/* YetAnotherToDoList Copyright © 2023 gilex-dev gilex-dev@proton.me This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ package database import ( "errors" "strconv" "time" "somepi.ddns.net/gitea/gilex-dev/YetAnotherToDoList/graph/model" ) func (db CustomDB) CreateUser(newUser model.NewUser) (*model.User, error) { statement, err := db.connection.Prepare("INSERT INTO User (userName, fullName, passwordHash) VALUES (?, NULLIF(?, ''), ?)") if err != nil { return nil, err } if ValidateUserName(newUser.UserName); err != nil { return nil, err } if ValidatePassword(newUser.Password); err != nil { return nil, err } passwordHash, err := db.GenerateHashFromPassword(newUser.Password) if err != nil { return nil, err } rows, err := statement.Exec(newUser.UserName, newUser.FullName, string(passwordHash)) if err != nil { return nil, err } num, err := rows.RowsAffected() if err != nil { return nil, err } if num < 1 { return nil, errors.New("no rows affected") } insertId, err := rows.LastInsertId() if err != nil { return nil, err } return &model.User{ID: strconv.FormatInt(insertId, 10), UserName: newUser.UserName, FullName: newUser.FullName}, nil } // GetUser takes a *model.User with at least ID or UserName set and adds the missing fields. func (db CustomDB) GetUser(user *model.User) (*model.User, error) { numUserId, err := strconv.Atoi(user.ID) if err != nil { return nil, errors.New("invalid userId") } statement, err := db.connection.Prepare("SELECT userID, userName, fullName FROM User WHERE userId = ? OR userName = ?") if err != nil { return nil, err } result := statement.QueryRow(numUserId, user.UserName) if err := result.Scan(&user.ID, &user.UserName, &user.FullName); err != nil { return nil, err } return user, nil } func (db CustomDB) GetAllUsers() ([]*model.User, error) { rows, err := db.connection.Query("SELECT userId, userName, fullName FROM User") if err != nil { return nil, err } defer rows.Close() var all []*model.User for rows.Next() { var user model.User if err := rows.Scan(&user.ID, &user.UserName, &user.FullName); err != nil { return nil, err } all = append(all, &user) } return all, nil } func (db CustomDB) UpdateUser(userId string, changes *model.UpdateUser) (*model.User, error) { var passwordHash *string needAccessTokenRefresh := false id, err := strconv.Atoi(userId) if err != nil { return nil, errors.New("invalid userId") } statement, err := db.connection.Prepare("UPDATE User SET userName = IFNULL(?, userName), fullName = IFNULL(NULLIF(?, ''), fullName), passwordHash = IFNULL(?, passwordHash) WHERE userId = ?") if err != nil { return nil, err } if *changes.UserName == "" { // interpret empty string as nil changes.UserName = nil } else { if err := ValidateUserName(*changes.UserName); err != nil { return nil, err } needAccessTokenRefresh = true } if *changes.Password == "" { // interpret empty string as nil passwordHash = nil } else { if err := ValidatePassword(*changes.Password); err != nil { return nil, err } passwordHashByte, err := db.GenerateHashFromPassword(*changes.Password) if err != nil { return nil, err } passwordHashString := string(passwordHashByte) passwordHash = &passwordHashString needAccessTokenRefresh = true } rows, err := statement.Exec(changes.UserName, changes.FullName, passwordHash, id) if err != nil { return nil, err } num, err := rows.RowsAffected() if err != nil { return nil, err } if num < 1 { return nil, errors.New("no rows affected") } if needAccessTokenRefresh { RevokeAccessToken(&AccessToken{UserId: userId, ExpiryDate: int(time.Now().Add(accessTokenLifetime).Unix())}) } return db.GetUser(&model.User{ID: userId}) } func (db CustomDB) DeleteUser(userId string) (*string, error) { statement, err := db.connection.Prepare("DELETE FROM User WHERE userId = ?") if err != nil { return nil, err } rows, err := statement.Exec(userId) if err != nil { return nil, err } num, err := rows.RowsAffected() if err != nil { return nil, err } if num < 1 { return nil, errors.New("no rows affected") } RevokeAccessToken(&AccessToken{UserId: userId, ExpiryDate: int(time.Now().Add(accessTokenLifetime).Unix())}) return &userId, nil } func (db CustomDB) AddRole(userId string, roleId string) (relationId string, err error) { encUserId, err := strconv.Atoi(userId) if err != nil { return "", errors.New("invalid userId") } encRoleId, err := strconv.Atoi(roleId) if err != nil { return "", errors.New("invalid roleId") } statement, err := db.connection.Prepare("INSERT INTO R_User_Role (FK_User_userId, FK_Role_roleId) VALUES (?, ?)") if err != nil { return "", err } rows, err := statement.Exec(encUserId, encRoleId) if err != nil { return "", err } num, err := rows.RowsAffected() if err != nil { return "", err } if num < 1 { return "", errors.New("no rows affected") } insertId, err := rows.LastInsertId() if err != nil { return "", err } RevokeAccessToken(&AccessToken{UserId: userId, ExpiryDate: int(time.Now().Add(accessTokenLifetime).Unix())}) return strconv.FormatInt(insertId, 10), nil } func (db CustomDB) RemoveRole(userId string, roleId string) (relationId string, err error) { encUserId, err := strconv.Atoi(userId) if err != nil { return "", errors.New("invalid userId") } encRoleId, err := strconv.Atoi(roleId) if err != nil { return "", errors.New("invalid roleId") } statement, err := db.connection.Prepare("DELETE FROM R_User_Role WHERE FK_User_userId = ? AND FK_Role_roleId = ?") if err != nil { return "", err } rows, err := statement.Exec(encUserId, encRoleId) if err != nil { return "", err } num, err := rows.RowsAffected() if err != nil { return "", err } if num < 1 { return "", errors.New("no rows affected") } RevokeAccessToken(&AccessToken{UserId: userId, ExpiryDate: int(time.Now().Add(accessTokenLifetime).Unix())}) return strconv.FormatInt(int64(encRoleId), 10), nil }