From 7b1bad5b292e726aa0026344e966141f00071bcc Mon Sep 17 00:00:00 2001 From: boojack Date: Tue, 26 Jul 2022 22:32:26 +0800 Subject: [PATCH] feat: update delete user api --- server/user.go | 75 +++++++++++++---------------------------------- store/memo.go | 5 +++- store/resource.go | 5 +++- store/shortcut.go | 5 +++- store/user.go | 5 +++- 5 files changed, 37 insertions(+), 58 deletions(-) diff --git a/server/user.go b/server/user.go index 2ba64cb8..6e6fb41d 100644 --- a/server/user.go +++ b/server/user.go @@ -104,8 +104,24 @@ func (s *Server) registerUserRoutes(g *echo.Group) { return nil }) - g.PATCH("/user/me", func(c echo.Context) error { - userID := c.Get(getUserIDContextKey()).(int) + g.PATCH("/user/:id", func(c echo.Context) error { + userID, err := strconv.Atoi(c.Param("id")) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("id"))).SetInternal(err) + } + currentUserID := c.Get(getUserIDContextKey()).(int) + currentUser, err := s.Store.FindUser(&api.UserFind{ + ID: ¤tUserID, + }) + if err != nil { + return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err) + } + if currentUser == nil { + return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Current session user not found with ID: %d", currentUserID)).SetInternal(err) + } else if currentUser.Role != api.Host && currentUserID != userID { + return echo.NewHTTPError(http.StatusForbidden, "Access forbidden for current session user").SetInternal(err) + } + userPatch := &api.UserPatch{ ID: userID, } @@ -140,7 +156,7 @@ func (s *Server) registerUserRoutes(g *echo.Group) { return nil }) - g.PATCH("/user/:userId", func(c echo.Context) error { + g.DELETE("/user/:id", func(c echo.Context) error { currentUserID := c.Get(getUserIDContextKey()).(int) currentUser, err := s.Store.FindUser(&api.UserFind{ ID: ¤tUserID, @@ -154,57 +170,9 @@ func (s *Server) registerUserRoutes(g *echo.Group) { return echo.NewHTTPError(http.StatusForbidden, "Access forbidden for current session user").SetInternal(err) } - userID, err := strconv.Atoi(c.Param("userId")) + userID, err := strconv.Atoi(c.Param("id")) if err != nil { - return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("userId"))).SetInternal(err) - } - - userPatch := &api.UserPatch{ - ID: userID, - } - if err := json.NewDecoder(c.Request().Body).Decode(userPatch); err != nil { - return echo.NewHTTPError(http.StatusBadRequest, "Malformatted patch user request").SetInternal(err) - } - - if userPatch.Password != nil && *userPatch.Password != "" { - passwordHash, err := bcrypt.GenerateFromPassword([]byte(*userPatch.Password), bcrypt.DefaultCost) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate password hash").SetInternal(err) - } - - passwordHashStr := string(passwordHash) - userPatch.PasswordHash = &passwordHashStr - } - - user, err := s.Store.PatchUser(userPatch) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to patch user").SetInternal(err) - } - - c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) - if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(user)); err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to encode user response").SetInternal(err) - } - return nil - }) - - g.DELETE("/user/:userId", func(c echo.Context) error { - currentUserID := c.Get(getUserIDContextKey()).(int) - currentUser, err := s.Store.FindUser(&api.UserFind{ - ID: ¤tUserID, - }) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err) - } - if currentUser == nil { - return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Current session user not found with ID: %d", currentUserID)).SetInternal(err) - } else if currentUser.Role != api.Host { - return echo.NewHTTPError(http.StatusForbidden, "Access forbidden for current session user").SetInternal(err) - } - - userID, err := strconv.Atoi(c.Param("userId")) - if err != nil { - return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("userId"))).SetInternal(err) + return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("id"))).SetInternal(err) } userDelete := &api.UserDelete{ @@ -216,5 +184,4 @@ func (s *Server) registerUserRoutes(g *echo.Group) { return c.JSON(http.StatusOK, true) }) - } diff --git a/store/memo.go b/store/memo.go index cf2cde52..ccbc2c11 100644 --- a/store/memo.go +++ b/store/memo.go @@ -284,7 +284,10 @@ func findMemoRawList(db *sql.DB, find *api.MemoFind) ([]*memoRaw, error) { } func deleteMemo(db *sql.DB, delete *api.MemoDelete) error { - result, err := db.Exec(`DELETE FROM memo WHERE id = ?`, delete.ID) + result, err := db.Exec(` + PRAGMA foreign_keys = ON; + DELETE FROM resource WHERE id = ? + `, delete.ID) if err != nil { return FormatError(err) } diff --git a/store/resource.go b/store/resource.go index f22c78d7..d2b24f00 100644 --- a/store/resource.go +++ b/store/resource.go @@ -190,7 +190,10 @@ func findResourceList(db *sql.DB, find *api.ResourceFind) ([]*resourceRaw, error } func deleteResource(db *sql.DB, delete *api.ResourceDelete) error { - result, err := db.Exec(`DELETE FROM resource WHERE id = ?`, delete.ID) + result, err := db.Exec(` + PRAGMA foreign_keys = ON; + DELETE FROM resource WHERE id = ? + `, delete.ID) if err != nil { return FormatError(err) } diff --git a/store/shortcut.go b/store/shortcut.go index ee0ec044..aac77693 100644 --- a/store/shortcut.go +++ b/store/shortcut.go @@ -238,7 +238,10 @@ func findShortcutList(db *sql.DB, find *api.ShortcutFind) ([]*shortcutRaw, error } func deleteShortcut(db *sql.DB, delete *api.ShortcutDelete) error { - result, err := db.Exec(`DELETE FROM shortcut WHERE id = ?`, delete.ID) + result, err := db.Exec(` + PRAGMA foreign_keys = ON; + DELETE FROM shortcut WHERE id = ? + `, delete.ID) if err != nil { return FormatError(err) } diff --git a/store/user.go b/store/user.go index 14a2be13..552bf74c 100644 --- a/store/user.go +++ b/store/user.go @@ -270,7 +270,10 @@ func findUserList(db *sql.DB, find *api.UserFind) ([]*userRaw, error) { } func deleteUser(db *sql.DB, delete *api.UserDelete) error { - result, err := db.Exec(`DELETE FROM user WHERE id = ?`, delete.ID) + result, err := db.Exec(` + PRAGMA foreign_keys = ON; + DELETE FROM user WHERE id = ? + `, delete.ID) if err != nil { return FormatError(err) }