List of users for admin, build script, update dump

2022-05-29 23:05:06 +02:00
parent 7a8672ce80
commit 7b4d9ee83f
7 changed files with 106 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,5 @@ config.yml
 cache/
 opensavecloudserver
 storage/
-.idea/
+.idea/
+build
--- a/build.sh
+++ b/build.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+platforms=("windows/amd64" "windows/arm64" "darwin/amd64" "darwin/arm64" "linux/amd64" "linux/arm64")
+
+if [[ -d "./build" ]]
+then
+    rm -r ./build
+fi
+
+mkdir build
+cd build
+
+for platform in "${platforms[@]}"
+do
+    echo "* Compiling for $platform..."
+    platform_split=(${platform//\// })
+    GOOS=${platform_split[0]}
+    GOARCH=${platform_split[1]}
+    output_name='osc-'$GOOS'-'$GOARCH
+    if [ $GOOS = "windows" ]; then
+        output_name+='.exe'
+    fi
+    env GOOS=$GOOS GOARCH=$GOARCH go build -o $output_name -a ../main.go
+done
--- a/database/database.go
+++ b/database/database.go
@@ -49,6 +49,20 @@ func init() {
 	}
 }

+func AllUsers() ([]*User, error) {
+	var users []*User
+	err := db.Model(User{}).Find(&users).Error
+	if err != nil {
+		return nil, err
+	}
+	for _, user := range users {
+		if user.Role == adminRole {
+			user.IsAdmin = true
+		}
+	}
+	return users, nil
+}
+
 // UserByUsername get a user by the username
 func UserByUsername(username string) (*User, error) {
 	var user *User
--- a/db_dump.sql
+++ b/db_dump.sql
@@ -16,18 +16,15 @@


 -- Dumping database structure for osc
-DROP DATABASE IF EXISTS `osc`;
-CREATE DATABASE IF NOT EXISTS `osc` /*!40100 DEFAULT CHARACTER SET utf8 */ /*!80016 DEFAULT ENCRYPTION='N' */;
 USE `osc`;

 -- Dumping structure for table osc.games
-DROP TABLE IF EXISTS `games`;
 CREATE TABLE IF NOT EXISTS `games` (
  `id` bigint unsigned NOT NULL AUTO_INCREMENT,
  `name` varchar(255) NOT NULL DEFAULT '0',
  `revision` bigint unsigned NOT NULL DEFAULT '0',
  `path_storage` text NOT NULL,
-  `hash` varchar(128) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL,
+  `hash` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL,
  `last_update` datetime DEFAULT NULL,
  `user_id` bigint unsigned NOT NULL DEFAULT '0',
  `available` tinyint unsigned NOT NULL DEFAULT '0',
@@ -37,11 +34,11 @@ CREATE TABLE IF NOT EXISTS `games` (
 -- Data exporting was unselected.

 -- Dumping structure for table osc.users
-DROP TABLE IF EXISTS `users`;
 CREATE TABLE IF NOT EXISTS `users` (
  `id` bigint unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(50) NOT NULL,
  `password` binary(60) NOT NULL,
+  `role` varchar(10) NOT NULL DEFAULT 'user',
  PRIMARY KEY (`id`)
 ) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb3;

--- a/server/data.go
+++ b/server/data.go
@@ -281,3 +281,13 @@ func ChangePassword(w http.ResponseWriter, r *http.Request) {
 	}
 	ok(payload, w, r)
 }
+
+func AllUsers(w http.ResponseWriter, r *http.Request) {
+	users, err := database.AllUsers()
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	ok(users, w, r)
+}
--- a/server/response.go
+++ b/server/response.go
@@ -64,6 +64,27 @@ func unauthorized(w http.ResponseWriter, r *http.Request) {
 	}
 }

+func forbidden(w http.ResponseWriter, r *http.Request) {
+	e := httpError{
+		Status:    403,
+		Error:     "Unauthorized",
+		Message:   "The access is permanently forbidden and tied to the application logic, such as insufficient rights to a resource.",
+		Path:      r.RequestURI,
+		Timestamp: time.Now(),
+	}
+
+	payload, err := json.Marshal(e)
+	if err != nil {
+		log.Println(err)
+	}
+	w.Header().Add("Content-Type", "application/json")
+	w.WriteHeader(403)
+	_, err = w.Write(payload)
+	if err != nil {
+		log.Println(err)
+	}
+}
+
 func ok(obj interface{}, w http.ResponseWriter, _ *http.Request) {
 	payload, err := json.Marshal(obj)
 	if err != nil {
--- a/server/server.go
+++ b/server/server.go
@@ -10,6 +10,7 @@ import (
 	"net/http"
 	"opensavecloudserver/authentication"
 	"opensavecloudserver/config"
+	"opensavecloudserver/database"
 	"opensavecloudserver/upload"
 )

@@ -34,7 +35,9 @@ func Serve() {
 			}
 			r.Route("/system", func(systemRouter chi.Router) {
 				systemRouter.Get("/information", Information)
-
+				systemRouter.Group(func(secureRouter chi.Router) {
+					secureRouter.Get("/users", AllUsers)
+				})
 			})
 			r.Route("/user", func(secureRouter chi.Router) {
 				secureRouter.Use(authMiddleware)
@@ -82,6 +85,35 @@ func authMiddleware(next http.Handler) http.Handler {
 	})
 }

+// adminMiddleware check the role of the user before accessing to the resource
+func adminMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		header := r.Header.Get("Authorization")
+		if len(header) > 7 {
+			userId, err := authentication.ParseToken(header[7:])
+			if err != nil {
+				unauthorized(w, r)
+				return
+			}
+			user, err := database.UserById(userId)
+			if err != nil {
+				internalServerError(w, r)
+				log.Println(err)
+				return
+			}
+			if !user.IsAdmin {
+				forbidden(w, r)
+				return
+			}
+			ctx := context.WithValue(r.Context(), UserIdKey, userId)
+			r = r.WithContext(ctx)
+			next.ServeHTTP(w, r)
+			return
+		}
+		unauthorized(w, r)
+	})
+}
+
 // uploadMiddleware check the upload key before allowing to upload a file
 func uploadMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {