Added ExpenseAdder Endpoint

handlers/account.go

@@ -39,7 +39,7 @@ func Register(w http.ResponseWriter, r *http.Request) {
 	user.ID = utils.GenerateUUID()
 	user.Role = "user"
 
-	if err := storage.AddUser(user); err != nil {
+	if err := storage.AddUser(&user); err != nil {
 		log.Println("[api/register] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "user already exists", http.StatusBadRequest)
 		return
@@ -98,7 +98,7 @@ func Login(w http.ResponseWriter, r *http.Request) {
 
 	deviceInfo := r.Header.Get("User-Agent")
 
-	if err := storage.AddRefreshToken(models.RefreshToken{
+	if err := storage.AddRefreshToken(&models.RefreshToken{
 		ID:         refreshID,
 		UserID:     user.ID,
 		Token:      refreshHash,
@@ -144,19 +144,7 @@ func Logout(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(204)
 }
 func TestHandler(w http.ResponseWriter, r *http.Request) {
-	claimsRaw := r.Context().Value(auth.UserContextKey)
-	if claimsRaw == nil {
-		log.Println("[api/ping] " + r.RemoteAddr + ": No claims found")
-		http.Error(w, "No claims in context", http.StatusUnauthorized)
-		return
-	}
-
-	claims, ok := claimsRaw.(*auth.Claims)
-	if !ok {
-		log.Println("[api/ping] " + r.RemoteAddr + ": Invalid claims")
-		http.Error(w, "Invalid claims", http.StatusUnauthorized)
-		return
-	}
+	claims, _ := utils.IsLoggedIn(w, r)
 
 	w.Header().Set("Content-Type", "application/json")
 	err := json.NewEncoder(w).Encode(map[string]interface{}{
@@ -198,7 +186,7 @@ func RefreshToken(w http.ResponseWriter, r *http.Request) {
 	newExpires := time.Now().Add(7 * 24 * time.Hour).Unix() //7 days
 	newID := utils.GenerateUUID()
 	deviceInfo := r.Header.Get("User-Agent")
-	if err = storage.AddRefreshToken(models.RefreshToken{
+	if err = storage.AddRefreshToken(&models.RefreshToken{
 		ID:         newID,
 		UserID:     tokenRow.UserID,
 		Token:      newHash,

handlers/expenses.go

@@ -1,7 +1,66 @@
 package handlers
 
-import "net/http"
+import (
+	"encoding/json"
+	"net/http"
+	"shap-planner-backend/models"
+	"shap-planner-backend/storage"
+	"shap-planner-backend/utils"
+)
 
-func GetExpenses(w http.ResponseWriter, r *http.Request) {}
+func Expenses(w http.ResponseWriter, r *http.Request) {
+	claims, _ := utils.IsLoggedIn(w, r)
 
+	switch r.Method {
+	case http.MethodGet: // -> Get Expenses
+		break
+	case http.MethodPost: // -> Create Expense
+		var body struct {
+			Expense models.Expense        `json:"expense"`
+			Shares  []models.ExpenseShare `json:"shares"`
+		}
+		if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+			http.Error(w, "Invalid request body", http.StatusBadRequest)
+			return
+		}
+		if claims.UserID != body.Expense.PayerID { // You cannot create an expense in the name of another user
+			http.Error(w, "Invalid request", http.StatusUnauthorized)
+			return
+		}
+		if body.Expense.ID != "" {
+			http.Error(w, "Invalid request", http.StatusUnauthorized)
+			return
+		}
+		body.Expense.ID = utils.GenerateUUID()
+		for _, share := range body.Shares {
+			if share.ID != "" {
+				http.Error(w, "Invalid request", http.StatusUnauthorized)
+				return
+			}
+			if share.ExpenseID != "" {
+				http.Error(w, "Invalid request", http.StatusUnauthorized)
+				return
+			}
+			share.ExpenseID = body.Expense.ID
+			share.ID = utils.GenerateUUID()
+			err := storage.AddShare(&share)
+			if err != nil {
+				println(err.Error())
+				http.Error(w, "Error adding expense", http.StatusBadRequest) // Should never happen
+				return
+			}
+		}
+		err := storage.AddExpense(&body.Expense)
+		if err != nil {
+			println(err.Error())
+			http.Error(w, "Error adding expense", http.StatusBadRequest)
+			return
+		}
+		w.WriteHeader(http.StatusCreated)
+		break
+	case http.MethodPut: // -> Update Expense
+		break
+	case http.MethodDelete: // -> Delete Expense
+	}
+}
 func AdminPanel(w http.ResponseWriter, r *http.Request) {}