UserController - xEdziu/RPG-Handy-Helper GitHub Wiki

UserController

This page contains documentation for the UserController class, which handles authenticated user operations and admin user management.

Basic Information

Base Path: /api/v1/authorized
Package: dev.goral.rpghandyhelper.user

Authentication

All requests to this controller require an XSRF token to be included in the headers.
Example:

headers: {
  "X-XSRF-TOKEN": "<csrfToken>"
}

Endpoint Summary

HTTP Method Path Description
GET /user Returns basic info about the logged-in user
POST /setPassword Sets the password for a Discord-created user
POST /user/setUserPhotoPath Sets the user's photo path (URL string)
PUT /user/update Updates user profile data
POST /user/photo Uploads a new profile photo (multipart file)
GET /user/photo Returns path to users profile pic
GET /user/photo/{filename} Returns user photo as byte array
GET /user/photo/username/{username} Returns username’s profile pic path
GET /user/photo/defaults Get a list of default profile pictures
GET /admin/user/{id} Returns basic info about the user (ADMIN only)
GET /admin/user/all Gets a list of all users (ADMIN only)
POST /admin/user/create Creates a new user (ADMIN only)
PUT /admin/user/update/{id} Updates user profile data (ADMIN only)
PUT /admin/user/changePassword/{id} Changes the password for the user (ADMIN only)
DELETE /admin/user/delete/{id} Deletes the user (ADMIN only)

Endpoint Details

Get Authorized User

Method: GET
Path: /user

Response

{
  "username": "user1",
  "firstName": "John",
  "surname": "Doe",
  "email": "[email protected]",
  "userPhotoPath": "/img/profilePics/defaultProfilePic.png"
}

Possible Errors

  • 401 Unauthorized: User is not logged in.
  • 500 Internal Server Error: User object could not be resolved.

Set Password

Method: POST
Path: /setPassword

Request

{
  "password": "SecurePassword123!"
}

Response

{
  "message": "Hasło zostało ustawione",
  "error": 200,
  "timestamp": "..."
}

Possible Errors

  • 400 Bad Request: Password too weak or already set.
  • 401 Unauthorized: User not authenticated or OAuth account mismatch.

Set User Photo Path

Method: POST
Path: /user/setUserPhotoPath

Request

"/img/profilePics/customPic.png"

Response

{
  "message": "Zdjęcie profilowe zostało ustawione.",
  "error": 200,
  "timestamp": "..."
}

Possible Errors

  • 400 Bad Request: User not authenticated.

Update Profile

Method: PUT
Path: /user/update

Request

{
  "username": "newUser",
  "firstName": "New",
  "surname": "Name",
  "email": "[email protected]"
}

Response

{
  "message": "Profil zaktualizowany.",
  "error": 200,
  "timestamp": "..."
}

Possible Errors

  • 400 Bad Request: Invalid fields or duplicate username.
  • 401 Unauthorized: Not logged in.
  • 404 Not Found: User not found.

Upload Profile Photo

Method: POST
Path: /user/photo

Request

Form-data:

  • file: Image file (JPEG/PNG, max 5MB)

Response

{
  "message": "Zdjęcie profilowe zaktualizowane.",
  "error": 200,
  "timestamp": "..."
}

Possible Errors

  • 400 Bad Request: No file provided, invalid type, or too large.
  • 401 Unauthorized: User not authenticated.

Get User Photo Path

Method: GET
Path: /user/photo

Response

{
  "message": "Pobrano aktualną ścieżkę zdjęciową użytkownika.",
  "error": 200,
  "userPhotoPath": "/img/profilePics/defaultProfilePic.png",
  "timestamp": "..."
}

Possible Errors

  • 400 Bad Request: User not authenticated.

Get User Photo

Method: GET
Path: /user/photo/{filename}

Response

  • Returns image file (Content-Type: image/jpeg or image/png)

Possible Errors

  • 400 Bad Request: Invalid filename.
  • 404 Not Found: File does not exist.

Get Username's Photo Path

Method: GET
Path: /user/photo/username/{username}

Response

{
  "message": "Pobrano ścieżkę zdjęciową do profilu użytkownika.",
  "error": 200,
  "userPhotoPath": "/img/profilePics/defaultProfilePic.png",
  "timestamp": "..."
}

Possible Errors

  • 404 Not Found: User not found.
  • 404 Not Found: File does not exist.

Get a List of Default Profile Pictures

Method: GET
Path: /user/photo/defaults

Response

{
  "defaultProfilePics": [
    "/img/profilePics/defaultProfilePic-blue.png",
    "...",
    "/img/profilePics/defaultProfilePic.png"
  ],
  "message": "Pobrano domyślne zdjęcia profilowe.",
  "error": 200,
  "timestamp": "..."
}

Get User by ID (ADMIN only)

Method: GET
Path: /admin/user/{id}

Response

{
  "message": "Pobrano użytkownika.",
  "error": 200,
  "user": {
    "id": 2,
    "username": "testuser",
    "email": "[email protected]",
    ...
  },
  "timestamp": "..."
}

Possible Errors

  • 404 Not Found: User with given ID not found.
  • 403 Forbidden: User is not an admin.
  • 401 Unauthorized: Not logged in.

Get All Users (ADMIN only)

Method: GET
Path: /admin/user/all

Response

{
  "message": "Pobrano listę użytkowników.",
  "error": 200,
  "users": [
    {
      "id": 1,
      "username": "admin",
      "email": "[email protected]",
      "role": "ROLE_ADMIN"
    }
  ],
  "timestamp": "..."
}

Possible Errors

  • 403 Forbidden: User is not an admin.
  • 401 Unauthorized: Not logged in.

Create User (ADMIN only)

Method: POST
Path: /admin/user/create

Request

{
  "username": "newuser",
  "firstName": "Alice",
  "surname": "Cooper",
  "email": "[email protected]",
  "password": "StrongPass123!",
  "role": "ROLE_USER"
}

Response

{
  "message": "Użytkownik został utworzony.",
  "error": 200,
  "timestamp": "..."
}

Possible Errors

  • 400 Bad Request: Missing fields, weak password, or duplicate username/email.
  • 403 Forbidden: User is not an admin.

Update User (ADMIN only)

Method: PUT
Path: /admin/user/update/{id}

Request

{
  "username": "updatedName",
  "firstName": "Updated",
  "surname": "User",
  "email": "[email protected]",
  "role": "ROLE_USER",
  "locked": false,
  "enabled": true,
  "userPhotoPath": "/img/profilePics/defaultProfilePic-red.png"
}

Response

{
  "message": "Użytkownik zaktualizowany.",
  "error": 200,
  "timestamp": "..."
}

Possible Errors

  • 404 Not Found: User with given ID not found.
  • 400 Bad Request: Invalid field value (e.g., too short name).
  • 403 Forbidden: User is not an admin.
  • 401 Unauthorized: Not logged in.

Change Password (ADMIN only)

Method: PUT
Path: /admin/user/changePassword/{id}

Request

{
  "password": "StrongPass123!"
}

Response

{
  "message": "Twoje hasło zostało zmienione.",
  "error": 200,
  "timestamp": "..."
}

Possible Errors

  • 404 Not Found: User with given ID not found.
  • 400 Bad Request: Password does not meet validation rules.
  • 403 Forbidden: User is not an admin.
  • 401 Unauthorized: Not logged in.

Delete User (ADMIN only)

Method: DELETE
Path: /admin/user/delete/{id}

Response

{
  "message": "Użytkownik został usunięty.",
  "error": 200,
  "timestamp": "..."
}

What it does:

  • Deletes the user account.
  • Removes all associated notes, game participations, and scheduler assignments.
  • Deletes user's custom profile photo (if not default).

Possible Errors

  • 404 Not Found: User with given ID not found.
  • 500 Internal Server Error: Failed to delete user’s data or photo.
  • 403 Forbidden: User is not an admin.
  • 401 Unauthorized: Not logged in.

Common Troubleshooting Tips

  • Missing XSRF Token: Ensure the X-XSRF-TOKEN header is included in every request.
  • Invalid Fields: Double-check the request body for missing or invalid fields.
  • Permission Issues: Verify that the user has the necessary permissions for the requested operation.
  • OAuth Account Setup: Users created via Discord login must set a password before logging in via form-based login.
⚠️ **GitHub.com Fallback** ⚠️