Gleipnir/nidus-sync
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Separate out a public and non-public halves to publicreport APIs

Browse source 
This prevents us from leaking text messaging details on public
endpoints.
This commit is contained in:
Eli Ribble 2026-04-28 06:36:55 +00:00
parent 8fcd926d43
commit 8bdd18649d
No known key found for this signature in database
12 changed files with 169 additions and 136 deletions
Download patch file Download diff file Expand all files Collapse all files

37
resource/publicreport.go
View file

@ -23,7 +23,7 @@ func Publicreport(r *router) *publicreportR {
}
}
func (res *publicreportR) ByID(ctx context.Context, w http.ResponseWriter, r *http.Request) *nhttp.ErrorWithStatus {
func (res *publicreportR) ByID(ctx context.Context, w http.ResponseWriter, r *http.Request, u platform.User) *nhttp.ErrorWithStatus {
vars := mux.Vars(r)
public_id := vars["id"]
if public_id == "" {
@ -40,6 +40,23 @@ func (res *publicreportR) ByID(ctx context.Context, w http.ResponseWriter, r *ht
http.Redirect(w, r, path, http.StatusFound)
return nil
}
func (res *publicreportR) ByIDPublic(ctx context.Context, w http.ResponseWriter, r *http.Request) *nhttp.ErrorWithStatus {
vars := mux.Vars(r)
public_id := vars["id"]
if public_id == "" {
return nhttp.NewBadRequest("You must provide an ID")
}
report_type, err := platform.PublicReportTypeByID(ctx, public_id)
if err != nil {
return nhttp.NewError("get report '%s': %w", public_id, err)
}
path, err := reportURIPublic(res.router, report_type, public_id)
if err != nil {
return nhttp.NewError("get uri '%s': %w", public_id, err)
}
http.Redirect(w, r, path, http.StatusFound)
return nil
}
type image struct {
Status string `json:"status"`
@ -100,3 +117,21 @@ func reportURI(r *router, report_type string, public_id string) (string, error)
}
return uri, nil
}
func reportURIPublic(r *router, report_type string, public_id string) (string, error) {
var route_name string
switch report_type {
case "compliance":
route_name = "publicreport.compliance.ByIDGetPublic"
case "nuisance":
route_name = "publicreport.nuisance.ByIDGetPublic"
case "water":
route_name = "publicreport.water.ByIDGetPublic"
default:
return "", fmt.Errorf("Unrecognized report type '%s'", report_type)
}
uri, err := r.IDStrToURI(route_name, public_id)
if err != nil {
return "", fmt.Errorf("id str to uri '%s' '%s': %w", route_name, public_id, err)
}
return uri, nil
}