GetUser() works
This commit is contained in:
@@ -2,15 +2,19 @@ package logic
|
||||
|
||||
import (
|
||||
scn "blackforestbytes.com/simplecloudnotifier"
|
||||
"blackforestbytes.com/simplecloudnotifier/api/apierr"
|
||||
"blackforestbytes.com/simplecloudnotifier/common/ginresp"
|
||||
"blackforestbytes.com/simplecloudnotifier/db"
|
||||
"context"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/rs/zerolog/log"
|
||||
"gogs.mikescher.com/BlackForestBytes/goext/langext"
|
||||
"math/rand"
|
||||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
"os/signal"
|
||||
"strings"
|
||||
"syscall"
|
||||
"time"
|
||||
)
|
||||
@@ -91,8 +95,79 @@ func (app *Application) Migrate() error {
|
||||
return app.Database.Migrate(ctx)
|
||||
}
|
||||
|
||||
func (app *Application) StartRequest(g *gin.Context) *AppContext {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), app.Config.RequestTimeout)
|
||||
func (app *Application) StartRequest(g *gin.Context, uri any, query any, body any) (*AppContext, *ginresp.HTTPResponse) {
|
||||
|
||||
return &AppContext{inner: ctx, cancelFunc: cancel}
|
||||
if body != nil {
|
||||
if err := g.ShouldBindJSON(&body); err != nil {
|
||||
return nil, langext.Ptr(ginresp.InternAPIError(apierr.BINDFAIL_BODY_PARAM, "Failed to read body", err))
|
||||
}
|
||||
}
|
||||
|
||||
if query != nil {
|
||||
if err := g.ShouldBindQuery(&query); err != nil {
|
||||
return nil, langext.Ptr(ginresp.InternAPIError(apierr.BINDFAIL_QUERY_PARAM, "Failed to read query", err))
|
||||
}
|
||||
}
|
||||
|
||||
if uri != nil {
|
||||
if err := g.ShouldBindUri(&uri); err != nil {
|
||||
return nil, langext.Ptr(ginresp.InternAPIError(apierr.BINDFAIL_URI_PARAM, "Failed to read uri", err))
|
||||
}
|
||||
}
|
||||
|
||||
ictx, cancel := context.WithTimeout(context.Background(), app.Config.RequestTimeout)
|
||||
actx := CreateAppContext(ictx, cancel)
|
||||
|
||||
authheader := g.GetHeader("Authorization")
|
||||
|
||||
perm, err := app.getPermissions(actx, authheader)
|
||||
if err != nil {
|
||||
cancel()
|
||||
return nil, langext.Ptr(ginresp.InternAPIError(apierr.PERM_QUERY_FAIL, "Failed to determine permissions", err))
|
||||
}
|
||||
|
||||
actx.permissions = perm
|
||||
|
||||
return actx, nil
|
||||
}
|
||||
|
||||
func (app *Application) getPermissions(ctx *AppContext, hdr string) (PermissionSet, error) {
|
||||
if hdr == "" {
|
||||
return NewEmptyPermissions(), nil
|
||||
}
|
||||
|
||||
if !strings.HasPrefix(hdr, "SCN ") {
|
||||
return NewEmptyPermissions(), nil
|
||||
}
|
||||
|
||||
key := strings.TrimSpace(hdr[4:])
|
||||
|
||||
user, err := app.Database.GetUserByKey(ctx, key)
|
||||
if err != nil {
|
||||
return PermissionSet{}, err
|
||||
}
|
||||
|
||||
if user != nil && user.SendKey == key {
|
||||
return PermissionSet{ReferenceID: langext.Ptr(user.UserID), KeyType: PermKeyTypeUserSend}, nil
|
||||
}
|
||||
if user != nil && user.ReadKey == key {
|
||||
return PermissionSet{ReferenceID: langext.Ptr(user.UserID), KeyType: PermKeyTypeUserRead}, nil
|
||||
}
|
||||
if user != nil && user.AdminKey == key {
|
||||
return PermissionSet{ReferenceID: langext.Ptr(user.UserID), KeyType: PermKeyTypeUserAdmin}, nil
|
||||
}
|
||||
|
||||
channel, err := app.Database.GetChannelByKey(ctx, key)
|
||||
if err != nil {
|
||||
return PermissionSet{}, err
|
||||
}
|
||||
|
||||
if channel != nil && channel.SendKey == key {
|
||||
return PermissionSet{ReferenceID: langext.Ptr(channel.ChannelID), KeyType: PermKeyTypeChannelSend}, nil
|
||||
}
|
||||
if channel != nil && channel.SubscribeKey == key {
|
||||
return PermissionSet{ReferenceID: langext.Ptr(channel.ChannelID), KeyType: PermKeyTypeChannelSub}, nil
|
||||
}
|
||||
|
||||
return NewEmptyPermissions(), nil
|
||||
}
|
||||
|
||||
@@ -15,6 +15,17 @@ type AppContext struct {
|
||||
cancelFunc context.CancelFunc
|
||||
cancelled bool
|
||||
transaction *sql.Tx
|
||||
permissions PermissionSet
|
||||
}
|
||||
|
||||
func CreateAppContext(innerCtx context.Context, cancelFn context.CancelFunc) *AppContext {
|
||||
return &AppContext{
|
||||
inner: innerCtx,
|
||||
cancelFunc: cancelFn,
|
||||
cancelled: false,
|
||||
transaction: nil,
|
||||
permissions: NewEmptyPermissions(),
|
||||
}
|
||||
}
|
||||
|
||||
func (ac *AppContext) Deadline() (deadline time.Time, ok bool) {
|
||||
|
||||
44
server/logic/permissions.go
Normal file
44
server/logic/permissions.go
Normal file
@@ -0,0 +1,44 @@
|
||||
package logic
|
||||
|
||||
import (
|
||||
"blackforestbytes.com/simplecloudnotifier/api/apierr"
|
||||
"blackforestbytes.com/simplecloudnotifier/common/ginresp"
|
||||
"gogs.mikescher.com/BlackForestBytes/goext/langext"
|
||||
)
|
||||
|
||||
type PermKeyType string
|
||||
|
||||
const (
|
||||
PermKeyTypeNone PermKeyType = "NONE" // (nothing)
|
||||
PermKeyTypeUserSend PermKeyType = "USER_SEND" // send-messages
|
||||
PermKeyTypeUserRead PermKeyType = "USER_READ" // send-messages, list-messages, read-user
|
||||
PermKeyTypeUserAdmin PermKeyType = "USER_ADMIN" // send-messages, list-messages, read-user, delete-messages, update-user
|
||||
PermKeyTypeChannelSub PermKeyType = "CHAN_SUBSCRIBE" // subscribe-channel
|
||||
PermKeyTypeChannelSend PermKeyType = "CHAN_SEND" // send-messages
|
||||
)
|
||||
|
||||
type PermissionSet struct {
|
||||
ReferenceID *int64
|
||||
KeyType PermKeyType
|
||||
}
|
||||
|
||||
func NewEmptyPermissions() PermissionSet {
|
||||
return PermissionSet{
|
||||
ReferenceID: nil,
|
||||
KeyType: PermKeyTypeNone,
|
||||
}
|
||||
}
|
||||
|
||||
var respoNotAuthorized = ginresp.InternAPIError(apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
|
||||
|
||||
func (ac *AppContext) CheckPermissionUserRead(userid int64) *ginresp.HTTPResponse {
|
||||
p := ac.permissions
|
||||
if p.ReferenceID != nil && *p.ReferenceID == userid && p.KeyType == PermKeyTypeUserRead {
|
||||
return nil
|
||||
}
|
||||
if p.ReferenceID != nil && *p.ReferenceID == userid && p.KeyType == PermKeyTypeUserAdmin {
|
||||
return nil
|
||||
}
|
||||
|
||||
return langext.Ptr(respoNotAuthorized)
|
||||
}
|
||||
Reference in New Issue
Block a user