[add] document view, [add] html sanitization, [add] google books metadata enrichment, [improve] db query performance

api/api.go

@@ -9,31 +9,44 @@ import (
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-contrib/sessions/cookie"
 	"github.com/gin-gonic/gin"
+	"github.com/microcosm-cc/bluemonday"
+	log "github.com/sirupsen/logrus"
 	"reichard.io/bbank/config"
 	"reichard.io/bbank/database"
 	"reichard.io/bbank/graph"
 )
 
 type API struct {
-	Router *gin.Engine
-	Config *config.Config
-	DB     *database.DBManager
+	Router     *gin.Engine
+	Config     *config.Config
+	DB         *database.DBManager
+	HTMLPolicy *bluemonday.Policy
 }
 
 func NewApi(db *database.DBManager, c *config.Config) *API {
 	api := &API{
-		Router: gin.Default(),
-		Config: c,
-		DB:     db,
+		HTMLPolicy: bluemonday.StripTagsPolicy(),
+		Router:     gin.Default(),
+		Config:     c,
+		DB:         db,
 	}
 
 	// Assets & Web App Templates
 	api.Router.Static("/assets", "./assets")
 
 	// Generate Secure Token
-	newToken, err := generateToken(64)
-	if err != nil {
-		panic("Unable to generate secure token")
+	var newToken []byte
+	var err error
+
+	if c.CookieSessionKey != "" {
+		log.Info("[NewApi] Utilizing Environment Cookie Session Key")
+		newToken = []byte(c.CookieSessionKey)
+	} else {
+		log.Info("[NewApi] Generating Cookie Session Key")
+		newToken, err = generateToken(64)
+		if err != nil {
+			panic("Unable to generate secure token")
+		}
 	}
 
 	// Configure Cookie Session Store
@@ -69,6 +82,7 @@ func (api *API) registerWebAppRoutes() {
 	render.AddFromFilesFuncs("graphs", helperFuncs, "templates/base.html", "templates/graphs.html")
 	render.AddFromFilesFuncs("activity", helperFuncs, "templates/base.html", "templates/activity.html")
 	render.AddFromFilesFuncs("documents", helperFuncs, "templates/base.html", "templates/documents.html")
+	render.AddFromFilesFuncs("document", helperFuncs, "templates/base.html", "templates/document.html")
 
 	api.Router.HTMLRender = render
 
@@ -80,8 +94,9 @@ func (api *API) registerWebAppRoutes() {
 	api.Router.POST("/register", api.authFormRegister)
 
 	api.Router.GET("/", api.authWebAppMiddleware, api.createAppResourcesRoute("home"))
-	api.Router.GET("/documents", api.authWebAppMiddleware, api.createAppResourcesRoute("documents"))
 	api.Router.GET("/activity", api.authWebAppMiddleware, api.createAppResourcesRoute("activity"))
+	api.Router.GET("/documents", api.authWebAppMiddleware, api.createAppResourcesRoute("documents"))
+	api.Router.GET("/documents/:document", api.authWebAppMiddleware, api.createAppResourcesRoute("document"))
 	api.Router.GET("/documents/:document/file", api.authWebAppMiddleware, api.downloadDocumentFile)
 	api.Router.GET("/documents/:document/cover", api.authWebAppMiddleware, api.getDocumentCover)
 

api/app-routes.go

@@ -5,6 +5,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"time"
 
 	"github.com/gin-gonic/gin"
 	log "github.com/sirupsen/logrus"
@@ -64,12 +65,38 @@ func (api *API) createAppResourcesRoute(routeName string, args ...map[string]any
 			}
 
 			templateVars["Data"] = documents
+		} else if routeName == "document" {
+			var rDocID requestDocumentID
+			if err := c.ShouldBindUri(&rDocID); err != nil {
+				log.Error("[createAppResourcesRoute] Invalid URI Bind")
+				c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Invalid Request"})
+				return
+			}
+
+			document, err := api.DB.Queries.GetDocumentWithStats(api.DB.Ctx, database.GetDocumentWithStatsParams{
+				UserID:     rUser.(string),
+				DocumentID: rDocID.DocumentID,
+			})
+			if err != nil {
+				log.Error("[createAppResourcesRoute] GetDocumentWithStats DB Error:", err)
+				c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Invalid Request"})
+				return
+			}
+
+			templateVars["Data"] = document
 		} else if routeName == "activity" {
-			activity, err := api.DB.Queries.GetActivity(api.DB.Ctx, database.GetActivityParams{
+			activityFilter := database.GetActivityParams{
 				UserID: rUser.(string),
 				Offset: (*qParams.Page - 1) * *qParams.Limit,
 				Limit:  *qParams.Limit,
-			})
+			}
+
+			if qParams.Document != nil {
+				activityFilter.DocFilter = true
+				activityFilter.DocumentID = *qParams.Document
+			}
+
+			activity, err := api.DB.Queries.GetActivity(api.DB.Ctx, activityFilter)
 			if err != nil {
 				log.Error("[createAppResourcesRoute] GetActivity DB Error:", err)
 				c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Invalid Request"})
@@ -78,6 +105,7 @@ func (api *API) createAppResourcesRoute(routeName string, args ...map[string]any
 
 			templateVars["Data"] = activity
 		} else if routeName == "home" {
+			start_time := time.Now()
 			weekly_streak, err := api.DB.Queries.GetUserWindowStreaks(api.DB.Ctx, database.GetUserWindowStreaksParams{
 				UserID: rUser.(string),
 				Window: "WEEK",
@@ -85,6 +113,8 @@ func (api *API) createAppResourcesRoute(routeName string, args ...map[string]any
 			if err != nil {
 				log.Warn("[createAppResourcesRoute] GetUserWindowStreaks DB Error:", err)
 			}
+			log.Info("GetUserWindowStreaks - WEEK - ", time.Since(start_time))
+			start_time = time.Now()
 
 			daily_streak, err := api.DB.Queries.GetUserWindowStreaks(api.DB.Ctx, database.GetUserWindowStreaksParams{
 				UserID: rUser.(string),
@@ -93,9 +123,15 @@ func (api *API) createAppResourcesRoute(routeName string, args ...map[string]any
 			if err != nil {
 				log.Warn("[createAppResourcesRoute] GetUserWindowStreaks DB Error:", err)
 			}
+			log.Info("GetUserWindowStreaks - DAY - ", time.Since(start_time))
 
+			start_time = time.Now()
 			database_info, _ := api.DB.Queries.GetDatabaseInfo(api.DB.Ctx, rUser.(string))
+			log.Info("GetDatabaseInfo - ", time.Since(start_time))
+
+			start_time = time.Now()
 			read_graph_data, _ := api.DB.Queries.GetDailyReadStats(api.DB.Ctx, rUser.(string))
+			log.Info("GetDailyReadStats - ", time.Since(start_time))
 
 			templateVars["Data"] = gin.H{
 				"DailyStreak":  daily_streak,
@@ -156,17 +192,39 @@ func (api *API) getDocumentCover(c *gin.Context) {
 	*/
 
 	var coverID string = "UNKNOWN"
-	var coverFilePath *string
+	var coverFilePath string
 
 	// Identify Documents & Save Covers
-	coverIDs, err := metadata.GetCoverIDs(document.Title, document.Author)
-	if err == nil && len(coverIDs) > 0 {
-		coverFilePath, err = metadata.DownloadAndSaveCover(coverIDs[0], api.Config.DataPath)
+	bookMetadata := metadata.MetadataInfo{
+		Title:  document.Title,
+		Author: document.Author,
+	}
+	err = metadata.GetMetadata(&bookMetadata)
+	if err == nil && bookMetadata.GBID != nil {
+		// Derive & Sanitize File Name
+		fileName := "." + filepath.Clean(fmt.Sprintf("/%s.jpg", *bookMetadata.GBID))
+
+		// Generate Storage Path
+		coverFilePath = filepath.Join(api.Config.DataPath, "covers", fileName)
+
+		err := metadata.SaveCover(*bookMetadata.GBID, coverFilePath)
 		if err == nil {
-			coverID = coverIDs[0]
+			coverID = *bookMetadata.GBID
+			log.Info("Title:", *bookMetadata.Title)
+			log.Info("Author:", *bookMetadata.Author)
+			log.Info("Description:", *bookMetadata.Description)
+			log.Info("IDs:", bookMetadata.ISBN)
 		}
 	}
 
+	// coverIDs, err := metadata.GetCoverOLIDs(document.Title, document.Author)
+	// if err == nil && len(coverIDs) > 0 {
+	// 	coverFilePath, err = metadata.DownloadAndSaveCover(coverIDs[0], api.Config.DataPath)
+	// 	if err == nil {
+	// 		coverID = coverIDs[0]
+	// 	}
+	// }
+
 	// Upsert Document
 	if _, err = api.DB.Queries.UpsertDocument(api.DB.Ctx, database.UpsertDocumentParams{
 		ID:   document.ID,
@@ -181,5 +239,5 @@ func (api *API) getDocumentCover(c *gin.Context) {
 		return
 	}
 
-	c.File(*coverFilePath)
+	c.File(coverFilePath)
 }

api/ko-routes.go

@@ -335,12 +335,12 @@ func (api *API) addDocuments(c *gin.Context) {
 	for _, doc := range rNewDocs.Documents {
 		doc, err := qtx.UpsertDocument(api.DB.Ctx, database.UpsertDocumentParams{
 			ID:          doc.ID,
-			Title:       doc.Title,
-			Author:      doc.Author,
-			Series:      doc.Series,
+			Title:       api.sanitizeInput(doc.Title),
+			Author:      api.sanitizeInput(doc.Author),
+			Series:      api.sanitizeInput(doc.Series),
 			SeriesIndex: doc.SeriesIndex,
-			Lang:        doc.Lang,
-			Description: doc.Description,
+			Lang:        api.sanitizeInput(doc.Lang),
+			Description: api.sanitizeInput(doc.Description),
 		})
 		if err != nil {
 			log.Error("[addDocuments] UpsertDocument DB Error:", err)
@@ -605,6 +605,22 @@ func (api *API) downloadDocumentFile(c *gin.Context) {
 	c.File(filePath)
 }
 
+func (api *API) sanitizeInput(val any) *string {
+	switch v := val.(type) {
+	case *string:
+		if v != nil {
+			newString := api.HTMLPolicy.Sanitize(string(*v))
+			return &newString
+		}
+	case string:
+		if v != "" {
+			newString := api.HTMLPolicy.Sanitize(string(v))
+			return &newString
+		}
+	}
+	return nil
+}
+
 func getKeys[M ~map[K]V, K comparable, V any](m M) []K {
 	r := make([]K, 0, len(m))
 	for k := range m {