photoview/api/graphql/resolvers/user.go

package resolvers

import (
	"context"

	"github.com/photoview/photoview/api/graphql/auth"
	"github.com/photoview/photoview/api/graphql/models"
	"github.com/pkg/errors"
	"golang.org/x/crypto/bcrypt"
	"gorm.io/gorm"
)

func (r *queryResolver) User(ctx context.Context, filter *models.Filter) ([]*models.User, error) {

	var users []*models.User

	if err := filter.FormatSQL(r.Database.Model(models.User{})).Scan(&users).Error; err != nil {
		return nil, err
	}

	return users, nil
}

func (r *queryResolver) MyUser(ctx context.Context) (*models.User, error) {

	user := auth.UserFromContext(ctx)
	if user == nil {
		return nil, auth.ErrUnauthorized
	}

	return user, nil
}

func (r *mutationResolver) AuthorizeUser(ctx context.Context, username string, password string) (*models.AuthorizeResult, error) {
	user, err := models.AuthorizeUser(r.Database, username, password)
	if err != nil {
		return &models.AuthorizeResult{
			Success: false,
			Status:  err.Error(),
		}, nil
	}

	var token *models.AccessToken

	transactionError := r.Database.Transaction(func(tx *gorm.DB) error {
		token, err = user.GenerateAccessToken(tx)
		if err != nil {
			return err
		}

		return nil
	})

	if transactionError != nil {
		return nil, transactionError
	}

	return &models.AuthorizeResult{
		Success: true,
		Status:  "ok",
		Token:   &token.Value,
	}, nil
}
func (r *mutationResolver) RegisterUser(ctx context.Context, username string, password string, rootPath string) (*models.AuthorizeResult, error) {

	var token *models.AccessToken

	transactionError := r.Database.Transaction(func(tx *gorm.DB) error {
		user, err := models.RegisterUser(tx, username, &password, rootPath, false)
		if err != nil {
			return err
		}

		token, err = user.GenerateAccessToken(tx)
		if err != nil {
			tx.Rollback()
			return err
		}

		return nil
	})

	if transactionError != nil {
		return &models.AuthorizeResult{
			Success: false,
			Status:  transactionError.Error(),
		}, transactionError
	}

	return &models.AuthorizeResult{
		Success: true,
		Status:  "ok",
		Token:   &token.Value,
	}, nil
}

func (r *mutationResolver) InitialSetupWizard(ctx context.Context, username string, password string, rootPath string) (*models.AuthorizeResult, error) {
	siteInfo, err := models.GetSiteInfo(r.Database)
	if err != nil {
		return nil, err
	}

	if !siteInfo.InitialSetup {
		return nil, errors.New("not initial setup")
	}

	var token *models.AccessToken

	transactionError := r.Database.Transaction(func(tx *gorm.DB) error {
		if err := tx.Exec("UPDATE site_info SET initial_setup = false").Error; err != nil {
			return err
		}

		user, err := models.RegisterUser(tx, username, &password, rootPath, true)
		if err != nil {
			return err
		}

		token, err = user.GenerateAccessToken(tx)
		if err != nil {
			return err
		}

		return nil
	})

	if transactionError != nil {
		return &models.AuthorizeResult{
			Success: false,
			Status:  err.Error(),
		}, nil
	}

	return &models.AuthorizeResult{
		Success: true,
		Status:  "ok",
		Token:   &token.Value,
	}, nil
}

// Admin queries
func (r *mutationResolver) UpdateUser(ctx context.Context, id int, username *string, rootPath *string, password *string, admin *bool) (*models.User, error) {

	if username == nil && rootPath == nil && password == nil && admin == nil {
		return nil, errors.New("no updates requested")
	}

	var user models.User
	if err := r.Database.First(&user, id).Error; err != nil {
		return nil, err
	}

	if username != nil {
		user.Username = *username
	}

	if rootPath != nil {
		user.RootPath = *rootPath
	}

	if password != nil {
		hashedPassBytes, err := bcrypt.GenerateFromPassword([]byte(*password), 12)
		if err != nil {
			return nil, err
		}
		hashedPass := string(hashedPassBytes)

		user.Password = &hashedPass
	}

	if admin != nil {
		user.Admin = *admin
	}

	if err := r.Database.Save(&user).Error; err != nil {
		return nil, errors.Wrap(err, "failed to update user")
	}

	return &user, nil
}

func (r *mutationResolver) CreateUser(ctx context.Context, username string, rootPath string, password *string, admin bool) (*models.User, error) {

	var user *models.User

	transactionError := r.Database.Transaction(func(tx *gorm.DB) error {
		var err error
		user, err = models.RegisterUser(tx, username, password, rootPath, admin)
		if err != nil {
			return err
		}

		return nil
	})

	if transactionError != nil {
		return nil, transactionError
	}

	return user, nil
}

func (r *mutationResolver) DeleteUser(ctx context.Context, id int) (*models.User, error) {

	var user models.User

	if err := r.Database.First(&user, id).Error; err != nil {
		return nil, err
	}

	if err := r.Database.Delete(&user).Error; err != nil {
		return nil, err
	}

	return &user, nil
}
Work on photo resolver 2020-02-05 14:51:46 +01:00			`package resolvers`
Add user signup 2020-01-31 17:36:48 +01:00
			`import (`
			`"context"`

Update gomod to reflect repo transfer 2020-12-17 22:51:43 +01:00			`"github.com/photoview/photoview/api/graphql/auth"`
			`"github.com/photoview/photoview/api/graphql/models"`
Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`"github.com/pkg/errors"`
Add change password support 2020-02-22 14:05:33 +01:00			`"golang.org/x/crypto/bcrypt"`
Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`"gorm.io/gorm"`
Add user signup 2020-01-31 17:36:48 +01:00			`)`

Work on settings page 2020-02-15 22:13:02 +01:00			`func (r queryResolver) User(ctx context.Context, filter models.Filter) ([]*models.User, error) {`
Work on photo resolver 2020-02-05 14:51:46 +01:00
Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`var users []*models.User`
Migrate FormatSQL 2020-12-17 21:32:13 +01:00
Fix periodic scanner and small bug related to user resolver 2020-12-17 23:21:51 +01:00			`if err := filter.FormatSQL(r.Database.Model(models.User{})).Scan(&users).Error; err != nil {`
Work on photo resolver 2020-02-05 14:51:46 +01:00			`return nil, err`
			`}`

			`return users, nil`
			`}`

Implement authorization 2020-01-31 23:30:34 +01:00			`func (r queryResolver) MyUser(ctx context.Context) (models.User, error) {`

			`user := auth.UserFromContext(ctx)`
			`if user == nil {`
			`return nil, auth.ErrUnauthorized`
			`}`

			`return user, nil`
			`}`

Refactor gqlgen 2020-02-01 00:08:23 +01:00			`func (r mutationResolver) AuthorizeUser(ctx context.Context, username string, password string) (models.AuthorizeResult, error) {`
Add user signup 2020-01-31 17:36:48 +01:00			`user, err := models.AuthorizeUser(r.Database, username, password)`
			`if err != nil {`
Refactor gqlgen 2020-02-01 00:08:23 +01:00			`return &models.AuthorizeResult{`
Add user signup 2020-01-31 17:36:48 +01:00			`Success: false,`
			`Status: err.Error(),`
			`}, nil`
			`}`

Implement authorization 2020-01-31 23:30:34 +01:00			`var token *models.AccessToken`

Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`transactionError := r.Database.Transaction(func(tx *gorm.DB) error {`
			`token, err = user.GenerateAccessToken(tx)`
			`if err != nil {`
			`return err`
			`}`
Add user signup 2020-01-31 17:36:48 +01:00
Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`return nil`
			`})`

			`if transactionError != nil {`
			`return nil, transactionError`
			`}`
Set max sql connections + improve user register 2020-02-14 14:29:41 +01:00
Refactor gqlgen 2020-02-01 00:08:23 +01:00			`return &models.AuthorizeResult{`
Add user signup 2020-01-31 17:36:48 +01:00			`Success: true,`
			`Status: "ok",`
Implement access token 2020-01-31 18:51:24 +01:00			`Token: &token.Value,`
Add user signup 2020-01-31 17:36:48 +01:00			`}, nil`
			`}`
Refactor gqlgen 2020-02-01 00:08:23 +01:00			`func (r mutationResolver) RegisterUser(ctx context.Context, username string, password string, rootPath string) (models.AuthorizeResult, error) {`
Set max sql connections + improve user register 2020-02-14 14:29:41 +01:00
Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`var token *models.AccessToken`
Add user signup 2020-01-31 17:36:48 +01:00
Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`transactionError := r.Database.Transaction(func(tx *gorm.DB) error {`
			`user, err := models.RegisterUser(tx, username, &password, rootPath, false)`
			`if err != nil {`
			`return err`
			`}`
Set max sql connections + improve user register 2020-02-14 14:29:41 +01:00
Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`token, err = user.GenerateAccessToken(tx)`
			`if err != nil {`
			`tx.Rollback()`
			`return err`
			`}`

			`return nil`
			`})`

			`if transactionError != nil {`
			`return &models.AuthorizeResult{`
			`Success: false,`
			`Status: transactionError.Error(),`
			`}, transactionError`
Implement access token 2020-01-31 18:51:24 +01:00			`}`
Add user signup 2020-01-31 17:36:48 +01:00
Refactor gqlgen 2020-02-01 00:08:23 +01:00			`return &models.AuthorizeResult{`
Add user signup 2020-01-31 17:36:48 +01:00			`Success: true,`
			`Status: "ok",`
Implement access token 2020-01-31 18:51:24 +01:00			`Token: &token.Value,`
Add user signup 2020-01-31 17:36:48 +01:00			`}, nil`
			`}`
Setup initial setup wizard 2020-02-05 16:49:51 +01:00
			`func (r mutationResolver) InitialSetupWizard(ctx context.Context, username string, password string, rootPath string) (models.AuthorizeResult, error) {`
			`siteInfo, err := models.GetSiteInfo(r.Database)`
			`if err != nil {`
			`return nil, err`
			`}`

Set max sql connections + improve user register 2020-02-14 14:29:41 +01:00			`if !siteInfo.InitialSetup {`
			`return nil, errors.New("not initial setup")`
			`}`

Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`var token *models.AccessToken`
Setup initial setup wizard 2020-02-05 16:49:51 +01:00
Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`transactionError := r.Database.Transaction(func(tx *gorm.DB) error {`
			`if err := tx.Exec("UPDATE site_info SET initial_setup = false").Error; err != nil {`
			`return err`
			`}`
Set max sql connections + improve user register 2020-02-14 14:29:41 +01:00
Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`user, err := models.RegisterUser(tx, username, &password, rootPath, true)`
			`if err != nil {`
			`return err`
			`}`

			`token, err = user.GenerateAccessToken(tx)`
			`if err != nil {`
			`return err`
			`}`

			`return nil`
			`})`

			`if transactionError != nil {`
Set max sql connections + improve user register 2020-02-14 14:29:41 +01:00			`return &models.AuthorizeResult{`
			`Success: false,`
			`Status: err.Error(),`
			`}, nil`
Setup initial setup wizard 2020-02-05 16:49:51 +01:00			`}`

Set max sql connections + improve user register 2020-02-14 14:29:41 +01:00			`return &models.AuthorizeResult{`
			`Success: true,`
			`Status: "ok",`
			`Token: &token.Value,`
			`}, nil`
Setup initial setup wizard 2020-02-05 16:49:51 +01:00			`}`
Add user management to api 2020-02-16 12:22:00 +01:00
			`// Admin queries`
Add change password support 2020-02-22 14:05:33 +01:00			`func (r mutationResolver) UpdateUser(ctx context.Context, id int, username string, rootPath string, password string, admin bool) (models.User, error) {`
Add user management to api 2020-02-16 12:22:00 +01:00
Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`if username == nil && rootPath == nil && password == nil && admin == nil {`
			`return nil, errors.New("no updates requested")`
Add user management to api 2020-02-16 12:22:00 +01:00			`}`

Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`var user models.User`
			`if err := r.Database.First(&user, id).Error; err != nil {`
			`return nil, err`
			`}`
Add user management to api 2020-02-16 12:22:00 +01:00
			`if username != nil {`
Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`user.Username = *username`
Add user management to api 2020-02-16 12:22:00 +01:00			`}`

Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`if rootPath != nil {`
			`user.RootPath = *rootPath`
Add user management to api 2020-02-16 12:22:00 +01:00			`}`
Replace database, mostly user related 2020-11-28 17:31:19 +01:00
Add change password support 2020-02-22 14:05:33 +01:00			`if password != nil {`
			`hashedPassBytes, err := bcrypt.GenerateFromPassword([]byte(*password), 12)`
			`if err != nil {`
			`return nil, err`
			`}`
			`hashedPass := string(hashedPassBytes)`

Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`user.Password = &hashedPass`
Add change password support 2020-02-22 14:05:33 +01:00			`}`
Add user management to api 2020-02-16 12:22:00 +01:00
Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`if admin != nil {`
			`user.Admin = *admin`
Add user management to api 2020-02-16 12:22:00 +01:00			`}`

Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`if err := r.Database.Save(&user).Error; err != nil {`
			`return nil, errors.Wrap(err, "failed to update user")`
Add user management to api 2020-02-16 12:22:00 +01:00			`}`

Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`return &user, nil`
Add user management to api 2020-02-16 12:22:00 +01:00			`}`

			`func (r mutationResolver) CreateUser(ctx context.Context, username string, rootPath string, password string, admin bool) (*models.User, error) {`

Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`var user *models.User`
Add user management to api 2020-02-16 12:22:00 +01:00
Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`transactionError := r.Database.Transaction(func(tx *gorm.DB) error {`
			`var err error`
			`user, err = models.RegisterUser(tx, username, password, rootPath, admin)`
			`if err != nil {`
			`return err`
			`}`

			`return nil`
			`})`

			`if transactionError != nil {`
			`return nil, transactionError`
Add user management to api 2020-02-16 12:22:00 +01:00			`}`

			`return user, nil`
			`}`

			`func (r mutationResolver) DeleteUser(ctx context.Context, id int) (models.User, error) {`

Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`var user models.User`
Add user management to api 2020-02-16 12:22:00 +01:00
Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`if err := r.Database.First(&user, id).Error; err != nil {`
Add user management to api 2020-02-16 12:22:00 +01:00			`return nil, err`
			`}`

Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`if err := r.Database.Delete(&user).Error; err != nil {`
Add user management to api 2020-02-16 12:22:00 +01:00			`return nil, err`
			`}`

Replace database, mostly user related 2020-11-28 17:31:19 +01:00			`return &user, nil`
Add user management to api 2020-02-16 12:22:00 +01:00			`}`