@@ -31,9 +31,12 @@ func CloseRewardFund(w http.ResponseWriter, r *http.Request) { | |||||
var fund RewardFund | var fund RewardFund | ||||
var modified int64 | var modified int64 | ||||
if claims.Privileges <= AdminPlus && req.Close { | |||||
if claims != nil && claims.Privileges <= AdminPlus && req.Close { | |||||
Db.Table("reward_funds").Find(&fund, req.ID) | Db.Table("reward_funds").Find(&fund, req.ID) | ||||
modified = Db.Delete(&fund).RowsAffected | modified = Db.Delete(&fund).RowsAffected | ||||
} else { | |||||
w.WriteHeader(403) | |||||
return | |||||
} | } | ||||
var resp SuccessResponse | var resp SuccessResponse | ||||
@@ -4,6 +4,7 @@ import ( | |||||
"encoding/json" | "encoding/json" | ||||
"net/http" | "net/http" | ||||
"github.com/imosed/signet/auth" | |||||
. "github.com/imosed/signet/data" | . "github.com/imosed/signet/data" | ||||
"github.com/rs/zerolog/log" | "github.com/rs/zerolog/log" | ||||
) | ) | ||||
@@ -24,21 +25,32 @@ func CreateQueue(w http.ResponseWriter, r *http.Request) { | |||||
return | return | ||||
} | } | ||||
var specificQueue Queue | |||||
Db.Table("queues").First(&specificQueue, "name = ?", req.Name) | |||||
var claims *auth.Claims | |||||
claims, err = auth.GetUserClaims(r) | |||||
if err != nil { | |||||
log.Error().Err(err).Msg("Could not determine if user is authenticated") | |||||
return | |||||
} | |||||
var resp CreateQueueResponse | var resp CreateQueueResponse | ||||
if claims != nil && claims.Privileges <= Admin { | |||||
var specificQueue Queue | |||||
Db.Table("queues").First(&specificQueue, "name = ?", req.Name) | |||||
if specificQueue.ID != 0 { | |||||
resp.ID = specificQueue.ID | |||||
} else { | |||||
queue := Queue{ | |||||
Name: req.Name, | |||||
} | |||||
if specificQueue.ID != 0 { | |||||
resp.ID = specificQueue.ID | |||||
} else { | |||||
queue := Queue{ | |||||
Name: req.Name, | |||||
} | |||||
Db.Create(&queue) | |||||
Db.Create(&queue) | |||||
resp.ID = queue.ID | |||||
resp.ID = queue.ID | |||||
} | |||||
} else { | |||||
w.WriteHeader(403) | |||||
return | |||||
} | } | ||||
err = json.NewEncoder(w).Encode(resp) | err = json.NewEncoder(w).Encode(resp) | ||||
@@ -85,7 +85,7 @@ func CreateRewardFund(resp http.ResponseWriter, req *http.Request) { | |||||
return | return | ||||
} | } | ||||
if claims.Privileges <= Admin { | |||||
if claims != nil && claims.Privileges <= Admin { | |||||
Db.Create(&rewardFund) | Db.Create(&rewardFund) | ||||
Db.Create(&joinRecord) | Db.Create(&joinRecord) | ||||
@@ -28,7 +28,7 @@ func ChangePrivileges(w http.ResponseWriter, r *http.Request) { | |||||
var claims *auth.Claims | var claims *auth.Claims | ||||
claims, err = auth.GetUserClaims(r) | claims, err = auth.GetUserClaims(r) | ||||
if claims.Privileges < 2 { | |||||
if claims != nil && claims.Privileges <= AdminPlus { | |||||
Db.Table("users").Where("id = ?", req.UserID).Find(&user) | Db.Table("users").Where("id = ?", req.UserID).Find(&user) | ||||
if req.Privileges == SuperUser { | if req.Privileges == SuperUser { | ||||
resp.Success = false | resp.Success = false | ||||
@@ -44,7 +44,8 @@ func ChangePrivileges(w http.ResponseWriter, r *http.Request) { | |||||
Db.Save(user) | Db.Save(user) | ||||
resp.Success = true | resp.Success = true | ||||
} else { | } else { | ||||
resp.Success = false | |||||
w.WriteHeader(403) | |||||
return | |||||
} | } | ||||
err = json.NewEncoder(w).Encode(resp) | err = json.NewEncoder(w).Encode(resp) | ||||
@@ -15,12 +15,13 @@ type GetUsersResponse struct { | |||||
func GetUsers(w http.ResponseWriter, r *http.Request) { | func GetUsers(w http.ResponseWriter, r *http.Request) { | ||||
claims, err := auth.GetUserClaims(r) | claims, err := auth.GetUserClaims(r) | ||||
if claims.Privileges > AdminPlus { | |||||
if claims == nil || (claims != nil && claims.Privileges > AdminPlus) { | |||||
w.WriteHeader(403) | |||||
return | return | ||||
} | } | ||||
var users []User | var users []User | ||||
Db.Table("users").Where("privileges >= ?", claims.Privileges).Scan(&users) | |||||
Db.Table("users").Where("privileges >= ?", claims.Privileges).Order("id").Scan(&users) | |||||
var resp GetUsersResponse | var resp GetUsersResponse | ||||
resp.Users = users | resp.Users = users | ||||
@@ -154,7 +154,7 @@ func Register(w http.ResponseWriter, r *http.Request) { | |||||
return | return | ||||
} | } | ||||
if noUsersRegistered() || claims.Privileges <= AdminPlus { | |||||
if noUsersRegistered() || (claims != nil && claims.Privileges <= AdminPlus) { | |||||
hash, err := GetHashedPassword(req.Password) | hash, err := GetHashedPassword(req.Password) | ||||
if err != nil { | if err != nil { | ||||
log.Error().Err(err).Msg("Could not generate hash for registration") | log.Error().Err(err).Msg("Could not generate hash for registration") | ||||
@@ -176,7 +176,7 @@ func Register(w http.ResponseWriter, r *http.Request) { | |||||
if err != nil { | if err != nil { | ||||
log.Error().Err(err).Msg("Could not deliver unsuccessful account creation response") | log.Error().Err(err).Msg("Could not deliver unsuccessful account creation response") | ||||
} | } | ||||
} else if claims.Privileges > SuperUser { | |||||
} else if claims != nil && claims.Privileges > SuperUser { | |||||
w.WriteHeader(403) | w.WriteHeader(403) | ||||
} | } | ||||
} | } |
@@ -2,6 +2,7 @@ package utils | |||||
import ( | import ( | ||||
"fmt" | "fmt" | ||||
"math" | |||||
"github.com/imosed/signet/client" | "github.com/imosed/signet/client" | ||||
. "github.com/imosed/signet/data" | . "github.com/imosed/signet/data" | ||||
@@ -14,6 +15,11 @@ import ( | |||||
"gorm.io/gorm/clause" | "gorm.io/gorm/clause" | ||||
) | ) | ||||
func getFraction(price float64) xdr.Price { | |||||
factor := math.Pow(10, 8) | |||||
return xdr.Price{N: xdr.Int32(price * factor), D: xdr.Int32(factor)} | |||||
} | |||||
func SubmitGroupFund(fundID uint) (bool, error) { | func SubmitGroupFund(fundID uint) (bool, error) { | ||||
var fund RewardFund | var fund RewardFund | ||||
Db.Preload(clause.Associations).Find(&fund, fundID) | Db.Preload(clause.Associations).Find(&fund, fundID) | ||||
@@ -63,7 +69,7 @@ func SubmitGroupFund(fundID uint) (bool, error) { | |||||
Issuer: fund.IssuerWallet, | Issuer: fund.IssuerWallet, | ||||
}, | }, | ||||
Amount: fmt.Sprintf("%f", submissionAmount), | Amount: fmt.Sprintf("%f", submissionAmount), | ||||
Price: xdr.Price{N: 1, D: xdr.Int32(fund.Price)}, | |||||
Price: getFraction(fund.Price), | |||||
OfferID: 0, | OfferID: 0, | ||||
SourceAccount: fund.FundWallet, | SourceAccount: fund.FundWallet, | ||||
}, | }, | ||||