diff --git a/server/router/api/v1/auth_service.go b/server/router/api/v1/auth_service.go index a96c1639..33676b99 100644 --- a/server/router/api/v1/auth_service.go +++ b/server/router/api/v1/auth_service.go @@ -25,7 +25,7 @@ import ( ) func (s *APIV1Service) GetAuthStatus(ctx context.Context, _ *v1pb.GetAuthStatusRequest) (*v1pb.User, error) { - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err) } @@ -274,3 +274,17 @@ func (*APIV1Service) buildAccessTokenCookie(ctx context.Context, accessToken str } return strings.Join(attrs, "; "), nil } + +func (s *APIV1Service) GetCurrentUser(ctx context.Context) (*store.User, error) { + username, ok := ctx.Value(usernameContextKey).(string) + if !ok { + return nil, nil + } + user, err := s.Store.GetUser(ctx, &store.FindUser{ + Username: &username, + }) + if err != nil { + return nil, err + } + return user, nil +} diff --git a/server/router/api/v1/common.go b/server/router/api/v1/common.go index c986268d..9294cd09 100644 --- a/server/router/api/v1/common.go +++ b/server/router/api/v1/common.go @@ -1,7 +1,6 @@ package v1 import ( - "context" "encoding/base64" "github.com/pkg/errors" @@ -33,20 +32,6 @@ func convertRowStatusToStore(rowStatus v1pb.RowStatus) store.RowStatus { } } -func getCurrentUser(ctx context.Context, s *store.Store) (*store.User, error) { - username, ok := ctx.Value(usernameContextKey).(string) - if !ok { - return nil, nil - } - user, err := s.GetUser(ctx, &store.FindUser{ - Username: &username, - }) - if err != nil { - return nil, err - } - return user, nil -} - func getPageToken(limit int, offset int) (string, error) { return marshalPageToken(&v1pb.PageToken{ Limit: int32(limit), diff --git a/server/router/api/v1/idp_service.go b/server/router/api/v1/idp_service.go index 70996672..11f69b73 100644 --- a/server/router/api/v1/idp_service.go +++ b/server/router/api/v1/idp_service.go @@ -14,7 +14,7 @@ import ( ) func (s *APIV1Service) CreateIdentityProvider(ctx context.Context, request *v1pb.CreateIdentityProviderRequest) (*v1pb.IdentityProvider, error) { - currentUser, err := getCurrentUser(ctx, s.Store) + currentUser, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get user: %v", err) } diff --git a/server/router/api/v1/inbox_service.go b/server/router/api/v1/inbox_service.go index d663311e..0556dbc6 100644 --- a/server/router/api/v1/inbox_service.go +++ b/server/router/api/v1/inbox_service.go @@ -15,7 +15,7 @@ import ( ) func (s *APIV1Service) ListInboxes(ctx context.Context, _ *v1pb.ListInboxesRequest) (*v1pb.ListInboxesResponse, error) { - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get user") } diff --git a/server/router/api/v1/memo_service.go b/server/router/api/v1/memo_service.go index 6f838c24..d8203955 100644 --- a/server/router/api/v1/memo_service.go +++ b/server/router/api/v1/memo_service.go @@ -34,13 +34,10 @@ const ( ) func (s *APIV1Service) CreateMemo(ctx context.Context, request *v1pb.CreateMemoRequest) (*v1pb.Memo, error) { - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get user") } - if user == nil { - return nil, status.Errorf(codes.PermissionDenied, "permission denied") - } create := &store.Memo{ UID: shortuuid.New(), @@ -189,7 +186,7 @@ func (s *APIV1Service) GetMemo(ctx context.Context, request *v1pb.GetMemoRequest return nil, status.Errorf(codes.NotFound, "memo not found") } if memo.Visibility != store.Public { - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get user") } @@ -225,7 +222,7 @@ func (s *APIV1Service) UpdateMemo(ctx context.Context, request *v1pb.UpdateMemoR return nil, status.Errorf(codes.NotFound, "memo not found") } - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user") } @@ -336,7 +333,10 @@ func (s *APIV1Service) DeleteMemo(ctx context.Context, request *v1pb.DeleteMemoR return nil, status.Errorf(codes.NotFound, "memo not found") } - user, _ := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) + if err != nil { + return nil, status.Errorf(codes.Internal, "failed to get current user") + } if memo.CreatorID != user.ID { return nil, status.Errorf(codes.PermissionDenied, "permission denied") } @@ -564,7 +564,7 @@ func (s *APIV1Service) ExportMemos(ctx context.Context, request *v1pb.ExportMemo } func (s *APIV1Service) RebuildMemoProperty(ctx context.Context, request *v1pb.RebuildMemoPropertyRequest) (*emptypb.Empty, error) { - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user") } @@ -642,7 +642,7 @@ func (s *APIV1Service) ListMemoTags(ctx context.Context, request *v1pb.ListMemoT } func (s *APIV1Service) RenameMemoTag(ctx context.Context, request *v1pb.RenameMemoTagRequest) (*emptypb.Empty, error) { - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user") } @@ -696,7 +696,7 @@ func (s *APIV1Service) RenameMemoTag(ctx context.Context, request *v1pb.RenameMe } func (s *APIV1Service) DeleteMemoTag(ctx context.Context, request *v1pb.DeleteMemoTagRequest) (*emptypb.Empty, error) { - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user") } @@ -919,7 +919,10 @@ func (s *APIV1Service) buildMemoFindWithFilter(ctx context.Context, find *store. } } - user, _ := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) + if err != nil { + return status.Errorf(codes.Internal, "failed to get current user") + } // If the user is not authenticated, only public memos are visible. if user == nil { if filter == "" { diff --git a/server/router/api/v1/reaction_service.go b/server/router/api/v1/reaction_service.go index 27fdfbf2..e7f50590 100644 --- a/server/router/api/v1/reaction_service.go +++ b/server/router/api/v1/reaction_service.go @@ -35,7 +35,7 @@ func (s *APIV1Service) ListMemoReactions(ctx context.Context, request *v1pb.List } func (s *APIV1Service) UpsertMemoReaction(ctx context.Context, request *v1pb.UpsertMemoReactionRequest) (*v1pb.Reaction, error) { - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user") } diff --git a/server/router/api/v1/resource_service.go b/server/router/api/v1/resource_service.go index d307a35b..a4919923 100644 --- a/server/router/api/v1/resource_service.go +++ b/server/router/api/v1/resource_service.go @@ -38,7 +38,7 @@ const ( ) func (s *APIV1Service) CreateResource(ctx context.Context, request *v1pb.CreateResourceRequest) (*v1pb.Resource, error) { - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) } @@ -84,7 +84,7 @@ func (s *APIV1Service) CreateResource(ctx context.Context, request *v1pb.CreateR } func (s *APIV1Service) ListResources(ctx context.Context, _ *v1pb.ListResourcesRequest) (*v1pb.ListResourcesResponse, error) { - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) } @@ -114,7 +114,7 @@ func (s *APIV1Service) SearchResources(ctx context.Context, request *v1pb.Search if filter.UID != nil { resourceFind.UID = filter.UID } - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) } @@ -176,10 +176,13 @@ func (s *APIV1Service) GetResourceBinary(ctx context.Context, request *v1pb.GetR return nil, status.Errorf(codes.Internal, "failed to find memo by ID: %v", resource.MemoID) } if memo != nil && memo.Visibility != store.Public { - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) } + if user == nil { + return nil, status.Errorf(codes.Unauthenticated, "unauthorized access") + } if memo.Visibility == store.Private && user.ID != resource.CreatorID { return nil, status.Errorf(codes.Unauthenticated, "unauthorized access") } @@ -253,7 +256,7 @@ func (s *APIV1Service) DeleteResource(ctx context.Context, request *v1pb.DeleteR if err != nil { return nil, status.Errorf(codes.InvalidArgument, "invalid resource id: %v", err) } - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) } diff --git a/server/router/api/v1/user_service.go b/server/router/api/v1/user_service.go index ed9dc6a0..9abffa13 100644 --- a/server/router/api/v1/user_service.go +++ b/server/router/api/v1/user_service.go @@ -29,7 +29,7 @@ import ( ) func (s *APIV1Service) ListUsers(ctx context.Context, _ *v1pb.ListUsersRequest) (*v1pb.ListUsersResponse, error) { - currentUser, err := getCurrentUser(ctx, s.Store) + currentUser, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get user: %v", err) } @@ -136,7 +136,7 @@ func (s *APIV1Service) GetUserAvatarBinary(ctx context.Context, request *v1pb.Ge } func (s *APIV1Service) CreateUser(ctx context.Context, request *v1pb.CreateUserRequest) (*v1pb.User, error) { - currentUser, err := getCurrentUser(ctx, s.Store) + currentUser, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get user: %v", err) } @@ -170,7 +170,7 @@ func (s *APIV1Service) UpdateUser(ctx context.Context, request *v1pb.UpdateUserR if err != nil { return nil, status.Errorf(codes.InvalidArgument, "invalid user name: %v", err) } - currentUser, err := getCurrentUser(ctx, s.Store) + currentUser, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get user: %v", err) } @@ -239,7 +239,7 @@ func (s *APIV1Service) DeleteUser(ctx context.Context, request *v1pb.DeleteUserR if err != nil { return nil, status.Errorf(codes.InvalidArgument, "invalid user name: %v", err) } - currentUser, err := getCurrentUser(ctx, s.Store) + currentUser, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get user: %v", err) } @@ -273,7 +273,7 @@ func getDefaultUserSetting() *v1pb.UserSetting { } func (s *APIV1Service) GetUserSetting(ctx context.Context, _ *v1pb.GetUserSettingRequest) (*v1pb.UserSetting, error) { - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) } @@ -298,7 +298,7 @@ func (s *APIV1Service) GetUserSetting(ctx context.Context, _ *v1pb.GetUserSettin } func (s *APIV1Service) UpdateUserSetting(ctx context.Context, request *v1pb.UpdateUserSettingRequest) (*v1pb.UserSetting, error) { - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) } @@ -352,7 +352,7 @@ func (s *APIV1Service) ListUserAccessTokens(ctx context.Context, request *v1pb.L return nil, status.Errorf(codes.InvalidArgument, "invalid user name: %v", err) } - currentUser, err := getCurrentUser(ctx, s.Store) + currentUser, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) } @@ -413,7 +413,7 @@ func (s *APIV1Service) CreateUserAccessToken(ctx context.Context, request *v1pb. if err != nil { return nil, status.Errorf(codes.InvalidArgument, "invalid user name: %v", err) } - currentUser, err := getCurrentUser(ctx, s.Store) + currentUser, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) } @@ -471,7 +471,7 @@ func (s *APIV1Service) DeleteUserAccessToken(ctx context.Context, request *v1pb. if err != nil { return nil, status.Errorf(codes.InvalidArgument, "invalid user name: %v", err) } - currentUser, err := getCurrentUser(ctx, s.Store) + currentUser, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) } diff --git a/server/router/api/v1/webhook_service.go b/server/router/api/v1/webhook_service.go index db31c86d..14d3b3b1 100644 --- a/server/router/api/v1/webhook_service.go +++ b/server/router/api/v1/webhook_service.go @@ -14,7 +14,7 @@ import ( ) func (s *APIV1Service) CreateWebhook(ctx context.Context, request *v1pb.CreateWebhookRequest) (*v1pb.Webhook, error) { - currentUser, err := getCurrentUser(ctx, s.Store) + currentUser, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get user: %v", err) } @@ -48,7 +48,7 @@ func (s *APIV1Service) ListWebhooks(ctx context.Context, request *v1pb.ListWebho } func (s *APIV1Service) GetWebhook(ctx context.Context, request *v1pb.GetWebhookRequest) (*v1pb.Webhook, error) { - currentUser, err := getCurrentUser(ctx, s.Store) + currentUser, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get user: %v", err) } diff --git a/server/router/api/v1/workspace_setting_service.go b/server/router/api/v1/workspace_setting_service.go index b50d67ab..3cb9847f 100644 --- a/server/router/api/v1/workspace_setting_service.go +++ b/server/router/api/v1/workspace_setting_service.go @@ -54,7 +54,7 @@ func (s *APIV1Service) SetWorkspaceSetting(ctx context.Context, request *v1pb.Se return nil, status.Errorf(codes.InvalidArgument, "setting workspace setting is not allowed in demo mode") } - user, err := getCurrentUser(ctx, s.Store) + user, err := s.GetCurrentUser(ctx) if err != nil { return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) } diff --git a/web/src/components/ActivityCalendar.tsx b/web/src/components/ActivityCalendar.tsx index 1fde4d84..e7050834 100644 --- a/web/src/components/ActivityCalendar.tsx +++ b/web/src/components/ActivityCalendar.tsx @@ -66,7 +66,7 @@ const ActivityCalendar = (props: Props) => { isToday && "border-gray-600 dark:border-zinc-300", isSelected && "font-bold border-gray-600 dark:border-zinc-300", !isToday && !isSelected && "border-transparent", - count > 0 && "cursor-pointer", + count > 0 ? "cursor-pointer" : "cursor-default", )} onClick={() => count && onClick && onClick(new Date(date).toDateString())} > diff --git a/web/src/components/MemoEditor/MemoEditorDialog.tsx b/web/src/components/MemoEditor/MemoEditorDialog.tsx index 2f14f30c..ff47d2f2 100644 --- a/web/src/components/MemoEditor/MemoEditorDialog.tsx +++ b/web/src/components/MemoEditor/MemoEditorDialog.tsx @@ -71,7 +71,7 @@ const MemoEditorDialog: React.FC = ({ -
+