|
|
@ -6,6 +6,8 @@ import ( |
|
|
|
"encoding/json" |
|
|
|
"encoding/json" |
|
|
|
"io" |
|
|
|
"io" |
|
|
|
"net/http" |
|
|
|
"net/http" |
|
|
|
|
|
|
|
"path" |
|
|
|
|
|
|
|
"strconv" |
|
|
|
"time" |
|
|
|
"time" |
|
|
|
) |
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
@ -15,23 +17,6 @@ func (s *Server) UserEndpoint(w http.ResponseWriter, req *http.Request) { |
|
|
|
// Delete an existing user
|
|
|
|
// Delete an existing user
|
|
|
|
defer req.Body.Close() |
|
|
|
defer req.Body.Close() |
|
|
|
|
|
|
|
|
|
|
|
// Read body
|
|
|
|
|
|
|
|
body, err := io.ReadAll(req.Body) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
logger.Warning("[Server] Failed to read request body to delete a user: %s", err) |
|
|
|
|
|
|
|
http.Error(w, "Failed to read body", http.StatusInternalServerError) |
|
|
|
|
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Unmarshal JSON
|
|
|
|
|
|
|
|
var newUser db.User |
|
|
|
|
|
|
|
err = json.Unmarshal(body, &newUser) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
logger.Warning("[Server] Received invalid user JSON for deletion: %s", err) |
|
|
|
|
|
|
|
http.Error(w, "Invalid user JSON", http.StatusBadRequest) |
|
|
|
|
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
username := GetUsernameFromAuth(req) |
|
|
|
username := GetUsernameFromAuth(req) |
|
|
|
|
|
|
|
|
|
|
|
// Check if auth data is valid
|
|
|
|
// Check if auth data is valid
|
|
|
@ -43,7 +28,7 @@ func (s *Server) UserEndpoint(w http.ResponseWriter, req *http.Request) { |
|
|
|
|
|
|
|
|
|
|
|
// It is, indeed, a user
|
|
|
|
// It is, indeed, a user
|
|
|
|
// Delete with all TODOs
|
|
|
|
// Delete with all TODOs
|
|
|
|
err = s.db.DeleteUserClean(username) |
|
|
|
err := s.db.DeleteUserClean(username) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
logger.Error("[Server] Failed to delete %s: %s", username, err) |
|
|
|
logger.Error("[Server] Failed to delete %s: %s", username, err) |
|
|
|
http.Error(w, "Failed to delete user or TODO contents", http.StatusInternalServerError) |
|
|
|
http.Error(w, "Failed to delete user or TODO contents", http.StatusInternalServerError) |
|
|
@ -127,36 +112,28 @@ func (s *Server) TodoEndpoint(w http.ResponseWriter, req *http.Request) { |
|
|
|
// Delete an existing TODO
|
|
|
|
// Delete an existing TODO
|
|
|
|
defer req.Body.Close() |
|
|
|
defer req.Body.Close() |
|
|
|
|
|
|
|
|
|
|
|
// Read body
|
|
|
|
// Check if this user actually exists and the password is valid
|
|
|
|
body, err := io.ReadAll(req.Body) |
|
|
|
if !IsRequestAuthValid(req, s.db) { |
|
|
|
if err != nil { |
|
|
|
http.Error(w, "Invalid user auth data", http.StatusForbidden) |
|
|
|
logger.Warning("[Server] Failed to read request body to possibly delete a TODO: %s", err) |
|
|
|
|
|
|
|
http.Error(w, "Failed to read body", http.StatusInternalServerError) |
|
|
|
|
|
|
|
return |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Unmarshal JSON
|
|
|
|
// Obtain TODO ID
|
|
|
|
var todo db.Todo |
|
|
|
todoIDStr := path.Base(req.URL.Path) |
|
|
|
err = json.Unmarshal(body, &todo) |
|
|
|
todoID, err := strconv.ParseUint(todoIDStr, 10, 64) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
logger.Warning("[Server] Received invalid TODO JSON for deletion: %s", err) |
|
|
|
http.Error(w, "Invalid TODO ID", http.StatusBadRequest) |
|
|
|
http.Error(w, "Invalid TODO JSON", http.StatusBadRequest) |
|
|
|
|
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Check if given user actually owns this TODO
|
|
|
|
|
|
|
|
if !IsRequestAuthValid(req, s.db) { |
|
|
|
|
|
|
|
http.Error(w, "Invalid user auth data", http.StatusForbidden) |
|
|
|
|
|
|
|
return |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if !DoesUserOwnTodo(GetUsernameFromAuth(req), todo.ID, s.db) { |
|
|
|
// Check if the user owns this TODO
|
|
|
|
|
|
|
|
if !DoesUserOwnTodo(GetUsernameFromAuth(req), todoID, s.db) { |
|
|
|
http.Error(w, "You don't own this TODO", http.StatusForbidden) |
|
|
|
http.Error(w, "You don't own this TODO", http.StatusForbidden) |
|
|
|
return |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Now delete
|
|
|
|
// Now delete
|
|
|
|
err = s.db.DeleteTodo(todo.ID) |
|
|
|
err = s.db.DeleteTodo(todoID) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
logger.Error("[Server] Failed to delete %s's TODO: %s", GetUsernameFromAuth(req), err) |
|
|
|
logger.Error("[Server] Failed to delete %s's TODO: %s", GetUsernameFromAuth(req), err) |
|
|
|
http.Error(w, "Failed to delete TODO", http.StatusInternalServerError) |
|
|
|
http.Error(w, "Failed to delete TODO", http.StatusInternalServerError) |
|
|
@ -164,6 +141,7 @@ func (s *Server) TodoEndpoint(w http.ResponseWriter, req *http.Request) { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Success!
|
|
|
|
// Success!
|
|
|
|
|
|
|
|
logger.Info("[Server] deleted TODO with ID %d", todoID) |
|
|
|
w.WriteHeader(http.StatusOK) |
|
|
|
w.WriteHeader(http.StatusOK) |
|
|
|
|
|
|
|
|
|
|
|
case http.MethodPost: |
|
|
|
case http.MethodPost: |
|
|
|