From ee52204a046b6623c0932fbffef394f8a7891d19 Mon Sep 17 00:00:00 2001
From: Sergio Vera <svera@adobe.com>
Date: Sun, 28 Jul 2024 12:25:47 +0200
Subject: [PATCH] REST highlights

---
 internal/webserver/controller/auth/signin.go  |  2 +-
 internal/webserver/controller/auth/signout.go |  2 +-
 .../webserver/controller/highlight/list.go    |  2 +-
 .../webserver/embedded/views/document.html    |  4 ++--
 internal/webserver/embedded/views/index.html  |  2 +-
 internal/webserver/embedded/views/layout.html |  2 +-
 .../embedded/views/partials/actions.html      |  4 ++--
 internal/webserver/highlights_test.go         | 21 +++++++++----------
 internal/webserver/middleware.go              |  2 +-
 internal/webserver/routes.go                  |  6 +++---
 10 files changed, 23 insertions(+), 24 deletions(-)

diff --git a/internal/webserver/controller/auth/signin.go b/internal/webserver/controller/auth/signin.go
index 6d4a620..9be3d3d 100644
--- a/internal/webserver/controller/auth/signin.go
+++ b/internal/webserver/controller/auth/signin.go
@@ -41,7 +41,7 @@ func (a *Controller) SignIn(c *fiber.Ctx) error {
 		Name:     "coreander",
 		Value:    signedToken,
 		Path:     "/",
-		MaxAge:   int(a.config.SessionTimeout.Seconds()),
+		MaxAge:   34560000, // 400 days which is the life limit imposed by Chrome
 		Secure:   false,
 		HTTPOnly: true,
 	})
diff --git a/internal/webserver/controller/auth/signout.go b/internal/webserver/controller/auth/signout.go
index acdf654..7daec00 100644
--- a/internal/webserver/controller/auth/signout.go
+++ b/internal/webserver/controller/auth/signout.go
@@ -8,7 +8,7 @@ import (
 func (a *Controller) SignOut(c *fiber.Ctx) error {
 	c.Cookie(&fiber.Cookie{
 		Name:     "coreander",
-		Value:    "void",
+		Value:    "",
 		Path:     "/",
 		MaxAge:   -1,
 		Secure:   false,
diff --git a/internal/webserver/controller/highlight/list.go b/internal/webserver/controller/highlight/list.go
index 10fcd73..d3a8d16 100644
--- a/internal/webserver/controller/highlight/list.go
+++ b/internal/webserver/controller/highlight/list.go
@@ -32,7 +32,7 @@ func (h *Controller) List(c *fiber.Ctx) error {
 		h.wordsPerMinute = session.WordsPerMinute
 	}
 
-	user, err := h.usrRepository.FindByUsername(c.Params("username"))
+	user, err := h.usrRepository.FindByUsername(session.Username)
 	if err != nil {
 		log.Println(err.Error())
 		return fiber.ErrInternalServerError
diff --git a/internal/webserver/embedded/views/document.html b/internal/webserver/embedded/views/document.html
index 1ce56b8..2f17f35 100644
--- a/internal/webserver/embedded/views/document.html
+++ b/internal/webserver/embedded/views/document.html
@@ -41,14 +41,14 @@ <h3 class="card-text text-center mx-1 mt-3">
             </a>
 
             {{if and (.Session) (ne .Session.Name "")}}
-            <a href="/documents/{{.Document.Slug}}/highlight" class="btn btn-outline-secondary highlight {{if .Document.Highlighted}}visually-hidden{{end}}" data-dehighlight="{{.OnDehighlight}}" data-method="POST">
+            <a href="/highlights/{{.Document.Slug}}" class="btn btn-outline-secondary highlight {{if .Document.Highlighted}}visually-hidden{{end}}" data-dehighlight="{{.OnDehighlight}}" data-method="POST">
                 <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-star" viewBox="0 0 16 16">
                     <path d="M2.866 14.85c-.078.444.36.791.746.593l4.39-2.256 4.389 2.256c.386.198.824-.149.746-.592l-.83-4.73 3.522-3.356c.33-.314.16-.888-.282-.95l-4.898-.696L8.465.792a.513.513 0 0 0-.927 0L5.354 5.12l-4.898.696c-.441.062-.612.636-.283.95l3.523 3.356-.83 4.73zm4.905-2.767-3.686 1.894.694-3.957a.565.565 0 0 0-.163-.505L1.71 6.745l4.052-.576a.525.525 0 0 0 .393-.288L8 2.223l1.847 3.658a.525.525 0 0 0 .393.288l4.052.575-2.906 2.77a.565.565 0 0 0-.163.506l.694 3.957-3.686-1.894a.503.503 0 0 0-.461 0z"/>
                 </svg>
                 &nbsp;&nbsp;{{t .Lang "Highlight"}}
             </a>
 
-            <a href="/documents/{{.Document.Slug}}/highlight" class="btn btn-outline-secondary dehighlight {{if not .Document.Highlighted}}visually-hidden{{end}}" data-dehighlight="{{.OnDehighlight}}" data-method="DELETE">
+            <a href="/highlights/{{.Document.Slug}}" class="btn btn-outline-secondary dehighlight {{if not .Document.Highlighted}}visually-hidden{{end}}" data-dehighlight="{{.OnDehighlight}}" data-method="DELETE">
                 <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-star-fill" viewBox="0 0 16 16">
                     <path d="M3.612 15.443c-.386.198-.824-.149-.746-.592l.83-4.73L.173 6.765c-.329-.314-.158-.888.283-.95l4.898-.696L7.538.792c.197-.39.73-.39.927 0l2.184 4.327 4.898.696c.441.062.612.636.282.95l-3.522 3.356.83 4.73c.078.443-.36.79-.746.592L8 13.187l-4.389 2.256z"/>
                 </svg>
diff --git a/internal/webserver/embedded/views/index.html b/internal/webserver/embedded/views/index.html
index 8e06222..a427de5 100644
--- a/internal/webserver/embedded/views/index.html
+++ b/internal/webserver/embedded/views/index.html
@@ -9,7 +9,7 @@ <h2>{{t .Lang "Your highlights" }}</h2>
             </div>
             {{if gt (len .Highlights) 0}}
                 <div class="col-3 text-end">
-                        <a  href="/{{.Lang}}/highlights/{{.Session.Username}}">
+                        <a  href="/{{.Lang}}/highlights">
                                 {{t .Lang "See all" }}
                         </a>
                 </div>
diff --git a/internal/webserver/embedded/views/layout.html b/internal/webserver/embedded/views/layout.html
index 007bd0e..6d3831e 100644
--- a/internal/webserver/embedded/views/layout.html
+++ b/internal/webserver/embedded/views/layout.html
@@ -73,7 +73,7 @@ <h5 class="offcanvas-title" id="offcanvasNavbarLabel">Coreander</h5>
                                         {{end}}
                                     </li>
                                     <li>
-                                        <a class="dropdown-item" href="/{{.Lang}}/highlights/{{.Session.Username}}">
+                                        <a class="dropdown-item" href="/{{.Lang}}/highlights">
                                             <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-star-fill" viewBox="0 0 16 16">
                                                 <path d="M3.612 15.443c-.386.198-.824-.149-.746-.592l.83-4.73L.173 6.765c-.329-.314-.158-.888.283-.95l4.898-.696L7.538.792c.197-.39.73-.39.927 0l2.184 4.327 4.898.696c.441.062.612.636.282.95l-3.522 3.356.83 4.73c.078.443-.36.79-.746.592L8 13.187l-4.389 2.256z"/>
                                             </svg>
diff --git a/internal/webserver/embedded/views/partials/actions.html b/internal/webserver/embedded/views/partials/actions.html
index e1d1055..c5f24fe 100644
--- a/internal/webserver/embedded/views/partials/actions.html
+++ b/internal/webserver/embedded/views/partials/actions.html
@@ -18,7 +18,7 @@
     </li>
     {{if and (.Session) (ne .Session.Name "")}}
     <li class="highlight {{if .Document.Highlighted}}visually-hidden{{end}}">
-        <a href="/documents/{{.Document.Slug}}/highlight" class="dropdown-item highlight" data-dehighlight="{{.OnDehighlight}}" data-method="POST">
+        <a href="/highlights/{{.Document.Slug}}" class="dropdown-item highlight" data-dehighlight="{{.OnDehighlight}}" data-method="POST">
             <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-star" viewBox="0 0 16 16">
                 <path d="M2.866 14.85c-.078.444.36.791.746.593l4.39-2.256 4.389 2.256c.386.198.824-.149.746-.592l-.83-4.73 3.522-3.356c.33-.314.16-.888-.282-.95l-4.898-.696L8.465.792a.513.513 0 0 0-.927 0L5.354 5.12l-4.898.696c-.441.062-.612.636-.283.95l3.523 3.356-.83 4.73zm4.905-2.767-3.686 1.894.694-3.957a.565.565 0 0 0-.163-.505L1.71 6.745l4.052-.576a.525.525 0 0 0 .393-.288L8 2.223l1.847 3.658a.525.525 0 0 0 .393.288l4.052.575-2.906 2.77a.565.565 0 0 0-.163.506l.694 3.957-3.686-1.894a.503.503 0 0 0-.461 0z"/>
             </svg>
@@ -27,7 +27,7 @@
     </li>
 
     <li class="dehighlight {{if not .Document.Highlighted}}visually-hidden{{end}}">
-        <a href="/documents/{{.Document.Slug}}/highlight" class="dropdown-item dehighlight" data-dehighlight="{{.OnDehighlight}}" data-method="DELETE">
+        <a href="/highlights/{{.Document.Slug}}" class="dropdown-item dehighlight" data-dehighlight="{{.OnDehighlight}}" data-method="DELETE">
             <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-star-fill" viewBox="0 0 16 16">
                 <path d="M3.612 15.443c-.386.198-.824-.149-.746-.592l.83-4.73L.173 6.765c-.329-.314-.158-.888.283-.95l4.898-.696L7.538.792c.197-.39.73-.39.927 0l2.184 4.327 4.898.696c.441.062.612.636.282.95l-3.522 3.356.83 4.73c.078.443-.36.79-.746.592L8 13.187l-4.389 2.256z"/>
             </svg>
diff --git a/internal/webserver/highlights_test.go b/internal/webserver/highlights_test.go
index f8f55d7..140ca84 100644
--- a/internal/webserver/highlights_test.go
+++ b/internal/webserver/highlights_test.go
@@ -75,7 +75,7 @@ func TestHighlights(t *testing.T) {
 
 		mustReturnStatus(response, fiber.StatusOK, t)
 
-		assertHighlights(app, t, adminCookie, adminUser.Username, 1)
+		assertHighlights(app, t, adminCookie, 1)
 
 		response, err = highlight(adminCookie, app, "john-doe-test-epub", fiber.MethodDelete, t)
 		if err != nil {
@@ -84,7 +84,7 @@ func TestHighlights(t *testing.T) {
 
 		mustReturnStatus(response, fiber.StatusOK, t)
 
-		assertHighlights(app, t, adminCookie, adminUser.Username, 0)
+		assertHighlights(app, t, adminCookie, 0)
 	})
 
 	t.Run("Deleting a document also removes it from the highlights of all users", func(t *testing.T) {
@@ -105,7 +105,7 @@ func TestHighlights(t *testing.T) {
 
 		mustReturnStatus(response, fiber.StatusOK, t)
 
-		assertHighlights(app, t, regularUserCookie, regularUser.Username, 1)
+		assertHighlights(app, t, regularUserCookie, 1)
 
 		adminCookie, err = login(app, "admin@example.com", "admin", t)
 		if err != nil {
@@ -122,7 +122,7 @@ func TestHighlights(t *testing.T) {
 		if total != 0 {
 			t.Errorf("Expected no highlights in DB for user, got %d", total)
 		}
-		assertHighlights(app, t, adminCookie, regularUser.Username, 0)
+		assertHighlights(app, t, adminCookie, 0)
 	})
 
 	t.Run("Deleting a user also remove his/her highlights", func(t *testing.T) {
@@ -143,7 +143,7 @@ func TestHighlights(t *testing.T) {
 
 		mustReturnStatus(response, fiber.StatusOK, t)
 
-		assertHighlights(app, t, regularUserCookie, regularUser.Username, 1)
+		assertHighlights(app, t, regularUserCookie, 1)
 
 		adminCookie, err = login(app, "admin@example.com", "admin", t)
 		if err != nil {
@@ -160,13 +160,12 @@ func TestHighlights(t *testing.T) {
 		if total != 0 {
 			t.Errorf("Expected no highlights in DB for deleted user, got %d", total)
 		}
-		assertNoHighlights(app, t, adminCookie, regularUser.Username)
 	})
 }
 
 func highlight(cookie *http.Cookie, app *fiber.App, slug string, method string, t *testing.T) (*http.Response, error) {
 	t.Helper()
-	req, err := http.NewRequest(method, fmt.Sprintf("/documents/%s/highlight", slug), nil)
+	req, err := http.NewRequest(method, fmt.Sprintf("/highlights/%s", slug), nil)
 	if err != nil {
 		return nil, err
 	}
@@ -176,10 +175,10 @@ func highlight(cookie *http.Cookie, app *fiber.App, slug string, method string,
 	return app.Test(req)
 }
 
-func assertHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie, username string, expectedResults int) {
+func assertHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie, expectedResults int) {
 	t.Helper()
 
-	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/en/highlights/%s", username), nil)
+	req, err := http.NewRequest(http.MethodGet, "/en/highlights", nil)
 	req.AddCookie(cookie)
 	if err != nil {
 		t.Fatalf("Unexpected error: %v", err.Error())
@@ -202,10 +201,10 @@ func assertHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie, usernam
 	}
 }
 
-func assertNoHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie, username string) {
+func assertNoHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie) {
 	t.Helper()
 
-	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/en/highlights/%s", username), nil)
+	req, err := http.NewRequest(http.MethodGet, "/en/highlights", nil)
 	req.AddCookie(cookie)
 	if err != nil {
 		t.Fatalf("Unexpected error: %v", err.Error())
diff --git a/internal/webserver/middleware.go b/internal/webserver/middleware.go
index 9c6b425..31ff9bd 100644
--- a/internal/webserver/middleware.go
+++ b/internal/webserver/middleware.go
@@ -111,7 +111,7 @@ func forbidden(c *fiber.Ctx, sender Sender, err error) error {
 		emailSendingConfigured = false
 	}
 	message := ""
-	if err.Error() != "missing or malformed JWT" && c.Cookies("coreander") != "void" {
+	if err.Error() != "missing or malformed JWT" && c.Cookies("coreander") != "" {
 		message = "Session expired, please log in again."
 	}
 	return c.Status(fiber.StatusForbidden).Render("auth/login", fiber.Map{
diff --git a/internal/webserver/routes.go b/internal/webserver/routes.go
index 44c4026..ac80a58 100644
--- a/internal/webserver/routes.go
+++ b/internal/webserver/routes.go
@@ -61,9 +61,9 @@ func routes(app *fiber.App, controllers Controllers, jwtSecret []byte, sender Se
 	usersGroup.Put("/:username", alwaysRequireAuthentication, controllers.Users.Update)
 	app.Delete("/users/:username", alwaysRequireAuthentication, RequireAdmin, controllers.Users.Delete)
 
-	langGroup.Get("/highlights/:username", alwaysRequireAuthentication, controllers.Highlights.List)
-	app.Post("/documents/:slug/highlight", alwaysRequireAuthentication, controllers.Highlights.Create)
-	app.Delete("/documents/:slug/highlight", alwaysRequireAuthentication, controllers.Highlights.Delete)
+	langGroup.Get("/highlights", alwaysRequireAuthentication, controllers.Highlights.List)
+	app.Post("/highlights/:slug", alwaysRequireAuthentication, controllers.Highlights.Create)
+	app.Delete("/highlights/:slug", alwaysRequireAuthentication, controllers.Highlights.Delete)
 
 	app.Delete("/documents/:slug", alwaysRequireAuthentication, RequireAdmin, controllers.Documents.Delete)