105 lines
3.9 KiB
C#
105 lines
3.9 KiB
C#
using API.Models;
|
|
using API.Persistence.Repositories;
|
|
using API.Persistence.Services;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using System.Text.RegularExpressions;
|
|
|
|
namespace API.Application.Users.Commands
|
|
{
|
|
public class UpdateUser
|
|
{
|
|
private readonly IUserRepository _repository;
|
|
private readonly R2Service _r2Service;
|
|
private readonly string _accessKey;
|
|
private readonly string _secretKey;
|
|
|
|
public UpdateUser(IUserRepository repository, AppConfiguration config)
|
|
{
|
|
_repository = repository;
|
|
_accessKey = config.AccessKey;
|
|
_secretKey = config.SecretKey;
|
|
_r2Service = new R2Service(_accessKey, _secretKey);
|
|
}
|
|
|
|
public async Task<IActionResult> Handle(UpdateUserDTO updateUserDTO)
|
|
{
|
|
User currentUser = await _repository.QueryUserByIdAsync(updateUserDTO.Id);
|
|
|
|
if (updateUserDTO.Username != null || updateUserDTO.Email != null)
|
|
{
|
|
List<User> existingUsers = await _repository.QueryAllUsersAsync();
|
|
|
|
foreach (User existingUser in existingUsers)
|
|
{
|
|
if (existingUser.Username == updateUserDTO.Username && existingUser.Username != currentUser.Username)
|
|
{
|
|
return new ConflictObjectResult(new { message = "Username is already in use." });
|
|
}
|
|
|
|
if (existingUser.Email == updateUserDTO.Email && existingUser.Email != currentUser.Email)
|
|
{
|
|
return new ConflictObjectResult(new { message = "Email is already in use." });
|
|
}
|
|
}
|
|
|
|
if (updateUserDTO.Username != null)
|
|
currentUser.Username = updateUserDTO.Username;
|
|
if (updateUserDTO.Email != null)
|
|
currentUser.Email = updateUserDTO.Email;
|
|
}
|
|
|
|
if (updateUserDTO.Password != null)
|
|
{
|
|
if (IsPasswordSecure(updateUserDTO.Password))
|
|
{
|
|
string hashedPassword = BCrypt.Net.BCrypt.HashPassword(updateUserDTO.Password);
|
|
currentUser.HashedPassword = hashedPassword;
|
|
}
|
|
else
|
|
{
|
|
return new ConflictObjectResult(new { message = "Password is not secure." });
|
|
}
|
|
}
|
|
|
|
|
|
string imageUrl = null;
|
|
if (updateUserDTO.ProfilePicture != null && updateUserDTO.ProfilePicture.Length > 0)
|
|
{
|
|
try
|
|
{
|
|
using (var fileStream = updateUserDTO.ProfilePicture.OpenReadStream())
|
|
{
|
|
imageUrl = await _r2Service.UploadToR2(fileStream, "PP" + updateUserDTO.Id + ".png");
|
|
currentUser.ProfilePicture = imageUrl;
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
return new StatusCodeResult(StatusCodes.Status500InternalServerError);
|
|
}
|
|
}
|
|
|
|
bool success = await _repository.UpdateUserAsync(currentUser);
|
|
if (success)
|
|
return new OkResult();
|
|
else
|
|
return new StatusCodeResult(StatusCodes.Status500InternalServerError);
|
|
|
|
}
|
|
private bool IsPasswordSecure(string password)
|
|
{
|
|
var hasUpperCase = new Regex(@"[A-Z]+");
|
|
var hasLowerCase = new Regex(@"[a-z]+");
|
|
var hasDigits = new Regex(@"[0-9]+");
|
|
var hasSpecialChar = new Regex(@"[\W_]+");
|
|
var hasMinimum8Chars = new Regex(@".{8,}");
|
|
|
|
return hasUpperCase.IsMatch(password)
|
|
&& hasLowerCase.IsMatch(password)
|
|
&& hasDigits.IsMatch(password)
|
|
&& hasSpecialChar.IsMatch(password)
|
|
&& hasMinimum8Chars.IsMatch(password);
|
|
}
|
|
}
|
|
}
|