merged main, dev, and i guess got accounts working??

i am so good at commit messages :3
2025-01-20 15:08:01 +00:00 · 2025-01-20 15:08:01 +00:00 · 5566a795da
commit 5566a795da
parent d5f1fcb5e0 35d3ce5c5d
53 changed files with 1366 additions and 398 deletions
--- a/view/music.go
+++ b/view/music.go
@ -3,8 +3,8 @@ package view
 import (
 	"fmt"
 	"net/http"
+	"os"

-	"arimelody-web/admin"
 	"arimelody-web/controller"
 	"arimelody-web/global"
 	"arimelody-web/model"
@ -59,15 +59,28 @@ func ServeCatalog() http.Handler {
 func ServeGateway(release *model.Release) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        // only allow authorised users to view hidden releases
-        authorised := admin.GetSession(r) != nil
-        if !authorised && !release.Visible {
-            http.NotFound(w, r)
-            return
+        privileged := false
+        if !release.Visible {
+            account, err := controller.GetAccountByRequest(global.DB, r)
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %s\n", err.Error())
+                http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+                return
+            }
+            if account != nil {
+                // TODO: check privilege on release
+                privileged = true
+            }
+
+            if !privileged {
+                http.NotFound(w, r)
+                return
+            }
        }

        response := *release

-        if authorised || release.IsReleased() {
+        if release.IsReleased() || privileged {
            response.Tracks = release.Tracks
            response.Credits = release.Credits
            response.Links = release.Links