pronounss/backend/routes/auth/undelete.go

package auth

import (
	"context"
	"crypto/rand"
	"encoding/base64"
	"net/http"

	"codeberg.org/pronounscc/pronouns.cc/backend/log"
	"codeberg.org/pronounscc/pronouns.cc/backend/server"
	"emperror.dev/errors"
	"github.com/go-chi/render"
	"github.com/mediocregopher/radix/v4"
	"github.com/rs/xid"
)

func (s *Server) cancelDelete(w http.ResponseWriter, r *http.Request) error {
	ctx := r.Context()
	token := r.Header.Get("X-Delete-Token")
	if token == "" {
		return server.APIError{Code: server.ErrForbidden}
	}

	id, err := s.getUndeleteToken(ctx, token)
	if err != nil {
		log.Errorf("getting undelete token: %v", err)
		return server.APIError{Code: server.ErrNotFound} // assume invalid token
	}

	// only self deleted users can undelete themselves
	u, err := s.DB.User(ctx, id)
	if err != nil {
		log.Errorf("getting user: %v", err)
		return errors.Wrap(err, "getting user")
	}
	if !*u.SelfDelete {
		return server.APIError{Code: server.ErrForbidden}
	}

	err = s.DB.UndoDeleteUser(ctx, id)
	if err != nil {
		log.Errorf("executing undelete query: %v", err)
	}

	render.NoContent(w, r)
	return nil
}

func undeleteToken() string {
	b := make([]byte, 32)

	_, err := rand.Read(b)
	if err != nil {
		panic(err)
	}

	return base64.RawURLEncoding.EncodeToString(b)
}

func (s *Server) saveUndeleteToken(ctx context.Context, userID xid.ID, token string) error {
	err := s.DB.Redis.Do(ctx, radix.Cmd(nil, "SET", "undelete:"+token, userID.String(), "EX", "3600"))
	if err != nil {
		return errors.Wrap(err, "setting undelete key")
	}
	return nil
}

func (s *Server) getUndeleteToken(ctx context.Context, token string) (userID xid.ID, err error) {
	var idString string
	err = s.DB.Redis.Do(ctx, radix.Cmd(&idString, "GET", "undelete:"+token))
	if err != nil {
		return userID, errors.Wrap(err, "getting undelete key")
	}

	userID, err = xid.FromString(idString)
	if err != nil {
		return userID, errors.Wrap(err, "parsing ID")
	}

	err = s.DB.Redis.Do(ctx, radix.Cmd(nil, "DEL", "undelete:"+token))
	if err != nil {
		return userID, errors.Wrap(err, "deleting undelete key")
	}
	return userID, nil
}

func (s *Server) forceDelete(w http.ResponseWriter, r *http.Request) error {
	ctx := r.Context()
	token := r.Header.Get("X-Delete-Token")
	if token == "" {
		return server.APIError{Code: server.ErrForbidden}
	}

	id, err := s.getUndeleteToken(ctx, token)
	if err != nil {
		log.Errorf("getting delete token: %v", err)
		return server.APIError{Code: server.ErrNotFound} // assume invalid token
	}

	err = s.DB.CleanUser(ctx, id)
	if err != nil {
		log.Errorf("cleaning user data: %v", err)
		return errors.Wrap(err, "cleaning user")
	}

	err = s.DB.ForceDeleteUser(ctx, id)
	if err != nil {
		log.Errorf("force deleting user: %v", err)
		return errors.Wrap(err, "deleting user")
	}

	render.NoContent(w, r)
	return nil
}
feat: cancel user deletion 2023-03-14 16:16:07 +01:00			`package auth`

			`import (`
			`"context"`
			`"crypto/rand"`
			`"encoding/base64"`
			`"net/http"`

change import url 2023-06-03 16:18:47 +02:00			`"codeberg.org/pronounscc/pronouns.cc/backend/log"`
			`"codeberg.org/pronounscc/pronouns.cc/backend/server"`
feat: cancel user deletion 2023-03-14 16:16:07 +01:00			`"emperror.dev/errors"`
			`"github.com/go-chi/render"`
			`"github.com/mediocregopher/radix/v4"`
			`"github.com/rs/xid"`
			`)`

			`func (s Server) cancelDelete(w http.ResponseWriter, r http.Request) error {`
			`ctx := r.Context()`
			`token := r.Header.Get("X-Delete-Token")`
			`if token == "" {`
			`return server.APIError{Code: server.ErrForbidden}`
			`}`

			`id, err := s.getUndeleteToken(ctx, token)`
			`if err != nil {`
			`log.Errorf("getting undelete token: %v", err)`
			`return server.APIError{Code: server.ErrNotFound} // assume invalid token`
			`}`

feat: add mod action notice to login page 2023-03-23 15:40:33 +01:00			`// only self deleted users can undelete themselves`
			`u, err := s.DB.User(ctx, id)`
			`if err != nil {`
			`log.Errorf("getting user: %v", err)`
			`return errors.Wrap(err, "getting user")`
			`}`
			`if !*u.SelfDelete {`
			`return server.APIError{Code: server.ErrForbidden}`
			`}`

feat: cancel user deletion 2023-03-14 16:16:07 +01:00			`err = s.DB.UndoDeleteUser(ctx, id)`
			`if err != nil {`
			`log.Errorf("executing undelete query: %v", err)`
			`}`

feat(!): return 204 instead of useless json responses, add fastFetch 2023-03-30 16:05:40 +02:00			`render.NoContent(w, r)`
feat: cancel user deletion 2023-03-14 16:16:07 +01:00			`return nil`
			`}`

			`func undeleteToken() string {`
			`b := make([]byte, 32)`

			`_, err := rand.Read(b)`
			`if err != nil {`
			`panic(err)`
			`}`

			`return base64.RawURLEncoding.EncodeToString(b)`
			`}`

			`func (s *Server) saveUndeleteToken(ctx context.Context, userID xid.ID, token string) error {`
			`err := s.DB.Redis.Do(ctx, radix.Cmd(nil, "SET", "undelete:"+token, userID.String(), "EX", "3600"))`
			`if err != nil {`
			`return errors.Wrap(err, "setting undelete key")`
			`}`
			`return nil`
			`}`

			`func (s *Server) getUndeleteToken(ctx context.Context, token string) (userID xid.ID, err error) {`
			`var idString string`
fix(backend): don't use redis GETDEL 2023-04-20 01:30:33 +02:00			`err = s.DB.Redis.Do(ctx, radix.Cmd(&idString, "GET", "undelete:"+token))`
feat: cancel user deletion 2023-03-14 16:16:07 +01:00			`if err != nil {`
			`return userID, errors.Wrap(err, "getting undelete key")`
			`}`

			`userID, err = xid.FromString(idString)`
			`if err != nil {`
			`return userID, errors.Wrap(err, "parsing ID")`
			`}`
fix(backend): don't use redis GETDEL 2023-04-20 01:30:33 +02:00
			`err = s.DB.Redis.Do(ctx, radix.Cmd(nil, "DEL", "undelete:"+token))`
			`if err != nil {`
			`return userID, errors.Wrap(err, "deleting undelete key")`
			`}`
feat: cancel user deletion 2023-03-14 16:16:07 +01:00			`return userID, nil`
			`}`
feat(backend): add force delete endpoint 2023-03-20 15:04:32 +01:00
			`func (s Server) forceDelete(w http.ResponseWriter, r http.Request) error {`
			`ctx := r.Context()`
			`token := r.Header.Get("X-Delete-Token")`
			`if token == "" {`
			`return server.APIError{Code: server.ErrForbidden}`
			`}`

			`id, err := s.getUndeleteToken(ctx, token)`
			`if err != nil {`
			`log.Errorf("getting delete token: %v", err)`
			`return server.APIError{Code: server.ErrNotFound} // assume invalid token`
			`}`

feat: backend for warnings, partial frontend for reports 2023-03-23 14:54:43 +01:00			`err = s.DB.CleanUser(ctx, id)`
feat(backend): add force delete endpoint 2023-03-20 15:04:32 +01:00			`if err != nil {`
feat: backend for warnings, partial frontend for reports 2023-03-23 14:54:43 +01:00			`log.Errorf("cleaning user data: %v", err)`
			`return errors.Wrap(err, "cleaning user")`
feat(backend): add force delete endpoint 2023-03-20 15:04:32 +01:00			`}`

feat: backend for warnings, partial frontend for reports 2023-03-23 14:54:43 +01:00			`err = s.DB.ForceDeleteUser(ctx, id)`
feat(backend): add force delete endpoint 2023-03-20 15:04:32 +01:00			`if err != nil {`
			`log.Errorf("force deleting user: %v", err)`
			`return errors.Wrap(err, "deleting user")`
			`}`

feat(!): return 204 instead of useless json responses, add fastFetch 2023-03-30 16:05:40 +02:00			`render.NoContent(w, r)`
feat(backend): add force delete endpoint 2023-03-20 15:04:32 +01:00			`return nil`
			`}`