List of users for admin, build script, update dump
This commit is contained in:
Aurélie Delhaie
@@ -281,3 +281,13 @@ func ChangePassword(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
ok(payload, w, r)
|
||||
}
|
||||
|
||||
func AllUsers(w http.ResponseWriter, r *http.Request) {
|
||||
users, err := database.AllUsers()
|
||||
if err != nil {
|
||||
internalServerError(w, r)
|
||||
log.Println(err)
|
||||
return
|
||||
}
|
||||
ok(users, w, r)
|
||||
}
|
||||
|
||||
@@ -64,6 +64,27 @@ func unauthorized(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
}
|
||||
|
||||
func forbidden(w http.ResponseWriter, r *http.Request) {
|
||||
e := httpError{
|
||||
Status: 403,
|
||||
Error: "Unauthorized",
|
||||
Message: "The access is permanently forbidden and tied to the application logic, such as insufficient rights to a resource.",
|
||||
Path: r.RequestURI,
|
||||
Timestamp: time.Now(),
|
||||
}
|
||||
|
||||
payload, err := json.Marshal(e)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
}
|
||||
w.Header().Add("Content-Type", "application/json")
|
||||
w.WriteHeader(403)
|
||||
_, err = w.Write(payload)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
}
|
||||
}
|
||||
|
||||
func ok(obj interface{}, w http.ResponseWriter, _ *http.Request) {
|
||||
payload, err := json.Marshal(obj)
|
||||
if err != nil {
|
||||
|
||||
@@ -10,6 +10,7 @@ import (
|
||||
"net/http"
|
||||
"opensavecloudserver/authentication"
|
||||
"opensavecloudserver/config"
|
||||
"opensavecloudserver/database"
|
||||
"opensavecloudserver/upload"
|
||||
)
|
||||
|
||||
@@ -34,7 +35,9 @@ func Serve() {
|
||||
}
|
||||
r.Route("/system", func(systemRouter chi.Router) {
|
||||
systemRouter.Get("/information", Information)
|
||||
|
||||
systemRouter.Group(func(secureRouter chi.Router) {
|
||||
secureRouter.Get("/users", AllUsers)
|
||||
})
|
||||
})
|
||||
r.Route("/user", func(secureRouter chi.Router) {
|
||||
secureRouter.Use(authMiddleware)
|
||||
@@ -82,6 +85,35 @@ func authMiddleware(next http.Handler) http.Handler {
|
||||
})
|
||||
}
|
||||
|
||||
// adminMiddleware check the role of the user before accessing to the resource
|
||||
func adminMiddleware(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
header := r.Header.Get("Authorization")
|
||||
if len(header) > 7 {
|
||||
userId, err := authentication.ParseToken(header[7:])
|
||||
if err != nil {
|
||||
unauthorized(w, r)
|
||||
return
|
||||
}
|
||||
user, err := database.UserById(userId)
|
||||
if err != nil {
|
||||
internalServerError(w, r)
|
||||
log.Println(err)
|
||||
return
|
||||
}
|
||||
if !user.IsAdmin {
|
||||
forbidden(w, r)
|
||||
return
|
||||
}
|
||||
ctx := context.WithValue(r.Context(), UserIdKey, userId)
|
||||
r = r.WithContext(ctx)
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
unauthorized(w, r)
|
||||
})
|
||||
}
|
||||
|
||||
// uploadMiddleware check the upload key before allowing to upload a file
|
||||
func uploadMiddleware(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
Reference in New Issue
Block a user