From ba81e4f2acc560c72ee977d4523292155853d1c0 Mon Sep 17 00:00:00 2001 From: Bryan Van Deusen Date: Thu, 30 Apr 2026 20:09:04 -0400 Subject: [PATCH] feat(api): route track-list reads through user-context quarantine filter --- internal/api/library.go | 10 +++++++++- internal/api/search.go | 23 +++++++++++++++++++---- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/internal/api/library.go b/internal/api/library.go index 8ec44e59..da7331ac 100644 --- a/internal/api/library.go +++ b/internal/api/library.go @@ -7,6 +7,7 @@ import ( "github.com/go-chi/chi/v5" "github.com/jackc/pgx/v5" + "git.fabledsword.com/bvandeusen/minstrel/internal/auth" "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" ) @@ -71,7 +72,14 @@ func (h *handlers) handleGetAlbum(w http.ResponseWriter, r *http.Request) { writeErr(w, http.StatusInternalServerError, "server_error", "lookup failed") return } - tracks, err := q.ListTracksByAlbum(r.Context(), id) + var tracks []dbq.Track + if user, ok := auth.UserFromContext(r.Context()); ok { + tracks, err = q.ListTracksByAlbumForUser(r.Context(), dbq.ListTracksByAlbumForUserParams{ + AlbumID: id, UserID: user.ID, + }) + } else { + tracks, err = q.ListTracksByAlbum(r.Context(), id) + } if err != nil { h.logger.Error("api: list tracks failed", "err", err) writeErr(w, http.StatusInternalServerError, "server_error", "lookup failed") diff --git a/internal/api/search.go b/internal/api/search.go index b077453e..9227bab0 100644 --- a/internal/api/search.go +++ b/internal/api/search.go @@ -7,6 +7,7 @@ import ( "github.com/jackc/pgx/v5/pgtype" + "git.fabledsword.com/bvandeusen/minstrel/internal/auth" "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" ) @@ -74,15 +75,29 @@ func (h *handlers) handleSearch(w http.ResponseWriter, r *http.Request) { return } - tracks, err := dbQ.SearchTracks(r.Context(), dbq.SearchTracksParams{ - Column1: needle, Limit: int32(limit), Offset: int32(offset), - }) + var tracks []dbq.Track + if user, ok := auth.UserFromContext(r.Context()); ok { + tracks, err = dbQ.SearchTracksForUser(r.Context(), dbq.SearchTracksForUserParams{ + Column1: needle, UserID: user.ID, Limit: int32(limit), Offset: int32(offset), + }) + } else { + tracks, err = dbQ.SearchTracks(r.Context(), dbq.SearchTracksParams{ + Column1: needle, Limit: int32(limit), Offset: int32(offset), + }) + } if err != nil { h.logger.Error("api: search tracks failed", "err", err) writeErr(w, http.StatusInternalServerError, "server_error", "search failed") return } - trackTotal, err := dbQ.CountTracksMatching(r.Context(), q) + var trackTotal int64 + if user, ok := auth.UserFromContext(r.Context()); ok { + trackTotal, err = dbQ.CountTracksMatchingForUser(r.Context(), dbq.CountTracksMatchingForUserParams{ + Column1: q, UserID: user.ID, + }) + } else { + trackTotal, err = dbQ.CountTracksMatching(r.Context(), q) + } if err != nil { h.logger.Error("api: count tracks matching failed", "err", err) writeErr(w, http.StatusInternalServerError, "server_error", "search failed")