New Endpoint and security enhancement

- Userinfo endpoint is now available
- HTTPS is now required (closes #2)

handlers/account.go

@@ -210,4 +210,31 @@ func RefreshToken(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "Internal server error", http.StatusInternalServerError)
 		return
 	}
+	log.Println("POST [api/refresh] " + r.RemoteAddr + ": Successfully refreshed token")
+}
+func UserInfo(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		log.Println("GET [api/userinfo] " + r.RemoteAddr + ": Method " + r.Method + " not allowed")
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+	query := r.URL.Query()
+	idParam := query.Get("id")
+	user, err := storage.GetUserById(idParam)
+	if err != nil {
+		log.Println("GET [api/userinfo] " + r.RemoteAddr + ": User " + idParam + " not found")
+		http.Error(w, "User not found", http.StatusNotFound)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	err = json.NewEncoder(w).Encode(map[string]interface{}{
+		"id":         user.ID,
+		"name":       user.Username,
+		"avatar_url": nil,
+	})
+	if err != nil {
+		log.Println("GET [api/userinfo] " + r.RemoteAddr + ": " + err.Error())
+		return
+	}
+	log.Println("GET [api/userinfo] " + r.RemoteAddr + ": Successfully retrieved user info")
 }

handlers/expenses.go

@@ -15,6 +15,18 @@ func Expenses(w http.ResponseWriter, r *http.Request) {
 
 	switch r.Method {
 	case http.MethodGet: // -> Get Expenses
+		expenses, err := storage.GetAllExpenses()
+		if err != nil {
+			log.Println("GET [api/expense] " + r.RemoteAddr + ": " + err.Error())
+			http.Error(w, "Something went wrong", http.StatusInternalServerError)
+			return
+		}
+		err = json.NewEncoder(w).Encode(expenses)
+		if err != nil {
+			log.Println("GET [api/expense] " + r.RemoteAddr + ": " + err.Error())
+			return
+		}
+		log.Println("GET [api/expense] " + r.RemoteAddr + ": Successfully retrieved expenses")
 		break
 	case http.MethodPost: // -> Create Expense
 		var body struct {