package handlers import ( "encoding/json" "net/http" "strconv" "github.com/gorilla/mux" "go.mongodb.org/mongo-driver/v2/bson" "github.com/noteapp/backend/internal/application/dto" "github.com/noteapp/backend/internal/application/services" "github.com/noteapp/backend/internal/interfaces/middleware" ) // NoteHandler handles note endpoints type NoteHandler struct { noteService *services.NoteService } // NewNoteHandler creates a new note handler func NewNoteHandler(noteService *services.NoteService) *NoteHandler { return &NoteHandler{ noteService: noteService, } } // CreateNote creates a new note func (h *NoteHandler) CreateNote(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) return } spaceID := mux.Vars(r)["spaceId"] userID, err := middleware.GetUserIDFromContext(r.Context()) if err != nil { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } spaceObjID, _ := bson.ObjectIDFromHex(spaceID) userObjID, _ := bson.ObjectIDFromHex(userID) var req dto.CreateNoteRequest if err := json.NewDecoder(r.Body).Decode(&req); err != nil { http.Error(w, "Invalid request body", http.StatusBadRequest) return } note, err := h.noteService.CreateNote(r.Context(), spaceObjID, userObjID, &req) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return } w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusCreated) json.NewEncoder(w).Encode(note) } // GetNote retrieves a note func (h *NoteHandler) GetNote(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodGet { http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) return } vars := mux.Vars(r) spaceID := vars["spaceId"] noteID := vars["noteId"] userID, err := middleware.GetUserIDFromContext(r.Context()) if err != nil { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } spaceObjID, _ := bson.ObjectIDFromHex(spaceID) noteObjID, _ := bson.ObjectIDFromHex(noteID) userObjID, _ := bson.ObjectIDFromHex(userID) note, err := h.noteService.GetNote(r.Context(), noteObjID, spaceObjID, userObjID) if err != nil { http.Error(w, err.Error(), http.StatusNotFound) return } w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(note) } // GetNotesBySpace retrieves notes in a space func (h *NoteHandler) GetNotesBySpace(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodGet { http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) return } spaceID := mux.Vars(r)["spaceId"] userID, err := middleware.GetUserIDFromContext(r.Context()) if err != nil { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } // Pagination skip, _ := strconv.Atoi(r.URL.Query().Get("skip")) limit, _ := strconv.Atoi(r.URL.Query().Get("limit")) if limit == 0 || limit > 100 { limit = 20 } spaceObjID, _ := bson.ObjectIDFromHex(spaceID) userObjID, _ := bson.ObjectIDFromHex(userID) notes, err := h.noteService.GetNotesBySpace(r.Context(), spaceObjID, userObjID, skip, limit) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return } w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(notes) } // SearchNotes performs full-text search func (h *NoteHandler) SearchNotes(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodGet { http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) return } spaceID := mux.Vars(r)["spaceId"] query := r.URL.Query().Get("q") if query == "" { http.Error(w, "Missing search query", http.StatusBadRequest) return } userID, err := middleware.GetUserIDFromContext(r.Context()) if err != nil { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } spaceObjID, _ := bson.ObjectIDFromHex(spaceID) userObjID, _ := bson.ObjectIDFromHex(userID) notes, err := h.noteService.SearchNotes(r.Context(), spaceObjID, userObjID, query) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return } w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(notes) } // UpdateNote updates a note func (h *NoteHandler) UpdateNote(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPut { http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) return } vars := mux.Vars(r) spaceID := vars["spaceId"] noteID := vars["noteId"] userID, err := middleware.GetUserIDFromContext(r.Context()) if err != nil { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } var req dto.UpdateNoteRequest if err := json.NewDecoder(r.Body).Decode(&req); err != nil { http.Error(w, "Invalid request body", http.StatusBadRequest) return } spaceObjID, _ := bson.ObjectIDFromHex(spaceID) noteObjID, _ := bson.ObjectIDFromHex(noteID) userObjID, _ := bson.ObjectIDFromHex(userID) note, err := h.noteService.UpdateNote(r.Context(), noteObjID, spaceObjID, userObjID, &req) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return } w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(note) } // DeleteNote deletes a note func (h *NoteHandler) DeleteNote(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodDelete { http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) return } vars := mux.Vars(r) spaceID := vars["spaceId"] noteID := vars["noteId"] userID, err := middleware.GetUserIDFromContext(r.Context()) if err != nil { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } spaceObjID, _ := bson.ObjectIDFromHex(spaceID) noteObjID, _ := bson.ObjectIDFromHex(noteID) userObjID, _ := bson.ObjectIDFromHex(userID) if err := h.noteService.DeleteNote(r.Context(), noteObjID, spaceObjID, userObjID); err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return } w.WriteHeader(http.StatusNoContent) } // UnlockNote verifies a note password and returns full note content func (h *NoteHandler) UnlockNote(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) return } vars := mux.Vars(r) spaceID := vars["spaceId"] noteID := vars["noteId"] userID, err := middleware.GetUserIDFromContext(r.Context()) if err != nil { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } var req dto.UnlockNoteRequest if err := json.NewDecoder(r.Body).Decode(&req); err != nil { http.Error(w, "Invalid request body", http.StatusBadRequest) return } spaceObjID, _ := bson.ObjectIDFromHex(spaceID) noteObjID, _ := bson.ObjectIDFromHex(noteID) userObjID, _ := bson.ObjectIDFromHex(userID) note, err := h.noteService.UnlockNote(r.Context(), noteObjID, spaceObjID, userObjID, req.Password) if err != nil { if err.Error() == "invalid note password" { http.Error(w, err.Error(), http.StatusUnauthorized) return } http.Error(w, err.Error(), http.StatusBadRequest) return } w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(note) }