Changes:

- had to add a Type field to interface DbEntry so that db.List()
is able to distinguish between Upload and Form properly.
- added form describe and delete commands
- added --query parameter to form+upload list for filtering

api/db.go

@@ -23,6 +23,7 @@ import (
 	"github.com/tlinden/ephemerup/common"
 	//"github.com/alecthomas/repr"
 	bolt "go.etcd.io/bbolt"
+	"regexp"
 )
 
 const Bucket string = "data"
@@ -102,8 +103,9 @@ func (db *Db) Delete(apicontext string, id string) error {
 	return err
 }
 
-func (db *Db) List(apicontext string, filter string, t int) (*common.Response, error) {
+func (db *Db) List(apicontext string, filter string, query string, t int) (*common.Response, error) {
 	response := &common.Response{}
+	qr := regexp.MustCompile(query)
 
 	err := db.bolt.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(Bucket))
@@ -112,11 +114,17 @@ func (db *Db) List(apicontext string, filter string, t int) (*common.Response, e
 		}
 
 		err := bucket.ForEach(func(id, j []byte) error {
+			allowed := false
 			entry, err := common.Unmarshal(j, t)
+
 			if err != nil {
 				return fmt.Errorf("unable to unmarshal json: %s", err)
 			}
 
+			if !entry.IsType(t) {
+				return nil
+			}
+
 			var entryContext string
 			if t == common.TypeUpload {
 				entryContext = entry.(*common.Upload).Context
@@ -124,22 +132,42 @@ func (db *Db) List(apicontext string, filter string, t int) (*common.Response, e
 				entryContext = entry.(*common.Form).Context
 			}
 
-			//fmt.Printf("apicontext: %s, filter: %s\n", apicontext, filter)
+			// check if the user is allowed to list this entry
 			if apicontext != "" && db.cfg.Super != apicontext {
-				// only return the uploads for this context
+				// authenticated user but not member of super
+				// only return the uploads matching her context
 				if apicontext == entryContext {
-					// unless a filter needed OR no filter specified
+					// unless a filter OR no filter specified
 					if (filter != "" && entryContext == filter) || filter == "" {
-						response.Append(entry)
+						allowed = true
 					}
 				}
 			} else {
 				// return all, because we operate a public service or current==super
 				if (filter != "" && entryContext == filter) || filter == "" {
-					response.Append(entry)
+					allowed = true
 				}
 			}
 
+			if allowed {
+				// user is allowed to view this entry, check if she also wants to see it
+				if query != "" {
+					if entry.MatchDescription(qr) ||
+						entry.MatchExpire(qr) ||
+						entry.MatchCreated(qr) ||
+						entry.MatchFile(qr) {
+						allowed = true
+					} else {
+						allowed = false
+					}
+				}
+			}
+
+			if allowed {
+				// ok, legit and wanted
+				response.Append(entry)
+			}
+
 			return nil
 		})
 

api/db_test.go

@@ -72,12 +72,13 @@ var dbtests = []struct {
 	context  string
 	ts       string
 	filter   string
+	query    string
 	upload   common.Upload
 	form     common.Form
 }{
 	{
 		"upload", "test.db", false, "1", "foo",
-		"2023-03-10T11:45:00.000Z", "",
+		"2023-03-10T11:45:00.000Z", "", "",
 		common.Upload{
 			Id: "1", Expire: "asap", File: "none", Context: "foo",
 			Created: common.Timestamp{}},
@@ -85,7 +86,7 @@ var dbtests = []struct {
 	},
 	{
 		"form", "test.db", false, "2", "foo",
-		"2023-03-10T11:45:00.000Z", "",
+		"2023-03-10T11:45:00.000Z", "", "",
 		common.Upload{},
 		common.Form{
 			Id: "1", Expire: "asap", Description: "none", Context: "foo",
@@ -149,7 +150,7 @@ func TestDboperation(t *testing.T) {
 				td.Cmp(t, response.Uploads[0], &tt.upload, tt.name)
 
 				// fetch list
-				response, err = db.List(tt.context, tt.filter, common.TypeUpload)
+				response, err = db.List(tt.context, tt.filter, tt.query, common.TypeUpload)
 				if err != nil {
 					t.Errorf("Could not fetch uploads list: " + err.Error())
 				}
@@ -211,7 +212,7 @@ func TestDboperation(t *testing.T) {
 				td.Cmp(t, response.Forms[0], &tt.form, tt.name)
 
 				// fetch list
-				response, err = db.List(tt.context, tt.filter, common.TypeForm)
+				response, err = db.List(tt.context, tt.filter, tt.query, common.TypeForm)
 				if err != nil {
 					t.Errorf("Could not fetch forms list: " + err.Error())
 				}

api/form_handlers.go

@@ -36,7 +36,7 @@ func FormCreate(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
 	var formdata common.Form
 
 	// init form obj
-	entry := &common.Form{Id: id, Created: common.Timestamp{Time: time.Now()}}
+	entry := &common.Form{Id: id, Created: common.Timestamp{Time: time.Now()}, Type: common.TypeForm}
 
 	// retrieve the API Context name from the session
 	apicontext, err := SessionGetApicontext(c)
@@ -149,6 +149,12 @@ func FormsList(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
 			"Invalid api context filter provided!")
 	}
 
+	query, err := common.Untaint(setcontext.Query, cfg.RegQuery)
+	if err != nil {
+		return JsonStatus(c, fiber.StatusForbidden,
+			"Invalid query provided!")
+	}
+
 	// retrieve the API Context name from the session
 	apicontext, err := SessionGetApicontext(c)
 	if err != nil {
@@ -157,7 +163,7 @@ func FormsList(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
 	}
 
 	// get list
-	response, err := db.List(apicontext, filter, common.TypeForm)
+	response, err := db.List(apicontext, filter, query, common.TypeForm)
 	if err != nil {
 		return JsonStatus(c, fiber.StatusForbidden,
 			"Unable to list forms: "+err.Error())

api/upload_handlers.go

@@ -33,6 +33,7 @@ import (
 
 type SetContext struct {
 	Apicontext string `json:"apicontext" form:"apicontext"`
+	Query      string `json:"query" form:"query"`
 }
 
 func UploadPost(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
@@ -66,7 +67,7 @@ func UploadPost(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
 	}
 
 	// init upload obj
-	entry := &common.Upload{Id: id, Created: common.Timestamp{Time: time.Now()}}
+	entry := &common.Upload{Id: id, Created: common.Timestamp{Time: time.Now()}, Type: common.TypeUpload}
 
 	// retrieve the API Context name from the session
 	apicontext, err := SessionGetApicontext(c)
@@ -256,17 +257,23 @@ func UploadDelete(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
 
 // returns the whole list + error code, no post processing by server
 func UploadsList(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
-	// fetch filter from body(json expected)
+	// fetch apifilter+query from body(json expected)
 	setcontext := new(SetContext)
 	if err := c.BodyParser(setcontext); err != nil {
 		return JsonStatus(c, fiber.StatusForbidden,
 			"Unable to parse body: "+err.Error())
 	}
 
-	filter, err := common.Untaint(setcontext.Apicontext, cfg.RegKey)
+	apifilter, err := common.Untaint(setcontext.Apicontext, cfg.RegKey)
 	if err != nil {
 		return JsonStatus(c, fiber.StatusForbidden,
-			"Invalid api context filter provided!")
+			"Invalid api context apifilter provided!")
+	}
+
+	query, err := common.Untaint(setcontext.Query, cfg.RegQuery)
+	if err != nil {
+		return JsonStatus(c, fiber.StatusForbidden,
+			"Invalid query provided!")
 	}
 
 	// retrieve the API Context name from the session
@@ -277,7 +284,7 @@ func UploadsList(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
 	}
 
 	// get list
-	uploads, err := db.List(apicontext, filter, common.TypeUpload)
+	uploads, err := db.List(apicontext, apifilter, query, common.TypeUpload)
 	if err != nil {
 		return JsonStatus(c, fiber.StatusForbidden,
 			"Unable to list uploads: "+err.Error())