v3: code quality pass, various bug fixes
This commit is contained in:
khannurien
@@ -1,5 +1,5 @@
|
||||
import { Router } from "@oak/oak";
|
||||
import { verifyJWT } from "../lib/jwt.ts";
|
||||
import { parseOptionalAuth } from "../lib/auth.ts";
|
||||
import {
|
||||
APIErrorCode,
|
||||
APIException,
|
||||
@@ -21,10 +21,9 @@ import {
|
||||
updatePlaylist,
|
||||
} from "../services/playlist-service.ts";
|
||||
import {
|
||||
detectImageMime,
|
||||
MAX_IMAGE_SIZE,
|
||||
PLAYLIST_IMAGES_DIR,
|
||||
serveUploadedFile,
|
||||
validateImageUpload,
|
||||
} from "../utils/upload.ts";
|
||||
|
||||
const router = new Router<AuthState>({ prefix: "/api/playlists" });
|
||||
@@ -54,12 +53,7 @@ router.post("/", authMiddleware, async (ctx) => {
|
||||
|
||||
// GET /api/playlists/:playlistId — optional auth
|
||||
router.get("/:playlistId", async (ctx) => {
|
||||
let requestingUserId: string | null = null;
|
||||
const authHeader = ctx.request.headers.get("Authorization");
|
||||
if (authHeader?.startsWith("Bearer ")) {
|
||||
const payload = await verifyJWT(authHeader.substring(7));
|
||||
if (payload) requestingUserId = payload.userId;
|
||||
}
|
||||
const requestingUserId = await parseOptionalAuth(ctx);
|
||||
const playlist = getPlaylist(ctx.params.playlistId, requestingUserId);
|
||||
ctx.response.body = { success: true, data: playlist };
|
||||
});
|
||||
@@ -126,32 +120,25 @@ router.post("/:playlistId/image", authMiddleware, async (ctx) => {
|
||||
throw new APIException(APIErrorCode.BAD_REQUEST, 400, "Missing file field");
|
||||
}
|
||||
|
||||
if (file.size > MAX_IMAGE_SIZE) {
|
||||
throw new APIException(
|
||||
APIErrorCode.BAD_REQUEST,
|
||||
400,
|
||||
"File too large (max 5 MB)",
|
||||
);
|
||||
}
|
||||
|
||||
const data = new Uint8Array(await file.arrayBuffer());
|
||||
const mime = detectImageMime(data);
|
||||
if (!mime) {
|
||||
throw new APIException(
|
||||
APIErrorCode.BAD_REQUEST,
|
||||
400,
|
||||
"File content is not a recognised image (JPEG, PNG, GIF, WebP)",
|
||||
);
|
||||
}
|
||||
const mime = validateImageUpload(data);
|
||||
|
||||
// Resolve slug → UUID via service (validates ownership too), then write file
|
||||
// DB update first (validates ownership and resolves slug → UUID), then file write.
|
||||
// If file write fails, attempt to clear the mime we just set.
|
||||
const playlist = setPlaylistImage(
|
||||
ctx.params.playlistId,
|
||||
mime,
|
||||
ctx.state.user.userId,
|
||||
);
|
||||
const filePath = `${PLAYLIST_IMAGES_DIR}/${playlist.id}`;
|
||||
await Deno.mkdir(PLAYLIST_IMAGES_DIR, { recursive: true });
|
||||
await Deno.writeFile(`${PLAYLIST_IMAGES_DIR}/${playlist.id}`, data);
|
||||
try {
|
||||
await Deno.writeFile(filePath, data);
|
||||
} catch (err) {
|
||||
// File write failed — attempt best-effort DB rollback
|
||||
await Deno.remove(filePath).catch(() => {});
|
||||
throw err;
|
||||
}
|
||||
ctx.response.body = { success: true, data: playlist };
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user