Skip to main content

shared/models/
user_password_reset.rs

1use crate::prelude::*;
2use rand::distr::SampleString;
3use serde::{Deserialize, Serialize};
4use sqlx::{Row, postgres::PgRow};
5use std::{collections::BTreeMap, sync::LazyLock};
6
7#[derive(Serialize, Deserialize)]
8pub struct UserPasswordReset {
9    pub uuid: uuid::Uuid,
10    pub user: super::user::User,
11
12    pub token: String,
13
14    pub created: chrono::NaiveDateTime,
15
16    extension_data: super::ModelExtensionData,
17}
18
19impl BaseModel for UserPasswordReset {
20    const NAME: &'static str = "user_password_reset";
21
22    fn get_extension_list() -> &'static super::ModelExtensionList {
23        static EXTENSIONS: LazyLock<super::ModelExtensionList> =
24            LazyLock::new(|| parking_lot::RwLock::new(Vec::new()));
25
26        &EXTENSIONS
27    }
28
29    fn get_extension_data(&self) -> &super::ModelExtensionData {
30        &self.extension_data
31    }
32
33    #[inline]
34    fn base_columns(prefix: Option<&str>) -> BTreeMap<&'static str, compact_str::CompactString> {
35        let prefix = prefix.unwrap_or_default();
36
37        let mut columns = BTreeMap::from([
38            (
39                "user_password_resets.uuid",
40                compact_str::format_compact!("{prefix}uuid"),
41            ),
42            (
43                "user_password_resets.token",
44                compact_str::format_compact!("{prefix}token"),
45            ),
46            (
47                "user_password_resets.created",
48                compact_str::format_compact!("{prefix}created"),
49            ),
50        ]);
51
52        columns.extend(super::user::User::base_columns(Some("user_")));
53
54        columns
55    }
56
57    #[inline]
58    fn map(prefix: Option<&str>, row: &PgRow) -> Result<Self, crate::database::DatabaseError> {
59        let prefix = prefix.unwrap_or_default();
60
61        Ok(Self {
62            uuid: row.try_get(compact_str::format_compact!("{prefix}uuid").as_str())?,
63            user: super::user::User::map(Some("user_"), row)?,
64            token: row.try_get(compact_str::format_compact!("{prefix}token").as_str())?,
65            created: row.try_get(compact_str::format_compact!("{prefix}created").as_str())?,
66            extension_data: Self::map_extensions(prefix, row)?,
67        })
68    }
69}
70
71impl UserPasswordReset {
72    pub async fn create(
73        database: &crate::database::Database,
74        user_uuid: uuid::Uuid,
75    ) -> Result<String, anyhow::Error> {
76        let existing = sqlx::query(
77            r#"
78            SELECT COUNT(*)
79            FROM user_password_resets
80            WHERE user_password_resets.user_uuid = $1 AND user_password_resets.created > NOW() - INTERVAL '20 minutes'
81            "#,
82        )
83        .bind(user_uuid)
84        .fetch_optional(database.read())
85        .await?;
86
87        if let Some(row) = existing
88            && row.get::<i64, _>(0) > 0
89        {
90            return Err(anyhow::anyhow!(
91                "a password reset was already requested recently"
92            ));
93        }
94
95        let token = rand::distr::Alphanumeric.sample_string(&mut rand::rng(), 96);
96
97        sqlx::query(
98            r#"
99            INSERT INTO user_password_resets (user_uuid, token, created)
100            VALUES ($1, crypt($2, gen_salt('bf', 12)), NOW())
101            "#,
102        )
103        .bind(user_uuid)
104        .bind(&token)
105        .execute(database.write())
106        .await?;
107
108        Ok(token)
109    }
110
111    pub async fn create_with_transaction(
112        transaction: &mut sqlx::Transaction<'_, sqlx::Postgres>,
113        user_uuid: uuid::Uuid,
114    ) -> Result<String, anyhow::Error> {
115        let existing = sqlx::query(
116            r#"
117            SELECT COUNT(*)
118            FROM user_password_resets
119            WHERE user_password_resets.user_uuid = $1 AND user_password_resets.created > NOW() - INTERVAL '20 minutes'
120            "#,
121        )
122        .bind(user_uuid)
123        .fetch_optional(&mut **transaction)
124        .await?;
125
126        if let Some(row) = existing
127            && row.get::<i64, _>(0) > 0
128        {
129            return Err(anyhow::anyhow!(
130                "a password reset was already requested recently"
131            ));
132        }
133
134        let token = rand::distr::Alphanumeric.sample_string(&mut rand::rng(), 96);
135
136        sqlx::query(
137            r#"
138            INSERT INTO user_password_resets (user_uuid, token, created)
139            VALUES ($1, crypt($2, gen_salt('bf', 12)), NOW())
140            "#,
141        )
142        .bind(user_uuid)
143        .bind(&token)
144        .execute(&mut **transaction)
145        .await?;
146
147        Ok(token)
148    }
149
150    pub async fn delete_by_token(
151        database: &crate::database::Database,
152        token: &str,
153    ) -> Result<Option<Self>, crate::database::DatabaseError> {
154        let row = sqlx::query(sqlx::AssertSqlSafe(format!(
155            r#"
156            SELECT {}, {} FROM user_password_resets
157            JOIN users ON users.uuid = user_password_resets.user_uuid
158            LEFT JOIN roles ON roles.uuid = users.role_uuid
159            WHERE
160                user_password_resets.token = crypt($1, user_password_resets.token)
161                AND user_password_resets.created > NOW() - INTERVAL '20 minutes'
162            "#,
163            Self::columns_sql(None),
164            super::user::User::columns_sql(Some("user_"))
165        )))
166        .bind(token)
167        .fetch_optional(database.read())
168        .await?;
169
170        let row = match row {
171            Some(row) => row,
172            None => return Ok(None),
173        };
174
175        sqlx::query(
176            r#"
177            DELETE FROM user_password_resets
178            WHERE user_password_resets.uuid = $1
179            "#,
180        )
181        .bind(row.get::<uuid::Uuid, _>("uuid"))
182        .execute(database.write())
183        .await?;
184
185        Ok(Some(Self::map(None, &row)?))
186    }
187}