Various changes (#919)

* feat(config): deprecate a config param

* refactor(config): order of struct declarations

* feat(config): new env variable for anilist language

* feat(backend): request romji titles

* fix(backend): send romaji stuff to backend

* fix(backend): use referenced variables

* feat(backend): respect the language title

* fix(frontend): allow deleting users

* fix(frontend): change default message shown

* chore(backend): remove admin user registration

* feat(backend,frontend): admin only action guard

* feat(config): config param for admin access

* refactor(backend): save into variable

* feat(backend): new schema for registering users

* feat(backend): respect new input param

* fix(frontend): adapt to new gql schema

* feat(frontend): allow creating user even if registration disabled

* feat(backend): allow editing other user accounts

* fix(frontend): adapt to new gql schema

* feat(backend): allow changing `lot` of user

* feat(database): migration to allow disabling users

* feat(frontend,backend): do not allow disabled accounts to login

* feat(backend): allow disabling users

* feat(frontend): add btn to edit user

* feat(frontend): allow editing users

* refactor(frontend): use new hook for submit

Author: IgnisDa

apps/backend/src/entities/user.rs

@@ -29,6 +29,7 @@ pub struct Model {
     pub created_on: DateTimeUtc,
     pub is_demo: Option<bool>,
     pub lot: UserLot,
+    pub is_disabled: Option<bool>,
     #[graphql(skip)]
     pub preferences: UserPreferences,
     #[graphql(skip)]

apps/backend/src/miscellaneous/resolver.rs

@@ -216,8 +216,6 @@ struct PasswordUserInput {
     username: String,
     #[graphql(secret)]
     password: String,
-    /// If provided, that means an admin tried to create an account.
-    creator_user_id: Option<String>,
 }
 
 #[derive(Debug, InputObject, Serialize, Deserialize, Clone)]
@@ -233,13 +231,11 @@ enum AuthUserInput {
     Oidc(OidcUserInput),
 }
 
-impl AuthUserInput {
-    fn creator_user_id(&self) -> Option<String> {
-        match self {
-            Self::Password(p) => p.creator_user_id.clone(),
-            _ => None,
-        }
-    }
+#[derive(Debug, InputObject)]
+struct RegisterUserInput {
+    data: AuthUserInput,
+    /// If registration is disabled, this can be used to override it.
+    admin_access_token: Option<String>,
 }
 
 #[derive(Enum, Clone, Debug, Copy, PartialEq, Eq)]
@@ -261,6 +257,7 @@ enum RegisterResult {
 
 #[derive(Enum, Clone, Debug, Copy, PartialEq, Eq)]
 enum LoginErrorVariant {
+    AccountDisabled,
     UsernameDoesNotExist,
     CredentialsMismatch,
     IncorrectProviderChosen,
@@ -284,10 +281,14 @@ enum LoginResult {
 
 #[derive(Debug, InputObject)]
 struct UpdateUserInput {
-    username: Option<String>,
+    user_id: String,
+    is_disabled: Option<bool>,
+    lot: Option<UserLot>,
     #[graphql(secret)]
     password: Option<String>,
+    username: Option<String>,
     extra_information: Option<serde_json::Value>,
+    admin_access_token: Option<String>,
 }
 
 #[derive(Debug, InputObject)]
@@ -1252,7 +1253,7 @@ impl MiscellaneousMutation {
     async fn register_user(
         &self,
         gql_ctx: &Context<'_>,
-        input: AuthUserInput,
+        input: RegisterUserInput,
     ) -> Result<RegisterResult> {
         let service = gql_ctx.data_unchecked::<Arc<MiscellaneousService>>();
         service.register_user(input).await
@@ -1271,7 +1272,7 @@ impl MiscellaneousMutation {
         input: UpdateUserInput,
     ) -> Result<StringIdObject> {
         let service = gql_ctx.data_unchecked::<Arc<MiscellaneousService>>();
-        let user_id = self.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await.ok();
         service.update_user(user_id, input).await
     }
 
@@ -3715,9 +3716,13 @@ impl MiscellaneousService {
                 .await,
             ),
             MediaSource::Tmdb => Box::new(self.get_tmdb_non_media_service().await?),
-            MediaSource::Anilist => {
-                Box::new(NonMediaAnilistService::new(self.config.frontend.page_size).await)
-            }
+            MediaSource::Anilist => Box::new(
+                NonMediaAnilistService::new(
+                    &self.config.anime_and_manga.anilist,
+                    self.config.frontend.page_size,
+                )
+                .await,
+            ),
             MediaSource::Mal => Box::new(NonMediaMalService::new().await),
             MediaSource::Custom => return err(),
         };
@@ -4854,33 +4859,33 @@ impl MiscellaneousService {
         Ok(())
     }
 
-    async fn register_user(&self, input: AuthUserInput) -> Result<RegisterResult> {
-        if let Some(user_id) = input.creator_user_id() {
-            self.admin_account_guard(&user_id).await?;
-        } else if !self.config.users.allow_registration {
+    async fn register_user(&self, input: RegisterUserInput) -> Result<RegisterResult> {
+        if !self.config.users.allow_registration
+            && input.admin_access_token.unwrap_or_default() != self.config.server.admin_access_token
+        {
             return Ok(RegisterResult::Error(RegisterError {
                 error: RegisterErrorVariant::Disabled,
             }));
         }
-        let (filter, username, password) = match input.clone() {
-            AuthUserInput::Oidc(input) => (
-                user::Column::OidcIssuerId.eq(&input.issuer_id),
-                input.email,
+        let (filter, username, password) = match input.data.clone() {
+            AuthUserInput::Oidc(data) => (
+                user::Column::OidcIssuerId.eq(&data.issuer_id),
+                data.email,
                 None,
             ),
-            AuthUserInput::Password(input) => (
-                user::Column::Name.eq(&input.username),
-                input.username,
-                Some(input.password),
+            AuthUserInput::Password(data) => (
+                user::Column::Name.eq(&data.username),
+                data.username,
+                Some(data.password),
             ),
         };
         if User::find().filter(filter).count(&self.db).await.unwrap() != 0 {
             return Ok(RegisterResult::Error(RegisterError {
                 error: RegisterErrorVariant::IdentifierAlreadyExists,
             }));
         };
-        let oidc_issuer_id = match input {
-            AuthUserInput::Oidc(input) => Some(input.issuer_id),
+        let oidc_issuer_id = match input.data {
+            AuthUserInput::Oidc(data) => Some(data.issuer_id),
             AuthUserInput::Password(_) => None,
         };
         let lot = if User::find().count(&self.db).await.unwrap() == 0 {
@@ -4914,6 +4919,11 @@ impl MiscellaneousService {
                 error: LoginErrorVariant::UsernameDoesNotExist,
             })),
             Some(user) => {
+                if user.is_disabled.unwrap_or_default() {
+                    return Ok(LoginResult::Error(LoginError {
+                        error: LoginErrorVariant::AccountDisabled,
+                    }));
+                }
                 if self.config.users.validate_password {
                     if let AuthUserInput::Password(PasswordUserInput { password, .. }) = input {
                         if let Some(hashed_password) = user.password {
@@ -4958,8 +4968,17 @@ impl MiscellaneousService {
         Ok(())
     }
 
-    async fn update_user(&self, user_id: String, input: UpdateUserInput) -> Result<StringIdObject> {
-        let mut user_obj: user::ActiveModel = User::find_by_id(user_id.to_owned())
+    async fn update_user(
+        &self,
+        user_id: Option<String>,
+        input: UpdateUserInput,
+    ) -> Result<StringIdObject> {
+        if user_id.unwrap_or_default() != input.user_id
+            && input.admin_access_token.unwrap_or_default() != self.config.server.admin_access_token
+        {
+            return Err(Error::new("Admin access token mismatch".to_owned()));
+        }
+        let mut user_obj: user::ActiveModel = User::find_by_id(input.user_id)
             .one(&self.db)
             .await
             .unwrap()
@@ -4974,6 +4993,12 @@ impl MiscellaneousService {
         if let Some(i) = input.extra_information {
             user_obj.extra_information = ActiveValue::Set(Some(i));
         }
+        if let Some(l) = input.lot {
+            user_obj.lot = ActiveValue::Set(l);
+        }
+        if let Some(d) = input.is_disabled {
+            user_obj.is_disabled = ActiveValue::Set(Some(d));
+        }
         let user_obj = user_obj.update(&self.db).await.unwrap();
         Ok(StringIdObject { id: user_obj.id })
     }
@@ -5791,19 +5816,20 @@ impl MiscellaneousService {
     async fn admin_account_guard(&self, user_id: &String) -> Result<()> {
         let main_user = user_by_id(&self.db, user_id).await?;
         if main_user.lot != UserLot::Admin {
-            return Err(Error::new("Only admins can perform this operation."));
+            return Err(Error::new(BackendError::AdminOnlyAction.to_string()));
         }
         Ok(())
     }
 
     async fn users_list(&self, query: Option<String>) -> Result<Vec<user::Model>> {
-        Ok(User::find()
+        let users = User::find()
             .apply_if(query, |query, value| {
                 query.filter(Expr::col(user::Column::Name).ilike(ilike_sql(&value)))
             })
             .order_by_asc(user::Column::Name)
             .all(&self.db)
-            .await?)
+            .await?;
+        Ok(users)
     }
 
     async fn delete_user(&self, to_delete_user_id: String) -> Result<bool> {

apps/backend/src/models.rs

@@ -56,9 +56,10 @@ pub enum EntityLot {
 #[derive(Enum, Clone, Debug, Copy, PartialEq, Eq, Serialize, Deserialize, EnumIter, Display)]
 #[strum(serialize_all = "SCREAMING_SNAKE_CASE")]
 pub enum BackendError {
-    NoAuthToken,
     NoUserId,
+    NoAuthToken,
     SessionExpired,
+    AdminOnlyAction,
     MutationNotAllowed,
 }
 

apps/backend/src/providers/anilist/media_details.graphql

@@ -4,6 +4,7 @@ query MediaDetailsQuery($id: Int!) {
     title {
       english
       native
+      romaji
     }
     isAdult
     episodes
@@ -50,6 +51,7 @@ query MediaDetailsQuery($id: Int!) {
           title {
             english
             native
+            romaji
           }
           coverImage {
             extraLarge

apps/backend/src/providers/anilist/media_search.graphql

@@ -13,6 +13,7 @@ query MediaSearchQuery(
       title {
         english
         native
+        romaji
       }
       coverImage {
         extraLarge