momswap/backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow anonymous public asset downloads and adopt OSM Liberty style for MapLibre demo.
CI / test (push) Successful in 4s
Details

Browse Source 
Public asset links now work without bearer auth while private assets remain protected, and the demo ships with the local osm-liberty-gl-style assets for consistent tile rendering.

Made-with: Cursor
This commit is contained in:
Andrey
2026-03-02 21:56:31 +00:00
parent a666f1233d
commit 0c76e867ae
253 changed files with 12466 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/http/api_test.go
-3
View File
@@ -326,7 +326,6 @@ func TestAssetLifecycleAndVisibility(t *testing.T) {
user2Pub, user2Priv, _ := ed25519.GenerateKey(rand.Reader)
user2PubB64 := base64.RawURLEncoding.EncodeToString(user2Pub)
registerUserViaAdmin(t, client, server.URL, adminPubB64, adminPriv, adminToken, user2PubB64, user2Priv, "invite-asset-u2")
user2Token := loginUser(t, client, server.URL, user2PubB64, user2Priv)
createCollectionResp, createCollectionData := postJSON(t, client, server.URL+"/v1/collections", map[string]string{
"name": "assets",
@@ -415,7 +414,6 @@ func TestAssetLifecycleAndVisibility(t *testing.T) {
}
reqDownloadPublic, _ := http.NewRequest(http.MethodGet, server.URL+"/v1/assets/"+assetID+"/download", nil)
reqDownloadPublic.Header.Set("Authorization", "Bearer "+user2Token)
downloadPublicResp, err := client.Do(reqDownloadPublic)
if err != nil {
t.Fatalf("download public request failed: %v", err)
@@ -436,7 +434,6 @@ func TestAssetLifecycleAndVisibility(t *testing.T) {
}
reqDownloadPrivate, _ := http.NewRequest(http.MethodGet, server.URL+"/v1/assets/"+assetID+"/download", nil)
reqDownloadPrivate.Header.Set("Authorization", "Bearer "+user2Token)
downloadPrivateResp, err := client.Do(reqDownloadPrivate)
if err != nil {
t.Fatalf("download private request failed: %v", err)
internal/http/handlers.go
+12 -1
View File
@@ -141,6 +141,17 @@ func (a *API) authUser(r *http.Request) (string, error) {
return a.service.AuthenticateSession(token)
}
func (a *API) authUserOptional(r *http.Request) (string, error) {
if strings.TrimSpace(r.Header.Get("Authorization")) == "" {
return "", nil
}
token, err := bearerToken(r)
if err != nil {
return "", err
}
return a.service.AuthenticateSession(token)
}
func (a *API) health(w http.ResponseWriter, _ *http.Request) {
writeJSON(w, http.StatusOK, map[string]string{"status": "ok", "time": time.Now().UTC().Format(time.RFC3339)})
}
@@ -475,7 +486,7 @@ func (a *API) uploadAsset(w http.ResponseWriter, r *http.Request) {
}
func (a *API) downloadAsset(w http.ResponseWriter, r *http.Request) {
user, err := a.authUser(r)
user, err := a.authUserOptional(r)
if err != nil {
writeErr(w, err)
return