Image loading and auth

2026-05-01 06:32:44 -05:00 · 2025-11-23 02:27:09 -06:00
parent b61bd2f8d6
commit 2b7268b3f6
4 changed files with 158 additions and 5 deletions
@@ -36,4 +36,42 @@ func RegisterMediaRoutes(rg *gin.RouterGroup) {
 		}
 		c.JSON(http.StatusOK, gin.H{"media": media})
 	})
+	media.GET("/getAllMediaInAlbum", func(c *gin.Context) {
+		accessToken := c.GetHeader("Authorization")
+		albumID := c.Query("albumId")
+		media, err := services.GetAllMediaInAlbum(albumID, accessToken)
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+			return
+		}
+		c.JSON(http.StatusOK, gin.H{"media": media})
+	})
+	media.GET("/:albumId/:mediaId", func(c *gin.Context) {
+		albumID := c.Param("albumId")
+		mediaID := c.Param("mediaId")
+		if albumID == "root" {
+			albumID = ""
+		}
+		accessToken := c.GetHeader("Authorization")
+		userID, err := services.ValidateAccessToken(accessToken)
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+			return
+		}
+		accessLevel, err := services.CheckUserAlbumAccess(userID, albumID)
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+			return
+		}
+		if accessLevel < 0 {
+			c.JSON(http.StatusForbidden, gin.H{"error": "user does not have permission to view media in this album"})
+			return
+		}
+		mediaData, err := services.GetMedia(albumID, mediaID)
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+			return
+		}
+		c.File(mediaData.Path)
+	})
 }
@@ -38,3 +38,32 @@ func UploadMedia(file *multipart.FileHeader, albumID string, accessToken string)
 	}
 	return media, nil
 }
+
+func GetAllMediaInAlbum(albumID string, accessToken string) ([]models.Media, error) {
+	userID, err := ValidateAccessToken(accessToken)
+	if err != nil {
+		return []models.Media{}, err
+	}
+	accessLevel, err := CheckUserAlbumAccess(userID, albumID)
+	if err != nil {
+		return []models.Media{}, err
+	}
+	if accessLevel < 0 {
+		return []models.Media{}, fmt.Errorf("user does not have permission to view media in this album")
+	}
+	media := []models.Media{}
+	result := db.GetDB().Where("album_id = ?", albumID).Find(&media)
+	if result.Error != nil {
+		return []models.Media{}, result.Error
+	}
+	return media, nil
+}
+
+func GetMedia(albumID string, mediaID string) (models.Media, error) {
+	media := models.Media{}
+	result := db.GetDB().First(&media, "album_id = ? AND id = ?", albumID, mediaID)
+	if result.Error != nil {
+		return models.Media{}, result.Error
+	}
+	return media, nil
+}