forked from mirrors/pronouns.cc
feat: GET /users/@me/flags, POST /users/@me/flags
This commit is contained in:
parent
23f79b0fec
commit
5e50d5f1e9
5 changed files with 380 additions and 1 deletions
226
backend/db/flags.go
Normal file
226
backend/db/flags.go
Normal file
|
@ -0,0 +1,226 @@
|
||||||
|
package db
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"context"
|
||||||
|
"crypto/sha256"
|
||||||
|
"encoding/base64"
|
||||||
|
"encoding/hex"
|
||||||
|
"io"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"emperror.dev/errors"
|
||||||
|
"github.com/davidbyttow/govips/v2/vips"
|
||||||
|
"github.com/georgysavva/scany/v2/pgxscan"
|
||||||
|
"github.com/jackc/pgx/v5"
|
||||||
|
"github.com/minio/minio-go/v7"
|
||||||
|
"github.com/rs/xid"
|
||||||
|
)
|
||||||
|
|
||||||
|
type PrideFlag struct {
|
||||||
|
ID xid.ID `json:"id"`
|
||||||
|
UserID xid.ID `json:"-"`
|
||||||
|
Hash string `json:"hash"`
|
||||||
|
Name string `json:"name"`
|
||||||
|
Description *string `json:"description"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type UserFlag struct {
|
||||||
|
ID int64 `json:"-"`
|
||||||
|
UserID xid.ID `json:"-"`
|
||||||
|
FlagID xid.ID `json:"id"`
|
||||||
|
|
||||||
|
Hash string `json:"hash"`
|
||||||
|
Name string `json:"name"`
|
||||||
|
Description *string `json:"description"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type MemberFlag struct {
|
||||||
|
ID int64 `json:"-"`
|
||||||
|
MemberID xid.ID `json:"-"`
|
||||||
|
FlagID xid.ID `json:"id"`
|
||||||
|
|
||||||
|
Hash string `json:"hash"`
|
||||||
|
Name string `json:"name"`
|
||||||
|
Description *string `json:"description"`
|
||||||
|
}
|
||||||
|
|
||||||
|
const (
|
||||||
|
MaxPrideFlags = 100
|
||||||
|
MaxPrideFlagTitleLength = 100
|
||||||
|
MaxPrideFlagDescLength = 200
|
||||||
|
)
|
||||||
|
|
||||||
|
func (db *DB) AccountFlags(ctx context.Context, userID xid.ID) (fs []PrideFlag, err error) {
|
||||||
|
sql, args, err := sq.Select("*").From("pride_flags").Where("user_id = ?", userID).OrderBy("id").ToSql()
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "building query")
|
||||||
|
}
|
||||||
|
|
||||||
|
err = pgxscan.Select(ctx, db, &fs, sql, args...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "executing query")
|
||||||
|
}
|
||||||
|
return NotNull(fs), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (db *DB) UserFlags(ctx context.Context, userID xid.ID) (fs []UserFlag, err error) {
|
||||||
|
sql, args, err := sq.Select("u.id", "u.flag_id", "f.user_id", "f.hash", "f.name", "f.description").
|
||||||
|
From("user_flags AS u").
|
||||||
|
Where("u.user_id = $1").
|
||||||
|
Join("pride_flags AS f ON u.flag_id = f.id").
|
||||||
|
OrderBy("u.id ASC").
|
||||||
|
ToSql()
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "building query")
|
||||||
|
}
|
||||||
|
|
||||||
|
err = pgxscan.Select(ctx, db, &fs, sql, args...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "executing query")
|
||||||
|
}
|
||||||
|
return NotNull(fs), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (db *DB) MemberFlags(ctx context.Context, userID xid.ID) (fs []MemberFlag, err error) {
|
||||||
|
sql, args, err := sq.Select("m.id", "m.flag_id", "m.member_id", "f.hash", "f.name", "f.description").
|
||||||
|
From("member_flags AS m").
|
||||||
|
Where("m.member_id = $1").
|
||||||
|
Join("pride_flags AS f ON m.flag_id = f.id").
|
||||||
|
OrderBy("m.id ASC").
|
||||||
|
ToSql()
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "building query")
|
||||||
|
}
|
||||||
|
|
||||||
|
err = pgxscan.Select(ctx, db, &fs, sql, args...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "executing query")
|
||||||
|
}
|
||||||
|
return NotNull(fs), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (db *DB) CreateFlag(ctx context.Context, tx pgx.Tx, userID xid.ID, name, desc string) (f PrideFlag, err error) {
|
||||||
|
description := &desc
|
||||||
|
if desc == "" {
|
||||||
|
description = nil
|
||||||
|
}
|
||||||
|
|
||||||
|
sql, args, err := sq.Insert("pride_flags").
|
||||||
|
SetMap(map[string]any{
|
||||||
|
"id": xid.New(),
|
||||||
|
"hash": "",
|
||||||
|
"user_id": userID.String(),
|
||||||
|
"name": name,
|
||||||
|
"description": description,
|
||||||
|
}).Suffix("RETURNING *").ToSql()
|
||||||
|
if err != nil {
|
||||||
|
return f, errors.Wrap(err, "building query")
|
||||||
|
}
|
||||||
|
|
||||||
|
err = pgxscan.Get(ctx, tx, &f, sql, args...)
|
||||||
|
if err != nil {
|
||||||
|
return f, errors.Wrap(err, "executing query")
|
||||||
|
}
|
||||||
|
return f, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (db *DB) EditFlag(ctx context.Context, tx pgx.Tx, flagID xid.ID, name, desc, hash *string) (f PrideFlag, err error) {
|
||||||
|
b := sq.Update("pride_flags").
|
||||||
|
Where("id = ?", flagID)
|
||||||
|
if name != nil {
|
||||||
|
b = b.Set("name", *name)
|
||||||
|
}
|
||||||
|
if desc != nil {
|
||||||
|
if *desc == "" {
|
||||||
|
b = b.Set("description", nil)
|
||||||
|
} else {
|
||||||
|
b = b.Set("description", *desc)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if hash != nil {
|
||||||
|
b = b.Set("hash", *hash)
|
||||||
|
}
|
||||||
|
|
||||||
|
sql, args, err := b.Suffix("RETURNING *").ToSql()
|
||||||
|
if err != nil {
|
||||||
|
return f, errors.Wrap(err, "building sql")
|
||||||
|
}
|
||||||
|
|
||||||
|
err = pgxscan.Get(ctx, tx, &f, sql, args...)
|
||||||
|
if err != nil {
|
||||||
|
return f, errors.Wrap(err, "executing query")
|
||||||
|
}
|
||||||
|
return f, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (db *DB) WriteFlag(ctx context.Context, flagID xid.ID, flag *bytes.Buffer) (hash string, err error) {
|
||||||
|
hasher := sha256.New()
|
||||||
|
_, err = hasher.Write(flag.Bytes())
|
||||||
|
if err != nil {
|
||||||
|
return "", errors.Wrap(err, "hashing flag")
|
||||||
|
}
|
||||||
|
hash = hex.EncodeToString(hasher.Sum(nil))
|
||||||
|
|
||||||
|
_, err = db.minio.PutObject(ctx, db.minioBucket, "/flags/"+hash+".webp", flag, -1, minio.PutObjectOptions{
|
||||||
|
ContentType: "image/webp",
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return "", errors.Wrap(err, "uploading flag")
|
||||||
|
}
|
||||||
|
|
||||||
|
return hash, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (db *DB) DeleteFlag(ctx context.Context, flagID xid.ID, hash string) error {
|
||||||
|
err := db.minio.RemoveObject(ctx, db.minioBucket, "/flags/"+flagID.String()+"/"+hash+".webp", minio.RemoveObjectOptions{})
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "deleting flag")
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (db *DB) FlagObject(ctx context.Context, flagID xid.ID, hash string) (io.ReadCloser, error) {
|
||||||
|
obj, err := db.minio.GetObject(ctx, db.minioBucket, "/flags/"+flagID.String()+"/"+hash+".webp", minio.GetObjectOptions{})
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "getting object")
|
||||||
|
}
|
||||||
|
return obj, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ConvertFlag parses a flag from a data URI, converts it to WebP, and returns the result.
|
||||||
|
func (db *DB) ConvertFlag(data string) (webpOut *bytes.Buffer, err error) {
|
||||||
|
defer vips.ShutdownThread()
|
||||||
|
|
||||||
|
data = strings.TrimSpace(data)
|
||||||
|
if !strings.Contains(data, ",") || !strings.Contains(data, ":") || !strings.Contains(data, ";") {
|
||||||
|
return nil, ErrInvalidDataURI
|
||||||
|
}
|
||||||
|
split := strings.Split(data, ",")
|
||||||
|
|
||||||
|
rawData, err := base64.StdEncoding.DecodeString(split[1])
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "invalid base64 data")
|
||||||
|
}
|
||||||
|
|
||||||
|
image, err := vips.LoadImageFromBuffer(rawData, nil)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "decoding image")
|
||||||
|
}
|
||||||
|
|
||||||
|
err = image.ThumbnailWithSize(256, 256, vips.InterestingNone, vips.SizeBoth)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "resizing image")
|
||||||
|
}
|
||||||
|
|
||||||
|
webpExport := vips.NewWebpExportParams()
|
||||||
|
webpExport.Lossless = true
|
||||||
|
webpB, _, err := image.ExportWebp(webpExport)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "exporting webp image")
|
||||||
|
}
|
||||||
|
webpOut = bytes.NewBuffer(webpB)
|
||||||
|
|
||||||
|
return webpOut, nil
|
||||||
|
}
|
121
backend/routes/user/flags.go
Normal file
121
backend/routes/user/flags.go
Normal file
|
@ -0,0 +1,121 @@
|
||||||
|
package user
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"codeberg.org/u1f320/pronouns.cc/backend/common"
|
||||||
|
"codeberg.org/u1f320/pronouns.cc/backend/db"
|
||||||
|
"codeberg.org/u1f320/pronouns.cc/backend/log"
|
||||||
|
"codeberg.org/u1f320/pronouns.cc/backend/server"
|
||||||
|
"emperror.dev/errors"
|
||||||
|
"github.com/go-chi/render"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (s *Server) getUserFlags(w http.ResponseWriter, r *http.Request) error {
|
||||||
|
ctx := r.Context()
|
||||||
|
claims, _ := server.ClaimsFromContext(ctx)
|
||||||
|
|
||||||
|
flags, err := s.DB.AccountFlags(ctx, claims.UserID)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrapf(err, "getting flags for account %v", claims.UserID)
|
||||||
|
}
|
||||||
|
|
||||||
|
render.JSON(w, r, flags)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type postUserFlagRequest struct {
|
||||||
|
Flag string `json:"flag"`
|
||||||
|
Name string `json:"name"`
|
||||||
|
Description string `json:"description"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Server) postUserFlag(w http.ResponseWriter, r *http.Request) error {
|
||||||
|
ctx := r.Context()
|
||||||
|
claims, _ := server.ClaimsFromContext(ctx)
|
||||||
|
|
||||||
|
if !claims.TokenWrite {
|
||||||
|
return server.APIError{Code: server.ErrMissingPermissions, Details: "This token is read-only"}
|
||||||
|
}
|
||||||
|
|
||||||
|
flags, err := s.DB.AccountFlags(ctx, claims.UserID)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "getting current user flags")
|
||||||
|
}
|
||||||
|
if len(flags) >= db.MaxPrideFlags {
|
||||||
|
return server.APIError{
|
||||||
|
Code: server.ErrFlagLimitReached,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var req postUserFlagRequest
|
||||||
|
err = render.Decode(r, &req)
|
||||||
|
if err != nil {
|
||||||
|
return server.APIError{Code: server.ErrBadRequest}
|
||||||
|
}
|
||||||
|
|
||||||
|
// remove whitespace from all fields
|
||||||
|
req.Name = strings.TrimSpace(req.Name)
|
||||||
|
req.Description = strings.TrimSpace(req.Description)
|
||||||
|
|
||||||
|
if s := common.StringLength(&req.Name); s > db.MaxPrideFlagTitleLength {
|
||||||
|
return server.APIError{
|
||||||
|
Code: server.ErrBadRequest,
|
||||||
|
Details: fmt.Sprintf("name too long, must be %v characters or less, is %v", db.MaxPrideFlagTitleLength, s),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if s := common.StringLength(&req.Description); s > db.MaxPrideFlagDescLength {
|
||||||
|
return server.APIError{
|
||||||
|
Code: server.ErrBadRequest,
|
||||||
|
Details: fmt.Sprintf("description too long, must be %v characters or less, is %v", db.MaxPrideFlagDescLength, s),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
tx, err := s.DB.Begin(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "starting transaction")
|
||||||
|
}
|
||||||
|
defer tx.Rollback(ctx)
|
||||||
|
|
||||||
|
flag, err := s.DB.CreateFlag(ctx, tx, claims.UserID, req.Name, req.Description)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("creating flag: %v", err)
|
||||||
|
return errors.Wrap(err, "creating flag")
|
||||||
|
}
|
||||||
|
|
||||||
|
webp, err := s.DB.ConvertFlag(req.Flag)
|
||||||
|
if err != nil {
|
||||||
|
if err == db.ErrInvalidDataURI {
|
||||||
|
return server.APIError{Code: server.ErrBadRequest, Message: "invalid data URI"}
|
||||||
|
}
|
||||||
|
return errors.Wrap(err, "converting flag")
|
||||||
|
}
|
||||||
|
|
||||||
|
hash, err := s.DB.WriteFlag(ctx, flag.ID, webp)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "writing flag")
|
||||||
|
}
|
||||||
|
|
||||||
|
flag, err = s.DB.EditFlag(ctx, tx, flag.ID, nil, nil, &hash)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "setting hash for flag")
|
||||||
|
}
|
||||||
|
|
||||||
|
err = tx.Commit(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "committing transaction")
|
||||||
|
}
|
||||||
|
|
||||||
|
render.JSON(w, r, flag)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Server) patchUserFlag(w http.ResponseWriter, r *http.Request) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Server) deleteUserFlag(w http.ResponseWriter, r *http.Request) error {
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -29,6 +29,11 @@ func Mount(srv *server.Server, r chi.Router) {
|
||||||
|
|
||||||
r.Get("/@me/export/start", server.WrapHandler(s.startExport))
|
r.Get("/@me/export/start", server.WrapHandler(s.startExport))
|
||||||
r.Get("/@me/export", server.WrapHandler(s.getExport))
|
r.Get("/@me/export", server.WrapHandler(s.getExport))
|
||||||
|
|
||||||
|
r.Get("/@me/flags", server.WrapHandler(s.getUserFlags))
|
||||||
|
r.Post("/@me/flags", server.WrapHandler(s.postUserFlag))
|
||||||
|
r.Patch("/@me/flags", server.WrapHandler(s.patchUserFlag))
|
||||||
|
r.Delete("/@me/flags", server.WrapHandler(s.deleteUserFlag))
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -102,6 +102,7 @@ const (
|
||||||
// User-related error codes
|
// User-related error codes
|
||||||
ErrUserNotFound = 2001
|
ErrUserNotFound = 2001
|
||||||
ErrMemberListPrivate = 2002
|
ErrMemberListPrivate = 2002
|
||||||
|
ErrFlagLimitReached = 2003
|
||||||
|
|
||||||
// Member-related error codes
|
// Member-related error codes
|
||||||
ErrMemberNotFound = 3001
|
ErrMemberNotFound = 3001
|
||||||
|
@ -145,7 +146,8 @@ var errCodeMessages = map[int]string{
|
||||||
ErrInvalidCaptcha: "Invalid or missing captcha response",
|
ErrInvalidCaptcha: "Invalid or missing captcha response",
|
||||||
|
|
||||||
ErrUserNotFound: "User not found",
|
ErrUserNotFound: "User not found",
|
||||||
ErrMemberListPrivate: "This user's member list is private.",
|
ErrMemberListPrivate: "This user's member list is private",
|
||||||
|
ErrFlagLimitReached: "Maximum number of pride flags reached",
|
||||||
|
|
||||||
ErrMemberNotFound: "Member not found",
|
ErrMemberNotFound: "Member not found",
|
||||||
ErrMemberLimitReached: "Member limit reached",
|
ErrMemberLimitReached: "Member limit reached",
|
||||||
|
@ -187,6 +189,7 @@ var errCodeStatuses = map[int]int{
|
||||||
|
|
||||||
ErrUserNotFound: http.StatusNotFound,
|
ErrUserNotFound: http.StatusNotFound,
|
||||||
ErrMemberListPrivate: http.StatusForbidden,
|
ErrMemberListPrivate: http.StatusForbidden,
|
||||||
|
ErrFlagLimitReached: http.StatusBadRequest,
|
||||||
|
|
||||||
ErrMemberNotFound: http.StatusNotFound,
|
ErrMemberNotFound: http.StatusNotFound,
|
||||||
ErrMemberLimitReached: http.StatusBadRequest,
|
ErrMemberLimitReached: http.StatusBadRequest,
|
||||||
|
|
24
scripts/migrate/017_pride_flags.sql
Normal file
24
scripts/migrate/017_pride_flags.sql
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
-- +migrate Up
|
||||||
|
|
||||||
|
-- 2023-05-09: Add pride flags
|
||||||
|
-- Hashes are a separate table so we can deduplicate flags.
|
||||||
|
|
||||||
|
create table pride_flags (
|
||||||
|
id text primary key,
|
||||||
|
user_id text not null references users (id) on delete cascade,
|
||||||
|
hash text not null,
|
||||||
|
name text not null,
|
||||||
|
description text
|
||||||
|
);
|
||||||
|
|
||||||
|
create table user_flags (
|
||||||
|
id bigint generated by default as identity primary key,
|
||||||
|
user_id text not null references users (id) on delete cascade,
|
||||||
|
flag_id text not null references pride_flags (id) on delete cascade
|
||||||
|
);
|
||||||
|
|
||||||
|
create table member_flags (
|
||||||
|
id bigint generated by default as identity primary key,
|
||||||
|
member_id text not null references members (id) on delete cascade,
|
||||||
|
flag_id text not null references pride_flags (id) on delete cascade
|
||||||
|
);
|
Loading…
Reference in a new issue