Feature: Add account-protected route to mark notifications as read

- Created /account/notifications/read endpoint secured by session middleware - Ensured users can only mark their own notifications as read - Updated dropdown links to point to /account/notifications/read?id={id} - Improved notification security by matching user_id in DB update - Added redirect flow to full notifications page after marking read - Logged DB errors to assist debugging
2025-04-01 22:12:41 +01:00
parent 1e372da57d
commit 06e647d00f
5 changed files with 74 additions and 8 deletions
--- a/storage/notifications.go
+++ b/storage/notifications.go
@@ -2,6 +2,7 @@ package storage

 import (
 	"database/sql"
+	"fmt"
 	"log"

 	"synlotto-website/models"
@@ -45,3 +46,25 @@ func GetRecentNotifications(db *sql.DB, userID int, limit int) []models.Notifica

 	return notifications
 }
+
+func MarkNotificationAsRead(db *sql.DB, userID int, notificationID int) error {
+	result, err := db.Exec(`
+		UPDATE notifications
+		SET is_read = TRUE
+		WHERE id = ? AND user_id = ?
+	`, notificationID, userID)
+
+	if err != nil {
+		return err
+	}
+
+	rowsAffected, err := result.RowsAffected()
+	if err != nil {
+		return err
+	}
+	if rowsAffected == 0 {
+		return fmt.Errorf("no matching notification found or not owned by user")
+	}
+
+	return nil
+}