feat: Added chapter 8

This commit is contained in:
syrell 2024-10-26 15:03:14 +02:00
parent 61beecd4a0
commit 8b7fdf59b5
13 changed files with 289 additions and 5 deletions

View File

@ -167,3 +167,52 @@ func (cfg *apiConfig) getChirp(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(200)
w.Write(dat)
}
func (cfg *apiConfig) deleteChirp(w http.ResponseWriter, r *http.Request) {
token, err := auth.GetBearerToken(r.Header)
if err != nil {
log.Printf("Error extracting token: %s", err)
w.WriteHeader(401)
return
}
userId, err := auth.ValidateJWT(token, cfg.JWT)
if err != nil {
log.Printf("Invalid JWT: %s", err)
w.WriteHeader(401)
return
}
idFromQuery := r.PathValue("chirpID")
id, err := uuid.Parse(idFromQuery)
if err != nil {
log.Printf("Not a valid ID: %s", err)
w.WriteHeader(500)
return
}
chirp, err := cfg.DB.GetChirp(r.Context(), id)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
w.WriteHeader(http.StatusNotFound)
return
}
log.Printf("Error getting chirp: %s", err)
w.WriteHeader(500)
return
}
if chirp.UserID != userId {
log.Printf("User %s not allowed to delete chirp owned by %s", userId, chirp.UserID)
w.WriteHeader(403)
return
}
err = cfg.DB.DeleteChirp(r.Context(), database.DeleteChirpParams{
ID: id,
UserID: userId,
})
if err != nil {
log.Printf("Error deleting chirp: %v", err)
w.WriteHeader(404)
return
}
w.WriteHeader(204)
}

View File

@ -81,3 +81,15 @@ func MakeRefreshToken() (string, error) {
hexData := hex.EncodeToString(buffer)
return hexData, nil
}
func GetAPIKey(headers http.Header) (string, error) {
authHeader := headers.Get("Authorization")
if authHeader == "" {
return "", errors.New("authorization header is not set")
}
if !strings.HasPrefix(authHeader, "ApiKey ") {
return "", errors.New("incorrect authorization type, must be of type ApiKey")
}
apiKey := strings.TrimPrefix(authHeader, "ApiKey ")
return strings.TrimSpace(apiKey), nil
}

View File

@ -41,6 +41,22 @@ func (q *Queries) CreateChirp(ctx context.Context, arg CreateChirpParams) (Chirp
return i, err
}
const deleteChirp = `-- name: DeleteChirp :exec
DELETE FROM chirps
WHERE id = $1
AND user_id = $2
`
type DeleteChirpParams struct {
ID uuid.UUID
UserID uuid.UUID
}
func (q *Queries) DeleteChirp(ctx context.Context, arg DeleteChirpParams) error {
_, err := q.db.ExecContext(ctx, deleteChirp, arg.ID, arg.UserID)
return err
}
const getChirp = `-- name: GetChirp :one
SELECT id, created_at, updated_at, body, user_id FROM chirps
WHERE chirps.id = $1

View File

@ -34,4 +34,5 @@ type User struct {
UpdatedAt time.Time
Email string
HashedPassword string
IsChirpyRed bool
}

View File

@ -0,0 +1,49 @@
// Code generated by sqlc. DO NOT EDIT.
// versions:
// sqlc v1.27.0
// source: update_users.sql
package database
import (
"context"
"time"
"github.com/google/uuid"
)
const updateUserCredentials = `-- name: UpdateUserCredentials :one
UPDATE users
SET email = $2,
hashed_password = $3,
updated_at = NOW()
WHERE users.id = $1
RETURNING id, created_at, updated_at, email, is_chirpy_red
`
type UpdateUserCredentialsParams struct {
ID uuid.UUID
Email string
HashedPassword string
}
type UpdateUserCredentialsRow struct {
ID uuid.UUID
CreatedAt time.Time
UpdatedAt time.Time
Email string
IsChirpyRed bool
}
func (q *Queries) UpdateUserCredentials(ctx context.Context, arg UpdateUserCredentialsParams) (UpdateUserCredentialsRow, error) {
row := q.db.QueryRowContext(ctx, updateUserCredentials, arg.ID, arg.Email, arg.HashedPassword)
var i UpdateUserCredentialsRow
err := row.Scan(
&i.ID,
&i.CreatedAt,
&i.UpdatedAt,
&i.Email,
&i.IsChirpyRed,
)
return i, err
}

View File

@ -7,6 +7,8 @@ package database
import (
"context"
"github.com/google/uuid"
)
const createUser = `-- name: CreateUser :one
@ -18,7 +20,7 @@ VALUES (
$1,
$2
)
RETURNING id, created_at, updated_at, email, hashed_password
RETURNING id, created_at, updated_at, email, hashed_password, is_chirpy_red
`
type CreateUserParams struct {
@ -35,13 +37,14 @@ func (q *Queries) CreateUser(ctx context.Context, arg CreateUserParams) (User, e
&i.UpdatedAt,
&i.Email,
&i.HashedPassword,
&i.IsChirpyRed,
)
return i, err
}
const deleteUser = `-- name: DeleteUser :one
DELETE FROM users
RETURNING id, created_at, updated_at, email, hashed_password
RETURNING id, created_at, updated_at, email, hashed_password, is_chirpy_red
`
func (q *Queries) DeleteUser(ctx context.Context) (User, error) {
@ -53,12 +56,13 @@ func (q *Queries) DeleteUser(ctx context.Context) (User, error) {
&i.UpdatedAt,
&i.Email,
&i.HashedPassword,
&i.IsChirpyRed,
)
return i, err
}
const getUserByEmail = `-- name: GetUserByEmail :one
SELECT id, created_at, updated_at, email, hashed_password FROM users
SELECT id, created_at, updated_at, email, hashed_password, is_chirpy_red FROM users
WHERE users.email = $1
`
@ -71,6 +75,18 @@ func (q *Queries) GetUserByEmail(ctx context.Context, email string) (User, error
&i.UpdatedAt,
&i.Email,
&i.HashedPassword,
&i.IsChirpyRed,
)
return i, err
}
const upgradeUser = `-- name: UpgradeUser :exec
UPDATE users
SET is_chirpy_red = true
WHERE id = $1
`
func (q *Queries) UpgradeUser(ctx context.Context, id uuid.UUID) error {
_, err := q.db.ExecContext(ctx, upgradeUser, id)
return err
}

View File

@ -70,6 +70,7 @@ func (cfg *apiConfig) Login(w http.ResponseWriter, r *http.Request) {
Email string `json:"email"`
AccessToken string `json:"token"`
RefreshToken string `json:"refresh_token"`
ChirpyRed bool `json:"is_chirpy_red"`
}
data, err := json.Marshal(loginResponse{
@ -79,6 +80,7 @@ func (cfg *apiConfig) Login(w http.ResponseWriter, r *http.Request) {
Email: loggedUser.Email,
AccessToken: newJwt,
RefreshToken: newRefreshToken,
ChirpyRed: loggedUser.IsChirpyRed,
})
if err != nil {
log.Printf("Error marshalling JSON: %s", err)

View File

@ -17,6 +17,7 @@ type apiConfig struct {
DB *database.Queries
Platform string
JWT string
PolkaKey string
}
func main() {
@ -33,6 +34,10 @@ func main() {
if jwtSecret == "" {
log.Fatalf("Empty JWT_SECRET env var!")
}
polkaKey := os.Getenv("POLKA_KEY")
if polkaKey == "" {
log.Fatalf("Empty POLKA_KEY env var!")
}
db, err := sql.Open("postgres", dbURL)
if err != nil {
log.Fatalf("Unable to connect to db: %s", err)
@ -42,6 +47,7 @@ func main() {
DB: database.New(db),
Platform: platform,
JWT: jwtSecret,
PolkaKey: polkaKey,
}
mux := http.NewServeMux()
fsHandler := apiCfg.middlewareMetricsInc(http.StripPrefix("/app", http.FileServer(http.Dir("."))))
@ -56,10 +62,13 @@ func main() {
mux.HandleFunc("GET /api/chirps", apiCfg.getChirps)
mux.HandleFunc("POST /api/chirps", apiCfg.chirpsCreate)
mux.HandleFunc("POST /api/users", apiCfg.createUsers)
mux.HandleFunc("PUT /api/users", apiCfg.updateUsers)
mux.HandleFunc("GET /api/chirps/{chirpID}", apiCfg.getChirp)
mux.HandleFunc("DELETE /api/chirps/{chirpID}", apiCfg.deleteChirp)
mux.HandleFunc("POST /api/login", apiCfg.Login)
mux.HandleFunc("POST /api/refresh", apiCfg.RefreshToken)
mux.HandleFunc("POST /api/revoke", apiCfg.RevokeToken)
mux.HandleFunc("POST /api/polka/webhooks", apiCfg.subscribeUser)
server := &http.Server{
Addr: ":8080",

View File

@ -16,3 +16,8 @@ ORDER BY created_at ASC;
-- name: GetChirp :one
SELECT * FROM chirps
WHERE chirps.id = $1;
-- name: DeleteChirp :exec
DELETE FROM chirps
WHERE id = $1
AND user_id = $2;

View File

@ -0,0 +1,7 @@
-- name: UpdateUserCredentials :one
UPDATE users
SET email = $2,
hashed_password = $3,
updated_at = NOW()
WHERE users.id = $1
RETURNING id, created_at, updated_at, email, is_chirpy_red;

View File

@ -16,3 +16,8 @@ RETURNING *;
-- name: GetUserByEmail :one
SELECT * FROM users
WHERE users.email = $1;
-- name: UpgradeUser :exec
UPDATE users
SET is_chirpy_red = true
WHERE id = $1;

View File

@ -0,0 +1,7 @@
-- +goose Up
ALTER TABLE users
ADD COLUMN is_chirpy_red BOOLEAN DEFAULT false NOT NULL;
-- +goose Down
ALTER TABLE users
DROP COLUMN is_chirpy_red;

106
users.go
View File

@ -17,6 +17,7 @@ type User struct {
UpdatedAt time.Time `json:"updated_at"`
Email string `json:"email"`
HashedPassword string `json:"-"`
ChirpyRed bool `json:"is_chirpy_red"`
}
func (cfg *apiConfig) createUsers(w http.ResponseWriter, r *http.Request) {
@ -54,6 +55,7 @@ func (cfg *apiConfig) createUsers(w http.ResponseWriter, r *http.Request) {
CreatedAt: newDBUser.CreatedAt,
UpdatedAt: newDBUser.UpdatedAt,
Email: newDBUser.Email,
ChirpyRed: newDBUser.IsChirpyRed,
}
dat, err := json.Marshal(newUser)
if err != nil {
@ -65,3 +67,107 @@ func (cfg *apiConfig) createUsers(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(201)
w.Write(dat)
}
func (cfg *apiConfig) updateUsers(w http.ResponseWriter, r *http.Request) {
token, err := auth.GetBearerToken(r.Header)
if err != nil {
log.Printf("Error extracting token: %s", err)
w.WriteHeader(401)
return
}
userId, err := auth.ValidateJWT(token, cfg.JWT)
if err != nil {
log.Printf("Invalid JWT: %s", err)
w.WriteHeader(401)
return
}
type parameters struct {
Email string `json:"email"`
Password string `json:"password"`
}
decoder := json.NewDecoder(r.Body)
params := parameters{}
err = decoder.Decode(&params)
if err != nil {
log.Printf("Error decoding parameters: %s", err)
w.WriteHeader(500)
return
}
defer r.Body.Close()
hashedPassword, err := auth.HashPassword(params.Password)
if err != nil {
log.Printf("Error hashing password: %s", err)
w.WriteHeader(500)
return
}
credentialsQueryParams := database.UpdateUserCredentialsParams{
ID: userId,
Email: params.Email,
HashedPassword: hashedPassword,
}
updatedCredentials, err := cfg.DB.UpdateUserCredentials(r.Context(), credentialsQueryParams)
if err != nil {
log.Printf("Error updating user credentials: %v", err)
w.WriteHeader(500)
return
}
data, err := json.Marshal(User{
ID: userId,
CreatedAt: updatedCredentials.CreatedAt,
UpdatedAt: updatedCredentials.UpdatedAt,
Email: updatedCredentials.Email,
ChirpyRed: updatedCredentials.IsChirpyRed,
})
if err != nil {
log.Printf("Error marshalling JSON: %s", err)
w.WriteHeader(500)
return
}
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(200)
w.Write(data)
}
func (cfg *apiConfig) subscribeUser(w http.ResponseWriter, r *http.Request) {
_, err := auth.GetAPIKey(r.Header)
if err != nil {
log.Printf("Error extracting apiKey: %s", err)
w.WriteHeader(401)
return
}
type parameters struct {
Event string `json:"event"`
Data map[string]string `json:"data"`
}
decoder := json.NewDecoder(r.Body)
params := parameters{}
err = decoder.Decode(&params)
if err != nil {
log.Printf("Error decoding parameters: %s", err)
w.WriteHeader(400)
return
}
defer r.Body.Close()
if params.Event != "user.upgraded" {
w.WriteHeader(204)
return
}
paramsUserIdString := params.Data["user_id"]
paramsUserId, err := uuid.Parse(paramsUserIdString)
if err != nil {
log.Printf("Specified user_id is not a valid UUID: %v", err)
w.WriteHeader(400)
return
}
err = cfg.DB.UpgradeUser(r.Context(), paramsUserId)
if err != nil {
log.Printf("No user matches user_id given: %v", err)
w.WriteHeader(404)
return
}
w.WriteHeader(204)
}