func HandleUpdateNote(ctx context.Context, w http.ResponseWriter, r *http.Request) { var input Note if err := json.NewDecoder(r.Body).Decode(&input); err != nil { web.JSONErr(w, err.Error(), http.StatusBadRequest) return } if errs := validateNote(&input); len(errs) > 0 { web.JSONErrs(w, errs, http.StatusBadRequest) return } tx, err := pg.DB(ctx).Beginx() if err != nil { log.Printf("cannot start transaction: %s", err) web.StdJSONErr(w, http.StatusInternalServerError) return } defer tx.Rollback() acc, ok := auth.AuthRequired(tx, w, r) if !ok { return } noteID := stoint(web.Args(ctx).ByIndex(0)) if ok, err := IsNoteOwner(tx, noteID, acc.AccountID); err != nil { log.Printf("cannot check %d note owner: %s", noteID, err) web.StdJSONErr(w, http.StatusInternalServerError) return } else if !ok { web.JSONErr(w, "you are not owner of this note", http.StatusUnauthorized) return } note, err := UpdateNote(tx, input) if err != nil { log.Printf("cannot update %d note: %s", noteID, err) web.StdJSONErr(w, http.StatusInternalServerError) return } if err := tx.Commit(); err != nil { log.Printf("cannot commit transaction: %s", err) web.StdJSONErr(w, http.StatusInternalServerError) return } web.JSONResp(w, note, http.StatusOK) }
func HandleCreateNote(ctx context.Context, w http.ResponseWriter, r *http.Request) { var note Note if err := json.NewDecoder(r.Body).Decode(¬e); err != nil { web.JSONErr(w, err.Error(), http.StatusBadRequest) return } acc, ok := auth.AuthRequired(pg.DB(ctx), w, r) if !ok { return } if errs := validateNote(¬e); len(errs) > 0 { web.JSONErrs(w, errs, http.StatusBadRequest) return } note.OwnerID = acc.AccountID n, err := CreateNote(pg.DB(ctx), note) if err != nil { log.Printf("cannot create note: %s", err) web.StdJSONErr(w, http.StatusInternalServerError) return } web.JSONResp(w, n, http.StatusCreated) }
func HandleDeleteNote(ctx context.Context, w http.ResponseWriter, r *http.Request) { tx, err := pg.DB(ctx).Beginx() if err != nil { log.Printf("cannot start transaction: %s", err) web.StdJSONErr(w, http.StatusInternalServerError) return } defer tx.Rollback() acc, ok := auth.AuthRequired(tx, w, r) if !ok { return } noteID := stoint(web.Args(ctx).ByIndex(0)) if ok, err := IsNoteOwner(tx, noteID, acc.AccountID); err != nil { if err == pg.ErrNotFound { web.StdJSONErr(w, http.StatusNotFound) } else { log.Printf("cannot check %d note owner: %s", noteID, err) web.StdJSONErr(w, http.StatusInternalServerError) } return } else if !ok { web.JSONErr(w, "you are not owner of this note", http.StatusUnauthorized) return } if err := DeleteNote(tx, noteID); err != nil { log.Printf("cannot delete %d note: %s", noteID, err) web.StdJSONErr(w, http.StatusInternalServerError) return } if err := tx.Commit(); err != nil { log.Printf("cannot commit transaction: %s", err) web.StdJSONErr(w, http.StatusInternalServerError) return } w.WriteHeader(http.StatusGone) }
func HandleNoteDetails(ctx context.Context, w http.ResponseWriter, r *http.Request) { args := web.Args(ctx) note, err := NoteByID(pg.DB(ctx), stoint(args.ByIndex(0))) if err != nil { if err == pg.ErrNotFound { web.StdJSONErr(w, http.StatusNotFound) } else { log.Printf("cannot get %q note: %s", args.ByIndex(0), err) web.StdJSONErr(w, http.StatusInternalServerError) } return } if !note.IsPublic { acc, ok := auth.Authenticated(pg.DB(ctx), r) if !ok || acc.AccountID != note.OwnerID { web.StdJSONErr(w, http.StatusUnauthorized) return } } web.JSONResp(w, note, http.StatusOK) }
func HandleListNotes(ctx context.Context, w http.ResponseWriter, r *http.Request) { db := pg.DB(ctx) acc, ok := auth.AuthRequired(db, w, r) if !ok { return } var offset int if raw := r.URL.Query().Get("offset"); raw != "" { if n, err := strconv.Atoi(raw); err != nil { web.JSONErr(w, "invalid 'offset' value", http.StatusBadRequest) return } else { offset = n } } notes, err := NotesByOwner(db, acc.AccountID, 300, offset) if err != nil { log.Printf("cannot fetch notes for %d: %s", acc.AccountID, err) web.StdJSONErr(w, http.StatusInternalServerError) return } if notes == nil { notes = make([]*Note, 0) // JSON api should return empty list } content := struct { Notes []*Note }{ Notes: notes, } web.JSONResp(w, content, http.StatusOK) }
func handleApi404(ctx context.Context, w http.ResponseWriter, r *http.Request) { web.StdJSONErr(w, http.StatusNotFound) }