fix navbar and guest user checks

previously guest users would cause a response 500 if a private album existed, meaning they couldn't see any albums
they also couldn't load media in any album due to requiring an access token

backend/internal/routes/media.go

@@ -39,12 +39,27 @@ func RegisterMediaRoutes(rg *gin.RouterGroup) {
 	media.GET("/getAllMediaInAlbum", func(c *gin.Context) {
 		accessToken := c.GetHeader("Authorization")
 		albumID := c.Query("albumId")
-		media, err := services.GetAllMediaInAlbum(albumID, accessToken)
+		isPublic, err := services.IsAlbumPublic(albumID)
 		if err != nil {
 			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 			return
 		}
-		c.JSON(http.StatusOK, gin.H{"media": media})
+		if isPublic {
+			media, err := services.GetAllMediaInPublicAlbum(albumID)
+			if err != nil {
+				c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+				return
+			}
+			c.JSON(http.StatusOK, gin.H{"media": media})
+			return
+		} else {
+			media, err := services.GetAllMediaInAlbum(albumID, accessToken)
+			if err != nil {
+				c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+				return
+			}
+			c.JSON(http.StatusOK, gin.H{"media": media})
+		}
 	})
 	media.GET("/:albumId/:mediaId", func(c *gin.Context) {
 		albumID := c.Param("albumId")
@@ -52,6 +67,20 @@ func RegisterMediaRoutes(rg *gin.RouterGroup) {
 		if albumID == "root" {
 			albumID = ""
 		}
+		isPublic, err := services.IsAlbumPublic(albumID)
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+			return
+		}
+		if isPublic {
+			mediaData, err := services.GetMedia(albumID, mediaID)
+			if err != nil {
+				c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+				return
+			}
+			c.File(mediaData.Path)
+			return
+		}
 		accessToken := c.GetHeader("Authorization")
 		userID, err := services.ValidateAccessToken(accessToken)
 		if err != nil {

backend/internal/services/album.go

@@ -38,9 +38,9 @@ func GetAlbumsInParent(parentID string, authToken string) ([]models.Album, error
 		if album.Private {
 			accessLevel, err := CheckUserAlbumAccess(userID, album.ID)
 			if err != nil {
-				return []models.Album{}, err
+				continue // if user is not found, assume user is guest
 			}
-			if accessLevel < 1 {
+			if accessLevel < 0 {
 				continue
 			}
 		}
@@ -139,3 +139,15 @@ func GetIDFromPath(path string) (string, error) {
 
 	return currentParentID, nil
 }
+
+func IsAlbumPublic(albumID string) (bool, error) {
+	if albumID == "" {
+		return true, nil
+	}
+	album := models.Album{}
+	result := db.GetDB().First(&album, "id = ?", albumID)
+	if result.Error != nil {
+		return false, result.Error
+	}
+	return !album.Private, nil
+}

backend/internal/services/media.go

@@ -83,6 +83,15 @@ func GetAllMediaInAlbum(albumID string, accessToken string) ([]models.Media, err
 	return media, nil
 }
 
+func GetAllMediaInPublicAlbum(albumID string) ([]models.Media, error) {
+	media := []models.Media{}
+	result := db.GetDB().Where("album_id = ?", albumID).Find(&media)
+	if result.Error != nil {
+		return []models.Media{}, result.Error
+	}
+	return media, nil
+}
+
 func GetMedia(albumID string, mediaID string) (models.Media, error) {
 	media := models.Media{}
 	result := db.GetDB().First(&media, "album_id = ? AND id = ?", albumID, mediaID)

frontend/src/components/NavBar.jsx

@@ -7,7 +7,7 @@ export default function NavBar({ path }) {
     const [open, setOpen] = useState(false);
     const { user, logout } = useAccount();
     return (
-        <div className="flex flex-row items-center justify-between h-1/10 w-full px-6 py-2 border-b border-[#2B2B2B]">
+        <div className="flex flex-row items-center justify-between h-[10vh] w-full px-6 py-2 border-b border-[#2B2B2B] shrink-0">
             <div className="flex flex-row items-center justify-start gap-2">
                 {path.map((item, index) => (
                     <div className="flex flex-row items-center justify-start gap-2 red-hat-mono">

frontend/src/contexts/useAccount.jsx

@@ -59,8 +59,11 @@ export const AccountProvider = ({ children }) => {
         if (!accessToken && localStorage.getItem('accessToken')) {
             setAccessToken(localStorage.getItem('accessToken'))
             return localStorage.getItem('accessToken')
+        } else if (accessToken) {
+            return accessToken
+        } else {
+            return "guest"
         }
-        return accessToken
     }
 
     return <AccountContext.Provider value={{ getAccessToken, logout, login, fetchUserData, user }}>{children}</AccountContext.Provider>

frontend/src/gallery/index.jsx

@@ -51,7 +51,7 @@ export default function Gallery() {
     }, [currentAlbumID])
 
     return (
-        <div className="flex flex-col items-center justify-start h-full w-full bg-[#141414]">
+        <div className="flex flex-col items-center justify-start min-h-screen w-full bg-[#141414]">
             <NavBar path={pathList} />
             <AlbumList currentAlbumName={currentAlbumID} />
             <MediaList albumId={currentAlbumID} albumName={currentAlbumName} />