delete photos and comments

Author: bstaijen

comment-service/app/http/controllers/controller.go

@@ -14,6 +14,7 @@ import (
 	"github.com/bstaijen/mariadb-for-microservices/comment-service/database"
 	"github.com/bstaijen/mariadb-for-microservices/shared/util"
 	jwt "github.com/dgrijalva/jwt-go"
+	"github.com/gorilla/mux"
 	"github.com/urfave/negroni"
 
 	"strconv"
@@ -270,6 +271,69 @@ func GetLastTenHandler(connection *sql.DB, cnf config.Config) negroni.HandlerFun
 	})
 }
 
+// DeleteCommentHandler : is the handler to remove a comment in the database
+func DeleteCommentHandler(connection *sql.DB, cnf config.Config) negroni.HandlerFunc {
+	return negroni.HandlerFunc(func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
+
+		var queryToken = r.URL.Query().Get("token")
+
+		if len(queryToken) < 1 {
+			queryToken = r.Header.Get("token")
+		}
+
+		if len(queryToken) < 1 {
+			w.WriteHeader(http.StatusBadRequest)
+			w.Write([]byte(string("token is mandatory")))
+			return
+		}
+
+		tok, err := jwt.Parse(queryToken, func(t *jwt.Token) (interface{}, error) {
+			return []byte(cnf.SecretKey), nil
+		})
+
+		if err != nil {
+			util.SendErrorMessage(w, "You are not authorized")
+			return
+		}
+
+		claims := tok.Claims.(jwt.MapClaims)
+		var userID = claims["sub"].(float64) // gets the ID
+
+		// Get commentID
+		vars := mux.Vars(r)
+		strID := vars["id"]
+		commentID, err := strconv.Atoi(strID)
+
+		if err != nil {
+			util.SendErrorMessage(w, "id needs to be numeric")
+			return
+		}
+
+		if commentID < 1 {
+			util.SendErrorMessage(w, "id needs to be greater than 0")
+			return
+		}
+
+		comment, err := db.GetCommentByID(connection, commentID)
+		if err != nil {
+			util.SendError(w, err)
+			return
+		}
+
+		if comment.UserID != int(userID) {
+			util.SendErrorMessage(w, "you can only remove your own comment")
+			return
+		}
+
+		_, err = db.DeleteCommentByID(connection, commentID)
+		if err != nil {
+			util.SendError(w, err)
+			return
+		}
+		util.SendOKMessage(w, "Comment removed")
+	})
+}
+
 func getUsernames(cnf config.Config, input []*sharedModels.GetUsernamesRequest) []*sharedModels.GetUsernamesResponse {
 	type Req struct {
 		Requests []*sharedModels.GetUsernamesRequest `json:"requests"`

comment-service/app/http/routes/routes.go

@@ -31,6 +31,11 @@ func setRESTRoutes(db *sql.DB, cnf config.Config, router *mux.Router) *mux.Route
 		controllers.ListCommentsFromUser(db, cnf),
 	)).Methods("GET")
 
+	comments.Handle("/{id}/delete", negroni.New(
+		negroni.HandlerFunc(middleware.AccessControlHandler),
+		controllers.DeleteCommentHandler(db, cnf),
+	)).Methods("POST")
+
 	// Create a comment /comments
 	comments.Methods("POST").Handler(negroni.New(
 		negroni.HandlerFunc(middleware.AccessControlHandler),

comment-service/database/db.go

@@ -169,6 +169,15 @@ func GetLastTenComments(db *sql.DB, items []*sharedModels.CommentRequest) ([]*sh
 	return responses, nil
 }
 
+// DeleteCommentByID delete a comment in the database based on ID.
+func DeleteCommentByID(db *sql.DB, commentID int) (int64, error) {
+	res, err := db.Exec("DELETE FROM comments WHERE id = ?", commentID)
+	if err != nil {
+		return 0, err
+	}
+	return res.RowsAffected()
+}
+
 // ErrCommentNotFound error if comment does not exist in database
 var ErrCommentNotFound = errors.New("Comment does not exist")
 

photo-service/app/http/controllers/incoming_controller.go

@@ -6,9 +6,11 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"strconv"
 
 	"github.com/bstaijen/mariadb-for-microservices/photo-service/app/models"
 	"github.com/bstaijen/mariadb-for-microservices/photo-service/database"
+	"github.com/gorilla/mux"
 	"github.com/urfave/negroni"
 
 	"io/ioutil"
@@ -162,6 +164,69 @@ func HotHandler(connection *sql.DB, cnf config.Config) negroni.HandlerFunc {
 	})
 }
 
+// DeletePhotoHandler : is the handler to remove a photo in the database
+func DeletePhotoHandler(connection *sql.DB, cnf config.Config) negroni.HandlerFunc {
+	return negroni.HandlerFunc(func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
+
+		var queryToken = r.URL.Query().Get("token")
+
+		if len(queryToken) < 1 {
+			queryToken = r.Header.Get("token")
+		}
+
+		if len(queryToken) < 1 {
+			w.WriteHeader(http.StatusBadRequest)
+			w.Write([]byte(string("token is mandatory")))
+			return
+		}
+
+		tok, err := jwt.Parse(queryToken, func(t *jwt.Token) (interface{}, error) {
+			return []byte(cnf.SecretKey), nil
+		})
+
+		if err != nil {
+			util.SendErrorMessage(w, "You are not authorized")
+			return
+		}
+
+		claims := tok.Claims.(jwt.MapClaims)
+		var userID = claims["sub"].(float64) // gets the ID
+
+		// Get photoID
+		vars := mux.Vars(r)
+		strID := vars["id"]
+		photoID, err := strconv.Atoi(strID)
+
+		if err != nil {
+			util.SendErrorMessage(w, "id needs to be numeric")
+			return
+		}
+
+		if photoID < 1 {
+			util.SendErrorMessage(w, "id needs to be greater than 0")
+			return
+		}
+
+		photo, err := db.GetPhotoById(connection, photoID)
+		if err != nil {
+			util.SendError(w, err)
+			return
+		}
+
+		if photo.UserID != int(userID) {
+			util.SendErrorMessage(w, "you can only remove your own photo")
+			return
+		}
+
+		_, err = db.DeletePhotoByID(connection, photoID)
+		if err != nil {
+			util.SendError(w, err)
+			return
+		}
+		util.SendOKMessage(w, "Photo removed")
+	})
+}
+
 // FindResources searches for related resources to a collection of photos and adds them to the photo object.
 // By specifying parameters the caller of this func can determine which resources will be added and which
 // will be skippd. If userID is 0 or less then this func cannot determine if the user has voted on the photos.

photo-service/app/http/routes/routes.go

@@ -30,6 +30,11 @@ func setPhotoRoutes(db *sql.DB, cnf config.Config, router *mux.Router) *mux.Rout
 		negroni.HandlerFunc(middleware.AcceptOPTIONS),
 	))
 
+	image.Handle("/{id}/delete", negroni.New(
+		negroni.HandlerFunc(middleware.AccessControlHandler),
+		controllers.DeletePhotoHandler(db, cnf),
+	)).Methods("POST")
+
 	// Add image for user /image/{id}
 	image.Handle("/{id}", negroni.New(
 		negroni.HandlerFunc(middleware.AccessControlHandler),

photo-service/database/db.go

@@ -54,7 +54,7 @@ func InsertPhoto(db *sql.DB, photo *models.CreatePhoto) error {
 
 // ListImagesByUserID returns a list of photo's uploaded by the user.
 func ListImagesByUserID(db *sql.DB, id int) ([]*models.Photo, error) {
-	return selectQuery(db, "SELECT id, user_id, filename, title, createdAt, contentType, photo FROM photos WHERE user_id=?", id)
+	return selectQuery(db, "SELECT id, user_id, filename, title, createdAt, contentType, photo FROM photos WHERE user_id=? ORDER BY createdAt DESC", id)
 }
 
 // ListIncoming returns a list of photos ordered by last inserted
@@ -120,6 +120,15 @@ func GetPhotos(db *sql.DB, items []*sharedModels.PhotoRequest) ([]*sharedModels.
 	return photos, nil
 }
 
+// DeletePhotoByID delete a photo in the database based on ID.
+func DeletePhotoByID(db *sql.DB, photoID int) (int64, error) {
+	res, err := db.Exec("DELETE FROM photos WHERE id = ?", photoID)
+	if err != nil {
+		return 0, err
+	}
+	return res.RowsAffected()
+}
+
 // A parameter type prefixed with three dots (...) is called a variadic parameter.
 func selectQuery(db *sql.DB, query string, args ...interface{}) ([]*models.Photo, error) {
 	rows, err := db.Query(query, args...)

webserver/webapp/controllers/UserController.js

@@ -115,4 +115,40 @@ app.controller('UserController', function ($scope, $window, LocalStorage, ApiSer
         )
     }
 
+    $scope.deleteComment = function(commentID) {
+        ApiService.deleteComment(commentID).then(
+            function(response){
+                console.info(response);
+
+                angular.forEach($scope.comment_tupel, function (tupel, index) {
+                    if (tupel.comment.id === commentID) {
+                        $scope.comment_tupel.splice(index, 1);
+                    }
+                })
+
+            },
+            function(error){
+                console.error(error);
+            }
+        );
+    };
+
+    $scope.deletePhoto = function(photoID) {
+        ApiService.deletePhoto(photoID).then(
+            function(response){
+                console.info(response);
+
+                angular.forEach($scope.photos, function (photo, index) {
+                    if (photo.id === photoID) {
+                        $scope.photos.splice(index, 1);
+                    }
+                })
+
+            },
+            function(error){
+                console.error(error);
+            }
+        );
+    };
+
 });

webserver/webapp/services/ApiService.js

@@ -212,6 +212,14 @@ app.factory('ApiService', function ($http, $q, LocalStorage, Upload) {
         getCommentsFromUser: function() {
             var url = composePhotoUrl('/comments/fromuser?token=' + LocalStorage.getToken());
             return get(url);
+        },
+        deleteComment: function(commentID) {
+            var url = composeCommentUrl('/comments/' + commentID + '/delete?token=' + LocalStorage.getToken());
+            return post(url, {})
+        },
+        deletePhoto: function(photoID) {
+            var url = composePhotoUrl('/image/' + photoID + '/delete?token=' + LocalStorage.getToken());
+            return post(url, {})
         }
     }
 });

webserver/webapp/view/UserView.html

@@ -19,6 +19,7 @@ <h2 class="text-center">{{username || ''}}</h2>
                         <ul class="list-group">
                             <li class="list-group-item">You added this photo {{displayMoment(photo.createdAt)}}.</li>
                         </ul>
+                        <button type="button" class="btn btn-danger" ng-click="deletePhoto(photo.id)">Remove photo</button>
                     </div>
                     <div class="col-sm-4">
                         <ul class="list-group">
@@ -45,6 +46,8 @@ <h2 class="text-center">{{username || ''}}</h2>
                     </div>
                     <div class="col-sm-4">
                         You commented '<span class="text-muted">{{tupel.comment.comment}}</span>'.
+                        <br>
+                        <button type="button" class="btn btn-danger" ng-click="deleteComment(tupel.comment.id)">Remove comment</button>
                     </div>
                     <div class="col-sm-4">
                         <ul class="list-group">