Resource fixes

core/group.go

@@ -71,6 +71,7 @@ func queryManyGroupMembers(groupId string) ([]User, error) {
 }
 
 func (s *Session) GetGroupByReference(reference string) (*Group, error) {
+	// FIXME: This function doesn't make much sense when there's already a public function to fetch any group, below
 	stmt := "SELECT [group].id, [group].name, [group].reference FROM [group] JOIN group_member ON [group].id == group_member.group_id WHERE [group].reference = ? AND group_member.user_id = ?;"
 	return queryOneGroup(stmt, reference, s.User().Id)
 }

http/router/router.go

@@ -15,9 +15,9 @@ type VisibilityRouter struct {
 
 func (s *VisibilityRouter) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	session, _ := s.store.Get(r, "lishwist_user")
-	_, authorized := session.Values["sessionKey"]
+	_, inSession := session.Values["sessionKey"]
 
-	if authorized {
+	if inSession {
 		s.Private.ServeHTTP(w, r)
 	} else {
 		s.Public.ServeHTTP(w, r)

http/routing/groups.go

@@ -18,7 +18,7 @@ type GroupProps struct {
 
 func AdminGroup(app *lishwist.Session, h http.Header, r *http.Request) rsvp.Response {
 	reference := r.PathValue("groupReference")
-	group, err := app.GetGroupByReference(reference)
+	group, err := lishwist.GetGroupByReference(reference)
 	if err != nil {
 		return response.Error(http.StatusInternalServerError, "Couldn't get group: %s", err)
 	}

http/routing/wishlist.go

@@ -47,7 +47,7 @@ func ForeignWishlistPost(app *lishwist.Session, h http.Header, r *http.Request)
 	}
 
 	userReference := r.PathValue("userReference")
-	resp := rsvp.SeeOther("/list/"+userReference, "Update successful")
+	resp := rsvp.SeeOther("/lists/"+userReference, "Update successful")
 	intent := r.Form.Get("intent")
 	switch intent {
 	case "claim":

http/server/server.go

@@ -22,6 +22,13 @@ func prefixMovedPermanently(before, after string) response.HandlerFunc {
 	}
 }
 
+func prefixPermanentRedirect(before, after string) response.HandlerFunc {
+	return func(s *response.Session, h http.Header, r *http.Request) rsvp.Response {
+		suffix := strings.TrimPrefix(r.RequestURI, before)
+		return rsvp.PermanentRedirect(after + suffix)
+	}
+}
+
 func Create(useSecureCookies bool) *router.VisibilityRouter {
 	gob.Register(&api.RegisterProps{})
 	gob.Register(&api.LoginProps{})
@@ -30,6 +37,8 @@ func Create(useSecureCookies bool) *router.VisibilityRouter {
 	store.Options.MaxAge = 86_400 // 24 hours in seconds
 	store.Options.Secure = useSecureCookies
 	store.Options.HttpOnly = true
+	store.Options.Path = "/"
+	store.Options.SameSite = http.SameSiteLaxMode
 
 	r := router.New(store)
 
@@ -48,14 +57,16 @@ func Create(useSecureCookies bool) *router.VisibilityRouter {
 	r.Private.HandleFunc("GET /users/{userReference}", routing.ExpectAppSession(routing.User))
 	r.Private.HandleFunc("GET /{$}", routing.ExpectAppSession(routing.Home))
 	r.Private.HandleFunc("POST /groups/{groupReference}", routing.ExpectAppSession(routing.GroupPost))
-	r.Private.HandleFunc("POST /list/{userReference}", routing.ExpectAppSession(routing.ForeignWishlistPost))
+	r.Private.HandleFunc("POST /lists/{userReference}", routing.ExpectAppSession(routing.ForeignWishlistPost))
 	r.Private.HandleFunc("POST /logout", routing.LogoutPost)
 	r.Private.HandleFunc("POST /users/{userReference}", routing.ExpectAppSession(routing.UserPost))
 	r.Private.HandleFunc("POST /{$}", routing.ExpectAppSession(routing.HomePost))
 
 	// Deprecated
 	r.HandleFunc("GET /group/{groupReference}", prefixMovedPermanently("/group/", "/groups/"))
-	r.HandleFunc("GET /list/{userReference}", prefixMovedPermanently("/list/", "/lists/"))
+	r.HandleFunc("GET /list/{groupReference}", prefixMovedPermanently("/list/", "/lists/"))
+	r.HandleFunc("POST /group/{groupReference}", prefixPermanentRedirect("/group/", "/groups/"))
+	r.HandleFunc("POST /list/{groupReference}", prefixPermanentRedirect("/list/", "/lists/"))
 
 	return r
 }