package api import ( "database/sql" "encoding/json" "log" "msw-open-music/pkg/database" "net/http" ) type LoginRequest struct { Username string `json:"username"` Password string `json:"password"` } type LoginResponse struct { User *database.User `json:"user"` } func (api *API) LoginAsAnonymous(w http.ResponseWriter, r *http.Request) { user, err := api.Db.LoginAsAnonymous() if err != nil { api.HandleError(w, r, err) return } session, _ := api.store.Get(r, api.defaultSessionName) // save session session.Values["userId"] = user.ID err = session.Save(r, w) if err != nil { api.HandleError(w, r, err) return } resp := &LoginResponse{ User: user, } err = json.NewEncoder(w).Encode(resp) if err != nil { api.HandleError(w, r, err) return } } func (api *API) HandleLogin(w http.ResponseWriter, r *http.Request) { var user *database.User var err error session, _ := api.store.Get(r, api.defaultSessionName) log.Println("Session:", session.Values) // Get method will login current or anonymous user if r.Method == "GET" { // if user already logged in if userId, ok := session.Values["userId"]; ok { user, err = api.Db.GetUserById(userId.(int64)) if err != nil { if err != sql.ErrNoRows { api.HandleError(w, r, err) return } log.Println("User not found") // login as anonymous user api.LoginAsAnonymous(w, r) return } log.Println("User already logged in:", user) } else { // login as anonymous user log.Println("Login as anonymous user") api.LoginAsAnonymous(w, r) return } } else { var request LoginRequest err := json.NewDecoder(r.Body).Decode(&request) if err != nil { api.HandleError(w, r, err) return } log.Println("Login as user", request.Username) user, err = api.Db.Login(request.Username, request.Password) if err != nil { api.HandleError(w, r, err) return } } // save session session.Values["userId"] = user.ID err = session.Save(r, w) if err != nil { api.HandleError(w, r, err) return } resp := &LoginResponse{ User: user, } err = json.NewEncoder(w).Encode(resp) if err != nil { api.HandleError(w, r, err) return } } type RegisterRequest struct { Username string `json:"username"` Password string `json:"password"` Role int64 `json:"role"` } func (api *API) HandleRegister(w http.ResponseWriter, r *http.Request) { var request RegisterRequest err := json.NewDecoder(r.Body).Decode(&request) if err != nil { api.HandleError(w, r, err) return } log.Println("Register user", request.Username) user, err := api.Db.Register(request.Username, request.Password, request.Role) if err != nil { api.HandleError(w, r, err) return } resp := &LoginResponse{ User: user, } err = json.NewEncoder(w).Encode(resp) if err != nil { api.HandleError(w, r, err) return } } func (api *API) CheckAdmin(w http.ResponseWriter, r *http.Request) error { session, _ := api.store.Get(r, api.defaultSessionName) userId, ok := session.Values["userId"] if !ok { return ErrNotLoggedIn } user, err := api.Db.GetUserById(userId.(int64)) if err != nil { return err } if user.Role != database.RoleAdmin { return ErrNotAdmin } return nil } func (api *API) CheckNotAnonymous(w http.ResponseWriter, r *http.Request) error { session, _ := api.store.Get(r, api.defaultSessionName) userId, ok := session.Values["userId"] if !ok { return ErrNotLoggedIn } user, err := api.Db.GetUserById(userId.(int64)) if err != nil { return err } if user.Role == database.RoleAnonymous { return ErrAnonymous } return nil } func (api *API) GetUserID(w http.ResponseWriter, r *http.Request) (int64, error) { session, _ := api.store.Get(r, api.defaultSessionName) userId, ok := session.Values["userId"] if !ok { return 0, ErrNotLoggedIn } return userId.(int64), nil } type GetReviewsByUserRequest struct { ID int64 `json:"id"` } func (api *API) HandleGetReviewsByUser(w http.ResponseWriter, r *http.Request) { req := &GetReviewsByUserRequest{} err := json.NewDecoder(r.Body).Decode(req) if err != nil { api.HandleError(w, r, err) return } reviews, err := api.Db.GetReviewsByUser(req.ID) if err != nil { api.HandleError(w, r, err) return } err = json.NewEncoder(w).Encode(reviews) if err != nil { api.HandleError(w, r, err) return } }