aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/likes/likes.go25
1 files changed, 25 insertions, 0 deletions
diff --git a/modules/likes/likes.go b/modules/likes/likes.go
index 4d69d7b..02cf9d5 100644
--- a/modules/likes/likes.go
+++ b/modules/likes/likes.go
@@ -106,6 +106,13 @@ func (m *Module) isLikedBy(w http.ResponseWriter, r *http.Request, p httprouter.
106 w.Write([]byte(fmt.Sprintf("%t", res > 0))) 106 w.Write([]byte(fmt.Sprintf("%t", res > 0)))
107} 107}
108func (m *Module) addLike(w http.ResponseWriter, r *http.Request, p httprouter.Params) { 108func (m *Module) addLike(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
109 user, _ := m.g.Charakterin.GetUserFromRequest(r)
110
111 if user == nil {
112 http.Error(w, "403", http.StatusForbidden)
113 return
114 }
115
109 params, err := readBody(r) 116 params, err := readBody(r)
110 if err != nil { 117 if err != nil {
111 log.Println(err) 118 log.Println(err)
@@ -130,6 +137,10 @@ func (m *Module) addLike(w http.ResponseWriter, r *http.Request, p httprouter.Pa
130 http.Error(w, "invalid user id", http.StatusBadRequest) 137 http.Error(w, "invalid user id", http.StatusBadRequest)
131 return 138 return
132 } 139 }
140 if user.ID != userId {
141 http.Error(w, "403", http.StatusForbidden)
142 return
143 }
133 144
134 _, err = m.g.DB.Exec(`INSERT INTO grilist.likes(content, "user", type) SELECT $1, $2, $3 WHERE NOT EXISTS (SELECT * FROM grilist.likes WHERE content = $1 AND "user" = $2 AND type = $3)`, contentId, userId, contentType) 145 _, err = m.g.DB.Exec(`INSERT INTO grilist.likes(content, "user", type) SELECT $1, $2, $3 WHERE NOT EXISTS (SELECT * FROM grilist.likes WHERE content = $1 AND "user" = $2 AND type = $3)`, contentId, userId, contentType)
135 if err != nil { 146 if err != nil {
@@ -142,19 +153,29 @@ func (m *Module) addLike(w http.ResponseWriter, r *http.Request, p httprouter.Pa
142} 153}
143 154
144func (m *Module) removeLike(w http.ResponseWriter, r *http.Request, p httprouter.Params) { 155func (m *Module) removeLike(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
156 user, _ := m.g.Charakterin.GetUserFromRequest(r)
157
158 if user == nil {
159 http.Error(w, "403", http.StatusForbidden)
160 return
161 }
162
145 params, err := readBody(r) 163 params, err := readBody(r)
146 if err != nil { 164 if err != nil {
165 log.Println(err)
147 http.Error(w, "invalid body", http.StatusBadRequest) 166 http.Error(w, "invalid body", http.StatusBadRequest)
148 return 167 return
149 } 168 }
150 169
151 contentId, err := strconv.Atoi(params.Get("id")) 170 contentId, err := strconv.Atoi(params.Get("id"))
152 if err != nil { 171 if err != nil {
172 log.Println(err)
153 http.Error(w, "invalid content id", http.StatusBadRequest) 173 http.Error(w, "invalid content id", http.StatusBadRequest)
154 return 174 return
155 } 175 }
156 contentType, err := strconv.Atoi(params.Get("type")) 176 contentType, err := strconv.Atoi(params.Get("type"))
157 if err != nil { 177 if err != nil {
178 log.Println(err)
158 http.Error(w, "invalid content type", http.StatusBadRequest) 179 http.Error(w, "invalid content type", http.StatusBadRequest)
159 return 180 return
160 } 181 }
@@ -163,6 +184,10 @@ func (m *Module) removeLike(w http.ResponseWriter, r *http.Request, p httprouter
163 http.Error(w, "invalid user id", http.StatusBadRequest) 184 http.Error(w, "invalid user id", http.StatusBadRequest)
164 return 185 return
165 } 186 }
187 if user.ID != userId {
188 http.Error(w, "403", http.StatusForbidden)
189 return
190 }
166 191
167 _, err = m.g.DB.Exec(`DELETE FROM grilist.likes WHERE content = $1 AND "user" = $2 AND type = $3`, contentId, userId, contentType) 192 _, err = m.g.DB.Exec(`DELETE FROM grilist.likes WHERE content = $1 AND "user" = $2 AND type = $3`, contentId, userId, contentType)
168 if err != nil { 193 if err != nil {
generated by cgit v0.10.1 at 2025-11-07 16:30:46 (UTC)