diff --git a/api/storage.go b/api/storage.go index d578e601..7fca5ccf 100644 --- a/api/storage.go +++ b/api/storage.go @@ -2,9 +2,6 @@ package api type Storage struct { ID int `json:"id"` - CreatorID int `json:"creatorId"` - CreatedTs int64 `json:"createdTs"` - UpdatedTs int64 `json:"updatedTs"` Name string `json:"name"` EndPoint string `json:"endPoint"` Region string `json:"region"` @@ -15,7 +12,6 @@ type Storage struct { } type StorageCreate struct { - CreatorID int `json:"creatorId"` Name string `json:"name"` EndPoint string `json:"endPoint"` Region string `json:"region"` @@ -26,8 +22,7 @@ type StorageCreate struct { } type StoragePatch struct { - ID int `json:"id"` - UpdatedTs *int64 + ID int `json:"id"` Name *string `json:"name"` EndPoint *string `json:"endPoint"` Region *string `json:"region"` @@ -38,9 +33,8 @@ type StoragePatch struct { } type StorageFind struct { - ID *int `json:"id"` - Name *string `json:"name"` - CreatorID *int `json:"creatorId"` + ID *int `json:"id"` + Name *string `json:"name"` } type StorageDelete struct { diff --git a/server/storage.go b/server/storage.go index bf6191ea..5b2dfd33 100644 --- a/server/storage.go +++ b/server/storage.go @@ -5,7 +5,6 @@ import ( "fmt" "net/http" "strconv" - "time" "github.com/labstack/echo/v4" "github.com/usememos/memos/api" @@ -35,7 +34,6 @@ func (s *Server) registerStorageRoutes(g *echo.Group) { return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post storage request").SetInternal(err) } - storageCreate.CreatorID = userID storage, err := s.Store.CreateStorage(ctx, storageCreate) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create storage").SetInternal(err) @@ -55,31 +53,29 @@ func (s *Server) registerStorageRoutes(g *echo.Group) { return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session") } - storageID, err := strconv.Atoi(c.Param("storageId")) - if err != nil { - return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("storageId"))).SetInternal(err) - } - - storage, err := s.Store.FindStorage(ctx, &api.StorageFind{ - ID: &storageID, + user, err := s.Store.FindUser(ctx, &api.UserFind{ + ID: &userID, }) if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find storage").SetInternal(err) + return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err) } - if storage.CreatorID != userID { + if user == nil || user.Role != api.Host { return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized") } - currentTs := time.Now().Unix() + storageID, err := strconv.Atoi(c.Param("storageId")) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("storageId"))).SetInternal(err) + } + storagePatch := &api.StoragePatch{ - ID: storageID, - UpdatedTs: ¤tTs, + ID: storageID, } if err := json.NewDecoder(c.Request().Body).Decode(storagePatch); err != nil { return echo.NewHTTPError(http.StatusBadRequest, "Malformatted patch storage request").SetInternal(err) } - storage, err = s.Store.PatchStorage(ctx, storagePatch) + storage, err := s.Store.PatchStorage(ctx, storagePatch) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, "Failed to patch storage").SetInternal(err) } @@ -93,6 +89,22 @@ func (s *Server) registerStorageRoutes(g *echo.Group) { g.GET("/storage", func(c echo.Context) error { ctx := c.Request().Context() + userID, ok := c.Get(getUserIDContextKey()).(int) + if !ok { + return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session") + } + + user, err := s.Store.FindUser(ctx, &api.UserFind{ + ID: &userID, + }) + if err != nil { + return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err) + } + // We should only show storage list to host user. + if user == nil || user.Role != api.Host { + return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized") + } + storageList, err := s.Store.FindStorageList(ctx, &api.StorageFind{}) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find storage list").SetInternal(err) @@ -112,6 +124,16 @@ func (s *Server) registerStorageRoutes(g *echo.Group) { return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session") } + user, err := s.Store.FindUser(ctx, &api.UserFind{ + ID: &userID, + }) + if err != nil { + return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err) + } + if user == nil || user.Role != api.Host { + return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized") + } + storageID, err := strconv.Atoi(c.Param("storageId")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("storageId"))).SetInternal(err) @@ -132,21 +154,7 @@ func (s *Server) registerStorageRoutes(g *echo.Group) { } } - storage, err := s.Store.FindStorage(ctx, &api.StorageFind{ - ID: &storageID, - }) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find storage").SetInternal(err) - } - if storage.CreatorID != userID { - return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized") - } - - storageDelete := &api.StorageDelete{ - ID: storageID, - } - - if err = s.Store.DeleteStorage(ctx, storageDelete); err != nil { + if err = s.Store.DeleteStorage(ctx, &api.StorageDelete{ID: storageID}); err != nil { if common.ErrorCode(err) == common.NotFound { return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("Storage ID not found: %d", storageID)) } diff --git a/store/db/migration/dev/LATEST__SCHEMA.sql b/store/db/migration/dev/LATEST__SCHEMA.sql index c4abd5fc..8f3db83f 100644 --- a/store/db/migration/dev/LATEST__SCHEMA.sql +++ b/store/db/migration/dev/LATEST__SCHEMA.sql @@ -107,9 +107,6 @@ CREATE TABLE activity ( -- storage CREATE TABLE storage ( id INTEGER PRIMARY KEY AUTOINCREMENT, - creator_id INTEGER NOT NULL, - created_ts BIGINT NOT NULL DEFAULT (strftime('%s', 'now')), - updated_ts BIGINT NOT NULL DEFAULT (strftime('%s', 'now')), name TEXT NOT NULL DEFAULT '' UNIQUE, end_point TEXT NOT NULL DEFAULT '', region TEXT NOT NULL DEFAULT '', diff --git a/store/storage.go b/store/storage.go index 2233dff8..6c9706bc 100644 --- a/store/storage.go +++ b/store/storage.go @@ -12,9 +12,6 @@ import ( type storageRaw struct { ID int - CreatorID int - CreatedTs int64 - UpdatedTs int64 Name string EndPoint string Region string @@ -27,9 +24,6 @@ type storageRaw struct { func (raw *storageRaw) toStorage() *api.Storage { return &api.Storage{ ID: raw.ID, - CreatorID: raw.CreatorID, - CreatedTs: raw.CreatedTs, - UpdatedTs: raw.UpdatedTs, Name: raw.Name, EndPoint: raw.EndPoint, Region: raw.Region, @@ -137,23 +131,20 @@ func (s *Store) DeleteStorage(ctx context.Context, delete *api.StorageDelete) er } func createStorageRaw(ctx context.Context, tx *sql.Tx, create *api.StorageCreate) (*storageRaw, error) { - set := []string{"creator_id", "name", "end_point", "region", "access_key", "secret_key", "bucket", "url_prefix"} - args := []interface{}{create.CreatorID, create.Name, create.EndPoint, create.Region, create.AccessKey, create.SecretKey, create.Bucket, create.URLPrefix} - placeholder := []string{"?", "?", "?", "?", "?", "?", "?", "?"} + set := []string{"name", "end_point", "region", "access_key", "secret_key", "bucket", "url_prefix"} + args := []interface{}{create.Name, create.EndPoint, create.Region, create.AccessKey, create.SecretKey, create.Bucket, create.URLPrefix} + placeholder := []string{"?", "?", "?", "?", "?", "?", "?"} query := ` INSERT INTO storage ( ` + strings.Join(set, ", ") + ` ) VALUES (` + strings.Join(placeholder, ",") + `) - RETURNING id, creator_id, created_ts, updated_ts, name, end_point, region, access_key, secret_key, bucket, url_prefix + RETURNING id, name, end_point, region, access_key, secret_key, bucket, url_prefix ` var storageRaw storageRaw if err := tx.QueryRowContext(ctx, query, args...).Scan( &storageRaw.ID, - &storageRaw.CreatorID, - &storageRaw.CreatedTs, - &storageRaw.UpdatedTs, &storageRaw.Name, &storageRaw.EndPoint, &storageRaw.Region, @@ -170,9 +161,6 @@ func createStorageRaw(ctx context.Context, tx *sql.Tx, create *api.StorageCreate func patchStorageRaw(ctx context.Context, tx *sql.Tx, patch *api.StoragePatch) (*storageRaw, error) { set, args := []string{}, []interface{}{} - if v := patch.UpdatedTs; v != nil { - set, args = append(set, "updated_ts = ?"), append(args, *v) - } if v := patch.Name; v != nil { set, args = append(set, "name = ?"), append(args, *v) } @@ -201,15 +189,12 @@ func patchStorageRaw(ctx context.Context, tx *sql.Tx, patch *api.StoragePatch) ( UPDATE storage SET ` + strings.Join(set, ", ") + ` WHERE id = ? - RETURNING id, creator_id, created_ts, updated_ts, name, end_point, region, access_key, secret_key, bucket, url_prefix + RETURNING id, name, end_point, region, access_key, secret_key, bucket, url_prefix ` var storageRaw storageRaw if err := tx.QueryRowContext(ctx, query, args...).Scan( &storageRaw.ID, - &storageRaw.CreatorID, - &storageRaw.CreatedTs, - &storageRaw.UpdatedTs, &storageRaw.Name, &storageRaw.EndPoint, &storageRaw.Region, @@ -233,15 +218,10 @@ func findStorageRawList(ctx context.Context, tx *sql.Tx, find *api.StorageFind) if v := find.Name; v != nil { where, args = append(where, "name = ?"), append(args, *v) } - if v := find.CreatorID; v != nil { - where, args = append(where, "creator_id = ?"), append(args, *v) - } query := ` SELECT id, - creator_id, - created_ts, name, end_point, region, @@ -251,7 +231,7 @@ func findStorageRawList(ctx context.Context, tx *sql.Tx, find *api.StorageFind) url_prefix FROM storage WHERE ` + strings.Join(where, " AND ") + ` - ORDER BY created_ts DESC + ORDER BY id DESC ` rows, err := tx.QueryContext(ctx, query, args...) if err != nil { @@ -264,8 +244,6 @@ func findStorageRawList(ctx context.Context, tx *sql.Tx, find *api.StorageFind) var storageRaw storageRaw if err := rows.Scan( &storageRaw.ID, - &storageRaw.CreatorID, - &storageRaw.CreatedTs, &storageRaw.Name, &storageRaw.EndPoint, &storageRaw.Region, diff --git a/web/src/types/modules/storage.d.ts b/web/src/types/modules/storage.d.ts index f5b9eea1..2db5b715 100644 --- a/web/src/types/modules/storage.d.ts +++ b/web/src/types/modules/storage.d.ts @@ -2,9 +2,6 @@ type StorageId = number; interface Storage { id: StorageId; - creatorId: UserId; - createdTs: TimeStamp; - updatedTs: TimeStamp; name: string; endPoint: string; region: string;