Images on public wishlists (#26)

#24
aunefyren · Jan 2, 2024 · c9f54fc · c9f54fc
1 parent 4c45a98
commit c9f54fc
Show file tree

Hide file tree

Showing 6 changed files with 100 additions and 61 deletions.
diff --git a/controllers/image.go b/controllers/image.go
@@ -2,6 +2,7 @@ package controllers
 
 import (
 	"aunefyren/poenskelisten/database"
+	"aunefyren/poenskelisten/middlewares"
 	"bytes"
 	"encoding/base64"
 	"errors"
@@ -297,6 +298,27 @@ func APIGetWishImage(context *gin.Context) {
 		return
 	}
 
+	// Get wishlist object
+	wishlistFound, wishlist, err := database.GetWishlistByWishID(wishID)
+	if err != nil {
+		log.Println("Failed to get wishlist. Error: " + err.Error())
+		context.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get wishlist."})
+		context.Abort()
+		return
+	} else if !wishlistFound {
+		context.JSON(http.StatusBadRequest, gin.H{"error": "Failed to find wishlist for wish."})
+		context.Abort()
+		return
+	} else if wishlist.Public != nil && !*wishlist.Public {
+		success, errorString, httpStatus := middlewares.AuthFunction(context, false)
+
+		if !success {
+			context.JSON(httpStatus, gin.H{"error": errorString})
+			context.Abort()
+			return
+		}
+	}
+
 	// Check if user exists
 	wishFound, _, err := database.GetWishByWishID(wishID)
 	if err != nil || !wishFound {

diff --git a/database/wish.go b/database/wish.go
@@ -185,3 +185,23 @@ func DeleteWish(WishID uuid.UUID) error {
 	}
 	return nil
 }
+
+// Get wish by wish ID
+func GetWishlistByWishID(wishID uuid.UUID) (bool, models.Wishlist, error) {
+	var wishlist models.Wishlist
+
+	wishlistRecords := Instance.
+		Where("`wishlists`.enabled = ?", 1).
+		Joins("JOIN `wishes` on `wishlists`.id = `wishes`.wishlist_id").
+		Where("`wishes`.enabled = ?", 1).
+		Where("`wishes`.id = ?", wishID).
+		Find(&wishlist)
+
+	if wishlistRecords.Error != nil {
+		return false, models.Wishlist{}, wishlistRecords.Error
+	} else if wishlistRecords.RowsAffected != 1 {
+		return false, models.Wishlist{}, nil
+	}
+
+	return true, wishlist, nil
+}
diff --git a/main.go b/main.go
@@ -180,6 +180,11 @@ func initRouter() *gin.Engine {
 			open.GET("/wishlists/public/:wishlist_hash", controllers.GetPublicWishlist)
 		}
 
+		both := api.Group("/both")
+		{
+			both.GET("/wishes/:wish_id/image", controllers.APIGetWishImage)
+		}
+
 		auth := api.Group("/auth").Use(middlewares.Auth(false))
 		{
 			auth.POST("/tokens/validate", controllers.ValidateToken)
@@ -212,7 +217,6 @@ func initRouter() *gin.Engine {
 			auth.POST("/wishes/:wish_id/claim", controllers.RegisterWishClaim)
 			auth.POST("/wishes/:wish_id/unclaim", controllers.RemoveWishClaim)
 			auth.POST("/wishes/:wish_id/update", controllers.APIUpdateWish)
-			auth.GET("/wishes/:wish_id/image", controllers.APIGetWishImage)
 			auth.GET("/wishes/:wish_id", controllers.APIGetWish)
 
 			auth.GET("/news", controllers.GetNews)

diff --git a/middlewares/auth.go b/middlewares/auth.go
@@ -14,76 +14,73 @@ import (
 
 func Auth(admin bool) gin.HandlerFunc {
 	return func(context *gin.Context) {
-		tokenString := context.GetHeader("Authorization")
-		if tokenString == "" {
-			context.JSON(401, gin.H{"error": "Request does not contain an access token"})
-			context.Abort()
-			return
-		}
+		success, errorString, httpStatus := AuthFunction(context, admin)
 
-		err := auth.ValidateToken(tokenString, admin)
-		if err != nil {
-			log.Println("Failed to validate token. Error: " + err.Error())
-			context.JSON(http.StatusForbidden, gin.H{"error": "Failed to validate token."})
+		if !success {
+			context.JSON(httpStatus, gin.H{"error": errorString})
 			context.Abort()
 			return
 		}
 
-		// Get configuration
-		config, err := config.GetConfig()
+		context.Next()
+	}
+}
+
+func AuthFunction(context *gin.Context, admin bool) (success bool, errorString string, httpStatus int) {
+	tokenString := context.GetHeader("Authorization")
+	if tokenString == "" {
+		return false, "Request does not contain an access token", http.StatusBadRequest
+	}
+
+	err := auth.ValidateToken(tokenString, admin)
+	if err != nil {
+		log.Println("Failed to validate token. Error: " + err.Error())
+		return false, "Failed to validate token.", http.StatusBadRequest
+	}
+
+	// Get configuration
+	config, err := config.GetConfig()
+	if err != nil {
+		log.Println("Failed to get config. Error: " + err.Error())
+		return false, "Failed to get config.", http.StatusInternalServerError
+	}
+
+	// If SMTP is enabled, verify if user is enabled
+	if config.SMTPEnabled {
+
+		// Get userID from header
+		userID, err := GetAuthUsername(context.GetHeader("Authorization"))
 		if err != nil {
-			log.Println("Failed to get config. Error: " + err.Error())
-			context.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get config."})
-			context.Abort()
-			return
+			log.Println("Failed to get user ID from token. Error: " + err.Error())
+			return false, "Failed to get user ID from token.", http.StatusInternalServerError
 		}
 
-		// If SMTP is enabled, verify if user is enabled
-		if config.SMTPEnabled {
+		// Check if the user is verified
+		verified, err := database.VerifyUserIsVerified(userID)
+		if !verified {
 
-			// Get userID from header
-			userID, err := GetAuthUsername(context.GetHeader("Authorization"))
+			// Verify user has verification code
+			hasVerficationCode, err := database.VerifyUserHasVerfificationCode(userID)
 			if err != nil {
-				log.Println("Failed to get user ID from token. Error: " + err.Error())
-				context.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get user ID from token."})
-				context.Abort()
-				return
+				log.Println("Failed to get verification code. Error: " + err.Error())
+				return false, "Failed to get verification code.", http.StatusInternalServerError
 			}
 
-			// Check if the user is verified
-			verified, err := database.VerifyUserIsVerified(userID)
-			if !verified {
-
-				// Verify user has verification code
-				hasVerficationCode, err := database.VerifyUserHasVerfificationCode(userID)
+			// If the user doesn't have a code, set one
+			if !hasVerficationCode {
+				_, err := database.GenrateRandomVerificationCodeForuser(userID)
 				if err != nil {
-					log.Println("Failed to get verification code. Error: " + err.Error())
-					context.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get verification code."})
-					context.Abort()
-					return
+					log.Println("Failed to generate verification code. Error: " + err.Error())
+					return false, "Failed to generate verification code.", http.StatusInternalServerError
 				}
-
-				// If the user doesn't have a code, set one
-				if !hasVerficationCode {
-					_, err := database.GenrateRandomVerificationCodeForuser(userID)
-					if err != nil {
-						log.Println("Failed to generate verification code. Error: " + err.Error())
-						context.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to generate verification code."})
-						context.Abort()
-						return
-					}
-				}
-
-				// Return error
-				context.JSON(http.StatusForbidden, gin.H{"error": "You must verify your account."})
-				context.Abort()
-				return
 			}
 
+			// Return error
+			return false, "You must verify your account.", http.StatusForbidden
 		}
-
-		context.Next()
 	}
+
+	return true, "", http.StatusOK
 }
 
 func GetAuthUsername(tokenString string) (uuid.UUID, error) {

diff --git a/web/js/public.js b/web/js/public.js
@@ -240,10 +240,6 @@ function placeWishes(wishes_array, wishlist_id, group_id, user_id) {
 }
 
 function generate_wish_html(wish_object, wishlist_id, group_id, user_id) {
-
-    // Disable wish images
-    wish_object.image = false;
-
     var html = '';
     var wish_with_image = false;
 
@@ -428,7 +424,7 @@ function GetWishImage(wishID) {
         }
     };
     xhttp.withCredentials = true;
-    xhttp.open("get", api_url + "auth/wishes/" + wishID + "/image");
+    xhttp.open("get", api_url + "both/wishes/" + wishID + "/image");
     xhttp.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
     xhttp.setRequestHeader("Authorization", jwt);
     xhttp.send();
@@ -472,7 +468,7 @@ function GetWishImageThumbail(wishID) {
         }
     };
     xhttp.withCredentials = true;
-    xhttp.open("get", api_url + "auth/wishes/" + wishID + "/image?thumbnail=true");
+    xhttp.open("get", api_url + "both/wishes/" + wishID + "/image?thumbnail=true");
     xhttp.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
     xhttp.setRequestHeader("Authorization", jwt);
     xhttp.send();

diff --git a/web/js/wishlist.js b/web/js/wishlist.js
@@ -1179,7 +1179,7 @@ function GetWishImage(wishID) {
         }
     };
     xhttp.withCredentials = true;
-    xhttp.open("get", api_url + "auth/wishes/" + wishID + "/image");
+    xhttp.open("get", api_url + "both/wishes/" + wishID + "/image");
     xhttp.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
     xhttp.setRequestHeader("Authorization", jwt);
     xhttp.send();
@@ -1223,7 +1223,7 @@ function GetWishImageThumbail(wishID) {
         }
     };
     xhttp.withCredentials = true;
-    xhttp.open("get", api_url + "auth/wishes/" + wishID + "/image?thumbnail=true");
+    xhttp.open("get", api_url + "both/wishes/" + wishID + "/image?thumbnail=true");
     xhttp.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
     xhttp.setRequestHeader("Authorization", jwt);
     xhttp.send();