GDPR export route (#969)

* GDPR export route * make users able to access
modrinth · Sep 27, 2024 · 28b6bf8 · 28b6bf8
1 parent f7d1cd2
commit 28b6bf8
Show file tree

Hide file tree

Showing 20 changed files with 417 additions and 163 deletions.
diff --git a/.sqlx/query-505543e3e6aa69a9b9d4ee50938a305e86949fefc8ba11f4b10992fa507d136c.json b/.sqlx/query-505543e3e6aa69a9b9d4ee50938a305e86949fefc8ba11f4b10992fa507d136c.json
diff --git a/.sqlx/query-5a13a79ebb1ab975f88b58e6deaba9685fe16e242c0fa4a5eea54f12f9448e6b.json b/.sqlx/query-5a13a79ebb1ab975f88b58e6deaba9685fe16e242c0fa4a5eea54f12f9448e6b.json
diff --git a/.sqlx/query-683e08f3b71aca0d004ebf83a9e6b7b0b30291d595e5ae9f7e0fd38d347c3f74.json b/.sqlx/query-683e08f3b71aca0d004ebf83a9e6b7b0b30291d595e5ae9f7e0fd38d347c3f74.json
diff --git a/.sqlx/query-8a67a27f45a743f8679ec6021ef125c242cb339db8914afcc3e2c90b0c307053.json b/.sqlx/query-8a67a27f45a743f8679ec6021ef125c242cb339db8914afcc3e2c90b0c307053.json
diff --git a/.sqlx/query-902d0803deb5eca7614f3a68ccae6c3b401fcaa0bcc304b9caf18afc20a3e52b.json b/.sqlx/query-902d0803deb5eca7614f3a68ccae6c3b401fcaa0bcc304b9caf18afc20a3e52b.json
diff --git a/.sqlx/query-b3475fbc7a4d8b353964e6c5f7d32c45947cfdc88be25ab04dff16eb289dcbcb.json b/.sqlx/query-b3475fbc7a4d8b353964e6c5f7d32c45947cfdc88be25ab04dff16eb289dcbcb.json
diff --git a/.sqlx/query-c3391aed338110205a170ba3032e54be0f2b753b5550d87d7b5ba3e17a57a202.json b/.sqlx/query-c3391aed338110205a170ba3032e54be0f2b753b5550d87d7b5ba3e17a57a202.json
diff --git a/.sqlx/query-f96967f8d0d7e4c7a9d424e075fe70b2a89efe74bde1db9730ac478749dc1b66.json b/.sqlx/query-f96967f8d0d7e4c7a9d424e075fe70b2a89efe74bde1db9730ac478749dc1b66.json
diff --git a/src/auth/validate.rs b/src/auth/validate.rs
@@ -3,13 +3,12 @@ use crate::auth::AuthenticationError;
 use crate::database::models::user_item;
 use crate::database::redis::RedisPool;
 use crate::models::pats::Scopes;
-use crate::models::users::{Role, User, UserId, UserPayoutData};
+use crate::models::users::User;
 use crate::queue::session::AuthQueue;
 use crate::routes::internal::session::get_session_metadata;
 use actix_web::http::header::{HeaderValue, AUTHORIZATION};
 use actix_web::HttpRequest;
 use chrono::Utc;
-use rust_decimal::Decimal;
 
 pub async fn get_user_from_headers<'a, E>(
     req: &HttpRequest,
@@ -26,51 +25,8 @@ where
         get_user_record_from_bearer_token(req, None, executor, redis, session_queue)
             .await?
             .ok_or_else(|| AuthenticationError::InvalidCredentials)?;
-    let mut auth_providers = Vec::new();
-    if db_user.github_id.is_some() {
-        auth_providers.push(AuthProvider::GitHub)
-    }
-    if db_user.gitlab_id.is_some() {
-        auth_providers.push(AuthProvider::GitLab)
-    }
-    if db_user.discord_id.is_some() {
-        auth_providers.push(AuthProvider::Discord)
-    }
-    if db_user.google_id.is_some() {
-        auth_providers.push(AuthProvider::Google)
-    }
-    if db_user.microsoft_id.is_some() {
-        auth_providers.push(AuthProvider::Microsoft)
-    }
-    if db_user.steam_id.is_some() {
-        auth_providers.push(AuthProvider::Steam)
-    }
-    if db_user.paypal_id.is_some() {
-        auth_providers.push(AuthProvider::PayPal)
-    }
 
-    let user = User {
-        id: UserId::from(db_user.id),
-        username: db_user.username,
-        email: db_user.email,
-        email_verified: Some(db_user.email_verified),
-        avatar_url: db_user.avatar_url,
-        bio: db_user.bio,
-        created: db_user.created,
-        role: Role::from_string(&db_user.role),
-        badges: db_user.badges,
-        auth_providers: Some(auth_providers),
-        has_password: Some(db_user.password.is_some()),
-        has_totp: Some(db_user.totp_secret.is_some()),
-        github_id: None,
-        payout_data: Some(UserPayoutData {
-            paypal_address: db_user.paypal_email,
-            paypal_country: db_user.paypal_country,
-            venmo_handle: db_user.venmo_handle,
-            balance: Decimal::ZERO,
-        }),
-        stripe_customer_id: db_user.stripe_customer_id,
-    };
+    let user = User::from_full(db_user);
 
     if let Some(required_scopes) = required_scopes {
         for scope in required_scopes {

diff --git a/src/database/models/project_item.rs b/src/database/models/project_item.rs
@@ -355,31 +355,12 @@ impl Project {
             .execute(&mut **transaction)
             .await?;
 
-            // Notably joins with report id and not thread.mod_id directly, as
-            // this is set to null for threads that are reports.
-            let report_threads = sqlx::query!(
-                "
-                SELECT t.id
-                FROM threads t
-                INNER JOIN reports r ON t.report_id = r.id
-                WHERE r.mod_id = $1 AND report_id IS NOT NULL 
-                ",
-                id as ProjectId,
-            )
-            .fetch(&mut **transaction)
-            .map_ok(|x| ThreadId(x.id))
-            .try_collect::<Vec<_>>()
-            .await?;
-
-            for thread_id in report_threads {
-                models::Thread::remove_full(thread_id, transaction).await?;
-            }
-
             models::Thread::remove_full(project.thread_id, transaction).await?;
 
             sqlx::query!(
                 "
-                DELETE FROM reports
+                UPDATE reports
+                SET mod_id = NULL
                 WHERE mod_id = $1
                 ",
                 id as ProjectId,

diff --git a/src/database/models/user_item.rs b/src/database/models/user_item.rs
@@ -1,5 +1,5 @@
 use super::ids::{ProjectId, UserId};
-use super::{CollectionId, ThreadId};
+use super::{CollectionId, ReportId, ThreadId};
 use crate::database::models;
 use crate::database::models::{DatabaseError, OrganizationId};
 use crate::database::redis::RedisPool;
@@ -323,6 +323,48 @@ impl User {
         Ok(projects)
     }
 
+    pub async fn get_follows<'a, E>(user_id: UserId, exec: E) -> Result<Vec<ProjectId>, sqlx::Error>
+    where
+        E: sqlx::Executor<'a, Database = sqlx::Postgres> + Copy,
+    {
+        use futures::stream::TryStreamExt;
+
+        let projects = sqlx::query!(
+            "
+            SELECT mf.mod_id FROM mod_follows mf
+            WHERE mf.follower_id = $1
+            ",
+            user_id as UserId,
+        )
+        .fetch(exec)
+        .map_ok(|m| ProjectId(m.mod_id))
+        .try_collect::<Vec<ProjectId>>()
+        .await?;
+
+        Ok(projects)
+    }
+
+    pub async fn get_reports<'a, E>(user_id: UserId, exec: E) -> Result<Vec<ReportId>, sqlx::Error>
+    where
+        E: sqlx::Executor<'a, Database = sqlx::Postgres> + Copy,
+    {
+        use futures::stream::TryStreamExt;
+
+        let reports = sqlx::query!(
+            "
+            SELECT r.id FROM reports r
+            WHERE r.user_id = $1
+            ",
+            user_id as UserId,
+        )
+        .fetch(exec)
+        .map_ok(|m| ReportId(m.id))
+        .try_collect::<Vec<ReportId>>()
+        .await?;
+
+        Ok(reports)
+    }
+
     pub async fn get_backup_codes<'a, E>(
         user_id: UserId,
         exec: E,

diff --git a/src/database/models/version_item.rs b/src/database/models/version_item.rs
@@ -335,7 +335,8 @@ impl Version {
 
         sqlx::query!(
             "
-            DELETE FROM reports
+            UPDATE reports
+            SET version_id = NULL
             WHERE version_id = $1
             ",
             id as VersionId,

diff --git a/src/models/v3/billing.rs b/src/models/v3/billing.rs
@@ -88,6 +88,23 @@ pub struct UserSubscription {
     pub last_charge: Option<DateTime<Utc>>,
 }
 
+impl From<crate::database::models::user_subscription_item::UserSubscriptionItem>
+    for UserSubscription
+{
+    fn from(x: crate::database::models::user_subscription_item::UserSubscriptionItem) -> Self {
+        Self {
+            id: x.id.into(),
+            user_id: x.user_id.into(),
+            price_id: x.price_id.into(),
+            interval: x.interval,
+            status: x.status,
+            created: x.created,
+            expires: x.expires,
+            last_charge: x.last_charge,
+        }
+    }
+}
+
 #[derive(Serialize, Deserialize, Eq, PartialEq)]
 #[serde(rename_all = "kebab-case")]
 pub enum SubscriptionStatus {

diff --git a/src/models/v3/threads.rs b/src/models/v3/threads.rs
@@ -113,19 +113,25 @@ impl Thread {
                         true
                     }
                 })
-                .map(|x| ThreadMessage {
-                    id: x.id.into(),
-                    author_id: if x.hide_identity && !user.role.is_mod() {
-                        None
-                    } else {
-                        x.author_id.map(|x| x.into())
-                    },
-                    body: x.body,
-                    created: x.created,
-                    hide_identity: x.hide_identity,
-                })
+                .map(|x| ThreadMessage::from(x, user))
                 .collect(),
             members: users,
         }
     }
 }
+
+impl ThreadMessage {
+    pub fn from(data: crate::database::models::ThreadMessage, user: &User) -> Self {
+        Self {
+            id: data.id.into(),
+            author_id: if data.hide_identity && !user.role.is_mod() {
+                None
+            } else {
+                data.author_id.map(|x| x.into())
+            },
+            body: data.body,
+            created: data.created,
+            hide_identity: data.hide_identity,
+        }
+    }
+}