azpect/Potion
1
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity

(FIX): This should be the last of the user nil deref updates!

Browse Source 
I believe this can mark the tasks about fixing the deref issues with
auth completed. Will test in production to find out!
This commit is contained in:
Hayden Hargreaves 2025-07-27 14:11:26 -07:00
parent dbf8470195
commit eccc4885cc
4 changed files with 65 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
internal/app/handlers/engagement_handler.go
View File

@ -13,7 +13,15 @@ func EngagementViewRecipe(ctx *gin.Context) {
deps := ctx.MustGet("deps").(*domain.InjectedDependencies) deps := ctx.MustGet("deps").(*domain.InjectedDependencies)
recipeId, _ := strconv.Atoi(ctx.Param("id")) recipeId, _ := strconv.Atoi(ctx.Param("id"))
if !domain.IsLoggedIn(ctx) { // Ensure user is logged in with a valid account
user := deps.UserService.GetAuthenicatedUser(ctx)
if user == nil {
// Log (stale) user out
domain.SetCookie(ctx, "jwt_token", "", -1)
domain.SetCookie(ctx, "search-filters", "", -1)
}
if !domain.IsLoggedIn(ctx) || user == nil {
if _, err := deps.EngagementService.ViewRecipe(recipeId); err != nil { if _, err := deps.EngagementService.ViewRecipe(recipeId); err != nil {
ctx.JSON(http.StatusInternalServerError, gin.H{ ctx.JSON(http.StatusInternalServerError, gin.H{
"status": http.StatusInternalServerError, "status": http.StatusInternalServerError,
@ -26,9 +34,8 @@ func EngagementViewRecipe(ctx *gin.Context) {
return return
} }
userId := ctx.MustGet("userId").(int) // We caught nil already, we can assume the user exists
if _, err := deps.EngagementService.UserViewRecipe(user.Id, recipeId); err != nil {
if _, err := deps.EngagementService.UserViewRecipe(userId, recipeId); err != nil {
ctx.JSON(http.StatusInternalServerError, gin.H{ ctx.JSON(http.StatusInternalServerError, gin.H{
"status": http.StatusInternalServerError, "status": http.StatusInternalServerError,
"message": err.Error(), "message": err.Error(),
@ -43,7 +50,15 @@ func EngagementShareRecipe(ctx *gin.Context) {
deps := ctx.MustGet("deps").(*domain.InjectedDependencies) deps := ctx.MustGet("deps").(*domain.InjectedDependencies)
recipeId, _ := strconv.Atoi(ctx.Param("id")) recipeId, _ := strconv.Atoi(ctx.Param("id"))
if !domain.IsLoggedIn(ctx) { // Ensure user is logged in with a valid account
user := deps.UserService.GetAuthenicatedUser(ctx)
if user == nil {
// Log (stale) user out
domain.SetCookie(ctx, "jwt_token", "", -1)
domain.SetCookie(ctx, "search-filters", "", -1)
}
if !domain.IsLoggedIn(ctx) || user == nil {
if _, err := deps.EngagementService.ShareRecipe(recipeId); err != nil { if _, err := deps.EngagementService.ShareRecipe(recipeId); err != nil {
ctx.JSON(http.StatusInternalServerError, gin.H{ ctx.JSON(http.StatusInternalServerError, gin.H{
"status": http.StatusInternalServerError, "status": http.StatusInternalServerError,
@ -55,9 +70,7 @@ func EngagementShareRecipe(ctx *gin.Context) {
return return
} }
userId := ctx.MustGet("userId").(int) if _, err := deps.EngagementService.UserShareRecipe(user.Id, recipeId); err != nil {
if _, err := deps.EngagementService.UserShareRecipe(userId, recipeId); err != nil {
ctx.JSON(http.StatusInternalServerError, gin.H{ ctx.JSON(http.StatusInternalServerError, gin.H{
"status": http.StatusInternalServerError, "status": http.StatusInternalServerError,
"message": err.Error(), "message": err.Error(),
@ -70,7 +83,15 @@ func EngagementShareRecipe(ctx *gin.Context) {
func EngagementFavoriteRecipe(ctx *gin.Context) { func EngagementFavoriteRecipe(ctx *gin.Context) {
deps := ctx.MustGet("deps").(*domain.InjectedDependencies) deps := ctx.MustGet("deps").(*domain.InjectedDependencies)
if !domain.IsLoggedIn(ctx) { // Ensure user is logged in with a valid account
user := deps.UserService.GetAuthenicatedUser(ctx)
if user == nil {
// Log (stale) user out
domain.SetCookie(ctx, "jwt_token", "", -1)
domain.SetCookie(ctx, "search-filters", "", -1)
}
if !domain.IsLoggedIn(ctx) || user == nil {
ctx.Header("HX-Redirect", domain.WEB_LOGIN) ctx.Header("HX-Redirect", domain.WEB_LOGIN)
ctx.Status(http.StatusOK) ctx.Status(http.StatusOK)
return return
@ -78,9 +99,8 @@ func EngagementFavoriteRecipe(ctx *gin.Context) {
id := ctx.Param("id") id := ctx.Param("id")
recipeId, _ := strconv.Atoi(id) recipeId, _ := strconv.Atoi(id)
userId := ctx.MustGet("userId").(int)
if _, err := deps.EngagementService.UserFavoriteRecipe(userId, recipeId); err != nil { if _, err := deps.EngagementService.UserFavoriteRecipe(user.Id, recipeId); err != nil {
ctx.JSON(http.StatusInternalServerError, gin.H{ ctx.JSON(http.StatusInternalServerError, gin.H{
"status": http.StatusInternalServerError, "status": http.StatusInternalServerError,
"message": err.Error(), "message": err.Error(),

12
internal/app/handlers/page_handler.go
View File

@ -136,12 +136,24 @@ func FavoritesPage(ctx *gin.Context) {
} }
func CreatePage(ctx *gin.Context) { func CreatePage(ctx *gin.Context) {
deps := ctx.MustGet("deps").(*domainServer.InjectedDependencies)
// If not logged in, direct to the login page // If not logged in, direct to the login page
if !domainServer.IsLoggedIn(ctx) { if !domainServer.IsLoggedIn(ctx) {
ctx.Redirect(http.StatusSeeOther, domainServer.WEB_LOGIN) ctx.Redirect(http.StatusSeeOther, domainServer.WEB_LOGIN)
return return
} }
// Ensure user is logged in with a valid account
if user := deps.UserService.GetAuthenicatedUser(ctx); user == nil {
// Log (stale) user out
domain.SetCookie(ctx, "jwt_token", "", -1)
domain.SetCookie(ctx, "search-filters", "", -1)
ctx.Redirect(http.StatusSeeOther, domainServer.WEB_LOGIN)
return
}
title := "Potion - Create" title := "Potion - Create"
page := pages.CreatePage() page := pages.CreatePage()

2
internal/app/handlers/recipe_handler.go
View File

@ -84,6 +84,8 @@ func SearchRecipes(ctx *gin.Context) {
userId = &id userId = &id
} }
// TODO: Not sure if we need to ensure the user is valid here
// We don't care about favorite status, so use false // We don't care about favorite status, so use false
recipes, err := deps.RecipeService.SearchRecipes(filters, userId, false) recipes, err := deps.RecipeService.SearchRecipes(filters, userId, false)
if err != nil { if err != nil {

44
internal/app/handlers/user_handler.go
View File

@ -11,8 +11,16 @@ import (
func GetUserRecipes(ctx *gin.Context) { func GetUserRecipes(ctx *gin.Context) {
deps := ctx.MustGet("deps").(*domain.InjectedDependencies) deps := ctx.MustGet("deps").(*domain.InjectedDependencies)
// Ensure user is logged in with a valid account
user := deps.UserService.GetAuthenicatedUser(ctx)
if user == nil {
// Log (stale) user out
domain.SetCookie(ctx, "jwt_token", "", -1)
domain.SetCookie(ctx, "search-filters", "", -1)
}
// Ensure logged in // Ensure logged in
if !domain.IsLoggedIn(ctx) { if !domain.IsLoggedIn(ctx) || user == nil {
ctx.JSON(http.StatusUnauthorized, gin.H{ ctx.JSON(http.StatusUnauthorized, gin.H{
"status": http.StatusUnauthorized, "status": http.StatusUnauthorized,
"message": "User is not authorized to access this endpoint. Please login to continue.", "message": "User is not authorized to access this endpoint. Please login to continue.",
@ -21,17 +29,7 @@ func GetUserRecipes(ctx *gin.Context) {
return return
} }
userId, ok := ctx.MustGet("userId").(int) recipes, err := deps.RecipeService.GetUserRecipes(user.Id)
if !ok {
ctx.JSON(http.StatusInternalServerError, gin.H{
"status": http.StatusInternalServerError,
"message": "Unable to access user id from store.",
"recipes": nil,
})
return
}
recipes, err := deps.RecipeService.GetUserRecipes(userId)
if err != nil { if err != nil {
ctx.JSON(http.StatusBadRequest, gin.H{ ctx.JSON(http.StatusBadRequest, gin.H{
"status": http.StatusBadRequest, "status": http.StatusBadRequest,
@ -51,8 +49,16 @@ func GetUserRecipes(ctx *gin.Context) {
func GetUserFavoriteRecipes(ctx *gin.Context) { func GetUserFavoriteRecipes(ctx *gin.Context) {
deps := ctx.MustGet("deps").(*domain.InjectedDependencies) deps := ctx.MustGet("deps").(*domain.InjectedDependencies)
// Ensure user is logged in with a valid account
user := deps.UserService.GetAuthenicatedUser(ctx)
if user == nil {
// Log (stale) user out
domain.SetCookie(ctx, "jwt_token", "", -1)
domain.SetCookie(ctx, "search-filters", "", -1)
}
// Ensure logged in // Ensure logged in
if !domain.IsLoggedIn(ctx) { if !domain.IsLoggedIn(ctx) || user == nil {
ctx.JSON(http.StatusUnauthorized, gin.H{ ctx.JSON(http.StatusUnauthorized, gin.H{
"status": http.StatusUnauthorized, "status": http.StatusUnauthorized,
"message": "User is not authorized to access this endpoint. Please login to continue.", "message": "User is not authorized to access this endpoint. Please login to continue.",
@ -61,17 +67,7 @@ func GetUserFavoriteRecipes(ctx *gin.Context) {
return return
} }
userId, ok := ctx.MustGet("userId").(int) recipes, err := deps.RecipeService.GetUserFavoriteRecipes(user.Id)
if !ok {
ctx.JSON(http.StatusInternalServerError, gin.H{
"status": http.StatusInternalServerError,
"message": "Unable to access user id from store.",
"recipes": nil,
})
return
}
recipes, err := deps.RecipeService.GetUserFavoriteRecipes(userId)
if err != nil { if err != nil {
ctx.JSON(http.StatusBadRequest, gin.H{ ctx.JSON(http.StatusBadRequest, gin.H{
"status": http.StatusBadRequest, "status": http.StatusBadRequest,