move previewCommentCtrl to private REST struct

backend/app/rest/api/rest.go

@@ -254,7 +254,6 @@ func (s *Rest) routes() chi.Router {
 			ropen.Get("/count", s.pubRest.countCtrl)
 			ropen.Post("/counts", s.pubRest.countMultiCtrl)
 			ropen.Get("/list", s.pubRest.listCtrl)
-			ropen.Post("/preview", s.pubRest.previewCommentCtrl)
 			ropen.Get("/info", s.pubRest.infoCtrl)
 			ropen.Get("/img", s.ImageProxy.Handler)
 
@@ -317,6 +316,7 @@ func (s *Rest) routes() chi.Router {
 			rauth.Use(middleware.NoCache, logInfoWithBody)
 
 			rauth.Put("/comment/{id}", s.privRest.updateCommentCtrl)
+			rauth.Post("/preview", s.privRest.previewCommentCtrl)
 			rauth.Post("/comment", s.privRest.createCommentCtrl)
 			rauth.Put("/vote/{id}", s.privRest.voteCtrl)
 			rauth.With(rejectAnonUser).Post("/deleteme", s.privRest.deleteMeCtrl)

backend/app/rest/api/rest_private.go

@@ -62,6 +62,38 @@ type privStore interface {
 	Info(locator store.Locator, readonlyAge int) (store.PostInfo, error)
 }
 
+// POST /preview, body is a comment, returns rendered html
+func (s *private) previewCommentCtrl(w http.ResponseWriter, r *http.Request) {
+	user := rest.MustGetUserInfo(r)
+
+	comment := store.Comment{}
+	if err := render.DecodeJSON(http.MaxBytesReader(w, r.Body, hardBodyLimit), &comment); err != nil {
+		rest.SendErrorJSON(w, r, http.StatusBadRequest, err, "can't bind comment", rest.ErrDecode)
+		return
+	}
+
+	comment.User = user
+	comment.Orig = comment.Text
+	if err := s.dataService.ValidateComment(&comment); err != nil {
+		rest.SendErrorJSON(w, r, http.StatusBadRequest, err, "invalid comment", rest.ErrCommentValidation)
+		return
+	}
+
+	comment = s.commentFormatter.Format(comment)
+	comment.Sanitize()
+
+	// check if images are valid
+	for _, id := range s.imageService.ExtractPictures(comment.Text) {
+		err := s.imageService.ResetCleanupTimer(id)
+		if err != nil {
+			rest.SendErrorJSON(w, r, http.StatusBadRequest, err, "can't renew staged picture cleanup timer", rest.ErrImgNotFound)
+			return
+		}
+	}
+
+	render.HTML(w, r, comment.Text)
+}
+
 // POST /comment - adds comment, resets all immutable fields
 func (s *private) createCommentCtrl(w http.ResponseWriter, r *http.Request) {
 

backend/app/rest/api/rest_public.go

@@ -110,41 +110,6 @@ func (s *public) findCommentsCtrl(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-// POST /preview, body is a comment, returns rendered html
-func (s *public) previewCommentCtrl(w http.ResponseWriter, r *http.Request) {
-	comment := store.Comment{}
-	if err := render.DecodeJSON(http.MaxBytesReader(w, r.Body, hardBodyLimit), &comment); err != nil {
-		rest.SendErrorJSON(w, r, http.StatusBadRequest, err, "can't bind comment", rest.ErrDecode)
-		return
-	}
-
-	user, err := rest.GetUserInfo(r)
-	if err != nil { // this not suppose to happen (handled by Auth), just dbl-check
-		rest.SendErrorJSON(w, r, http.StatusUnauthorized, err, "can't get user info", rest.ErrNoAccess)
-		return
-	}
-	comment.User = user
-	comment.Orig = comment.Text
-	if err = s.dataService.ValidateComment(&comment); err != nil {
-		rest.SendErrorJSON(w, r, http.StatusBadRequest, err, "invalid comment", rest.ErrCommentValidation)
-		return
-	}
-
-	comment = s.commentFormatter.Format(comment)
-	comment.Sanitize()
-
-	// check if images are valid
-	for _, id := range s.imageService.ExtractPictures(comment.Text) {
-		err = s.imageService.ResetCleanupTimer(id)
-		if err != nil {
-			rest.SendErrorJSON(w, r, http.StatusBadRequest, err, "can't renew staged picture cleanup timer", rest.ErrImgNotFound)
-			return
-		}
-	}
-
-	render.HTML(w, r, comment.Text)
-}
-
 // GET /info?site=siteID&url=post-url - get info about the post
 func (s *public) infoCtrl(w http.ResponseWriter, r *http.Request) {
 	locator := store.Locator{SiteID: r.URL.Query().Get("site"), URL: r.URL.Query().Get("url")}