Fix query errors

cmd/webapi/load-configuration.go

@@ -26,7 +26,7 @@ type WebAPIConfiguration struct {
 	}
 	Debug bool
 	DB    struct {
-		Filename string `conf:"default:/tmp/decaf.db"`
+		Filename string `conf:"default:./wasaphoto.db"`
 	}
 	Data struct {
 		Path string `conf:"default:/tmp/wasaphoto"`

service/api/helpers/get-limits.go

@@ -6,7 +6,7 @@ import (
 )
 
 const (
-	DEFAULT_LIMIT  = 10 // todo: move to config
+	DEFAULT_LIMIT  = 15 // don't know if should be moved to config
 	DEFAULT_OFFSET = 0
 )
 

service/api/photos.go

@@ -15,7 +15,7 @@ import (
 
 func (rt *_router) PostPhoto(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {
 
-	defer r.Body.Close()
+	//defer r.Body.Close()
 
 	uid := ps.ByName("user_id")
 
@@ -70,14 +70,35 @@ func (rt *_router) PostPhoto(w http.ResponseWriter, r *http.Request, ps httprout
 
 func (rt *_router) GetPhoto(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {
 
-	uid := ps.ByName("user_id")
-	photo_id := ps.ByName("photo_id")
-
-	if !helpers.VerifyUserOrNotFound(rt.db, uid, w, rt.baseLogger) {
+	if !authorization.SendErrorIfNotLoggedIn(ctx.Auth.Authorized, rt.db, w, rt.baseLogger) {
+		// We want the user to be authenticated
 		return
 	}
 
-	path := rt.dataPath + "/photos/" + uid + "/" + photo_id + ".jpg"
+	uid := ps.ByName("user_id")
+
+	photo_id_str := ps.ByName("photo_id")
+	photo_id, err := strconv.ParseInt(photo_id_str, 10, 64)
+
+	if err != nil {
+		helpers.SendBadRequest(w, "Invalid photo id", rt.baseLogger)
+		return
+	}
+
+	// This is also checking if the requesting user is banned by the author of the photo
+	exists, err := rt.db.PhotoExists(uid, photo_id, ctx.Auth.GetUserID())
+
+	if err != nil {
+		helpers.SendInternalError(err, "Database error: PhotoExists", w, rt.baseLogger)
+		return
+	}
+
+	if !exists {
+		helpers.SendNotFound(w, "Resource not found", rt.baseLogger)
+		return
+	}
+
+	path := rt.dataPath + "/photos/" + uid + "/" + photo_id_str + ".jpg"
 
 	file, err := os.Open(path)
 

service/database/database.go

@@ -60,6 +60,7 @@ type AppDatabase interface {
 
 	PostPhoto(uid string) (DBTransaction, int64, error)
 	DeletePhoto(uid string, photo int64) (bool, error)
+	PhotoExists(uid string, photo int64, requesting_uid string) (bool, error)
 
 	GetPhotoLikes(uid string, photo int64, requesting_uid string, start_index int, offset int) (QueryResult, *[]structures.UIDName, error)
 	LikePhoto(uid string, photo int64, liker_uid string) (QueryResult, error)

service/database/db-comments.go

@@ -89,15 +89,17 @@ func (db *appdbimpl) GetComments(uid string, photo_id int64, requesting_uid stri
 		return ERR_NOT_FOUND, nil, err
 	}
 
-	rows, err := db.c.Query(`SELECT "c"."id", "c"."user", "c"."comment", "c"."date" FROM "comments" AS "c"
+	rows, err := db.c.Query(`SELECT "c"."id", "c"."user", "c"."comment", "c"."date", "u"."name"
+								FROM "comments" AS "c", "users" AS "u"
 								WHERE "c"."photo" = ?
 								AND "c"."user" NOT IN (
 									SELECT "bans"."user" FROM "bans"
-									WHERE "bans"."user" = ?
-									AND "bans"."ban" = "c"."user"
+									WHERE "bans"."user" = "c"."user"
+									AND "bans"."ban" = ?
 								)
-								OFFSET ?
-								LIMIT ?`, photo_id, requesting_uid, start_index, limit)
+								AND "u"."uid" = "c"."user"
+								LIMIT ?
+								OFFSET ?`, photo_id, requesting_uid, limit, start_index)
 
 	if err != nil {
 		return ERR_INTERNAL, nil, err
@@ -109,7 +111,7 @@ func (db *appdbimpl) GetComments(uid string, photo_id int64, requesting_uid stri
 
 	for rows.Next() {
 		var c structures.Comment
-		err = rows.Scan(&c.CommentID, &c.UID, &c.Comment, &c.Date)
+		err = rows.Scan(&c.CommentID, &c.UID, &c.Comment, &c.Date, &c.Name)
 		if err != nil {
 			return ERR_INTERNAL, nil, err
 		}

service/database/db-likes.go

@@ -22,12 +22,12 @@ func (db *appdbimpl) GetPhotoLikes(uid string, photo int64, requesting_uid strin
 								WHERE "likes"."photo_id" = ?
 								AND "likes"."user" NOT IN (
 									SELECT "bans"."user" FROM "bans"
-									WHERE "bans"."user" = ?
-									AND "bans"."ban" = "likes"."user"
+									WHERE "bans"."user" = "likes"."user"
+									AND "bans"."ban" = ?
 								)
 								AND "likes"."user" = "users"."uid"
-								OFFSET ?
-								LIMIT ?`, photo, requesting_uid, start_index, limit)
+								LIMIT ?
+								OFFSET ?`, photo, requesting_uid, limit, start_index)
 	if err != nil {
 		return ERR_INTERNAL, nil, err
 	}

service/database/db-photos.go

@@ -52,3 +52,20 @@ func (db *appdbimpl) photoExists(uid string, photo int64) (bool, error) {
 	}
 	return cnt > 0, nil
 }
+
+func (db *appdbimpl) PhotoExists(uid string, photo int64, requesting_uid string) (bool, error) {
+
+	var cnt int64
+	err := db.c.QueryRow(`SELECT COUNT(*) FROM "photos"
+							WHERE "id" = ?
+							AND "user" = ?
+							AND "user" NOT IN (
+								SELECT "bans"."user" FROM "bans"
+								WHERE "bans"."user" = "photos"."user"
+								AND "bans"."ban" = ?
+							)`, photo, uid, requesting_uid).Scan(&cnt)
+	if err != nil {
+		return false, err
+	}
+	return cnt > 0, nil
+}

service/database/db-stream.go

@@ -26,8 +26,8 @@ func (db *appdbimpl) GetUserStream(uid string, start_index int, limit int) (*[]s
 									SELECT "user" FROM "bans" WHERE "ban" = ?
 								)
 								ORDER BY "p"."date" DESC
-								OFFSET ?
-								LIMIT ?`, uid, uid, start_index, limit)
+								LIMIT ?
+								OFFSET ?`, uid, uid, limit, start_index)
 	if err != nil {
 		// Return the error
 		return nil, err

service/database/db-users.go

@@ -66,8 +66,8 @@ func (db *appdbimpl) GetUserFollowers(uid string, requesting_uid string, start_i
 							
 							AND "follows"."follower" NOT IN (
 								SELECT "bans"."user" FROM "bans"
-								WHERE "bans"."user" = ?
-								AND "bans"."ban" = "follows"."follower"
+								WHERE "bans"."user" = "follows"."follower"
+								AND "bans"."ban" = ?
 							)
 
 							AND "followed" = ?
@@ -102,13 +102,13 @@ func (db *appdbimpl) GetUserFollowing(uid string, requesting_uid string, start_i
 
 							AND "follows"."followed" NOT IN (
 								SELECT "bans"."user" FROM "bans"
-								WHERE "bans"."user" = ?
-								AND "bans"."ban" = "follows"."followed"
+								WHERE "bans"."user" = "follows"."followed"
+								AND "bans"."ban" = ?
 							)
 
 							AND "follower" = ?
-							OFFSET ?
-							LIMIT ?`, uid, requesting_uid, start_index, offset)
+							LIMIT ?
+							OFFSET ?`, uid, requesting_uid, offset, start_index)
 
 	following, err := db.uidNameQuery(rows, err)
 
@@ -237,11 +237,11 @@ func (db *appdbimpl) IsBanned(uid string, banner string) (bool, error) {
 
 func (db *appdbimpl) GetUserBans(uid string, start_index int, limit int) (*[]structures.UIDName, error) {
 
-	rows, err := db.c.Query(`SELECT "ban", "user"."name" FROM "bans", "users"
+	rows, err := db.c.Query(`SELECT "ban", "users"."name" FROM "bans", "users"
 							WHERE "bans"."ban" = "users"."uid"
 							AND "bans"."user" = ?
-							OFFSET ?
-							LIMIT ?`, uid, start_index, limit)
+							LIMIT ?
+							OFFSET ?`, uid, limit, start_index)
 
 	bans, err := db.uidNameQuery(rows, err)
 
@@ -256,15 +256,15 @@ func (db *appdbimpl) GetUserBans(uid string, start_index int, limit int) (*[]str
 func (db *appdbimpl) SearchByName(name string, requesting_uid string, start_index int, limit int) (*[]structures.UIDName, error) {
 
 	rows, err := db.c.Query(`SELECT "uid", "name" FROM "users"
-							WHERE "name" LIKE ?
+							WHERE "name" LIKE '%' || ? || '%'
 
 							AND "uid" NOT IN (
 								SELECT "bans"."user" FROM "bans"
 								WHERE "bans"."user" = "users"."uid"
 								AND "bans"."ban" = ?
 							)
-							OFFSET ?
-							LIMIT ?`, name, requesting_uid, start_index, limit)
+							LIMIT ?
+							OFFSET ?`, name, requesting_uid, limit, start_index)
 
 	users, err := db.uidNameQuery(rows, err)