void.cat/VoidCat/Controllers/UserController.cs

using Microsoft.AspNetCore.Mvc;
using Newtonsoft.Json;
using VoidCat.Database;
using VoidCat.Model;
using VoidCat.Services.Abstractions;
using VoidCat.Services.Files;
using UserFlags = VoidCat.Database.UserFlags;

namespace VoidCat.Controllers;

[Route("user/{id}")]
public class UserController : Controller
{
    private readonly IUserStore _store;
    private readonly IUserUploadsStore _userUploads;
    private readonly IEmailVerification _emailVerification;
    private readonly FileInfoManager _fileInfoManager;

    public UserController(IUserStore store, IUserUploadsStore userUploads, IEmailVerification emailVerification,
        FileInfoManager fileInfoManager)
    {
        _store = store;
        _userUploads = userUploads;
        _emailVerification = emailVerification;
        _fileInfoManager = fileInfoManager;
    }

    /// <summary>
    /// Return user profile
    /// </summary>
    /// <remarks>
    /// You do not need to be logged in to return a user profile if their profile is set to public.
    ///
    /// You may also use `me` as the `id` to get the logged in users profile.
    /// </remarks>
    /// <param name="id">User id to load</param>
    /// <returns></returns>
    [HttpGet]
    public async Task<IActionResult> GetUser([FromRoute] string id)
    {
        var loggedUser = HttpContext.GetUserId();
        var isMe = id.Equals("me", StringComparison.InvariantCultureIgnoreCase);
        if (isMe && !loggedUser.HasValue) return Unauthorized();

        var requestedId = isMe ? loggedUser!.Value : id.FromBase58Guid();
        var user = await _store.Get(requestedId);
        if (user == default) return NotFound();
        if (loggedUser != requestedId && !user.Flags.HasFlag(UserFlags.PublicProfile))
            return NotFound();

        var isMyProfile = requestedId == user.Id;
        return Json(user!.ToApiUser(isMyProfile));
    }

    /// <summary>
    /// Update profile settings
    /// </summary>
    /// 
    /// <param name="id">User id</param>
    /// <param name="user"></param>
    /// <returns></returns>
    [HttpPost]
    public async Task<IActionResult> UpdateUser([FromRoute] string id, [FromBody] ApiUser user)
    {
        var loggedUser = await GetAuthorizedUser(id);
        if (loggedUser == default) return Unauthorized();

        if (!loggedUser.Flags.HasFlag(UserFlags.EmailVerified)) return Forbid();

        loggedUser.Avatar = user.Avatar;
        loggedUser.DisplayName = user.Name ?? "void user";
        loggedUser.Flags = UserFlags.EmailVerified | (user.PublicProfile ? UserFlags.PublicProfile : 0) |
                           (user.PublicUploads ? UserFlags.PublicUploads : 0);

        await _store.UpdateProfile(loggedUser);

        return Ok();
    }

    /// <summary>
    /// Return a list of files which the user has uploaded
    /// </summary>
    /// <remarks>
    /// This will return files if the profile has public uploads set on their profile.
    /// Otherwise you can return your own uploaded files if you are logged in. 
    /// </remarks>
    /// <param name="id">User id</param>
    /// <param name="request">Page request</param>
    /// <returns></returns>
    [HttpPost]
    [Route("files")]
    public async Task<IActionResult> ListUserFiles([FromRoute] string id,
        [FromBody] PagedRequest request)
    {
        var loggedUser = HttpContext.GetUserId();
        var isAdmin = HttpContext.IsRole(Roles.Admin);

        var user = await GetRequestedUser(id);
        if (user == default) return NotFound();

        // not logged in user files, check public flag
        var canViewUploads = loggedUser == user.Id || isAdmin;
        if (!canViewUploads &&
            !user.Flags.HasFlag(UserFlags.PublicUploads)) return Forbid();

        var results = await _userUploads.ListFiles(id.FromBase58Guid(), request);
        var files = await results.Results.ToListAsync();
        var fileInfo = await _fileInfoManager.Get(files.ToArray(), false);
        return Json(new RenderedResults<VoidFileResponse>()
        {
            PageSize = results.PageSize,
            Page = results.Page,
            TotalResults = results.TotalResults,
            Results = fileInfo.ToList()
        });
    }

    /// <summary>
    /// Send a verification code for a specific user
    /// </summary>
    /// <param name="id">User id to send code for</param>
    /// <returns></returns>
    [HttpGet]
    [Route("verify")]
    public async Task<IActionResult> SendVerificationCode([FromRoute] string id)
    {
        var user = await GetAuthorizedUser(id);
        if (user == default) return Unauthorized();

        var isEmailVerified = (user?.Flags.HasFlag(UserFlags.EmailVerified) ?? false);
        if (isEmailVerified) return UnprocessableEntity();

        await _emailVerification.SendNewCode(user!);
        return Accepted();
    }

    /// <summary>
    /// Confirm email verification code
    /// </summary>
    /// <param name="id">User id to verify</param>
    /// <param name="req">Verification code to check</param>
    /// <returns></returns>
    [HttpPost]
    [Route("verify")]
    public async Task<IActionResult> VerifyCode([FromRoute] string id, [FromBody] VerifyCodeRequest req)
    {
        var user = await GetAuthorizedUser(id);
        if (user == default) return Unauthorized();

        if (!await _emailVerification.VerifyCode(user, req.Code)) return BadRequest();

        user.Flags |= UserFlags.EmailVerified;
        await _store.UpdateProfile(user);
        return Accepted();
    }

    private async Task<User?> GetAuthorizedUser(string id)
    {
        var loggedUser = HttpContext.GetUserId();
        var gid = id.FromBase58Guid();
        var user = await _store.Get(gid);
        return user?.Id != loggedUser ? default : user;
    }

    private async Task<User?> GetRequestedUser(string id)
    {
        var gid = id.FromBase58Guid();
        return await _store.Get(gid);
    }

    public class VerifyCodeRequest
    {
        [JsonProperty("code")]
        [JsonConverter(typeof(Base58GuidConverter))]
        public Guid Code { get; init; }
    }
}
Add profiles 2022-02-27 13:54:25 +00:00			`using Microsoft.AspNetCore.Mvc;`
Fix email verification code 2023-06-09 00:20:54 +00:00			`using Newtonsoft.Json;`
v5 (#65) Co-authored-by: Kieran <kieran@harkin.me> Reviewed-on: https://git.v0l.io/Kieran/void.cat/pulls/65 2023-05-09 13:56:57 +00:00			`using VoidCat.Database;`
Add profiles 2022-02-27 13:54:25 +00:00			`using VoidCat.Model;`
			`using VoidCat.Services.Abstractions;`
Delete expired files 2022-09-06 21:32:22 +00:00			`using VoidCat.Services.Files;`
v5 (#65) Co-authored-by: Kieran <kieran@harkin.me> Reviewed-on: https://git.v0l.io/Kieran/void.cat/pulls/65 2023-05-09 13:56:57 +00:00			`using UserFlags = VoidCat.Database.UserFlags;`
Add profiles 2022-02-27 13:54:25 +00:00
			`namespace VoidCat.Controllers;`

Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`[Route("user/{id}")]`
Add profiles 2022-02-27 13:54:25 +00:00			`public class UserController : Controller`
			`{`
			`private readonly IUserStore _store;`
Add user file list 2022-02-27 23:01:57 +00:00			`private readonly IUserUploadsStore _userUploads;`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`private readonly IEmailVerification _emailVerification;`
Delete expired files 2022-09-06 21:32:22 +00:00			`private readonly FileInfoManager _fileInfoManager;`
Add profiles 2022-02-27 13:54:25 +00:00
Multi-Storage backend support Api Keys support 2022-07-25 17:59:32 +00:00			`public UserController(IUserStore store, IUserUploadsStore userUploads, IEmailVerification emailVerification,`
Delete expired files 2022-09-06 21:32:22 +00:00			`FileInfoManager fileInfoManager)`
Add profiles 2022-02-27 13:54:25 +00:00			`{`
			`_store = store;`
Add user file list 2022-02-27 23:01:57 +00:00			`_userUploads = userUploads;`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`_emailVerification = emailVerification;`
Decouple user upload store 2022-06-10 20:42:36 +00:00			`_fileInfoManager = fileInfoManager;`
Add profiles 2022-02-27 13:54:25 +00:00			`}`

Add swagger and docs 2022-03-08 13:47:42 +00:00			`/// <summary>`
			`/// Return user profile`
			`/// </summary>`
			`/// <remarks>`
			`/// You do not need to be logged in to return a user profile if their profile is set to public.`
			`///`
			/// You may also use `me` as the `id` to get the logged in users profile.
			`/// </remarks>`
			`/// <param name="id">User id to load</param>`
			`/// <returns></returns>`
Add profiles 2022-02-27 13:54:25 +00:00			`[HttpGet]`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`public async Task<IActionResult> GetUser([FromRoute] string id)`
Add profiles 2022-02-27 13:54:25 +00:00			`{`
			`var loggedUser = HttpContext.GetUserId();`
Load profile on page load 2022-03-04 21:12:01 +00:00			`var isMe = id.Equals("me", StringComparison.InvariantCultureIgnoreCase);`
			`if (isMe && !loggedUser.HasValue) return Unauthorized();`
Add swagger and docs 2022-03-08 13:47:42 +00:00
Load profile on page load 2022-03-04 21:12:01 +00:00			`var requestedId = isMe ? loggedUser!.Value : id.FromBase58Guid();`
v5 (#65) Co-authored-by: Kieran <kieran@harkin.me> Reviewed-on: https://git.v0l.io/Kieran/void.cat/pulls/65 2023-05-09 13:56:57 +00:00			`var user = await _store.Get(requestedId);`
Bug fixes 2023-06-09 00:14:32 +00:00			`if (user == default) return NotFound();`
			`if (loggedUser != requestedId && !user.Flags.HasFlag(UserFlags.PublicProfile))`
v5 (#65) Co-authored-by: Kieran <kieran@harkin.me> Reviewed-on: https://git.v0l.io/Kieran/void.cat/pulls/65 2023-05-09 13:56:57 +00:00			`return NotFound();`
Edit profile 2022-02-27 18:15:37 +00:00
Bug fixes 2023-06-09 00:14:32 +00:00			`var isMyProfile = requestedId == user.Id;`
			`return Json(user!.ToApiUser(isMyProfile));`
Edit profile 2022-02-27 18:15:37 +00:00			`}`

Add swagger and docs 2022-03-08 13:47:42 +00:00			`/// <summary>`
			`/// Update profile settings`
			`/// </summary>`
			`///`
			`/// <param name="id">User id</param>`
			`/// <param name="user"></param>`
			`/// <returns></returns>`
Edit profile 2022-02-27 18:15:37 +00:00			`[HttpPost]`
v5 (#65) Co-authored-by: Kieran <kieran@harkin.me> Reviewed-on: https://git.v0l.io/Kieran/void.cat/pulls/65 2023-05-09 13:56:57 +00:00			`public async Task<IActionResult> UpdateUser([FromRoute] string id, [FromBody] ApiUser user)`
Edit profile 2022-02-27 18:15:37 +00:00			`{`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`var loggedUser = await GetAuthorizedUser(id);`
			`if (loggedUser == default) return Unauthorized();`
Edit profile 2022-02-27 18:15:37 +00:00
OAuth2 (Discord) 2022-09-08 09:41:31 +00:00			`if (!loggedUser.Flags.HasFlag(UserFlags.EmailVerified)) return Forbid();`
Load profile on page load 2022-03-04 21:12:01 +00:00
v5 (#65) Co-authored-by: Kieran <kieran@harkin.me> Reviewed-on: https://git.v0l.io/Kieran/void.cat/pulls/65 2023-05-09 13:56:57 +00:00			`loggedUser.Avatar = user.Avatar;`
			`loggedUser.DisplayName = user.Name ?? "void user";`
			`loggedUser.Flags = UserFlags.EmailVerified \| (user.PublicProfile ? UserFlags.PublicProfile : 0) \|`
			`(user.PublicUploads ? UserFlags.PublicUploads : 0);`

			`await _store.UpdateProfile(loggedUser);`

Edit profile 2022-02-27 18:15:37 +00:00			`return Ok();`
Add profiles 2022-02-27 13:54:25 +00:00			`}`
Add user file list 2022-02-27 23:01:57 +00:00
Add swagger and docs 2022-03-08 13:47:42 +00:00			`/// <summary>`
			`/// Return a list of files which the user has uploaded`
			`/// </summary>`
			`/// <remarks>`
			`/// This will return files if the profile has public uploads set on their profile.`
			`/// Otherwise you can return your own uploaded files if you are logged in.`
			`/// </remarks>`
			`/// <param name="id">User id</param>`
			`/// <param name="request">Page request</param>`
			`/// <returns></returns>`
Add user file list 2022-02-27 23:01:57 +00:00			`[HttpPost]`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`[Route("files")]`
			`public async Task<IActionResult> ListUserFiles([FromRoute] string id,`
			`[FromBody] PagedRequest request)`
Add user file list 2022-02-27 23:01:57 +00:00			`{`
			`var loggedUser = HttpContext.GetUserId();`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`var isAdmin = HttpContext.IsRole(Roles.Admin);`

			`var user = await GetRequestedUser(id);`
			`if (user == default) return NotFound();`

			`// not logged in user files, check public flag`
			`var canViewUploads = loggedUser == user.Id \|\| isAdmin;`
			`if (!canViewUploads &&`
OAuth2 (Discord) 2022-09-08 09:41:31 +00:00			`!user.Flags.HasFlag(UserFlags.PublicUploads)) return Forbid();`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00
Add user file list 2022-02-27 23:01:57 +00:00			`var results = await _userUploads.ListFiles(id.FromBase58Guid(), request);`
Decouple user upload store 2022-06-10 20:42:36 +00:00			`var files = await results.Results.ToListAsync();`
v5 (#65) Co-authored-by: Kieran <kieran@harkin.me> Reviewed-on: https://git.v0l.io/Kieran/void.cat/pulls/65 2023-05-09 13:56:57 +00:00			`var fileInfo = await _fileInfoManager.Get(files.ToArray(), false);`
			`return Json(new RenderedResults<VoidFileResponse>()`
Decouple user upload store 2022-06-10 20:42:36 +00:00			`{`
			`PageSize = results.PageSize,`
			`Page = results.Page,`
			`TotalResults = results.TotalResults,`
v5 (#65) Co-authored-by: Kieran <kieran@harkin.me> Reviewed-on: https://git.v0l.io/Kieran/void.cat/pulls/65 2023-05-09 13:56:57 +00:00			`Results = fileInfo.ToList()`
Decouple user upload store 2022-06-10 20:42:36 +00:00			`});`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`}`

Add swagger and docs 2022-03-08 13:47:42 +00:00			`/// <summary>`
			`/// Send a verification code for a specific user`
			`/// </summary>`
			`/// <param name="id">User id to send code for</param>`
			`/// <returns></returns>`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`[HttpGet]`
			`[Route("verify")]`
			`public async Task<IActionResult> SendVerificationCode([FromRoute] string id)`
			`{`
			`var user = await GetAuthorizedUser(id);`
			`if (user == default) return Unauthorized();`

OAuth2 (Discord) 2022-09-08 09:41:31 +00:00			`var isEmailVerified = (user?.Flags.HasFlag(UserFlags.EmailVerified) ?? false);`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`if (isEmailVerified) return UnprocessableEntity();`

			`await _emailVerification.SendNewCode(user!);`
			`return Accepted();`
			`}`

Add swagger and docs 2022-03-08 13:47:42 +00:00			`/// <summary>`
			`/// Confirm email verification code`
			`/// </summary>`
			`/// <param name="id">User id to verify</param>`
Fix email verification code 2023-06-09 00:20:54 +00:00			`/// <param name="req">Verification code to check</param>`
Add swagger and docs 2022-03-08 13:47:42 +00:00			`/// <returns></returns>`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`[HttpPost]`
			`[Route("verify")]`
Fix email verification code 2023-06-09 00:20:54 +00:00			`public async Task<IActionResult> VerifyCode([FromRoute] string id, [FromBody] VerifyCodeRequest req)`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`{`
			`var user = await GetAuthorizedUser(id);`
			`if (user == default) return Unauthorized();`

Fix email verification code 2023-06-09 00:20:54 +00:00			`if (!await _emailVerification.VerifyCode(user, req.Code)) return BadRequest();`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00
OAuth2 (Discord) 2022-09-08 09:41:31 +00:00			`user.Flags \|= UserFlags.EmailVerified;`
v5 (#65) Co-authored-by: Kieran <kieran@harkin.me> Reviewed-on: https://git.v0l.io/Kieran/void.cat/pulls/65 2023-05-09 13:56:57 +00:00			`await _store.UpdateProfile(user);`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`return Accepted();`
			`}`

v5 (#65) Co-authored-by: Kieran <kieran@harkin.me> Reviewed-on: https://git.v0l.io/Kieran/void.cat/pulls/65 2023-05-09 13:56:57 +00:00			`private async Task<User?> GetAuthorizedUser(string id)`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`{`
			`var loggedUser = HttpContext.GetUserId();`
			`var gid = id.FromBase58Guid();`
v5 (#65) Co-authored-by: Kieran <kieran@harkin.me> Reviewed-on: https://git.v0l.io/Kieran/void.cat/pulls/65 2023-05-09 13:56:57 +00:00			`var user = await _store.Get(gid);`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`return user?.Id != loggedUser ? default : user;`
			`}`

v5 (#65) Co-authored-by: Kieran <kieran@harkin.me> Reviewed-on: https://git.v0l.io/Kieran/void.cat/pulls/65 2023-05-09 13:56:57 +00:00			`private async Task<User?> GetRequestedUser(string id)`
Add email verification Standardize button styles 2022-03-02 11:37:15 +00:00			`{`
			`var gid = id.FromBase58Guid();`
v5 (#65) Co-authored-by: Kieran <kieran@harkin.me> Reviewed-on: https://git.v0l.io/Kieran/void.cat/pulls/65 2023-05-09 13:56:57 +00:00			`return await _store.Get(gid);`
Add user file list 2022-02-27 23:01:57 +00:00			`}`
Fix email verification code 2023-06-09 00:20:54 +00:00
			`public class VerifyCodeRequest`
			`{`
			`[JsonProperty("code")]`
			`[JsonConverter(typeof(Base58GuidConverter))]`
			`public Guid Code { get; init; }`
			`}`
Multi-Storage backend support Api Keys support 2022-07-25 17:59:32 +00:00			`}`