adding contact access to profile message

2025-04-22 01:25:17 +00:00 · 2022-01-22 21:47:39 -08:00 · 2022-01-22 21:47:39 -08:00 · b9880227ed
commit b9880227ed
parent e9c1ab475f
5 changed files with 57 additions and 4 deletions
--- a/doc/api.oa3
+++ b/doc/api.oa3
@ -806,6 +806,13 @@ paths:
      operationId: get-profile-message
      security:
        - bearerAuth: []
+      parameters:
+        - in: header
+          name: TokenType
+          schema:
+            type: string
+            enum: [ app, contact ]
+          required: true
      responses:
        '200':
          description: success
--- a/net/server/internal/api_getProfileMessage.go
+++ b/net/server/internal/api_getProfileMessage.go
@ -1,17 +1,59 @@
 package databag

 import (
+  "strings"
+  "errors"
  "net/http"
+  "gorm.io/gorm"
+  "databag/internal/store"
 )

 func GetProfileMessage(w http.ResponseWriter, r *http.Request) {

-  account, code, res := BearerAppToken(r, true);
-  if res != nil {
-    ErrResponse(w, code, res)
+  // extract token
+  tokenType := r.Header.Get("TokenType")
+  auth := r.Header.Get("Authorization")
+  token := strings.TrimSpace(strings.TrimPrefix(auth, "Bearer"))
+  target, access, err := ParseToken(token)
+  if err != nil {
+    ErrResponse(w, http.StatusBadRequest, errors.New("invalid bearer token"))
+    return
+  }
+
+  // load account record
+  var account *store.Account
+  if tokenType == APP_TOKENAPP {
+    var app store.App
+    if err := store.DB.Preload("Account.AccountDetail").Where("account_id = ? AND token = ?", target, access).First(&app).Error; err != nil {
+      if errors.Is(err, gorm.ErrRecordNotFound) {
+        ErrResponse(w, http.StatusNotFound, err);
+      } else {
+        ErrResponse(w, http.StatusInternalServerError, err);
+      }
+      return
+    }
+    account = &app.Account
+  } else if tokenType == APP_TOKENCONTACT {
+    var card store.Card
+    if err := store.DB.Preload("Account.AccountDetail").Where("account_id = ? AND InToken = ?", target, access).First(&card).Error; err != nil {
+      if errors.Is(err, gorm.ErrRecordNotFound) {
+        ErrResponse(w, http.StatusNotFound, err)
+      } else {
+        ErrResponse(w, http.StatusInternalServerError, err)
+      }
+      return
+    }
+    account = &card.Account
+  } else {
+    ErrResponse(w, http.StatusBadRequest, errors.New("invalid token type"))
+  }
+  detail := &account.AccountDetail
+
+  // check if account is active
+  if account.Disabled {
+    ErrResponse(w, http.StatusGone, errors.New("account is not active"))
    return
  }
-  detail := account.AccountDetail

  // generate identity DataMessage
  identity := Identity{
--- a/net/server/internal/appValues.go
+++ b/net/server/internal/appValues.go
@ -22,6 +22,8 @@ const APP_CARDCONNECTING = "connecting"
 const APP_CARDCONNECTED = "connected"
 const APP_MODULEPROFILE = "profile"
 const APP_MODULECONTENT = "content"
+const APP_TOKENAPP = "app"
+const APP_TOKENCONTACT = "contact"

 func AppCardStatus(status string) bool {
  if status == APP_CARDPENDING {
--- a/net/server/internal/contact_test.go
+++ b/net/server/internal/contact_test.go
@ -62,6 +62,7 @@ func ConnectTestContacts(t *testing.T, accessA string, accessB string) (contact

  // get A identity message
  r, w, _ := NewRequest("GET", "/profile/message", nil)
+  r.Header.Add("TokenType", APP_TOKENAPP)
  SetBearerAuth(r, access[0])
  GetProfileMessage(w, r)
  assert.NoError(t, ReadResponse(w, &msg))
--- a/net/server/internal/ucConnectContact_test.go
+++ b/net/server/internal/ucConnectContact_test.go
@ -22,6 +22,7 @@ func TestConnectContact(t *testing.T) {

  // get A identity message
  r, w, _ := NewRequest("GET", "/profile/message", nil)
+  r.Header.Add("TokenType", APP_TOKENAPP)
  SetBearerAuth(r, access[0])
  GetProfileMessage(w, r)
  assert.NoError(t, ReadResponse(w, &msg))