This commit is contained in:
2
.gitignore
vendored
2
.gitignore
vendored
@@ -1,6 +1,8 @@
|
||||
api\ tests.txt
|
||||
ccsecrets
|
||||
ccsecrets.*
|
||||
smt
|
||||
smt.*
|
||||
.env
|
||||
*.pem
|
||||
.DS_Store
|
||||
@@ -14,6 +14,7 @@ func JwtAuthMiddleware() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
err := token.TokenValid(c)
|
||||
if err != nil {
|
||||
log.Printf("JwtAuthMiddleware token is not valid : '%s'\n", err)
|
||||
c.String(http.StatusUnauthorized, "Unauthorized")
|
||||
c.Abort()
|
||||
return
|
||||
@@ -25,10 +26,9 @@ func JwtAuthMiddleware() gin.HandlerFunc {
|
||||
func JwtAuthAdminMiddleware() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
|
||||
// TODO - also verify user role of admin
|
||||
|
||||
err := token.TokenValid(c)
|
||||
if err != nil {
|
||||
log.Printf("JwtAuthAdminMiddleware token is not valid : '%s'\n", err)
|
||||
c.String(http.StatusUnauthorized, "Unauthorized")
|
||||
c.Abort()
|
||||
return
|
||||
@@ -38,6 +38,7 @@ func JwtAuthAdminMiddleware() gin.HandlerFunc {
|
||||
user_id, err := token.ExtractTokenID(c)
|
||||
|
||||
if err != nil {
|
||||
log.Printf("JwtAuthAdminMiddleware could not extract user ID from context : '%s'\n", err)
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
c.Abort()
|
||||
return
|
||||
@@ -52,6 +53,7 @@ func JwtAuthAdminMiddleware() gin.HandlerFunc {
|
||||
}
|
||||
log.Printf("JwtAuthAdminMiddleware retrieved UserRole object '%v'\n", ur)
|
||||
|
||||
// Verify that the user has a role with the admin flag set
|
||||
if !ur.Admin {
|
||||
c.String(http.StatusUnauthorized, "User role is Non-Admin")
|
||||
c.Abort()
|
||||
|
||||
@@ -29,16 +29,21 @@ func (u *User) SaveUser() (*User, error) {
|
||||
var err error
|
||||
|
||||
// TODO - validate username not already in use
|
||||
|
||||
result, err := db.NamedExec((`INSERT INTO users (RoleId, UserName, Password) VALUES (:RoleId, :UserName, :Password)`), u)
|
||||
|
||||
_, err = GetUserByName(u.UserName)
|
||||
if err != nil {
|
||||
log.Printf("SaveUser error executing sql record : '%s'\n", err)
|
||||
return &User{}, err
|
||||
log.Printf("SaveUser Username already exists : '%v'\n", err)
|
||||
} else {
|
||||
affected, _ := result.RowsAffected()
|
||||
id, _ := result.LastInsertId()
|
||||
log.Printf("SaveUser insert returned result id '%d' affecting %d row(s).\n", id, affected)
|
||||
log.Printf("SaveUser confirmed no existing user, continuing with creation of user '%s'\n", u.UserName)
|
||||
result, err := db.NamedExec((`INSERT INTO users (RoleId, UserName, Password) VALUES (:RoleId, :UserName, :Password)`), u)
|
||||
|
||||
if err != nil {
|
||||
log.Printf("SaveUser error executing sql record : '%s'\n", err)
|
||||
return &User{}, err
|
||||
} else {
|
||||
affected, _ := result.RowsAffected()
|
||||
id, _ := result.LastInsertId()
|
||||
log.Printf("SaveUser insert returned result id '%d' affecting %d row(s).\n", id, affected)
|
||||
}
|
||||
}
|
||||
|
||||
return u, nil
|
||||
|
||||
Reference in New Issue
Block a user