added dashboard middleware

JulienR1 · Dec 29, 2023 · 9a8047b · 9a8047b
1 parent 4baa50a
commit 9a8047b
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 60 deletions.
diff --git a/server/internal/handlers/category-handler.go b/server/internal/handlers/category-handler.go
@@ -4,7 +4,6 @@ import (
 	jsonutils "JulienR1/moneymanager2/server/internal/pkg/json-utils"
 	"JulienR1/moneymanager2/server/internal/services"
 	"net/http"
-	"strconv"
 
 	"github.com/go-playground/validator/v10"
 	"github.com/gofiber/fiber/v2"
@@ -28,12 +27,7 @@ func MakeCategoryHandler(v *validator.Validate, s *services.CategoryService, das
 
 func (handler *CategoryHandler) CreateCategory(c *fiber.Ctx) error {
 	input := NewCategoryRequest{}
-
-	dashboardIdStr := c.Params("dashboardId")
-	dashboardId, err := strconv.Atoi(dashboardIdStr)
-	if err != nil {
-		return c.SendStatus(http.StatusBadRequest)
-	}
+	dashboardId := c.Locals("dashboardId").(int)
 
 	if err := c.BodyParser(&input); err != nil {
 		return c.SendStatus(http.StatusBadRequest)
@@ -43,10 +37,6 @@ func (handler *CategoryHandler) CreateCategory(c *fiber.Ctx) error {
 		return c.Status(http.StatusBadRequest).JSON(jsonutils.NewError(err))
 	}
 
-	if _, err := handler.dashboardService.GetById(dashboardId); err != nil {
-		return c.SendStatus(http.StatusBadRequest)
-	}
-
 	newCategory, err := handler.service.AddCategory(dashboardId, input.Label, input.Color, input.IconName)
 	if err != nil {
 		return c.Status(http.StatusInternalServerError).JSON(jsonutils.NewError(err))

diff --git a/server/internal/handlers/dashboard-handler.go b/server/internal/handlers/dashboard-handler.go
@@ -4,7 +4,6 @@ import (
 	jsonutils "JulienR1/moneymanager2/server/internal/pkg/json-utils"
 	"JulienR1/moneymanager2/server/internal/services"
 	"net/http"
-	"strconv"
 
 	"github.com/go-playground/validator/v10"
 	"github.com/gofiber/fiber/v2"
@@ -21,17 +20,7 @@ func MakeDashboardHandler(v *validator.Validate, s *services.DashboardService, u
 }
 
 func (handler *DashboardHandler) GetUsers(c *fiber.Ctx) error {
-	dashboardIdStr := c.Params("dashboardId")
-	dashboardId, err := strconv.Atoi(dashboardIdStr)
-	if err != nil {
-		return c.SendStatus(http.StatusBadRequest)
-	}
-
-	userId := c.Locals("userId").(int)
-	if !handler.service.IsDashboardAssociatedWithUser(dashboardId, userId) {
-		return c.SendStatus(http.StatusUnauthorized)
-	}
-
+	dashboardId := c.Locals("dashboardId").(int)
 	users, err := handler.service.GetAssociatedUsers(dashboardId)
 	if err != nil {
 		return c.Status(http.StatusInternalServerError).JSON(jsonutils.NewError(err))
@@ -51,12 +40,7 @@ func (handler *DashboardHandler) GetAllDashboardsForUser(c *fiber.Ctx) error {
 }
 
 func (handler *DashboardHandler) GetDashboardForUser(c *fiber.Ctx) error {
-	dashboardIdStr := c.Params("dashboardId")
-	dashboardId, err := strconv.Atoi(dashboardIdStr)
-	if err != nil {
-		return c.SendStatus(http.StatusBadRequest)
-	}
-
+	dashboardId := c.Locals("dashboardId").(int)
 	dashboard, err := handler.service.GetById(dashboardId)
 	if err != nil {
 		return c.Status(http.StatusInternalServerError).JSON(jsonutils.NewError(err))

diff --git a/server/internal/handlers/handlers.go b/server/internal/handlers/handlers.go
@@ -1,6 +1,7 @@
 package handlers
 
 import (
+	"JulienR1/moneymanager2/server/internal/middlewares"
 	jsonutils "JulienR1/moneymanager2/server/internal/pkg/json-utils"
 	repoutils "JulienR1/moneymanager2/server/internal/pkg/repo-utils"
 	"JulienR1/moneymanager2/server/internal/repositories"
@@ -41,6 +42,7 @@ func RegisterRoutes(app *fiber.App, db *repoutils.Database) {
 	transactionHandler := MakeTransactionHandler(validator, &transactionService, &fileService, &categoryService, &dashboardService)
 
 	authMiddleware := makeAuthMiddleware(&authHandler, &userHandler)
+	dashboardMiddleware := middlewares.MakeDashboardMiddleware(&dashboardService)
 
 	app.Static("/", "./public")
 
@@ -59,7 +61,9 @@ func RegisterRoutes(app *fiber.App, db *repoutils.Database) {
 	api.Use(authMiddleware).Get("/dashboards", dashboardHandler.GetAllDashboardsForUser)
 	api.Use(authMiddleware).Get("/dashboards/:dashboardId", dashboardHandler.GetDashboardForUser)
 
-	dashboardGroup := api.Group("/dashboards/:dashboardId").Use(authMiddleware)
+	dashboardGroup := api.Group("/dashboards/:dashboardId").
+		Use(authMiddleware).
+		Use(dashboardMiddleware)
 	dashboardGroup.Get("/users", dashboardHandler.GetUsers)
 	dashboardGroup.Post("/categories", categoryHandler.CreateCategory)
 	dashboardGroup.Get("/transactions", transactionHandler.GetTransactions)

diff --git a/server/internal/handlers/transaction-handler.go b/server/internal/handlers/transaction-handler.go
@@ -36,6 +36,8 @@ func MakeTransactionHandler(v *validator.Validate, s *services.TransactionServic
 
 func (handler *TransactionHandler) CreateTransaction(c *fiber.Ctx) error {
 	input := NewTransactionRequest{}
+	dashboardId := c.Locals("userId").(int)
+	userId := c.Locals("dashboardId").(int)
 
 	if err := c.BodyParser(&input); err != nil {
 		return c.SendStatus(http.StatusBadRequest)
@@ -51,23 +53,10 @@ func (handler *TransactionHandler) CreateTransaction(c *fiber.Ctx) error {
 		return c.Status(http.StatusBadRequest).JSON(jsonutils.NewError(errors.New("invalid transaction type")))
 	}
 
-	dashboardIdStr := c.Params("dashboardId")
-	dashboardId, err := strconv.Atoi(dashboardIdStr)
-	if err != nil {
-		return c.SendStatus(http.StatusBadRequest)
-	}
-
-	if handler.categoryService.GetAssociatedWithDashboardById(dashboardId, input.CategoryId); err != nil {
+	if _, err := handler.categoryService.GetAssociatedWithDashboardById(dashboardId, input.CategoryId); err != nil {
 		return c.Status(http.StatusBadRequest).JSON(jsonutils.NewError(err))
 	}
 
-	userId := c.Locals("userId").(int)
-	if !handler.dashboardService.IsDashboardAssociatedWithUser(dashboardId, userId) {
-		return c.
-			Status(http.StatusBadRequest).
-			JSON(jsonutils.NewError(errors.New("invalid dashboard")))
-	}
-
 	var receiptId *int = nil
 	if input.Receipt != nil {
 		uri, err := datauri.New(*input.Receipt)
@@ -97,12 +86,7 @@ func (handler *TransactionHandler) CreateRefund(c *fiber.Ctx) error {
 }
 
 func (handler *TransactionHandler) GetTransactions(c *fiber.Ctx) error {
-	dashboardIdStr := c.Params("dashboardId")
-	dashboardId, err := strconv.Atoi(dashboardIdStr)
-	if err != nil {
-		return c.SendStatus(http.StatusBadRequest)
-	}
-
+	dashboardId := c.Locals("dashboardId").(int)
 	transactions, err := handler.service.FetchTransactions(dashboardId)
 	if err != nil {
 		return c.Status(http.StatusInternalServerError).JSON(jsonutils.NewError(err))
@@ -112,25 +96,18 @@ func (handler *TransactionHandler) GetTransactions(c *fiber.Ctx) error {
 }
 
 func (handler *TransactionHandler) GetTransaction(c *fiber.Ctx) error {
-	dashboardIdStr := c.Params("dashboardId")
-	dashboardId, err := strconv.Atoi(dashboardIdStr)
-	if err != nil {
-		return c.SendStatus(http.StatusBadRequest)
-	}
+	dashboardId := c.Locals("dashboardId").(int)
 
 	transactionIdStr := c.Params("transactionId")
 	transactionId, err := strconv.Atoi(transactionIdStr)
 	if err != nil {
 		return c.SendStatus(http.StatusBadRequest)
 	}
 
-	transactions, err := handler.service.FetchTransaction(dashboardId, transactionId)
+	transaction, err := handler.service.FetchTransaction(dashboardId, transactionId)
 	if err != nil {
 		return c.Status(http.StatusInternalServerError).JSON(jsonutils.NewError(err))
 	}
 
-	return c.Status(http.StatusOK).JSON(transactions)
-
-	// TODO
-	return nil
+	return c.Status(http.StatusOK).JSON(transaction)
 }
diff --git a/server/internal/middlewares/dashboard-middleware.go b/server/internal/middlewares/dashboard-middleware.go
@@ -0,0 +1,34 @@
+package middlewares
+
+import (
+	jsonutils "JulienR1/moneymanager2/server/internal/pkg/json-utils"
+	"JulienR1/moneymanager2/server/internal/services"
+	"errors"
+	"net/http"
+	"strconv"
+
+	"github.com/gofiber/fiber/v2"
+)
+
+func MakeDashboardMiddleware(dashboardService *services.DashboardService) func(*fiber.Ctx) error {
+	return func(c *fiber.Ctx) error {
+		userId := c.Locals("userId").(int)
+		dashboardIdStr := c.Params("dashboardId")
+
+		dashboardId, err := strconv.Atoi(dashboardIdStr)
+		if err != nil {
+			return c.Status(http.StatusBadRequest).JSON(jsonutils.NewError(errors.New("could not get dashboard id")))
+		}
+
+		if _, err := dashboardService.GetById(dashboardId); err != nil {
+			return c.Status(http.StatusBadRequest).JSON(jsonutils.NewError(errors.New("invalid dashboard id")))
+		}
+
+		if !dashboardService.IsDashboardAssociatedWithUser(dashboardId, userId) {
+			return c.Status(http.StatusUnauthorized).JSON(jsonutils.NewError(errors.New("access denied")))
+		}
+
+		c.Locals("dashboardId", dashboardId)
+		return c.Next()
+	}
+}