Fixed a lot of bad queries

2025-05-05 12:22:35 +02:00 · 2022-11-22 23:41:52 +01:00 · 2022-11-22 23:41:52 +01:00 · 233217beb9
commit 233217beb9
parent a3cf4f17f8
15 changed files with 48 additions and 30 deletions
--- a/service/api/api-handler.go
+++ b/service/api/api-handler.go
@ -22,6 +22,7 @@ func (rt *_router) Handler() http.Handler {
 	rt.router.PUT("/users/:user_id/bans/:ban_uid", rt.wrap(rt.PutBan))
 	rt.router.DELETE("/users/:user_id/bans/:ban_uid", rt.wrap(rt.DeleteBan))

+	rt.router.GET("/users/:user_id/photos", rt.wrap(rt.GetUserPhotos))
 	rt.router.POST("/users/:user_id/photos", rt.wrap(rt.PostPhoto))
 	rt.router.GET("/users/:user_id/photos/:photo_id", rt.wrap(rt.GetPhoto))
 	rt.router.DELETE("/users/:user_id/photos/:photo_id", rt.wrap(rt.DeletePhoto))
@ -36,7 +37,7 @@ func (rt *_router) Handler() http.Handler {

 	rt.router.GET("/users/:user_id", rt.wrap(rt.GetUserProfile))

-	rt.router.GET("/stream", rt.wrap(rt.GetUserStream)) //todo: why not "/users/:user_id/stream"?
+	rt.router.GET("/stream", rt.wrap(rt.GetUserStream))

 	rt.router.GET("/", rt.getHelloWorld)
 	rt.router.GET("/context", rt.wrap(rt.getContextReply))
--- a/service/api/authorization/auth-manager.go
+++ b/service/api/authorization/auth-manager.go
@ -37,7 +37,7 @@ func SendAuthorizationError(f func(db database.AppDatabase, uid string) (reqcont
 	}
 	// requested user is not found -> 404 as the resource is not found
 	if auth == reqcontext.USER_NOT_FOUND {
-		helpers.SendStatus(notFoundStatus, w, "Resource not found", l)
+		helpers.SendStatus(notFoundStatus, w, "User not found", l)
 		return false
 	}
 	return true
--- a/service/api/followers.go
+++ b/service/api/followers.go
@ -15,6 +15,10 @@ import (

 func (rt *_router) GetFollowersFollowing(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {

+	if !authorization.SendErrorIfNotLoggedIn(ctx.Auth.Authorized, rt.db, w, rt.baseLogger) {
+		return
+	}
+
 	uid := ps.ByName("user_id")

 	if !helpers.VerifyUserOrNotFound(rt.db, uid, w, rt.baseLogger) {
--- a/service/api/get-userprofile.go
+++ b/service/api/get-userprofile.go
@ -64,7 +64,7 @@ func (rt *_router) GetUserPhotos(w http.ResponseWriter, r *http.Request, ps http
 	}

 	// Get user photos
-	photos, err := rt.db.GetUserPhotos(uid, start_index, limit)
+	photos, err := rt.db.GetUserPhotos(uid, ctx.Auth.GetUserID(), start_index, limit)

 	if err != nil {
 		helpers.SendInternalError(err, "Database error: GetUserPhotos", w, rt.baseLogger)
--- a/service/api/helpers/api-helpers.go
+++ b/service/api/helpers/api-helpers.go
@ -41,7 +41,6 @@ func SendStatus(httpStatus int, w http.ResponseWriter, description string, l log
 	err := json.NewEncoder(w).Encode(structures.GenericResponse{Status: description})
 	if err != nil {
 		l.WithError(err).Error("Error encoding json")
-		//todo: empty response?
 	}
 }

@ -50,7 +49,6 @@ func SendNotFound(w http.ResponseWriter, description string, l logrus.FieldLogge
 	err := json.NewEncoder(w).Encode(structures.GenericResponse{Status: description})
 	if err != nil {
 		l.WithError(err).Error("Error encoding json")
-		//todo: empty response?
 	}
 }

@ -59,7 +57,6 @@ func SendBadRequest(w http.ResponseWriter, description string, l logrus.FieldLog
 	err := json.NewEncoder(w).Encode(structures.GenericResponse{Status: description})
 	if err != nil {
 		l.WithError(err).Error("Error encoding json")
-		//todo: empty response?
 	}
 }

@ -69,7 +66,6 @@ func SendBadRequestError(err error, description string, w http.ResponseWriter, l
 	err = json.NewEncoder(w).Encode(structures.GenericResponse{Status: description})
 	if err != nil {
 		l.WithError(err).Error("Error encoding json")
-		//todo: empty response?
 	}
 }

@ -79,7 +75,6 @@ func SendInternalError(err error, description string, w http.ResponseWriter, l l
 	err = json.NewEncoder(w).Encode(structures.GenericResponse{Status: description})
 	if err != nil {
 		l.WithError(err).Error("Error encoding json")
-		//todo: empty response?
 	}
 }

--- a/service/api/likes.go
+++ b/service/api/likes.go
@ -14,6 +14,10 @@ import (

 func (rt *_router) GetLikes(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {

+	if !authorization.SendErrorIfNotLoggedIn(ctx.Auth.Authorized, rt.db, w, rt.baseLogger) {
+		return
+	}
+
 	// get the user id from the url
 	uid := ps.ByName("user_id")
 	photo_id, err := strconv.ParseInt(ps.ByName("photo_id"), 10, 64)
--- a/service/api/post-session.go
+++ b/service/api/post-session.go
@ -23,7 +23,7 @@ type _respbody struct {
 func (rt *_router) PostSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {

 	var request _reqbody
-	err := json.NewDecoder(r.Body).Decode(&request) //todo: capire se serve close
+	err := json.NewDecoder(r.Body).Decode(&request)

 	var uid string
 	if err == nil { // test if user exists
--- a/service/api/put-updateusername.go
+++ b/service/api/put-updateusername.go
@ -21,19 +21,12 @@ func (rt *_router) UpdateUsername(w http.ResponseWriter, r *http.Request, ps htt
 		return
 	}

-	//err := json.NewDecoder(r.Body).Decode(&req) //todo: capire se serve close
-
-	//if err != nil {
-	//	w.WriteHeader(http.StatusBadRequest) // todo: move to DecodeOrBadRequest helper
-	//	return
-	//}
-
 	err := rt.db.UpdateUsername(uid, req.Name)

 	if err != nil {
-		w.WriteHeader(http.StatusInternalServerError) // todo: is not ok, maybe let's use a helper
+		helpers.SendInternalError(err, "Database error: UpdateUsername", w, rt.baseLogger)
 		return
 	}

-	w.WriteHeader(http.StatusNoContent) // todo: change to 204 also in API spec
+	w.WriteHeader(http.StatusNoContent)
 }