Better way of determining privileges

endpoints/closerewardfund.go

@@ -29,14 +29,20 @@ func CloseRewardFund(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if claims == nil {
+		w.WriteHeader(401)
+		return
+	}
+	if claims.Privileges > AdminPlus {
+		w.WriteHeader(403)
+		return
+	}
+
 	var fund RewardFund
 	var modified int64
-	if claims != nil && claims.Privileges <= AdminPlus && req.Close {
+	if req.Close {
 		Db.Table("reward_funds").Find(&fund, req.ID)
 		modified = Db.Delete(&fund).RowsAffected
-	} else {
-		w.WriteHeader(403)
-		return
 	}
 
 	var resp SuccessResponse

endpoints/createqueue.go

@@ -32,25 +32,29 @@ func CreateQueue(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if claims == nil {
+		w.WriteHeader(401)
+		return
+	}
+	if claims.Privileges > Admin {
+		w.WriteHeader(403)
+		return
+	}
+
 	var resp CreateQueueResponse
-	if claims != nil && claims.Privileges <= Admin {
-		var specificQueue Queue
-		Db.Table("queues").First(&specificQueue, "name = ?", req.Name)
+	var specificQueue Queue
+	Db.Table("queues").First(&specificQueue, "name = ?", req.Name)
 
-		if specificQueue.ID != 0 {
-			resp.ID = specificQueue.ID
-		} else {
-			queue := Queue{
-				Name: req.Name,
-			}
+	if specificQueue.ID != 0 {
+		resp.ID = specificQueue.ID
+	} else {
+		queue := Queue{
+			Name: req.Name,
+		}
 
-			Db.Create(&queue)
+		Db.Create(&queue)
 
-			resp.ID = queue.ID
-		}
-	} else {
-		w.WriteHeader(403)
-		return
+		resp.ID = queue.ID
 	}
 
 	err = json.NewEncoder(w).Encode(resp)

endpoints/createrewardfund.go

@@ -85,26 +85,31 @@ func CreateRewardFund(resp http.ResponseWriter, req *http.Request) {
 		return
 	}
 
-	if claims != nil && claims.Privileges <= Admin {
-		Db.Create(&rewardFund)
-		Db.Create(&joinRecord)
+	if claims == nil {
+		resp.WriteHeader(401)
+		return
+	}
+	if claims.Privileges > Admin {
+		resp.WriteHeader(403)
+		return
+	}
 
-		for _, cancel := range cancellations {
-			cancel()
-		}
-		go InitializeContributionStreams()
+	Db.Create(&rewardFund)
+	Db.Create(&joinRecord)
 
-		for _, bonus := range fund.Bonuses {
-			bonus.RewardFundID = rewardFund.ID
-			bonuses = append(bonuses, bonus)
-		}
-		Db.Create(&bonuses)
+	for _, cancel := range cancellations {
+		cancel()
+	}
+	go InitializeContributionStreams()
 
-		err = json.NewEncoder(resp).Encode(&SuccessResponse{Success: true})
-		if err != nil {
-			log.Error().Err(err).Msg("Could not create response for created reward fund")
-		}
-	} else {
-		resp.WriteHeader(403)
+	for _, bonus := range fund.Bonuses {
+		bonus.RewardFundID = rewardFund.ID
+		bonuses = append(bonuses, bonus)
+	}
+	Db.Create(&bonuses)
+
+	err = json.NewEncoder(resp).Encode(&SuccessResponse{Success: true})
+	if err != nil {
+		log.Error().Err(err).Msg("Could not create response for created reward fund")
 	}
 }

endpoints/editqueue.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"net/http"
 
+	"github.com/imosed/signet/auth"
 	. "github.com/imosed/signet/data"
 	"github.com/rs/zerolog/log"
 )
@@ -27,6 +28,20 @@ func EditQueue(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	var claims *auth.Claims
+	claims, err = auth.GetUserClaims(r)
+	if err != nil {
+		log.Error().Err(err).Msg("Could not get user claims in call to EditQueue")
+	}
+	if claims == nil {
+		w.WriteHeader(401)
+		return
+	}
+	if claims.Privileges > Admin {
+		w.WriteHeader(403)
+		return
+	}
+
 	var resp SuccessResponse
 	for _, qo := range req.FundOrders {
 		Db.Table("queue_orders").

endpoints/escalateprivileges.go

@@ -28,26 +28,30 @@ func ChangePrivileges(w http.ResponseWriter, r *http.Request) {
 	var claims *auth.Claims
 	claims, err = auth.GetUserClaims(r)
 
-	if claims != nil && claims.Privileges <= AdminPlus {
-		Db.Table("users").Where("id = ?", req.UserID).Find(&user)
-		if req.Privileges == SuperUser {
-			resp.Success = false
-
-			err = json.NewEncoder(w).Encode(resp)
-			if err != nil {
-				log.Error().Err(err).Msg("Could not deliver failed escalate privileges response")
-			}
-			return
-		}
-
-		user.Privileges = req.Privileges
-		Db.Save(user)
-		resp.Success = true
-	} else {
+	if claims == nil {
+		w.WriteHeader(401)
+		return
+	}
+	if claims.Privileges > AdminPlus {
 		w.WriteHeader(403)
 		return
 	}
 
+	Db.Table("users").Where("id = ?", req.UserID).Find(&user)
+	if req.Privileges == SuperUser {
+		resp.Success = false
+
+		err = json.NewEncoder(w).Encode(resp)
+		if err != nil {
+			log.Error().Err(err).Msg("Could not deliver failed escalate privileges response")
+		}
+		return
+	}
+
+	user.Privileges = req.Privileges
+	Db.Save(user)
+	resp.Success = true
+
 	err = json.NewEncoder(w).Encode(resp)
 	if err != nil {
 		log.Error().Err(err).Msg("Could not deliver successful escalate privileges response")

endpoints/getqueuemembers.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"net/http"
 
+	"github.com/imosed/signet/auth"
 	. "github.com/imosed/signet/data"
 	"github.com/rs/zerolog/log"
 )
@@ -30,6 +31,21 @@ func GetQueueMembers(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	var claims *auth.Claims
+	claims, err = auth.GetUserClaims(r)
+	if err != nil {
+		log.Error().Err(err).Msg("Could not get user claims in request to GetQueueMembers")
+	}
+
+	if claims == nil {
+		w.WriteHeader(401)
+		return
+	}
+	if claims.Privileges > Admin {
+		w.WriteHeader(403)
+		return
+	}
+
 	var members []QueueMember
 	Db.Table("queue_orders qo").Select("rf.id, asset, qo.order").
 		Where("queue_id = ?", req.ID).

endpoints/getusers.go

@@ -15,7 +15,11 @@ type GetUsersResponse struct {
 func GetUsers(w http.ResponseWriter, r *http.Request) {
 	claims, err := auth.GetUserClaims(r)
 
-	if claims == nil || (claims != nil && claims.Privileges > AdminPlus) {
+	if claims == nil {
+		w.WriteHeader(401)
+		return
+	}
+	if claims.Privileges > AdminPlus {
 		w.WriteHeader(403)
 		return
 	}

endpoints/register.go

@@ -150,33 +150,31 @@ func Register(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if claims == nil {
-		return
-	}
-
-	if noUsersRegistered() || (claims != nil && claims.Privileges <= AdminPlus) {
-		hash, err := GetHashedPassword(req.Password)
-		if err != nil {
-			log.Error().Err(err).Msg("Could not generate hash for registration")
+	if !noUsersRegistered() {
+		if claims == nil {
+			w.WriteHeader(401)
 			return
 		}
+		if claims.Privileges > AdminPlus {
+			w.WriteHeader(403)
+			return
+		}
+	}
+
+	hash, err := GetHashedPassword(req.Password)
+	if err != nil {
+		log.Error().Err(err).Msg("Could not generate hash for registration")
+		return
+	}
 
-		Db.Create(&User{
-			Username:   req.Username,
-			Password:   hash,
-			Privileges: determinePrivileges(),
-		})
+	Db.Create(&User{
+		Username:   req.Username,
+		Password:   hash,
+		Privileges: determinePrivileges(),
+	})
 
-		err = json.NewEncoder(w).Encode(SuccessResponse{Success: true})
-		if err != nil {
-			log.Error().Err(err).Msg("Could not deliver successful account creation response")
-		}
-	} else if !noUsersRegistered() {
-		err = json.NewEncoder(w).Encode(SuccessResponse{Success: false})
-		if err != nil {
-			log.Error().Err(err).Msg("Could not deliver unsuccessful account creation response")
-		}
-	} else if claims != nil && claims.Privileges > SuperUser {
-		w.WriteHeader(403)
+	err = json.NewEncoder(w).Encode(SuccessResponse{Success: true})
+	if err != nil {
+		log.Error().Err(err).Msg("Could not deliver successful account creation response")
 	}
 }

endpoints/submitfund.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"net/http"
 
+	"github.com/imosed/signet/auth"
 	"github.com/imosed/signet/utils"
 	"github.com/rs/zerolog/log"
 )
@@ -20,6 +21,20 @@ func SubmitFund(w http.ResponseWriter, r *http.Request) {
 		log.Error().Err(err).Msg("Could not decode body in SubmitFund call")
 	}
 
+	var claims *auth.Claims
+	claims, err = auth.GetUserClaims(r)
+	if err != nil {
+		log.Error().Err(err).Msg("Could not get user claims in call to SubmitFund")
+	}
+	if claims == nil {
+		w.WriteHeader(401)
+		return
+	}
+	if claims.Privileges > Admin {
+		w.WriteHeader(403)
+		return
+	}
+
 	var resp SuccessResponse
 	resp.Success = false