refactor(server/api): migrate admin_smtp/admin_tracks + playlist refresh preludes (A2 6/N)

This commit is contained in:
2026-05-08 10:18:35 -04:00
parent 9dd5da514c
commit bf90a3a868
4 changed files with 6 additions and 13 deletions
+1 -3
View File
@@ -8,7 +8,6 @@ import (
"time"
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
"git.fabledsword.com/bvandeusen/minstrel/internal/mailer"
)
@@ -100,9 +99,8 @@ func (h *handlers) handleUpdateSMTPConfig(w http.ResponseWriter, r *http.Request
}
func (h *handlers) handleTestSMTPConfig(w http.ResponseWriter, r *http.Request) {
caller, ok := auth.UserFromContext(r.Context())
caller, ok := requireUser(w, r)
if !ok {
writeErr(w, apierror.Unauthorized("auth_required", ""))
return
}
if caller.Email == nil || *caller.Email == "" {
+3 -4
View File
@@ -52,11 +52,10 @@ func (h *handlers) handleRemoveTrack(w http.ResponseWriter, r *http.Request) {
}
}
admin, ok := auth.UserFromContext(r.Context())
// Defensive: RequireUser+RequireAdmin should have run upstream. If
// we got here without a user in context the routing is broken.
admin, ok := requireUser(w, r)
if !ok {
// Defensive: RequireUser+RequireAdmin should have run upstream.
// If we got here without a user in context the routing is broken.
writeErr(w, apierror.Unauthorized("unauthenticated", "no session"))
return
}
+1 -3
View File
@@ -8,7 +8,6 @@ import (
"github.com/jackc/pgx/v5"
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
"git.fabledsword.com/bvandeusen/minstrel/internal/playlists"
)
@@ -31,9 +30,8 @@ type discoverRefreshResp struct {
// RequireUser middleware). Each user only ever refreshes their own
// Discover — no admin route, no cross-user impersonation.
func (h *handlers) handleDiscoverRefresh(w http.ResponseWriter, r *http.Request) {
user, ok := auth.UserFromContext(r.Context())
user, ok := requireUser(w, r)
if !ok {
writeErr(w, apierror.Unauthorized("auth_required", ""))
return
}
if err := playlists.BuildSystemPlaylists(r.Context(), h.pool, h.logger, user.ID, time.Now(), h.dataDir); err != nil {
+1 -3
View File
@@ -8,7 +8,6 @@ import (
"github.com/jackc/pgx/v5"
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
"git.fabledsword.com/bvandeusen/minstrel/internal/playlists"
)
@@ -36,9 +35,8 @@ type foryouRefreshResp struct {
// Authenticated user only — each user refreshes only their own
// For-You.
func (h *handlers) handleForYouRefresh(w http.ResponseWriter, r *http.Request) {
user, ok := auth.UserFromContext(r.Context())
user, ok := requireUser(w, r)
if !ok {
writeErr(w, apierror.Unauthorized("auth_required", ""))
return
}
if err := playlists.BuildSystemPlaylists(r.Context(), h.pool, h.logger, user.ID, time.Now(), h.dataDir); err != nil {