From 4f6c84085795b32b07a42e47dff1a8b8956ecbb9 Mon Sep 17 00:00:00 2001
From: bt <bt@rctt.net>
Date: Sat, 16 May 2026 22:40:12 +0200
Subject: Return channel history only if user is connected to it

---
 core/data.go       |  2 --
 server/user.go     | 18 ++++++++++++++++--
 storage/storage.go |  7 +++++--
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/core/data.go b/core/data.go
index 4d18604..e3fd560 100644
--- a/core/data.go
+++ b/core/data.go
@@ -151,8 +151,6 @@ func Decode(buf io.Reader) (any, error) {
 	default:
 		return nil, fmt.Errorf("invalid payload type: %v", pType)
 	}
-
-	return pType, nil
 }
 
 func decodeNumeric(buf io.Reader, ptr any) error {
diff --git a/server/user.go b/server/user.go
index 6b0e946..cc8c160 100644
--- a/server/user.go
+++ b/server/user.go
@@ -1,6 +1,7 @@
 package server
 
 import (
+	"fmt"
 	"log"
 	"net"
 
@@ -154,12 +155,25 @@ func (s *Server) handleUsermode(user *User, conn net.Conn, mode core.Usermode) e
 	return nil
 }
 
+// TODO: Replace user.Send(error) with conn.Send()
+// TODO: Better errors
+
 func (s *Server) handleHistory(user *User, conn net.Conn, hist core.History) error {
-	// TODO: Add permissions check
+	addr, err := core.ReadAddr(hist.Channel)
+	if err != nil {
+		fmt.Println("cannot parse address:", err)
+		return user.Send(conn, core.Error{core.ErrorNotFound})
+	}
+
+	if _, ok := user.Channels[addr.Channel]; !ok {
+		fmt.Println("cannot get message history: not authorized")
+		return user.Send(conn, core.Error{core.ErrorNotFound})
+	}
 
 	messages, err := s.Storage.Read(hist.Channel, hist.Since, int(hist.Count), int(hist.Offset))
 	if err != nil {
-		return err
+		fmt.Println("cannot get message history:", err)
+		return user.Send(conn, core.Error{core.ErrorNotFound})
 	}
 
 	for _, m := range messages {
diff --git a/storage/storage.go b/storage/storage.go
index 0103370..1dcea40 100644
--- a/storage/storage.go
+++ b/storage/storage.go
@@ -41,10 +41,13 @@ func (db *Database) Write(msg core.Message) (err error) {
 
 func (db *Database) Read(channel string, since time.Time, num int, offset int) (history []core.Message, err error) {
 	rows, err := db.Query(
-		"SELECT source, target, timestamp, content FROM messages WHERE timestamp > ? LIMIT ? OFFSET ?",
-		since.Unix(), num, offset,
+		`SELECT source, target, timestamp, content FROM messages WHERE target = ? AND timestamp > ? LIMIT ? OFFSET ?`,
+		channel, since.Unix(), num, offset,
 	)
 	defer func() {
+		if rows == nil {
+			return
+		}
 		if err := rows.Close(); err != nil {
 			log.Println("cannot close database row:", err)
 		}
-- 
cgit v1.2.3