2 files changed, 56 insertions, 18 deletions

diff --git a/timer.db b/timer.db
index 2b944ed..ac83467 100644
--- a/timer.db
+++ b/timer.db
diff --git a/timer.go b/timer.go
index 610de82..a45ad3a 100644
--- a/timer.go
+++ b/timer.go
@@ -191,7 +191,7 @@ func queryUserById(db *sql.DB, id model.UUID) *model.User {
 	return &user
 }
 
-func queryTimer(db *sql.DB, idStr string, userId model.UUID) *model.Timer {
+func queryTimerFromUser(db *sql.DB, idStr string, userId model.UUID) *model.Timer {
 	var id model.UUID
 	if err := id.Scan(idStr); err != nil {
 		return nil
@@ -207,6 +207,22 @@ func queryTimer(db *sql.DB, idStr string, userId model.UUID) *model.Timer {
 	return nil
 }
 
+func queryTimerFromToken(db *sql.DB, idStr string, token string) *model.Timer {
+	var id model.UUID
+	if err := id.Scan(idStr); err != nil {
+		return nil
+	}
+
+	row := db.QueryRow("SELECT Id, Name, StartTime, EndTime, Owner, Token FROM Timer WHERE Id=$1 AND Token=$2", id, token)
+
+	var t model.Timer
+	if err := row.Scan(&t.Id, &t.Name, &t.StartTime, &t.EndTime, &t.Owner, &t.Token); err == nil {
+		return &t
+	}
+
+	return nil
+}
+
 func deleteTimer(db *sql.DB, idStr string, userId model.UUID) bool {
 	var id model.UUID
 	if err := id.Scan(idStr); err != nil {
@@ -307,7 +323,7 @@ func (server *MyServer) handleTimer(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	timer := queryTimer(server.db, r.PathValue("timerId"), currentUser.Id)
+	timer := queryTimerFromUser(server.db, r.PathValue("timerId"), currentUser.Id)
 	if timer != nil && timer.Owner == currentUser.Id {
 		view.Main(view.TimerView(*timer), currentUser).Render(context.Background(), w)
 	} else {
@@ -345,6 +361,30 @@ func parseDuration(value string) (time.Duration, error) {
 	return time.Duration(amount) * unit, nil
 }
 
+func (server *MyServer) handleTimerAddTimeCommon(w http.ResponseWriter, r *http.Request, timer *model.Timer) bool {
+	if timer.IsFinished() {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte("Timer already finished"))
+		return false
+	}
+
+	duration, err := parseDuration(r.FormValue("timeToAdd"))
+	if err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte(err.Error()))
+		return false
+	}
+
+	timer.EndTime.Add(duration)
+	res := updateTimerEndTime(server.db, timer.Id, timer.EndTime, timer.Owner)
+	if !res {
+		w.WriteHeader(http.StatusInternalServerError)
+		return false
+	}
+
+	return true
+}
+
 func (server *MyServer) handleTimerAddTime(w http.ResponseWriter, r *http.Request) {
 	currentUser := server.findCurrentUser(w, r)
 	if currentUser == nil {
@@ -352,32 +392,29 @@ func (server *MyServer) handleTimerAddTime(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	timer := queryTimer(server.db, r.PathValue("timerId"), currentUser.Id)
+	timer := queryTimerFromUser(server.db, r.PathValue("timerId"), currentUser.Id)
 	if timer == nil {
-		server.handleNotFound(w, r)
+		w.WriteHeader(http.StatusNotFound)
 		return
 	}
 
-	if timer.IsFinished() {
-		w.WriteHeader(http.StatusBadRequest)
+	if !server.handleTimerAddTimeCommon(w, r, timer) {
 		return
 	}
 
-	duration, err := parseDuration(r.FormValue("timeToAdd"))
-	if err != nil {
-		w.WriteHeader(http.StatusBadRequest)
-		w.Write([]byte(err.Error()))
+	view.TimerInfo(*timer).Render(context.Background(), w)
+}
+
+func (server *MyServer) handleApiTimerAddTime(w http.ResponseWriter, r *http.Request) {
+	timer := queryTimerFromToken(server.db, r.PathValue("timerId"), r.FormValue("token"))
+	if timer == nil {
+		w.WriteHeader(http.StatusNotFound)
 		return
 	}
 
-	timer.EndTime.Add(duration)
-	res := updateTimerEndTime(server.db, timer.Id, timer.EndTime, currentUser.Id)
-	if !res {
-		w.WriteHeader(http.StatusBadRequest)
+	if !server.handleTimerAddTimeCommon(w, r, timer) {
 		return
 	}
-
-	view.TimerInfo(*timer).Render(context.Background(), w)
 }
 
 func (server *MyServer) handleGetTimerToken(w http.ResponseWriter, r *http.Request) {
@@ -387,7 +424,7 @@ func (server *MyServer) handleGetTimerToken(w http.ResponseWriter, r *http.Reque
 		return
 	}
 
-	timer := queryTimer(server.db, r.PathValue("timerId"), currentUser.Id)
+	timer := queryTimerFromUser(server.db, r.PathValue("timerId"), currentUser.Id)
 	if timer == nil {
 		server.handleNotFound(w, r)
 		return
@@ -403,7 +440,7 @@ func (server *MyServer) handleResetTimerToken(w http.ResponseWriter, r *http.Req
 		return
 	}
 
-	timer := queryTimer(server.db, r.PathValue("timerId"), currentUser.Id)
+	timer := queryTimerFromUser(server.db, r.PathValue("timerId"), currentUser.Id)
 	if timer == nil {
 		server.handleNotFound(w, r)
 		return
@@ -569,6 +606,7 @@ func main() {
 	http.HandleFunc("POST /logout", myServer.handlePostLogout)
 	http.HandleFunc("GET /timer/{timerId}", myServer.handleTimer)
 	http.HandleFunc("POST /timer/{timerId}/addTime", myServer.handleTimerAddTime)
+	http.HandleFunc("POST /api/timer/{timerId}/addTime", myServer.handleApiTimerAddTime)
 	http.HandleFunc("DELETE /timer/{timerId}", myServer.handleDeleteTimer)
 	http.HandleFunc("POST /timer/{timerId}/resetToken", myServer.handleResetTimerToken)
 	http.HandleFunc("GET /timer/{timerId}/token", myServer.handleGetTimerToken)