ソースを参照

Return the proper http response for unprivileged requests

master
Jared 1年前
コミット
e21a970c42
7個のファイルの変更42行の追加19行の削除
  1. +4
    -1
      endpoints/closerewardfund.go
  2. +22
    -10
      endpoints/createqueue.go
  3. +1
    -1
      endpoints/createrewardfund.go
  4. +3
    -2
      endpoints/escalateprivileges.go
  5. +3
    -2
      endpoints/getusers.go
  6. +2
    -2
      endpoints/register.go
  7. +7
    -1
      utils/submission.go

+ 4
- 1
endpoints/closerewardfund.go ファイルの表示

@@ -31,9 +31,12 @@ func CloseRewardFund(w http.ResponseWriter, r *http.Request) {

var fund RewardFund
var modified int64
if claims.Privileges <= AdminPlus && req.Close {
if claims != nil && claims.Privileges <= AdminPlus && req.Close {
Db.Table("reward_funds").Find(&fund, req.ID)
modified = Db.Delete(&fund).RowsAffected
} else {
w.WriteHeader(403)
return
}

var resp SuccessResponse


+ 22
- 10
endpoints/createqueue.go ファイルの表示

@@ -4,6 +4,7 @@ import (
"encoding/json"
"net/http"

"github.com/imosed/signet/auth"
. "github.com/imosed/signet/data"
"github.com/rs/zerolog/log"
)
@@ -24,21 +25,32 @@ func CreateQueue(w http.ResponseWriter, r *http.Request) {
return
}

var specificQueue Queue
Db.Table("queues").First(&specificQueue, "name = ?", req.Name)
var claims *auth.Claims
claims, err = auth.GetUserClaims(r)
if err != nil {
log.Error().Err(err).Msg("Could not determine if user is authenticated")
return
}

var resp CreateQueueResponse
if claims != nil && claims.Privileges <= Admin {
var specificQueue Queue
Db.Table("queues").First(&specificQueue, "name = ?", req.Name)

if specificQueue.ID != 0 {
resp.ID = specificQueue.ID
} else {
queue := Queue{
Name: req.Name,
}
if specificQueue.ID != 0 {
resp.ID = specificQueue.ID
} else {
queue := Queue{
Name: req.Name,
}

Db.Create(&queue)
Db.Create(&queue)

resp.ID = queue.ID
resp.ID = queue.ID
}
} else {
w.WriteHeader(403)
return
}

err = json.NewEncoder(w).Encode(resp)


+ 1
- 1
endpoints/createrewardfund.go ファイルの表示

@@ -85,7 +85,7 @@ func CreateRewardFund(resp http.ResponseWriter, req *http.Request) {
return
}

if claims.Privileges <= Admin {
if claims != nil && claims.Privileges <= Admin {
Db.Create(&rewardFund)
Db.Create(&joinRecord)



+ 3
- 2
endpoints/escalateprivileges.go ファイルの表示

@@ -28,7 +28,7 @@ func ChangePrivileges(w http.ResponseWriter, r *http.Request) {
var claims *auth.Claims
claims, err = auth.GetUserClaims(r)

if claims.Privileges < 2 {
if claims != nil && claims.Privileges <= AdminPlus {
Db.Table("users").Where("id = ?", req.UserID).Find(&user)
if req.Privileges == SuperUser {
resp.Success = false
@@ -44,7 +44,8 @@ func ChangePrivileges(w http.ResponseWriter, r *http.Request) {
Db.Save(user)
resp.Success = true
} else {
resp.Success = false
w.WriteHeader(403)
return
}

err = json.NewEncoder(w).Encode(resp)


+ 3
- 2
endpoints/getusers.go ファイルの表示

@@ -15,12 +15,13 @@ type GetUsersResponse struct {
func GetUsers(w http.ResponseWriter, r *http.Request) {
claims, err := auth.GetUserClaims(r)

if claims.Privileges > AdminPlus {
if claims == nil || (claims != nil && claims.Privileges > AdminPlus) {
w.WriteHeader(403)
return
}

var users []User
Db.Table("users").Where("privileges >= ?", claims.Privileges).Scan(&users)
Db.Table("users").Where("privileges >= ?", claims.Privileges).Order("id").Scan(&users)

var resp GetUsersResponse
resp.Users = users


+ 2
- 2
endpoints/register.go ファイルの表示

@@ -154,7 +154,7 @@ func Register(w http.ResponseWriter, r *http.Request) {
return
}

if noUsersRegistered() || claims.Privileges <= AdminPlus {
if noUsersRegistered() || (claims != nil && claims.Privileges <= AdminPlus) {
hash, err := GetHashedPassword(req.Password)
if err != nil {
log.Error().Err(err).Msg("Could not generate hash for registration")
@@ -176,7 +176,7 @@ func Register(w http.ResponseWriter, r *http.Request) {
if err != nil {
log.Error().Err(err).Msg("Could not deliver unsuccessful account creation response")
}
} else if claims.Privileges > SuperUser {
} else if claims != nil && claims.Privileges > SuperUser {
w.WriteHeader(403)
}
}

+ 7
- 1
utils/submission.go ファイルの表示

@@ -2,6 +2,7 @@ package utils

import (
"fmt"
"math"

"github.com/imosed/signet/client"
. "github.com/imosed/signet/data"
@@ -14,6 +15,11 @@ import (
"gorm.io/gorm/clause"
)

func getFraction(price float64) xdr.Price {
factor := math.Pow(10, 8)
return xdr.Price{N: xdr.Int32(price * factor), D: xdr.Int32(factor)}
}

func SubmitGroupFund(fundID uint) (bool, error) {
var fund RewardFund
Db.Preload(clause.Associations).Find(&fund, fundID)
@@ -63,7 +69,7 @@ func SubmitGroupFund(fundID uint) (bool, error) {
Issuer: fund.IssuerWallet,
},
Amount: fmt.Sprintf("%f", submissionAmount),
Price: xdr.Price{N: 1, D: xdr.Int32(fund.Price)},
Price: getFraction(fund.Price),
OfferID: 0,
SourceAccount: fund.FundWallet,
},


読み込み中…
キャンセル
保存