hacky-ruadat/src/rest/restreg.rs

use rocket::{
    form::Form,
    response::{Flash, Redirect},
    Route, State,
};
use sea_orm::{ActiveModelTrait, DatabaseConnection, EntityTrait, Set};

use crate::models::{day, trip, user};

use super::NaiveDateForm;

#[derive(FromForm)]
struct RegisterForm {
    day: NaiveDateForm,
    #[field(validate = len(3..))]
    name: String,
}

#[put("/", data = "<register>")]
async fn register(
    db: &State<DatabaseConnection>,
    register: Form<RegisterForm>,
    user: user::Model,
) -> Flash<Redirect> {
    let day = day::Entity::find_by_id(*register.day)
        .one(db.inner())
        .await
        .unwrap()
        .expect("There's no trip on this date (yet)");

    if !(day.open_registration || user.is_cox) {
        log::error!("{} tried to register, even though the user it should not be possible to do so via UI -> manually crafted request?", user.name);
        return Flash::error(
            Redirect::to("/"),
            "Don't (try to ;)) abuse this system! Incident has been reported...",
        );
    }

    let user = user::Model::find_or_create_user(&register.name, db.inner()).await;

    let day = format!("{}", day.day.format("%Y-%m-%d"));
    let trip = trip::ActiveModel {
        day: Set(day.clone()),
        user_id: Set(user.id),
        ..Default::default()
    };

    match trip.insert(db.inner()).await {
        Ok(_) => {
            log::info!("{} registered for {:?}", user.name, day);
            Flash::success(Redirect::to("/"), "Erfolgreich angemeldet!")
        }
        Err(_) => {
            log::warn!(
                "{} tried to register for {:?}, but is already registered",
                user.name,
                day
            );
            Flash::error(Redirect::to("/"), "Du bist bereits angemeldet")
        }
    }
}

#[derive(FromForm)]
struct DeleteForm {
    day: NaiveDateForm,
    user: i32,
}

#[delete("/", data = "<delete>")]
async fn delete(
    db: &State<DatabaseConnection>,
    delete: Form<DeleteForm>,
    user: user::Model,
) -> Flash<Redirect> {
    let day = day::Entity::find_by_id(*delete.day)
        .one(db.inner())
        .await
        .unwrap()
        .expect("There's no trip on this date (yet)");

    if delete.user != user.id {
        log::error!("{} tried to delete a registration from user_id {} on day {:?} (probably hand-crafted request)", user.name, delete.user, delete.day);
        return Flash::error(
            Redirect::to("/"),
            "Du kannst nur deine eigenen Anmeldungen löschen!",
        );
    }

    let trip = trip::Entity::find_by_id((format!("{}", day.day.format("%Y-%m-%d")), user.id))
        .one(db.inner())
        .await
        .unwrap();
    match trip {
        None => {
            log::error!("Tried to register w/o being authenticated (prob. hand crafted request (user.name = {})", user.name);
            return Flash::error(Redirect::to("/"), "Du bist gar nicht angemeldet!");
        }
        Some(trip) => {
            log::info!("User {} deleted the registration for {:?}", user.name, trip);
            trip::Entity::delete(trip::ActiveModel {
                day: Set(trip.day),
                user_id: Set(trip.user_id),
                ..Default::default()
            })
            .exec(db.inner())
            .await
            .unwrap();
        }
    }

    Flash::success(Redirect::to("/"), "Anmeldung erfolgreich gelöscht")
}
pub fn routes() -> Vec<Route> {
    routes![register, delete]
}