add user patch endpoints

Author: nevzattalhaozcan

internal/handlers/server.go

@@ -9,8 +9,8 @@ import (
 	"github.com/nevzattalhaozcan/forgotten/pkg/logger"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/redis/go-redis/v9"
-	"github.com/swaggo/files"
-	"github.com/swaggo/gin-swagger"
+	swaggerFiles "github.com/swaggo/files"
+	ginSwagger "github.com/swaggo/gin-swagger"
 
 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
@@ -149,6 +149,10 @@ func (s *Server) setupRoutes() {
 		protected.GET("/users", middleware.RestrictToRoles("admin", "superuser"), userHandler.GetAllUsers)
 		protected.PUT("/users/:id", middleware.AuthorizeSelf(), userHandler.UpdateUser)
 		protected.DELETE("/users/:id", middleware.AuthorizeSelf(), userHandler.DeleteUser)
+		protected.PATCH("/users/:id/password", userHandler.PatchPassword)
+		protected.PATCH("/users/:id/profile", userHandler.PatchProfile)
+		protected.PATCH("/users/:id/account", userHandler.PatchAccount)
+		protected.PATCH("/users/:id/avatar", userHandler.PatchAvatar)
 
 		protected.POST("/clubs", clubHandler.CreateClub)
 		protected.PUT("/clubs/:id", middleware.RequireClubMembershipWithRoles(clubRepo, "club_admin"), clubHandler.UpdateClub)
@@ -159,7 +163,7 @@ func (s *Server) setupRoutes() {
 		protected.POST("/clubs/:id/leave", middleware.RequireClubMembership(clubRepo), clubHandler.LeaveClub)
 		protected.POST("/clubs/:id/ratings", middleware.RequireClubMembership(clubRepo), clubHandler.RateClub)
 		protected.GET("/my-clubs", clubHandler.GetMyClubs)
-		
+
 		protected.PUT("/clubs/:id/members/:user_id", middleware.RequireClubMembershipWithRoles(clubRepo, "club_admin", "moderator"), clubHandler.UpdateClubMember)
 		protected.GET("/clubs/:id/members/:user_id", clubHandler.GetClubMember)
 
@@ -184,7 +188,7 @@ func (s *Server) setupRoutes() {
 
 		protected.POST("/posts/:id/vote", middleware.RequireClubMembership(clubRepo), postHandler.VoteOnPoll)
 		protected.POST("/posts/:id/unvote", middleware.RequireClubMembership(clubRepo), postHandler.RemoveVoteFromPoll)
-		protected.GET("/posts/:id/poll/votes", middleware.RequireClubMembership(clubRepo), postHandler.GetUserPollVotes)	
+		protected.GET("/posts/:id/poll/votes", middleware.RequireClubMembership(clubRepo), postHandler.GetUserPollVotes)
 
 		protected.POST("/posts/:id/like", middleware.RequireClubMembership(clubRepo), postHandler.LikePost)
 		protected.POST("/posts/:id/unlike", middleware.RequireClubMembership(clubRepo), postHandler.UnlikePost)

internal/handlers/user.go

@@ -227,4 +227,103 @@ func (h *UserHandler) DeleteUser(c *gin.Context) {
 	}
 
 	c.JSON(http.StatusNoContent, nil)
+}
+
+func (h *UserHandler) PatchPassword(c *gin.Context) {
+	var req models.UpdatePasswordRequest
+
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 32)
+
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"})
+		return
+	}
+	if err := h.validator.Struct(req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	err := h.userService.UpdatePassword(uint(id), &req)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+}
+
+func (h *UserHandler) PatchProfile(c *gin.Context) {
+	var req models.UpdateUserRequest
+
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 32)
+
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"})
+		return
+	}
+	if err := h.validator.Struct(req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	user, err := h.userService.UpdateUser(uint(id), &req)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"message": "user updated successfully",
+		"user":    user,
+	})
+}
+
+func (h *UserHandler) PatchAvatar(c *gin.Context) {
+	var req models.UpdateAvatarRequest
+
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 32)
+
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"})
+		return
+	}
+	if err := h.validator.Struct(req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	user, err := h.userService.UpdateAvatar(uint(id), &req)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"message": "avatar updated successfully",
+		"user":    user,
+	})
+}
+
+func (h *UserHandler) PatchAccount(c *gin.Context) {
+	var req models.UpdateAccountRequest
+
+	id, _ := strconv.ParseUint(c.Param("id"), 10, 32)
+
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"})
+		return
+	}
+	if err := h.validator.Struct(req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	user, err := h.userService.UpdateAccount(uint(id), &req)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"message": "account updated successfully",
+		"user":    user,
+	})
 }

internal/models/user.go

@@ -104,6 +104,29 @@ type UpdateUserRequest struct {
 	ReadingGoal    *int      `json:"reading_goal" validate:"omitempty,gte=0"`
 }
 
+type UpdatePasswordRequest struct {
+	Password    string `json:"password" validate:"required,min=6"`
+	NewPassword string `json:"new_password" validate:"required,min=6"`
+}
+
+type UpdateProfileRequest struct {
+	Bio            *string   `json:"bio,omitempty" validate:"omitempty"`
+	Location       *string   `json:"location,omitempty" validate:"omitempty,max=255"`
+	FavoriteGenres *[]string `json:"favorite_genres,omitempty"`
+	ReadingGoal    *int      `json:"reading_goal,omitempty" validate:"omitempty,gte=0"`
+}
+
+type UpdateAvatarRequest struct {
+	AvatarURL string `json:"avatar_url" validate:"required,url"`
+}
+
+type UpdateAccountRequest struct {
+	FirstName *string `json:"first_name,omitempty" validate:"omitempty,min=2,max=50"`
+	LastName  *string `json:"last_name,omitempty" validate:"omitempty,min=2,max=50"`
+	Email     *string `json:"email,omitempty" validate:"omitempty,email"`
+	Username  *string `json:"username,omitempty" validate:"omitempty,min=3,max=50"`
+}
+
 func (u *User) ToResponse() UserResponse {
 	return UserResponse{
 		ID:              u.ID,

internal/services/user.go

@@ -226,4 +226,118 @@ func (s *UserService) DeleteUser(id uint) error {
 	metrics.IncrementUserCount(-1)
 
 	return nil
+}
+
+func (s *UserService) UpdatePassword(id uint, req *models.UpdatePasswordRequest) error {
+	user, err := s.userRepo.GetByID(id)
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return errors.New("user not found")
+		}
+		return err
+	}
+
+	if !utils.CheckPasswordHash(req.Password, user.PasswordHash) {
+		return errors.New("current password is incorrect")
+	}
+
+	hashedPassword, err := utils.HashPassword(req.NewPassword)
+	if err != nil {
+		return errors.New("failed to hash new password")
+	}
+
+	user.PasswordHash = hashedPassword
+	return s.userRepo.Update(user)
+}
+
+func (s *UserService) UpdateProfile(id uint, req *models.UpdateProfileRequest) (*models.UserResponse, error) {
+	user, err := s.userRepo.GetByID(id)
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return nil, errors.New("user not found")
+		}
+		return nil, err
+	}
+
+	if req.Bio != nil {
+		user.Bio = req.Bio
+	}
+
+	if req.Location != nil {
+		user.Location = req.Location
+	}
+
+	if req.FavoriteGenres != nil {
+		user.FavoriteGenres = *req.FavoriteGenres
+	}
+
+	if req.ReadingGoal != nil {
+		user.ReadingGoal = *req.ReadingGoal
+	}
+
+	if err := s.userRepo.Update(user); err != nil {
+		return nil, errors.New("failed to update profile")
+	}
+
+	response := user.ToResponse()
+	return &response, nil
+}
+
+func (s *UserService) UpdateAvatar(id uint, req *models.UpdateAvatarRequest) (*models.UserResponse, error) {
+	user, err := s.userRepo.GetByID(id)
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return nil, errors.New("user not found")
+		}
+		return nil, err
+	}
+
+	user.AvatarURL = &req.AvatarURL
+	if err := s.userRepo.Update(user); err != nil {
+		return nil, errors.New("failed to update avatar")
+	}
+
+	response := user.ToResponse()
+	return &response, nil
+}
+
+func (s *UserService) UpdateAccount(id uint, req *models.UpdateAccountRequest) (*models.UserResponse, error) {
+	user, err := s.userRepo.GetByID(id)
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return nil, errors.New("user not found")
+		}
+		return nil, err
+	}
+
+	if req.FirstName != nil {
+		user.FirstName = *req.FirstName
+	}
+
+	if req.LastName != nil {
+		user.LastName = *req.LastName
+	}
+
+	if req.Email != nil && *req.Email != user.Email {
+		existingUser, err := s.userRepo.GetByEmail(*req.Email)
+		if err == nil && existingUser.ID != user.ID {
+			return nil, errors.New("email already exists")
+		}
+		user.Email = *req.Email
+	}
+
+	if req.Username != nil && *req.Username != user.Username {
+		existingUser, err := s.userRepo.GetByUsername(*req.Username)
+		if err == nil && existingUser.ID != user.ID {
+			return nil, errors.New("username already exists")
+		}
+		user.Username = *req.Username
+	}
+
+	if err := s.userRepo.Update(user); err != nil {
+		return nil, errors.New("failed to update account")
+	}
+
+	response := user.ToResponse()
+	return &response, nil
 }