From e18157d418eb7eb2da021a2d7f666f88654fd693 Mon Sep 17 00:00:00 2001
From: "Jill \"oatmealine\" Monoids" <oatmealine@disroot.org>
Date: Fri, 13 Jan 2023 20:43:37 +0300
Subject: [PATCH] email settings, wip profile settings

---
 public/template/account_settings.ecr       | 22 ++++++++++++++++++++++
 src/template_endpoints/account_settings.cr | 16 ++++++++++++++--
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/public/template/account_settings.ecr b/public/template/account_settings.ecr
index f6936b0..6f3c3c2 100644
--- a/public/template/account_settings.ecr
+++ b/public/template/account_settings.ecr
@@ -36,12 +36,34 @@
     <form action="/accounts/settings" method="post">
       <label for="username">Username</label><br>
       <input type="text" id="username" name="username" minlength="3" maxlength="16" required value="<%= username %>" /><br>
+      <label for="email">Email</label><br>
+      <input type="email" id="email" name="email" value="<%= email %>" /><br>
       <hr>
       <input type="submit" value="Update Account" />
     </form>
 
     <br>
 
+    <!--
+    <form action="/accounts/settings" method="post">
+      Messages<br>
+      <input type="radio" id="messages_disabled" name="messages_status" value="0"><label for="messages_disabled">Disabled</label><br>
+      <input type="radio" id="messages_friends" name="messages_status" value="1"><label for="messages_friends">Friends only</label><br>
+      <input type="radio" id="messages_all" name="messages_status" value="2"><label for="messages_all">Open to all</label><br>
+      Friend Requests<br>
+      <input type="radio" id="fr_disabled" name="fr_status" value="0"><label for="fr_disabled">Disabled</label><br>
+      <input type="radio" id="fr_all" name="fr_status" value="1"><label for="fr_all">Enabled</label><br>
+      Comments <small>(exclusively client-side!)</small><br>
+      <input type="radio" id="comments_disabled" name="comments_status" value="0"><label for="comments_disabled">Disabled</label><br>
+      <input type="radio" id="comments_friends" name="comments_status" value="1"><label for="comments_friends">Friends only</label><br>
+      <input type="radio" id="comments_all" name="comments_status" value="2"><label for="comments_all">Open to all</label><br>
+      <hr>
+      <input type="submit" value="Update Profile" />
+    </form>
+
+    <br>
+    -->
+
     <form action="/accounts/settings" method="post">
       <label for="old_password">Old password</label><br>
       <input type="password" id="old_password" name="old_password" minlength="3" maxlength="16" required/><br>
diff --git a/src/template_endpoints/account_settings.cr b/src/template_endpoints/account_settings.cr
index 5996c1d..d7a4643 100644
--- a/src/template_endpoints/account_settings.cr
+++ b/src/template_endpoints/account_settings.cr
@@ -11,14 +11,16 @@ CrystalGauntlet.template_endpoints["/accounts/settings"] = ->(context : HTTP::Se
 
   Templates.auth()
 
+  email = DATABASE.query_one("select email from accounts where id = ?", account_id, as: {String})
+
   result = nil
 
   params = context.request.body.try { |b| URI::Params.parse(b.gets_to_end) }
   if params
     begin
-      if params["username"]?
+      if params["username"]? && params["username"] != username
         # todo: dedup this and the gd register endpoint
-        username = params["username"].strip
+        username = Clean.clean_basic(params["username"].strip)
         if username.size < 3
           raise "Username must at least be 3 characters long"
         end
@@ -39,6 +41,16 @@ CrystalGauntlet.template_endpoints["/accounts/settings"] = ->(context : HTTP::Se
         result = "Changed username successfully"
       end
 
+      if params["email"]?
+        email = params["email"].strip
+
+        if email.size > 254
+          raise "Invalid email (too long)"
+        end
+
+        DATABASE.exec("update accounts set email = ? where id = ?", email, account_id)
+      end
+
       if params["old_password"]? && params["new_password"]? && params["repeat_new_password"]?
         if params["repeat_new_password"] != params["new_password"]
           raise "New password and repeated password do not match"