diff --git a/api_spec.js b/api_spec.js
index c8e216c..b9837bc 100644
--- a/api_spec.js
+++ b/api_spec.js
@@ -109,7 +109,7 @@ frisby.create('Valid posting')
})
.toss();
-frisby.create('Valid posting, editing and more')
+frisby.create('Valid posting, editing and removal')
.post('http://localhost:3000/note', {
password: 'aabbcc',
tos: 'on',
@@ -157,29 +157,57 @@ frisby.create('Valid posting, editing and more')
.get('http://localhost:3000/' + noteId)
.expectStatus(200)
.expectBodyContains('Changed text!')
+ .after((err, res, body) => {
+ frisby.create('Read export of posted note')
+ .expectStatus(200)
+ .get('http://localhost:3000/' + noteId + '/export')
+ .expectHeaderContains('content-type', 'text/plain; charset=utf-8')
+ .expectBodyContains('Changed text!')
+ .toss();
+ frisby.create('Open /edit on posted note')
+ .expectStatus(200)
+ .expectBodyContains('')
+ .get('http://localhost:3000/' + noteId + '/edit')
+ .toss();
+ frisby.create('Read stats of posted note')
+ .get('http://localhost:3000/' + noteId + '/stats')
+ .expectHeaderContains('content-type', 'text/html; charset=utf-8')
+ .expectStatus(200)
+ .expectBodyContains('Statistics')
+ .expectBodyContains('| Views | 0 |
')
+ .toss();
+ })
+ .after((err, res, body) => {
+ frisby.create('Note available')
+ .get('http://localhost:3000/' + noteId)
+ .expectStatus(200)
+ .toss();
+ frisby.create('Delete note with empty password')
+ .post('http://localhost:3000/note', { "id": noteId, "tos": "on", "text": "" })
+ .expectStatus(400)
+ .toss();
+ frisby.create('Delete note with wrong password')
+ .post('http://localhost:3000/note', { "id": noteId, "tos": "on", "text": "", "password": "xxyycc" })
+ .expectStatus(401)
+ .toss();
+ })
+ .after((err, res, body) => {
+ frisby.create('Delete note')
+ .post('http://localhost:3000/note', { "id": noteId, "tos": "on", "text": "", "password": "aabbcc" })
+ .expectStatus(301)
+ .after(function(err, res, body) {
+ frisby.create('Note unavailable')
+ .get('http://localhost:3000/' + noteId)
+ .expectStatus(404)
+ .toss();
+ })
+ .toss();
+ })
.toss();
})
.toss();
})
.toss();
- frisby.create('Read export of posted note')
- .expectStatus(200)
- .get('http://localhost:3000/' + noteId + '/export')
- .expectHeaderContains('content-type', 'text/plain; charset=utf-8')
- .expectBodyContains(testNote)
- .toss();
- frisby.create('Open /edit on posted note')
- .expectStatus(200)
- .expectBodyContains('')
- .get('http://localhost:3000/' + noteId + '/edit')
- .toss();
- frisby.create('Read stats of posted note')
- .get('http://localhost:3000/' + noteId + '/stats')
- .expectHeaderContains('content-type', 'text/html; charset=utf-8')
- .expectStatus(200)
- .expectBodyContains('Statistics')
- .expectBodyContains('| Views | 0 |
')
- .toss();
})
.toss();
diff --git a/server.go b/server.go
index 64236cf..59d95b5 100644
--- a/server.go
+++ b/server.go
@@ -122,14 +122,15 @@ func main() {
c.Logger().Errorf("POST /note error: %d", code)
return c.Render(code, "Note", responsePage(code))
}
+ id := c.FormValue("id")
text := c.FormValue("text")
- if 10 > len(text) || len(text) > 50000 {
+ l := len(text)
+ if (id == "" || id != "" && l != 0) && (10 > l || l > 50000) {
code := http.StatusBadRequest
c.Logger().Errorf("POST /note error: %d", code)
return c.Render(code, "Note",
responsePage(code, "note length not accepted"))
}
- id := c.FormValue("id")
n := &Note{
ID: id,
Text: text,
diff --git a/storage.go b/storage.go
index 09a5d9d..8f0e9c8 100644
--- a/storage.go
+++ b/storage.go
@@ -54,9 +54,18 @@ func update(c echo.Context, db *sql.DB, n *Note) (*Note, error) {
if err != nil {
return nil, err
}
- stmt, _ := tx.Prepare("update notes set (text, edited, password) = (?, ?, ?) where id = ? and (password = ? or password = ?)")
+ s := "update notes set (text, edited, password) = (?, ?, ?) where id = ? and (password = ? or password = ?)"
+ if n.Text == "" {
+ s = "delete from notes where id = ? and (password = ? or password = ?)"
+ }
+ stmt, _ := tx.Prepare(s)
defer stmt.Close()
- res, err := stmt.Exec(n.Text, time.Now(), n.Password, n.ID, n.Password, n.DeprecatedPassword)
+ var res sql.Result
+ if n.Text == "" {
+ res, err = stmt.Exec(n.ID, n.Password, n.DeprecatedPassword)
+ } else {
+ res, err = stmt.Exec(n.Text, time.Now(), n.Password, n.ID, n.Password, n.DeprecatedPassword)
+ }
if err != nil {
tx.Rollback()
return nil, err
@@ -66,7 +75,7 @@ func update(c echo.Context, db *sql.DB, n *Note) (*Note, error) {
tx.Rollback()
return nil, errorUnathorised
}
- c.Logger().Debugf("updating note %s; committing transaction", n.ID)
+ c.Logger().Debugf("updating note %s (deletion: %t); committing transaction", n.ID, n.Text == "")
return n, tx.Commit()
}