pronounss/backend/db/user.go

package db

import (
	"context"
	"regexp"
	"time"

	"emperror.dev/errors"
	"github.com/bwmarrin/discordgo"
	"github.com/georgysavva/scany/pgxscan"
	"github.com/jackc/pgconn"
	"github.com/jackc/pgx/v4"
	"github.com/rs/xid"
)

type User struct {
	ID          xid.ID
	Username    string
	DisplayName *string
	Bio         *string

	Avatar *string
	Links  []string

	Names    []FieldEntry
	Pronouns []PronounEntry

	Discord         *string
	DiscordUsername *string

	MaxInvites int

	DeletedAt    *time.Time
	SelfDelete   *bool
	DeleteReason *string
}

// usernames must match this regex
var usernameRegex = regexp.MustCompile(`^[\w-.]{2,40}$`)

const (
	ErrUserNotFound = errors.Sentinel("user not found")

	ErrUsernameTaken    = errors.Sentinel("username is already taken")
	ErrInvalidUsername  = errors.Sentinel("username contains invalid characters")
	ErrUsernameTooShort = errors.Sentinel("username is too short")
	ErrUsernameTooLong  = errors.Sentinel("username is too long")
)

const (
	MaxUsernameLength    = 40
	MaxDisplayNameLength = 100
	MaxUserBioLength     = 1000
	MaxUserLinksLength   = 25
	MaxLinkLength        = 256
)

// CreateUser creates a user with the given username.
func (db *DB) CreateUser(ctx context.Context, tx pgx.Tx, username string) (u User, err error) {
	// check if the username is valid
	// if not, return an error depending on what failed
	if !usernameRegex.MatchString(username) {
		if len(username) < 2 {
			return u, ErrUsernameTooShort
		} else if len(username) > 40 {
			return u, ErrUsernameTooLong
		}

		return u, ErrInvalidUsername
	}

	sql, args, err := sq.Insert("users").Columns("id", "username").Values(xid.New(), username).Suffix("RETURNING *").ToSql()
	if err != nil {
		return u, errors.Wrap(err, "building sql")
	}

	err = pgxscan.Get(ctx, tx, &u, sql, args...)
	if err != nil {
		pge := &pgconn.PgError{}
		if errors.As(err, &pge) {
			// unique constraint violation
			if pge.Code == "23505" {
				return u, ErrUsernameTaken
			}
		}

		return u, errors.Cause(err)
	}
	return u, nil
}

// DiscordUser fetches a user by Discord user ID.
func (db *DB) DiscordUser(ctx context.Context, discordID string) (u User, err error) {
	sql, args, err := sq.Select("*").From("users").Where("discord = ?", discordID).ToSql()
	if err != nil {
		return u, errors.Wrap(err, "building sql")
	}

	err = pgxscan.Get(ctx, db, &u, sql, args...)
	if err != nil {
		if errors.Cause(err) == pgx.ErrNoRows {
			return u, ErrUserNotFound
		}

		return u, errors.Wrap(err, "executing query")
	}
	return u, nil
}

func (u *User) UpdateFromDiscord(ctx context.Context, ex Execer, du *discordgo.User) error {
	sql, args, err := sq.Update("users").
		Set("discord", du.ID).
		Set("discord_username", du.String()).
		Where("id = ?", u.ID).
		ToSql()
	if err != nil {
		return errors.Wrap(err, "building sql")
	}

	_, err = ex.Exec(ctx, sql, args...)
	if err != nil {
		return errors.Wrap(err, "executing query")
	}

	u.Discord = &du.ID
	username := du.String()
	u.DiscordUsername = &username

	return nil
}

// User gets a user by ID.
func (db *DB) User(ctx context.Context, id xid.ID) (u User, err error) {
	sql, args, err := sq.Select("*").From("users").Where("id = ?", id).ToSql()
	if err != nil {
		return u, errors.Wrap(err, "building sql")
	}

	err = pgxscan.Get(ctx, db, &u, sql, args...)
	if err != nil {
		if errors.Cause(err) == pgx.ErrNoRows {
			return u, ErrUserNotFound
		}

		return u, errors.Wrap(err, "getting user from db")
	}

	return u, nil
}

// Username gets a user by username.
func (db *DB) Username(ctx context.Context, name string) (u User, err error) {
	sql, args, err := sq.Select("*").From("users").Where("username = ?", name).ToSql()
	if err != nil {
		return u, errors.Wrap(err, "building sql")
	}

	err = pgxscan.Get(ctx, db, &u, sql, args...)
	if err != nil {
		if errors.Cause(err) == pgx.ErrNoRows {
			return u, ErrUserNotFound
		}

		return u, errors.Wrap(err, "getting user from db")
	}

	return u, nil
}

// UsernameTaken checks if the given username is already taken.
func (db *DB) UsernameTaken(ctx context.Context, username string) (valid, taken bool, err error) {
	if !usernameRegex.MatchString(username) {
		return false, false, nil
	}

	err = db.QueryRow(ctx, "select exists (select id from users where username = $1)", username).Scan(&taken)
	return true, taken, err
}

// UpdateUsername validates the given username, then updates the given user's name to it if valid.
func (db *DB) UpdateUsername(ctx context.Context, tx pgx.Tx, id xid.ID, newName string) error {
	if !usernameRegex.MatchString(newName) {
		return ErrInvalidUsername
	}

	sql, args, err := sq.Update("users").Set("username", newName).Where("id = ?", id).ToSql()
	if err != nil {
		return errors.Wrap(err, "building sql")
	}

	_, err = db.Exec(ctx, sql, args...)
	if err != nil {
		pge := &pgconn.PgError{}
		if errors.As(err, &pge) {
			// unique constraint violation
			if pge.Code == "23505" {
				return ErrUsernameTaken
			}
		}

		return errors.Wrap(err, "executing query")
	}
	return nil
}

func (db *DB) UpdateUser(
	ctx context.Context,
	tx pgx.Tx, id xid.ID,
	displayName, bio *string,
	links *[]string,
	avatar *string,
) (u User, err error) {
	if displayName == nil && bio == nil && links == nil && avatar == nil {
		sql, args, err := sq.Select("*").From("users").Where("id = ?", id).ToSql()
		if err != nil {
			return u, errors.Wrap(err, "building sql")
		}

		err = pgxscan.Get(ctx, db, &u, sql, args...)
		if err != nil {
			return u, errors.Wrap(err, "getting user from db")
		}

		return u, nil
	}

	builder := sq.Update("users").Where("id = ?", id).Suffix("RETURNING *")
	if displayName != nil {
		if *displayName == "" {
			builder = builder.Set("display_name", nil)
		} else {
			builder = builder.Set("display_name", *displayName)
		}
	}
	if bio != nil {
		if *bio == "" {
			builder = builder.Set("bio", nil)
		} else {
			builder = builder.Set("bio", *bio)
		}
	}
	if links != nil {
		builder = builder.Set("links", *links)
	}

	if avatar != nil {
		if *avatar == "" {
			builder = builder.Set("avatar", nil)
		} else {
			builder = builder.Set("avatar", avatar)
		}
	}

	sql, args, err := builder.ToSql()
	if err != nil {
		return u, errors.Wrap(err, "building sql")
	}

	err = pgxscan.Get(ctx, tx, &u, sql, args...)
	if err != nil {
		return u, errors.Wrap(err, "executing sql")
	}
	return u, nil
}

func (db *DB) DeleteUser(ctx context.Context, tx pgx.Tx, id xid.ID, selfDelete bool, reason string) error {
	builder := sq.Update("users").Set("deleted_at", time.Now().UTC()).Set("self_delete", selfDelete).Where("id = ?", id)
	if !selfDelete {
		builder = builder.Set("delete_reason", reason)
	}
	sql, args, err := builder.ToSql()
	if err != nil {
		return errors.Wrap(err, "building sql")
	}

	_, err = tx.Exec(ctx, sql, args...)
	if err != nil {
		return errors.Wrap(err, "executing query")
	}
	return nil
}
initial commit 2022-05-02 17:19:37 +02:00			`package db`

			`import (`
			`"context"`
			`"regexp"`
feat(backend): add DELETE /users/@me endpoint 2023-03-08 10:32:18 +01:00			`"time"`
initial commit 2022-05-02 17:19:37 +02:00
			`"emperror.dev/errors"`
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`"github.com/bwmarrin/discordgo"`
feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`"github.com/georgysavva/scany/pgxscan"`
initial commit 2022-05-02 17:19:37 +02:00			`"github.com/jackc/pgconn"`
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`"github.com/jackc/pgx/v4"`
initial commit 2022-05-02 17:19:37 +02:00			`"github.com/rs/xid"`
			`)`

			`type User struct {`
			`ID xid.ID`
			`Username string`
			`DisplayName *string`
			`Bio *string`

feat: hashes in avatar file names (closes #19) 2023-03-13 02:04:09 +01:00			`Avatar *string`
			`Links []string`
initial commit 2022-05-02 17:19:37 +02:00
feat: read/write improved names/pronouns for users, read/write improved fields/names/pronouns for members 2023-01-31 00:50:17 +01:00			`Names []FieldEntry`
			`Pronouns []PronounEntry`
feat: read/write improved fields for users, read improved names/pronouns for users 2023-01-14 17:33:18 +01:00
add recoil store 2022-05-05 16:33:44 +02:00			`Discord *string`
			`DiscordUsername *string`
feat: add invites to backend 2022-11-18 15:27:52 +01:00
			`MaxInvites int`
feat(backend): add DELETE /users/@me endpoint 2023-03-08 10:32:18 +01:00
			`DeletedAt *time.Time`
			`SelfDelete *bool`
			`DeleteReason *string`
initial commit 2022-05-02 17:19:37 +02:00			`}`

			`// usernames must match this regex`
feat(api): add PATCH /users/@me/fields, finish POST /auth/discord/callback 2022-05-17 22:35:26 +02:00			var usernameRegex = regexp.MustCompile(`^[\w-.]{2,40}$`)
initial commit 2022-05-02 17:19:37 +02:00
			`const (`
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`ErrUserNotFound = errors.Sentinel("user not found")`
initial commit 2022-05-02 17:19:37 +02:00
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`ErrUsernameTaken = errors.Sentinel("username is already taken")`
initial commit 2022-05-02 17:19:37 +02:00			`ErrInvalidUsername = errors.Sentinel("username contains invalid characters")`
			`ErrUsernameTooShort = errors.Sentinel("username is too short")`
			`ErrUsernameTooLong = errors.Sentinel("username is too long")`
			`)`

feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 14:54:15 +02:00			`const (`
			`MaxUsernameLength = 40`
			`MaxDisplayNameLength = 100`
			`MaxUserBioLength = 1000`
			`MaxUserLinksLength = 25`
			`MaxLinkLength = 256`
			`)`

initial commit 2022-05-02 17:19:37 +02:00			`// CreateUser creates a user with the given username.`
feat: get signup via discord working 2022-11-18 02:17:27 +01:00			`func (db *DB) CreateUser(ctx context.Context, tx pgx.Tx, username string) (u User, err error) {`
initial commit 2022-05-02 17:19:37 +02:00			`// check if the username is valid`
			`// if not, return an error depending on what failed`
			`if !usernameRegex.MatchString(username) {`
			`if len(username) < 2 {`
			`return u, ErrUsernameTooShort`
			`} else if len(username) > 40 {`
			`return u, ErrUsernameTooLong`
			`}`

			`return u, ErrInvalidUsername`
			`}`

feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`sql, args, err := sq.Insert("users").Columns("id", "username").Values(xid.New(), username).Suffix("RETURNING *").ToSql()`
initial commit 2022-05-02 17:19:37 +02:00			`if err != nil {`
			`return u, errors.Wrap(err, "building sql")`
			`}`

feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`err = pgxscan.Get(ctx, tx, &u, sql, args...)`
initial commit 2022-05-02 17:19:37 +02:00			`if err != nil {`
fix(backend): fix sql errors in CreateUser and User.UpdateFromDiscord 2023-02-25 22:16:22 +01:00			`pge := &pgconn.PgError{}`
			`if errors.As(err, &pge) {`
			`// unique constraint violation`
			`if pge.Code == "23505" {`
initial commit 2022-05-02 17:19:37 +02:00			`return u, ErrUsernameTaken`
			`}`
			`}`

			`return u, errors.Cause(err)`
			`}`
feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`return u, nil`
initial commit 2022-05-02 17:19:37 +02:00			`}`
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00
			`// DiscordUser fetches a user by Discord user ID.`
			`func (db *DB) DiscordUser(ctx context.Context, discordID string) (u User, err error) {`
feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`sql, args, err := sq.Select("*").From("users").Where("discord = ?", discordID).ToSql()`
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`if err != nil {`
			`return u, errors.Wrap(err, "building sql")`
			`}`

feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`err = pgxscan.Get(ctx, db, &u, sql, args...)`
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`if err != nil {`
fix: make discord login work if no user exists 2023-03-11 16:49:07 +01:00			`if errors.Cause(err) == pgx.ErrNoRows {`
			`return u, ErrUserNotFound`
			`}`

feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`return u, errors.Wrap(err, "executing query")`
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`}`
feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`return u, nil`
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`}`

feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`func (u User) UpdateFromDiscord(ctx context.Context, ex Execer, du discordgo.User) error {`
fix(backend): fix sql errors in CreateUser and User.UpdateFromDiscord 2023-02-25 22:16:22 +01:00			`sql, args, err := sq.Update("users").`
fix: save discord ID in db, add HTTP status to new error codes 2022-11-18 02:26:40 +01:00			`Set("discord", du.ID).`
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`Set("discord_username", du.String()).`
			`Where("id = ?", u.ID).`
fix(backend): fix sql errors in CreateUser and User.UpdateFromDiscord 2023-02-25 22:16:22 +01:00			`ToSql()`
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`if err != nil {`
			`return errors.Wrap(err, "building sql")`
			`}`

feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`_, err = ex.Exec(ctx, sql, args...)`
fix(backend): fix sql errors in CreateUser and User.UpdateFromDiscord 2023-02-25 22:16:22 +01:00			`if err != nil {`
			`return errors.Wrap(err, "executing query")`
			`}`

			`u.Discord = &du.ID`
			`username := du.String()`
			`u.DiscordUsername = &username`

			`return nil`
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`}`

feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`// User gets a user by ID.`
			`func (db *DB) User(ctx context.Context, id xid.ID) (u User, err error) {`
			`sql, args, err := sq.Select("*").From("users").Where("id = ?", id).ToSql()`
			`if err != nil {`
			`return u, errors.Wrap(err, "building sql")`
			`}`

			`err = pgxscan.Get(ctx, db, &u, sql, args...)`
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`if err != nil {`
			`if errors.Cause(err) == pgx.ErrNoRows {`
			`return u, ErrUserNotFound`
			`}`

feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`return u, errors.Wrap(err, "getting user from db")`
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`}`

			`return u, nil`
			`}`

			`// Username gets a user by username.`
			`func (db *DB) Username(ctx context.Context, name string) (u User, err error) {`
feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`sql, args, err := sq.Select("*").From("users").Where("username = ?", name).ToSql()`
			`if err != nil {`
			`return u, errors.Wrap(err, "building sql")`
			`}`

			`err = pgxscan.Get(ctx, db, &u, sql, args...)`
add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`if err != nil {`
			`if errors.Cause(err) == pgx.ErrNoRows {`
			`return u, ErrUserNotFound`
			`}`

feat: read/write improved fields for users, read improved names/pronouns for users 2023-01-14 17:33:18 +01:00			`return u, errors.Wrap(err, "getting user from db")`
			`}`

add frontend template + GET /users/{userRef} route 2022-05-04 16:27:16 +02:00			`return u, nil`
			`}`
feat(api): add PATCH /users/@me/fields, finish POST /auth/discord/callback 2022-05-17 22:35:26 +02:00
			`// UsernameTaken checks if the given username is already taken.`
			`func (db *DB) UsernameTaken(ctx context.Context, username string) (valid, taken bool, err error) {`
			`if !usernameRegex.MatchString(username) {`
			`return false, false, nil`
			`}`

			`err = db.QueryRow(ctx, "select exists (select id from users where username = $1)", username).Scan(&taken)`
			`return true, taken, err`
			`}`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 14:54:15 +02:00
feat(backend): allow changing username in PATCH /users/@me 2022-12-23 01:31:43 +01:00			`// UpdateUsername validates the given username, then updates the given user's name to it if valid.`
			`func (db *DB) UpdateUsername(ctx context.Context, tx pgx.Tx, id xid.ID, newName string) error {`
			`if !usernameRegex.MatchString(newName) {`
			`return ErrInvalidUsername`
			`}`

			`sql, args, err := sq.Update("users").Set("username", newName).Where("id = ?", id).ToSql()`
			`if err != nil {`
			`return errors.Wrap(err, "building sql")`
			`}`

			`_, err = db.Exec(ctx, sql, args...)`
			`if err != nil {`
			`pge := &pgconn.PgError{}`
			`if errors.As(err, &pge) {`
			`// unique constraint violation`
			`if pge.Code == "23505" {`
			`return ErrUsernameTaken`
			`}`
			`}`

			`return errors.Wrap(err, "executing query")`
			`}`
			`return nil`
			`}`

feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 14:54:15 +02:00			`func (db *DB) UpdateUser(`
			`ctx context.Context,`
			`tx pgx.Tx, id xid.ID,`
			`displayName, bio *string,`
			`links *[]string,`
feat: hashes in avatar file names (closes #19) 2023-03-13 02:04:09 +01:00			`avatar *string,`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 14:54:15 +02:00			`) (u User, err error) {`
feat: hashes in avatar file names (closes #19) 2023-03-13 02:04:09 +01:00			`if displayName == nil && bio == nil && links == nil && avatar == nil {`
feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`sql, args, err := sq.Select("*").From("users").Where("id = ?", id).ToSql()`
			`if err != nil {`
			`return u, errors.Wrap(err, "building sql")`
			`}`

			`err = pgxscan.Get(ctx, db, &u, sql, args...)`
			`if err != nil {`
			`return u, errors.Wrap(err, "getting user from db")`
			`}`

			`return u, nil`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 14:54:15 +02:00			`}`

feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`builder := sq.Update("users").Where("id = ?", id).Suffix("RETURNING *")`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 14:54:15 +02:00			`if displayName != nil {`
			`if *displayName == "" {`
			`builder = builder.Set("display_name", nil)`
			`} else {`
			`builder = builder.Set("display_name", *displayName)`
			`}`
			`}`
			`if bio != nil {`
			`if *bio == "" {`
			`builder = builder.Set("bio", nil)`
			`} else {`
			`builder = builder.Set("bio", *bio)`
			`}`
			`}`
			`if links != nil {`
feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`builder = builder.Set("links", *links)`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 14:54:15 +02:00			`}`

feat: hashes in avatar file names (closes #19) 2023-03-13 02:04:09 +01:00			`if avatar != nil {`
			`if *avatar == "" {`
			`builder = builder.Set("avatar", nil)`
			`} else {`
			`builder = builder.Set("avatar", avatar)`
			`}`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 12:55:00 +02:00			`}`

feat: read/write improved names/pronouns for users, read/write improved fields/names/pronouns for members 2023-01-31 00:50:17 +01:00			`sql, args, err := builder.ToSql()`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 14:54:15 +02:00			`if err != nil {`
			`return u, errors.Wrap(err, "building sql")`
			`}`

feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`err = pgxscan.Get(ctx, tx, &u, sql, args...)`
feat(api): add PATCH /users/@me, remove PATCH /users/@me/fields 2022-06-16 14:54:15 +02:00			`if err != nil {`
			`return u, errors.Wrap(err, "executing sql")`
			`}`
			`return u, nil`
			`}`
feat(backend): add DELETE /users/@me endpoint 2023-03-08 10:32:18 +01:00
feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`func (db *DB) DeleteUser(ctx context.Context, tx pgx.Tx, id xid.ID, selfDelete bool, reason string) error {`
feat(backend): add DELETE /users/@me endpoint 2023-03-08 10:32:18 +01:00			`builder := sq.Update("users").Set("deleted_at", time.Now().UTC()).Set("self_delete", selfDelete).Where("id = ?", id)`
			`if !selfDelete {`
			`builder = builder.Set("delete_reason", reason)`
			`}`
			`sql, args, err := builder.ToSql()`
			`if err != nil {`
			`return errors.Wrap(err, "building sql")`
			`}`

feat(backend): use jsonb instead of composite type arrays 2023-03-12 01:31:10 +01:00			`_, err = tx.Exec(ctx, sql, args...)`
feat(backend): add DELETE /users/@me endpoint 2023-03-08 10:32:18 +01:00			`if err != nil {`
			`return errors.Wrap(err, "executing query")`
			`}`
			`return nil`
			`}`