feat: enhance authentication and file sharing features

internal/auth/auth.go

@@ -48,6 +48,11 @@ func GetUser(c context.Context) (int64, string) {
 	return userId, authUser.TgSession
 }
 
+func GetJWTUser(c context.Context) *types.JWTClaims {
+	authUser, _ := c.Value(authKey).(*types.JWTClaims)
+	return authUser
+}
+
 func VerifyUser(db *gorm.DB, cache cache.Cacher, secret, authCookie string) (*types.JWTClaims, error) {
 	claims, err := Decode(secret, authCookie)
 

pkg/services/auth.go

@@ -121,7 +121,7 @@ func (a *apiService) AuthLogin(ctx context.Context, session *api.SessionCreate)
 }
 
 func (a *apiService) AuthLogout(ctx context.Context) (*api.AuthLogoutNoContent, error) {
-	authUser, _ := ctx.Value("authUser").(*types.JWTClaims)
+	authUser := auth.GetJWTUser(ctx)
 	client, _ := tgc.AuthClient(ctx, &a.cnf.TG, authUser.TgSession)
 	tgc.RunWithAuth(ctx, client, "", func(ctx context.Context) error {
 		_, err := client.API().AuthLogOut(ctx)

pkg/services/file.go

@@ -443,7 +443,16 @@ func (a *apiService) FilesShareByid(ctx context.Context, params api.FilesShareBy
 	if len(result) == 0 {
 		return nil, notFoundErr
 	}
-	return &api.FileShare{ExpiresAt: api.NewOptDateTime(*result[0].ExpiresAt), Protected: result[0].Password != nil}, nil
+	res := &api.FileShare{
+		ID: result[0].ID,
+	}
+	if result[0].Password != nil {
+		res.Protected = true
+	}
+	if result[0].ExpiresAt != nil {
+		res.ExpiresAt = api.NewOptDateTime(*result[0].ExpiresAt)
+	}
+	return res, nil
 }
 
 func (a *apiService) FilesStream(ctx context.Context, params api.FilesStreamParams) (api.FilesStreamRes, error) {

pkg/services/file_query_builder.go

@@ -1,6 +1,7 @@
 package services
 
 import (
+	"errors"
 	"fmt"
 	"math"
 	"strings"
@@ -39,7 +40,7 @@ func (afb *fileQueryBuilder) execute(filesQuery *api.FilesListParams, userId int
 	res := []fileResponse{}
 	if err := query.Scan(&res).Error; err != nil {
 		if strings.Contains(err.Error(), "file not found") {
-			return nil, &apiError{err: err}
+			return nil, &apiError{err: errors.New("invalid path"), code: 404}
 		}
 		return nil, &apiError{err: err}
 	}

pkg/services/user.go

@@ -132,7 +132,7 @@ func (a *apiService) UsersListSessions(ctx context.Context) ([]api.UserSession,
 	return sessionsOut, nil
 }
 
-func (a *apiService) UsersProfileImage(ctx context.Context) (*api.UsersProfileImageOKHeaders, error) {
+func (a *apiService) UsersProfileImage(ctx context.Context, params api.UsersProfileImageParams) (*api.UsersProfileImageOKHeaders, error) {
 	_, session := auth.GetUser(ctx)
 
 	client, err := tgc.AuthClient(ctx, &a.cnf.TG, session)
@@ -156,14 +156,16 @@ func (a *apiService) UsersProfileImage(ctx context.Context) (*api.UsersProfileIm
 		if !ok {
 			return errors.New("profile not found")
 		}
+		photo.GetPersonal()
 		location := &tg.InputPeerPhotoFileLocation{Big: false, Peer: peer, PhotoID: photo.PhotoID}
 		buff, err := tgc.GetMediaContent(ctx, client.API(), location)
 		if err != nil {
 			return err
 		}
 		content := buff.Bytes()
-		res.SetCacheControl("public, max-age=86400")
+		res.SetCacheControl("public, max-age=86400, must-revalidate")
 		res.SetContentLength(int64(len(content)))
+		res.SetEtag(fmt.Sprintf("\"%v\"", photo.PhotoID))
 		res.SetContentDisposition(fmt.Sprintf("inline; filename=\"%s\"", "profile.jpeg"))
 		res.Response = api.UsersProfileImageOK{Data: bytes.NewReader(content)}
 		return nil