From 432a9e5229ee96453845b1d3e8183f115e3ffc9b Mon Sep 17 00:00:00 2001
From: wisplite <jonasargrill@gmail.com>
Date: Sat, 22 Nov 2025 21:19:44 -0600
Subject: [PATCH] update authorization tokens and add/fix create album endpoint

---
 backend/internal/db/db.go                     |  1 +
 backend/internal/models/album.go              |  2 +-
 backend/internal/routes/album.go              |  4 +++
 backend/internal/routes/user.go               |  8 ++---
 backend/internal/services/album.go            |  2 +-
 frontend/src/contexts/useAccount.jsx          |  2 +-
 .../gallery/components/AlbumCreateModal.jsx   | 33 ++++++++++++++++---
 7 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/backend/internal/db/db.go b/backend/internal/db/db.go
index 14e5a91..82ff344 100644
--- a/backend/internal/db/db.go
+++ b/backend/internal/db/db.go
@@ -22,6 +22,7 @@ func Init() bool {
 		&models.Album{},
 		&models.User{},
 		&models.AccessToken{},
+		&models.UserAlbumAccess{},
 	)
 	if err != nil {
 		log.Fatal("failed to migrate database: ", err)
diff --git a/backend/internal/models/album.go b/backend/internal/models/album.go
index a2dfacb..ee2b844 100644
--- a/backend/internal/models/album.go
+++ b/backend/internal/models/album.go
@@ -19,7 +19,7 @@ type Album struct {
 	UpdatedAt time.Time
 }
 
-type UserAccess struct {
+type UserAlbumAccess struct {
 	UserID      string `gorm:"not null"`
 	AlbumID     string `gorm:"not null"`
 	AccessLevel int    `gorm:"not null"` // 0: View, 1: Upload, 2: Edit, 3: Edit/Delete, 4: Admin (manage other users)
diff --git a/backend/internal/routes/album.go b/backend/internal/routes/album.go
index 6f20da5..b0cac09 100644
--- a/backend/internal/routes/album.go
+++ b/backend/internal/routes/album.go
@@ -40,6 +40,10 @@ func RegisterAlbumRoutes(rg *gin.RouterGroup) {
 			Description string `json:"description"`
 			ParentID    string `json:"parentId"`
 		}
+		if err := c.ShouldBindJSON(&request); err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
 		result, err := services.CreateAlbum(accessToken, request.Title, request.Description, request.ParentID)
 		if err != nil {
 			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
diff --git a/backend/internal/routes/user.go b/backend/internal/routes/user.go
index 90706bc..9478e34 100644
--- a/backend/internal/routes/user.go
+++ b/backend/internal/routes/user.go
@@ -62,11 +62,11 @@ func RegisterUserRoutes(rg *gin.RouterGroup) {
 	})
 	user.GET("/getUserData", func(c *gin.Context) {
 		authHeader := c.GetHeader("Authorization")
-		token := authHeader
-		if len(authHeader) > 7 && authHeader[:7] == "Bearer " {
-			token = authHeader[7:]
+		if authHeader == "" {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
+			return
 		}
-		userData, err := services.GetUserData(token)
+		userData, err := services.GetUserData(authHeader)
 		if err != nil {
 			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 			return
diff --git a/backend/internal/services/album.go b/backend/internal/services/album.go
index 077a23b..8d9e54a 100644
--- a/backend/internal/services/album.go
+++ b/backend/internal/services/album.go
@@ -82,7 +82,7 @@ func CreateAlbum(accessToken string, title string, description string, parentID
 }
 
 func CheckUserAlbumAccess(userID string, albumID string) (int, error) {
-	userAccess := models.UserAccess{}
+	userAccess := models.UserAlbumAccess{}
 	result := db.GetDB().First(&userAccess, "user_id = ? AND album_id = ?", userID, albumID)
 	if result.Error != nil {
 		if result.Error == gorm.ErrRecordNotFound {
diff --git a/frontend/src/contexts/useAccount.jsx b/frontend/src/contexts/useAccount.jsx
index b9bae87..1d5ae3b 100644
--- a/frontend/src/contexts/useAccount.jsx
+++ b/frontend/src/contexts/useAccount.jsx
@@ -36,7 +36,7 @@ export const AccountProvider = ({ children }) => {
         }
         const response = await fetch(`${getServerUrl()}/api/user/getUserData`, {
             headers: {
-                'Authorization': `Bearer ${accessToken}`,
+                'Authorization': accessToken,
             },
         })
         const data = await response.json()
diff --git a/frontend/src/gallery/components/AlbumCreateModal.jsx b/frontend/src/gallery/components/AlbumCreateModal.jsx
index 4c8b786..8288e80 100644
--- a/frontend/src/gallery/components/AlbumCreateModal.jsx
+++ b/frontend/src/gallery/components/AlbumCreateModal.jsx
@@ -1,13 +1,36 @@
 import Modal from '../../components/Modal'
-export default function AlbumCreateModal({ open, onOpenChange, trigger }) {
-    const handleCreateAlbum = () => {
-        console.log('Create Album')
+import { getServerUrl } from '../../hooks/getConstants'
+import { useAccount } from '../../contexts/useAccount'
+import { useState } from 'react'
+export default function AlbumCreateModal({ open, onOpenChange, trigger, parentId }) {
+    const { getAccessToken } = useAccount()
+    const [title, setTitle] = useState('')
+    const [description, setDescription] = useState('')
+    const handleCreateAlbum = async () => {
+        const response = await fetch(`${getServerUrl()}/api/albums/createAlbum`, {
+            method: 'POST',
+            headers: {
+                'Authorization': getAccessToken(),
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                title: title,
+                description: description,
+                parentId: parentId
+            })
+        })
+        const data = await response.json()
+        if (data.error) {
+            console.error(data.error)
+        } else {
+            onOpenChange(false)
+        }
     }
     return (
         <Modal open={open} onOpenChange={onOpenChange} trigger={trigger} title="Create Album">
             <div className="flex flex-col gap-2">
-                <input type="text" placeholder="Name" className="w-full px-3 py-2.5 bg-[#141414] border border-[#2B2B2B] rounded-md text-white placeholder-gray-600 focus:outline-none focus:border-[#3B3B3B] transition-colors red-hat-text" />
-                <textarea type="text" placeholder="Description" className="w-full h-[20vh] px-3 py-2.5 bg-[#141414] border border-[#2B2B2B] rounded-md text-white placeholder-gray-600 focus:outline-none focus:border-[#3B3B3B] transition-colors red-hat-text resize-none" />
+                <input type="text" placeholder="Name" className="w-full px-3 py-2.5 bg-[#141414] border border-[#2B2B2B] rounded-md text-white placeholder-gray-600 focus:outline-none focus:border-[#3B3B3B] transition-colors red-hat-text" value={title} onChange={(e) => setTitle(e.target.value)} />
+                <textarea type="text" placeholder="Description" className="w-full h-[20vh] px-3 py-2.5 bg-[#141414] border border-[#2B2B2B] rounded-md text-white placeholder-gray-600 focus:outline-none focus:border-[#3B3B3B] transition-colors red-hat-text resize-none" value={description} onChange={(e) => setDescription(e.target.value)} />
                 <button className="w-full py-2.5 bg-[#2B2B2B] hover:bg-[#3B3B3B] text-white rounded-md font-medium transition-colors red-hat-mono cursor-pointer mt-2" onClick={handleCreateAlbum}>Create Album</button>
             </div>
         </Modal>