functionally completed user editing

backend/pkg/router/user.go

@@ -5,6 +5,25 @@ import (
 	"github.com/johannesbuehl/golunteer/backend/pkg/db/users"
 )
 
+func getUsers(args HandlerArgs) responseMessage {
+	response := responseMessage{}
+
+	// check admin
+	if !args.User.Admin {
+		response.Status = fiber.StatusForbidden
+
+		logger.Log().Msgf("user is no admin")
+	} else if users, err := users.Get(); err != nil {
+		response.Status = fiber.StatusInternalServerError
+
+		logger.Error().Msgf("can't get users: %v", err)
+	} else {
+		response.Data = users
+	}
+
+	return response
+}
+
 func postUser(args HandlerArgs) responseMessage {
 	response := responseMessage{}
 
@@ -63,12 +82,108 @@ func patchPassword(args HandlerArgs) responseMessage {
 
 			// if something failed, remove the current session-cookie
 		}); err != nil {
-			removeSessionCookie(args.C)
+			args.removeSessionCookie()
 
 			// set the new session-cookie
 		} else {
 			// update the token in the session-cookie
-			setSessionCookie(args.C, &jwt)
+			args.setSessionCookie(&jwt)
+		}
+	}
+
+	return response
+}
+
+func patchUser(args HandlerArgs) responseMessage {
+	response := responseMessage{}
+	// check admin
+	if !args.User.Admin {
+		response.Status = fiber.StatusForbidden
+
+		logger.Log().Msgf("user is no admin")
+	} else {
+		// parse the body
+		var body struct {
+			users.UserAdd
+			NewName string `json:"newName"`
+		}
+
+		if err := args.C.BodyParser(&body); err != nil {
+			response.Status = fiber.StatusBadRequest
+
+			logger.Log().Msgf("can't parse body: %v", err)
+
+			// prevent to demoting self from admin
+		} else if !body.Admin && body.UserName == args.User.UserName {
+			response.Status = fiber.StatusBadRequest
+
+			logger.Warn().Msgf("can't demote self from admin")
+		} else {
+			// check for an empty user-name
+			if len(body.UserName) == 0 {
+				response.Status = fiber.StatusBadRequest
+
+				logger.Warn().Msgf("username is empty")
+
+				// if the password has length 0 assume the password shouldn't be changed
+			} else {
+				if len(body.Password) > 0 {
+					// create a password-change-struct and validate it. use the old user-name, since the new isn't stored yet
+					usePasswordChange := users.UserChangePassword{
+						UserName: body.UserName,
+						Password: body.Password,
+					}
+
+					if _, err = users.ChangePassword(usePasswordChange); err != nil {
+						response.Status = fiber.StatusInternalServerError
+
+						logger.Error().Msgf("can't change password: %v", err)
+
+						return response
+					}
+				}
+
+				// only change the name, if it differs
+				if body.NewName != body.UserName {
+					if err := users.ChangeName(body.UserName, body.NewName); err != nil {
+						response.Status = fiber.StatusInternalServerError
+
+						logger.Error().Msgf("can't change user-name: %v", err)
+
+						return response
+					}
+				}
+
+				// set the admin-status
+				if err := users.SetAdmin(body.NewName, body.Admin); err != nil {
+					response.Status = fiber.StatusInternalServerError
+
+					logger.Error().Msgf("updating admin-status failed: %v", err)
+				} else {
+					// if we modified ourself, update the session-cookie
+					if body.UserName == args.User.UserName {
+						// get the tokenID
+						if tokenID, err := users.TokenID(body.NewName); err != nil {
+							response.Status = fiber.StatusInternalServerError
+
+							logger.Error().Msgf("can't get tokenID: %v", err)
+
+						} else if jwt, err := config.SignJWT(JWTPayload{
+							UserName: body.NewName,
+							TokenID:  tokenID,
+						}); err != nil {
+							response.Status = fiber.StatusInternalServerError
+
+							logger.Error().Msgf("JWT-signing failed: %v", err)
+
+							// remove the session-cookie
+							args.removeSessionCookie()
+						} else {
+							args.setSessionCookie(&jwt)
+						}
+					}
+				}
+			}
 		}
 	}