feat: add /api/account/update-email route

api/account/account.go

@@ -319,6 +319,21 @@ func (a AccountAPI) uploadLimit(c jape.Context) {
 	})
 }
 
+func (a AccountAPI) updateEmail(c jape.Context) {
+	user := middleware.GetUserFromContext(c.Request.Context())
+
+	var request UpdateEmailRequest
+
+	if c.Decode(&request) != nil {
+		return
+	}
+
+	err := a.accounts.UpdateAccountEmail(user, request.Email, request.Password)
+	if c.Check("failed to update email", err) != nil {
+		return
+	}
+}
+
 func (a *AccountAPI) Routes() (*httprouter.Router, error) {
 	loginAuthMw2fa := authMiddleware(middleware.AuthMiddlewareOptions{
 		Identity:     a.identity,
@@ -387,17 +402,21 @@ func (a *AccountAPI) Routes() (*httprouter.Router, error) {
 	})
 
 	routes := map[string]jape.Handler{
+		// Auth
 		"POST /api/auth/ping":         middleware.ApplyMiddlewares(a.ping, corsMw.Handler, pingAuthMw, middleware.ProxyMiddleware),
 		"POST /api/auth/login":        middleware.ApplyMiddlewares(a.login, corsMw.Handler, loginAuthMw2fa, middleware.ProxyMiddleware),
 		"POST /api/auth/register":     middleware.ApplyMiddlewares(a.register, corsMw.Handler, middleware.ProxyMiddleware),
 		"POST /api/auth/otp/validate": middleware.ApplyMiddlewares(a.otpValidate, corsMw.Handler, authMw, middleware.ProxyMiddleware),
 		"POST /api/auth/logout":       middleware.ApplyMiddlewares(a.logout, corsMw.Handler, authMw, middleware.ProxyMiddleware),
 
+		// Account
 		"POST /api/account/verify-email":           middleware.ApplyMiddlewares(a.verifyEmail, corsMw.Handler, middleware.ProxyMiddleware),
 		"POST /api/account/otp/verify":             middleware.ApplyMiddlewares(a.otpVerify, corsMw.Handler, authMw, middleware.ProxyMiddleware),
 		"POST /api/account/otp/disable":            middleware.ApplyMiddlewares(a.otpDisable, corsMw.Handler, authMw, middleware.ProxyMiddleware),
 		"POST /api/account/password-reset/request": middleware.ApplyMiddlewares(a.passwordResetRequest, corsMw.Handler, middleware.ProxyMiddleware),
 		"POST /api/account/password-reset/confirm": middleware.ApplyMiddlewares(a.passwordResetConfirm, corsMw.Handler, middleware.ProxyMiddleware),
+		"POST /api/account/update-email":           middleware.ApplyMiddlewares(a.updateEmail, corsMw.Handler, middleware.ProxyMiddleware),
+
 		"GET /*path": middleware.ApplyMiddlewares(getHandler, corsMw.Handler),
 	}
 

api/account/messages.go

@@ -58,3 +58,7 @@ type AccountInfoResponse struct {
 type UploadLimitResponse struct {
 	Limit uint64 `json:"limit"`
 }
+type UpdateEmailRequest struct {
+	Email    string `json:"email"`
+	Password string `json:"password"`
+}

api/account/swagger.yaml

@@ -148,6 +148,18 @@ paths:
                                 $ref: '#/components/schemas/AccountInfoResponse'
                 '401':
                     description: Unauthorized
+    /api/account/update-email:
+        post:
+            summary: Update email address
+            requestBody:
+                required: true
+                content:
+                    application/json:
+                        schema:
+                            $ref: '#/components/schemas/UpdateEmailRequest'
+            responses:
+                '200':
+                    description: Email updated successfully
     /api/upload-limit:
         get:
             summary: Get the basic file upload (POST) upload limit set by the portal
@@ -248,6 +260,16 @@ components:
                     type: string
                 password:
                     type: string
+        UpdateEmailRequest:
+            type: object
+            required:
+                - email
+                - password
+            properties:
+                email:
+                    type: string
+                password:
+                    type: string
         PingResponse:
             type: object
             properties: