GeneIT/geneit_backend/src/controllers/user_controller.rs

100 lines
2.6 KiB
Rust
Raw Normal View History

2023-05-31 13:52:49 +00:00
//! # User controller
//!
//! The actions of the user on his account when he is authenticated.
2023-06-05 16:52:00 +00:00
use crate::constants::StaticConstraints;
2023-05-31 13:52:49 +00:00
use crate::controllers::HttpResult;
use crate::models::User;
2023-05-31 13:52:49 +00:00
use crate::services::login_token_service::LoginToken;
2023-06-05 17:02:51 +00:00
use crate::services::rate_limiter_service::RatedAction;
use crate::services::{rate_limiter_service, users_service};
use actix_remote_ip::RemoteIP;
2023-06-05 16:52:00 +00:00
use actix_web::web::Json;
2023-05-31 13:52:49 +00:00
use actix_web::HttpResponse;
#[derive(serde::Serialize)]
struct UserAPI<'a> {
#[serde(flatten)]
user: &'a User,
has_password: bool,
}
2023-05-31 13:52:49 +00:00
/// Get account information
pub async fn auth_info(token: LoginToken) -> HttpResult {
let user = users_service::get_by_id(token.user_id).await?;
Ok(HttpResponse::Ok().json(UserAPI {
user: &user,
has_password: user
.password
.as_deref()
.map(|p| !p.is_empty())
.unwrap_or_default(),
}))
2023-05-31 13:52:49 +00:00
}
2023-06-05 16:52:00 +00:00
#[derive(serde::Deserialize)]
2023-06-05 17:02:51 +00:00
pub struct ProfileUpdateQuery {
2023-06-05 16:52:00 +00:00
name: String,
}
/// Update profile information
2023-06-05 17:02:51 +00:00
pub async fn update_profile(token: LoginToken, profile: Json<ProfileUpdateQuery>) -> HttpResult {
2023-06-05 16:52:00 +00:00
if !StaticConstraints::default()
.user_name_len
.validate(&profile.name)
{
return Ok(HttpResponse::BadRequest().json("Nom invalide!"));
}
let mut user = users_service::get_by_id(token.user_id).await?;
user.name = profile.0.name;
users_service::update_account(user).await?;
Ok(HttpResponse::Accepted().finish())
}
2023-06-05 17:02:51 +00:00
#[derive(serde::Deserialize)]
pub struct ReplacePasswordQuery {
old_password: String,
new_password: String,
}
/// Replace user password
pub async fn replace_password(
remote_ip: RemoteIP,
token: LoginToken,
q: Json<ReplacePasswordQuery>,
) -> HttpResult {
// Rate limiting
if rate_limiter_service::should_block_action(
remote_ip.0,
RatedAction::RequestReplacePasswordSignedIn,
)
.await?
{
return Ok(HttpResponse::TooManyRequests().finish());
}
if !StaticConstraints::default()
.password_len
2023-06-05 17:04:31 +00:00
.validate(&q.new_password)
2023-06-05 17:02:51 +00:00
{
return Ok(HttpResponse::BadRequest().json("Nouveau mot de passe invalide!"));
}
let user = users_service::get_by_id(token.user_id).await?;
if !user.check_password(&q.old_password) {
rate_limiter_service::record_action(
remote_ip.0,
RatedAction::RequestReplacePasswordSignedIn,
)
.await?;
return Ok(HttpResponse::BadRequest().json("Ancien mot de passe invalide !"));
}
users_service::change_password(&user, &q.new_password).await?;
Ok(HttpResponse::Accepted().finish())
}