add: user settings ui

2025-03-31 11:45:34 -04:00 · 2025-03-31 11:45:34 -04:00 · f3c2157dfc
commit f3c2157dfc
parent e7e9b49195
24 changed files with 1015 additions and 187 deletions
--- a/crates/app/src/routes/api/v1/auth/images.rs
+++ b/crates/app/src/routes/api/v1/auth/images.rs
@ -72,8 +72,11 @@ pub async fn avatar_request(
        }
    };

-    let path =
-        PathBufD::current().extend(&["avatars", &data.0.dirs.media, &format!("{}.avif", &user.id)]);
+    let path = PathBufD::current().extend(&[
+        data.0.dirs.media.as_str(),
+        "avatars",
+        &format!("{}.avif", &user.id),
+    ]);

    if !exists(&path).unwrap() {
        return (
@ -114,8 +117,11 @@ pub async fn banner_request(
        }
    };

-    let path =
-        PathBufD::current().extend(&["banners", &data.0.dirs.media, &format!("{}.avif", &user.id)]);
+    let path = PathBufD::current().extend(&[
+        data.0.dirs.media.as_str(),
+        "banners",
+        &format!("{}.avif", &user.id),
+    ]);

    if !exists(&path).unwrap() {
        return (
--- a/crates/app/src/routes/api/v1/auth/profile.rs
+++ b/crates/app/src/routes/api/v1/auth/profile.rs
@ -1,7 +1,7 @@
 use crate::{
    State, get_user_from_token,
    model::{ApiReturn, Error},
-    routes::api::v1::UpdateUserIsVerified,
+    routes::api::v1::{UpdateUserIsVerified, UpdateUserPassword, UpdateUserUsername},
 };
 use axum::{
    Extension, Json,
@ -59,6 +59,70 @@ pub async fn update_profile_settings_request(
    }
 }

+/// Update the password of the given user.
+pub async fn update_profile_password_request(
+    jar: CookieJar,
+    Path(id): Path<usize>,
+    Extension(data): Extension<State>,
+    Json(req): Json<UpdateUserPassword>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    if user.id != id {
+        if !user.permissions.check(FinePermission::MANAGE_USERS) {
+            return Json(Error::NotAllowed.into());
+        }
+    }
+
+    match data
+        .update_user_password(id, req.from, req.to, user, false)
+        .await
+    {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "Password updated".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
+
+pub async fn update_profile_username_request(
+    jar: CookieJar,
+    Path(id): Path<usize>,
+    Extension(data): Extension<State>,
+    Json(req): Json<UpdateUserUsername>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    if user.id != id {
+        if !user.permissions.check(FinePermission::MANAGE_USERS) {
+            return Json(Error::NotAllowed.into());
+        }
+    }
+
+    if data.get_user_by_username(&req.to).await.is_ok() {
+        return Json(Error::UsernameInUse.into());
+    }
+
+    match data.update_user_username(id, req.to, user).await {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "Username updated".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
+
 /// Update the tokens of the given user.
 pub async fn update_profile_tokens_request(
    jar: CookieJar,