add: temporary bans

2025-08-05 13:39:01 -04:00 · 2025-08-05 13:39:01 -04:00 · 155fe34c6e
commit 155fe34c6e
parent 9650c0177e
11 changed files with 132 additions and 19 deletions
--- a/crates/app/src/routes/api/v1/auth/profile.rs
+++ b/crates/app/src/routes/api/v1/auth/profile.rs
@ -4,9 +4,9 @@ use crate::{
    model::{ApiReturn, Error},
    routes::api::v1::{
        AppendAssociations, AwardAchievement, DeleteUser, DisableTotp, RefreshGrantToken,
-        UpdateSecondaryUserRole, UpdateUserAwaitingPurchase, UpdateUserBanReason,
-        UpdateUserInviteCode, UpdateUserIsDeactivated, UpdateUserIsVerified, UpdateUserPassword,
-        UpdateUserRole, UpdateUserUsername,
+        UpdateSecondaryUserRole, UpdateUserAwaitingPurchase, UpdateUserBanExpire,
+        UpdateUserBanReason, UpdateUserInviteCode, UpdateUserIsDeactivated, UpdateUserIsVerified,
+        UpdateUserPassword, UpdateUserRole, UpdateUserUsername,
    },
    State,
 };
@ -423,7 +423,7 @@ pub async fn update_user_role_request(
        None => return Json(Error::NotAllowed.into()),
    };

-    match data.update_user_role(id, req.role, user, false).await {
+    match data.update_user_role(id, req.role, &user, false).await {
        Ok(_) => Json(ApiReturn {
            ok: true,
            message: "User updated".to_string(),
@ -449,7 +449,7 @@ pub async fn update_user_secondary_role_request(
    };

    match data
-        .update_user_secondary_role(id, req.role, user, false)
+        .update_user_secondary_role(id, req.role, &user, false)
        .await
    {
        Ok(_) => Json(ApiReturn {
@ -490,6 +490,35 @@ pub async fn update_user_ban_reason_request(
    }
 }

+/// Update the ban expiration date of the given user.
+///
+/// Does not support third-party grants.
+pub async fn update_user_ban_expire_request(
+    jar: CookieJar,
+    Path(id): Path<usize>,
+    Extension(data): Extension<State>,
+    Json(req): Json<UpdateUserBanExpire>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    if !user.permissions.check(FinePermission::MANAGE_USERS) {
+        return Json(Error::NotAllowed.into());
+    }
+
+    match data.update_user_ban_expire(id, req.expire as i64).await {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "User updated".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
+
 /// Update the current user's last seen value.
 pub async fn seen_request(jar: CookieJar, Extension(data): Extension<State>) -> impl IntoResponse {
    let data = &(data.read().await).0;