gractwo/mnemosyne
4
0
Fork 0
Code Pull Requests Actions Packages Activity

change handle endpoint & why was changepassword a GET?

Browse Source
This commit is contained in:
jakubmanczak
2026-03-01 14:53:54 +01:00
parent b2a80ffa58
commit e60172527c
5 changed files with 48 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/api/mod.rs
View File

@@ -23,7 +23,8 @@ pub fn api_router() -> Router {
.route("/api/users/me", get(users::get_me))
.route("/api/users/{id}", get(users::get_by_id))
.route("/api/users/@{handle}", get(users::get_by_handle))
.route("/api/users/{id}/setpassw", get(users::change_password))
.route("/api/users/{id}/setpassw", post(users::change_password))
.route("/api/users/{id}/sethandle", post(users::change_handle))
.route("/api/sessions/{id}", get(sessions::get_by_id))
.route("/api/sessions/{id}/revoke", post(sessions::revoke_by_id))
.route("/api/tags/{id}", get(tags::get_by_id))

24
src/api/users.rs
View File

@@ -17,7 +17,9 @@ use crate::{
},
};
const CANT_CHANGE_OTHERS_HANDLE: &str = "You don't have permission to change this user's handle.";
const CANT_CHANGE_OTHERS_PASSW: &str = "You don't have permission to change this user's password.";
const HANDLE_CHANGED_SUCCESS: &str = "Handle changed successfully.";
const PASSW_CHANGED_SUCCESS: &str = "Password changed successfully.";
pub async fn get_me(headers: HeaderMap) -> Result<Response, CompositeError> {
@@ -40,6 +42,28 @@ pub async fn get_by_handle(
Ok(Json(User::get_by_handle(handle)?).into_response())
}
#[derive(Deserialize)]
pub struct ChangeHandleForm {
handle: UserHandle,
}
pub async fn change_handle(
Path(id): Path<Uuid>,
headers: HeaderMap,
Json(form): Json<ChangeHandleForm>,
) -> Result<Response, CompositeError> {
let u = User::authenticate(&headers)?.required()?;
let mut target = if u.id == id {
u
} else {
if u.has_permission(Permission::ChangeOthersHandles)? == false {
return Ok((StatusCode::FORBIDDEN, CANT_CHANGE_OTHERS_HANDLE).into_response());
}
User::get_by_id(id)?
};
target.set_handle(form.handle)?;
Ok(HANDLE_CHANGED_SUCCESS.into_response())
}
#[derive(Deserialize)]
pub struct ChangePasswordForm {
password: String,