ari/arimelody.me
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

merge 'dev' into feature/auditlogs

Browse source
This commit is contained in:
ari melody 2025-02-07 12:07:32 +00:00
parent aa144b719a b7938b02e8
commit 01c285de1b
Signed by: ari
GPG key ID: CF99829C92678188
1 changed files with 20 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
api/api.go
View file

@ -38,10 +38,10 @@ func Handler(app *model.AppState) http.Handler {
ServeArtist(app, artist).ServeHTTP(w, r) ServeArtist(app, artist).ServeHTTP(w, r)
case http.MethodPut: case http.MethodPut:
// PUT /api/v1/artist/{id} (admin) // PUT /api/v1/artist/{id} (admin)
requireAccount(app, UpdateArtist(app, artist)).ServeHTTP(w, r) requireAccount(UpdateArtist(app, artist)).ServeHTTP(w, r)
case http.MethodDelete: case http.MethodDelete:
// DELETE /api/v1/artist/{id} (admin) // DELETE /api/v1/artist/{id} (admin)
requireAccount(app, DeleteArtist(app, artist)).ServeHTTP(w, r) requireAccount(DeleteArtist(app, artist)).ServeHTTP(w, r)
default: default:
http.NotFound(w, r) http.NotFound(w, r)
} }
@ -53,7 +53,7 @@ func Handler(app *model.AppState) http.Handler {
ServeAllArtists(app).ServeHTTP(w, r) ServeAllArtists(app).ServeHTTP(w, r)
case http.MethodPost: case http.MethodPost:
// POST /api/v1/artist (admin) // POST /api/v1/artist (admin)
requireAccount(app, CreateArtist(app)).ServeHTTP(w, r) requireAccount(CreateArtist(app)).ServeHTTP(w, r)
default: default:
http.NotFound(w, r) http.NotFound(w, r)
} }
@ -80,10 +80,10 @@ func Handler(app *model.AppState) http.Handler {
ServeRelease(app, release).ServeHTTP(w, r) ServeRelease(app, release).ServeHTTP(w, r)
case http.MethodPut: case http.MethodPut:
// PUT /api/v1/music/{id} (admin) // PUT /api/v1/music/{id} (admin)
requireAccount(app, UpdateRelease(app, release)).ServeHTTP(w, r) requireAccount(UpdateRelease(app, release)).ServeHTTP(w, r)
case http.MethodDelete: case http.MethodDelete:
// DELETE /api/v1/music/{id} (admin) // DELETE /api/v1/music/{id} (admin)
requireAccount(app, DeleteRelease(app, release)).ServeHTTP(w, r) requireAccount(DeleteRelease(app, release)).ServeHTTP(w, r)
default: default:
http.NotFound(w, r) http.NotFound(w, r)
} }
@ -95,7 +95,7 @@ func Handler(app *model.AppState) http.Handler {
ServeCatalog(app).ServeHTTP(w, r) ServeCatalog(app).ServeHTTP(w, r)
case http.MethodPost: case http.MethodPost:
// POST /api/v1/music (admin) // POST /api/v1/music (admin)
requireAccount(app, CreateRelease(app)).ServeHTTP(w, r) requireAccount(CreateRelease(app)).ServeHTTP(w, r)
default: default:
http.NotFound(w, r) http.NotFound(w, r)
} }
@ -119,13 +119,13 @@ func Handler(app *model.AppState) http.Handler {
switch r.Method { switch r.Method {
case http.MethodGet: case http.MethodGet:
// GET /api/v1/track/{id} (admin) // GET /api/v1/track/{id} (admin)
requireAccount(app, ServeTrack(app, track)).ServeHTTP(w, r) requireAccount(ServeTrack(app, track)).ServeHTTP(w, r)
case http.MethodPut: case http.MethodPut:
// PUT /api/v1/track/{id} (admin) // PUT /api/v1/track/{id} (admin)
requireAccount(app, UpdateTrack(app, track)).ServeHTTP(w, r) requireAccount(UpdateTrack(app, track)).ServeHTTP(w, r)
case http.MethodDelete: case http.MethodDelete:
// DELETE /api/v1/track/{id} (admin) // DELETE /api/v1/track/{id} (admin)
requireAccount(app, DeleteTrack(app, track)).ServeHTTP(w, r) requireAccount(DeleteTrack(app, track)).ServeHTTP(w, r)
default: default:
http.NotFound(w, r) http.NotFound(w, r)
} }
@ -134,19 +134,15 @@ func Handler(app *model.AppState) http.Handler {
switch r.Method { switch r.Method {
case http.MethodGet: case http.MethodGet:
// GET /api/v1/track (admin) // GET /api/v1/track (admin)
requireAccount(app, ServeAllTracks(app)).ServeHTTP(w, r) requireAccount(ServeAllTracks(app)).ServeHTTP(w, r)
case http.MethodPost: case http.MethodPost:
// POST /api/v1/track (admin) // POST /api/v1/track (admin)
requireAccount(app, CreateTrack(app)).ServeHTTP(w, r) requireAccount(CreateTrack(app)).ServeHTTP(w, r)
default: default:
http.NotFound(w, r) http.NotFound(w, r)
} }
})) }))
return mux
}
func requireAccount(app *model.AppState, next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session, err := getSession(app, r) session, err := getSession(app, r)
if err != nil { if err != nil {
@ -154,7 +150,15 @@ func requireAccount(app *model.AppState, next http.Handler) http.Handler {
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }
if session.Account == nil { ctx := context.WithValue(r.Context(), "session", session)
mux.ServeHTTP(w, r.WithContext(ctx))
})
}
func requireAccount(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session := r.Context().Value("session").(*model.Session)
if session == nil || session.Account == nil {
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return return
} }