Merge branch 'ml2' into fix-auth_service

Reviewed-on: #7

backend/go.mod

@@ -52,7 +52,6 @@ require (
 	github.com/minio/crc64nvme v1.0.2 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/minio/minio-go/v7 v7.0.95 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect

backend/go.sum

@@ -99,8 +99,6 @@ github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
 github.com/minio/minio-go/v7 v7.0.95 h1:ywOUPg+PebTMTzn9VDsoFJy32ZuARN9zhB+K3IYEvYU=
 github.com/minio/minio-go/v7 v7.0.95/go.mod h1:wOOX3uxS334vImCNRVyIDdXX9OsXDm89ToynKgqUKlo=
-github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
-github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=

backend/internal/database/models.go

@@ -88,7 +88,6 @@ type Wish struct {
 	ID            int64
 	Guid          pgtype.UUID
 	WishListID    int64
-	WishListGuid  pgtype.UUID
 	Name          string
 	Description   string
 	PictureUrl    string
@@ -105,8 +104,8 @@ type WishList struct {
 	ProfileID int64
 	Hidden    bool
 	Name      string
-	IconName  string
-	Color     string
-	ColorGrad string
+	IconName  *string
+	Color     *string
+	ColorGrad *string
 	Deleted   bool
 }

backend/internal/database/query.sql.go

@@ -11,52 +11,6 @@ import (
 	"github.com/jackc/pgx/v5/pgtype"
 )
 
-const checkProfileAccess = `-- name: CheckProfileAccess :one
-SELECT
-  CASE WHEN u.deleted OR NOT u.verified THEN TRUE ELSE FALSE END AS user_unavailable,
-  CASE WHEN EXISTS (
-      SELECT 1
-      FROM banned_users
-      WHERE user_id = u.id AND
-      pardoned IS FALSE AND
-      (expires_at IS NULL OR expires_at < CURRENT_TIMESTAMP)
-  ) THEN TRUE ELSE FALSE END AS user_banned, 
-  CASE WHEN ps.hide_profile_details THEN TRUE ELSE FALSE END AS hidden,
-  CASE WHEN ps.hide_for_unauthenticated AND $2::text = '' THEN TRUE ELSE FALSE END AS auth_required,
-  CASE WHEN ps.captcha THEN TRUE ELSE FALSE END AS captcha_required
-FROM profiles p
-JOIN profile_settings ps ON ps.profile_id = p.id
-JOIN users u ON p.user_id = u.id
-WHERE p.id = $1
-`
-
-type CheckProfileAccessParams struct {
-	ID        int64
-	Requester string
-}
-
-type CheckProfileAccessRow struct {
-	UserUnavailable bool
-	UserBanned      bool
-	Hidden          bool
-	AuthRequired    bool
-	CaptchaRequired bool
-}
-
-// XXX: recheck, was tired
-func (q *Queries) CheckProfileAccess(ctx context.Context, arg CheckProfileAccessParams) (CheckProfileAccessRow, error) {
-	row := q.db.QueryRow(ctx, checkProfileAccess, arg.ID, arg.Requester)
-	var i CheckProfileAccessRow
-	err := row.Scan(
-		&i.UserUnavailable,
-		&i.UserBanned,
-		&i.Hidden,
-		&i.AuthRequired,
-		&i.CaptchaRequired,
-	)
-	return i, err
-}
-
 const checkUserRegistrationAvailability = `-- name: CheckUserRegistrationAvailability :one
 SELECT 
   COUNT(CASE WHEN users.username = $1::text THEN 1 END) > 0 AS username_busy,
@@ -299,60 +253,6 @@ func (q *Queries) CreateUser(ctx context.Context, username string) (User, error)
 	return i, err
 }
 
-const createWish = `-- name: CreateWish :one
-INSERT INTO wishes(
-  wish_list_id,
-  wish_list_guid,
-  name,
-  description,
-  picture_url,
-  stars)
-VALUES
-  (
-    (SELECT id FROM wish_lists wl WHERE wl.guid = ($1::text)::uuid),
-    ($1::text)::uuid,
-    $2::text,
-    $3::text,
-    $4::text,
-    $5::smallint
-  )
-RETURNING id, guid, wish_list_id, wish_list_guid, name, description, picture_url, stars, creation_date, fulfilled, fulfilled_date, deleted
-`
-
-type CreateWishParams struct {
-	WishListGuid string
-	Name         string
-	Description  string
-	PictureUrl   string
-	Stars        int16
-}
-
-func (q *Queries) CreateWish(ctx context.Context, arg CreateWishParams) (Wish, error) {
-	row := q.db.QueryRow(ctx, createWish,
-		arg.WishListGuid,
-		arg.Name,
-		arg.Description,
-		arg.PictureUrl,
-		arg.Stars,
-	)
-	var i Wish
-	err := row.Scan(
-		&i.ID,
-		&i.Guid,
-		&i.WishListID,
-		&i.WishListGuid,
-		&i.Name,
-		&i.Description,
-		&i.PictureUrl,
-		&i.Stars,
-		&i.CreationDate,
-		&i.Fulfilled,
-		&i.FulfilledDate,
-		&i.Deleted,
-	)
-	return i, err
-}
-
 const createWishList = `-- name: CreateWishList :one
 INSERT INTO wish_lists(profile_id, hidden, name, icon_name, color, color_grad)
 VALUES (
@@ -501,28 +401,47 @@ SELECT
   p.avatar_url,
   CASE WHEN ps.hide_birthday THEN NULL ELSE p.birthday END AS birthday,
   p.color,
-  p.color_grad
+  p.color_grad,
+  NOT ($1::text = '' AND ps.hide_for_unauthenticated) AS access_allowed
 FROM
   users AS u
 JOIN profiles AS p ON u.id = p.user_id
 JOIN profile_settings AS ps ON p.id = ps.profile_id
 WHERE
-  u.username = $1::text
+  u.username = $2::text
+  AND (
+    $2::text = $1::text
+    OR
+    u.deleted IS FALSE
+    AND u.verified IS TRUE
+    AND NOT EXISTS (
+      SELECT 1
+      FROM banned_users
+      WHERE user_id = u.id AND
+      pardoned IS FALSE AND
+      (expires_at IS NULL OR expires_at < CURRENT_TIMESTAMP)
+    )
+  )
 `
 
-type GetProfileByUsernameWithPrivacyRow struct {
-	Username  string
-	Name      string
-	Bio       string
-	AvatarUrl string
-	Birthday  pgtype.Timestamp
-	Color     string
-	ColorGrad string
+type GetProfileByUsernameWithPrivacyParams struct {
+	Requester        string
+	SearchedUsername string
 }
 
-// FIXME: tweak backend code to handle privacy correctly
-func (q *Queries) GetProfileByUsernameWithPrivacy(ctx context.Context, searchedUsername string) (GetProfileByUsernameWithPrivacyRow, error) {
-	row := q.db.QueryRow(ctx, getProfileByUsernameWithPrivacy, searchedUsername)
+type GetProfileByUsernameWithPrivacyRow struct {
+	Username      string
+	Name          string
+	Bio           string
+	AvatarUrl     string
+	Birthday      pgtype.Timestamp
+	Color         string
+	ColorGrad     string
+	AccessAllowed *bool
+}
+
+func (q *Queries) GetProfileByUsernameWithPrivacy(ctx context.Context, arg GetProfileByUsernameWithPrivacyParams) (GetProfileByUsernameWithPrivacyRow, error) {
+	row := q.db.QueryRow(ctx, getProfileByUsernameWithPrivacy, arg.Requester, arg.SearchedUsername)
 	var i GetProfileByUsernameWithPrivacyRow
 	err := row.Scan(
 		&i.Username,
@@ -532,6 +451,7 @@ func (q *Queries) GetProfileByUsernameWithPrivacy(ctx context.Context, searchedU
 		&i.Birthday,
 		&i.Color,
 		&i.ColorGrad,
+		&i.AccessAllowed,
 	)
 	return i, err
 }
@@ -916,7 +836,7 @@ WHERE
     FROM banned_users
     WHERE user_id = users.id AND
     pardoned IS FALSE AND
-    (expires_at IS NULL OR expires_at > CURRENT_TIMESTAMP)
+    (expires_at IS NULL OR expires_at < CURRENT_TIMESTAMP)
   ) AND -- Not banned
   linfo.password_hash = crypt($2::text, linfo.password_hash)
 `
@@ -991,102 +911,6 @@ func (q *Queries) GetValidUserSessions(ctx context.Context, userID int64) ([]Ses
 	return items, nil
 }
 
-const getWishByGuid = `-- name: GetWishByGuid :one
-SELECT id, guid, wish_list_id, wish_list_guid, name, description, picture_url, stars, creation_date, fulfilled, fulfilled_date, deleted FROM wishes w
-WHERE w.guid = ($1::text)::uuid
-`
-
-func (q *Queries) GetWishByGuid(ctx context.Context, guid string) (Wish, error) {
-	row := q.db.QueryRow(ctx, getWishByGuid, guid)
-	var i Wish
-	err := row.Scan(
-		&i.ID,
-		&i.Guid,
-		&i.WishListID,
-		&i.WishListGuid,
-		&i.Name,
-		&i.Description,
-		&i.PictureUrl,
-		&i.Stars,
-		&i.CreationDate,
-		&i.Fulfilled,
-		&i.FulfilledDate,
-		&i.Deleted,
-	)
-	return i, err
-}
-
-const getWishByGuidWithPrivacy = `-- name: GetWishByGuidWithPrivacy :one
-SELECT 
-  w.id, w.guid, w.wish_list_id, w.wish_list_guid, w.name, w.description, w.picture_url, w.stars, w.creation_date, w.fulfilled, w.fulfilled_date, w.deleted,
-  CASE 
-    WHEN 
-      (
-        $1::text = u.username OR
-        NOT ps.hide_profile_details AND 
-        NOT
-          (
-            ps.hide_for_unauthenticated AND
-            $1::text = ''
-          ) AND
-        NOT wl.hidden
-      )
-    THEN TRUE 
-    ELSE FALSE
-  END AS access_allowed
-FROM wishes w
-JOIN wish_lists wl ON w.wish_list_id = wl.id
-JOIN profiles p ON wl.profile_id = p.id
-JOIN profile_settings ps ON ps.profile_id = p.id
-JOIN users u ON p.user_id = u.id
-WHERE
-  w.guid = ($2::text)::uuid AND
-  w.deleted IS FALSE
-`
-
-type GetWishByGuidWithPrivacyParams struct {
-	Requester string
-	Guid      string
-}
-
-type GetWishByGuidWithPrivacyRow struct {
-	ID            int64
-	Guid          pgtype.UUID
-	WishListID    int64
-	WishListGuid  pgtype.UUID
-	Name          string
-	Description   string
-	PictureUrl    string
-	Stars         int16
-	CreationDate  pgtype.Timestamp
-	Fulfilled     bool
-	FulfilledDate pgtype.Timestamp
-	Deleted       bool
-	AccessAllowed bool
-}
-
-// XXX: Obsolete, use the according access check query instead
-func (q *Queries) GetWishByGuidWithPrivacy(ctx context.Context, arg GetWishByGuidWithPrivacyParams) (GetWishByGuidWithPrivacyRow, error) {
-	row := q.db.QueryRow(ctx, getWishByGuidWithPrivacy, arg.Requester, arg.Guid)
-	var i GetWishByGuidWithPrivacyRow
-	err := row.Scan(
-		&i.ID,
-		&i.Guid,
-		&i.WishListID,
-		&i.WishListGuid,
-		&i.Name,
-		&i.Description,
-		&i.PictureUrl,
-		&i.Stars,
-		&i.CreationDate,
-		&i.Fulfilled,
-		&i.FulfilledDate,
-		&i.Deleted,
-		&i.AccessAllowed,
-	)
-	return i, err
-}
-
 const getWishlistByGuid = `-- name: GetWishlistByGuid :one
 SELECT id, guid, profile_id, hidden, name, icon_name, color, color_grad, deleted FROM wish_lists wl
 WHERE wl.guid = ($1::text)::uuid
@@ -1109,93 +933,11 @@ func (q *Queries) GetWishlistByGuid(ctx context.Context, guid string) (WishList,
 	return i, err
 }
 
-const getWishlistsByUsername = `-- name: GetWishlistsByUsername :many
-SELECT wl.id, guid, profile_id, hidden, wl.name, icon_name, wl.color, wl.color_grad, wl.deleted, p.id, user_id, p.name, bio, avatar_url, birthday, p.color, p.color_grad, u.id, username, verified, registration_date, role, u.deleted FROM wish_lists wl
-JOIN profiles p ON p.id = wl.profile_id
-JOIN users u ON u.id = p.user_id
-WHERE u.username = $1::text
-`
-
-type GetWishlistsByUsernameRow struct {
-	ID               int64
-	Guid             pgtype.UUID
-	ProfileID        int64
-	Hidden           bool
-	Name             string
-	IconName         string
-	Color            string
-	ColorGrad        string
-	Deleted          bool
-	ID_2             int64
-	UserID           int64
-	Name_2           string
-	Bio              string
-	AvatarUrl        string
-	Birthday         pgtype.Timestamp
-	Color_2          string
-	ColorGrad_2      string
-	ID_3             int64
-	Username         string
-	Verified         bool
-	RegistrationDate pgtype.Timestamp
-	Role             int32
-	Deleted_2        *bool
-}
-
-func (q *Queries) GetWishlistsByUsername(ctx context.Context, username string) ([]GetWishlistsByUsernameRow, error) {
-	rows, err := q.db.Query(ctx, getWishlistsByUsername, username)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-	var items []GetWishlistsByUsernameRow
-	for rows.Next() {
-		var i GetWishlistsByUsernameRow
-		if err := rows.Scan(
-			&i.ID,
-			&i.Guid,
-			&i.ProfileID,
-			&i.Hidden,
-			&i.Name,
-			&i.IconName,
-			&i.Color,
-			&i.ColorGrad,
-			&i.Deleted,
-			&i.ID_2,
-			&i.UserID,
-			&i.Name_2,
-			&i.Bio,
-			&i.AvatarUrl,
-			&i.Birthday,
-			&i.Color_2,
-			&i.ColorGrad_2,
-			&i.ID_3,
-			&i.Username,
-			&i.Verified,
-			&i.RegistrationDate,
-			&i.Role,
-			&i.Deleted_2,
-		); err != nil {
-			return nil, err
-		}
-		items = append(items, i)
-	}
-	if err := rows.Err(); err != nil {
-		return nil, err
-	}
-	return items, nil
-}
-
 const getWishlistsByUsernameWithPrivacy = `-- name: GetWishlistsByUsernameWithPrivacy :many
 SELECT 
   wl.id, wl.guid, wl.profile_id, wl.hidden, wl.name, wl.icon_name, wl.color, wl.color_grad, wl.deleted, 
   CASE 
-    WHEN (
-      ps.hide_profile_details OR (
-        ps.hide_for_unauthenticated AND
-        $1::text = ''
-      )
-    ) THEN FALSE 
+    WHEN (ps.hide_profile_details OR ps.hide_for_unauthenticated) THEN FALSE 
     ELSE TRUE 
   END AS access_allowed
 FROM 
@@ -1208,9 +950,9 @@ JOIN
   users AS u ON p.user_id = u.id
 WHERE 
   wl.deleted IS FALSE AND
-  u.username = $2::text AND
+  u.username = $1::text AND
   (
-    u.username = $1::text OR
+    u.username = $2::text OR
     (u.verified IS TRUE AND 
     NOT EXISTS (
       SELECT 1
@@ -1223,8 +965,8 @@ WHERE
 `
 
 type GetWishlistsByUsernameWithPrivacyParams struct {
-	Requester string
 	Username  string
+	Requester string
 }
 
 type GetWishlistsByUsernameWithPrivacyRow struct {
@@ -1233,16 +975,15 @@ type GetWishlistsByUsernameWithPrivacyRow struct {
 	ProfileID     int64
 	Hidden        bool
 	Name          string
-	IconName      string
-	Color         string
-	ColorGrad     string
+	IconName      *string
+	Color         *string
+	ColorGrad     *string
 	Deleted       bool
 	AccessAllowed bool
 }
 
-// XXX: Obsolete, use the according access check query instead
 func (q *Queries) GetWishlistsByUsernameWithPrivacy(ctx context.Context, arg GetWishlistsByUsernameWithPrivacyParams) ([]GetWishlistsByUsernameWithPrivacyRow, error) {
-	rows, err := q.db.Query(ctx, getWishlistsByUsernameWithPrivacy, arg.Requester, arg.Username)
+	rows, err := q.db.Query(ctx, getWishlistsByUsernameWithPrivacy, arg.Username, arg.Requester)
 	if err != nil {
 		return nil, err
 	}
@@ -1272,34 +1013,6 @@ func (q *Queries) GetWishlistsByUsernameWithPrivacy(ctx context.Context, arg Get
 	return items, nil
 }
 
-const moveWishToWishListWithGuid = `-- name: MoveWishToWishListWithGuid :one
-WITH updated AS (
-  UPDATE wishes w
-  SET
-    wish_list_id = wl.id,
-    wish_list_guid = ($1::text)::uuid
-  FROM wish_lists wl
-  WHERE 
-    wl.guid = ($1::text)::uuid AND
-    wl.profile_id = ( -- Make sure the wish is not moved to another profile
-      SELECT profile_id
-      FROM wish_lists
-      WHERE wish_lists.id = w.wish_list_id
-    )
-  RETURNING w.id
-)
-SELECT 
-  COUNT(*) > 0 AS target_found
-FROM updated
-`
-
-func (q *Queries) MoveWishToWishListWithGuid(ctx context.Context, wishListGuid string) (bool, error) {
-	row := q.db.QueryRow(ctx, moveWishToWishListWithGuid, wishListGuid)
-	var target_found bool
-	err := row.Scan(&target_found)
-	return target_found, err
-}
-
 const pruneExpiredConfirmationCodes = `-- name: PruneExpiredConfirmationCodes :exec
 DELETE FROM confirmation_codes
 WHERE expires_at < CURRENT_TIMESTAMP
@@ -1567,9 +1280,7 @@ func (q *Queries) UpdateUser(ctx context.Context, arg UpdateUserParams) error {
 
 const updateUserByUsername = `-- name: UpdateUserByUsername :exec
 UPDATE users 
-SET
-  verified = COALESCE($2, verified), 
-  deleted = COALESCE($3, deleted)
+SET verified = $2, deleted = $3
 WHERE username = $1
 `
 

backend/internal/dto/wishList.go

@@ -1,55 +0,0 @@
-// Copyright (c) 2025 Nikolai Papin
-//
-// This file is part of Easywish
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
-// the GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-package dto
-
-type WishListDto struct {
-	Guid 				string	`json:"guid" mapstructure:"guid"`
-	Name 				string	`json:"name" mapstructure:"name"`
-	Hidden 			bool		`json:"hidden" mapstructure:"hidden"`
-	IconName 		string	`json:"icon_name" mapstructure:"icon_name"`
-	Color 			string	`json:"color" mapstructure:"color"`
-	ColorGrad 	string	`json:"color_grad" mapstructure:"color_grad"`
-}
-
-type NewWishListDto struct {
-	Name 			string	`json:"name" mapstructure:"name" binding:"required" validate:"max=32"`
-	Hidden 		bool		`json:"hidden" mapstructure:"hidden"`
-	IconName 	string	`json:"icon_name" mapstructure:"icon_name" validate:"omitempty,max=64"`
-	Color			string	`json:"color" mapstructure:"color" validate:"omitempty,color_hex"`
-	ColorGrad	string	`json:"color_grad" mapstructure:"color_grad" validate:"omitempty,color_hex"`
-}
-
-type WishDto struct {
-	Guid 					string	`json:"guid" mapstructure:"guid"`
-	WishListGuid 	string	`json:"wish_list_guid" mapstructure:"wish_list_guid"`
-	Name 					string	`json:"name" mapstructure:"name"`
-	Description 	string	`json:"description" mapstructure:"description"`
-	PictureUrl 		string	`json:"picture_url" mapstructure:"picture_url"`
-	Stars 				int			`json:"stars" mapstructure:"stars"`
-	CreationDate 	int64		`json:"creation_date" mapstructure:"creation_date"`
-	Fulfilled 		bool		`json:"fulfilled" mapstructure:"fulfilled"`
-	FulfilledDate	int64		`json:"fulfilled_date" mapstructure:"fulfilled_date"`
-}
-
-type NewWishDto struct {
-	WishListGuid			string	`json:"wish_list_guid" mapstructure:"wish_list_guid" binding:"required" validate:"guid"`
-	Name							string	`json:"name" mapstructure:"name" binding:"required" validate:"max=64"`
-	Description				string	`json:"description" mapstructure:"description" validate:"omitempty,max=1000"`
-	PictureUploadId		string	`json:"picture_upload_id" mapstructure:"picture_upload_id" validate:"omitempty,upload_id=image"`
-	Stars							int			`json:"stars" mapstructure:"stars" validate:"min=1,max=5"`
-}

backend/internal/services/wishlist.go

@@ -1,36 +0,0 @@
-// Copyright (c) 2025 Nikolai Papin
-//
-// This file is part of Easywish
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
-// the GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-package services
-
-import (
-	"easywish/internal/dto"
-	"easywish/internal/utils/enums"
-)
-
-type WishListService interface {
-	CreateWishList(cinfo dto.ClientInfo, object dto.NewWishListDto) (*dto.WishListDto, error)
-	UpdateWishListByGuid(cinfo dto.ClientInfo, guid string, object dto.NewWishDto) (bool, error)
-	DeleteWishListByGuid(cinfo dto.ClientInfo, guid string) (bool, error)
-	GetWishListByGuid(cinfo dto.ClientInfo, guid string) (*dto.WishListDto, error)
-	GetUserWishListsPaginated(cinfo dto.ClientInfo, amount int, page int, sorting enums.Sorting, sortOrder enums.SortOrder) (*[]dto.WishListDto, error)
-
-	CreateWish(cinfo dto.ClientInfo, object dto.NewWishDto) (*dto.WishDto, error)
-	UpdateWish(cinfo dto.ClientInfo, guid string, object dto.NewWishDto) (bool, error)
-	GetWishByGuid(cinfo dto.ClientInfo, guid string) (*dto.WishDto, error)
-	GetWishesByWishListGuidPaginated(cinfo dto.ClientInfo, guid string, amount int, page int, sorting enums.Sorting, sortOrder enums.SortOrder) (*[]dto.WishDto, error)
-}

backend/internal/utils/enums/enums.go

@@ -35,15 +35,3 @@ const (
 	JwtAccessTokenType JwtTokenType = iota
 	JwtRefreshTokenType
 )
-
-type Sorting int32
-const (
-	ByDate Sorting = iota
-	ByScore
-)
-
-type SortOrder int32
-const (
-	Descending = iota
-	Ascending
-)

backend/internal/utils/mapSpecial/wishDto.go

@@ -1,37 +0,0 @@
-// Copyright (c) 2025 Nikolai Papin
-//
-// This file is part of Easywish
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
-// the GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-package mapspecial
-
-import (
-	"easywish/internal/database"
-	"easywish/internal/dto"
-
-	"github.com/rafiulgits/go-automapper"
-)
-
-func MapWishDto(dbModel database.Wish, dtoModel *dto.WishDto) {
-	if dtoModel == nil {
-		dtoModel = &dto.WishDto{}
-	}
-	automapper.Map(&dbModel, dtoModel, func(src *database.Wish, dst *dto.WishDto) {
-		dst.Guid = src.Guid.String()
-		dst.WishListGuid = src.WishListGuid.String()
-		dst.CreationDate = src.CreationDate.Time.UnixMilli()
-		dst.FulfilledDate = src.FulfilledDate.Time.UnixMilli()
-	})
-}

backend/internal/utils/mapSpecial/wishListDto.go

@@ -1,35 +0,0 @@
-// Copyright (c) 2025 Nikolai Papin
-//
-// This file is part of Easywish
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
-// the GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-package mapspecial
-
-import (
-	"easywish/internal/database"
-	"easywish/internal/dto"
-
-	"github.com/rafiulgits/go-automapper"
-)
-
-func MapWishListDto(dbModel database.WishList, dtoModel *dto.WishListDto) {
-	if dtoModel == nil {
-		dtoModel = &dto.WishListDto{}
-	}
-	automapper.Map(&dbModel, dtoModel, func(src *database.WishList, dst *dto.WishListDto) {
-		dst.Guid = src.Guid.String()
-	})
-}
-

backend/internal/validation/custom.go

@@ -42,13 +42,6 @@ func GetCustomHandlers() []CustomValidatorHandler {
         return regexp.MustCompile(`^[a-zA-Z0-9_]{3,20}$`).MatchString(username)
 		}},
 
-		{
-			FieldName: "guid",
-			Function: func(fl validator.FieldLevel) bool {
-				guid := fl.Field().String()
-        return regexp.MustCompile(`^([{(]?([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})[})]?)$`).MatchString(guid)
-		}},
-
 		{
 			FieldName: "name",
 			Function: func(fl validator.FieldLevel) bool {

sqlc/query.sql

@@ -280,27 +280,7 @@ SELECT profiles.* FROM profiles
 JOIN users ON users.id = profiles.user_id
 WHERE users.username = $1;
 
-;-- name: CheckProfileAccess :one
--- XXX: recheck, was tired
-SELECT
-  CASE WHEN u.deleted OR NOT u.verified THEN TRUE ELSE FALSE END AS user_unavailable,
-  CASE WHEN EXISTS (
-      SELECT 1
-      FROM banned_users
-      WHERE user_id = u.id AND
-      pardoned IS FALSE AND
-      (expires_at IS NULL OR expires_at < CURRENT_TIMESTAMP)
-  ) THEN TRUE ELSE FALSE END AS user_banned, 
-  CASE WHEN ps.hide_profile_details THEN TRUE ELSE FALSE END AS hidden,
-  CASE WHEN ps.hide_for_unauthenticated AND @requester::text = '' THEN TRUE ELSE FALSE END AS auth_required,
-  CASE WHEN ps.captcha THEN TRUE ELSE FALSE END AS captcha_required
-FROM profiles p
-JOIN profile_settings ps ON ps.profile_id = p.id
-JOIN users u ON p.user_id = u.id
-WHERE p.id = $1;
-
 ;-- name: GetProfileByUsernameWithPrivacy :one
--- FIXME: tweak backend code to handle privacy correctly
 SELECT
   u.username,
   p.name,
@@ -308,13 +288,27 @@ SELECT
   p.avatar_url,
   CASE WHEN ps.hide_birthday THEN NULL ELSE p.birthday END AS birthday,
   p.color,
-  p.color_grad
+  p.color_grad,
+  NOT (@requester::text = '' AND ps.hide_for_unauthenticated) AS access_allowed
 FROM
   users AS u
 JOIN profiles AS p ON u.id = p.user_id
 JOIN profile_settings AS ps ON p.id = ps.profile_id
 WHERE
-  u.username = @searched_username::text;
+  u.username = @searched_username::text
+  AND (
+    @searched_username::text = @requester::text
+    OR
+    u.deleted IS FALSE
+    AND u.verified IS TRUE
+    AND NOT EXISTS (
+      SELECT 1
+      FROM banned_users
+      WHERE user_id = u.id AND
+      pardoned IS FALSE AND
+      (expires_at IS NULL OR expires_at < CURRENT_TIMESTAMP)
+    )
+  );
 
 ;-- name: GetProfilesRestricted :many
 SELECT 
@@ -395,23 +389,11 @@ WHERE wl.guid = (@guid::text)::uuid;
 SELECT * FROM wish_lists wl
 WHERE wl.guid = (@guid::text)::uuid;
 
-;-- name: GetWishlistsByUsername :many
-SELECT * FROM wish_lists wl
-JOIN profiles p ON p.id = wl.profile_id
-JOIN users u ON u.id = p.user_id
-WHERE u.username = @username::text;
-
 -- name: GetWishlistsByUsernameWithPrivacy :many
--- XXX: Obsolete, create according access check query instead
 SELECT 
   wl.*, 
   CASE 
-    WHEN (
-      ps.hide_profile_details OR (
-        ps.hide_for_unauthenticated AND
-        @requester::text = ''
-      )
-    ) THEN FALSE 
+    WHEN (ps.hide_profile_details OR ps.hide_for_unauthenticated) THEN FALSE 
     ELSE TRUE 
   END AS access_allowed
 FROM 
@@ -441,25 +423,6 @@ WHERE
 
 --: Wish Object {{{
 
-;-- name: CreateWish :one
-INSERT INTO wishes(
-  wish_list_id,
-  wish_list_guid,
-  name,
-  description,
-  picture_url,
-  stars)
-VALUES
-  (
-    (SELECT id FROM wish_lists wl WHERE wl.guid = (@wish_list_guid::text)::uuid),
-    (@wish_list_guid::text)::uuid,
-    @name::text,
-    @description::text,
-    @picture_url::text,
-    @stars::smallint
-  )
-RETURNING *;
-
 ;-- name: UpdateWishByGuid :exec
 UPDATE wishes w
 SET 
@@ -472,56 +435,4 @@ SET
   deleted = COALESCE(@deleted::boolean, w.deleted)
 WHERE w.guid = (@guid::text)::uuid;
 
-;-- name: MoveWishToWishListWithGuid :one
-WITH updated AS (
-  UPDATE wishes w
-  SET
-    wish_list_id = wl.id,
-    wish_list_guid = (@wish_list_guid::text)::uuid
-  FROM wish_lists wl
-  WHERE 
-    wl.guid = (@wish_list_guid::text)::uuid AND
-    wl.profile_id = ( -- Make sure the wish is not moved to another profile
-      SELECT profile_id
-      FROM wish_lists
-      WHERE wish_lists.id = w.wish_list_id
-    )
-  RETURNING w.id
-)
-SELECT 
-  COUNT(*) > 0 AS target_found
-FROM updated;
-
-;-- name: GetWishByGuid :one
-SELECT * FROM wishes w
-WHERE w.guid = (@guid::text)::uuid;
-
-;-- name: GetWishByGuidWithPrivacy :one
--- XXX: Obsolete, create according access check query instead
-SELECT 
-  w.*,
-  CASE 
-    WHEN 
-      (
-        @requester::text = u.username OR
-        NOT ps.hide_profile_details AND 
-        NOT
-          (
-            ps.hide_for_unauthenticated AND
-            @requester::text = ''
-          ) AND
-        NOT wl.hidden
-      )
-    THEN TRUE 
-    ELSE FALSE
-  END AS access_allowed
-FROM wishes w
-JOIN wish_lists wl ON w.wish_list_id = wl.id
-JOIN profiles p ON wl.profile_id = p.id
-JOIN profile_settings ps ON ps.profile_id = p.id
-JOIN users u ON p.user_id = u.id
-WHERE
-  w.guid = (@guid::text)::uuid AND
-  w.deleted IS FALSE;
-
 --: }}}

sqlc/schema.sql

@@ -101,9 +101,9 @@ CREATE TABLE IF NOT EXISTS "wish_lists" (
   profile_id BIGINT UNIQUE NOT NULL REFERENCES profiles(id) ON DELETE CASCADE,
   hidden BOOLEAN NOT NULL DEFAULT FALSE,
   name VARCHAR(32) NOT NULL DEFAULT 'Wishes',
-  icon_name VARCHAR(64) NOT NULL DEFAULT '',
-  color VARCHAR(7) NOT NULL DEFAULT '',
-  color_grad VARCHAR(7) NOT NULL DEFAULT '',
+  icon_name VARCHAR(64),
+  color VARCHAR(7),
+  color_grad VARCHAR(7),
   deleted BOOLEAN NOT NULL DEFAULT FALSE
 );
 
@@ -111,8 +111,7 @@ CREATE TABLE IF NOT EXISTS "wishes" (
   id BIGSERIAL PRIMARY KEY,
   guid UUID UNIQUE NOT NULL DEFAULT gen_random_uuid(),
   wish_list_id BIGINT UNIQUE NOT NULL REFERENCES wish_lists(id) ON DELETE CASCADE,
-  wish_list_guid UUID NOT NULL REFERENCES wish_lists(guid) ON DELETE CASCADE,
-  name VARCHAR(64) NOT NULL DEFAULT 'New wish',
+  name VARCHAR(32) NOT NULL DEFAULT 'New wish',
   description VARCHAR(1000) NOT NULL DEFAULT '',
   picture_url VARCHAR(512) NOT NULL DEFAULT '',
   stars SMALLINT NOT NULL DEFAULT 3 CHECK (stars BETWEEN 1 AND 5),
@@ -121,63 +120,3 @@ CREATE TABLE IF NOT EXISTS "wishes" (
   fulfilled_date TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
   deleted BOOLEAN NOT NULL DEFAULT FALSE
 );
-
-CREATE OR REPLACE FUNCTION get_profile(requester_user_id BIGINT, target_profile_id BIGINT)
-RETURNS JSONB AS $$
-DECLARE
-    profile_record profiles%ROWTYPE;
-    settings_record profile_settings%ROWTYPE;
-    is_owner BOOLEAN;
-    is_banned BOOLEAN;
-    is_deleted BOOLEAN;
-BEGIN
-    -- Check if target user exists and is not deleted/banned
-    SELECT p.*, u.deleted INTO profile_record
-    FROM profiles p
-    JOIN users u ON p.user_id = u.id
-    WHERE p.id = target_profile_id;
-    
-    IF NOT FOUND THEN
-        RETURN NULL;  -- Or raise an exception for "not found"
-    END IF;
-    
-    is_deleted := profile_record.deleted;  -- From users table
-    IF is_deleted THEN
-        RETURN NULL;
-    END IF;
-    
-    -- Check if requester is banned (simplified; expand as needed)
-    SELECT EXISTS(SELECT 1 FROM banned_users WHERE user_id = requester_user_id AND pardoned = FALSE AND (expires_at IS NULL OR expires_at > CURRENT_TIMESTAMP)) INTO is_banned;
-    IF is_banned THEN
-        RAISE EXCEPTION 'Requester is banned';
-    END IF;
-    
-    -- Determine ownership
-    is_owner := (profile_record.user_id = requester_user_id);
-    
-    -- Fetch settings
-    SELECT * INTO settings_record FROM profile_settings WHERE profile_id = target_profile_id;
-    
-    -- Apply privacy: Hide for unauthenticated or based on settings
-    IF requester_user_id IS NULL AND settings_record.hide_for_unauthenticated THEN  -- NULL requester means unauth
-        RETURN NULL;
-    END IF;
-    
-    IF NOT is_owner AND settings_record.hide_profile_details THEN
-        RETURN NULL;  -- Or return minimal public data
-    END IF;
-    
-    -- Sanitize fields based on settings
-    IF NOT is_owner AND settings_record.hide_birthday THEN
-        profile_record.birthday := NULL;
-    END IF;
-    -- Add more field-level masking here (e.g., bio, avatar_url)
-    
-    -- Return as JSONB for easy app consumption
-    RETURN row_to_json(profile_record)::JSONB;
-EXCEPTION
-    WHEN OTHERS THEN
-        RAISE NOTICE 'Access denied: %', SQLERRM;
-        RETURN NULL;
-END;
-$$ LANGUAGE plpgsql SECURITY DEFINER;