protecting backend images

backend/images/handler.go

@@ -37,12 +37,26 @@ type ImagesReturn struct {
 }
 
 func (h *ImageHandler) serveImage(w http.ResponseWriter, r *http.Request) {
-	imageId, err := middleware.GetPathParamID(h.logger, "id", w, r)
+	imageID, err := middleware.GetPathParamID(h.logger, "id", w, r)
 	if err != nil {
 		return
 	}
 
-	image, err := h.imageModel.Get(r.Context(), imageId)
+	ctx := r.Context()
+
+	userID, err := middleware.GetUserID(ctx, h.logger, w)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	isAuthorized := h.imageModel.IsUserAuthorized(ctx, imageID, userID)
+	if !isAuthorized {
+		w.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
+	image, err := h.imageModel.Get(r.Context(), imageID)
 	if err != nil {
 		w.WriteHeader(http.StatusNotFound)
 		fmt.Fprintf(w, "Could not get image")