src/api/admin/account/update.rs at cd09e6c7544aaf0128aa1f5b53556c5430ac5f78 · lewis.moe/bspds-sandbox

lewis.moe / bspds-sandbox
this repo has no description
bspds-sandbox / src / api / admin / account / update.rs
at cd09e6c7544aaf0128aa1f5b53556c5430ac5f78 5.3 kB view raw
  1use crate::api::EmptyResponse;
  2use crate::api::error::ApiError;
  3use crate::auth::BearerAuthAdmin;
  4use crate::state::AppState;
  5use crate::types::{Did, PlainPassword};
  6use axum::{
  7    Json,
  8    extract::State,
  9    response::{IntoResponse, Response},
 10};
 11use serde::Deserialize;
 12use tracing::{error, warn};
 13
 14#[derive(Deserialize)]
 15pub struct UpdateAccountEmailInput {
 16    pub account: String,
 17    pub email: String,
 18}
 19
 20pub async fn update_account_email(
 21    State(state): State<AppState>,
 22    _auth: BearerAuthAdmin,
 23    Json(input): Json<UpdateAccountEmailInput>,
 24) -> Response {
 25    let account = input.account.trim();
 26    let email = input.email.trim();
 27    if account.is_empty() || email.is_empty() {
 28        return ApiError::InvalidRequest("account and email are required".into()).into_response();
 29    }
 30    let result = sqlx::query!("UPDATE users SET email = $1 WHERE did = $2", email, account)
 31        .execute(&state.db)
 32        .await;
 33    match result {
 34        Ok(r) => {
 35            if r.rows_affected() == 0 {
 36                return ApiError::AccountNotFound.into_response();
 37            }
 38            EmptyResponse::ok().into_response()
 39        }
 40        Err(e) => {
 41            error!("DB error updating email: {:?}", e);
 42            ApiError::InternalError(None).into_response()
 43        }
 44    }
 45}
 46
 47#[derive(Deserialize)]
 48pub struct UpdateAccountHandleInput {
 49    pub did: Did,
 50    pub handle: String,
 51}
 52
 53pub async fn update_account_handle(
 54    State(state): State<AppState>,
 55    _auth: BearerAuthAdmin,
 56    Json(input): Json<UpdateAccountHandleInput>,
 57) -> Response {
 58    let did = &input.did;
 59    let input_handle = input.handle.trim();
 60    if input_handle.is_empty() {
 61        return ApiError::InvalidRequest("handle is required".into()).into_response();
 62    }
 63    if !input_handle
 64        .chars()
 65        .all(|c| c.is_ascii_alphanumeric() || c == '.' || c == '-' || c == '_')
 66    {
 67        return ApiError::InvalidHandle(None).into_response();
 68    }
 69    let hostname = std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string());
 70    let handle = if !input_handle.contains('.') {
 71        format!("{}.{}", input_handle, hostname)
 72    } else {
 73        input_handle.to_string()
 74    };
 75    let old_handle = sqlx::query_scalar!("SELECT handle FROM users WHERE did = $1", did.as_str())
 76        .fetch_optional(&state.db)
 77        .await
 78        .ok()
 79        .flatten();
 80    let existing = sqlx::query!(
 81        "SELECT id FROM users WHERE handle = $1 AND did != $2",
 82        handle,
 83        did.as_str()
 84    )
 85    .fetch_optional(&state.db)
 86    .await;
 87    if let Ok(Some(_)) = existing {
 88        return ApiError::HandleTaken.into_response();
 89    }
 90    let result = sqlx::query!(
 91        "UPDATE users SET handle = $1 WHERE did = $2",
 92        handle,
 93        did.as_str()
 94    )
 95    .execute(&state.db)
 96    .await;
 97    match result {
 98        Ok(r) => {
 99            if r.rows_affected() == 0 {
100                return ApiError::AccountNotFound.into_response();
101            }
102            if let Some(old) = old_handle {
103                let _ = state.cache.delete(&format!("handle:{}", old)).await;
104            }
105            let _ = state.cache.delete(&format!("handle:{}", handle)).await;
106            if let Err(e) = crate::api::repo::record::sequence_identity_event(
107                &state,
108                did.as_str(),
109                Some(&handle),
110            )
111            .await
112            {
113                warn!(
114                    "Failed to sequence identity event for admin handle update: {}",
115                    e
116                );
117            }
118            if let Err(e) =
119                crate::api::identity::did::update_plc_handle(&state, did.as_str(), &handle).await
120            {
121                warn!("Failed to update PLC handle for admin handle update: {}", e);
122            }
123            EmptyResponse::ok().into_response()
124        }
125        Err(e) => {
126            error!("DB error updating handle: {:?}", e);
127            ApiError::InternalError(None).into_response()
128        }
129    }
130}
131
132#[derive(Deserialize)]
133pub struct UpdateAccountPasswordInput {
134    pub did: Did,
135    pub password: PlainPassword,
136}
137
138pub async fn update_account_password(
139    State(state): State<AppState>,
140    _auth: BearerAuthAdmin,
141    Json(input): Json<UpdateAccountPasswordInput>,
142) -> Response {
143    let did = &input.did;
144    let password = input.password.trim();
145    if password.is_empty() {
146        return ApiError::InvalidRequest("password is required".into()).into_response();
147    }
148    let password_hash = match bcrypt::hash(password, bcrypt::DEFAULT_COST) {
149        Ok(h) => h,
150        Err(e) => {
151            error!("Failed to hash password: {:?}", e);
152            return ApiError::InternalError(None).into_response();
153        }
154    };
155    let result = sqlx::query!(
156        "UPDATE users SET password_hash = $1 WHERE did = $2",
157        password_hash,
158        did.as_str()
159    )
160    .execute(&state.db)
161    .await;
162    match result {
163        Ok(r) => {
164            if r.rows_affected() == 0 {
165                return ApiError::AccountNotFound.into_response();
166            }
167            EmptyResponse::ok().into_response()
168        }
169        Err(e) => {
170            error!("DB error updating password: {:?}", e);
171            ApiError::InternalError(None).into_response()
172        }
173    }
174}