From ac1ed21c9c9a271de9e991c1364f2e5fc50c3797 Mon Sep 17 00:00:00 2001 From: Sergio Vera Date: Sat, 27 Jul 2024 12:13:38 +0200 Subject: [PATCH 1/4] Modified highlights routes to make them restful and private --- internal/webserver/controller/auth/signin.go | 2 +- internal/webserver/controller/auth/signout.go | 2 +- .../webserver/controller/highlight/list.go | 6 +----- .../webserver/embedded/views/document.html | 4 ++-- internal/webserver/embedded/views/index.html | 2 +- internal/webserver/embedded/views/layout.html | 2 +- .../embedded/views/partials/actions.html | 4 ++-- internal/webserver/highlights_test.go | 21 +++++++++---------- internal/webserver/middleware.go | 2 +- internal/webserver/routes.go | 6 +++--- 10 files changed, 23 insertions(+), 28 deletions(-) diff --git a/internal/webserver/controller/auth/signin.go b/internal/webserver/controller/auth/signin.go index 6d4a620..9be3d3d 100644 --- a/internal/webserver/controller/auth/signin.go +++ b/internal/webserver/controller/auth/signin.go @@ -41,7 +41,7 @@ func (a *Controller) SignIn(c *fiber.Ctx) error { Name: "coreander", Value: signedToken, Path: "/", - MaxAge: int(a.config.SessionTimeout.Seconds()), + MaxAge: 34560000, // 400 days which is the life limit imposed by Chrome Secure: false, HTTPOnly: true, }) diff --git a/internal/webserver/controller/auth/signout.go b/internal/webserver/controller/auth/signout.go index acdf654..7daec00 100644 --- a/internal/webserver/controller/auth/signout.go +++ b/internal/webserver/controller/auth/signout.go @@ -8,7 +8,7 @@ import ( func (a *Controller) SignOut(c *fiber.Ctx) error { c.Cookie(&fiber.Cookie{ Name: "coreander", - Value: "void", + Value: "", Path: "/", MaxAge: -1, Secure: false, diff --git a/internal/webserver/controller/highlight/list.go b/internal/webserver/controller/highlight/list.go index 10fcd73..72abc76 100644 --- a/internal/webserver/controller/highlight/list.go +++ b/internal/webserver/controller/highlight/list.go @@ -32,16 +32,12 @@ func (h *Controller) List(c *fiber.Ctx) error { h.wordsPerMinute = session.WordsPerMinute } - user, err := h.usrRepository.FindByUsername(c.Params("username")) + user, err := h.usrRepository.FindByUsername(session.Username) if err != nil { log.Println(err.Error()) return fiber.ErrInternalServerError } - if user == nil { - return fiber.ErrNotFound - } - docsSortedByHighlightedDate, err := h.hlRepository.Highlights(int(user.ID), page, model.ResultsPerPage) if err != nil { return fiber.ErrInternalServerError diff --git a/internal/webserver/embedded/views/document.html b/internal/webserver/embedded/views/document.html index 1ce56b8..2f17f35 100644 --- a/internal/webserver/embedded/views/document.html +++ b/internal/webserver/embedded/views/document.html @@ -41,14 +41,14 @@

{{if and (.Session) (ne .Session.Name "")}} - +   {{t .Lang "Highlight"}} - + diff --git a/internal/webserver/embedded/views/index.html b/internal/webserver/embedded/views/index.html index 8e06222..a427de5 100644 --- a/internal/webserver/embedded/views/index.html +++ b/internal/webserver/embedded/views/index.html @@ -9,7 +9,7 @@

{{t .Lang "Your highlights" }}

{{if gt (len .Highlights) 0}}
- + {{t .Lang "See all" }}
diff --git a/internal/webserver/embedded/views/layout.html b/internal/webserver/embedded/views/layout.html index 007bd0e..6d3831e 100644 --- a/internal/webserver/embedded/views/layout.html +++ b/internal/webserver/embedded/views/layout.html @@ -73,7 +73,7 @@

Coreander
{{end}}
  • - + diff --git a/internal/webserver/embedded/views/partials/actions.html b/internal/webserver/embedded/views/partials/actions.html index e1d1055..c5f24fe 100644 --- a/internal/webserver/embedded/views/partials/actions.html +++ b/internal/webserver/embedded/views/partials/actions.html @@ -18,7 +18,7 @@
    • {{if and (.Session) (ne .Session.Name "")}}
  • - + @@ -27,7 +27,7 @@
  • - + diff --git a/internal/webserver/highlights_test.go b/internal/webserver/highlights_test.go index f8f55d7..140ca84 100644 --- a/internal/webserver/highlights_test.go +++ b/internal/webserver/highlights_test.go @@ -75,7 +75,7 @@ func TestHighlights(t *testing.T) { mustReturnStatus(response, fiber.StatusOK, t) - assertHighlights(app, t, adminCookie, adminUser.Username, 1) + assertHighlights(app, t, adminCookie, 1) response, err = highlight(adminCookie, app, "john-doe-test-epub", fiber.MethodDelete, t) if err != nil { @@ -84,7 +84,7 @@ func TestHighlights(t *testing.T) { mustReturnStatus(response, fiber.StatusOK, t) - assertHighlights(app, t, adminCookie, adminUser.Username, 0) + assertHighlights(app, t, adminCookie, 0) }) t.Run("Deleting a document also removes it from the highlights of all users", func(t *testing.T) { @@ -105,7 +105,7 @@ func TestHighlights(t *testing.T) { mustReturnStatus(response, fiber.StatusOK, t) - assertHighlights(app, t, regularUserCookie, regularUser.Username, 1) + assertHighlights(app, t, regularUserCookie, 1) adminCookie, err = login(app, "admin@example.com", "admin", t) if err != nil { @@ -122,7 +122,7 @@ func TestHighlights(t *testing.T) { if total != 0 { t.Errorf("Expected no highlights in DB for user, got %d", total) } - assertHighlights(app, t, adminCookie, regularUser.Username, 0) + assertHighlights(app, t, adminCookie, 0) }) t.Run("Deleting a user also remove his/her highlights", func(t *testing.T) { @@ -143,7 +143,7 @@ func TestHighlights(t *testing.T) { mustReturnStatus(response, fiber.StatusOK, t) - assertHighlights(app, t, regularUserCookie, regularUser.Username, 1) + assertHighlights(app, t, regularUserCookie, 1) adminCookie, err = login(app, "admin@example.com", "admin", t) if err != nil { @@ -160,13 +160,12 @@ func TestHighlights(t *testing.T) { if total != 0 { t.Errorf("Expected no highlights in DB for deleted user, got %d", total) } - assertNoHighlights(app, t, adminCookie, regularUser.Username) }) } func highlight(cookie *http.Cookie, app *fiber.App, slug string, method string, t *testing.T) (*http.Response, error) { t.Helper() - req, err := http.NewRequest(method, fmt.Sprintf("/documents/%s/highlight", slug), nil) + req, err := http.NewRequest(method, fmt.Sprintf("/highlights/%s", slug), nil) if err != nil { return nil, err } @@ -176,10 +175,10 @@ func highlight(cookie *http.Cookie, app *fiber.App, slug string, method string, return app.Test(req) } -func assertHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie, username string, expectedResults int) { +func assertHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie, expectedResults int) { t.Helper() - req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/en/highlights/%s", username), nil) + req, err := http.NewRequest(http.MethodGet, "/en/highlights", nil) req.AddCookie(cookie) if err != nil { t.Fatalf("Unexpected error: %v", err.Error()) @@ -202,10 +201,10 @@ func assertHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie, usernam } } -func assertNoHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie, username string) { +func assertNoHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie) { t.Helper() - req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/en/highlights/%s", username), nil) + req, err := http.NewRequest(http.MethodGet, "/en/highlights", nil) req.AddCookie(cookie) if err != nil { t.Fatalf("Unexpected error: %v", err.Error()) diff --git a/internal/webserver/middleware.go b/internal/webserver/middleware.go index 9c6b425..31ff9bd 100644 --- a/internal/webserver/middleware.go +++ b/internal/webserver/middleware.go @@ -111,7 +111,7 @@ func forbidden(c *fiber.Ctx, sender Sender, err error) error { emailSendingConfigured = false } message := "" - if err.Error() != "missing or malformed JWT" && c.Cookies("coreander") != "void" { + if err.Error() != "missing or malformed JWT" && c.Cookies("coreander") != "" { message = "Session expired, please log in again." } return c.Status(fiber.StatusForbidden).Render("auth/login", fiber.Map{ diff --git a/internal/webserver/routes.go b/internal/webserver/routes.go index 44c4026..ac80a58 100644 --- a/internal/webserver/routes.go +++ b/internal/webserver/routes.go @@ -61,9 +61,9 @@ func routes(app *fiber.App, controllers Controllers, jwtSecret []byte, sender Se usersGroup.Put("/:username", alwaysRequireAuthentication, controllers.Users.Update) app.Delete("/users/:username", alwaysRequireAuthentication, RequireAdmin, controllers.Users.Delete) - langGroup.Get("/highlights/:username", alwaysRequireAuthentication, controllers.Highlights.List) - app.Post("/documents/:slug/highlight", alwaysRequireAuthentication, controllers.Highlights.Create) - app.Delete("/documents/:slug/highlight", alwaysRequireAuthentication, controllers.Highlights.Delete) + langGroup.Get("/highlights", alwaysRequireAuthentication, controllers.Highlights.List) + app.Post("/highlights/:slug", alwaysRequireAuthentication, controllers.Highlights.Create) + app.Delete("/highlights/:slug", alwaysRequireAuthentication, controllers.Highlights.Delete) app.Delete("/documents/:slug", alwaysRequireAuthentication, RequireAdmin, controllers.Documents.Delete) From 638bf40989d651357253809e74acf00d4dc21f4b Mon Sep 17 00:00:00 2001 From: Sergio Vera Date: Sat, 27 Jul 2024 19:05:03 +0200 Subject: [PATCH 2/4] Replace highlights by stars --- internal/webserver/controller/highlight/list.go | 4 ++++ internal/webserver/embedded/views/document.html | 4 ++-- internal/webserver/embedded/views/index.html | 2 +- internal/webserver/embedded/views/layout.html | 2 +- internal/webserver/embedded/views/partials/actions.html | 4 ++-- internal/webserver/highlights_test.go | 6 +++--- internal/webserver/routes.go | 6 +++--- 7 files changed, 16 insertions(+), 12 deletions(-) diff --git a/internal/webserver/controller/highlight/list.go b/internal/webserver/controller/highlight/list.go index 72abc76..d3a8d16 100644 --- a/internal/webserver/controller/highlight/list.go +++ b/internal/webserver/controller/highlight/list.go @@ -38,6 +38,10 @@ func (h *Controller) List(c *fiber.Ctx) error { return fiber.ErrInternalServerError } + if user == nil { + return fiber.ErrNotFound + } + docsSortedByHighlightedDate, err := h.hlRepository.Highlights(int(user.ID), page, model.ResultsPerPage) if err != nil { return fiber.ErrInternalServerError diff --git a/internal/webserver/embedded/views/document.html b/internal/webserver/embedded/views/document.html index 2f17f35..f1fc9b8 100644 --- a/internal/webserver/embedded/views/document.html +++ b/internal/webserver/embedded/views/document.html @@ -41,14 +41,14 @@

    {{if and (.Session) (ne .Session.Name "")}} - +   {{t .Lang "Highlight"}} - + diff --git a/internal/webserver/embedded/views/index.html b/internal/webserver/embedded/views/index.html index a427de5..4cfccbe 100644 --- a/internal/webserver/embedded/views/index.html +++ b/internal/webserver/embedded/views/index.html @@ -9,7 +9,7 @@

    {{t .Lang "Your highlights" }}

    {{if gt (len .Highlights) 0}}
    - + {{t .Lang "See all" }}
    diff --git a/internal/webserver/embedded/views/layout.html b/internal/webserver/embedded/views/layout.html index 6d3831e..0d54a9d 100644 --- a/internal/webserver/embedded/views/layout.html +++ b/internal/webserver/embedded/views/layout.html @@ -73,7 +73,7 @@

    Coreander
    {{end}}
  • - + diff --git a/internal/webserver/embedded/views/partials/actions.html b/internal/webserver/embedded/views/partials/actions.html index c5f24fe..82d860a 100644 --- a/internal/webserver/embedded/views/partials/actions.html +++ b/internal/webserver/embedded/views/partials/actions.html @@ -18,7 +18,7 @@
    • {{if and (.Session) (ne .Session.Name "")}}
  • - + @@ -27,7 +27,7 @@
  • - + diff --git a/internal/webserver/highlights_test.go b/internal/webserver/highlights_test.go index 140ca84..710bc4c 100644 --- a/internal/webserver/highlights_test.go +++ b/internal/webserver/highlights_test.go @@ -165,7 +165,7 @@ func TestHighlights(t *testing.T) { func highlight(cookie *http.Cookie, app *fiber.App, slug string, method string, t *testing.T) (*http.Response, error) { t.Helper() - req, err := http.NewRequest(method, fmt.Sprintf("/highlights/%s", slug), nil) + req, err := http.NewRequest(method, fmt.Sprintf("/stars/%s", slug), nil) if err != nil { return nil, err } @@ -178,7 +178,7 @@ func highlight(cookie *http.Cookie, app *fiber.App, slug string, method string, func assertHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie, expectedResults int) { t.Helper() - req, err := http.NewRequest(http.MethodGet, "/en/highlights", nil) + req, err := http.NewRequest(http.MethodGet, "/en/stars", nil) req.AddCookie(cookie) if err != nil { t.Fatalf("Unexpected error: %v", err.Error()) @@ -204,7 +204,7 @@ func assertHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie, expecte func assertNoHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie) { t.Helper() - req, err := http.NewRequest(http.MethodGet, "/en/highlights", nil) + req, err := http.NewRequest(http.MethodGet, "/en/stars", nil) req.AddCookie(cookie) if err != nil { t.Fatalf("Unexpected error: %v", err.Error()) diff --git a/internal/webserver/routes.go b/internal/webserver/routes.go index ac80a58..058c5fb 100644 --- a/internal/webserver/routes.go +++ b/internal/webserver/routes.go @@ -61,9 +61,9 @@ func routes(app *fiber.App, controllers Controllers, jwtSecret []byte, sender Se usersGroup.Put("/:username", alwaysRequireAuthentication, controllers.Users.Update) app.Delete("/users/:username", alwaysRequireAuthentication, RequireAdmin, controllers.Users.Delete) - langGroup.Get("/highlights", alwaysRequireAuthentication, controllers.Highlights.List) - app.Post("/highlights/:slug", alwaysRequireAuthentication, controllers.Highlights.Create) - app.Delete("/highlights/:slug", alwaysRequireAuthentication, controllers.Highlights.Delete) + langGroup.Get("/stars", alwaysRequireAuthentication, controllers.Highlights.List) + app.Post("/stars/:slug", alwaysRequireAuthentication, controllers.Highlights.Create) + app.Delete("/stars/:slug", alwaysRequireAuthentication, controllers.Highlights.Delete) app.Delete("/documents/:slug", alwaysRequireAuthentication, RequireAdmin, controllers.Documents.Delete) From beb5e596630e25f8ca36643fcbd886c682c65ba9 Mon Sep 17 00:00:00 2001 From: Sergio Vera Date: Sun, 28 Jul 2024 12:14:30 +0200 Subject: [PATCH 3/4] Revert "Replace highlights by stars" This reverts commit 638bf40989d651357253809e74acf00d4dc21f4b. --- internal/webserver/controller/highlight/list.go | 4 ---- internal/webserver/embedded/views/document.html | 4 ++-- internal/webserver/embedded/views/index.html | 2 +- internal/webserver/embedded/views/layout.html | 2 +- internal/webserver/embedded/views/partials/actions.html | 4 ++-- internal/webserver/highlights_test.go | 6 +++--- internal/webserver/routes.go | 6 +++--- 7 files changed, 12 insertions(+), 16 deletions(-) diff --git a/internal/webserver/controller/highlight/list.go b/internal/webserver/controller/highlight/list.go index d3a8d16..72abc76 100644 --- a/internal/webserver/controller/highlight/list.go +++ b/internal/webserver/controller/highlight/list.go @@ -38,10 +38,6 @@ func (h *Controller) List(c *fiber.Ctx) error { return fiber.ErrInternalServerError } - if user == nil { - return fiber.ErrNotFound - } - docsSortedByHighlightedDate, err := h.hlRepository.Highlights(int(user.ID), page, model.ResultsPerPage) if err != nil { return fiber.ErrInternalServerError diff --git a/internal/webserver/embedded/views/document.html b/internal/webserver/embedded/views/document.html index f1fc9b8..2f17f35 100644 --- a/internal/webserver/embedded/views/document.html +++ b/internal/webserver/embedded/views/document.html @@ -41,14 +41,14 @@

    {{if and (.Session) (ne .Session.Name "")}} - +   {{t .Lang "Highlight"}} - + diff --git a/internal/webserver/embedded/views/index.html b/internal/webserver/embedded/views/index.html index 4cfccbe..a427de5 100644 --- a/internal/webserver/embedded/views/index.html +++ b/internal/webserver/embedded/views/index.html @@ -9,7 +9,7 @@

    {{t .Lang "Your highlights" }}

    {{if gt (len .Highlights) 0}}
    - + {{t .Lang "See all" }}
    diff --git a/internal/webserver/embedded/views/layout.html b/internal/webserver/embedded/views/layout.html index 0d54a9d..6d3831e 100644 --- a/internal/webserver/embedded/views/layout.html +++ b/internal/webserver/embedded/views/layout.html @@ -73,7 +73,7 @@

    Coreander
    {{end}}
  • - + diff --git a/internal/webserver/embedded/views/partials/actions.html b/internal/webserver/embedded/views/partials/actions.html index 82d860a..c5f24fe 100644 --- a/internal/webserver/embedded/views/partials/actions.html +++ b/internal/webserver/embedded/views/partials/actions.html @@ -18,7 +18,7 @@
    • {{if and (.Session) (ne .Session.Name "")}}
  • - + @@ -27,7 +27,7 @@
  • - + diff --git a/internal/webserver/highlights_test.go b/internal/webserver/highlights_test.go index 710bc4c..140ca84 100644 --- a/internal/webserver/highlights_test.go +++ b/internal/webserver/highlights_test.go @@ -165,7 +165,7 @@ func TestHighlights(t *testing.T) { func highlight(cookie *http.Cookie, app *fiber.App, slug string, method string, t *testing.T) (*http.Response, error) { t.Helper() - req, err := http.NewRequest(method, fmt.Sprintf("/stars/%s", slug), nil) + req, err := http.NewRequest(method, fmt.Sprintf("/highlights/%s", slug), nil) if err != nil { return nil, err } @@ -178,7 +178,7 @@ func highlight(cookie *http.Cookie, app *fiber.App, slug string, method string, func assertHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie, expectedResults int) { t.Helper() - req, err := http.NewRequest(http.MethodGet, "/en/stars", nil) + req, err := http.NewRequest(http.MethodGet, "/en/highlights", nil) req.AddCookie(cookie) if err != nil { t.Fatalf("Unexpected error: %v", err.Error()) @@ -204,7 +204,7 @@ func assertHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie, expecte func assertNoHighlights(app *fiber.App, t *testing.T, cookie *http.Cookie) { t.Helper() - req, err := http.NewRequest(http.MethodGet, "/en/stars", nil) + req, err := http.NewRequest(http.MethodGet, "/en/highlights", nil) req.AddCookie(cookie) if err != nil { t.Fatalf("Unexpected error: %v", err.Error()) diff --git a/internal/webserver/routes.go b/internal/webserver/routes.go index 058c5fb..ac80a58 100644 --- a/internal/webserver/routes.go +++ b/internal/webserver/routes.go @@ -61,9 +61,9 @@ func routes(app *fiber.App, controllers Controllers, jwtSecret []byte, sender Se usersGroup.Put("/:username", alwaysRequireAuthentication, controllers.Users.Update) app.Delete("/users/:username", alwaysRequireAuthentication, RequireAdmin, controllers.Users.Delete) - langGroup.Get("/stars", alwaysRequireAuthentication, controllers.Highlights.List) - app.Post("/stars/:slug", alwaysRequireAuthentication, controllers.Highlights.Create) - app.Delete("/stars/:slug", alwaysRequireAuthentication, controllers.Highlights.Delete) + langGroup.Get("/highlights", alwaysRequireAuthentication, controllers.Highlights.List) + app.Post("/highlights/:slug", alwaysRequireAuthentication, controllers.Highlights.Create) + app.Delete("/highlights/:slug", alwaysRequireAuthentication, controllers.Highlights.Delete) app.Delete("/documents/:slug", alwaysRequireAuthentication, RequireAdmin, controllers.Documents.Delete) From 24b42e244434c38bba0832f05727ae0b5960a030 Mon Sep 17 00:00:00 2001 From: Sergio Vera Date: Sun, 28 Jul 2024 12:15:18 +0200 Subject: [PATCH 4/4] Check for null user --- internal/webserver/controller/highlight/list.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/internal/webserver/controller/highlight/list.go b/internal/webserver/controller/highlight/list.go index 72abc76..d3a8d16 100644 --- a/internal/webserver/controller/highlight/list.go +++ b/internal/webserver/controller/highlight/list.go @@ -38,6 +38,10 @@ func (h *Controller) List(c *fiber.Ctx) error { return fiber.ErrInternalServerError } + if user == nil { + return fiber.ErrNotFound + } + docsSortedByHighlightedDate, err := h.hlRepository.Highlights(int(user.ID), page, model.ResultsPerPage) if err != nil { return fiber.ErrInternalServerError