wisplite/raster
1
0
Fork 0
mirror of https://github.com/wisplite/raster.git synced 2026-05-01 06:32:44 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix navbar and guest user checks

Browse Source 
previously guest users would cause a response 500 if a private album existed, meaning they couldn't see any albums
they also couldn't load media in any album due to requiring an access token
This commit is contained in:
wisplite
2025-11-23 02:58:03 -06:00
parent 8759783ebb
commit c7d478271d
6 changed files with 60 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/internal/routes/media.go
+31 -2
View File
@@ -39,12 +39,27 @@ func RegisterMediaRoutes(rg *gin.RouterGroup) {
media.GET("/getAllMediaInAlbum", func(c *gin.Context) {
accessToken := c.GetHeader("Authorization")
albumID := c.Query("albumId")
media, err := services.GetAllMediaInAlbum(albumID, accessToken)
isPublic, err := services.IsAlbumPublic(albumID)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{"media": media})
if isPublic {
media, err := services.GetAllMediaInPublicAlbum(albumID)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{"media": media})
return
} else {
media, err := services.GetAllMediaInAlbum(albumID, accessToken)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{"media": media})
}
})
media.GET("/:albumId/:mediaId", func(c *gin.Context) {
albumID := c.Param("albumId")
@@ -52,6 +67,20 @@ func RegisterMediaRoutes(rg *gin.RouterGroup) {
if albumID == "root" {
albumID = ""
}
isPublic, err := services.IsAlbumPublic(albumID)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
if isPublic {
mediaData, err := services.GetMedia(albumID, mediaID)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
c.File(mediaData.Path)
return
}
accessToken := c.GetHeader("Authorization")
userID, err := services.ValidateAccessToken(accessToken)
if err != nil {
backend/internal/services/album.go
+14 -2
View File
@@ -38,9 +38,9 @@ func GetAlbumsInParent(parentID string, authToken string) ([]models.Album, error
if album.Private {
accessLevel, err := CheckUserAlbumAccess(userID, album.ID)
if err != nil {
return []models.Album{}, err
continue // if user is not found, assume user is guest
}
if accessLevel < 1 {
if accessLevel < 0 {
continue
}
}
@@ -139,3 +139,15 @@ func GetIDFromPath(path string) (string, error) {
return currentParentID, nil
}
func IsAlbumPublic(albumID string) (bool, error) {
if albumID == "" {
return true, nil
}
album := models.Album{}
result := db.GetDB().First(&album, "id = ?", albumID)
if result.Error != nil {
return false, result.Error
}
return !album.Private, nil
}
backend/internal/services/media.go
+9
View File
@@ -83,6 +83,15 @@ func GetAllMediaInAlbum(albumID string, accessToken string) ([]models.Media, err
return media, nil
}
func GetAllMediaInPublicAlbum(albumID string) ([]models.Media, error) {
media := []models.Media{}
result := db.GetDB().Where("album_id = ?", albumID).Find(&media)
if result.Error != nil {
return []models.Media{}, result.Error
}
return media, nil
}
func GetMedia(albumID string, mediaID string) (models.Media, error) {
media := models.Media{}
result := db.GetDB().First(&media, "album_id = ? AND id = ?", albumID, mediaID)