diff --git a/handlers/people.go b/handlers/people.go index 19d11cac4..f04b7568c 100644 --- a/handlers/people.go +++ b/handlers/people.go @@ -37,6 +37,13 @@ func (ph *peopleHandler) CreateOrEditPerson(w http.ResponseWriter, r *http.Reque person := db.Person{} body, err := io.ReadAll(r.Body) + + if err != nil { + w.WriteHeader(http.StatusBadRequest) + json.NewEncoder(w).Encode("Sent wrong body data") + return + } + r.Body.Close() err = json.Unmarshal(body, &person) if err != nil { @@ -62,12 +69,6 @@ func (ph *peopleHandler) CreateOrEditPerson(w http.ResponseWriter, r *http.Reque existing := ph.db.GetPersonByPubkey(pubKeyFromAuth) if existing.ID == 0 { - if person.ID != 0 { - // cant try to "edit" if not exists already - fmt.Println("cant edit non existing") - w.WriteHeader(http.StatusUnauthorized) - return - } person.UniqueName, _ = ph.db.PersonUniqueNameFromName(person.OwnerAlias) person.Created = &now person.Uuid = xid.New().String() @@ -80,13 +81,9 @@ func (ph *peopleHandler) CreateOrEditPerson(w http.ResponseWriter, r *http.Reque person.ReferredBy = referral.ID } } - } else { // editing! needs ID - if person.ID == 0 { // can't create if already exists - fmt.Println("can't create, already existing") - w.WriteHeader(http.StatusUnauthorized) - return - } - if person.ID != existing.ID { // can't edit someone else's + } else { + if person.OwnerPubKey != existing.OwnerPubKey && person.OwnerAlias != existing.OwnerAlias { + // can't edit someone else's fmt.Println("cant edit someone else") w.WriteHeader(http.StatusUnauthorized) return @@ -120,6 +117,13 @@ func (ph *peopleHandler) CreateOrEditPerson(w http.ResponseWriter, r *http.Reque func (ph *peopleHandler) UpsertLogin(w http.ResponseWriter, r *http.Request) { person := db.Person{} body, err := io.ReadAll(r.Body) + + if err != nil { + w.WriteHeader(http.StatusBadRequest) + json.NewEncoder(w).Encode("Sent wrong body data") + return + } + r.Body.Close() err = json.Unmarshal(body, &person) if err != nil { @@ -582,6 +586,7 @@ func GetAssetList(pubkey string) ([]db.AssetListData, error) { var r []db.AssetListData body, err := io.ReadAll(resp.Body) + err = json.Unmarshal(body, &r) if err != nil { fmt.Println("json unmarshall error", err) diff --git a/handlers/people_test.go b/handlers/people_test.go index ce326c34b..5fa06f768 100644 --- a/handlers/people_test.go +++ b/handlers/people_test.go @@ -112,7 +112,7 @@ func TestCreateOrEditPerson(t *testing.T) { rr := httptest.NewRecorder() handler := http.HandlerFunc(pHandler.CreateOrEditPerson) - bodyJson := []byte(`{"owner_pubkey": "test-key", "id": 100}`) + bodyJson := []byte(`{"owner_pubkey": "fake-key"}`) ctx := context.WithValue(context.Background(), auth.ContextKey, "test-key") req, err := http.NewRequestWithContext(ctx, http.MethodPost, "/", bytes.NewReader(bodyJson)) if err != nil { @@ -170,7 +170,7 @@ func TestCreateOrEditPerson(t *testing.T) { rr := httptest.NewRecorder() handler := http.HandlerFunc(pHandler.CreateOrEditPerson) - bodyJson := []byte(`{"owner_pubkey": "test-key", "owner_alias": "test-user", "id": 1}`) + bodyJson := []byte(`{"owner_pubkey": "fake-key", "owner_alias": "test-user"}`) ctx := context.WithValue(context.Background(), auth.ContextKey, "test-key") req, err := http.NewRequestWithContext(ctx, http.MethodPost, "/", bytes.NewReader(bodyJson)) if err != nil { @@ -248,7 +248,7 @@ func TestGetPersonById(t *testing.T) { rr := httptest.NewRecorder() handler := http.HandlerFunc(pHandler.GetPersonById) person := db.Person{ - ID: 100, + ID: 300, Uuid: "perosn_1_uuid", OwnerAlias: "person", UniqueName: "person", @@ -268,6 +268,9 @@ func TestGetPersonById(t *testing.T) { db.TestDB.CreateOrEditPerson(person) fetchedPerson := db.TestDB.GetPerson(person.ID) + person.Created = fetchedPerson.Created + person.Updated = fetchedPerson.Updated + handler.ServeHTTP(rr, req) var returnedPerson db.Person