~liljamo/felu (a3ddc93bdf4330285e00d0a1fc10af5c3801f1a4): internal/handlers/user.go

/*
 * Copyright (C) 2024 Jonni Liljamo <jonni@liljamo.com>
 *
 * This file is licensed under AGPL-3.0-or-later, see NOTICE and LICENSE for
 * more information.
 */

package handlers

import (
	"net/http"

	"git.src.quest/~liljamo/felu/internal/db"
	"github.com/alexedwards/scs/v2"
	"github.com/gin-gonic/gin"
)

type postUserPasswordData struct {
	CurrentPassword    string `form:"current_password"`
	NewPassword        string `form:"new_password"`
	ConfirmNewPassword string `form:"confirm_new_password"`
}

// PostUserPassword returns a gin handler
func PostUserPassword() gin.HandlerFunc {
	return func(c *gin.Context) {
		data := &postUserPasswordData{}
		if err := c.Bind(data); err != nil {
			c.String(http.StatusBadRequest, "Could not bind password data")
			c.Abort()
			return
		}

		if len(data.NewPassword) < 10 {
			c.String(http.StatusBadRequest, "Password should be at least 10 chars")
			c.Abort()
			return
		}
		if data.NewPassword != data.ConfirmNewPassword {
			c.String(http.StatusBadRequest, "New and confirm do not match")
			c.Abort()
			return
		}

		userID, exists := c.Get("user_id")
		if !exists {
			c.String(http.StatusInternalServerError, "This should not be possible, but don't quote me on that")
			c.Abort()
			return
		}

		if !db.VerifyUserPassword(userID.(string), data.CurrentPassword) {
			c.String(http.StatusBadRequest, "Current password is not correct")
			c.Abort()
			return
		}

		err := db.UpdateUserPassword(userID.(string), data.NewPassword)
		if err != nil {
			// FIXME: Handle better
			c.String(http.StatusInternalServerError, "Something went wrong while deleting the user")
			c.Abort()
			return
		}

		c.Header("HX-Refresh", "true")
	}
}

type postUserEmailData struct {
	Email string `form:"email"`
}

// PostUserEmail returns a gin handler
func PostUserEmail() gin.HandlerFunc {
	return func(c *gin.Context) {
		data := &postUserEmailData{}
		if err := c.Bind(data); err != nil {
			c.String(http.StatusBadRequest, "Could not bind email data")
			c.Abort()
			return
		}

		if data.Email == "" {
			c.String(http.StatusBadRequest, "Email can't be empty")
			c.Abort()
			return
		}

		userID, exists := c.Get("user_id")
		if !exists {
			c.String(http.StatusInternalServerError, "This should not be possible, but don't quote me on that")
			c.Abort()
			return
		}

		err := db.UpdateUserEmail(userID.(string), data.Email)
		if err != nil {
			// FIXME: Handle better
			c.String(http.StatusInternalServerError, "Something went wrong while deleting the user")
			c.Abort()
			return
		}

		c.Header("HX-Refresh", "true")
	}
}

// DeleteUser returns a gin handler
func DeleteUser(sm *scs.SessionManager) gin.HandlerFunc {
	return func(c *gin.Context) {
		userID, exists := c.Get("user_id")
		if !exists {
			c.String(http.StatusInternalServerError, "This should not be possible, but don't quote me on that")
			c.Abort()
			return
		}

		err := db.DeleteUser(userID.(string))
		if err != nil {
			// FIXME: Handle better
			c.String(http.StatusInternalServerError, "Something went wrong while deleting the user")
			c.Abort()
			return
		}

		sm.Destroy(c.Request.Context())
		c.Header("HX-Refresh", "true")
	}
}