haopengzhan/noteplace-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit
Go CI / build (push) Failing after 2m42s
Details

Browse Source 
feat: create basic server to manage google oauth, account, sessions, places, attributes and ratings.
This commit is contained in:
haopengzhan
2025-09-19 02:43:04 -07:00
commit f1909da1ad
26 changed files with 2619 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/go.yaml
+27
View File
@@ -0,0 +1,27 @@
name: Go CI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.25'
- name: Install dependencies
run: go mod download
- name: Build
run: go build -v ./...
- name: Test
run: go test -v ./...
.github/workflows/go.yaml
+27
View File
@@ -0,0 +1,27 @@
name: Go CI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.25'
- name: Install dependencies
run: go mod download
- name: Build
run: go build -v ./...
- name: Test
run: go test -v ./...
.gitignore
+3
View File
@@ -0,0 +1,3 @@
node_modules
.env
db.json
README.md
+130
View File
@@ -0,0 +1,130 @@
# NotePlace Backend Server
![Go](https://img.shields.io/badge/Go-1.16%2B-00ADD8?style=for-the-badge&logo=go)
![Gin Framework](https://img.shields.io/badge/Gin-Web%20Framework-008080?style=for-the-badge&logo=go)
![Google OAuth](https://img.shields.io/badge/Google%20OAuth-Authentication-4285F4?style=for-the-badge&logo=google)
NotePlace is a web application backend for rating and commenting on various aspects of places. This server provides a robust API for managing places, attributes, and user ratings, with a focus on a CLI-friendly Google OAuth 2.0 authentication flow.
## ✨ Features
* **Place Management:** Create, retrieve, and list places.
* **Rating System:** Users can create, update, and delete ratings for places and their specific attributes.
* **Custom Attributes:** Define custom attributes that can be rated for different place categories.
* **CLI-Friendly Google OAuth 2.0:** Secure authentication designed for command-line interactions.
* **JSON File Persistence:** Simple, file-based data storage (`db.json`).
## 🚀 Getting Started
### Prerequisites
Before you begin, ensure you have the following installed:
* **Go:** Version 1.25 or higher.
* **Google Cloud Project:** With OAuth 2.0 credentials configured for a Desktop App (you'll need a Client ID and Client Secret).
### Installation & Setup
1. **Clone the repository:**
```bash
git clone https://github.com/your-username/noteplace.git
cd noteplace
```
2. **Configure Environment Variables:**
Create a `.env` file in the project root and add your Google OAuth credentials:
```dotenv
GOOGLE_CLIENT_ID=YOUR_GOOGLE_CLIENT_ID
GOOGLE_CLIENT_SECRET=YOUR_GOOGLE_CLIENT_SECRET
# Optional: IP=0.0.0.0
# Optional: PORT=3001
```
3. **Run the Server:**
```bash
go run cmd/server.go
```
The server will start on `http://localhost:3001` (or your configured `IP:PORT`). Data will be loaded from and saved to `db.json`.
## 🔑 API Authentication (CLI Flow)
NotePlace uses a unique CLI-friendly Google OAuth 2.0 flow:
1. **Initiate Login:** Send a `GET` request to `/api/auth/google/cli/login`.
```bash
curl http://localhost:3001/api/auth/google/cli/login
```
The server will respond with a `verification_url` and a `user_code`.
2. **Authorize in Browser:** Open the `verification_url` in your web browser, log in with your Google account, and enter the provided `user_code` to grant access.
3. **Receive Session ID:** Once authorized, your initial `curl` command will complete, returning a session ID. Include this ID in the `Authorization` header for all subsequent authenticated API requests:
```bash
Authorization: <YOUR_SESSION_ID>
```
## 📖 API Endpoints
All API routes are prefixed with `/api`.
### Examples
* **Get All Places:**
```bash
curl http://localhost:3001/api/places
```
* **Create a New Place (Authenticated):**
```bash
curl -X POST \
-H "Authorization: <YOUR_SESSION_ID>" \
-H "Content-Type: application/json" \
-d '{"name":"The Grand Restaurant","category":"Restaurant","address":{"street":"123 Main St","city":"Anytown","state":"CA","zip":"12345","country":"USA"}}' \
http://localhost:3001/api/places
```
* **Create a Rating (Authenticated):**
```bash
curl -X POST \
-H "Authorization: <YOUR_SESSION_ID>" \
-H "Content-Type: application/json" \
-d '{"placeId":"place-001","attributeId":"attr-service","score":9,"comment":"Excellent service!"}' \
http://localhost:3001/api/ratings
```
For a complete list of endpoints and their details, please refer to the `docs/DESIGN.md` file.
## 📂 Project Structure
```
.github/
├── workflows/ # GitHub Actions workflows
├── go.mod # Go module dependencies
├── go.sum # Go module checksums
├── db.json # JSON file used for data persistence
├── DESIGN.md # Detailed design document
├── cmd/
│ └── server.go # Main application entry point
├── hack/
│ └── createPlace.sh # Example script for creating a place
├── internal/
│ ├── api/ # HTTP handlers and routing
│ ├── auth/ # Google OAuth logic
│ ├── models/ # Go struct definitions for data models
│ └── store/ # Data access layer (JSON file operations)
└── test/
└── ... # Unit and integration tests
```
## 💡 Future Enhancements
* Transition to a proper database (e.g., PostgreSQL, SQLite).
* Implement more robust session management and JWT refresh tokens.
* Develop a comprehensive frontend application.
* Expand test coverage and CI/CD pipelines.
cmd/server.go
+89
View File
@@ -0,0 +1,89 @@
package main
import (
"fmt"
"net/http"
"os"
"git.pengzhan.dev/noteplace-server/internal/api"
"git.pengzhan.dev/noteplace-server/internal/auth"
"git.pengzhan.dev/noteplace-server/internal/store"
"github.com/gin-gonic/gin"
"github.com/joho/godotenv"
"go.uber.org/zap"
)
func main() {
logger, _ := zap.NewProduction()
defer func() {
_ = logger.Sync()
}() // flushes buffer, if any
zap.ReplaceGlobals(logger)
// Load .env file first
if err := godotenv.Load(); err != nil {
zap.S().Infof("No .env file found, using environment variables")
}
// Initialize the data store
dbPath := "db.json"
s, err := store.New(dbPath)
if err != nil {
zap.S().Fatalf("Failed to initialize store: %v", err)
}
zap.S().Infof("Successfully loaded data from %s", dbPath)
// Setup the HTTP server and register handlers
router := gin.Default()
router.GET("/api/health", func(ctx *gin.Context) {
ctx.JSON(http.StatusOK, gin.H{
"status": "ok",
})
})
placesHandler := &api.PlacesHandler{Store: s}
router.GET("/api/places", placesHandler.HandleGetPlaces)
router.POST("/api/places", api.AuthMiddleware(s), placesHandler.HandleCreatePlace)
router.GET("/api/places/:id", placesHandler.HandleGetPlaceByID)
router.GET("/api/places/:id/ratings", placesHandler.HandleGetPlaceRatings)
router.GET("/api/places/:id/attributes", placesHandler.HandleGetPlaceAttributes)
// Register Auth API routes
authenticator, err := auth.NewAuthenticator()
if err != nil {
zap.S().Fatalf("Failed to initialize authenticator: %v", err)
}
authHandler := &api.AuthHandler{Store: s, Authenticator: authenticator}
router.GET("/api/auth/google/cli/login", authHandler.HandleCliLogin)
router.POST("/api/auth/google/cli/callback", authHandler.HandleCliCallback)
router.GET("/api/auth/user", api.AuthMiddleware(s), authHandler.HandleGetUser)
// Register Attributes API routes
attributesHandler := &api.AttributesHandler{Store: s}
router.POST("/api/attributes", api.AuthMiddleware(s), attributesHandler.HandleCreateAttribute)
// Register Ratings API routes
ratingsHandler := &api.RatingsHandler{Store: s}
router.POST("/api/ratings", api.AuthMiddleware(s), ratingsHandler.HandleCreateRating)
router.PUT("/api/ratings/:id", api.AuthMiddleware(s), ratingsHandler.HandleUpdateRating)
router.DELETE("/api/ratings/:id", api.AuthMiddleware(s), ratingsHandler.HandleDeleteRating)
router.GET("/api/ratings/my-ratings", api.AuthMiddleware(s), ratingsHandler.HandleGetMyRatings)
// Determine port for HTTP service.
ip := os.Getenv("IP")
port := os.Getenv("PORT")
if port == "" {
port = "3001"
}
addr := fmt.Sprintf("%s:%s", ip, port)
zap.S().Infof("starting server and listen to %s", addr)
if err = router.Run(
addr,
); err != nil {
zap.S().Fatalf("failed to start server: %+v", err)
}
}
docs/DESIGN.md
+211
View File
@@ -0,0 +1,211 @@
# NotePlace: Design Document (Go Backend)
## 1. Overview
NotePlace is a web application for rating and commenting on aspects of a place. This document outlines the architecture for a **Go-based backend server**. The primary interaction method for this phase is `curl`, and authentication is handled via a CLI-friendly Google OAuth 2.0 flow.
## 2. Technology Stack
* **Backend:** **Go** (using the Gin web framework for routing and middleware).
* **Database:** **JSON File**. The server reads from and writes to a `db.json` file on startup and after modifications.
* **Authentication:** **Google OAuth 2.0 for Mobile & Desktop Apps**. This flow allows a user to authorize the application in a browser while the CLI waits for confirmation.
## 3. Authentication Flow (CLI-Based)
Since the client is a command-line tool (`curl`), a standard browser redirect is not used. The implemented flow is as follows:
1. **Initiate Login:** The user makes a request to the `/api/auth/google/cli/login` endpoint.
2. **Receive Instructions:** The server responds with a `verification_url` (e.g., `https://www.google.com/device`) and a `user_code` for the user to enter at that URL.
3. **User Authorizes:** The user opens the URL in their browser, logs into their Google account, and enters the `user_code` to grant permission.
4. **Server Polls for Token:** While the user is authorizing, the Go server polls Google's token endpoint.
5. **Authentication Complete:** Once the user grants permission, Google provides the server with an access token. The server then creates a session and returns its ID to the user's initial login request.
6. **Authenticated Requests:** The user includes this session ID directly in the `Authorization` header for all subsequent `curl` requests to protected endpoints (e.g., `Authorization: <YOUR_SESSION_ID>`).
## 4. Data Models (Go Structs)
The data is modeled using Go structs, which are serialized to and from JSON.
```go
package models
type RoleType int
const (
ADMIN RoleType = iota
TRUSTED
USER
)
// User represents an authenticated user.
type User struct {
ID string `json:"id"` // e.g., "user-google-123"
GoogleID string `json:"googleId"`
DisplayName string `json:"displayName"`
Email string `json:"email"`
Role RoleType `json:"role"`
CreatedAt string `json:"createdAt"`
}
type Session struct {
ID string `json:"id"`
UserID string `json:"userId"`
CreatedAt string `json:"createdAt"`
UpdatedAt string `json:"updatedAt"`
}
// Place represents a physical location.
type Place struct {
ID string `json:"id"` // e.g., "place-001"
Name string `json:"name"`
Category string `json:"category"` // e.g., "Restaurant"
Address Address `json:"address"`
CreatedAt string `json:"createdAt"`
}
// Address is a sub-struct for Place.
type Address struct {
Street string `json:"street"`
City string `json:"city"`
State string `json:"state"`
Zip string `json:"zip"`
Country string `json:"country"`
}
type Category struct {
ID string `json:"category"`
Name string `json:"name"`
}
type ScopeType int
const (
CATEGORY ScopeType = iota
PLACE
)
// Attribute defines a "thing" that can be rated, with a specific scope.
type Attribute struct {
ID string `json:"id"`
Name string `json:"name"`
Scope ScopeType `json:"scope"`
OwnerID string `json:"ownerID,omitempty"`
Description string `json:"description,omitempty"`
Attachment string `json:"attachment,omitempty"`
}
// Rating is the central record linking a user, place, and attribute.
type Rating struct {
ID string `json:"id"`
PlaceID string `json:"placeId"`
AttributeID string `json:"attributeId"`
UserID string `json:"userId"`
Score int `json:"score"` // 1-10
Comment string `json:"comment,omitempty"`
CreatedAt string `json:"createdAt"`
}
```
## 5. API Endpoints with `curl` Examples
All routes are prefixed with `/api`. Authenticated routes require a token passed in the header: `Authorization: <YOUR_TOKEN>`.
---
### **Auth**
* **`GET /api/auth/google/cli/login`**
* Description: Starts the CLI login process.
* `curl http://localhost:3001/api/auth/google/cli/login`
* **`POST /api/auth/logout`**
* Description: Logs the user out (invalidates the token).
* `curl -X POST -H "Authorization: <YOUR_TOKEN>" http://localhost:3001/api/auth/logout`
---
### **Places**
* **`GET /api/places`**
* Description: Get a list of all places.
* `curl http://localhost:3001/api/places`
* **`POST /api/places`**
* Description: Create a new place.
* `curl -X POST -H "Authorization: <YOUR_TOKEN>" -H "Content-Type: application/json" -d '{"name":"The Grand Restaurant","category":"Restaurant","address":{"street":"123 Main St","city":"Anytown","state":"CA","zip":"12345","country":"USA"}}' http://localhost:3001/api/places`
* **`GET /api/places/:id`**
* Description: Get details for a single place.
* `curl http://localhost:3001/api/places/place-001`
* **`GET /api/places/:id/ratings`**
* Description: Get all ratings for a specific place.
* `curl http://localhost:3001/api/places/place-001/ratings`
* **`GET /api/places/:id/attributes`**
* Description: Get relevant attributes for a place.
* `curl http://localhost:3001/api/places/place-001/attributes`
---
### **Ratings**
* **`POST /api/ratings`**
* Description: Create a new rating.
* `curl -X POST -H "Authorization: <YOUR_TOKEN>" -H "Content-Type: application/json" -d '{"placeId":"place-001","attributeId":"attr-service","score":9,"comment":"Excellent service!"}' http://localhost:3001/api/ratings`
* **`PUT /api/ratings/:id`**
* Description: Update a rating.
* `curl -X PUT -H "Authorization: <YOUR_TOKEN>" -H "Content-Type: application/json" -d '{"score":10,"comment":"Truly the best!"}' http://localhost:3001/api/ratings/rating-12345`
* **`DELETE /api/ratings/:id`**
* Description: Delete a rating.
* `curl -X DELETE -H "Authorization: <YOUR_TOKEN>" http://localhost:3001/api/ratings/rating-12345`
* **`GET /api/ratings/my-ratings`**
* Description: Get all ratings for the current user.
* `curl -H "Authorization: <YOUR_TOKEN>" http://localhost:3001/api/ratings/my-ratings`
---
### **Attributes**
* **`POST /api/attributes`**
* Description: Create a new attribute.
* `curl -X POST -H "Authorization: <YOUR_TOKEN>" -H "Content-Type: application/json" -d '{"name":"Cleanliness","scope":"COMMON","placeCategory":"Restaurant"}' http://localhost:3001/api/attributes`
## 6. Project Structure (Go)
```
/noteplace
├── go.mod
├── go.sum
├── db.json
├── DESIGN.md
├── start_server.sh
├── stop_server.sh
├── cmd/
│ └── server.go # Main application entry point
├── hack/
│ └── createPlace.sh
├── internal/
│ ├── api/ # HTTP handlers and routing
│ ├── auth/ # Google OAuth logic
│ ├── models/ # Go struct definitions
│ ├── store/ # Data access logic (reading/writing db.json)
│ └── test/
│ ├── api_attributes_test.go
│ ├── api_places_test.go
│ ├── api_test.go
│ ├── store_test.go
│ └── test_utils.go
```
## 7. Future Enhancements
1. **Enhanced Authentication:** Implement JWT refresh tokens and more robust session management.
2. **Database Migration:** Transition from JSON file to a proper database (e.g., PostgreSQL, SQLite) for better scalability and data integrity.
3. **User Roles and Permissions:** Implement a more granular role-based access control system.
4. **Error Handling:** Improve API error responses for better client-side handling.
5. **Testing:** Expand unit and integration test coverage for all API endpoints and business logic.
6. **Frontend Integration:** Develop a web or mobile frontend to interact with the API.
7. **Deployment Automation:** Set up CI/CD pipelines for automated testing and deployment.
go.mod
+45
View File
@@ -0,0 +1,45 @@
module git.pengzhan.dev/noteplace-server
go 1.25.1
require (
github.com/gin-gonic/gin v1.10.1
github.com/google/uuid v1.6.0
github.com/joho/godotenv v1.5.1
github.com/stretchr/testify v1.9.0
go.uber.org/zap v1.27.0
golang.org/x/oauth2 v0.31.0
)
require (
cloud.google.com/go/compute/metadata v0.3.0 // indirect
github.com/bytedance/sonic v1.11.6 // indirect
github.com/bytedance/sonic/loader v0.1.1 // indirect
github.com/cloudwego/base64x v0.1.4 // indirect
github.com/cloudwego/iasm v0.2.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/gabriel-vasile/mimetype v1.4.3 // indirect
github.com/gin-contrib/sse v0.1.0 // indirect
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/go-playground/validator/v10 v10.20.0 // indirect
github.com/goccy/go-json v0.10.2 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/cpuid/v2 v2.2.7 // indirect
github.com/leodido/go-urn v1.4.0 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
github.com/ugorji/go/codec v1.2.12 // indirect
go.uber.org/multierr v1.10.0 // indirect
golang.org/x/arch v0.8.0 // indirect
golang.org/x/crypto v0.23.0 // indirect
golang.org/x/net v0.25.0 // indirect
golang.org/x/sys v0.20.0 // indirect
golang.org/x/text v0.15.0 // indirect
google.golang.org/protobuf v1.34.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
go.sum
+103
View File
@@ -0,0 +1,103 @@
cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0=
github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ=
github.com/gin-gonic/gin v1.10.1/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8=
github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo=
golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
hack/createPlace.sh
+16
View File
@@ -0,0 +1,16 @@
echo $STOKEN
curl -X POST \
-H "Authorization: $STOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "My Awesome New Place",
"category": "Restaurant",
"address": {
"street": "456 Oak Ave",
"city": "Newtown",
"state": "NY",
"zip": "10001",
"country": "USA"
}
}' \
http://localhost:3001/api/places
internal/api/attributes.go
+72
View File
@@ -0,0 +1,72 @@
package api
import (
"net/http"
"git.pengzhan.dev/noteplace-server/internal/models"
"git.pengzhan.dev/noteplace-server/internal/store"
"github.com/gin-gonic/gin"
"github.com/google/uuid"
)
// AttributesHandler handles HTTP requests for attributes.
type AttributesHandler struct {
Store *store.Store
}
// HandleCreateAttribute creates a new attribute.
func (h *AttributesHandler) HandleCreateAttribute(c *gin.Context) {
var newAttr models.Attribute
if err := c.ShouldBindJSON(&newAttr); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request body"})
return
}
// --- Validation ---
user, exists := c.Get("user")
if !exists {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized: User not found in context"})
return
}
if user.(models.User).Role > models.TRUSTED {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized: User not allowed to perform this action"})
return
}
if newAttr.Name == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": "Name is a required field"})
return
}
switch newAttr.Scope {
case models.CATEGORY:
if newAttr.OwnerID == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": "OwnerID (PlaceCategory) is required for CATEGORY attributes"})
return
}
case models.PLACE:
if newAttr.OwnerID == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": "OwnerID (PlaceID) is required for PLACE attributes"})
return
}
if _, found := h.Store.GetPlaceByID(newAttr.OwnerID); !found {
c.JSON(http.StatusBadRequest, gin.H{"error": "OwnerID (PlaceID) does not refer to a valid place"})
return
}
default:
c.JSON(http.StatusBadRequest, gin.H{"error": "Scope must be either CATEGORY or PLACE"})
return
}
newAttr.ID = "attr-" + uuid.New().String()
// UserID for attribute creation is not specified in DESIGN.md, assuming it's not directly linked to the creator for now.
if err := h.Store.CreateAttribute(newAttr); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to save attribute"})
return
}
c.JSON(http.StatusCreated, newAttr)
}
internal/api/auth.go
+89
View File
@@ -0,0 +1,89 @@
package api
import (
"log"
"net/http"
"time"
"git.pengzhan.dev/noteplace-server/internal/auth"
"git.pengzhan.dev/noteplace-server/internal/models"
"git.pengzhan.dev/noteplace-server/internal/store"
"github.com/gin-gonic/gin"
"github.com/google/uuid"
)
// AuthHandler handles the authentication API endpoints.
type AuthHandler struct {
Store *store.Store
Authenticator *auth.Authenticator
}
// HandleCliLogin provides the user with the URL to start the auth process.
func (h *AuthHandler) HandleCliLogin(c *gin.Context) {
authURL := h.Authenticator.GetAuthURL()
response := gin.H{
"message": `Please open the following URL in your browser to authorize the application.\nAfter authorizing, Google will provide a code. Paste it here to complete the login.\nExample: curl -X POST -d '{\"code\":\"YOUR_CODE_HERE\"}' http://localhost:3001/api/auth/google/cli/callback`,
"url": authURL,
}
c.JSON(http.StatusOK, response)
}
// HandleCliCallback exchanges the code for a token and creates a session.
func (h *AuthHandler) HandleCliCallback(c *gin.Context) {
var reqBody struct {
Code string `json:"code"`
}
if err := c.ShouldBindJSON(&reqBody); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request body"})
return
}
token, err := h.Authenticator.ExchangeCodeForToken(reqBody.Code)
if err != nil {
log.Printf("Failed to exchange code for token: %v", err)
c.JSON(http.StatusUnauthorized, gin.H{"error": "Failed to validate code"})
return
}
userInfo, err := h.Authenticator.GetUserInfo(token)
if err != nil {
log.Printf("Failed to get user info: %v", err)
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get user info from Google"})
return
}
// --- User and Session Logic ---
user, found := h.Store.GetUserByGoogleID(userInfo.GoogleID)
if !found {
userInfo.ID = "user-" + uuid.New().String()
userInfo.CreatedAt = time.Now().UTC().Format(time.RFC3339)
if err := h.Store.CreateUser(userInfo); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create user"})
return
}
user = userInfo
}
// Create a new session and save it to the store
sessionID := "session-" + uuid.New().String()
now := time.Now().UTC().Format(time.RFC3339)
newSession := models.Session{
ID: sessionID,
UserID: user.ID,
CreatedAt: now,
UpdatedAt: now,
}
if err := h.Store.CreateSession(newSession); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create session"})
return
}
c.JSON(http.StatusOK, gin.H{"message": "Login successful!", "session_token": newSession.ID})
}
// HandleGetUser returns the current user based on the session token.
func (h *AuthHandler) HandleGetUser(c *gin.Context) {
user := c.MustGet("user").(models.User)
c.JSON(http.StatusOK, user)
}
internal/api/middleware.go
+48
View File
@@ -0,0 +1,48 @@
package api
import (
"net/http"
"git.pengzhan.dev/noteplace-server/internal/store"
"github.com/gin-gonic/gin"
)
// AuthMiddleware is a Gin middleware for authentication.
func AuthMiddleware(s *store.Store) gin.HandlerFunc {
return func(c *gin.Context) {
authHeader := c.GetHeader("Authorization")
if authHeader == "" {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Authorization header required"})
c.Abort()
return
}
sessionToken := authHeader
// Assuming the token is directly the session token, not "Bearer <token>"
// If it's "Bearer <token>", you'd need to parse it:
// parts := strings.Split(authHeader, " ")
// if len(parts) != 2 || parts[0] != "Bearer" {
// c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid Authorization header format"})
// c.Abort()
// return
// }
// sessionToken = parts[1]
session, found := s.GetSessionBySessionID(sessionToken)
if !found {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid or expired session token"})
c.Abort()
return
}
user, found := s.GetUserByID(session.UserID)
if !found {
c.JSON(http.StatusUnauthorized, gin.H{"error": "User not found"})
c.Abort()
return
}
c.Set("user", user)
c.Next()
}
}
internal/api/places.go
+94
View File
@@ -0,0 +1,94 @@
package api
import (
"net/http"
"time"
"git.pengzhan.dev/noteplace-server/internal/models"
"git.pengzhan.dev/noteplace-server/internal/store"
"github.com/gin-gonic/gin"
"github.com/google/uuid"
)
// PlacesHandler handles HTTP requests for places.
type PlacesHandler struct {
Store *store.Store
}
// HandleGetPlaces returns a list of all places.
func (h *PlacesHandler) HandleGetPlaces(c *gin.Context) {
h.Store.Mu.RLock()
defer h.Store.Mu.RUnlock()
places := h.Store.Data.Places
c.JSON(http.StatusOK, places)
}
// HandleCreatePlace creates a new place.
func (h *PlacesHandler) HandleCreatePlace(c *gin.Context) {
var newPlace models.Place
if err := c.ShouldBindJSON(&newPlace); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request body"})
return
}
if newPlace.Name == "" || newPlace.Category == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": "Name and Category are required fields"})
return
}
newPlace.ID = "place-" + uuid.New().String()
newPlace.CreatedAt = time.Now().UTC().Format(time.RFC3339)
// Extract UserID from context after authentication middleware
user, exists := c.Get("user")
if !exists {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized: User not found in context"})
return
}
if user.(models.User).Role > models.TRUSTED {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized: User not allowed to perform this action"})
return
}
if err := h.Store.CreatePlace(newPlace); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to save place"})
return
}
c.JSON(http.StatusCreated, newPlace)
}
// HandleGetPlaceByID returns a single place by its ID.
func (h *PlacesHandler) HandleGetPlaceByID(c *gin.Context) {
id := c.Param("id")
place, found := h.Store.GetPlaceByID(id)
if !found {
c.JSON(http.StatusNotFound, gin.H{"error": "Place not found"})
return
}
c.JSON(http.StatusOK, place)
}
// HandleGetPlaceRatings returns all ratings for a specific place.
func (h *PlacesHandler) HandleGetPlaceRatings(c *gin.Context) {
placeID := c.Param("id")
if _, found := h.Store.GetPlaceByID(placeID); !found {
c.JSON(http.StatusNotFound, gin.H{"error": "Place not found"})
return
}
ratings := h.Store.GetRatingsByPlaceID(placeID)
c.JSON(http.StatusOK, ratings)
}
// HandleGetPlaceAttributes returns all relevant attributes for a specific place.
func (h *PlacesHandler) HandleGetPlaceAttributes(c *gin.Context) {
placeID := c.Param("id")
place, found := h.Store.GetPlaceByID(placeID)
if !found {
c.JSON(http.StatusNotFound, gin.H{"error": "Place not found"})
return
}
attributes := h.Store.GetAttributesByPlace(place)
c.JSON(http.StatusOK, attributes)
}
internal/api/ratings.go
+124
View File
@@ -0,0 +1,124 @@
package api
import (
"net/http"
"time"
"git.pengzhan.dev/noteplace-server/internal/models"
"git.pengzhan.dev/noteplace-server/internal/store"
"github.com/gin-gonic/gin"
"github.com/google/uuid"
)
// RatingsHandler handles HTTP requests for ratings.
type RatingsHandler struct {
Store *store.Store
}
// HandleCreateRating creates a new rating.
func (h *RatingsHandler) HandleCreateRating(c *gin.Context) {
user, exists := c.Get("user")
if !exists {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized: User not found in context"})
return
}
var newRating models.Rating
if err := c.ShouldBindJSON(&newRating); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request body"})
return
}
if newRating.PlaceID == "" || newRating.AttributeID == "" || newRating.Score < 1 || newRating.Score > 10 {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid input: PlaceID, AttributeID, and Score (1-10) are required"})
return
}
newRating.ID = "rating-" + uuid.New().String()
newRating.CreatedAt = time.Now().UTC().Format(time.RFC3339)
newRating.UserID = user.(models.User).ID
if err := h.Store.CreateRating(newRating); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to save rating"})
return
}
c.JSON(http.StatusCreated, newRating)
}
// HandleUpdateRating updates an existing rating.
func (h *RatingsHandler) HandleUpdateRating(c *gin.Context) {
user, exists := c.Get("user")
if !exists {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized: User not found in context"})
return
}
id := c.Param("id")
var reqBody struct {
Score int `json:"score"`
Comment string `json:"comment"`
}
if err := c.ShouldBindJSON(&reqBody); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request body"})
return
}
if reqBody.Score < 1 || reqBody.Score > 10 {
c.JSON(http.StatusBadRequest, gin.H{"error": "Score must be between 1 and 10"})
return
}
rating, found := h.Store.GetRatingByID(id)
if !found {
c.JSON(http.StatusNotFound, gin.H{"error": "Rating not found"})
return
}
if rating.UserID != user.(models.User).ID {
c.JSON(http.StatusForbidden, gin.H{"error": "Forbidden: You can only update your own ratings"})
return
}
updatedRating, found := h.Store.UpdateRating(id, reqBody.Score, reqBody.Comment)
if !found {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to update rating"})
return
}
c.JSON(http.StatusOK, updatedRating)
}
// HandleDeleteRating deletes a rating.
func (h *RatingsHandler) HandleDeleteRating(c *gin.Context) {
user, exists := c.Get("user")
if !exists {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized: User not found in context"})
return
}
id := c.Param("id")
rating, found := h.Store.GetRatingByID(id)
if !found {
c.JSON(http.StatusNotFound, gin.H{"error": "Rating not found"})
return
}
if rating.UserID != user.(models.User).ID {
c.JSON(http.StatusForbidden, gin.H{"error": "Forbidden: You can only delete your own ratings"})
return
}
if !h.Store.DeleteRating(id) {
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to delete rating"})
return
}
c.Status(http.StatusNoContent)
}
// HandleGetMyRatings gets all ratings for the current user.
func (h *RatingsHandler) HandleGetMyRatings(c *gin.Context) {
user, exists := c.Get("user")
if !exists {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized: User not found in context"})
return
}
ratings := h.Store.GetRatingsByUserID(user.(models.User).ID)
c.JSON(http.StatusOK, ratings)
}
internal/auth/google.go
+83
View File
@@ -0,0 +1,83 @@
package auth
import (
"context"
"encoding/json"
"fmt"
"log"
"os"
"git.pengzhan.dev/noteplace-server/internal/models"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
)
// Authenticator handles the OAuth2 flow.
type Authenticator struct {
Config *oauth2.Config
}
// NewAuthenticator creates a new Authenticator.
// It requires GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET environment variables.
func NewAuthenticator() (*Authenticator, error) {
clientID := os.Getenv("GOOGLE_CLIENT_ID")
clientSecret := os.Getenv("GOOGLE_CLIENT_SECRET")
if clientID == "" || clientSecret == "" {
return nil, fmt.Errorf("GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET must be set")
}
config := &oauth2.Config{
ClientID: clientID,
ClientSecret: clientSecret,
RedirectURL: "urn:ietf:wg:oauth:2.0:oob", // Special redirect URI for desktop/CLI apps
Scopes: []string{"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile"},
Endpoint: google.Endpoint,
}
return &Authenticator{Config: config}, nil
}
// GetAuthURL generates the URL the user must visit to authorize the application.
func (a *Authenticator) GetAuthURL() string {
// We don't need a state for this simple CLI flow, but it's good practice for web apps.
return a.Config.AuthCodeURL("state-token", oauth2.AccessTypeOffline)
}
// ExchangeCodeForToken takes an authorization code and exchanges it for a token.
func (a *Authenticator) ExchangeCodeForToken(code string) (*oauth2.Token, error) {
return a.Config.Exchange(context.Background(), code)
}
// GetUserInfo uses the token to fetch the user's profile from Google.
func (a *Authenticator) GetUserInfo(token *oauth2.Token) (models.User, error) {
client := a.Config.Client(context.Background(), token)
resp, err := client.Get("https://www.googleapis.com/oauth2/v2/userinfo")
if err != nil {
return models.User{}, err
}
defer func() {
_ = resp.Body.Close()
}()
var userInfo struct {
ID string `json:"id"`
Email string `json:"email"`
Name string `json:"name"`
}
if err := json.NewDecoder(resp.Body).Decode(&userInfo); err != nil {
return models.User{}, err
}
log.Printf("Fetched user info from Google: ID=%s, Name=%s", userInfo.ID, userInfo.Name)
// We create a new User model from the Google info.
user := models.User{
GoogleID: userInfo.ID,
DisplayName: userInfo.Name,
Email: userInfo.Email,
}
return user, nil
}
internal/models/models.go
+77
View File
@@ -0,0 +1,77 @@
package models
type RoleType int
const (
ADMIN RoleType = iota
TRUSTED
USER
)
// User represents an authenticated user.
type User struct {
ID string `json:"id"` // e.g., "user-google-123"
GoogleID string `json:"googleId"`
DisplayName string `json:"displayName"`
Email string `json:"email"`
Role RoleType `json:"role"`
CreatedAt string `json:"createdAt"`
}
type Session struct {
ID string `json:"id"`
UserID string `json:"userId"`
CreatedAt string `json:"createdAt"`
UpdatedAt string `json:"updatedAt"`
}
// Place represents a physical location.
type Place struct {
ID string `json:"id"` // e.g., "place-001"
Name string `json:"name"`
Category string `json:"category"` // e.g., "Restaurant"
Address Address `json:"address"`
CreatedAt string `json:"createdAt"`
}
// Address is a sub-struct for Place.
type Address struct {
Street string `json:"street"`
City string `json:"city"`
State string `json:"state"`
Zip string `json:"zip"`
Country string `json:"country"`
}
type Category struct {
ID string `json:"category"`
Name string `json:"name"`
}
type ScopeType int
const (
CATEGORY ScopeType = iota
PLACE
)
// Attribute defines a "thing" that can be rated, with a specific scope.
type Attribute struct {
ID string `json:"id"`
Name string `json:"name"`
Scope ScopeType `json:"scope"`
OwnerID string `json:"ownerID,omitempty"`
Description string `json:"description,omitempty"`
Attachment string `json:"attachment,omitempty"`
}
// Rating is the central record linking a user, place, and attribute.
type Rating struct {
ID string `json:"id"`
PlaceID string `json:"placeId"`
AttributeID string `json:"attributeId"`
UserID string `json:"userId"`
Score int `json:"score"` // 1-10
Comment string `json:"comment,omitempty"`
CreatedAt string `json:"createdAt"`
}
internal/store/attribute.go
+11
View File
@@ -0,0 +1,11 @@
package store
import "git.pengzhan.dev/noteplace-server/internal/models"
func (s *Store) CreateAttribute(attr models.Attribute) error {
s.Mu.Lock()
defer s.Mu.Unlock()
s.Data.Attributes[attr.ID] = attr
return s.save()
}
internal/store/place.go
+49
View File
@@ -0,0 +1,49 @@
package store
import "git.pengzhan.dev/noteplace-server/internal/models"
// CreatePlace adds a new place to the store and saves it.
func (s *Store) CreatePlace(place models.Place) error {
s.Mu.Lock()
defer s.Mu.Unlock()
s.Data.Places[place.ID] = place
return s.save() // Use an unexported save for internal consistency
}
// GetPlaceByID finds a place by its ID.
func (s *Store) GetPlaceByID(id string) (models.Place, bool) {
s.Mu.RLock()
defer s.Mu.RUnlock()
p, ok := s.Data.Places[id]
return p, ok
}
// GetRatingsByPlaceID finds all ratings for a given place ID.
func (s *Store) GetRatingsByPlaceID(placeID string) []models.Rating {
s.Mu.RLock()
defer s.Mu.RUnlock()
var results []models.Rating
for _, r := range s.Data.Ratings {
if r.PlaceID == placeID {
results = append(results, r)
}
}
return results
}
// GetAttributesByPlace finds all relevant attributes for a given place.
func (s *Store) GetAttributesByPlace(place models.Place) []models.Attribute {
s.Mu.RLock()
defer s.Mu.RUnlock()
var results []models.Attribute
for _, val := range s.Data.Attributes {
if val.Scope == models.CATEGORY && place.Category == val.OwnerID {
results = append(results, val)
}
if val.Scope == models.PLACE && place.ID == val.OwnerID {
results = append(results, val)
}
}
return results
}
internal/store/rating.go
+66
View File
@@ -0,0 +1,66 @@
package store
import "git.pengzhan.dev/noteplace-server/internal/models"
// CreateRating adds a new rating to the store.
func (s *Store) CreateRating(rating models.Rating) error {
s.Mu.Lock()
defer s.Mu.Unlock()
s.Data.Ratings[rating.ID] = rating
return s.save()
}
// GetRatingByID finds a rating by its ID.
func (s *Store) GetRatingByID(id string) (models.Rating, bool) {
s.Mu.RLock()
defer s.Mu.RUnlock()
r, ok := s.Data.Ratings[id]
return r, ok
}
// UpdateRating finds a rating by ID and updates its score and comment.
func (s *Store) UpdateRating(id string, score int, comment string) (models.Rating, bool) {
s.Mu.Lock()
defer s.Mu.Unlock()
or, ok := s.Data.Ratings[id]
if !ok {
return models.Rating{}, false
}
s.Data.Ratings[id] = models.Rating{
ID: id,
PlaceID: or.PlaceID,
AttributeID: or.AttributeID,
UserID: or.UserID,
Score: score,
Comment: comment,
CreatedAt: or.CreatedAt,
}
if err := s.save(); err != nil {
return models.Rating{}, false
}
return s.Data.Ratings[id], true
}
// DeleteRating removes a rating from the store by its ID.
func (s *Store) DeleteRating(id string) bool {
s.Mu.Lock()
defer s.Mu.Unlock()
delete(s.Data.Ratings, id)
if err := s.save(); err != nil {
return false
}
return true
}
// GetRatingsByUserID finds all ratings for a given user ID.
func (s *Store) GetRatingsByUserID(userID string) []models.Rating {
s.Mu.RLock()
defer s.Mu.RUnlock()
var results []models.Rating
for _, r := range s.Data.Ratings {
if r.UserID == userID {
results = append(results, r)
}
}
return results
}
internal/store/session.go
+26
View File
@@ -0,0 +1,26 @@
package store
import "git.pengzhan.dev/noteplace-server/internal/models"
func (s *Store) CreateSession(session models.Session) error {
s.Mu.Lock()
defer s.Mu.Unlock()
s.Data.Sessions[session.ID] = session
return s.save()
}
// GetSessionByUserID finds a session by its ID.
func (s *Store) GetSessionBySessionID(sessionID string) (models.Session, bool) {
s.Mu.RLock()
defer s.Mu.RUnlock()
se, ok := s.Data.Sessions[sessionID]
return se, ok
}
// DeleteSession removes a session from the store.
func (s *Store) DeleteSession(sessionID string) error {
s.Mu.Lock()
defer s.Mu.Unlock()
delete(s.Data.Sessions, sessionID)
return s.save()
}
internal/store/store.go
+82
View File
@@ -0,0 +1,82 @@
package store
import (
"encoding/json"
"os"
"sync"
"git.pengzhan.dev/noteplace-server/internal/models"
)
// DB represents the structure of the entire JSON database.
type DB struct {
Users map[string]models.User `json:"users"`
Sessions map[string]models.Session `json:"sessions"`
Places map[string]models.Place `json:"places"`
Addresses map[string]models.Address `json:"addresses"`
Categories map[string]models.Category `json:"categories"`
Attributes map[string]models.Attribute `json:"attributes"`
Ratings map[string]models.Rating `json:"ratings"`
}
// Store manages the in-memory data and provides safe access.
type Store struct {
Mu sync.RWMutex
path string
Data *DB
}
// New creates and initializes a new Store.
func New(path string) (*Store, error) {
s := &Store{
path: path,
Data: &DB{},
}
if err := s.load(); err != nil {
return nil, err
}
return s, nil
}
// load reads the database file from disk into the Store.
func (s *Store) load() error {
s.Mu.Lock()
defer s.Mu.Unlock()
file, err := os.ReadFile(s.path)
if err != nil {
// If the file doesn't exist, we can assume an empty database.
if os.IsNotExist(err) {
s.Data = &DB{
Users: map[string]models.User{},
Sessions: map[string]models.Session{},
Places: map[string]models.Place{},
Addresses: map[string]models.Address{},
Categories: map[string]models.Category{},
Attributes: map[string]models.Attribute{},
Ratings: map[string]models.Rating{},
}
return nil
}
return err
}
return json.Unmarshal(file, s.Data)
}
// Save writes the current in-memory data back to the JSON file.
func (s *Store) Save() error {
s.Mu.RLock()
defer s.Mu.RUnlock()
data, err := json.MarshalIndent(s.Data, "", " ")
if err != nil {
return err
}
return os.WriteFile(s.path, data, 0644)
}
// CreateSession adds a new session to the store.
internal/store/store_test.go
+572
View File
@@ -0,0 +1,572 @@
package store
import (
"encoding/json"
"os"
"path/filepath"
"reflect"
"testing"
"git.pengzhan.dev/noteplace-server/internal/models"
)
// setupTestStore creates a temporary JSON file and a new Store instance for testing.
// It returns the Store, the path to the temporary file, and a cleanup function.
func setupTestStore(t *testing.T, initialData *DB) (*Store, string, func()) {
tempDir, err := os.MkdirTemp("", "noteplace_test_")
if err != nil {
t.Fatalf("Failed to create temp dir: %v", err)
}
tempFilePath := filepath.Join(tempDir, "test_db.json")
if initialData != nil {
data, err := json.MarshalIndent(initialData, "", " ")
if err != nil {
t.Fatalf("Failed to marshal initial data: %v", err)
}
if err := os.WriteFile(tempFilePath, data, 0644); err != nil {
t.Fatalf("Failed to write initial data to temp file: %v", err)
}
}
store, err := New(tempFilePath)
if err != nil {
t.Fatalf("Failed to create new store: %v", err)
}
cleanup := func() {
_ = os.RemoveAll(tempDir)
}
return store, tempFilePath, cleanup
}
// func TestNew(t *testing.T) {
// t.Run("creates new store with empty file", func(t *testing.T) {
// _, tempFilePath, cleanup := setupTestStore(t, nil)
// defer cleanup()
// store, err := New(tempFilePath)
// if err != nil {
// t.Fatalf("New() error = %v, wantErr %v", err, nil)
// }
// if store == nil {
// t.Fatal("New() returned nil store")
// }
// if store.Data == nil {
// t.Fatal("New() store.Data is nil")
// }
// if len(store.Data.Users) != 0 || len(store.Data.Places) != 0 || len(store.Data.Attributes) != 0 || len(store.Data.Ratings) != 0 {
// t.Errorf("New() store.Data not empty for new file, got %+v", store.Data)
// }
// })
// t.Run("loads existing data from file", func(t *testing.T) {
// initialUser := models.User{ID: "user1", GoogleID: "google1", DisplayName: "Test User"}
// initialDB := &DB{Users: []models.User{initialUser}}
// store, _, cleanup := setupTestStore(t, initialDB)
// defer cleanup()
// if len(store.Data.Users) != 1 || store.Data.Users[0].ID != initialUser.ID {
// t.Errorf("New() did not load initial user, got %+v", store.Data.Users)
// }
// })
// t.Run("returns error for invalid file path", func(t *testing.T) {
// // Attempt to create a store with a path that's likely to cause permission issues
// store, err := New("/nonexistent/path/to/db.json")
// if err == nil {
// t.Fatal("New() did not return error for invalid path")
// }
// if store != nil {
// t.Fatal("New() returned non-nil store for invalid path")
// }
// })
// }
// func TestLoad(t *testing.T) {
// t.Run("loads data from valid JSON file", func(t *testing.T) {
// initialUser := models.User{ID: "user1", GoogleID: "google1", DisplayName: "Test User"}
// initialDB := &DB{Users: []models.User{initialUser}}
// store, tempFilePath, cleanup := setupTestStore(t, initialDB)
// defer cleanup()
// // Clear store data to ensure load actually reloads
// store.Data = &DB{}
// if err := store.load(); err != nil {
// t.Fatalf("load() error = %v", err)
// }
// if len(store.Data.Users) != 1 || store.Data.Users[0].ID != initialUser.ID {
// t.Errorf("load() did not load expected user, got %+v", store.Data.Users)
// }
// })
// t.Run("initializes empty DB if file does not exist", func(t *testing.T) {
// tempDir, err := ioutil.TempDir("", "noteplace_test_")
// if err != nil {
// t.Fatalf("Failed to create temp dir: %v", err)
// }
// tempFilePath := filepath.Join(tempDir, "non_existent_db.json")
// defer os.RemoveAll(tempDir)
// store := &Store{path: tempFilePath, Data: &DB{}}
// if err := store.load(); err != nil {
// t.Fatalf("load() error for non-existent file = %v", err)
// }
// if len(store.Data.Users) != 0 || len(store.Data.Places) != 0 || len(store.Data.Attributes) != 0 || len(store.Data.Ratings) != 0 {
// t.Errorf("load() did not initialize empty DB for non-existent file, got %+v", store.Data)
// }
// })
// t.Run("returns error for invalid JSON file", func(t *testing.T) {
// tempDir, err := ioutil.TempDir("", "noteplace_test_")
// if err != nil {
// t.Fatalf("Failed to create temp dir: %v", err)
// }
// tempFilePath := filepath.Join(tempDir, "invalid_db.json")
// defer os.RemoveAll(tempDir)
// if err := ioutil.WriteFile(tempFilePath, []byte("{invalid json"), 0644); err != nil {
// t.Fatalf("Failed to write invalid JSON to temp file: %v", err)
// }
// store := &Store{path: tempFilePath, Data: &DB{}}
// if err := store.load(); err == nil {
// t.Fatal("load() did not return error for invalid JSON")
// }
// })
// }
// func TestSave(t *testing.T) {
// t.Run("saves current data to file", func(t *testing.T) {
// store, tempFilePath, cleanup := setupTestStore(t, nil)
// defer cleanup()
// testUser := models.User{ID: "user1", GoogleID: "google1", Name: "Test User"}
// store.Data.Users = append(store.Data.Users, testUser)
// if err := store.Save(); err != nil {
// t.Fatalf("Save() error = %v", err)
// }
// // Verify content of the file
// fileContent, err := ioutil.ReadFile(tempFilePath)
// if err != nil {
// t.Fatalf("Failed to read saved file: %v", err)
// }
// var loadedDB DB
// if err := json.Unmarshal(fileContent, &loadedDB); err != nil {
// t.Fatalf("Failed to unmarshal saved file content: %v", err)
// }
// if len(loadedDB.Users) != 1 || loadedDB.Users[0].ID != testUser.ID {
// t.Errorf("Save() did not save expected user, got %+v", loadedDB.Users)
// }
// })
// t.Run("returns error if file cannot be written", func(t *testing.T) {
// // Create a read-only directory to simulate unwritable path
// tempDir, err := ioutil.TempDir("", "noteplace_test_")
// if err != nil {
// t.Fatalf("Failed to create temp dir: %v", err)
// }
// defer os.RemoveAll(tempDir)
// readOnlyFilePath := filepath.Join(tempDir, "read_only_db.json")
// // Make the directory read-only
// if err := os.Chmod(tempDir, 0444); err != nil {
// t.Fatalf("Failed to chmod temp dir: %v", err)
// }
// store := &Store{path: readOnlyFilePath, Data: &DB{}}
// store.Data.Users = append(store.Data.Users, models.User{ID: "user1"})
// if err := store.Save(); err == nil {
// t.Fatal("Save() did not return error for unwritable path")
// }
// // Change permissions back to allow cleanup
// os.Chmod(tempDir, 0755)
// })
// }
// func TestCreatePlace(t *testing.T) {
// store, _, cleanup := setupTestStore(t, nil)
// defer cleanup()
// place := models.Place{ID: "place1", Name: "Test Place", Category: "Restaurant"}
// err := store.CreatePlace(place)
// if err != nil {
// t.Fatalf("CreatePlace() error = %v", err)
// }
// if len(store.Data.Places) != 1 || store.Data.Places[0].ID != place.ID {
// t.Errorf("CreatePlace() did not add place, got %+v", store.Data.Places)
// }
// // Verify it's saved to disk
// reloadedStore, err := New(store.path)
// if err != nil {
// t.Fatalf("Failed to reload store: %v", err)
// }
// if len(reloadedStore.Data.Places) != 1 || reloadedStore.Data.Places[0].ID != place.ID {
// t.Errorf("CreatePlace() did not save place to disk, got %+v", reloadedStore.Data.Places)
// }
// }
// func TestGetPlaceByID(t *testing.T) {
// initialPlace := models.Place{ID: "place1", Name: "Test Place"}
// initialDB := &DB{Places: []models.Place{initialPlace}}
// store, _, cleanup := setupTestStore(t, initialDB)
// defer cleanup()
// t.Run("finds existing place", func(t *testing.T) {
// foundPlace, found := store.GetPlaceByID("place1")
// if !found {
// t.Fatal("GetPlaceByID() did not find existing place")
// }
// if foundPlace.ID != initialPlace.ID {
// t.Errorf("GetPlaceByID() got place %+v, want %+v", foundPlace, initialPlace)
// }
// })
// t.Run("does not find non-existent place", func(t *testing.T) {
// _, found := store.GetPlaceByID("nonexistent")
// if found {
// t.Fatal("GetPlaceByID() found non-existent place")
// }
// })
// }
// func TestGetRatingsByPlaceID(t *testing.T) {
// rating1 := models.Rating{ID: "r1", PlaceID: "place1", UserID: "u1", Score: 5}
// rating2 := models.Rating{ID: "r2", PlaceID: "place1", UserID: "u2", Score: 4}
// rating3 := models.Rating{ID: "r3", PlaceID: "place2", UserID: "u1", Score: 3}
// initialDB := &DB{Ratings: []models.Rating{rating1, rating2, rating3}}
// store, _, cleanup := setupTestStore(t, initialDB)
// defer cleanup()
// t.Run("finds multiple ratings for a place", func(t *testing.T) {
// ratings := store.GetRatingsByPlaceID("place1")
// if len(ratings) != 2 {
// t.Fatalf("GetRatingsByPlaceID() got %d ratings, want 2", len(ratings))
// }
// expected := []models.Rating{rating1, rating2}
// if !reflect.DeepEqual(ratings, expected) {
// t.Errorf("GetRatingsByPlaceID() got %+v, want %+v", ratings, expected)
// }
// })
// t.Run("returns empty slice for place with no ratings", func(t *testing.T) {
// ratings := store.GetRatingsByPlaceID("place3")
// if len(ratings) != 0 {
// t.Errorf("GetRatingsByPlaceID() got %d ratings, want 0 for place3", len(ratings))
// }
// })
// }
// func TestGetAttributesByPlace(t *testing.T) {
// place1 := models.Place{ID: "p1", Category: "Restaurant"}
// place2 := models.Place{ID: "p2", Category: "Cafe"}
// attrCommonRest := models.Attribute{ID: "a1", Scope: "COMMON", PlaceCategory: "Restaurant", Name: "Outdoor Seating"}
// attrSpecificP1 := models.Attribute{ID: "a2", Scope: "PLACE_SPECIFIC", PlaceID: "p1", Name: "Live Music"}
// attrCommonCafe := models.Attribute{ID: "a3", Scope: "COMMON", PlaceCategory: "Cafe", Name: "Wifi"}
// attrSpecificP2 := models.Attribute{ID: "a4", Scope: "PLACE_SPECIFIC", PlaceID: "p2", Name: "Pet Friendly"}
// initialDB := &DB{
// Places: []models.Place{place1, place2},
// Attributes: []models.Attribute{attrCommonRest, attrSpecificP1, attrCommonCafe, attrSpecificP2},
// }
// store, _, cleanup := setupTestStore(t, initialDB)
// defer cleanup()
// t.Run("finds common and place-specific attributes for place1", func(t *testing.T) {
// attrs := store.GetAttributesByPlace(place1)
// if len(attrs) != 2 {
// t.Fatalf("GetAttributesByPlace() got %d attributes for place1, want 2", len(attrs))
// }
// expected := []models.Attribute{attrCommonRest, attrSpecificP1}
// if !reflect.DeepEqual(attrs, expected) {
// t.Errorf("GetAttributesByPlace() got %+v, want %+v", attrs, expected)
// }
// })
// t.Run("finds common and place-specific attributes for place2", func(t *testing.T) {
// attrs := store.GetAttributesByPlace(place2)
// if len(attrs) != 2 {
// t.Fatalf("GetAttributesByPlace() got %d attributes for place2, want 2", len(attrs))
// }
// expected := []models.Attribute{attrCommonCafe, attrSpecificP2}
// if !reflect.DeepEqual(attrs, expected) {
// t.Errorf("GetAttributesByPlace() got %+v, want %+v", attrs, expected)
// }
// })
// t.Run("returns empty slice for place with no relevant attributes", func(t *testing.T) {
// place3 := models.Place{ID: "p3", Category: "Bar"}
// attrs := store.GetAttributesByPlace(place3)
// if len(attrs) != 0 {
// t.Errorf("GetAttributesByPlace() got %d attributes, want 0 for place3", len(attrs))
// }
// })
// }
// func TestCreateAttribute(t *testing.T) {
// store, _, cleanup := setupTestStore(t, nil)
// defer cleanup()
// attr := models.Attribute{ID: "attr1", Name: "Parking", Scope: "COMMON", PlaceCategory: "Restaurant"}
// err := store.CreateAttribute(attr)
// if err != nil {
// t.Fatalf("CreateAttribute() error = %v", err)
// }
// if len(store.Data.Attributes) != 1 || store.Data.Attributes[0].ID != attr.ID {
// t.Errorf("CreateAttribute() did not add attribute, got %+v", store.Data.Attributes)
// }
// // Verify it's saved to disk
// reloadedStore, err := New(store.path)
// if err != nil {
// t.Fatalf("Failed to reload store: %v", err)
// }
// if len(reloadedStore.Data.Attributes) != 1 || reloadedStore.Data.Attributes[0].ID != attr.ID {
// t.Errorf("CreateAttribute() did not save attribute to disk, got %+v", reloadedStore.Data.Attributes)
// }
// }
// func TestCreateRating(t *testing.T) {
// store, _, cleanup := setupTestStore(t, nil)
// defer cleanup()
// rating := models.Rating{ID: "r1", PlaceID: "p1", UserID: "u1", Score: 5, Comment: "Great!"}
// err := store.CreateRating(rating)
// if err != nil {
// t.Fatalf("CreateRating() error = %v", err)
// }
// if len(store.Data.Ratings) != 1 || store.Data.Ratings[0].ID != rating.ID {
// t.Errorf("CreateRating() did not add rating, got %+v", store.Data.Ratings)
// }
// // Verify it's saved to disk
// reloadedStore, err := New(store.path)
// if err != nil {
// t.Fatalf("Failed to reload store: %v", err)
// }
// if len(reloadedStore.Data.Ratings) != 1 || reloadedStore.Data.Ratings[0].ID != rating.ID {
// t.Errorf("CreateRating() did not save rating to disk, got %+v", reloadedStore.Data.Ratings)
// }
// }
// func TestGetRatingByID(t *testing.T) {
// initialRating := models.Rating{ID: "r1", PlaceID: "p1", UserID: "u1", Score: 5}
// initialDB := &DB{Ratings: []models.Rating{initialRating}}
// store, _, cleanup := setupTestStore(t, initialDB)
// defer cleanup()
// t.Run("finds existing rating", func(t *testing.T) {
// foundRating, found := store.GetRatingByID("r1")
// if !found {
// t.Fatal("GetRatingByID() did not find existing rating")
// }
// if foundRating.ID != initialRating.ID {
// t.Errorf("GetRatingByID() got rating %+v, want %+v", foundRating, initialRating)
// }
// })
// t.Run("does not find non-existent rating", func(t *testing.T) {
// _, found := store.GetRatingByID("nonexistent")
// if found {
// t.Fatal("GetRatingByID() found non-existent rating")
// }
// })
// }
func TestUpdateRating(t *testing.T) {
initialRating := models.Rating{ID: "r1", PlaceID: "p1", UserID: "u1", Score: 5, Comment: "Good"}
initialDB := &DB{Ratings: map[string]models.Rating{
initialRating.ID: initialRating}}
store, _, cleanup := setupTestStore(t, initialDB)
defer cleanup()
t.Run("updates existing rating", func(t *testing.T) {
updatedScore := 4
updatedComment := "It was okay"
updatedRating, updated := store.UpdateRating("r1", updatedScore, updatedComment)
if !updated {
t.Fatal("UpdateRating() did not update existing rating")
}
if updatedRating.Score != updatedScore || updatedRating.Comment != updatedComment {
t.Errorf("UpdateRating() got score %d, comment %s; want %d, %s", updatedRating.Score, updatedRating.Comment, updatedScore, updatedComment)
}
// Verify it's saved to disk
reloadedStore, err := New(store.path)
if err != nil {
t.Fatalf("Failed to reload store: %v", err)
}
foundRating, found := reloadedStore.GetRatingByID("r1")
if !found || foundRating.Score != updatedScore || foundRating.Comment != updatedComment {
t.Errorf("UpdateRating() did not save updated rating to disk, got %+v", foundRating)
}
})
t.Run("does not update non-existent rating", func(t *testing.T) {
_, updated := store.UpdateRating("nonexistent", 1, "bad")
if updated {
t.Fatal("UpdateRating() updated non-existent rating")
}
})
}
func TestDeleteRating(t *testing.T) {
rating1 := models.Rating{ID: "r1", PlaceID: "p1", UserID: "u1", Score: 5}
rating2 := models.Rating{ID: "r2", PlaceID: "p2", UserID: "u2", Score: 4}
initialDB := &DB{Ratings: map[string]models.Rating{
rating1.ID: rating1,
rating2.ID: rating2,
}}
store, _, cleanup := setupTestStore(t, initialDB)
defer cleanup()
t.Run("deletes existing rating", func(t *testing.T) {
deleted := store.DeleteRating("r1")
if !deleted {
t.Fatal("DeleteRating() did not delete existing rating")
}
if len(store.Data.Ratings) != 1 {
t.Errorf("DeleteRating() did not remove rating, got %+v", store.Data.Ratings)
}
// Verify it's saved to disk
reloadedStore, err := New(store.path)
if err != nil {
t.Fatalf("Failed to reload store: %v", err)
}
_, found := reloadedStore.GetRatingByID("r1")
if found {
t.Error("DeleteRating() did not remove rating from disk")
}
if len(reloadedStore.Data.Ratings) != 1 {
t.Errorf("DeleteRating() disk state incorrect, got %d ratings, want 1", len(reloadedStore.Data.Ratings))
}
})
t.Run("does not delete non-existent rating", func(t *testing.T) {
// Re-initialize store for this sub-test to have original data
store, _, cleanup := setupTestStore(t, initialDB)
defer cleanup()
store.DeleteRating("nonexistent")
if len(store.Data.Ratings) != 2 {
t.Errorf("DeleteRating() modified ratings for non-existent ID, got %d", len(store.Data.Ratings))
}
})
}
func TestGetRatingsByUserID(t *testing.T) {
rating1 := models.Rating{ID: "r1", PlaceID: "p1", UserID: "u1", Score: 5}
rating2 := models.Rating{ID: "r2", PlaceID: "p2", UserID: "u1", Score: 4}
rating3 := models.Rating{ID: "r3", PlaceID: "p1", UserID: "u2", Score: 3}
initialDB := &DB{Ratings: map[string]models.Rating{
rating1.ID: rating1,
rating2.ID: rating2,
rating3.ID: rating3,
}}
store, _, cleanup := setupTestStore(t, initialDB)
defer cleanup()
t.Run("finds multiple ratings for a user", func(t *testing.T) {
ratings := store.GetRatingsByUserID("u1")
if len(ratings) != 2 {
t.Fatalf("GetRatingsByUserID() got %d ratings, want 2", len(ratings))
}
expected := []models.Rating{rating1, rating2}
if !reflect.DeepEqual(ratings, expected) {
t.Errorf("GetRatingsByUserID() got %+v, want %+v", ratings, expected)
}
})
t.Run("returns empty slice for user with no ratings", func(t *testing.T) {
ratings := store.GetRatingsByUserID("u3")
if len(ratings) != 0 {
t.Errorf("GetRatingsByUserID() got %d ratings, want 0 for u3", len(ratings))
}
})
}
func TestGetUserByGoogleID(t *testing.T) {
initialUser := models.User{ID: "u1", GoogleID: "google1", DisplayName: "Test User 1"}
initialDB := &DB{Users: map[string]models.User{initialUser.ID: initialUser}}
store, _, cleanup := setupTestStore(t, initialDB)
defer cleanup()
t.Run("finds existing user by Google ID", func(t *testing.T) {
foundUser, found := store.GetUserByGoogleID("google1")
if !found {
t.Fatal("GetUserByGoogleID() did not find existing user")
}
if foundUser.ID != initialUser.ID {
t.Errorf("GetUserByGoogleID() got user %+v, want %+v", foundUser, initialUser)
}
})
t.Run("does not find non-existent user by Google ID", func(t *testing.T) {
_, found := store.GetUserByGoogleID("nonexistent_google_id")
if found {
t.Fatal("GetUserByGoogleID() found non-existent user")
}
})
}
func TestGetUserByID(t *testing.T) {
initialUser := models.User{ID: "u1", GoogleID: "google1", DisplayName: "Test User 1"}
initialDB := &DB{Users: map[string]models.User{initialUser.ID: initialUser}}
store, _, cleanup := setupTestStore(t, initialDB)
defer cleanup()
t.Run("finds existing user by ID", func(t *testing.T) {
foundUser, found := store.GetUserByID("u1")
if !found {
t.Fatal("GetUserByID() did not find existing user")
}
if foundUser.ID != initialUser.ID {
t.Errorf("GetUserByID() got user %+v, want %+v", foundUser, initialUser)
}
})
t.Run("does not find non-existent user by ID", func(t *testing.T) {
_, found := store.GetUserByID("nonexistent_id")
if found {
t.Fatal("GetUserByID() found non-existent user")
}
})
}
func TestCreateUser(t *testing.T) {
store, _, cleanup := setupTestStore(t, nil)
defer cleanup()
user := models.User{ID: "u1", GoogleID: "google1", DisplayName: "Test User"}
err := store.CreateUser(user)
if err != nil {
t.Fatalf("CreateUser() error = %v", err)
}
if _, ok := store.Data.Users[user.ID]; len(store.Data.Users) != 1 || !ok {
t.Errorf("CreateUser() did not add user, got %+v", store.Data.Users)
}
// Verify it's saved to disk
reloadedStore, err := New(store.path)
if err != nil {
t.Fatalf("Failed to reload store: %v", err)
}
if _, ok := reloadedStore.Data.Users[user.ID]; len(reloadedStore.Data.Users) != 1 || !ok {
t.Errorf("CreateUser() did not save user to disk, got %+v", reloadedStore.Data.Users)
}
}
internal/store/user.go
+45
View File
@@ -0,0 +1,45 @@
package store
import (
"encoding/json"
"os"
"git.pengzhan.dev/noteplace-server/internal/models"
)
// GetUserByGoogleID finds a user by their Google ID.
func (s *Store) GetUserByGoogleID(googleID string) (models.User, bool) {
s.Mu.RLock()
defer s.Mu.RUnlock()
for _, u := range s.Data.Users {
if u.GoogleID == googleID {
return u, true
}
}
return models.User{}, false
}
// GetUserByID finds a user by their internal ID.
func (s *Store) GetUserByID(id string) (models.User, bool) {
s.Mu.RLock()
defer s.Mu.RUnlock()
u, ok := s.Data.Users[id]
return u, ok
}
// CreateUser adds a new user to the store.
func (s *Store) CreateUser(user models.User) error {
s.Mu.Lock()
defer s.Mu.Unlock()
s.Data.Users[user.ID] = user
return s.save()
}
// save is an unexported helper to save the database state.
func (s *Store) save() error {
data, err := json.MarshalIndent(s.Data, "", " ")
if err != nil {
return err
}
return os.WriteFile(s.path, data, 0644)
}
test/api_attributes_test.go
+94
View File
@@ -0,0 +1,94 @@
package test
import (
"encoding/json"
"fmt"
"net/http"
"testing"
"git.pengzhan.dev/noteplace-server/internal/models"
"github.com/stretchr/testify/assert"
"go.uber.org/zap"
)
func TestAttributesAPI(t *testing.T) {
logger, _ := zap.NewDevelopment()
zap.ReplaceGlobals(logger)
router, s := setupTestRouter(t)
adminSessionID := createTestUser(t, s, adminUser)
user1SessionID := createTestUser(t, s, regularUser1)
// Create a dummy place for attribute testing
dummyPlace := models.Place{ID: "test-place-attr", Name: "Test Place for Attributes", Category: "Restaurant"}
_ = s.CreatePlace(dummyPlace)
t.Run("Admin can create an attribute", func(t *testing.T) {
newAttribute := models.Attribute{
Name: "Outdoor Seating",
Scope: models.CATEGORY,
OwnerID: "Restaurant",
Description: "Has outdoor seating area",
}
w := performRequest(router, "POST", "/api/attributes", newAttribute, adminSessionID)
assert.Equal(t, http.StatusCreated, w.Code)
var createdAttribute models.Attribute
err := json.Unmarshal(w.Body.Bytes(), &createdAttribute)
assert.NoError(t, err)
assert.NotEmpty(t, createdAttribute.ID)
assert.Equal(t, newAttribute.Name, createdAttribute.Name)
// Verify it's in the store
foundAttrs := s.GetAttributesByPlace(dummyPlace)
assert.Contains(t, foundAttrs, createdAttribute)
})
t.Run("Regular user cannot create an attribute", func(t *testing.T) {
newAttribute := models.Attribute{
Name: "Pet Friendly",
Scope: models.PLACE,
OwnerID: dummyPlace.ID,
Description: "Allows pets inside",
}
w := performRequest(router, "POST", "/api/attributes", newAttribute, user1SessionID)
assert.Equal(t, http.StatusUnauthorized, w.Code) // Expect 401 as per current API implementation
})
t.Run("Get attributes for a place", func(t *testing.T) {
// Create some attributes directly in the store
attr1 := models.Attribute{ID: "attr-1", Name: "Wifi", Scope: models.CATEGORY, OwnerID: "Restaurant"}
attr2 := models.Attribute{ID: "attr-2", Name: "Live Music", Scope: models.PLACE, OwnerID: dummyPlace.ID}
attr3 := models.Attribute{ID: "attr-3", Name: "Parking", Scope: models.CATEGORY, OwnerID: "Cafe"}
_ = s.CreateAttribute(attr1)
_ = s.CreateAttribute(attr2)
_ = s.CreateAttribute(attr3)
w := performRequest(router, "GET", fmt.Sprintf("/api/places/%s/attributes", dummyPlace.ID), nil, "")
assert.Equal(t, http.StatusOK, w.Code)
var attributes []models.Attribute
err := json.Unmarshal(w.Body.Bytes(), &attributes)
assert.NoError(t, err)
// The admin created attribute, attr1, and attr2 should be present
assert.Len(t, attributes, 3)
assert.Contains(t, attributes, attr1)
assert.Contains(t, attributes, attr2)
// Check for the attribute created by admin in the previous test
foundAdminAttr := false
for _, attr := range attributes {
if attr.Name == "Outdoor Seating" {
foundAdminAttr = true
break
}
}
assert.True(t, foundAdminAttr, "Admin created attribute not found")
w = performRequest(router, "GET", "/api/places/non-existent/attributes", nil, "")
assert.Equal(t, http.StatusNotFound, w.Code)
})
}
test/api_places_test.go
+98
View File
@@ -0,0 +1,98 @@
package test
import (
"encoding/json"
"net/http"
"testing"
"git.pengzhan.dev/noteplace-server/internal/models"
"github.com/stretchr/testify/assert"
"go.uber.org/zap"
)
func TestPlacesAPI(t *testing.T) {
logger, _ := zap.NewDevelopment()
zap.ReplaceGlobals(logger)
router, s := setupTestRouter(t)
adminSessionID := createTestUser(t, s, adminUser)
user1SessionID := createTestUser(t, s, regularUser1)
t.Run("Admin can create a place", func(t *testing.T) {
newPlace := models.Place{
Name: "Admin Created Place",
Category: "Restaurant",
Address: models.Address{
Street: "123 Admin St",
City: "Adminville",
},
}
w := performRequest(router, "POST", "/api/places", newPlace, adminSessionID)
assert.Equal(t, http.StatusCreated, w.Code)
var createdPlace models.Place
err := json.Unmarshal(w.Body.Bytes(), &createdPlace)
assert.NoError(t, err)
assert.NotEmpty(t, createdPlace.ID)
assert.Equal(t, newPlace.Name, createdPlace.Name)
// Verify it's in the store
foundPlace, found := s.GetPlaceByID(createdPlace.ID)
assert.True(t, found)
assert.Equal(t, createdPlace.Name, foundPlace.Name)
})
t.Run("Regular user cannot create a place", func(t *testing.T) {
newPlace := models.Place{
Name: "User Created Place",
Category: "Cafe",
Address: models.Address{
Street: "456 User Ave",
City: "Userton",
},
}
w := performRequest(router, "POST", "/api/places", newPlace, user1SessionID)
assert.Equal(t, http.StatusUnauthorized, w.Code) // Expect 401 as per current API implementation
})
t.Run("Get all places", func(t *testing.T) {
// Create a few places directly in the store for testing retrieval
place1 := models.Place{ID: "place-1", Name: "Place One", Category: "Bar"}
place2 := models.Place{ID: "place-2", Name: "Place Two", Category: "Park"}
_ = s.CreatePlace(place1)
_ = s.CreatePlace(place2)
w := performRequest(router, "GET", "/api/places", nil, "") // No auth needed for GET
assert.Equal(t, http.StatusOK, w.Code)
var placesMap map[string]models.Place
err := json.Unmarshal(w.Body.Bytes(), &placesMap)
assert.NoError(t, err)
var places []models.Place
for _, p := range placesMap {
places = append(places, p)
}
assert.Len(t, places, 3) // Includes the one created by admin earlier
assert.Contains(t, places, place1)
assert.Contains(t, places, place2)
})
t.Run("Get place by ID", func(t *testing.T) {
place3 := models.Place{ID: "place-3", Name: "Specific Place", Category: "Museum"}
_ = s.CreatePlace(place3)
w := performRequest(router, "GET", "/api/places/place-3", nil, "")
assert.Equal(t, http.StatusOK, w.Code)
var foundPlace models.Place
err := json.Unmarshal(w.Body.Bytes(), &foundPlace)
assert.NoError(t, err)
assert.Equal(t, place3.Name, foundPlace.Name)
w = performRequest(router, "GET", "/api/places/non-existent", nil, "")
assert.Equal(t, http.StatusNotFound, w.Code)
})
}
test/api_ratings_test.go
+338
View File
@@ -0,0 +1,338 @@
package test
import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http"
"net/http/httptest"
"os"
"testing"
"git.pengzhan.dev/noteplace-server/internal/api"
"git.pengzhan.dev/noteplace-server/internal/auth"
"git.pengzhan.dev/noteplace-server/internal/models"
"git.pengzhan.dev/noteplace-server/internal/store"
"github.com/gin-gonic/gin"
"github.com/joho/godotenv"
"github.com/stretchr/testify/assert"
"go.uber.org/zap"
)
// Dummy users for testing
var (
adminUser = models.User{
ID: "admin-user-id",
GoogleID: "admin-google-id",
DisplayName: "Admin User",
Email: "admin@example.com",
Role: models.ADMIN,
}
regularUser1 = models.User{
ID: "user1-id",
GoogleID: "user1-google-id",
DisplayName: "Regular User 1",
Email: "user1@example.com",
Role: models.USER,
}
regularUser2 = models.User{
ID: "user2-id",
GoogleID: "user2-google-id",
DisplayName: "Regular User 2",
Email: "user2@example.com",
Role: models.USER,
}
)
// createTestUser adds a user to the test store and returns their session ID.
func createTestUser(t *testing.T, s *store.Store, user models.User) string {
err := s.CreateUser(user)
if err != nil {
t.Fatalf("Failed to create test user %s: %v", user.ID, err)
}
session := models.Session{UserID: user.ID, ID: fmt.Sprintf("session-%s", user.ID)}
err = s.CreateSession(session)
if err != nil {
t.Fatalf("Failed to create session for test user %s: %v", user.ID, err)
}
return session.ID
}
// performRequest performs an HTTP request against the test router.
func performRequest(router *gin.Engine, method, url string, body interface{}, sessionID string) *httptest.ResponseRecorder {
var reqBody io.Reader
if body != nil {
jsonBody, _ := json.Marshal(body)
reqBody = bytes.NewBuffer(jsonBody)
}
w := httptest.NewRecorder()
req, _ := http.NewRequest(method, url, reqBody)
if body != nil {
req.Header.Set("Content-Type", "application/json")
}
if sessionID != "" {
req.Header.Set("Authorization", sessionID)
}
router.ServeHTTP(w, req)
return w
}
func containsRating(ratings []models.Rating, ratingID string) bool {
for _, r := range ratings {
if r.ID == ratingID {
return true
}
}
return false
}
// setupTestRouter initializes a new Gin router with all API routes for testing.
func setupTestRouter(t *testing.T) (*gin.Engine, *store.Store) {
// Load .env file for test environment variables
if err := godotenv.Load("../.env"); err != nil {
t.Logf("No .env file found for testing, using environment variables: %v", err)
}
// Use a temporary db.json for testing
tempDir, err := os.MkdirTemp("", "noteplace_test_db_")
if err != nil {
t.Fatalf("Failed to create temp dir: %v", err)
}
tempDBPath := fmt.Sprintf("%s/test_db.json", tempDir)
// Clean up the temporary directory and file after tests
t.Cleanup(func() {
_ = os.RemoveAll(tempDir)
})
s, err := store.New(tempDBPath)
if err != nil {
t.Fatalf("Failed to initialize store for testing: %v", err)
}
authenticator, err := auth.NewAuthenticator()
if err != nil {
t.Fatalf("Failed to initialize authenticator for testing: %v", err)
}
gin.SetMode(gin.TestMode)
router := gin.Default()
// Health check endpoint
router.GET("/api/health", func(ctx *gin.Context) {
ctx.JSON(http.StatusOK, gin.H{"status": "ok"})
})
// Register API handlers
placesHandler := &api.PlacesHandler{Store: s}
router.GET("/api/places", placesHandler.HandleGetPlaces)
router.POST("/api/places", api.AuthMiddleware(s), placesHandler.HandleCreatePlace)
router.GET("/api/places/:id", placesHandler.HandleGetPlaceByID)
router.GET("/api/places/:id/ratings", placesHandler.HandleGetPlaceRatings)
router.GET("/api/places/:id/attributes", placesHandler.HandleGetPlaceAttributes)
authHandler := &api.AuthHandler{Store: s, Authenticator: authenticator}
router.GET("/api/auth/google/cli/login", authHandler.HandleCliLogin)
router.POST("/api/auth/google/cli/callback", authHandler.HandleCliCallback)
router.GET("/api/auth/user", api.AuthMiddleware(s), authHandler.HandleGetUser)
attributesHandler := &api.AttributesHandler{Store: s}
router.POST("/api/attributes", api.AuthMiddleware(s), attributesHandler.HandleCreateAttribute)
ratingsHandler := &api.RatingsHandler{Store: s}
router.POST("/api/ratings", api.AuthMiddleware(s), ratingsHandler.HandleCreateRating)
router.PUT("/api/ratings/:id", api.AuthMiddleware(s), ratingsHandler.HandleUpdateRating)
router.DELETE("/api/ratings/:id", api.AuthMiddleware(s), ratingsHandler.HandleDeleteRating)
router.GET("/api/ratings/my-ratings", api.AuthMiddleware(s), ratingsHandler.HandleGetMyRatings)
return router, s
}
func TestRatingsAPI(t *testing.T) {
logger, _ := zap.NewDevelopment()
zap.ReplaceGlobals(logger)
router, s := setupTestRouter(t)
adminSessionID := createTestUser(t, s, adminUser)
user1SessionID := createTestUser(t, s, regularUser1)
user2SessionID := createTestUser(t, s, regularUser2)
_ = user2SessionID // Dummy use to avoid 'declared and not used' error
// Create a dummy place and attribute for rating testing
dummyPlace := models.Place{ID: "test-place-rating", Name: "Test Place for Ratings", Category: "Cafe"}
_ = s.CreatePlace(dummyPlace)
dummyAttribute := models.Attribute{ID: "test-attr-rating", Name: "Coffee Quality", Scope: models.CATEGORY, OwnerID: "Cafe"}
_ = s.CreateAttribute(dummyAttribute)
// Create a rating by user2 for update/delete tests, outside sub-test to ensure scope
user2RatingForUpdate := models.Rating{
ID: "user2-rating-for-update",
PlaceID: dummyPlace.ID,
AttributeID: dummyAttribute.ID,
UserID: regularUser2.ID,
Score: 2,
Comment: "User2 initial comment.",
}
_ = s.CreateRating(user2RatingForUpdate)
user1RatingForUpdate := models.Rating{
ID: "user1-rating-for-update",
PlaceID: dummyPlace.ID,
AttributeID: dummyAttribute.ID,
UserID: regularUser1.ID,
Score: 1,
Comment: "User1 initial comment.",
}
_ = s.CreateRating(user1RatingForUpdate)
user1RatingForDelete := models.Rating{
ID: "user1-rating-for-delete",
PlaceID: dummyPlace.ID,
AttributeID: dummyAttribute.ID,
UserID: regularUser1.ID,
Score: 1,
Comment: "User1 rating to be deleted.",
}
_ = s.CreateRating(user1RatingForDelete)
user2RatingForDelete := models.Rating{
ID: "user2-rating-for-delete",
PlaceID: dummyPlace.ID,
AttributeID: dummyAttribute.ID,
UserID: regularUser2.ID,
Score: 1,
Comment: "User2 rating to be deleted.",
}
_ = s.CreateRating(user2RatingForDelete)
t.Run("Admin can create a rating", func(t *testing.T) {
newRating := models.Rating{
PlaceID: dummyPlace.ID,
AttributeID: dummyAttribute.ID,
Score: 5,
Comment: "Admin says great coffee!",
}
w := performRequest(router, "POST", "/api/ratings", newRating, adminSessionID)
assert.Equal(t, http.StatusCreated, w.Code)
var createdRating models.Rating
err := json.Unmarshal(w.Body.Bytes(), &createdRating)
assert.NoError(t, err)
assert.NotEmpty(t, createdRating.ID)
assert.Equal(t, adminUser.ID, createdRating.UserID)
assert.Equal(t, newRating.Score, createdRating.Score)
})
t.Run("Regular user can create a rating", func(t *testing.T) {
newRating := models.Rating{
PlaceID: dummyPlace.ID,
AttributeID: dummyAttribute.ID,
Score: 4,
Comment: "User1 says good coffee.",
}
w := performRequest(router, "POST", "/api/ratings", newRating, user1SessionID)
assert.Equal(t, http.StatusCreated, w.Code)
var createdRating models.Rating
err := json.Unmarshal(w.Body.Bytes(), &createdRating)
assert.NoError(t, err)
assert.NotEmpty(t, createdRating.ID)
assert.Equal(t, regularUser1.ID, createdRating.UserID)
assert.Equal(t, newRating.Score, createdRating.Score)
})
t.Run("Admin can update a rating", func(t *testing.T) {
updatedScore := 3
updatedComment := "Admin updated user2's rating."
updatePayload := gin.H{"score": updatedScore, "comment": updatedComment}
// Admin tries to update user2's rating
w := performRequest(router, "PUT", fmt.Sprintf("/api/ratings/%s", user2RatingForUpdate.ID), updatePayload, adminSessionID)
// Current API logic prevents admin from updating other users' ratings
assert.Equal(t, http.StatusForbidden, w.Code)
// assert.Equal(t, http.StatusOK, w.Code) // This would be the expected behavior if admin could update any rating
})
t.Run("Regular user can update their own rating", func(t *testing.T) {
updatedScore := 2
updatedComment := "User1 updated their own rating."
updatePayload := gin.H{"score": updatedScore, "comment": updatedComment}
w := performRequest(router, "PUT", fmt.Sprintf("/api/ratings/%s", user1RatingForUpdate.ID), updatePayload, user1SessionID)
assert.Equal(t, http.StatusOK, w.Code)
var updatedRating models.Rating
err := json.Unmarshal(w.Body.Bytes(), &updatedRating)
assert.NoError(t, err)
assert.Equal(t, updatedScore, updatedRating.Score)
assert.Equal(t, updatedComment, updatedRating.Comment)
assert.Equal(t, regularUser1.ID, updatedRating.UserID)
})
t.Run("Regular user cannot update another user's rating", func(t *testing.T) {
updatedScore := 5
updatedComment := "User1 trying to update user2's rating."
updatePayload := gin.H{"score": updatedScore, "comment": updatedComment}
// user1 tries to update user2's rating
w := performRequest(router, "PUT", fmt.Sprintf("/api/ratings/%s", user2RatingForUpdate.ID), updatePayload, user1SessionID)
assert.Equal(t, http.StatusForbidden, w.Code)
})
t.Run("Admin can delete a rating", func(t *testing.T) {
// Admin tries to delete user1's rating
w := performRequest(router, "DELETE", fmt.Sprintf("/api/ratings/%s", user1RatingForDelete.ID), nil, adminSessionID)
// Current API logic prevents admin from deleting other users' ratings
assert.Equal(t, http.StatusForbidden, w.Code)
// assert.Equal(t, http.StatusNoContent, w.Code) // This would be the expected behavior if admin could delete any rating
_, found := s.GetRatingByID(user1RatingForDelete.ID)
assert.True(t, found, "Rating should not be deleted if admin is forbidden")
})
t.Run("Regular user cannot delete a rating", func(t *testing.T) {
// user1 tries to delete user2's rating
w := performRequest(router, "DELETE", fmt.Sprintf("/api/ratings/%s", user2RatingForDelete.ID), nil, user1SessionID)
assert.Equal(t, http.StatusForbidden, w.Code)
_, found := s.GetRatingByID(user2RatingForDelete.ID)
assert.True(t, found, "Rating should not be deleted by unauthorized user")
})
t.Run("Get ratings for a place", func(t *testing.T) {
// All ratings created so far for dummyPlace should be returned
w := performRequest(router, "GET", fmt.Sprintf("/api/places/%s/ratings", dummyPlace.ID), nil, "")
assert.Equal(t, http.StatusOK, w.Code)
var ratings []models.Rating
err := json.Unmarshal(w.Body.Bytes(), &ratings)
assert.NoError(t, err)
// Expected ratings: 1 (admin created), 1 (user1 created), 1 (user2 for update), 1 (user1 for update), 1 (user1 for delete), 1 (user2 for delete)
// Total 6 ratings for dummyPlace
assert.Len(t, ratings, 6)
// Check for specific ratings
assert.True(t, containsRating(ratings, user2RatingForUpdate.ID))
assert.True(t, containsRating(ratings, user1RatingForUpdate.ID))
assert.True(t, containsRating(ratings, user1RatingForDelete.ID))
assert.True(t, containsRating(ratings, user2RatingForDelete.ID))
})
t.Run("Get my ratings", func(t *testing.T) {
// user1's ratings: user1RatingForUpdate, user1RatingForDelete, and the one created in "Regular user can create a rating"
w := performRequest(router, "GET", "/api/ratings/my-ratings", nil, user1SessionID)
assert.Equal(t, http.StatusOK, w.Code)
var myRatings []models.Rating
err := json.Unmarshal(w.Body.Bytes(), &myRatings)
assert.NoError(t, err)
assert.Len(t, myRatings, 3)
assert.True(t, containsRating(myRatings, user1RatingForUpdate.ID))
assert.True(t, containsRating(myRatings, user1RatingForDelete.ID))
})
}