From 815015dbe600798c0d0b66b4097a5e12efed5125 Mon Sep 17 00:00:00 2001
From: Hannes Klinckaert <hannes-dev@mailbox.org>
Date: Tue, 13 Aug 2024 23:49:04 +0200
Subject: [PATCH] vingo: check if logged in

---
 vingo/database/cards.go |  7 +++++--
 vingo/database/scans.go |  3 +++
 vingo/main.go           | 37 ++++++++++++++++++++-----------------
 3 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/vingo/database/cards.go b/vingo/database/cards.go
index 15962b8..b589711 100644
--- a/vingo/database/cards.go
+++ b/vingo/database/cards.go
@@ -12,8 +12,11 @@ func GetCardsForUser(user_id int) ([]Card, error) {
 
 func GetCardsAndStatsForUser(user_id int) ([]CardAPI, error) {
 	rows, err := db.Query(`
-	SELECT cards.id, cards.created_at, serial, name, COUNT(scans.id), (select MAX(scan_time) from scans where card_serial = cards.serial) from cards LEFT JOIN scans on scans.card_serial = serial WHERE
-	user_id = $1 GROUP BY cards.id;
+	        SELECT cards.id, cards.created_at, serial, name, COUNT(scans.id), (select MAX(scan_time) from scans where card_serial = cards.serial)
+        FROM cards
+        LEFT JOIN scans on scans.card_serial = serial
+        WHERE user_id = $1
+        GROUP BY cards.id, cards.created_at, cards.serial, cards.name;
 	`, user_id)
 
 	if err != nil {
diff --git a/vingo/database/scans.go b/vingo/database/scans.go
index c3b1ea4..59ab4be 100644
--- a/vingo/database/scans.go
+++ b/vingo/database/scans.go
@@ -30,6 +30,9 @@ func CreateScan(card_serial string) error {
 func GetScansForUser(user_id int) ([]Scan, error) {
 	var user User
 	result := gorm_db.Preload("Cards.Scans").First(&user, user_id)
+	if result.Error != nil {
+		return nil, result.Error
+	}
 
 	var scans []Scan
 	for _, card := range user.Cards {
diff --git a/vingo/main.go b/vingo/main.go
index b6503fc..052df98 100644
--- a/vingo/main.go
+++ b/vingo/main.go
@@ -42,24 +42,27 @@ func main() {
 
 		api.Get("/recent_scans", handlers.PublicRecentScans)
 
-		api.Post("/logout", handlers.Logout)
-		api.Get("/user", handlers.User)
-		api.Get("/leaderboard", handlers.Leaderboard)
-		api.Get("/scans", handlers.Scans)
-
-		api.Get("/cards", handlers.Cards{}.Get)
-		api.Patch("/cards/:id", handlers.Cards{}.Update)
-		api.Get("/cards/register", handlers.Cards{}.RegisterStatus)
-		api.Post("/cards/register", handlers.Cards{}.StartRegister)
-
-		api.Get("/settings", handlers.Settings{}.Get)
-		api.Patch("/settings", handlers.Settings{}.Update)
-
-		admin := api.Group("/admin", handlers.IsAdmin)
+		authed := api.Group("", handlers.IsLoggedIn)
 		{
-			admin.Get("/days", handlers.Days{}.All)
-			admin.Post("/days", handlers.Days{}.CreateMultiple)
-			admin.Delete("/days/:id", handlers.Days{}.Delete)
+			authed.Post("/logout", handlers.Logout)
+			authed.Get("/user", handlers.User)
+			authed.Get("/leaderboard", handlers.Leaderboard)
+			authed.Get("/scans", handlers.Scans)
+
+			authed.Get("/cards", handlers.Cards{}.Get)
+			authed.Patch("/cards/:id", handlers.Cards{}.Update)
+			authed.Get("/cards/register", handlers.Cards{}.RegisterStatus)
+			authed.Post("/cards/register", handlers.Cards{}.StartRegister)
+
+			authed.Get("/settings", handlers.Settings{}.Get)
+			authed.Patch("/settings", handlers.Settings{}.Update)
+
+			admin := authed.Group("/admin", handlers.IsAdmin)
+			{
+				admin.Get("/days", handlers.Days{}.All)
+				admin.Post("/days", handlers.Days{}.CreateMultiple)
+				admin.Delete("/days/:id", handlers.Days{}.Delete)
+			}
 		}
 	}