fix connection handlers, group ops, and various HTTP handler bugs

http.go

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	json2 "encoding/json"
+	"errors"
 	"fmt"
 	"maps"
 	"net/http"
@@ -89,7 +90,7 @@ func getIfOwnerUserAndGroup(ctx context.Context, response *http.ResponseWriter,
 
 	if !isOwner(user, group) {
 		http.Error(*response, "no such group", http.StatusUnauthorized)
-		return nil, nil, err
+		return nil, nil, errors.New("not an owner")
 	}
 	return user, group, nil
 }
@@ -153,6 +154,7 @@ func HttpHandleUserDelete(response http.ResponseWriter, request *http.Request) {
 	err = DbUserDelete(ctx, userId)
 	if err != nil {
 		http.Error(response, "internal server error", http.StatusInternalServerError)
+		return
 	}
 
 	CacheDeleteUser(userId)
@@ -192,7 +194,7 @@ func HttpHandleUserModifyAbout(response http.ResponseWriter, request *http.Reque
 	}
 
 	pronouns := request.FormValue("pronouns")
-	if len(pronouns) > 25 && len(pronouns) < 2 {
+	if len(pronouns) > 25 || len(pronouns) < 2 {
 		http.Error(response, "invalid pronouns", http.StatusBadRequest)
 		return
 	}
@@ -226,10 +228,16 @@ func HttpHandleUserMessage(response http.ResponseWriter, request *http.Request)
 		err = DbUserGetById(ctx, target)
 		if err != nil {
 			http.Error(response, "invalid recipient id", http.StatusBadRequest)
+			return
+		}
+		err = DbUserGetConnections(ctx, target)
+		if err != nil {
+			http.Error(response, "invalid recipient id", http.StatusBadRequest)
+			return
 		}
 	}
 
-	if user.Connections[target.Id] == nil {
+	if user.Connections[target.Id] == nil || !user.Connections[targetId].IsAccepted {
 		http.Error(response, "invalid recipient id", http.StatusBadRequest)
 		return
 	}
@@ -243,7 +251,176 @@ func HttpHandleUserMessage(response http.ResponseWriter, request *http.Request)
 	WsSendToUser(user, target, message)
 }
 
-func HttpHandleNewToken(response http.ResponseWriter, request *http.Request) {
+func HttpHandleUserNewConnection(response http.ResponseWriter, request *http.Request) {
+	if !isMethodAllowed(&response, request) {
+		return
+	}
+
+	ctx := request.Context()
+
+	user, err := getUser(ctx, request.FormValue("token"))
+	if err != nil {
+		http.Error(response, "invalid token", http.StatusUnauthorized)
+		return
+	}
+
+	targetId, err := ConvertStringUint32(request.FormValue("recipientid"))
+	if err != nil {
+		http.Error(response, "invalid recipient id", http.StatusBadRequest)
+		return
+	}
+
+	if user.Id == targetId {
+		http.Error(response, "invalid recipient id", http.StatusBadRequest)
+		return
+	}
+
+	target, err := CacheGetUserById(targetId)
+	if err != nil {
+		target = &User{Id: targetId}
+		err = DbUserGetById(ctx, target)
+		if err != nil {
+			http.Error(response, "invalid recipient id", http.StatusBadRequest)
+			return
+		}
+		err = DbUserGetConnections(ctx, target)
+		if err != nil {
+			http.Error(response, "invalid recipient id", http.StatusBadRequest)
+			return
+		}
+	}
+	if user.Connections[target.Id] != nil {
+		http.Error(response, "already sent/connected", http.StatusConflict)
+		return
+	}
+
+	timeNow := time.Now()
+
+	err = DbConnectionSave(ctx, timeNow, user.Id, targetId, false)
+	if err != nil {
+		http.Error(response, "internal server error", http.StatusInternalServerError)
+		return
+	}
+
+	user.Connections[target.Id] = &Connection{
+		CreatedAt:  timeNow,
+		With:       targetId,
+		IsFromUser: true,
+		IsAccepted: false,
+	}
+	if target.Connections == nil {
+		target.Connections = make(map[uint32]*Connection)
+	}
+	target.Connections[user.Id] = &Connection{
+		CreatedAt:  timeNow,
+		With:       user.Id,
+		IsFromUser: false,
+		IsAccepted: false,
+	}
+
+	response.WriteHeader(http.StatusCreated)
+}
+
+func HttpHandleUserDeleteConnection(response http.ResponseWriter, request *http.Request) {
+	ctx := request.Context()
+
+	user, err := getUser(ctx, request.FormValue("token"))
+	if err != nil {
+		http.Error(response, "invalid token", http.StatusUnauthorized)
+		return
+	}
+
+	targetId, err := ConvertStringUint32(request.FormValue("connectedid"))
+	if err != nil {
+		http.Error(response, "invalid recipient id", http.StatusBadRequest)
+		return
+	}
+
+	target, err := CacheGetUserById(targetId)
+	if err != nil {
+		target = &User{Id: targetId}
+		err = DbUserGetById(ctx, target)
+		if err != nil {
+			http.Error(response, "invalid recipient id", http.StatusBadRequest)
+			return
+		}
+		err = DbUserGetConnections(ctx, target)
+		if err != nil {
+			http.Error(response, "invalid recipient id", http.StatusBadRequest)
+			return
+		}
+	}
+	if user.Connections[targetId] == nil {
+		http.Error(response, "invalid recipient id", http.StatusBadRequest)
+		return
+	}
+
+	if user.Connections[targetId].IsFromUser {
+		err = DbConnectionDelete(ctx, user.Id, targetId)
+	} else {
+		err = DbConnectionDelete(ctx, targetId, user.Id)
+	}
+	if err != nil {
+		http.Error(response, "internal server error", http.StatusInternalServerError)
+		return
+	}
+
+	delete(user.Connections, targetId)
+	delete(target.Connections, user.Id)
+
+	response.WriteHeader(http.StatusAccepted)
+}
+
+func HttpHandleUserAcceptConnection(response http.ResponseWriter, request *http.Request) {
+	ctx := request.Context()
+
+	user, err := getUser(ctx, request.FormValue("token"))
+	if err != nil {
+		http.Error(response, "invalid token", http.StatusUnauthorized)
+		return
+	}
+
+	targetId, err := ConvertStringUint32(request.FormValue("connectedid"))
+	if err != nil {
+		http.Error(response, "invalid recipient id", http.StatusBadRequest)
+		return
+	}
+
+	target, err := CacheGetUserById(targetId)
+	if err != nil {
+		target = &User{Id: targetId}
+		err = DbUserGetById(ctx, target)
+		if err != nil {
+			http.Error(response, "invalid recipient id", http.StatusBadRequest)
+			return
+		}
+		err = DbUserGetConnections(ctx, target)
+		if err != nil {
+			http.Error(response, "invalid recipient id", http.StatusBadRequest)
+			return
+		}
+	}
+	if user.Connections[targetId] == nil {
+		http.Error(response, "invalid recipient id", http.StatusBadRequest)
+		return
+	}
+	if user.Connections[targetId].IsFromUser {
+		http.Error(response, "cant accept own request", http.StatusConflict)
+		return
+	}
+
+	user.Connections[targetId].IsAccepted = true
+	target.Connections[user.Id].IsAccepted = true
+
+	err = DbConnectionAccept(ctx, targetId, user.Id)
+	if err != nil {
+		http.Error(response, "internal server error", http.StatusInternalServerError)
+		return
+	}
+	response.WriteHeader(http.StatusAccepted)
+}
+
+func HttpHandleTokenNew(response http.ResponseWriter, request *http.Request) {
 	if !isMethodAllowed(&response, request) {
 		return
 	}
@@ -321,6 +498,10 @@ func HttpHandeGroupCreate(response http.ResponseWriter, request *http.Request) {
 
 	colorString := request.FormValue("color")
 	color, err := ConvertStringToRgb(colorString)
+	if err != nil {
+		http.Error(response, "invalid color", http.StatusBadRequest)
+		return
+	}
 
 	group := Group{
 		Name:      name,
@@ -503,7 +684,7 @@ func HttpHandleGroupChangeOwner(response http.ResponseWriter, request *http.Requ
 	}
 
 	ctx := request.Context()
-	user, group, err := getIfOwnerUserAndGroup(ctx, &response, request)
+	_, group, err := getIfOwnerUserAndGroup(ctx, &response, request)
 	if err != nil {
 		return
 	}
@@ -519,7 +700,7 @@ func HttpHandleGroupChangeOwner(response http.ResponseWriter, request *http.Requ
 			return
 		}
 
-		CacheSaveUser(user)
+		CacheSaveUser(newOwner)
 	}
 
 	_, ok := group.Users[newOwner.Id]
@@ -558,6 +739,10 @@ func HttpHandleGroupMessage(response http.ResponseWriter, request *http.Request)
 	}
 
 	group, err := getGroup(ctx, groupId)
+	if err != nil {
+		http.Error(response, "no such group", http.StatusUnauthorized)
+		return
+	}
 
 	content := request.FormValue("content")
 	if content == "" {
@@ -568,6 +753,7 @@ func HttpHandleGroupMessage(response http.ResponseWriter, request *http.Request)
 	_, ok := group.Users[user.Id]
 	if !ok {
 		http.Error(response, "no such group", http.StatusUnauthorized)
+		return
 	}
 
 	err = WsSendToGroup(group, user, content)