user route added and coded
can now hit user route (get, post, delete). Coded in some checks to see if user is admin and has privledge. Currently turned off to allow work from curl
This commit is contained in:
Derek McQuay
parent
b278dee092
commit
c99445e261
114
api.go
114
api.go
|
|
@ -28,7 +28,7 @@ func (s *Server) category(w http.ResponseWriter, req *http.Request) {
|
|||
if err != nil {
|
||||
log.Printf("%+v", err)
|
||||
b, _ := json.Marshal(NewFailure(err.Error()))
|
||||
http.Error(w, string(b), http.StatusBadRequest)
|
||||
http.Error(w, string(b), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
json.NewEncoder(w).Encode(categories)
|
||||
|
|
@ -50,7 +50,7 @@ func (s *Server) category(w http.ResponseWriter, req *http.Request) {
|
|||
if err != nil {
|
||||
log.Printf("%+v", err)
|
||||
b, _ := json.Marshal(NewFailure(err.Error()))
|
||||
http.Error(w, string(b), http.StatusBadRequest)
|
||||
http.Error(w, string(b), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
case "DELETE":
|
||||
|
|
@ -77,3 +77,113 @@ func (s *Server) category(w http.ResponseWriter, req *http.Request) {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) user(w http.ResponseWriter, req *http.Request) {
|
||||
// TODO add back in
|
||||
//w.Header().Set("Content-Type", "application/json")
|
||||
//session, err := store.Get(r, "creds")
|
||||
//if err != nil {
|
||||
// http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
// return
|
||||
//}
|
||||
//if loggedIn := session.Values["authenticated"]; loggedIn != true {
|
||||
// http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
|
||||
// return
|
||||
//}
|
||||
switch req.Method {
|
||||
default:
|
||||
b, _ := json.Marshal(NewFailure("Allowed methods: GET, POST, DELETE"))
|
||||
http.Error(w, string(b), http.StatusBadRequest)
|
||||
return
|
||||
case "GET":
|
||||
users, err := s.db.getUsers()
|
||||
if err != nil {
|
||||
log.Printf("%+v", err)
|
||||
b, _ := json.Marshal(NewFailure(err.Error()))
|
||||
http.Error(w, string(b), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
json.NewEncoder(w).Encode(users)
|
||||
case "POST":
|
||||
u := user{}
|
||||
err := json.NewDecoder(req.Body).Decode(&u)
|
||||
req.Body.Close()
|
||||
if err != nil {
|
||||
log.Printf("%+v", err)
|
||||
b, _ := json.Marshal(NewFailure(err.Error()))
|
||||
http.Error(w, string(b), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// TODO add back in
|
||||
//// verify current user is an admin
|
||||
//session, err := store.Get(req, "creds")
|
||||
//if err != nil {
|
||||
// http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
// return
|
||||
//}
|
||||
//email := ""
|
||||
//if session.Values["uname"] != nil {
|
||||
// email = session.Values["uname"].(string)
|
||||
//}
|
||||
//if !s.db.adminUser(email) {
|
||||
// log.Printf("user is not admin")
|
||||
// b, _ := json.Marshal(NewFailure("not admin"))
|
||||
// http.Error(w, string(b), http.StatusForbidden)
|
||||
// return
|
||||
//}
|
||||
|
||||
_, err = s.db.db.Exec(
|
||||
`INSERT INTO users (email, admin) VALUES ($1, $2)`,
|
||||
u.Email,
|
||||
u.Admin,
|
||||
)
|
||||
if err != nil {
|
||||
log.Printf("%+v", err)
|
||||
b, _ := json.Marshal(NewFailure(err.Error()))
|
||||
http.Error(w, string(b), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
case "DELETE":
|
||||
u := user{}
|
||||
err := json.NewDecoder(req.Body).Decode(&u)
|
||||
req.Body.Close()
|
||||
if err != nil {
|
||||
b, _ := json.Marshal(NewFailure(err.Error()))
|
||||
http.Error(w, string(b), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// TODO add back in
|
||||
//// verify current user is an admin
|
||||
//session, err := store.Get(req, "creds")
|
||||
//if err != nil {
|
||||
// http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
// return
|
||||
//}
|
||||
//email := ""
|
||||
//if session.Values["uname"] != nil {
|
||||
// email = session.Values["uname"].(string)
|
||||
//}
|
||||
//if !s.db.adminUser(email) {
|
||||
// log.Printf("user is not admin")
|
||||
// b, _ := json.Marshal(NewFailure("not admin"))
|
||||
// http.Error(w, string(b), http.StatusForbidden)
|
||||
// return
|
||||
//}
|
||||
|
||||
_, err = s.db.db.Exec("DELETE FROM users WHERE email = $1", u.Email)
|
||||
if err != nil {
|
||||
log.Printf("%+v", err)
|
||||
b, _ := json.Marshal(NewFailure(err.Error()))
|
||||
http.Error(w, string(b), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if err != nil {
|
||||
log.Printf("%+v", err)
|
||||
b, _ := json.Marshal(NewFailure(err.Error()))
|
||||
http.Error(w, string(b), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
30
db.go
30
db.go
|
|
@ -54,6 +54,36 @@ func (d *DB) getCategories() ([]category, error) {
|
|||
return results, nil
|
||||
}
|
||||
|
||||
func (d *DB) getUsers() ([]user, error) {
|
||||
results := []user{}
|
||||
rows, err := d.db.Queryx("SELECT id, email, admin FROM users")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
for rows.Next() {
|
||||
var result user
|
||||
err := rows.StructScan(&result)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
results = append(results, result)
|
||||
}
|
||||
return results, nil
|
||||
}
|
||||
|
||||
func (d *DB) adminUser(e string) bool {
|
||||
result := user{}
|
||||
row := d.db.QueryRow("SELECT admin FROM users WHERE email = $1",
|
||||
e,
|
||||
)
|
||||
err := row.Scan(&result)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
return result.Admin
|
||||
}
|
||||
|
||||
//func (d *DB) checkOwner(filename, client string) error {
|
||||
// row := d.db.QueryRowx("SELECT client FROM pics WHERE filename = $1", filename)
|
||||
// var owner string
|
||||
|
|
|
|||
|
|
@ -22,10 +22,9 @@ func addRoutes(sm *http.ServeMux, server *Server, staticFiles string) {
|
|||
"oauth": "/api/v0/oauth_cb/",
|
||||
"auth": "/api/v0/auth/",
|
||||
"health": "/healthz",
|
||||
"list": "/api/v0/list/",
|
||||
"category": "/api/v0/category/",
|
||||
"tranx": "/api/v0/tranx/",
|
||||
"cost": "/api/v0/costpermonth/",
|
||||
"user": "/api/v0/user/",
|
||||
|
||||
"fake": "/fake/",
|
||||
}
|
||||
|
|
@ -70,16 +69,15 @@ func addRoutes(sm *http.ServeMux, server *Server, staticFiles string) {
|
|||
}
|
||||
|
||||
store = sessions.NewCookieStore([]byte(server.cookieSecret))
|
||||
//sm.HandleFunc(prefix["list"], server.listUsers)
|
||||
//sm.HandleFunc(prefix["tranx"], server.tranx)
|
||||
//sm.HandleFunc(prefix["cost"], server.costPerMonth)
|
||||
sm.HandleFunc(prefix["fake"], server.fakeSetup)
|
||||
sm.HandleFunc(prefix["category"], server.category)
|
||||
sm.HandleFunc(prefix["user"], server.user)
|
||||
sm.HandleFunc(prefix["protected"], server.plist)
|
||||
sm.HandleFunc(prefix["info"], server.serverInfo)
|
||||
sm.HandleFunc(prefix["login"], server.login)
|
||||
sm.HandleFunc(prefix["logout"], server.logout)
|
||||
sm.HandleFunc(prefix["oauth"], server.oauthCallback)
|
||||
sm.HandleFunc(prefix["auth"], server.auth)
|
||||
sm.HandleFunc(prefix["fake"], server.fakeSetup)
|
||||
sm.HandleFunc(prefix["health"], server.health)
|
||||
}
|
||||
|
|
|
|||
11
server.go
11
server.go
|
|
@ -77,10 +77,10 @@ func NewServer(sm *http.ServeMux, clientId, clientSecret, cookieSecret, dbhost,
|
|||
}
|
||||
|
||||
func (s *Server) fakeSetup(w http.ResponseWriter, r *http.Request) {
|
||||
u := userInfo{
|
||||
Email: "derekmcquay@gmail.com",
|
||||
}
|
||||
addUser(u)
|
||||
//u := userInfo{
|
||||
// Email: "derekmcquay@gmail.com",
|
||||
//}
|
||||
//addUser(u)
|
||||
}
|
||||
|
||||
//func (s *Server) tranx(w http.ResponseWriter, r *http.Request) {
|
||||
|
|
@ -265,7 +265,8 @@ func (s *Server) oauthCallback(w http.ResponseWriter, r *http.Request) {
|
|||
if err := session.Save(r, w); err != nil {
|
||||
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
|
||||
}
|
||||
addUser(u)
|
||||
// TODO add psql user here
|
||||
//addUser(u)
|
||||
http.Redirect(w, r, "/static/", http.StatusTemporaryRedirect)
|
||||
return
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue