protecting backend images
This commit is contained in:
@ -37,12 +37,26 @@ type ImagesReturn struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (h *ImageHandler) serveImage(w http.ResponseWriter, r *http.Request) {
|
func (h *ImageHandler) serveImage(w http.ResponseWriter, r *http.Request) {
|
||||||
imageId, err := middleware.GetPathParamID(h.logger, "id", w, r)
|
imageID, err := middleware.GetPathParamID(h.logger, "id", w, r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
image, err := h.imageModel.Get(r.Context(), imageId)
|
ctx := r.Context()
|
||||||
|
|
||||||
|
userID, err := middleware.GetUserID(ctx, h.logger, w)
|
||||||
|
if err != nil {
|
||||||
|
w.WriteHeader(http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
isAuthorized := h.imageModel.IsUserAuthorized(ctx, imageID, userID)
|
||||||
|
if !isAuthorized {
|
||||||
|
w.WriteHeader(http.StatusUnauthorized)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
image, err := h.imageModel.Get(r.Context(), imageID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
w.WriteHeader(http.StatusNotFound)
|
w.WriteHeader(http.StatusNotFound)
|
||||||
fmt.Fprintf(w, "Could not get image")
|
fmt.Fprintf(w, "Could not get image")
|
||||||
|
Reference in New Issue
Block a user