Merge pull request 'fix: corrected redis logic to prevent temporary lock-outs on failed database transactions;' (#8) from fix-auth_service into ml2

Reviewed-on: #8

backend/docs/docs.go

@@ -748,7 +748,7 @@ const docTemplate = `{
             ],
             "properties": {
                 "birthday": {
-                    "type": "integer"
+                    "type": "string"
                 },
                 "name": {
                     "type": "string"

backend/docs/swagger.json

@@ -744,7 +744,7 @@
             ],
             "properties": {
                 "birthday": {
-                    "type": "integer"
+                    "type": "string"
                 },
                 "name": {
                     "type": "string"

backend/docs/swagger.yaml

@@ -157,7 +157,7 @@ definitions:
   models.RegistrationCompleteRequest:
     properties:
       birthday:
-        type: integer
+        type: string
       name:
         type: string
       username:

backend/go.mod

@@ -52,7 +52,6 @@ require (
 	github.com/minio/crc64nvme v1.0.2 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/minio/minio-go/v7 v7.0.95 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect

backend/go.sum

@@ -99,8 +99,6 @@ github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
 github.com/minio/minio-go/v7 v7.0.95 h1:ywOUPg+PebTMTzn9VDsoFJy32ZuARN9zhB+K3IYEvYU=
 github.com/minio/minio-go/v7 v7.0.95/go.mod h1:wOOX3uxS334vImCNRVyIDdXX9OsXDm89ToynKgqUKlo=
-github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
-github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=

backend/internal/controllers/profile.go

@@ -120,12 +120,8 @@ func (ctrl *ProfileController) getProfileByUsername(c *gin.Context) {
 	response, err := ctrl.ps.GetProfileByUsername(cinfo, username); if err != nil {
 		if errors.Is(err, errs.ErrNotFound) {
 			c.JSON(http.StatusNotFound, gin.H{"error": "Profile not found"})
-		} else if errors.Is(err, errs.ErrUnauthorized) {
-			c.JSON(http.StatusUnauthorized, gin.H{"error": "Profile avaiable to authrorized users only"})
 		} else if errors.Is(err, errs.ErrForbidden) {
 			c.JSON(http.StatusForbidden, gin.H{"error": "Access restricted by profile's privacy settings"})
-		} else if errors.Is(err, errs.ErrGone) {
-			c.JSON(http.StatusGone, gin.H{"error": "Profile no longer available"})
 		} else {
 			c.Status(http.StatusInternalServerError)
 		}

backend/internal/database/models.go

@@ -88,7 +88,6 @@ type Wish struct {
 	ID            int64
 	Guid          pgtype.UUID
 	WishListID    int64
-	WishListGuid  pgtype.UUID
 	Name          string
 	Description   string
 	PictureUrl    string
@@ -105,8 +104,8 @@ type WishList struct {
 	ProfileID int64
 	Hidden    bool
 	Name      string
-	IconName  string
+	IconName  *string
-	Color     string
+	Color     *string
-	ColorGrad string
+	ColorGrad *string
 	Deleted   bool
 }

backend/internal/database/query.sql.go

@@ -11,51 +11,6 @@ import (
 	"github.com/jackc/pgx/v5/pgtype"
 )
 
-const checkProfileAccess = `-- name: CheckProfileAccess :one
-SELECT
-  CASE WHEN u.deleted OR NOT u.verified THEN TRUE ELSE FALSE END AS user_unavailable,
-  CASE WHEN EXISTS (
-      SELECT 1
-      FROM banned_users
-      WHERE user_id = u.id AND
-      pardoned IS FALSE AND
-      (expires_at IS NULL OR expires_at < CURRENT_TIMESTAMP)
-  ) THEN TRUE ELSE FALSE END AS user_banned, 
-  CASE WHEN ps.hide_profile_details THEN TRUE ELSE FALSE END AS hidden,
-  CASE WHEN ps.hide_for_unauthenticated AND $2::text = '' THEN TRUE ELSE FALSE END AS auth_required,
-  CASE WHEN ps.captcha THEN TRUE ELSE FALSE END AS captcha_required
-FROM profiles p
-JOIN profile_settings ps ON ps.profile_id = p.id
-JOIN users u ON p.user_id = u.id
-WHERE p.id = $1
-`
-
-type CheckProfileAccessParams struct {
-	ID        int64
-	Requester string
-}
-
-type CheckProfileAccessRow struct {
-	UserUnavailable bool
-	UserBanned      bool
-	Hidden          bool
-	AuthRequired    bool
-	CaptchaRequired bool
-}
-
-func (q *Queries) CheckProfileAccess(ctx context.Context, arg CheckProfileAccessParams) (CheckProfileAccessRow, error) {
-	row := q.db.QueryRow(ctx, checkProfileAccess, arg.ID, arg.Requester)
-	var i CheckProfileAccessRow
-	err := row.Scan(
-		&i.UserUnavailable,
-		&i.UserBanned,
-		&i.Hidden,
-		&i.AuthRequired,
-		&i.CaptchaRequired,
-	)
-	return i, err
-}
-
 const checkUserRegistrationAvailability = `-- name: CheckUserRegistrationAvailability :one
 SELECT 
   COUNT(CASE WHEN users.username = $1::text THEN 1 END) > 0 AS username_busy,
@@ -98,46 +53,6 @@ func (q *Queries) CheckUserRegistrationAvailability(ctx context.Context, arg Che
 	return i, err
 }
 
-const checkWishAccessByGuid = `-- name: CheckWishAccessByGuid :one
-SELECT EXISTS (
-    SELECT 1
-    FROM wishes w
-    JOIN wish_lists wl ON w.wish_list_id = wl.id
-    JOIN profiles p ON wl.profile_id = p.id
-    JOIN profile_settings ps ON ps.profile_id = p.id
-    JOIN users u ON p.user_id = u.id
-    LEFT JOIN banned_users bu ON u.id = bu.user_id 
-        AND bu.pardoned = FALSE 
-        AND (bu.expires_at IS NULL OR bu.expires_at > NOW())
-    WHERE w.guid = ($1::text)::uuid
-        AND ps.hide_profile_details = FALSE
-        AND (
-          $2::text != ''
-          OR ps.hide_for_unauthenticated IS FALSE
-        )
-        AND (
-          w.fulfilled = FALSE
-          OR ps.hide_fulfilled IS FALSE
-        )
-        AND w.deleted = FALSE
-        AND wl.deleted = FALSE
-        AND u.deleted = FALSE
-        AND bu.id IS NULL  -- Ensures owner is not banned
-)
-`
-
-type CheckWishAccessByGuidParams struct {
-	Guid      string
-	Requester string
-}
-
-func (q *Queries) CheckWishAccessByGuid(ctx context.Context, arg CheckWishAccessByGuidParams) (bool, error) {
-	row := q.db.QueryRow(ctx, checkWishAccessByGuid, arg.Guid, arg.Requester)
-	var exists bool
-	err := row.Scan(&exists)
-	return exists, err
-}
-
 const createBannedUser = `-- name: CreateBannedUser :one
 INSERT INTO banned_users(user_id, expires_at, reason, banned_by)
 VALUES ( $1, $2, $3, $4) RETURNING id, user_id, date, reason, expires_at, banned_by, pardoned, pardoned_by
@@ -338,60 +253,6 @@ func (q *Queries) CreateUser(ctx context.Context, username string) (User, error)
 	return i, err
 }
 
-const createWish = `-- name: CreateWish :one
-INSERT INTO wishes(
-  wish_list_id,
-  wish_list_guid,
-  name,
-  description,
-  picture_url,
-  stars)
-VALUES
-  (
-    (SELECT id FROM wish_lists wl WHERE wl.guid = ($1::text)::uuid),
-    ($1::text)::uuid,
-    $2::text,
-    $3::text,
-    $4::text,
-    $5::smallint
-  )
-RETURNING id, guid, wish_list_id, wish_list_guid, name, description, picture_url, stars, creation_date, fulfilled, fulfilled_date, deleted
-`
-
-type CreateWishParams struct {
-	WishListGuid string
-	Name         string
-	Description  string
-	PictureUrl   string
-	Stars        int16
-}
-
-func (q *Queries) CreateWish(ctx context.Context, arg CreateWishParams) (Wish, error) {
-	row := q.db.QueryRow(ctx, createWish,
-		arg.WishListGuid,
-		arg.Name,
-		arg.Description,
-		arg.PictureUrl,
-		arg.Stars,
-	)
-	var i Wish
-	err := row.Scan(
-		&i.ID,
-		&i.Guid,
-		&i.WishListID,
-		&i.WishListGuid,
-		&i.Name,
-		&i.Description,
-		&i.PictureUrl,
-		&i.Stars,
-		&i.CreationDate,
-		&i.Fulfilled,
-		&i.FulfilledDate,
-		&i.Deleted,
-	)
-	return i, err
-}
-
 const createWishList = `-- name: CreateWishList :one
 INSERT INTO wish_lists(profile_id, hidden, name, icon_name, color, color_grad)
 VALUES (
@@ -402,7 +263,7 @@ VALUES (
   $3::text,
   $4::text,
   $5::text,
-  $6::text
+  $6::boolean
 )
 RETURNING id, guid, profile_id, hidden, name, icon_name, color, color_grad, deleted
 `
@@ -413,7 +274,7 @@ type CreateWishListParams struct {
 	Name      string
 	IconName  string
 	Color     string
-	ColorGrad string
+	ColorGrad bool
 }
 
 func (q *Queries) CreateWishList(ctx context.Context, arg CreateWishListParams) (WishList, error) {
@@ -540,27 +401,47 @@ SELECT
   p.avatar_url,
   CASE WHEN ps.hide_birthday THEN NULL ELSE p.birthday END AS birthday,
   p.color,
-  p.color_grad
+  p.color_grad,
+  NOT ($1::text = '' AND ps.hide_for_unauthenticated) AS access_allowed
 FROM
   users AS u
 JOIN profiles AS p ON u.id = p.user_id
 JOIN profile_settings AS ps ON p.id = ps.profile_id
 WHERE
-  u.username = $1::text
+  u.username = $2::text
+  AND (
+    $2::text = $1::text
+    OR
+    u.deleted IS FALSE
+    AND u.verified IS TRUE
+    AND NOT EXISTS (
+      SELECT 1
+      FROM banned_users
+      WHERE user_id = u.id AND
+      pardoned IS FALSE AND
+      (expires_at IS NULL OR expires_at < CURRENT_TIMESTAMP)
+    )
+  )
 `
 
-type GetProfileByUsernameWithPrivacyRow struct {
+type GetProfileByUsernameWithPrivacyParams struct {
-	Username  string
+	Requester        string
-	Name      string
+	SearchedUsername string
-	Bio       string
-	AvatarUrl string
-	Birthday  pgtype.Timestamp
-	Color     string
-	ColorGrad string
 }
 
-func (q *Queries) GetProfileByUsernameWithPrivacy(ctx context.Context, searchedUsername string) (GetProfileByUsernameWithPrivacyRow, error) {
+type GetProfileByUsernameWithPrivacyRow struct {
-	row := q.db.QueryRow(ctx, getProfileByUsernameWithPrivacy, searchedUsername)
+	Username      string
+	Name          string
+	Bio           string
+	AvatarUrl     string
+	Birthday      pgtype.Timestamp
+	Color         string
+	ColorGrad     string
+	AccessAllowed *bool
+}
+
+func (q *Queries) GetProfileByUsernameWithPrivacy(ctx context.Context, arg GetProfileByUsernameWithPrivacyParams) (GetProfileByUsernameWithPrivacyRow, error) {
+	row := q.db.QueryRow(ctx, getProfileByUsernameWithPrivacy, arg.Requester, arg.SearchedUsername)
 	var i GetProfileByUsernameWithPrivacyRow
 	err := row.Scan(
 		&i.Username,
@@ -570,6 +451,7 @@ func (q *Queries) GetProfileByUsernameWithPrivacy(ctx context.Context, searchedU
 		&i.Birthday,
 		&i.Color,
 		&i.ColorGrad,
+		&i.AccessAllowed,
 	)
 	return i, err
 }
@@ -954,7 +836,7 @@ WHERE
     FROM banned_users
     WHERE user_id = users.id AND
     pardoned IS FALSE AND
-    (expires_at IS NULL OR expires_at > CURRENT_TIMESTAMP)
+    (expires_at IS NULL OR expires_at < CURRENT_TIMESTAMP)
   ) AND -- Not banned
   linfo.password_hash = crypt($2::text, linfo.password_hash)
 `
@@ -1029,53 +911,6 @@ func (q *Queries) GetValidUserSessions(ctx context.Context, userID int64) ([]Ses
 	return items, nil
 }
 
-const getWishByGuid = `-- name: GetWishByGuid :one
-SELECT id, guid, wish_list_id, wish_list_guid, name, description, picture_url, stars, creation_date, fulfilled, fulfilled_date, deleted FROM wishes w
-WHERE w.guid = ($1::text)::uuid
-`
-
-func (q *Queries) GetWishByGuid(ctx context.Context, guid string) (Wish, error) {
-	row := q.db.QueryRow(ctx, getWishByGuid, guid)
-	var i Wish
-	err := row.Scan(
-		&i.ID,
-		&i.Guid,
-		&i.WishListID,
-		&i.WishListGuid,
-		&i.Name,
-		&i.Description,
-		&i.PictureUrl,
-		&i.Stars,
-		&i.CreationDate,
-		&i.Fulfilled,
-		&i.FulfilledDate,
-		&i.Deleted,
-	)
-	return i, err
-}
-
-const getWishListOwnerByGuid = `-- name: GetWishListOwnerByGuid :one
-SELECT u.id, u.username, u.verified, u.registration_date, u.role, u.deleted
-FROM wish_lists wl
-JOIN profiles p ON wl.profile_id = p.id
-JOIN users u ON p.user_id = u.id
-WHERE wl.guid = ($1::text)::uuid
-`
-
-func (q *Queries) GetWishListOwnerByGuid(ctx context.Context, guid string) (User, error) {
-	row := q.db.QueryRow(ctx, getWishListOwnerByGuid, guid)
-	var i User
-	err := row.Scan(
-		&i.ID,
-		&i.Username,
-		&i.Verified,
-		&i.RegistrationDate,
-		&i.Role,
-		&i.Deleted,
-	)
-	return i, err
-}
-
 const getWishlistByGuid = `-- name: GetWishlistByGuid :one
 SELECT id, guid, profile_id, hidden, name, icon_name, color, color_grad, deleted FROM wish_lists wl
 WHERE wl.guid = ($1::text)::uuid
@@ -1098,93 +933,11 @@ func (q *Queries) GetWishlistByGuid(ctx context.Context, guid string) (WishList,
 	return i, err
 }
 
-const getWishlistsByUsername = `-- name: GetWishlistsByUsername :many
-SELECT wl.id, guid, profile_id, hidden, wl.name, icon_name, wl.color, wl.color_grad, wl.deleted, p.id, user_id, p.name, bio, avatar_url, birthday, p.color, p.color_grad, u.id, username, verified, registration_date, role, u.deleted FROM wish_lists wl
-JOIN profiles p ON p.id = wl.profile_id
-JOIN users u ON u.id = p.user_id
-WHERE u.username = $1::text
-`
-
-type GetWishlistsByUsernameRow struct {
-	ID               int64
-	Guid             pgtype.UUID
-	ProfileID        int64
-	Hidden           bool
-	Name             string
-	IconName         string
-	Color            string
-	ColorGrad        string
-	Deleted          bool
-	ID_2             int64
-	UserID           int64
-	Name_2           string
-	Bio              string
-	AvatarUrl        string
-	Birthday         pgtype.Timestamp
-	Color_2          string
-	ColorGrad_2      string
-	ID_3             int64
-	Username         string
-	Verified         bool
-	RegistrationDate pgtype.Timestamp
-	Role             int32
-	Deleted_2        *bool
-}
-
-func (q *Queries) GetWishlistsByUsername(ctx context.Context, username string) ([]GetWishlistsByUsernameRow, error) {
-	rows, err := q.db.Query(ctx, getWishlistsByUsername, username)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-	var items []GetWishlistsByUsernameRow
-	for rows.Next() {
-		var i GetWishlistsByUsernameRow
-		if err := rows.Scan(
-			&i.ID,
-			&i.Guid,
-			&i.ProfileID,
-			&i.Hidden,
-			&i.Name,
-			&i.IconName,
-			&i.Color,
-			&i.ColorGrad,
-			&i.Deleted,
-			&i.ID_2,
-			&i.UserID,
-			&i.Name_2,
-			&i.Bio,
-			&i.AvatarUrl,
-			&i.Birthday,
-			&i.Color_2,
-			&i.ColorGrad_2,
-			&i.ID_3,
-			&i.Username,
-			&i.Verified,
-			&i.RegistrationDate,
-			&i.Role,
-			&i.Deleted_2,
-		); err != nil {
-			return nil, err
-		}
-		items = append(items, i)
-	}
-	if err := rows.Err(); err != nil {
-		return nil, err
-	}
-	return items, nil
-}
-
 const getWishlistsByUsernameWithPrivacy = `-- name: GetWishlistsByUsernameWithPrivacy :many
 SELECT 
   wl.id, wl.guid, wl.profile_id, wl.hidden, wl.name, wl.icon_name, wl.color, wl.color_grad, wl.deleted, 
   CASE 
-    WHEN (
+    WHEN (ps.hide_profile_details OR ps.hide_for_unauthenticated) THEN FALSE 
-      ps.hide_profile_details OR (
-        ps.hide_for_unauthenticated AND
-        $1::text = ''
-      )
-    ) THEN FALSE 
     ELSE TRUE 
   END AS access_allowed
 FROM 
@@ -1197,9 +950,9 @@ JOIN
   users AS u ON p.user_id = u.id
 WHERE 
   wl.deleted IS FALSE AND
-  u.username = $2::text AND
+  u.username = $1::text AND
   (
-    u.username = $1::text OR
+    u.username = $2::text OR
     (u.verified IS TRUE AND 
     NOT EXISTS (
       SELECT 1
@@ -1212,8 +965,8 @@ WHERE
 `
 
 type GetWishlistsByUsernameWithPrivacyParams struct {
-	Requester string
 	Username  string
+	Requester string
 }
 
 type GetWishlistsByUsernameWithPrivacyRow struct {
@@ -1222,15 +975,15 @@ type GetWishlistsByUsernameWithPrivacyRow struct {
 	ProfileID     int64
 	Hidden        bool
 	Name          string
-	IconName      string
+	IconName      *string
-	Color         string
+	Color         *string
-	ColorGrad     string
+	ColorGrad     *string
 	Deleted       bool
 	AccessAllowed bool
 }
 
 func (q *Queries) GetWishlistsByUsernameWithPrivacy(ctx context.Context, arg GetWishlistsByUsernameWithPrivacyParams) ([]GetWishlistsByUsernameWithPrivacyRow, error) {
-	rows, err := q.db.Query(ctx, getWishlistsByUsernameWithPrivacy, arg.Requester, arg.Username)
+	rows, err := q.db.Query(ctx, getWishlistsByUsernameWithPrivacy, arg.Username, arg.Requester)
 	if err != nil {
 		return nil, err
 	}
@@ -1260,34 +1013,6 @@ func (q *Queries) GetWishlistsByUsernameWithPrivacy(ctx context.Context, arg Get
 	return items, nil
 }
 
-const moveWishToWishListWithGuid = `-- name: MoveWishToWishListWithGuid :one
-WITH updated AS (
-  UPDATE wishes w
-  SET
-    wish_list_id = wl.id,
-    wish_list_guid = ($1::text)::uuid
-  FROM wish_lists wl
-  WHERE 
-    wl.guid = ($1::text)::uuid AND
-    wl.profile_id = ( -- Make sure the wish is not moved to another profile
-      SELECT profile_id
-      FROM wish_lists
-      WHERE wish_lists.id = w.wish_list_id
-    )
-  RETURNING w.id
-)
-SELECT 
-  COUNT(*) > 0 AS target_found
-FROM updated
-`
-
-func (q *Queries) MoveWishToWishListWithGuid(ctx context.Context, wishListGuid string) (bool, error) {
-	row := q.db.QueryRow(ctx, moveWishToWishListWithGuid, wishListGuid)
-	var target_found bool
-	err := row.Scan(&target_found)
-	return target_found, err
-}
-
 const pruneExpiredConfirmationCodes = `-- name: PruneExpiredConfirmationCodes :exec
 DELETE FROM confirmation_codes
 WHERE expires_at < CURRENT_TIMESTAMP
@@ -1555,9 +1280,7 @@ func (q *Queries) UpdateUser(ctx context.Context, arg UpdateUserParams) error {
 
 const updateUserByUsername = `-- name: UpdateUserByUsername :exec
 UPDATE users 
-SET
+SET verified = $2, deleted = $3
-  verified = COALESCE($2, verified), 
-  deleted = COALESCE($3, deleted)
 WHERE username = $1
 `
 

backend/internal/dto/wishList.go

@@ -1,55 +0,0 @@
-// Copyright (c) 2025 Nikolai Papin
-//
-// This file is part of Easywish
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
-// the GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-package dto
-
-type WishListDto struct {
-	Guid 				string	`json:"guid" mapstructure:"guid"`
-	Name 				string	`json:"name" mapstructure:"name"`
-	Hidden 			bool		`json:"hidden" mapstructure:"hidden"`
-	IconName 		string	`json:"icon_name" mapstructure:"icon_name"`
-	Color 			string	`json:"color" mapstructure:"color"`
-	ColorGrad 	string	`json:"color_grad" mapstructure:"color_grad"`
-}
-
-type NewWishListDto struct {
-	Name 			string	`json:"name" mapstructure:"name" binding:"required" validate:"max=32"`
-	Hidden 		bool		`json:"hidden" mapstructure:"hidden"`
-	IconName 	string	`json:"icon_name" mapstructure:"icon_name" validate:"omitempty,max=64"`
-	Color			string	`json:"color" mapstructure:"color" validate:"omitempty,color_hex"`
-	ColorGrad	string	`json:"color_grad" mapstructure:"color_grad" validate:"omitempty,color_hex"`
-}
-
-type WishDto struct {
-	Guid 					string	`json:"guid" mapstructure:"guid"`
-	WishListGuid 	string	`json:"wish_list_guid" mapstructure:"wish_list_guid"`
-	Name 					string	`json:"name" mapstructure:"name"`
-	Description 	string	`json:"description" mapstructure:"description"`
-	PictureUrl 		string	`json:"picture_url" mapstructure:"picture_url"`
-	Stars 				int			`json:"stars" mapstructure:"stars"`
-	CreationDate 	int64		`json:"creation_date" mapstructure:"creation_date"`
-	Fulfilled 		bool		`json:"fulfilled" mapstructure:"fulfilled"`
-	FulfilledDate	int64		`json:"fulfilled_date" mapstructure:"fulfilled_date"`
-}
-
-type NewWishDto struct {
-	WishListGuid			string	`json:"wish_list_guid" mapstructure:"wish_list_guid" binding:"required" validate:"guid"`
-	Name							string	`json:"name" mapstructure:"name" binding:"required" validate:"max=64"`
-	Description				string	`json:"description" mapstructure:"description" validate:"omitempty,max=1000"`
-	PictureUploadID		string	`json:"picture_upload_id" mapstructure:"picture_upload_id" validate:"omitempty,upload_id=image"`
-	Stars							int			`json:"stars" mapstructure:"stars" validate:"min=1,max=5"`
-}

backend/internal/errors/general.go

@@ -27,5 +27,4 @@ var (
 	ErrForbidden = errors.New("Access is denied")
 	ErrTooManyRequests = errors.New("Too many requests")
 	ErrNotFound = errors.New("Resource not found")
-	ErrGone = errors.New("Resource no longer available")
 )

backend/internal/services/profile.go

@@ -79,7 +79,10 @@ func (p *profileServiceImpl) GetProfileByUsername(cinfo dto.ClientInfo, username
 	}
 	defer helper.Rollback()
 
-	profileRow, err := db.TXQueries.GetProfileByUsername(db.CTX, username); if err != nil {
+	profileRow, err := db.TXQueries.GetProfileByUsernameWithPrivacy(db.CTX, database.GetProfileByUsernameWithPrivacyParams{
+		Requester: cinfo.Username,
+		SearchedUsername: username,
+	}); if err != nil {
 		if errors.Is(err, pgx.ErrNoRows) {
 			return nil, errs.ErrNotFound
 		}
@@ -91,33 +94,9 @@ func (p *profileServiceImpl) GetProfileByUsername(cinfo dto.ClientInfo, username
 		return nil, errs.ErrServerError
 	}
 
-	accessChecks, err := db.TXlessQueries.CheckProfileAccess(db.CTX, database.CheckProfileAccessParams{
+	if !*profileRow.AccessAllowed {
-		Requester: cinfo.Username,
-		ID: profileRow.ID,
-	}); if err != nil {
-		p.log.Error(
-			"Failed to check access for given profile",
-			zap.String("profile_owner_username", username),
-			zap.String("requester", cinfo.Username),
-			zap.Error(err))
-		return nil, errs.ErrServerError
-	}
-
-	if accessChecks.AuthRequired {
-		return nil, errs.ErrUnauthorized
-	}
-	if accessChecks.Hidden {
 		return nil, errs.ErrForbidden
 	}
-	if accessChecks.UserBanned {
-		return nil, errs.ErrGone
-	}
-	if accessChecks.UserUnavailable {
-		return nil, errs.ErrGone
-	}
-	if accessChecks.CaptchaRequired {
-		p.log.Warn("Captcha check is not implemented")
-	}
 
 	profileDto := &dto.ProfileDto{
 		Name: profileRow.Name,

backend/internal/services/s3.go

@@ -48,7 +48,7 @@ type s3ServiceImpl struct {
 	imagePolicy  minio.PostPolicy
 }
 
-func NewS3Service(_minio *minio.Client, _log *zap.Logger) S3Service {
+func NewUploadService(_minio *minio.Client, _log *zap.Logger) S3Service {
 	service := s3ServiceImpl{
 		minio: _minio,
 		log:   _log,

backend/internal/services/setup.go

@@ -23,10 +23,9 @@ import (
 
 var Module = fx.Module("services",
     fx.Provide(
-			NewS3Service,
+			NewUploadService,
 			NewSmtpService,
 			NewAuthService,
 			NewProfileService,
-			NewWishListService,
     ),
 )

backend/internal/services/wishlist.go

@@ -1,228 +0,0 @@
-// Copyright (c) 2025 Nikolai Papin
-//
-// This file is part of Easywish
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
-// the GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-package services
-
-import (
-	"easywish/internal/database"
-	"easywish/internal/dto"
-	errs "easywish/internal/errors"
-	"easywish/internal/utils"
-	"easywish/internal/utils/enums"
-	mapspecial "easywish/internal/utils/mapSpecial"
-	"errors"
-
-	"github.com/go-redis/redis/v8"
-	"github.com/jackc/pgx/v5"
-	"go.uber.org/zap"
-)
-
-type wishListServiceImpl struct {
-	log   *zap.Logger
-	dbctx database.DbContext
-	redis *redis.Client
-	s3 S3Service	
-}
-
-type WishListService interface {
-	CreateWishList(cinfo dto.ClientInfo, object dto.NewWishListDto) (*dto.WishListDto, error)
-	UpdateWishListByGuid(cinfo dto.ClientInfo, guid string, object dto.NewWishDto) (bool, error)
-	DeleteWishListByGuid(cinfo dto.ClientInfo, guid string) (bool, error)
-	GetWishListByGuid(cinfo dto.ClientInfo, guid string) (*dto.WishListDto, error)
-	GetUserWishListsPaginated(cinfo dto.ClientInfo, amount int, page int, sorting enums.Sorting, sortOrder enums.SortOrder) (*[]dto.WishListDto, error)
-
-	CreateWish(cinfo dto.ClientInfo, object dto.NewWishDto) (*dto.WishDto, error)
-	UpdateWish(cinfo dto.ClientInfo, guid string, object dto.NewWishDto) (bool, error)
-	MoveWishToWishList(cinfo dto.ClientInfo, wishGuid string, wishListGuid string) (bool, error)
-	GetWishByGuid(cinfo dto.ClientInfo, guid string) (*dto.WishDto, error)
-	GetWishesByWishListGuidPaginated(cinfo dto.ClientInfo, guid string, amount int, page int, sorting enums.Sorting, sortOrder enums.SortOrder) (*[]dto.WishDto, error)
-}
-
-func NewWishListService(_log *zap.Logger, _dbctx database.DbContext, _redis *redis.Client, _s3 S3Service) WishListService {
-	return wishListServiceImpl{
-		log: _log,
-		dbctx: _dbctx,
-		redis: _redis,
-		s3: _s3,
-	}
-}
-
-func (w wishListServiceImpl) CreateWish(cinfo dto.ClientInfo, object dto.NewWishDto) (*dto.WishDto, error) {
-	helper, db, err := database.NewDbHelperTransaction(w.dbctx); if err != nil {
-		w.log.Error(
-			"Failed to open transaction",	
-			zap.Error(err))
-		return nil, errs.ErrServerError
-	}
-	defer helper.Rollback()
-
-	// Check if wish list exists
-	wishList, err := db.TXQueries.GetWishlistByGuid(db.CTX, object.WishListGuid); if err != nil {
-		if errors.Is(err, pgx.ErrNoRows) {
-			w.log.Warn(
-				"Attempted to create a wish for a wish list that does not exist",	
-				zap.String("username", cinfo.Username),
-				zap.String("wish_list_guid", object.WishListGuid),
-				zap.Error(err))
-			return nil, errs.ErrNotFound
-		}
-
-		w.log.Error(
-			"Failed to get wishlist for the new wish",	
-			zap.String("username", cinfo.Username),
-			zap.String("wish_list_guid", object.WishListGuid),
-			zap.Error(err))
-		return nil, errs.ErrServerError
-	}
-
-	wishListOwnerUser, err := db.TXQueries.GetWishListOwnerByGuid(db.CTX, wishList.Guid.String()); if err != nil {
-		w.log.Error(
-			"Failed to get wish list owner",
-			zap.String("username", cinfo.Username),
-			zap.String("wish_list_guid", wishList.Guid.String()),
-			zap.Error(err))
-		return nil, errs.ErrServerError
-	}
-
-	if wishListOwnerUser.Username != cinfo.Username {
-		w.log.Warn(
-			"Attempt to create wish in a wish list the user does not own",	
-			zap.String("owner_username", wishListOwnerUser.Username),
-			zap.String("username", cinfo.Username),
-			zap.String("wish_list_guid", object.WishListGuid))
-
-		// As usual, we will pretend that it does not exist
-		return nil, errs.ErrNotFound
-	}
-
-	var avatarUrl *string
-	if object.PictureUploadID != "" {
-		key, err := w.s3.SaveUpload(object.PictureUploadID, "images"); if err != nil {
-			if errors.Is(err, errs.ErrFileNotFound) {
-				return nil, err
-			}
-
-			w.log.Error(
-				"Failed to save image",
-				zap.String("upload_id", object.PictureUploadID),
-				zap.String("username", cinfo.Username),
-				zap.Error(err))
-			return nil, errs.ErrServerError
-		}
-
-		urlObj := w.s3.GetLocalizedFileUrl(*key, "images")
-		avatarUrl = utils.NewPointer(urlObj.String())
-	} else {
-		avatarUrl = utils.NewPointer("")
-	}
-
-	newWish, err := db.TXQueries.CreateWish(db.CTX, database.CreateWishParams{
-		WishListGuid: object.WishListGuid,
-		Name: object.Name,
-		Description: object.Description,
-		PictureUrl: *avatarUrl,
-		Stars: int16(object.Stars),
-	}); if err != nil {
-		w.log.Error(
-			"Failed to create a new wish",
-			zap.String("username", cinfo.Username),
-			zap.String("wish_list_guid", object.WishListGuid),
-			zap.Error(err))
-		return nil, errs.ErrServerError
-	}
-
-	err = helper.Commit(); if err != nil {
-		w.log.Error(
-			"Failed to commit transaction",	
-			zap.Error(err))
-		return nil, errs.ErrServerError
-	}
-
-	wishDto := &dto.WishDto{}
-	mapspecial.MapWishDto(newWish, wishDto)
-	return wishDto, nil
-}
-
-func (w wishListServiceImpl) CreateWishList(cinfo dto.ClientInfo, object dto.NewWishListDto) (*dto.WishListDto, error) {
-	helper, db, err := database.NewDbHelperTransaction(w.dbctx); if err != nil {
-		w.log.Error(
-			"Failed to open transaction",	
-			zap.Error(err))
-		return nil, errs.ErrServerError
-	}
-	defer helper.Rollback()
-
-	createdWishList, err := db.TXQueries.CreateWishList(db.CTX, database.CreateWishListParams{
-		Username: cinfo.Username,
-		Hidden: object.Hidden,
-		Name: object.Name,
-		IconName: object.IconName,
-		Color: object.Color,
-		ColorGrad: object.ColorGrad,
-	}); if err != nil {
-		w.log.Error(
-			"Failed to create wish list",	
-			zap.String("username", cinfo.Username),
-			zap.Error(err))
-
-		return nil, errs.ErrServerError
-	}
-
-	err = helper.Commit(); if err != nil {
-		w.log.Error(
-			"Failed to commit transaction",	
-			zap.Error(err))
-		return nil, errs.ErrServerError
-	}
-
-	wishListDto := &dto.WishListDto{}
-	mapspecial.MapWishListDto(createdWishList, wishListDto)
-
-	return wishListDto, nil
-}
-
-func (w wishListServiceImpl) DeleteWishListByGuid(cinfo dto.ClientInfo, guid string) (bool, error) {
-	panic("unimplemented")
-}
-
-func (w wishListServiceImpl) GetUserWishListsPaginated(cinfo dto.ClientInfo, amount int, page int, sorting enums.Sorting, sortOrder enums.SortOrder) (*[]dto.WishListDto, error) {
-	panic("unimplemented")
-}
-
-func (w wishListServiceImpl) GetWishByGuid(cinfo dto.ClientInfo, guid string) (*dto.WishDto, error) {
-	panic("unimplemented")
-}
-
-func (w wishListServiceImpl) GetWishListByGuid(cinfo dto.ClientInfo, guid string) (*dto.WishListDto, error) {
-	panic("unimplemented")
-}
-
-func (w wishListServiceImpl) GetWishesByWishListGuidPaginated(cinfo dto.ClientInfo, guid string, amount int, page int, sorting enums.Sorting, sortOrder enums.SortOrder) (*[]dto.WishDto, error) {
-	panic("unimplemented")
-}
-
-func (w wishListServiceImpl) MoveWishToWishList(cinfo dto.ClientInfo, wishGuid string, wishListGuid string) (bool, error) {
-	panic("unimplemented")
-}
-
-func (w wishListServiceImpl) UpdateWish(cinfo dto.ClientInfo, guid string, object dto.NewWishDto) (bool, error) {
-	panic("unimplemented")
-}
-
-func (w wishListServiceImpl) UpdateWishListByGuid(cinfo dto.ClientInfo, guid string, object dto.NewWishDto) (bool, error) {
-	panic("unimplemented")
-}

backend/internal/utils/enums/enums.go

@@ -35,15 +35,3 @@ const (
 	JwtAccessTokenType JwtTokenType = iota
 	JwtRefreshTokenType
 )
-
-type Sorting int32
-const (
-	ByDate Sorting = iota
-	ByScore
-)
-
-type SortOrder int32
-const (
-	Descending = iota
-	Ascending
-)

backend/internal/utils/mapSpecial/wishDto.go

@@ -1,37 +0,0 @@
-// Copyright (c) 2025 Nikolai Papin
-//
-// This file is part of Easywish
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
-// the GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-package mapspecial
-
-import (
-	"easywish/internal/database"
-	"easywish/internal/dto"
-
-	"github.com/rafiulgits/go-automapper"
-)
-
-func MapWishDto(dbModel database.Wish, dtoModel *dto.WishDto) {
-	if dtoModel == nil {
-		dtoModel = &dto.WishDto{}
-	}
-	automapper.Map(&dbModel, dtoModel, func(src *database.Wish, dst *dto.WishDto) {
-		dst.Guid = src.Guid.String()
-		dst.WishListGuid = src.WishListGuid.String()
-		dst.CreationDate = src.CreationDate.Time.UnixMilli()
-		dst.FulfilledDate = src.FulfilledDate.Time.UnixMilli()
-	})
-}

backend/internal/utils/mapSpecial/wishListDto.go

@@ -1,35 +0,0 @@
-// Copyright (c) 2025 Nikolai Papin
-//
-// This file is part of Easywish
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
-// the GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-package mapspecial
-
-import (
-	"easywish/internal/database"
-	"easywish/internal/dto"
-
-	"github.com/rafiulgits/go-automapper"
-)
-
-func MapWishListDto(dbModel database.WishList, dtoModel *dto.WishListDto) {
-	if dtoModel == nil {
-		dtoModel = &dto.WishListDto{}
-	}
-	automapper.Map(&dbModel, dtoModel, func(src *database.WishList, dst *dto.WishListDto) {
-		dst.Guid = src.Guid.String()
-	})
-}
-

backend/internal/validation/custom.go

@@ -42,13 +42,6 @@ func GetCustomHandlers() []CustomValidatorHandler {
         return regexp.MustCompile(`^[a-zA-Z0-9_]{3,20}$`).MatchString(username)
 		}},
 
-		{
-			FieldName: "guid",
-			Function: func(fl validator.FieldLevel) bool {
-				guid := fl.Field().String()
-        return regexp.MustCompile(`^([{(]?([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})[})]?)$`).MatchString(guid)
-		}},
-
 		{
 			FieldName: "name",
 			Function: func(fl validator.FieldLevel) bool {

sqlc/query.sql

@@ -280,24 +280,6 @@ SELECT profiles.* FROM profiles
 JOIN users ON users.id = profiles.user_id
 WHERE users.username = $1;
 
-;-- name: CheckProfileAccess :one
-SELECT
-  CASE WHEN u.deleted OR NOT u.verified THEN TRUE ELSE FALSE END AS user_unavailable,
-  CASE WHEN EXISTS (
-      SELECT 1
-      FROM banned_users
-      WHERE user_id = u.id AND
-      pardoned IS FALSE AND
-      (expires_at IS NULL OR expires_at < CURRENT_TIMESTAMP)
-  ) THEN TRUE ELSE FALSE END AS user_banned, 
-  CASE WHEN ps.hide_profile_details THEN TRUE ELSE FALSE END AS hidden,
-  CASE WHEN ps.hide_for_unauthenticated AND @requester::text = '' THEN TRUE ELSE FALSE END AS auth_required,
-  CASE WHEN ps.captcha THEN TRUE ELSE FALSE END AS captcha_required
-FROM profiles p
-JOIN profile_settings ps ON ps.profile_id = p.id
-JOIN users u ON p.user_id = u.id
-WHERE p.id = $1;
-
 ;-- name: GetProfileByUsernameWithPrivacy :one
 SELECT
   u.username,
@@ -306,13 +288,27 @@ SELECT
   p.avatar_url,
   CASE WHEN ps.hide_birthday THEN NULL ELSE p.birthday END AS birthday,
   p.color,
-  p.color_grad
+  p.color_grad,
+  NOT (@requester::text = '' AND ps.hide_for_unauthenticated) AS access_allowed
 FROM
   users AS u
 JOIN profiles AS p ON u.id = p.user_id
 JOIN profile_settings AS ps ON p.id = ps.profile_id
 WHERE
-  u.username = @searched_username::text;
+  u.username = @searched_username::text
+  AND (
+    @searched_username::text = @requester::text
+    OR
+    u.deleted IS FALSE
+    AND u.verified IS TRUE
+    AND NOT EXISTS (
+      SELECT 1
+      FROM banned_users
+      WHERE user_id = u.id AND
+      pardoned IS FALSE AND
+      (expires_at IS NULL OR expires_at < CURRENT_TIMESTAMP)
+    )
+  );
 
 ;-- name: GetProfilesRestricted :many
 SELECT 
@@ -374,7 +370,7 @@ VALUES (
   @name::text,
   @icon_name::text,
   @color::text,
-  @color_grad::text
+  @color_grad::boolean
 )
 RETURNING *;
 
@@ -393,29 +389,11 @@ WHERE wl.guid = (@guid::text)::uuid;
 SELECT * FROM wish_lists wl
 WHERE wl.guid = (@guid::text)::uuid;
 
-;-- name: GetWishListOwnerByGuid :one
-SELECT u.*
-FROM wish_lists wl
-JOIN profiles p ON wl.profile_id = p.id
-JOIN users u ON p.user_id = u.id
-WHERE wl.guid = (@guid::text)::uuid;
-
-;-- name: GetWishlistsByUsername :many
-SELECT * FROM wish_lists wl
-JOIN profiles p ON p.id = wl.profile_id
-JOIN users u ON u.id = p.user_id
-WHERE u.username = @username::text;
-
 -- name: GetWishlistsByUsernameWithPrivacy :many
 SELECT 
   wl.*, 
   CASE 
-    WHEN (
+    WHEN (ps.hide_profile_details OR ps.hide_for_unauthenticated) THEN FALSE 
-      ps.hide_profile_details OR (
-        ps.hide_for_unauthenticated AND
-        @requester::text = ''
-      )
-    ) THEN FALSE 
     ELSE TRUE 
   END AS access_allowed
 FROM 
@@ -445,25 +423,6 @@ WHERE
 
 --: Wish Object {{{
 
-;-- name: CreateWish :one
-INSERT INTO wishes(
-  wish_list_id,
-  wish_list_guid,
-  name,
-  description,
-  picture_url,
-  stars)
-VALUES
-  (
-    (SELECT id FROM wish_lists wl WHERE wl.guid = (@wish_list_guid::text)::uuid),
-    (@wish_list_guid::text)::uuid,
-    @name::text,
-    @description::text,
-    @picture_url::text,
-    @stars::smallint
-  )
-RETURNING *;
-
 ;-- name: UpdateWishByGuid :exec
 UPDATE wishes w
 SET 
@@ -476,55 +435,4 @@ SET
   deleted = COALESCE(@deleted::boolean, w.deleted)
 WHERE w.guid = (@guid::text)::uuid;
 
-;-- name: MoveWishToWishListWithGuid :one
-WITH updated AS (
-  UPDATE wishes w
-  SET
-    wish_list_id = wl.id,
-    wish_list_guid = (@wish_list_guid::text)::uuid
-  FROM wish_lists wl
-  WHERE 
-    wl.guid = (@wish_list_guid::text)::uuid AND
-    wl.profile_id = ( -- Make sure the wish is not moved to another profile
-      SELECT profile_id
-      FROM wish_lists
-      WHERE wish_lists.id = w.wish_list_id
-    )
-  RETURNING w.id
-)
-SELECT 
-  COUNT(*) > 0 AS target_found
-FROM updated;
-
-;-- name: GetWishByGuid :one
-SELECT * FROM wishes w
-WHERE w.guid = (@guid::text)::uuid;
-
-;-- name: CheckWishAccessByGuid :one
-SELECT EXISTS (
-    SELECT 1
-    FROM wishes w
-    JOIN wish_lists wl ON w.wish_list_id = wl.id
-    JOIN profiles p ON wl.profile_id = p.id
-    JOIN profile_settings ps ON ps.profile_id = p.id
-    JOIN users u ON p.user_id = u.id
-    LEFT JOIN banned_users bu ON u.id = bu.user_id 
-        AND bu.pardoned = FALSE 
-        AND (bu.expires_at IS NULL OR bu.expires_at > NOW())
-    WHERE w.guid = (@guid::text)::uuid
-        AND ps.hide_profile_details = FALSE
-        AND (
-          @requester::text != ''
-          OR ps.hide_for_unauthenticated IS FALSE
-        )
-        AND (
-          w.fulfilled = FALSE
-          OR ps.hide_fulfilled IS FALSE
-        )
-        AND w.deleted = FALSE
-        AND wl.deleted = FALSE
-        AND u.deleted = FALSE
-        AND bu.id IS NULL  -- Ensures owner is not banned
-);
-
 --: }}}

sqlc/schema.sql

@@ -101,9 +101,9 @@ CREATE TABLE IF NOT EXISTS "wish_lists" (
   profile_id BIGINT UNIQUE NOT NULL REFERENCES profiles(id) ON DELETE CASCADE,
   hidden BOOLEAN NOT NULL DEFAULT FALSE,
   name VARCHAR(32) NOT NULL DEFAULT 'Wishes',
-  icon_name VARCHAR(64) NOT NULL DEFAULT '',
+  icon_name VARCHAR(64),
-  color VARCHAR(7) NOT NULL DEFAULT '',
+  color VARCHAR(7),
-  color_grad VARCHAR(7) NOT NULL DEFAULT '',
+  color_grad VARCHAR(7),
   deleted BOOLEAN NOT NULL DEFAULT FALSE
 );
 
@@ -111,8 +111,7 @@ CREATE TABLE IF NOT EXISTS "wishes" (
   id BIGSERIAL PRIMARY KEY,
   guid UUID UNIQUE NOT NULL DEFAULT gen_random_uuid(),
   wish_list_id BIGINT UNIQUE NOT NULL REFERENCES wish_lists(id) ON DELETE CASCADE,
-  wish_list_guid UUID NOT NULL REFERENCES wish_lists(guid) ON DELETE CASCADE,
+  name VARCHAR(32) NOT NULL DEFAULT 'New wish',
-  name VARCHAR(64) NOT NULL DEFAULT 'New wish',
   description VARCHAR(1000) NOT NULL DEFAULT '',
   picture_url VARCHAR(512) NOT NULL DEFAULT '',
   stars SMALLINT NOT NULL DEFAULT 3 CHECK (stars BETWEEN 1 AND 5),