Add getUserProfile and database.IsBanned

service/api/api-handler.go

@@ -31,6 +31,8 @@ func (rt *_router) Handler() http.Handler {
 	rt.router.POST("/users/:user_id/photos/:photo_id/comments", rt.wrap(rt.PostComment))
 	rt.router.DELETE("/users/:user_id/photos/:photo_id/comments/:comment_id", rt.wrap(rt.DeleteComment))
 
+	rt.router.GET("/users/:user_id", rt.wrap(rt.GetUserProfile))
+
 	rt.router.GET("/", rt.getHelloWorld)
 	rt.router.GET("/context", rt.wrap(rt.getContextReply))
 

service/api/authorization/auth-manager.go

@@ -42,3 +42,20 @@ func SendAuthorizationError(f func(db database.AppDatabase, uid string) (reqcont
 	}
 	return true
 }
+
+func SendErrorIfNotLoggedIn(f func(db database.AppDatabase) (reqcontext.AuthStatus, error), db database.AppDatabase, w http.ResponseWriter, l logrus.FieldLogger) bool {
+
+	auth, err := f(db)
+
+	if err != nil {
+		helpers.SendInternalError(err, "Authorization error", w, l)
+		return false
+	}
+
+	if auth == reqcontext.UNAUTHORIZED {
+		helpers.SendStatus(http.StatusUnauthorized, w, "Unauthorized", l)
+		return false
+	}
+
+	return true
+}

service/api/comments.go

@@ -73,6 +73,9 @@ func (rt *_router) PostComment(w http.ResponseWriter, r *http.Request, ps httpro
 
 	// check if the user is authorized to post a comment
 	if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, request_body.UID, rt.db, w, rt.baseLogger, http.StatusBadRequest) {
+		// It returns 400 Bad Request if the user_id field in the request body is missing or an invalid user_id
+		// It returns 401 if the user is not logged in
+		// It returns 403 if the user is not authorized to post a comment as the requested user
 		return
 	}
 

service/api/get-userprofile.go

@@ -0,0 +1,46 @@
+package api
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/julienschmidt/httprouter"
+	"github.com/notherealmarco/WASAPhoto/service/api/authorization"
+	"github.com/notherealmarco/WASAPhoto/service/api/helpers"
+	"github.com/notherealmarco/WASAPhoto/service/api/reqcontext"
+	"github.com/notherealmarco/WASAPhoto/service/database"
+)
+
+func (rt *_router) GetUserProfile(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {
+
+	// Get user id
+	uid := ps.ByName("user_id")
+
+	if !authorization.SendErrorIfNotLoggedIn(ctx.Auth.Authorized, rt.db, w, rt.baseLogger) ||
+		!helpers.SendNotFoundIfBanned(rt.db, ctx.Auth.GetUserID(), uid, w, rt.baseLogger) {
+		return
+	}
+
+	// Get user profile
+	status, profile, err := rt.db.GetUserProfile(uid)
+
+	if err != nil {
+		helpers.SendInternalError(err, "Database error: GetUserProfile", w, rt.baseLogger)
+		return
+	}
+
+	if status == database.ERR_NOT_FOUND {
+		helpers.SendNotFound(w, "User not found", rt.baseLogger)
+		return
+	}
+
+	// Return user profile
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusOK)
+	err = json.NewEncoder(w).Encode(profile)
+
+	if err != nil {
+		helpers.SendInternalError(err, "Error encoding json", w, rt.baseLogger)
+		return
+	}
+}

service/api/helpers/api-helpers.go

@@ -89,3 +89,16 @@ func RollbackOrLogError(tx database.DBTransaction, l logrus.FieldLogger) {
 		l.WithError(err).Error("Error rolling back transaction")
 	}
 }
+
+func SendNotFoundIfBanned(db database.AppDatabase, uid string, banner string, w http.ResponseWriter, l logrus.FieldLogger) bool {
+	banned, err := db.IsBanned(uid, banner)
+	if err != nil {
+		SendInternalError(err, "Database error: IsBanned", w, l)
+		return false
+	}
+	if banned {
+		SendNotFound(w, "User not found", l)
+		return false
+	}
+	return true
+}