link messages to users

ivarprudnikov · Apr 15, 2024 · d869eda · d869eda
1 parent 0f34ac0
commit d869eda
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 7 deletions.
diff --git a/internal/storage/messages.go b/internal/storage/messages.go
@@ -9,7 +9,7 @@ import (
 const MAX_PIN_ATTEMPTS = 5
 
 type MessageStore interface {
-	ListMessages() ([]Message, error)
+	ListMessages(username string) ([]Message, error)
 	AddMessage(text string, username string) (Message, error)
 	GetMessage(id string) (*Message, error)
 	GetFullMessage(id string, pin string) (*Message, error)
@@ -53,10 +53,10 @@ func (s *memMessageStore) Decrypt(ciphertext string, pass string) (string, error
 	return plaintext, nil
 }
 
-func (s *memMessageStore) ListMessages() ([]Message, error) {
+func (s *memMessageStore) ListMessages(username string) ([]Message, error) {
 	var msgs []Message
 	s.messages.Range(func(k, v any) bool {
-		if msg, ok := v.(Message); ok {
+		if msg, ok := v.(Message); ok && msg.Username == username {
 			// do not expose sensitive info
 			msgs = append(msgs, Message{
 				Digest:  msg.Digest,

diff --git a/routes.go b/routes.go
@@ -184,7 +184,8 @@ func listMsgHandler(sessions *sessions.CookieStore, store storage.MessageStore)
 			return
 		}
 		sess, _ := sessions.Get(r, SESS_COOKIE)
-		messages, err := store.ListMessages()
+		username := sess.Values[SESS_USER_KEY]
+		messages, err := store.ListMessages(username.(string))
 		if err != nil {
 			sendError(r.Context(), sess, w, "failed to list messages", err)
 			return
@@ -223,8 +224,8 @@ func createMsgHandler(sessions *sessions.CookieStore, store storage.MessageStore
 			sendError(r.Context(), sess, w, "payload is empty", nil)
 			return
 		}
-		// TODO only auth user is allowed
-		msg, err := store.AddMessage(payload, "someuser")
+		username := sess.Values[SESS_USER_KEY]
+		msg, err := store.AddMessage(payload, username.(string))
 		if err != nil {
 			sendError(r.Context(), sess, w, "failed to store message", err)
 			return
@@ -292,6 +293,7 @@ func showMsgFullHandler(sessions *sessions.CookieStore, store storage.MessageSto
 }
 
 // adds CSRF token to the session of the get requests
+// adds user to the context if session exists
 func newAppMiddleware(sessions *sessions.CookieStore, users storage.UserStore) func(h http.Handler) http.Handler {
 	return func(h http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

diff --git a/web/account.created.tmpl b/web/account.created.tmpl
@@ -9,6 +9,8 @@
     <p>Your username: {{ .data.Username }}</p>
     <p>Created at: {{ .data.Created }}</p>
 
+    <a href="/accounts/login" class="btn btn-primary">Login</a>
+
     {{template "footer.tmpl" .}}
   </div>
 </body>

diff --git a/web/message.show.tmpl b/web/message.show.tmpl
@@ -17,7 +17,7 @@
         <div class="mb-3">
           <label for="pin" class="form-label">PIN</label>
           <input type="password" name="pin" class="form-control" aria-describedby="pinHelp" id="pin" placeholder="secret PIN" />
-          <div id="pinHelp" class="form-text">Provide a PIN to unloc content</div>
+          <div id="pinHelp" class="form-text">Provide a PIN to unlock content</div>
         </div>
         <button type="submit" class="btn btn-primary">Validate PIN</button>
       </form>