add: user settings ui

crates/app/src/routes/api/v1/auth/images.rs

@@ -72,8 +72,11 @@ pub async fn avatar_request(
         }
     };
 
-    let path =
-        PathBufD::current().extend(&["avatars", &data.0.dirs.media, &format!("{}.avif", &user.id)]);
+    let path = PathBufD::current().extend(&[
+        data.0.dirs.media.as_str(),
+        "avatars",
+        &format!("{}.avif", &user.id),
+    ]);
 
     if !exists(&path).unwrap() {
         return (
@@ -114,8 +117,11 @@ pub async fn banner_request(
         }
     };
 
-    let path =
-        PathBufD::current().extend(&["banners", &data.0.dirs.media, &format!("{}.avif", &user.id)]);
+    let path = PathBufD::current().extend(&[
+        data.0.dirs.media.as_str(),
+        "banners",
+        &format!("{}.avif", &user.id),
+    ]);
 
     if !exists(&path).unwrap() {
         return (

crates/app/src/routes/api/v1/auth/profile.rs

@@ -1,7 +1,7 @@
 use crate::{
     State, get_user_from_token,
     model::{ApiReturn, Error},
-    routes::api::v1::UpdateUserIsVerified,
+    routes::api::v1::{UpdateUserIsVerified, UpdateUserPassword, UpdateUserUsername},
 };
 use axum::{
     Extension, Json,
@@ -59,6 +59,70 @@ pub async fn update_profile_settings_request(
     }
 }
 
+/// Update the password of the given user.
+pub async fn update_profile_password_request(
+    jar: CookieJar,
+    Path(id): Path<usize>,
+    Extension(data): Extension<State>,
+    Json(req): Json<UpdateUserPassword>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    if user.id != id {
+        if !user.permissions.check(FinePermission::MANAGE_USERS) {
+            return Json(Error::NotAllowed.into());
+        }
+    }
+
+    match data
+        .update_user_password(id, req.from, req.to, user, false)
+        .await
+    {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "Password updated".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
+
+pub async fn update_profile_username_request(
+    jar: CookieJar,
+    Path(id): Path<usize>,
+    Extension(data): Extension<State>,
+    Json(req): Json<UpdateUserUsername>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    if user.id != id {
+        if !user.permissions.check(FinePermission::MANAGE_USERS) {
+            return Json(Error::NotAllowed.into());
+        }
+    }
+
+    if data.get_user_by_username(&req.to).await.is_ok() {
+        return Json(Error::UsernameInUse.into());
+    }
+
+    match data.update_user_username(id, req.to, user).await {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "Username updated".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
+
 /// Update the tokens of the given user.
 pub async fn update_profile_tokens_request(
     jar: CookieJar,

crates/app/src/routes/api/v1/communities/images.rs

@@ -34,8 +34,8 @@ pub async fn avatar_request(
     };
 
     let path = PathBufD::current().extend(&[
+        data.0.dirs.media.as_str(),
         "community_avatars",
-        &data.0.dirs.media,
         &format!("{}.avif", &community.id),
     ]);
 
@@ -79,8 +79,8 @@ pub async fn banner_request(
     };
 
     let path = PathBufD::current().extend(&[
+        data.0.dirs.media.as_str(),
         "community_banners",
-        &data.0.dirs.media,
         &format!("{}.avif", &community.id),
     ]);
 
@@ -132,7 +132,7 @@ pub async fn upload_avatar_request(
     let path = pathd!(
         "{}/community_avatars/{}.avif",
         data.0.dirs.media,
-        &auth_user.id
+        &community.id
     );
 
     // check file size
@@ -188,7 +188,7 @@ pub async fn upload_banner_request(
     let path = pathd!(
         "{}/community_banners/{}.avif",
         data.0.dirs.media,
-        &auth_user.id
+        &community.id
     );
 
     // check file size

crates/app/src/routes/api/v1/mod.rs

@@ -109,6 +109,14 @@ pub fn routes() -> Router {
             "/auth/profile/{id}/settings",
             post(auth::profile::update_profile_settings_request),
         )
+        .route(
+            "/auth/profile/{id}/password",
+            post(auth::profile::update_profile_password_request),
+        )
+        .route(
+            "/auth/profile/{id}/username",
+            post(auth::profile::update_profile_username_request),
+        )
         .route(
             "/auth/profile/{id}/tokens",
             post(auth::profile::update_profile_tokens_request),
@@ -189,6 +197,17 @@ pub struct CreateReaction {
     pub is_like: bool,
 }
 
+#[derive(Deserialize)]
+pub struct UpdateUserPassword {
+    pub from: String,
+    pub to: String,
+}
+
+#[derive(Deserialize)]
+pub struct UpdateUserUsername {
+    pub to: String,
+}
+
 #[derive(Deserialize)]
 pub struct UpdateUserIsVerified {
     pub is_verified: bool,

crates/app/src/routes/pages/communities.rs

@@ -80,15 +80,6 @@ pub fn community_context(
     context.insert("community", &community);
     context.insert("is_owner", &is_owner);
     context.insert("is_joined", &is_joined);
-
-    if is_owner {
-        context.insert(
-            "community_context_serde",
-            &serde_json::to_string(&community.context)
-                .unwrap()
-                .replace("\"", "\\\""),
-        );
-    }
 }
 
 /// `/community/{title}`
@@ -152,6 +143,53 @@ pub async fn feed_request(
     ))
 }
 
+/// `/community/{title}/manage`
+pub async fn settings_request(
+    jar: CookieJar,
+    Path(title): Path<String>,
+    Extension(data): Extension<State>,
+) -> impl IntoResponse {
+    let data = data.read().await;
+    let user = match get_user_from_token!(jar, data.0) {
+        Some(ua) => ua,
+        None => {
+            return Err(Html(
+                render_error(Error::NotAllowed, &jar, &data, &None).await,
+            ));
+        }
+    };
+
+    let community = match data.0.get_community_by_title(&title.to_lowercase()).await {
+        Ok(ua) => ua,
+        Err(e) => return Err(Html(render_error(e, &jar, &data, &Some(user)).await)),
+    };
+
+    if user.id != community.owner {
+        return Err(Html(
+            render_error(Error::NotAllowed, &jar, &data, &None).await,
+        ));
+    }
+
+    // init context
+    let lang = get_lang!(jar, data.0);
+    let mut context = initial_context(&data.0.0, lang, &Some(user)).await;
+
+    context.insert("community", &community);
+    context.insert(
+        "community_context_serde",
+        &serde_json::to_string(&community.context)
+            .unwrap()
+            .replace("\"", "\\\""),
+    );
+
+    // return
+    Ok(Html(
+        data.1
+            .render("communities/settings.html", &mut context)
+            .unwrap(),
+    ))
+}
+
 /// `/post/{id}`
 pub async fn post_request(
     jar: CookieJar,

crates/app/src/routes/pages/misc.rs

@@ -7,6 +7,20 @@ use axum::{
 use axum_extra::extract::CookieJar;
 use tetratto_core::model::Error;
 
+pub async fn not_found(jar: CookieJar, Extension(data): Extension<State>) -> impl IntoResponse {
+    let data = data.read().await;
+    let user = get_user_from_token!(jar, data.0);
+    Html(
+        render_error(
+            Error::GeneralNotFound("page".to_string()),
+            &jar,
+            &data,
+            &user,
+        )
+        .await,
+    )
+}
+
 /// `/`
 pub async fn index_request(jar: CookieJar, Extension(data): Extension<State>) -> impl IntoResponse {
     let data = data.read().await;

crates/app/src/routes/pages/mod.rs

@@ -18,14 +18,20 @@ pub fn routes() -> Router {
         // misc
         .route("/", get(misc::index_request))
         .route("/notifs", get(misc::notifications_request))
+        .fallback_service(get(misc::not_found))
         // auth
         .route("/auth/register", get(auth::register_request))
         .route("/auth/login", get(auth::login_request))
         // profile
+        .route("/settings", get(profile::settings_request))
         .route("/user/{username}", get(profile::posts_request))
         // communities
         .route("/communities", get(communities::list_request))
         .route("/community/{title}", get(communities::feed_request))
+        .route(
+            "/community/{title}/manage",
+            get(communities::settings_request),
+        )
         .route("/post/{id}", get(communities::post_request))
 }
 

crates/app/src/routes/pages/profile.rs

@@ -9,6 +9,48 @@ use axum_extra::extract::CookieJar;
 use tera::Context;
 use tetratto_core::model::{Error, auth::User, communities::Community};
 
+/// `/settings`
+pub async fn settings_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+) -> impl IntoResponse {
+    let data = data.read().await;
+    let user = match get_user_from_token!(jar, data.0) {
+        Some(ua) => ua,
+        None => {
+            return Err(Html(
+                render_error(Error::NotAllowed, &jar, &data, &None).await,
+            ));
+        }
+    };
+
+    let settings = user.settings.clone();
+    let tokens = user.tokens.clone();
+
+    let lang = get_lang!(jar, data.0);
+    let mut context = initial_context(&data.0.0, lang, &Some(user)).await;
+
+    context.insert(
+        "user_settings_serde",
+        &serde_json::to_string(&settings)
+            .unwrap()
+            .replace("\"", "\\\""),
+    );
+    context.insert(
+        "user_tokens_serde",
+        &serde_json::to_string(&tokens)
+            .unwrap()
+            .replace("\"", "\\\""),
+    );
+
+    // return
+    Ok(Html(
+        data.1
+            .render("profile/settings.html", &mut context)
+            .unwrap(),
+    ))
+}
+
 pub fn profile_context(
     context: &mut Context,
     profile: &User,