website/pkg/models/user.go

package models

import (
	"bytes"
	"encoding/json"
	"errors"
	"fmt"
	"strings"
	"time"

	"code.nonshy.com/nonshy/website/pkg/config"
	"code.nonshy.com/nonshy/website/pkg/log"
	"code.nonshy.com/nonshy/website/pkg/utility"
	"golang.org/x/crypto/bcrypt"
	"gorm.io/gorm"
)

// User account table.
type User struct {
	ID             uint64 `gorm:"primaryKey"`
	Username       string `gorm:"uniqueIndex"`
	Email          string `gorm:"uniqueIndex"`
	HashedPassword string
	IsAdmin        bool           `gorm:"index"`
	Status         UserStatus     `gorm:"index"` // active, disabled
	Visibility     UserVisibility `gorm:"index"` // public, private
	Name           *string
	Birthdate      time.Time
	Certified      bool
	Explicit       bool      `gorm:"index"` // user has opted-in to see explicit content
	InnerCircle    bool      `gorm:"index"` // user is in the inner circle
	CreatedAt      time.Time `gorm:"index"`
	UpdatedAt      time.Time `gorm:"index"`
	LastLoginAt    time.Time `gorm:"index"`

	// Relational tables.
	ProfileField   []ProfileField
	ProfilePhotoID *uint64
	ProfilePhoto   Photo         `gorm:"foreignKey:profile_photo_id"`
	AdminGroups    []*AdminGroup `gorm:"many2many:admin_group_users;"`

	// Current user's relationship to this user -- not stored in DB.
	UserRelationship UserRelationship `gorm:"-"`

	// Caches
	cachePhotoTypes map[PhotoVisibility]struct{}
}

type UserVisibility string

const (
	UserVisibilityPublic   UserVisibility = "public"
	UserVisibilityExternal UserVisibility = "external"
	UserVisibilityPrivate  UserVisibility = "private"
)

// All visibility options.
var UserVisibilityOptions = []UserVisibility{
	UserVisibilityPublic,
	UserVisibilityExternal,
	UserVisibilityPrivate,
}

// Preload related tables for the user (classmethod).
func (u *User) Preload() *gorm.DB {
	return DB.Preload("ProfileField").Preload("ProfilePhoto").Preload("AdminGroups.Scopes")
}

// UserStatus options.
type UserStatus string

const (
	UserStatusActive   = "active"
	UserStatusDisabled = "disabled"
	UserStatusBanned   = "banned"
)

// CreateUser. It is assumed username and email are correctly formatted.
func CreateUser(username, email, password string) (*User, error) {
	// Verify username and email are unique.
	if _, err := FindUser(username); err == nil {
		return nil, errors.New("That username already exists. Please try a different username.")
	} else if _, err := FindUser(email); err == nil {
		return nil, errors.New("That email address is already registered.")
	}

	u := &User{
		Username:   username,
		Email:      email,
		Status:     UserStatusActive,
		Visibility: UserVisibilityPublic,
	}

	if err := u.HashPassword(password); err != nil {
		return nil, err
	}

	result := DB.Create(u)
	return u, result.Error
}

// GetUser by ID.
func GetUser(userId uint64) (*User, error) {
	user := &User{}
	result := user.Preload().First(&user, userId)
	return user, result.Error
}

// GetUsers queries for multiple user IDs and returns users in the same order.
func GetUsers(currentUser *User, userIDs []uint64) ([]*User, error) {
	userMap, err := MapUsers(currentUser, userIDs)
	if err != nil {
		return nil, err
	}

	// Re-order them per the original sequence.
	var users = []*User{}
	for _, uid := range userIDs {
		if user, ok := userMap[uid]; ok {
			users = append(users, user)
		}
	}

	return users, nil
}

// FindUser by username or email.
func FindUser(username string) (*User, error) {
	if username == "" {
		return nil, errors.New("username is required")
	}

	u := &User{}
	if strings.ContainsRune(username, '@') {
		result := u.Preload().Where("email = ?", username).Limit(1).First(u)
		return u, result.Error
	}
	result := u.Preload().Where("username = ?", username).Limit(1).First(u)
	return u, result.Error
}

// IsShy returns whether the user might have an "empty" profile from the perspective of anybody.
//
// An empty profile means their profile is Private or else ALL of their photos are non-public; so that
// somebody viewing their page might see nothing at all from them and consider them a "blank" profile.
func (u *User) IsShy() bool {
	// Non-certified users are considered empty.
	if !u.Certified {
		return true
	}

	// Private profile automatically applies.
	if u.Visibility == UserVisibilityPrivate {
		return true
	}

	// If ALL of our photos are non-public, that counts too.
	var photoTypes = u.DistinctPhotoTypes()
	if _, ok := photoTypes[PhotoPublic]; !ok {
		log.Info("IsEmptyProfile: true because visibilities %+v did not include public", photoTypes)
		return true
	}

	return false
}

// IsShyFrom tells whether the user is shy from the perspective of the other user.
//
// That is, depending on our profile visibility and friendship status.
func (u *User) IsShyFrom(other *User) bool {
	// If we are not a private profile, we're shy from nobody.
	if u.Visibility != UserVisibilityPrivate {
		return false
	}

	// Not shy from our friends.
	if AreFriends(u.ID, other.ID) {
		return false
	}

	// Our profile must be private & we are not friended, we are shy.
	return true
}

// UserSearch config.
type UserSearch struct {
	Username      string
	Gender        string
	Orientation   string
	MaritalStatus string
	HereFor       string
	Certified     bool
	InnerCircle   bool
	AgeMin        int
	AgeMax        int
}

// SearchUsers from the perspective of a given user.
func SearchUsers(user *User, search *UserSearch, pager *Pagination) ([]*User, error) {
	if search == nil {
		search = &UserSearch{}
	}

	var (
		users          = []*User{}
		query          *gorm.DB
		joins          string // GPS location join.
		wheres         = []string{}
		placeholders   = []interface{}{}
		blockedUserIDs = BlockedUserIDs(user.ID)
		myLocation     = GetUserLocation(user.ID)
	)

	// Sort by distance? Requires PostgreSQL.
	if pager.Sort == "distance" {
		if !config.Current.Database.IsPostgres {
			return users, errors.New("ordering by distance requires PostgreSQL with the PostGIS extension")
		}

		// If the current user doesn't have their location on file, they can't do this.
		if myLocation.Source == LocationSourceNone || (myLocation.Latitude == 0 && myLocation.Longitude == 0) {
			return users, errors.New("can not order by distance because your location is not known")
		}

		// Only query for users who have locations.
		joins = "JOIN user_locations ON (user_locations.user_id = users.id)"
		wheres = append(wheres,
			"user_locations.latitude IS NOT NULL",
			"user_locations.longitude IS NOT NULL",
			"user_locations.latitude <> 0",
			"user_locations.longitude <> 0",
		)

		pager.Sort = fmt.Sprintf(`ST_Distance(
				ST_MakePoint(user_locations.longitude, user_locations.latitude)::geography,
				ST_MakePoint(%f, %f)::geography)`,
			myLocation.Longitude, myLocation.Latitude,
		)
	}

	if len(blockedUserIDs) > 0 {
		wheres = append(wheres, "id NOT IN ?")
		placeholders = append(placeholders, blockedUserIDs)
	}

	if search.Username != "" {
		ilike := "%" + strings.TrimSpace(strings.ToLower(search.Username)) + "%"
		wheres = append(wheres, "username LIKE ?")
		placeholders = append(placeholders, ilike)
	}

	if search.Gender != "" {
		wheres = append(wheres, `
			EXISTS (
				SELECT 1 FROM profile_fields
				WHERE user_id = users.id AND name = ? AND value = ?
			)
		`)
		placeholders = append(placeholders, "gender", search.Gender)
	}

	if search.Orientation != "" {
		wheres = append(wheres, `
			EXISTS (
				SELECT 1 FROM profile_fields
				WHERE user_id = users.id AND name = ? AND value = ?
			)
		`)
		placeholders = append(placeholders, "orientation", search.Orientation)
	}

	if search.MaritalStatus != "" {
		wheres = append(wheres, `
			EXISTS (
				SELECT 1 FROM profile_fields
				WHERE user_id = users.id AND name = ? AND value = ?
			)
		`)
		placeholders = append(placeholders, "marital_status", search.MaritalStatus)
	}

	if search.HereFor != "" {
		wheres = append(wheres, `
			EXISTS (
				SELECT 1 FROM profile_fields
				WHERE user_id = users.id AND name = ? AND value LIKE ?
			)
		`)
		placeholders = append(placeholders, "here_for", "%"+search.HereFor+"%")
	}

	if search.Certified {
		wheres = append(wheres, "certified = ?", "status = ?")
		placeholders = append(placeholders, search.Certified, UserStatusActive)
	}

	if search.InnerCircle {
		wheres = append(wheres, "inner_circle = ? OR is_admin = ?")
		placeholders = append(placeholders, true, true)
	}

	if search.AgeMin > 0 {
		date := time.Now().AddDate(-search.AgeMin, 0, 0)
		wheres = append(wheres, "birthdate <= ?")
		placeholders = append(placeholders, date)
	}

	if search.AgeMax > 0 {
		date := time.Now().AddDate(-search.AgeMax-1, 0, 0)
		wheres = append(wheres, "birthdate >= ?")
		placeholders = append(placeholders, date)
	}

	query = (&User{}).Preload()
	if joins != "" {
		query = query.Joins(joins)
	}
	query = query.Where(
		strings.Join(wheres, " AND "),
		placeholders...,
	).Order(pager.Sort)
	query.Model(&User{}).Count(&pager.Total)
	result := query.Offset(pager.GetOffset()).Limit(pager.PerPage).Find(&users)

	// Inject relationship booleans.
	SetUserRelationships(user, users)

	return users, result.Error
}

// UserMap helps map a set of users to look up by ID.
type UserMap map[uint64]*User

// MapUsers looks up a set of user IDs in bulk and returns a UserMap suitable for templates.
// Useful to avoid circular reference issues with Photos especially; the Site Gallery queries
// photos of ALL users and MapUsers helps stitch them together for the frontend.
func MapUsers(user *User, userIDs []uint64) (UserMap, error) {
	var (
		usermap  = UserMap{}
		set      = map[uint64]interface{}{}
		distinct = []uint64{}
	)

	// Uniqueify users.
	for _, uid := range userIDs {
		if _, ok := set[uid]; ok {
			continue
		}
		set[uid] = nil
		distinct = append(distinct, uid)
	}

	var (
		users  = []*User{}
		result = (&User{}).Preload().Where("id IN ?", distinct).Find(&users)
	)

	// Inject user relationships.
	if user != nil {
		SetUserRelationships(user, users)
	}

	if result.Error == nil {
		for _, row := range users {
			usermap[row.ID] = row
		}
	}

	return usermap, result.Error
}

// Has a user ID in the map?
func (um UserMap) Has(id uint64) bool {
	_, ok := um[id]
	return ok
}

// Get a user from the UserMap.
func (um UserMap) Get(id uint64) *User {
	if user, ok := um[id]; ok {
		return user
	}
	return nil
}

// MapUsersByUsername looks up a set of users in bulk and returns a UsernameMap suitable for templates.
//
// It is like MapUsers but by username instead of ID.
func MapUsersByUsername(usernames []string) (UsernameMap, error) {
	var (
		usermap  = UsernameMap{}
		set      = map[string]interface{}{}
		distinct = []string{}
	)

	// Uniqueify users.
	for _, uid := range usernames {
		if _, ok := set[uid]; ok {
			continue
		}
		set[uid] = nil
		distinct = append(distinct, uid)
	}

	var (
		users  = []*User{}
		result = (&User{}).Preload().Where("username IN ?", distinct).Find(&users)
	)

	if result.Error == nil {
		for _, row := range users {
			usermap[row.Username] = row
		}
	}

	// Assert we got the expected count.
	if len(usermap) != len(distinct) {
		return usermap, fmt.Errorf("didn't get all expected users (expected %d, got %d)", len(distinct), len(usermap))
	}

	return usermap, result.Error
}

// UsernameMap helps map a set of users to look up by ID.
type UsernameMap map[string]*User

// NameOrUsername returns the name (if not null or empty) or the username.
func (u *User) NameOrUsername() string {
	if u.Name != nil && len(*u.Name) > 0 {
		return *u.Name
	} else {
		return u.Username
	}
}

// HashPassword sets the user's hashed (bcrypt) password.
func (u *User) HashPassword(password string) error {
	passwd, err := bcrypt.GenerateFromPassword([]byte(password), config.BcryptCost)
	if err != nil {
		return err
	}
	u.HashedPassword = string(passwd)
	return nil
}

// CheckPassword verifies the password is correct. Returns nil on success.
func (u *User) CheckPassword(password string) error {
	return bcrypt.CompareHashAndPassword([]byte(u.HashedPassword), []byte(password))
}

// SetProfileField sets or creates a named profile field.
func (u *User) SetProfileField(name, value string) {
	// Check if it exists.
	log.Debug("User(%s).SetProfileField(%s, %s)", u.Username, name, value)
	var exists bool
	for _, field := range u.ProfileField {
		log.Debug("\tCheck existing field %s", field.Name)
		if field.Name == name {
			log.Debug("\tFound existing field!")
			changed := field.Value != value
			field.Value = value
			exists = true

			// Save it now. TODO: otherwise gorm doesn't know we changed
			// it and it won't be inserted when the User is saved. But
			// this is probably not performant to do!
			if changed {
				DB.Save(&field)
			}
			break
		}
	}

	if exists {
		return
	}

	log.Debug("User(%s): append ProfileField %s", u.Username, name)
	u.ProfileField = append(u.ProfileField, ProfileField{
		Name:  name,
		Value: value,
	})
}

// GetProfileField returns the value of a profile field or blank string.
func (u *User) GetProfileField(name string) string {
	for _, field := range u.ProfileField {
		if field.Name == name {
			return field.Value
		}
	}
	return ""
}

// GetDisplayAge returns the user's age dependent on their hide-my-age setting.
func (u *User) GetDisplayAge() string {
	if !u.Birthdate.IsZero() && u.GetProfileField("hide_age") != "true" {
		return fmt.Sprintf("%dyo", utility.Age(u.Birthdate))
	}

	return "n/a"
}

// ProfileFieldIn checks if a substring is IN a profile field. Currently
// does a naive strings.Contains(), intended for the "here_for" field.
func (u *User) ProfileFieldIn(field, substr string) bool {
	value := u.GetProfileField(field)
	return strings.Contains(value, substr)
}

// RemoveProfilePhoto sets profile_photo_id=null to unset the foreign key.
func (u *User) RemoveProfilePhoto() error {
	result := DB.Model(&User{}).Where("id = ?", u.ID).Update("profile_photo_id", nil)
	return result.Error
}

// Save user.
func (u *User) Save() error {
	result := DB.Save(u)
	return result.Error
}

// Delete a user. NOTE: use the models/deletion/DeleteUser() function
// instead of this to do a deep scrub of all related data!
func (u *User) Delete() error {
	return DB.Delete(u).Error
}

// Print user object as pretty JSON.
func (u *User) Print() string {
	var (
		buf bytes.Buffer
		enc = json.NewEncoder(&buf)
	)
	enc.SetIndent("", "    ")
	enc.Encode(u)
	return buf.String()
}