user route added and coded

can now hit user route (get, post, delete). Coded in some checks to see
if user is admin and has privledge. Currently turned off to allow work
from curl
This commit is contained in:
Derek McQuay 2017-02-04 23:24:38 -08:00
parent b278dee092
commit c99445e261
No known key found for this signature in database
GPG Key ID: 92A7BC0C86B0B91A
4 changed files with 151 additions and 12 deletions

114
api.go
View File

@ -28,7 +28,7 @@ func (s *Server) category(w http.ResponseWriter, req *http.Request) {
if err != nil {
log.Printf("%+v", err)
b, _ := json.Marshal(NewFailure(err.Error()))
http.Error(w, string(b), http.StatusBadRequest)
http.Error(w, string(b), http.StatusInternalServerError)
return
}
json.NewEncoder(w).Encode(categories)
@ -50,7 +50,7 @@ func (s *Server) category(w http.ResponseWriter, req *http.Request) {
if err != nil {
log.Printf("%+v", err)
b, _ := json.Marshal(NewFailure(err.Error()))
http.Error(w, string(b), http.StatusBadRequest)
http.Error(w, string(b), http.StatusInternalServerError)
return
}
case "DELETE":
@ -77,3 +77,113 @@ func (s *Server) category(w http.ResponseWriter, req *http.Request) {
}
}
}
func (s *Server) user(w http.ResponseWriter, req *http.Request) {
// TODO add back in
//w.Header().Set("Content-Type", "application/json")
//session, err := store.Get(r, "creds")
//if err != nil {
// http.Error(w, err.Error(), http.StatusInternalServerError)
// return
//}
//if loggedIn := session.Values["authenticated"]; loggedIn != true {
// http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
// return
//}
switch req.Method {
default:
b, _ := json.Marshal(NewFailure("Allowed methods: GET, POST, DELETE"))
http.Error(w, string(b), http.StatusBadRequest)
return
case "GET":
users, err := s.db.getUsers()
if err != nil {
log.Printf("%+v", err)
b, _ := json.Marshal(NewFailure(err.Error()))
http.Error(w, string(b), http.StatusInternalServerError)
return
}
json.NewEncoder(w).Encode(users)
case "POST":
u := user{}
err := json.NewDecoder(req.Body).Decode(&u)
req.Body.Close()
if err != nil {
log.Printf("%+v", err)
b, _ := json.Marshal(NewFailure(err.Error()))
http.Error(w, string(b), http.StatusBadRequest)
return
}
// TODO add back in
//// verify current user is an admin
//session, err := store.Get(req, "creds")
//if err != nil {
// http.Error(w, err.Error(), http.StatusInternalServerError)
// return
//}
//email := ""
//if session.Values["uname"] != nil {
// email = session.Values["uname"].(string)
//}
//if !s.db.adminUser(email) {
// log.Printf("user is not admin")
// b, _ := json.Marshal(NewFailure("not admin"))
// http.Error(w, string(b), http.StatusForbidden)
// return
//}
_, err = s.db.db.Exec(
`INSERT INTO users (email, admin) VALUES ($1, $2)`,
u.Email,
u.Admin,
)
if err != nil {
log.Printf("%+v", err)
b, _ := json.Marshal(NewFailure(err.Error()))
http.Error(w, string(b), http.StatusBadRequest)
return
}
case "DELETE":
u := user{}
err := json.NewDecoder(req.Body).Decode(&u)
req.Body.Close()
if err != nil {
b, _ := json.Marshal(NewFailure(err.Error()))
http.Error(w, string(b), http.StatusBadRequest)
return
}
// TODO add back in
//// verify current user is an admin
//session, err := store.Get(req, "creds")
//if err != nil {
// http.Error(w, err.Error(), http.StatusInternalServerError)
// return
//}
//email := ""
//if session.Values["uname"] != nil {
// email = session.Values["uname"].(string)
//}
//if !s.db.adminUser(email) {
// log.Printf("user is not admin")
// b, _ := json.Marshal(NewFailure("not admin"))
// http.Error(w, string(b), http.StatusForbidden)
// return
//}
_, err = s.db.db.Exec("DELETE FROM users WHERE email = $1", u.Email)
if err != nil {
log.Printf("%+v", err)
b, _ := json.Marshal(NewFailure(err.Error()))
http.Error(w, string(b), http.StatusInternalServerError)
return
}
if err != nil {
log.Printf("%+v", err)
b, _ := json.Marshal(NewFailure(err.Error()))
http.Error(w, string(b), http.StatusBadRequest)
return
}
}
}

30
db.go
View File

@ -54,6 +54,36 @@ func (d *DB) getCategories() ([]category, error) {
return results, nil
}
func (d *DB) getUsers() ([]user, error) {
results := []user{}
rows, err := d.db.Queryx("SELECT id, email, admin FROM users")
if err != nil {
return nil, err
}
for rows.Next() {
var result user
err := rows.StructScan(&result)
if err != nil {
return nil, err
}
results = append(results, result)
}
return results, nil
}
func (d *DB) adminUser(e string) bool {
result := user{}
row := d.db.QueryRow("SELECT admin FROM users WHERE email = $1",
e,
)
err := row.Scan(&result)
if err != nil {
return false
}
return result.Admin
}
//func (d *DB) checkOwner(filename, client string) error {
// row := d.db.QueryRowx("SELECT client FROM pics WHERE filename = $1", filename)
// var owner string

View File

@ -22,10 +22,9 @@ func addRoutes(sm *http.ServeMux, server *Server, staticFiles string) {
"oauth": "/api/v0/oauth_cb/",
"auth": "/api/v0/auth/",
"health": "/healthz",
"list": "/api/v0/list/",
"category": "/api/v0/category/",
"tranx": "/api/v0/tranx/",
"cost": "/api/v0/costpermonth/",
"user": "/api/v0/user/",
"fake": "/fake/",
}
@ -70,16 +69,15 @@ func addRoutes(sm *http.ServeMux, server *Server, staticFiles string) {
}
store = sessions.NewCookieStore([]byte(server.cookieSecret))
//sm.HandleFunc(prefix["list"], server.listUsers)
//sm.HandleFunc(prefix["tranx"], server.tranx)
//sm.HandleFunc(prefix["cost"], server.costPerMonth)
sm.HandleFunc(prefix["fake"], server.fakeSetup)
sm.HandleFunc(prefix["category"], server.category)
sm.HandleFunc(prefix["user"], server.user)
sm.HandleFunc(prefix["protected"], server.plist)
sm.HandleFunc(prefix["info"], server.serverInfo)
sm.HandleFunc(prefix["login"], server.login)
sm.HandleFunc(prefix["logout"], server.logout)
sm.HandleFunc(prefix["oauth"], server.oauthCallback)
sm.HandleFunc(prefix["auth"], server.auth)
sm.HandleFunc(prefix["fake"], server.fakeSetup)
sm.HandleFunc(prefix["health"], server.health)
}

View File

@ -77,10 +77,10 @@ func NewServer(sm *http.ServeMux, clientId, clientSecret, cookieSecret, dbhost,
}
func (s *Server) fakeSetup(w http.ResponseWriter, r *http.Request) {
u := userInfo{
Email: "derekmcquay@gmail.com",
}
addUser(u)
//u := userInfo{
// Email: "derekmcquay@gmail.com",
//}
//addUser(u)
}
//func (s *Server) tranx(w http.ResponseWriter, r *http.Request) {
@ -265,7 +265,8 @@ func (s *Server) oauthCallback(w http.ResponseWriter, r *http.Request) {
if err := session.Save(r, w); err != nil {
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
}
addUser(u)
// TODO add psql user here
//addUser(u)
http.Redirect(w, r, "/static/", http.StatusTemporaryRedirect)
return
}