player profile added

internal/handlers/player_link_slapid.go

@@ -0,0 +1,104 @@
+package handlers
+
+import (
+	"context"
+	"net/http"
+	"strconv"
+
+	"git.haelnorr.com/h/golib/hws"
+	"git.haelnorr.com/h/oslstats/internal/db"
+	"git.haelnorr.com/h/oslstats/internal/notify"
+	"git.haelnorr.com/h/oslstats/internal/throw"
+	playersview "git.haelnorr.com/h/oslstats/internal/view/playersview"
+	"git.haelnorr.com/h/oslstats/pkg/slapshotapi"
+	"github.com/pkg/errors"
+	"github.com/uptrace/bun"
+)
+
+// LinkPlayerSlapID handles the HTMX POST request to link a player's Slapshot ID
+// via their Discord Steam connection. Only the player's owner can trigger this.
+func LinkPlayerSlapID(
+	s *hws.Server,
+	conn *db.DB,
+	slapAPI *slapshotapi.SlapAPI,
+) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		playerIDStr := r.PathValue("player_id")
+
+		playerID, err := strconv.Atoi(playerIDStr)
+		if err != nil {
+			throw.NotFound(s, w, r, r.URL.Path)
+			return
+		}
+
+		var player *db.Player
+
+		if ok := conn.WithNotifyTx(s, w, r, func(ctx context.Context, tx bun.Tx) (bool, error) {
+			user := db.CurrentUser(ctx)
+			if user == nil {
+				throw.Unauthorized(s, w, r, "You must be logged in", errors.New("user not authenticated"))
+				return false, nil
+			}
+
+			var err error
+			player, err = db.GetPlayer(ctx, tx, playerID)
+			if err != nil {
+				if db.IsBadRequest(err) {
+					throw.NotFound(s, w, r, r.URL.Path)
+					return false, nil
+				}
+				return false, errors.Wrap(err, "db.GetPlayer")
+			}
+
+			// Verify the current user owns this player
+			if player.UserID == nil || *player.UserID != user.ID {
+				throw.ForbiddenSecurity(s, w, r, "You can only link your own player", errors.New("user does not own player"))
+				return false, nil
+			}
+
+			// Player already has a SlapID
+			if player.SlapID != nil {
+				notify.Info(s, w, r, "Already Linked", "Your Slapshot ID is already linked", nil)
+				return false, nil
+			}
+
+			// Get the user's discord token to look up steam connection
+			discordToken, err := user.GetDiscordToken(ctx, tx)
+			if err != nil {
+				if db.IsBadRequest(err) {
+					notify.Warn(s, w, r, "Link Failed", "Discord token not found. Please log out and log back in.", nil)
+					return false, nil
+				}
+				return false, errors.Wrap(err, "user.GetDiscordToken")
+			}
+
+			audit := db.NewAudit(r.RemoteAddr, r.UserAgent(), user)
+			err = ConnectSlapID(ctx, tx, user, discordToken.Convert(), slapAPI, audit)
+			if err != nil {
+				return false, errors.Wrap(err, "ConnectSlapID")
+			}
+
+			// Re-fetch the player to check if SlapID was set
+			player, err = db.GetPlayer(ctx, tx, playerID)
+			if err != nil {
+				return false, errors.Wrap(err, "db.GetPlayer")
+			}
+
+			if player.SlapID == nil {
+				// ConnectSlapID returned nil (silent failure) - no steam or no slapID
+				notify.Warn(s, w, r, "Link Failed",
+					"Could not find your Slapshot ID. Make sure your Steam account is connected to Discord and you have played Slapshot: Rebound.",
+					nil)
+			} else {
+				notify.Success(s, w, r, "Success", "Your Slapshot ID has been linked!", nil)
+			}
+
+			return true, nil
+		}); !ok {
+			return
+		}
+
+		// Re-render the slap ID section with updated state
+		renderSafely(playersview.SlapIDSection(player, true), s, r, w)
+	})
+}