Allow auth on public endpoints and delete guest docs

2026-01-30 23:51:48 +05:30
parent 6ffae0f9af
commit bee831c52b
2 changed files with 36 additions and 1 deletions
--- a/src/main/kotlin/com/android/trisolarisserver/controller/GuestDocuments.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/GuestDocuments.kt
@@ -139,6 +139,37 @@ class GuestDocuments(
            .body(resource)
    }

+    @DeleteMapping("/{documentId}")
+    @ResponseStatus(HttpStatus.NO_CONTENT)
+    fun deleteDocument(
+        @PathVariable propertyId: UUID,
+        @PathVariable guestId: UUID,
+        @PathVariable documentId: UUID,
+        @AuthenticationPrincipal principal: MyPrincipal?
+    ) {
+        requireRole(propertyAccess, propertyId, principal, Role.ADMIN, Role.MANAGER)
+
+        val document = guestDocumentRepo.findByIdAndPropertyIdAndGuestId(documentId, propertyId, guestId)
+            ?: throw ResponseStatusException(HttpStatus.NOT_FOUND, "Document not found")
+        val status = document.booking.status
+        if (status != com.android.trisolarisserver.models.booking.BookingStatus.OPEN &&
+            status != com.android.trisolarisserver.models.booking.BookingStatus.CHECKED_IN
+        ) {
+            throw ResponseStatusException(
+                HttpStatus.BAD_REQUEST,
+                "Documents can only be deleted for OPEN or CHECKED_IN bookings"
+            )
+        }
+
+        val path = Paths.get(document.storagePath)
+        try {
+            Files.deleteIfExists(path)
+        } catch (_: Exception) {
+            throw ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, "Failed to delete file")
+        }
+        guestDocumentRepo.delete(document)
+    }
+
    private fun runExtraction(documentId: UUID, propertyId: UUID, guestId: UUID) {
        extractionQueue.enqueue {
            val document = guestDocumentRepo.findById(documentId).orElse(null) ?: return@enqueue
--- a/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt
@@ -20,7 +20,11 @@ class FirebaseAuthFilter(
    private val logger = LoggerFactory.getLogger(FirebaseAuthFilter::class.java)

    override fun shouldNotFilter(request: HttpServletRequest): Boolean {
-        return PublicEndpoints.isPublic(request)
+        if (!PublicEndpoints.isPublic(request)) {
+            return false
+        }
+        val header = request.getHeader(HttpHeaders.AUTHORIZATION)
+        return header.isNullOrBlank() || !header.startsWith("Bearer ")
    }

    override fun doFilterInternal(