ;
2025-03-22 22:17:47 -04:00
if let Err ( e ) = res {
return Err ( Error ::DatabaseError ( e . to_string ( ) ) ) ;
}
2025-03-31 11:45:34 -04:00
self . cache_clear_user ( & user ) . await ;
2025-03-23 21:19:16 -04:00
2025-04-01 16:12:13 -04:00
// delete communities
let res = execute! (
& conn ,
" DELETE FROM communities WHERE owner = $1 " ,
& [ & ( id as isize ) ]
) ;
if let Err ( e ) = res {
return Err ( Error ::DatabaseError ( e . to_string ( ) ) ) ;
}
// delete memberships
// member counts will remain the same... but that should probably be changed
let res = execute! (
& conn ,
" DELETE FROM memberships WHERE owner = $1 " ,
& [ & ( id as isize ) ]
) ;
if let Err ( e ) = res {
return Err ( Error ::DatabaseError ( e . to_string ( ) ) ) ;
}
// delete notifications
let res = execute! (
& conn ,
" DELETE FROM notifications WHERE owner = $1 " ,
& [ & ( id as isize ) ]
) ;
if let Err ( e ) = res {
return Err ( Error ::DatabaseError ( e . to_string ( ) ) ) ;
}
// delete reactions
// reactions counts will remain the same :)
let res = execute! (
& conn ,
" DELETE FROM reactions WHERE owner = $1 " ,
& [ & ( id as isize ) ]
) ;
if let Err ( e ) = res {
return Err ( Error ::DatabaseError ( e . to_string ( ) ) ) ;
}
// delete posts
let res = execute! (
& conn ,
" DELETE FROM posts WHERE owner = $1 " ,
& [ & ( id as isize ) ]
) ;
if let Err ( e ) = res {
return Err ( Error ::DatabaseError ( e . to_string ( ) ) ) ;
}
// remove images
let avatar = PathBufD ::current ( ) . extend ( & [
self . 0. dirs . media . as_str ( ) ,
" avatars " ,
& format! ( " {} .avif " , & user . id ) ,
] ) ;
let banner = PathBufD ::current ( ) . extend ( & [
self . 0. dirs . media . as_str ( ) ,
" banners " ,
& format! ( " {} .avif " , & user . id ) ,
] ) ;
if exists ( & avatar ) . unwrap ( ) {
remove_file ( avatar ) . unwrap ( ) ;
}
if exists ( & banner ) . unwrap ( ) {
remove_file ( banner ) . unwrap ( ) ;
}
// ...
2025-03-22 22:17:47 -04:00
Ok ( ( ) )
}
2025-03-26 21:46:21 -04:00
pub async fn update_user_verified_status ( & self , id : usize , x : bool , user : User ) -> Result < ( ) > {
if ! user . permissions . check ( FinePermission ::MANAGE_VERIFIED ) {
return Err ( Error ::NotAllowed ) ;
}
2025-04-01 16:12:13 -04:00
let other_user = self . get_user_by_id ( id ) . await ? ;
2025-03-26 21:46:21 -04:00
let conn = match self . connect ( ) . await {
Ok ( c ) = > c ,
Err ( e ) = > return Err ( Error ::DatabaseConnection ( e . to_string ( ) ) ) ,
} ;
let res = execute! (
& conn ,
2025-04-01 16:12:13 -04:00
" UPDATE users SET verified = $1 WHERE id = $2 " ,
2025-03-26 21:46:21 -04:00
& [
& ( if x { 1 } else { 0 } ) . to_string ( ) . as_str ( ) ,
2025-03-31 11:45:34 -04:00
& id . to_string ( ) . as_str ( )
2025-03-26 21:46:21 -04:00
]
) ;
if let Err ( e ) = res {
return Err ( Error ::DatabaseError ( e . to_string ( ) ) ) ;
}
2025-04-01 16:12:13 -04:00
self . cache_clear_user ( & other_user ) . await ;
2025-03-26 21:46:21 -04:00
2025-04-02 11:39:51 -04:00
// create audit log entry
self . create_audit_log_entry ( AuditLogEntry ::new (
user . id ,
format! (
" invoked `update_user_verified_status` with x value `{}` and y value `{}` " ,
other_user . id , x
) ,
) )
. await ? ;
// ...
2025-03-26 21:46:21 -04:00
Ok ( ( ) )
}
2025-03-31 11:45:34 -04:00
pub async fn update_user_password (
& self ,
id : usize ,
from : String ,
to : String ,
user : User ,
force : bool ,
) -> Result < ( ) > {
// verify password
if ( hash_salted ( from . clone ( ) , user . salt . clone ( ) ) ! = user . password ) & & ! force {
return Err ( Error ::MiscError ( " Password does not match " . to_string ( ) ) ) ;
}
// ...
let conn = match self . connect ( ) . await {
Ok ( c ) = > c ,
Err ( e ) = > return Err ( Error ::DatabaseConnection ( e . to_string ( ) ) ) ,
} ;
let new_salt = salt ( ) ;
let new_password = hash_salted ( to , new_salt . clone ( ) ) ;
let res = execute! (
& conn ,
" UPDATE users SET password = $1, salt = $2 WHERE id = $3 " ,
& [
& new_password . as_str ( ) ,
& new_salt . as_str ( ) ,
& id . to_string ( ) . as_str ( )
]
) ;
if let Err ( e ) = res {
return Err ( Error ::DatabaseError ( e . to_string ( ) ) ) ;
}
self . cache_clear_user ( & user ) . await ;
Ok ( ( ) )
}
pub async fn update_user_username ( & self , id : usize , to : String , user : User ) -> Result < ( ) > {
let conn = match self . connect ( ) . await {
Ok ( c ) = > c ,
Err ( e ) = > return Err ( Error ::DatabaseConnection ( e . to_string ( ) ) ) ,
} ;
let res = execute! (
& conn ,
" UPDATE users SET username = $1 WHERE id = $3 " ,
& [ & to . as_str ( ) , & id . to_string ( ) . as_str ( ) ]
) ;
if let Err ( e ) = res {
return Err ( Error ::DatabaseError ( e . to_string ( ) ) ) ;
}
self . cache_clear_user ( & user ) . await ;
Ok ( ( ) )
}
2025-04-02 11:39:51 -04:00
pub async fn update_user_role (
& self ,
id : usize ,
role : FinePermission ,
user : User ,
) -> Result < ( ) > {
// check permission
if ! user . permissions . check ( FinePermission ::MANAGE_USERS ) {
return Err ( Error ::NotAllowed ) ;
}
let other_user = self . get_user_by_id ( id ) . await ? ;
if other_user . permissions . check_manager ( ) & & ! user . permissions . check_admin ( ) {
return Err ( Error ::MiscError (
" Cannot manage the role of other managers " . to_string ( ) ,
) ) ;
}
if other_user . permissions = = user . permissions {
return Err ( Error ::MiscError (
" Cannot manage users of equal level to you " . to_string ( ) ,
) ) ;
}
// ...
let conn = match self . connect ( ) . await {
Ok ( c ) = > c ,
Err ( e ) = > return Err ( Error ::DatabaseConnection ( e . to_string ( ) ) ) ,
} ;
let res = execute! (
& conn ,
" UPDATE users SET permissions = $1 WHERE id = $2 " ,
& [
& ( role . bits ( ) ) . to_string ( ) . as_str ( ) ,
& id . to_string ( ) . as_str ( )
]
) ;
if let Err ( e ) = res {
return Err ( Error ::DatabaseError ( e . to_string ( ) ) ) ;
}
self . cache_clear_user ( & other_user ) . await ;
// create audit log entry
self . create_audit_log_entry ( AuditLogEntry ::new (
user . id ,
format! (
" invoked `update_user_role` with x value `{}` and y value `{}` " ,
other_user . id ,
role . bits ( )
) ,
) )
. await ? ;
// ...
Ok ( ( ) )
}
2025-03-31 11:45:34 -04:00
pub async fn cache_clear_user ( & self , user : & User ) {
self . 2. remove ( format! ( " atto.user: {} " , user . id ) ) . await ;
self . 2. remove ( format! ( " atto.user: {} " , user . username ) ) . await ;
}
auto_method! ( update_user_tokens ( Vec < Token > ) @ get_user_by_id -> " UPDATE users SET tokens = $1 WHERE id = $2 " - - serde - - cache - key - tmpl = cache_clear_user ) ;
auto_method! ( update_user_settings ( UserSettings ) @ get_user_by_id -> " UPDATE users SET settings = $1 WHERE id = $2 " - - serde - - cache - key - tmpl = cache_clear_user ) ;
2025-03-25 18:18:33 -04:00
2025-03-31 11:45:34 -04:00
auto_method! ( incr_user_notifications ( ) @ get_user_by_id -> " UPDATE users SET notification_count = notification_count + 1 WHERE id = $1 " - - cache - key - tmpl = cache_clear_user - - incr ) ;
auto_method! ( decr_user_notifications ( ) @ get_user_by_id -> " UPDATE users SET notification_count = notification_count - 1 WHERE id = $1 " - - cache - key - tmpl = cache_clear_user - - decr ) ;
2025-03-25 21:19:55 -04:00
2025-03-31 11:45:34 -04:00
auto_method! ( incr_user_follower_count ( ) @ get_user_by_id -> " UPDATE users SET follower_count = follower_count + 1 WHERE id = $1 " - - cache - key - tmpl = cache_clear_user - - incr ) ;
auto_method! ( decr_user_follower_count ( ) @ get_user_by_id -> " UPDATE users SET follower_count = follower_count - 1 WHERE id = $1 " - - cache - key - tmpl = cache_clear_user - - decr ) ;
2025-03-25 21:19:55 -04:00
2025-03-31 11:45:34 -04:00
auto_method! ( incr_user_following_count ( ) @ get_user_by_id -> " UPDATE users SET following_count = following_count + 1 WHERE id = $1 " - - cache - key - tmpl = cache_clear_user - - incr ) ;
auto_method! ( decr_user_following_count ( ) @ get_user_by_id -> " UPDATE users SET following_count = following_count - 1 WHERE id = $1 " - - cache - key - tmpl = cache_clear_user - - decr ) ;
2025-03-22 22:17:47 -04:00
}
