Compare commits
3 Commits
5ed75c350a
...
3bcd8af100
| Author | SHA1 | Date | |
|---|---|---|---|
| 3bcd8af100 | |||
| b24ffcf3f8 | |||
| 3a63a14c4d |
@@ -345,59 +345,63 @@ func (q *Queries) GetProfileByUsername(ctx context.Context, username string) (Pr
|
||||
return i, err
|
||||
}
|
||||
|
||||
const getProfileByUsernameRestricted = `-- name: GetProfileByUsernameRestricted :one
|
||||
const getProfileByUsernameWithPrivacy = `-- name: GetProfileByUsernameWithPrivacy :one
|
||||
SELECT
|
||||
users.username,
|
||||
profiles.name,
|
||||
CASE
|
||||
WHEN profile_settings.hide_birthday OR profile_settings.hide_profile_details THEN NULL
|
||||
ELSE profiles.birthday
|
||||
END AS birthday,
|
||||
CASE
|
||||
WHEN profile_settings.hide_profile_details THEN NULL
|
||||
ELSE profiles.bio
|
||||
END AS bio,
|
||||
CASE
|
||||
WHEN profile_settings.hide_profile_details THEN NULL
|
||||
ELSE profiles.avatar_url
|
||||
END AS avatar_url,
|
||||
profiles.color,
|
||||
profiles.color_grad,
|
||||
profile_settings.hide_profile_details
|
||||
FROM profiles
|
||||
JOIN users ON users.id = profiles.user_id
|
||||
JOIN profile_settings ON profiles.id = profile_settings.profile_id
|
||||
WHERE users.username = $1 AND ($2 IS FALSE OR profile_settings.hide_for_unauthenticated IS FALSE)
|
||||
u.username,
|
||||
p.name,
|
||||
p.bio,
|
||||
p.avatar_url,
|
||||
CASE WHEN ps.hide_birthday THEN NULL ELSE p.birthday END AS birthday,
|
||||
p.color,
|
||||
p.color_grad,
|
||||
NOT ($1::text = '' AND ps.hide_for_unauthenticated) AS access_allowed
|
||||
FROM
|
||||
users AS u
|
||||
JOIN profiles AS p ON u.id = p.user_id
|
||||
JOIN profile_settings AS ps ON p.id = ps.profile_id
|
||||
WHERE
|
||||
u.username = $2::text
|
||||
AND (
|
||||
$2::text = $1::text
|
||||
OR
|
||||
u.deleted IS FALSE
|
||||
AND u.verified IS TRUE
|
||||
AND NOT EXISTS (
|
||||
SELECT 1
|
||||
FROM banned_users
|
||||
WHERE user_id = u.id
|
||||
)
|
||||
)
|
||||
`
|
||||
|
||||
type GetProfileByUsernameRestrictedParams struct {
|
||||
Username string
|
||||
Column2 *bool
|
||||
type GetProfileByUsernameWithPrivacyParams struct {
|
||||
Requester string
|
||||
SearchedUsername string
|
||||
}
|
||||
|
||||
type GetProfileByUsernameRestrictedRow struct {
|
||||
Username string
|
||||
Name string
|
||||
Birthday pgtype.Timestamp
|
||||
Bio *string
|
||||
AvatarUrl *string
|
||||
Color string
|
||||
ColorGrad string
|
||||
HideProfileDetails bool
|
||||
type GetProfileByUsernameWithPrivacyRow struct {
|
||||
Username string
|
||||
Name string
|
||||
Bio string
|
||||
AvatarUrl string
|
||||
Birthday pgtype.Timestamp
|
||||
Color string
|
||||
ColorGrad string
|
||||
AccessAllowed *bool
|
||||
}
|
||||
|
||||
func (q *Queries) GetProfileByUsernameRestricted(ctx context.Context, arg GetProfileByUsernameRestrictedParams) (GetProfileByUsernameRestrictedRow, error) {
|
||||
row := q.db.QueryRow(ctx, getProfileByUsernameRestricted, arg.Username, arg.Column2)
|
||||
var i GetProfileByUsernameRestrictedRow
|
||||
func (q *Queries) GetProfileByUsernameWithPrivacy(ctx context.Context, arg GetProfileByUsernameWithPrivacyParams) (GetProfileByUsernameWithPrivacyRow, error) {
|
||||
row := q.db.QueryRow(ctx, getProfileByUsernameWithPrivacy, arg.Requester, arg.SearchedUsername)
|
||||
var i GetProfileByUsernameWithPrivacyRow
|
||||
err := row.Scan(
|
||||
&i.Username,
|
||||
&i.Name,
|
||||
&i.Birthday,
|
||||
&i.Bio,
|
||||
&i.AvatarUrl,
|
||||
&i.Birthday,
|
||||
&i.Color,
|
||||
&i.ColorGrad,
|
||||
&i.HideProfileDetails,
|
||||
&i.AccessAllowed,
|
||||
)
|
||||
return i, err
|
||||
}
|
||||
|
||||
@@ -30,7 +30,7 @@ type NewProfileDto struct {
|
||||
Name string `json:"name" binding:"required" validate:"name"`
|
||||
Bio string `json:"bio" validate:"bio"`
|
||||
AvatarUploadID string `json:"avatar_upload_id" validate:"omitempty,upload_id=avatar"`
|
||||
Birthday int64 `json:"birthday"`
|
||||
Birthday int64 `json:"birthday" validate:"birthday_unix_milli"`
|
||||
Color string `json:"color" validate:"color_hex"`
|
||||
ColorGrad string `json:"color_grad" validate:"color_hex"`
|
||||
}
|
||||
|
||||
@@ -32,7 +32,7 @@ type RegistrationCompleteRequest struct {
|
||||
Username string `json:"username" binding:"required" validate:"username"`
|
||||
VerificationCode string `json:"verification_code" binding:"required" validate:"verification_code=reg"`
|
||||
Name string `json:"name" binding:"required" validate:"name"`
|
||||
Birthday *string `json:"birthday"`
|
||||
Birthday int64 `json:"birthday" validate:"birthday_unix_milli"`
|
||||
}
|
||||
|
||||
type RegistrationCompleteResponse struct {
|
||||
|
||||
@@ -35,6 +35,7 @@ import (
|
||||
"github.com/google/uuid"
|
||||
"github.com/jackc/pgerrcode"
|
||||
"github.com/jackc/pgx/v5"
|
||||
"github.com/jackc/pgx/v5/pgtype"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
@@ -437,9 +438,15 @@ func (a *authServiceImpl) RegistrationComplete(cinfo dto.ClientInfo, request mod
|
||||
return nil, errs.ErrServerError
|
||||
}
|
||||
|
||||
birthdayTimestamp := pgtype.Timestamp {
|
||||
Time: time.UnixMilli(request.Birthday),
|
||||
Valid: true,
|
||||
}
|
||||
|
||||
profile, err = db.TXQueries.CreateProfile(db.CTX, database.CreateProfileParams{
|
||||
UserID: user.ID,
|
||||
Name: request.Name,
|
||||
Birthday: birthdayTimestamp,
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
|
||||
@@ -70,7 +70,6 @@ func (p *profileServiceImpl) GetMyProfile(cinfo dto.ClientInfo) (*dto.ProfileDto
|
||||
return profileDto, nil
|
||||
}
|
||||
|
||||
// TODO: Profile privacy settings checks
|
||||
func (p *profileServiceImpl) GetProfileByUsername(cinfo dto.ClientInfo, username string) (*dto.ProfileDto, error) {
|
||||
helper, db, err := database.NewDbHelperTransaction(p.dbctx); if err != nil {
|
||||
p.log.Error(
|
||||
@@ -80,7 +79,10 @@ func (p *profileServiceImpl) GetProfileByUsername(cinfo dto.ClientInfo, username
|
||||
}
|
||||
defer helper.Rollback()
|
||||
|
||||
profile, err := db.TXQueries.GetProfileByUsername(db.CTX, username); if err != nil {
|
||||
profileRow, err := db.TXQueries.GetProfileByUsernameWithPrivacy(db.CTX, database.GetProfileByUsernameWithPrivacyParams{
|
||||
Requester: cinfo.Username,
|
||||
SearchedUsername: username,
|
||||
}); if err != nil {
|
||||
if errors.Is(err, pgx.ErrNoRows) {
|
||||
return nil, errs.ErrNotFound
|
||||
}
|
||||
@@ -92,8 +94,18 @@ func (p *profileServiceImpl) GetProfileByUsername(cinfo dto.ClientInfo, username
|
||||
return nil, errs.ErrServerError
|
||||
}
|
||||
|
||||
profileDto := &dto.ProfileDto{}
|
||||
mapspecial.MapProfileDto(profile, profileDto)
|
||||
if !*profileRow.AccessAllowed {
|
||||
return nil, errs.ErrForbidden
|
||||
}
|
||||
|
||||
profileDto := &dto.ProfileDto{
|
||||
Name: profileRow.Name,
|
||||
Bio: profileRow.Bio,
|
||||
AvatarUrl: &profileRow.AvatarUrl,
|
||||
Birthday: profileRow.Birthday.Time.UnixMilli(),
|
||||
Color: profileRow.Color,
|
||||
ColorGrad: profileRow.ColorGrad,
|
||||
}
|
||||
|
||||
return profileDto, nil
|
||||
}
|
||||
@@ -114,7 +126,6 @@ func (p *profileServiceImpl) GetProfileSettings(cinfo dto.ClientInfo) (*dto.Prof
|
||||
return profileSettingsDto, nil
|
||||
}
|
||||
|
||||
// XXX: no validation for timestamps' allowed ranges
|
||||
func (p *profileServiceImpl) UpdateProfile(cinfo dto.ClientInfo, newProfile dto.NewProfileDto) (bool, error) {
|
||||
helper, db, err := database.NewDbHelperTransaction(p.dbctx); if err != nil {
|
||||
p.log.Error(
|
||||
|
||||
@@ -21,6 +21,7 @@ import (
|
||||
"easywish/config"
|
||||
"fmt"
|
||||
"regexp"
|
||||
"time"
|
||||
|
||||
"github.com/go-playground/validator/v10"
|
||||
)
|
||||
@@ -55,6 +56,22 @@ func GetCustomHandlers() []CustomValidatorHandler {
|
||||
return regexp.MustCompile(`^.{1,512}$`).MatchString(username)
|
||||
}},
|
||||
|
||||
{
|
||||
FieldName: "birthday_unix_milli",
|
||||
Function: func(fl validator.FieldLevel) bool {
|
||||
|
||||
timestamp := fl.Field().Int()
|
||||
date := time.UnixMilli(timestamp)
|
||||
currentDate := time.Now()
|
||||
|
||||
age := currentDate.Year() - date.Year()
|
||||
if currentDate.YearDay() < date.YearDay() {
|
||||
age--
|
||||
}
|
||||
|
||||
return age >= 0 && age <= 122
|
||||
}},
|
||||
|
||||
{
|
||||
FieldName: "color_hex",
|
||||
Function: func(fl validator.FieldLevel) bool {
|
||||
|
||||
@@ -296,29 +296,33 @@ SELECT profiles.* FROM profiles
|
||||
JOIN users ON users.id = profiles.user_id
|
||||
WHERE users.username = $1;
|
||||
|
||||
;-- name: GetProfileByUsernameRestricted :one
|
||||
;-- name: GetProfileByUsernameWithPrivacy :one
|
||||
SELECT
|
||||
users.username,
|
||||
profiles.name,
|
||||
CASE
|
||||
WHEN profile_settings.hide_birthday OR profile_settings.hide_profile_details THEN NULL
|
||||
ELSE profiles.birthday
|
||||
END AS birthday,
|
||||
CASE
|
||||
WHEN profile_settings.hide_profile_details THEN NULL
|
||||
ELSE profiles.bio
|
||||
END AS bio,
|
||||
CASE
|
||||
WHEN profile_settings.hide_profile_details THEN NULL
|
||||
ELSE profiles.avatar_url
|
||||
END AS avatar_url,
|
||||
profiles.color,
|
||||
profiles.color_grad,
|
||||
profile_settings.hide_profile_details
|
||||
FROM profiles
|
||||
JOIN users ON users.id = profiles.user_id
|
||||
JOIN profile_settings ON profiles.id = profile_settings.profile_id
|
||||
WHERE users.username = $1 AND ($2 IS FALSE OR profile_settings.hide_for_unauthenticated IS FALSE);
|
||||
u.username,
|
||||
p.name,
|
||||
p.bio,
|
||||
p.avatar_url,
|
||||
CASE WHEN ps.hide_birthday THEN NULL ELSE p.birthday END AS birthday,
|
||||
p.color,
|
||||
p.color_grad,
|
||||
NOT (@requester::text = '' AND ps.hide_for_unauthenticated) AS access_allowed
|
||||
FROM
|
||||
users AS u
|
||||
JOIN profiles AS p ON u.id = p.user_id
|
||||
JOIN profile_settings AS ps ON p.id = ps.profile_id
|
||||
WHERE
|
||||
u.username = @searched_username::text
|
||||
AND (
|
||||
@searched_username::text = @requester::text
|
||||
OR
|
||||
u.deleted IS FALSE
|
||||
AND u.verified IS TRUE
|
||||
AND NOT EXISTS (
|
||||
SELECT 1
|
||||
FROM banned_users
|
||||
WHERE user_id = u.id
|
||||
)
|
||||
);
|
||||
|
||||
;-- name: GetProfilesRestricted :many
|
||||
SELECT
|
||||
|
||||
Reference in New Issue
Block a user