burgernotes-server/main.go

package main

import (
	"bytes"
	"git.ailur.dev/ailur/burgernotes/git.ailur.dev/ailur/burgernotes/protobuf"

	"errors"
	"io"
	"os"
	"strings"
	"time"

	"crypto/ed25519"
	"encoding/json"
	"io/fs"
	"net/http"
	"net/url"

	library "git.ailur.dev/ailur/fg-library/v2"
	nucleusLibrary "git.ailur.dev/ailur/fg-nucleus-library"
	"github.com/go-chi/chi/v5"
	"github.com/golang-jwt/jwt/v5"
	"github.com/google/uuid"
	"google.golang.org/protobuf/proto"
)

var ServiceInformation = library.Service{
	Name: "burgernotes",
	Permissions: library.Permissions{
		Authenticate:              true,  // This service does require authentication
		Database:                  true,  // This service does require database access
		BlobStorage:               true,  // This service does require blob storage access
		InterServiceCommunication: true,  // This service does require inter-service communication
		Resources:                 false, // This service is API-only, so it does not require resources
	},
	ServiceID: uuid.MustParse("b0bee29e-00c4-4ead-a5d6-3f792ff25174"),
}

func unmarshalProtobuf(r *http.Request, protobuf proto.Message) error {
	var protobufData []byte
	_, err := r.Body.Read(protobufData)
	if err != nil {
		return err
	}

	err = proto.Unmarshal(protobufData, protobuf)
	if err != nil {
		return err
	}

	return nil
}

func logFunc(message string, messageType uint64, information library.ServiceInitializationInformation) {
	// Log the message to the logger service
	information.Outbox <- library.InterServiceMessage{
		ServiceID:    ServiceInformation.ServiceID,
		ForServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000002"), // Logger service
		MessageType:  messageType,
		SentAt:       time.Now(),
		Message:      message,
	}
}

func askBlobService(body any, information library.ServiceInitializationInformation, context uint64) (library.InterServiceMessage, error) {
	// Ask the blob storage service for the thing
	information.Outbox <- library.InterServiceMessage{
		ServiceID:    ServiceInformation.ServiceID,
		ForServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000003"), // Blob storage service
		MessageType:  context,
		SentAt:       time.Now(),
		Message:      body,
	}

	// 3 second timeout
	timeoutChan := make(chan struct{})
	go func() {
		time.Sleep(3 * time.Second)
		logFunc("Timeout while waiting for the quota from the blob storage service", 2, information)
		close(timeoutChan)
	}()

	// Wait for the response
	select {
	case response := <-information.Inbox:
		return response, nil
	case <-timeoutChan:
		return library.InterServiceMessage{}, errors.New("timeout")
	}
}

func getQuotaOrUsed(userID uuid.UUID, information library.ServiceInitializationInformation, context uint64) (int64, error) {
	response, err := askBlobService(userID, information, context)
	if err != nil {
		return 0, err
	} else if response.MessageType != 0 {
		return 0, response.Message.(error)
	} else {
		return response.Message.(int64), nil
	}
}

func getQuota(userID uuid.UUID, information library.ServiceInitializationInformation) (int64, error) {
	return getQuotaOrUsed(userID, information, 3)
}

func getUsed(userID uuid.UUID, information library.ServiceInitializationInformation) (int64, error) {
	return getQuotaOrUsed(userID, information, 4)
}

func deleteNote(userID uuid.UUID, noteID uuid.UUID, information library.ServiceInitializationInformation) error {
	response, err := askBlobService(nucleusLibrary.File{
		User: userID,
		Name: noteID.String(),
	}, information, 2)
	if err != nil {
		return err
	}

	if response.MessageType != 0 {
		return response.Message.(error)
	} else {
		return nil
	}
}

func modifyNote(userID uuid.UUID, noteID uuid.UUID, data []byte, information library.ServiceInitializationInformation) error {
	response, err := askBlobService(nucleusLibrary.File{
		User:  userID,
		Name:  noteID.String(),
		Bytes: data,
	}, information, 0)
	if err != nil {
		return err
	}

	if response.MessageType != 0 {
		return response.Message.(error)
	} else {
		return nil
	}
}

func getNote(userID uuid.UUID, noteID uuid.UUID, information library.ServiceInitializationInformation) (*os.File, error) {
	response, err := askBlobService(nucleusLibrary.File{
		User: userID,
		Name: noteID.String(),
	}, information, 1)
	if err != nil {
		return nil, err
	}

	if response.MessageType != 0 {
		return nil, response.Message.(error)
	} else {
		return response.Message.(*os.File), nil
	}
}

func renderProtobuf(statusCode int, w http.ResponseWriter, protobuf proto.Message, information library.ServiceInitializationInformation) {
	w.WriteHeader(statusCode)
	data, err := proto.Marshal(protobuf)
	if err != nil {
		logFunc(err.Error(), 2, information)
	}
	w.Header().Add("Content-Type", "application/x-protobuf")
	_, err = w.Write(data)
	if err != nil {
		logFunc(err.Error(), 2, information)
	}
}

func verifyJWT(token string, publicKey ed25519.PublicKey) (jwt.MapClaims, error) {
	parsedToken, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
		return publicKey, nil
	})
	if err != nil {
		return nil, err
	}

	if !parsedToken.Valid {
		return nil, errors.New("invalid token")
	}

	claims, ok := parsedToken.Claims.(jwt.MapClaims)
	if !ok {
		return nil, errors.New("invalid token")
	}

	// Check if the token expired
	date, err := claims.GetExpirationTime()
	if err != nil || date.Before(time.Now()) || claims["sub"] == nil || claims["isOpenID"] == nil || claims["isOpenID"].(bool) {
		return claims, errors.New("invalid token")
	}

	return claims, nil
}

func getUsername(token string, oauthHostName string, publicKey ed25519.PublicKey) (string, string, error) {
	// Verify the JWT
	_, err := verifyJWT(token, publicKey)
	if err != nil {
		return "", "", err
	}

	// Get the user's information
	var responseData struct {
		Username string `json:"username"`
		Sub      string `json:"sub"`
	}
	request, err := http.NewRequest("GET", oauthHostName+"/api/oauth/userinfo", nil)
	request.Header.Set("Authorization", "Bearer "+token)
	response, err := http.DefaultClient.Do(request)
	if err != nil {
		return "", "", err
	}

	if response.StatusCode != 200 || response.Body == nil || response.Body == http.NoBody {
		return "", "", errors.New("invalid response")
	}

	err = json.NewDecoder(response.Body).Decode(&responseData)
	if err != nil {
		return "", "", err
	}

	return responseData.Sub, responseData.Username, nil
}

func Main(information library.ServiceInitializationInformation) *chi.Mux {
	var conn library.Database
	hostName := information.Configuration["hostName"].(string)

	// Initiate a connection to the database
	// Call service ID 1 to get the database connection information
	information.Outbox <- library.InterServiceMessage{
		ServiceID:    ServiceInformation.ServiceID,
		ForServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"), // Service initialization service
		MessageType:  1,                                                      // Request connection information
		SentAt:       time.Now(),
		Message:      nil,
	}

	// Wait for the response
	response := <-information.Inbox
	if response.MessageType == 2 {
		// This is the connection information
		// Set up the database connection
		conn = response.Message.(library.Database)
		if conn.DBType == library.Sqlite {
			// Create the users table
			_, err := conn.DB.Exec("CREATE TABLE IF NOT EXISTS users (id BLOB NOT NULL UNIQUE, publicKey BLOB NOT NULL, USERNAME TEXT NOT NULL)")
			if err != nil {
				logFunc(err.Error(), 3, information)
			}
			// Create the notes table
			_, err = conn.DB.Exec("CREATE TABLE IF NOT EXISTS notes (id BLOB NOT NULL UNIQUE, userID BLOB NOT NULL, title BLOB NOT NULL, titleIV BLOB NOT NULL)")
			if err != nil {
				logFunc(err.Error(), 3, information)
			}
		} else {
			// Create the users table
			_, err := conn.DB.Exec("CREATE TABLE IF NOT EXISTS users (id BYTEA NOT NULL UNIQUE, publicKey BYTEA NOT NULL, USERNAME TEXT NOT NULL)")
			if err != nil {
				logFunc(err.Error(), 3, information)
			}
			// Create the notes table
			_, err = conn.DB.Exec("CREATE TABLE IF NOT EXISTS notes (id BYTEA NOT NULL UNIQUE, userID BYTEA NOT NULL, title BYTEA NOT NULL, titleIV BYTEA NOT NULL)")
			if err != nil {
				logFunc(err.Error(), 3, information)
			}
		}
	} else {
		// This is an error message
		// Log the error message to the logger service
		logFunc(response.Message.(error).Error(), 3, information)
	}

	// Ask the authentication service for the public key
	information.Outbox <- library.InterServiceMessage{
		ServiceID:    ServiceInformation.ServiceID,
		ForServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000004"), // Authentication service
		MessageType:  2,                                                      // Request public key
		SentAt:       time.Now(),
		Message:      nil,
	}

	var publicKey ed25519.PublicKey = nil

	// 3 second timeout
	go func() {
		time.Sleep(3 * time.Second)
		if publicKey == nil {
			logFunc("Timeout while waiting for the public key from the authentication service", 3, information)
		}
	}()

	// Wait for the response
	response = <-information.Inbox
	if response.MessageType == 2 {
		// This is the public key
		publicKey = response.Message.(ed25519.PublicKey)
	} else {
		// This is an error message
		// Log the error message to the logger service
		logFunc(response.Message.(error).Error(), 3, information)
	}

	// Ask the authentication service for the OAuth host name
	information.Outbox <- library.InterServiceMessage{
		ServiceID:    ServiceInformation.ServiceID,
		ForServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000004"), // Authentication service
		MessageType:  0,                                                      // Request OAuth host name
		SentAt:       time.Now(),
		Message:      nil,
	}

	var oauthHostName string

	// 3 second timeout
	go func() {
		time.Sleep(3 * time.Second)
		if oauthHostName == "" {
			logFunc("Timeout while waiting for the OAuth host name from the authentication service", 3, information)
		}
	}()

	// Wait for the response
	response = <-information.Inbox
	if response.MessageType == 0 {
		// This is the OAuth host name
		oauthHostName = response.Message.(string)
	} else {
		// This is an error message
		// Log the error message to the logger service
		logFunc(response.Message.(error).Error(), 3, information)
	}

	// Ask the authentication service to create a new OAuth2 client
	urlPath, err := url.JoinPath(hostName, "/oauth")
	if err != nil {
		logFunc(err.Error(), 3, information)
	}

	information.Outbox <- library.InterServiceMessage{
		ServiceID:    ServiceInformation.ServiceID,
		ForServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000004"), // Authentication service
		MessageType:  1,                                                      // Create OAuth2 client
		SentAt:       time.Now(),
		Message: nucleusLibrary.OAuthInformation{
			Name:        "Data Tracker",
			RedirectUri: urlPath,
			KeyShareUri: "",
			Scopes:      []string{"openid"},
		},
	}

	oauthResponse := nucleusLibrary.OAuthResponse{}

	// 3 second timeout
	go func() {
		time.Sleep(3 * time.Second)
		if oauthResponse == (nucleusLibrary.OAuthResponse{}) {
			logFunc("Timeout while waiting for the OAuth response from the authentication service", 3, information)
		}
	}()

	// Wait for the response
	response = <-information.Inbox
	switch response.MessageType {
	case 0:
		// Success, set the OAuth response
		oauthResponse = response.Message.(nucleusLibrary.OAuthResponse)
		logFunc("Initialized with App ID: "+oauthResponse.AppID, 0, information)
	case 1:
		// An error which is their fault
		logFunc(response.Message.(error).Error(), 3, information)
	case 2:
		// An error which is our fault
		logFunc(response.Message.(error).Error(), 3, information)
	default:
		// An unknown error
		logFunc("Unknown error", 3, information)
	}

	// Set up the router
	router := chi.NewRouter()

	// Set up the static routes
	staticDir, err := fs.Sub(information.ResourceDir, "static")
	if err != nil {
		logFunc(err.Error(), 3, information)
	} else {
		router.Handle("/bgn-static/*", http.StripPrefix("/bgn-static/", http.FileServerFS(staticDir)))
	}

	// Set up the routes
	router.Post("/api/notes/add", func(w http.ResponseWriter, r *http.Request) {
		var requestData protobuf.Token
		err := unmarshalProtobuf(r, &requestData)

		// Verify the JWT
		claims, err := verifyJWT(requestData.Token, publicKey)
		if err != nil {
			renderProtobuf(403, w, &protobuf.Error{Error: "Invalid token"}, information)
			return
		}

		// Generate a new note UUID
		noteID := uuid.New()

		// Check if the user has reached their quota
		quota, err := getQuota(uuid.MustParse(claims["sub"].(string)), information)
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x02}}, information)
			return
		}

		used, err := getUsed(uuid.MustParse(claims["sub"].(string)), information)
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x03}}, information)
			return
		}

		if used >= quota {
			renderProtobuf(403, w, &protobuf.Error{Error: "Quota reached"}, information)
			return
		}

		// Try to insert the note into the database
		_, err = conn.DB.Exec("INSERT INTO notes (id, userID) VALUES ($1, $2)", noteID, claims["sub"])
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x04}}, information)
		} else {
			noteIdBytes, err := noteID.MarshalBinary()
			if err != nil {
				renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x05}}, information)
			}
			renderProtobuf(200, w, &protobuf.NoteID{NoteId: noteIdBytes}, information)
		}
	})

	router.Post("/api/notes/remove", func(w http.ResponseWriter, r *http.Request) {
		var requestData protobuf.NoteRequest
		err := unmarshalProtobuf(r, &requestData)
		if err != nil {
			renderProtobuf(400, w, &protobuf.Error{Error: "Invalid request"}, information)
			return
		}

		// Verify the JWT
		claims, err := verifyJWT(requestData.Token.String(), publicKey)
		if err != nil {
			renderProtobuf(403, w, &protobuf.Error{Error: "Invalid token"}, information)
			return
		}

		// Try to remove the note from the database
		_, err = conn.DB.Exec("DELETE FROM notes WHERE id = $1 AND userID = $2", requestData.NoteId, claims["sub"])
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x06}}, information)
		}

		// If it's there, try to remove the note from the blob storage
		err = deleteNote(uuid.MustParse(claims["sub"].(string)), uuid.Must(uuid.FromBytes(requestData.NoteId.GetNoteId())), information)
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x07}}, information)
		}

		w.WriteHeader(200)
	})

	router.Post("/api/notes/list", func(w http.ResponseWriter, r *http.Request) {
		// Verify the JWT
		var requestData protobuf.Token
		err := unmarshalProtobuf(r, &requestData)
		if err != nil {
			renderProtobuf(400, w, &protobuf.Error{Error: "Invalid request"}, information)
			return
		}

		claims, err := verifyJWT(requestData.Token, publicKey)
		if err != nil {
			renderProtobuf(403, w, &protobuf.Error{Error: "Invalid token"}, information)
			return
		}

		// Try to get the notes from the database
		rows, err := conn.DB.Query("SELECT id, title, titleIV FROM notes WHERE userID = $1", claims["sub"])
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x08}}, information)
			return
		}

		// Create the notes list
		var notes protobuf.ApiNotesListResponse

		// Iterate through the rows
		for rows.Next() {
			var title, titleIV, noteID []byte
			err = rows.Scan(&noteID, &title, &titleIV)
			if err != nil {
				renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x09}}, information)
				return
			}

			// Append the note to the list
			notes.Notes = append(notes.Notes, &protobuf.NoteMetadata{
				NoteId: &protobuf.NoteID{
					NoteId: noteID,
				},
				Title: &protobuf.AESData{
					Data: title,
					Iv:   titleIV,
				},
			})
		}

		// Render the notes list
		renderProtobuf(200, w, &notes, information)
	})

	router.Post("/api/notes/get", func(w http.ResponseWriter, r *http.Request) {
		var requestData protobuf.NoteRequest
		err := unmarshalProtobuf(r, &requestData)
		if err != nil {
			renderProtobuf(400, w, &protobuf.Error{Error: "Invalid request"}, information)
			return
		}

		// Verify the JWT
		claims, err := verifyJWT(requestData.Token.String(), publicKey)
		if err != nil {
			renderProtobuf(403, w, &protobuf.Error{Error: "Invalid token"}, information)
			return
		}

		// Try to get the note from the database
		var title, titleIV []byte
		err = conn.DB.QueryRow("SELECT title, titleIV FROM notes WHERE id = $1 AND userID = $2", requestData.NoteId, claims["sub"]).Scan(&title, &titleIV)
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x0A}}, information)
			return
		}

		// Get the note from the blob storage
		noteFile, err := getNote(uuid.MustParse(claims["sub"].(string)), uuid.Must(uuid.FromBytes(requestData.NoteId.GetNoteId())), information)
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x0B}}, information)
			return
		}

		// The IV is the first 16 bytes of the file
		iv := make([]byte, 16)
		_, err = noteFile.Read(iv)
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x0C}}, information)
			return
		}

		// The rest of the file is the data
		data, err := io.ReadAll(noteFile)
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x0D}}, information)
			return
		}

		// Close the file
		err = noteFile.Close()
		if err != nil {
			logFunc("Resource leak in /api/notes/get", 2, information)
		}

		// Render the note
		renderProtobuf(200, w, &protobuf.Note{
			Note: &protobuf.AESData{
				Data: data,
				Iv:   iv,
			},
			Metadata: &protobuf.NoteMetadata{
				NoteId: requestData.NoteId,
				Title: &protobuf.AESData{
					Data: title,
					Iv:   titleIV,
				},
			},
		}, information)
	})

	router.Post("/api/notes/edit", func(w http.ResponseWriter, r *http.Request) {
		var requestData protobuf.ApiNotesEditRequest
		err := unmarshalProtobuf(r, &requestData)
		if err != nil {
			renderProtobuf(400, w, &protobuf.Error{Error: "Invalid request"}, information)
			return
		}

		// Verify the JWT
		claims, err := verifyJWT(requestData.Token.String(), publicKey)
		if err != nil {
			renderProtobuf(403, w, &protobuf.Error{Error: "Invalid token"}, information)
			return
		}

		// Update the title
		_, err = conn.DB.Exec("UPDATE notes SET title = $1, titleIV = $2 WHERE id = $3 AND userID = $4", requestData.Note.Metadata.Title.Data, requestData.Note.Metadata.Title.Iv, requestData.Note.Metadata.NoteId, claims["sub"])
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x0E}}, information)
			return
		}

		// Edit the note in the blob storage
		err = modifyNote(uuid.MustParse(claims["sub"].(string)), uuid.Must(uuid.FromBytes(requestData.Note.Metadata.NoteId.GetNoteId())), bytes.Join([][]byte{requestData.Note.Note.Iv, requestData.Note.Note.Data}, nil), information)
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x0F}}, information)
			return
		}

		w.WriteHeader(200)
	})

	router.Post("/api/notes/purge", func(w http.ResponseWriter, r *http.Request) {
		var requestData protobuf.Token
		err := unmarshalProtobuf(r, &requestData)
		if err != nil {
			renderProtobuf(400, w, &protobuf.Error{Error: "Invalid request"}, information)
			return
		}

		// Verify the JWT
		claims, err := verifyJWT(requestData.Token, publicKey)
		if err != nil {
			renderProtobuf(403, w, &protobuf.Error{Error: "Invalid token"}, information)
			return
		}

		// Get the notes from the database
		rows, err := conn.DB.Query("SELECT id FROM notes WHERE userID = $1", claims["sub"])
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x10}}, information)
			return
		}

		// Iterate through the rows
		for rows.Next() {
			var noteID []byte
			err = rows.Scan(&noteID)
			if err != nil {
				renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x11}}, information)
				return
			}

			// Try to remove the note from the blob storage
			err = deleteNote(uuid.MustParse(claims["sub"].(string)), uuid.Must(uuid.FromBytes(noteID)), information)
			if err != nil {
				renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x12}}, information)
				return
			}
		}

		// Remove the notes from the database
		_, err = conn.DB.Exec("DELETE FROM notes WHERE userID = $1", claims["sub"])
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x13}}, information)
			return
		}
	})

	router.Post("/api/signup", func(w http.ResponseWriter, r *http.Request) {
		var requestData protobuf.ApiSignupRequest
		err := unmarshalProtobuf(r, &requestData)
		if err != nil {
			renderProtobuf(400, w, &protobuf.Error{Error: "Invalid request"}, information)
			return
		}

		// Verify the JWT
		sub, username, err := getUsername(requestData.Token.String(), oauthHostName, publicKey)
		if err != nil {
			renderProtobuf(403, w, &protobuf.Error{Error: "Invalid token"}, information)
			return
		}

		// Try to insert the user into the database
		_, err = conn.DB.Exec("INSERT INTO users (id, publicKey, username) VALUES ($1, $2, $3)", sub, requestData.PublicKey, username)
		if err != nil {
			if strings.Contains(err.Error(), "UNIQUE") {
				renderProtobuf(409, w, &protobuf.Error{Error: "User already exists"}, information)
			} else {
				renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x01}}, information)
			}
			return
		}

		w.WriteHeader(200)
	})

	router.Post("/api/delete", func(w http.ResponseWriter, r *http.Request) {
		var requestData protobuf.Token
		err := unmarshalProtobuf(r, &requestData)
		if err != nil {
			renderProtobuf(400, w, &protobuf.Error{Error: "Invalid request"}, information)
			return
		}

		// Verify the JWT
		claims, err := verifyJWT(requestData.Token, publicKey)
		if err != nil {
			renderProtobuf(403, w, &protobuf.Error{Error: "Invalid token"}, information)
			return
		}

		// Try to remove the user from the database
		_, err = conn.DB.Exec("DELETE FROM users WHERE id = $1", claims["sub"])
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x14}}, information)
			return
		}

		// Get the notes from the database
		rows, err := conn.DB.Query("SELECT id FROM notes WHERE userID = $1", claims["sub"])
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x15}}, information)
			return
		}

		// Iterate through the rows
		for rows.Next() {
			var noteID []byte
			err = rows.Scan(&noteID)
			if err != nil {
				renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x16}}, information)
				return
			}

			// Try to remove the note from the blob storage
			err = deleteNote(uuid.MustParse(claims["sub"].(string)), uuid.Must(uuid.FromBytes(noteID)), information)
			if err != nil {
				renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x17}}, information)
				return
			}
		}

		// Remove the notes from the database
		_, err = conn.DB.Exec("DELETE FROM notes WHERE userID = $1", claims["sub"])
		if err != nil {
			renderProtobuf(500, w, &protobuf.ServerError{ErrorCode: []byte{0x18}}, information)
			return
		}

		w.WriteHeader(200)
	})

	// TODO: Implement shared notes

	return router
}