From 136c6f143888b950cf3d698befef4bca60cf69f0 Mon Sep 17 00:00:00 2001
From: Artemis <git@artemix.org>
Date: Tue, 11 Feb 2025 12:38:12 +0100
Subject: [PATCH] this code feels so gross but hey it works

---
 src/auth/session.rs         |  4 +--
 src/db/user.rs              |  8 +++---
 src/routes/admin.rs         | 51 ++++++++++++++++++++++++++++++++-----
 src/routes/form/accounts.rs |  8 +++---
 4 files changed, 54 insertions(+), 17 deletions(-)

diff --git a/src/auth/session.rs b/src/auth/session.rs
index 07f1599..feb2de0 100644
--- a/src/auth/session.rs
+++ b/src/auth/session.rs
@@ -66,11 +66,11 @@ impl<'a> FromRequest<'a> for User {
 		let cookies = req.cookies();
 
 		if let Some(id) = check_login(&cookies) {
-			let db = DollTagsDb::from_request(req)
+			let mut db = DollTagsDb::from_request(req)
 				.await
 				.expect("User::from_request cannot get DB connection");
 
-			match user::get_by_id(db, &id).await {
+			match user::get_by_id(&mut *db, &id).await {
 				Err(err) => {
 					error!("User::from_request internal error: {:?}", err);
 					Outcome::Error((Status::InternalServerError, SessionInternalFailure()))
diff --git a/src/db/user.rs b/src/db/user.rs
index b47d800..7819d21 100644
--- a/src/db/user.rs
+++ b/src/db/user.rs
@@ -2,22 +2,22 @@ use uuid::Uuid;
 
 use crate::db::schema::User;
 
-use super::schema::{DbHook, DollTagsDb, TrxHook};
+use super::schema::{DbHook, TrxHook};
 
-pub async fn get(mut db: DollTagsDb, username: &str) -> sqlx::Result<Option<User>> {
+pub async fn get(db: &mut DbHook, username: &str) -> sqlx::Result<Option<User>> {
 	sqlx::query_as!(User, "select * from users where username = $1", username)
 		.fetch_optional(&mut **db)
 		.await
 }
 
-pub async fn get_by_id(mut db: DollTagsDb, id: &Uuid) -> sqlx::Result<Option<User>> {
+pub async fn get_by_id(db: &mut DbHook, id: &Uuid) -> sqlx::Result<Option<User>> {
 	sqlx::query_as!(User, "select * from users where id = $1", id)
 		.fetch_optional(&mut **db)
 		.await
 }
 
 pub async fn create(
-	mut db: DollTagsDb,
+	db: &mut DbHook,
 	username: &str,
 	hashed_password: &str,
 	email: Option<&str>,
diff --git a/src/routes/admin.rs b/src/routes/admin.rs
index 71c3fd8..2c605a9 100644
--- a/src/routes/admin.rs
+++ b/src/routes/admin.rs
@@ -7,7 +7,8 @@ use sqlx::Acquire;
 
 use crate::{
 	auth::session::Admin,
-	db::{admin, schema::DollTagsDb},
+	db::{admin, doll, schema::DollTagsDb, user},
+	ids::id_public_to_db,
 	pages::CommonTemplateState,
 };
 
@@ -57,7 +58,7 @@ impl<'a, 'b> From<&'a Form<Forms<'b>>> for Contexts<'a, 'b> {
 	}
 }
 
-#[derive(Debug, FromForm)]
+#[derive(Debug, FromForm, Clone)]
 pub struct TagHandover<'a> {
 	#[field(validate=crate::ids::validate_id())]
 	pub tag_id: &'a str,
@@ -76,17 +77,53 @@ pub async fn handle_in_page_forms(
 
 	match form.form {
 		SelectedForm::TagHandover => {
-			if let Some(ref values) = form.tag_handover.value {
+			if let Some(values) = &form.tag_handover.value.clone() {
 				// work
 				println!(
 					"woof handover of {} to {}",
 					values.tag_id, values.dest_account
 				);
 
-				// form.tag_handover
-				// 	.context
-				// 	.push_error(Error::validation("meow").with_name("tag_handover.tag_id"));
-				
+				let target_user = user::get(&mut *db, values.dest_account).await?;
+				let user_valid = match target_user {
+					Some(user) => {
+						if !user.enabled {
+							form.tag_handover.context.push_error(
+								Error::validation("this user's account is deactivated")
+									.with_name("tag_handover.dest_account"),
+							);
+							false
+						} else {
+							true
+						}
+					}
+					None => {
+						form.tag_handover.context.push_error(
+							Error::validation("this user doesn't exist")
+								.with_name("tag_handover.dest_account"),
+						);
+						false
+					}
+				};
+
+				let target_tag = doll::get(
+					&mut *db,
+					id_public_to_db(values.tag_id)
+						.expect("is form-validated so should always succeed"),
+					"",
+					true,
+				)
+				.await?;
+				if target_tag.is_none() {
+					form.tag_handover.context.push_error(
+						Error::validation("no tag exists with this ID")
+							.with_name("tag_handover.tag_id"),
+					);
+				}
+
+				if user_valid && target_tag.is_some() {
+					todo!("woof redirect to tag-handover confirm");
+				}
 			}
 		}
 	};
diff --git a/src/routes/form/accounts.rs b/src/routes/form/accounts.rs
index 8470523..064194d 100644
--- a/src/routes/form/accounts.rs
+++ b/src/routes/form/accounts.rs
@@ -45,7 +45,7 @@ pub fn show_login(
 
 #[post("/login?<next>", data = "<form>")]
 pub async fn handle_login(
-	db: DollTagsDb,
+	mut db: DollTagsDb,
 	next: Option<&str>,
 	form: Form<Contextual<'_, AuthForm<'_>>>,
 	cookies: &CookieJar<'_>,
@@ -77,7 +77,7 @@ pub async fn handle_login(
 
 	warn!("[audit|{}] login attempt ({})", client_ip, &values.username);
 
-	let user_in_db = user::get(db, &values.username).await?;
+	let user_in_db = user::get(&mut *db, &values.username).await?;
 	let user = match user_in_db {
 		None => {
 			task::spawn_blocking(move || pw::verify("meow", "$argon2i$v=19$m=65536,t=3,p=1$fJ+f67UGHB+EIjGIDEwbSQ$V/nZPHmdyqHq8fTBTdt3sEmTyr0W7i/F98EIxaaJJt0")).await??;
@@ -151,7 +151,7 @@ fn validate_email<'v>(email: &str) -> form::Result<'v, ()> {
 
 #[post("/register", data = "<form>")]
 pub async fn handle_register(
-	db: DollTagsDb,
+	mut db: DollTagsDb,
 	form: Form<Contextual<'_, RegisterForm<'_>>>,
 	cookies: &CookieJar<'_>,
 	maybe_loggedin: Option<User>,
@@ -185,7 +185,7 @@ pub async fn handle_register(
 	let hashed_password = task::spawn_blocking(move || pw::hash(&password)).await??;
 
 	let account_id = user::create(
-		db,
+		&mut *db,
 		values.username,
 		&hashed_password,
 		if values.email.len() != 0 {