feat: add option to change username

locales/en-US.json

@@ -501,5 +501,11 @@
     "toggle_theme": "Toggle Theme",
     "carousel_slide": "Slide {{current}} of {{total}}",
     "carousel_skip": "Skip the Carousel",
-    "carousel_go_to": "Go to slide `x`"
+    "carousel_go_to": "Go to slide `x`",
+    "new_username": "New username",
+    "change_username": "Change username",
+    "username_required_field": "Username is a required field",
+    "username_empty": "Username cannot be empty",
+    "username_is_the_same": "This is your username, use another one",
+    "username_taken": "Username is already taken, use another one"
 }

src/invidious/database/users.cr

@@ -184,6 +184,36 @@ module Invidious::Database::Users
     PG_DB.exec(request, pass, user.email)
   end
 
+  def update_username(user : User, username : String)
+    request = <<-SQL
+      UPDATE users
+      SET email = $1
+      WHERE email = $2
+    SQL
+
+    PG_DB.exec(request, username, user.email)
+  end
+
+  def update_user_session_id(user : User, username : String)
+    request = <<-SQL
+      UPDATE session_ids
+      SET email = $1
+      WHERE email = $2
+    SQL
+
+    PG_DB.exec(request, username, user.email)
+  end
+
+  def update_user_playlists_author(user : User, username : String)
+    request = <<-SQL
+      UPDATE playlists
+      SET author = $1
+      WHERE author = $2
+    SQL
+
+    PG_DB.exec(request, username, user.email)
+  end
+
   # -------------------
   #  Select
   # -------------------

src/invidious/routes/account.cr

@@ -78,6 +78,75 @@ module Invidious::Routes::Account
     env.redirect referer
   end
 
+  # -------------------
+  #  Username update
+  # -------------------
+
+  # Show the username change interface (GET request)
+  def get_change_username(env)
+    locale = env.get("preferences").as(Preferences).locale
+
+    user = env.get? "user"
+    sid = env.get? "sid"
+    referer = get_referer(env)
+
+    if !user
+      return env.redirect referer
+    end
+
+    user = user.as(User)
+    sid = sid.as(String)
+    csrf_token = generate_response(sid, {":change_username"}, HMAC_KEY)
+
+    templated "user/change_username"
+  end
+
+  # Handle the username change (POST request)
+  def post_change_username(env)
+    locale = env.get("preferences").as(Preferences).locale
+
+    user = env.get? "user"
+    sid = env.get? "sid"
+    referer = get_referer(env)
+
+    if !user
+      return env.redirect referer
+    end
+
+    user = user.as(User)
+    sid = sid.as(String)
+    token = env.params.body["csrf_token"]?
+
+    begin
+      validate_request(token, sid, env.request, HMAC_KEY, locale)
+    rescue ex
+      return error_template(400, ex)
+    end
+
+    new_username = env.params.body["new_username"]?
+    if new_username.nil?
+      return error_template(401, "username_required_field")
+    end
+
+    if new_username.empty?
+      return error_template(401, "username_empty")
+    end
+
+    if new_username == user.email
+      return error_template(401, "username_is_the_same")
+    end
+
+    if Invidious::Database::Users.select(email: new_username)
+      return error_template(401, "username_taken")
+    end
+
+    Invidious::Database::Users.update_username(user, new_username.to_s)
+    Invidious::Database::Users.update_user_session_id(user, new_username.to_s)
+    Invidious::Database::Users.update_user_playlists_author(user, new_username.to_s)
+
+    env.redirect referer
+  end
+
   # -------------------
   #  Account deletion
   # -------------------

src/invidious/routing.cr

@@ -68,6 +68,8 @@ module Invidious::Routing
     # User account management
     get "/change_password", Routes::Account, :get_change_password
     post "/change_password", Routes::Account, :post_change_password
+    get "/change_username", Routes::Account, :get_change_username
+    post "/change_username", Routes::Account, :post_change_username
     get "/delete_account", Routes::Account, :get_delete
     post "/delete_account", Routes::Account, :post_delete
     get "/clear_watch_history", Routes::Account, :get_clear_history

src/invidious/views/user/change_username.ecr

@@ -0,0 +1,26 @@
+<% content_for "header" do %>
+<title><%= translate(locale, "change_username") %> - Invidious</title>
+<% end %>
+
+<div class="pure-g">
+    <div class="pure-u-1 pure-u-lg-1-5"></div>
+    <div class="pure-u-1 pure-u-lg-3-5">
+        <div class="h-box">
+            <form class="pure-form pure-form-aligned" action="/change_username?referer=<%= URI.encode_www_form(referer) %>" method="post">
+                <legend><%= translate(locale, "") %></legend>
+
+                <fieldset>
+                    <label for="new_username"><%= translate(locale, "new_username") %> :</label>
+                    <input required class="pure-input-1" name="new_username" type="text" placeholder="<%= translate(locale, "new_username") %>">
+
+                    <button type="submit" name="action" value="change_username" class="pure-button pure-button-primary">
+                        <%= translate(locale, "change_username") %>
+                    </button>
+
+                    <input type="hidden" name="csrf_token" value="<%= HTML.escape(csrf_token) %>">
+                </fieldset>
+            </form>
+        </div>
+    </div>
+    <div class="pure-u-1 pure-u-lg-1-5"></div>
+</div>

src/invidious/views/user/preferences.ecr

@@ -330,6 +330,10 @@
                     <a href="/change_password?referer=<%= URI.encode_www_form(referer) %>"><%= translate(locale, "Change password") %></a>
                 </div>
 
+                <div class="pure-control-group">
+                    <a href="/change_username?referer=<%= URI.encode_www_form(referer) %>"><%= translate(locale, "change_username") %></a>
+                </div>
+
                 <div class="pure-control-group">
                     <a href="/data_control?referer=<%= URI.encode_www_form(referer) %>"><%= translate(locale, "Import/export data") %></a>
                 </div>