jtom38/go-cook
2
0
Fork 0
Code Issues 9 Pull Requests Packages Projects Releases Wiki Activity

if the admin token is null then it will fail an admin login. Also added the remove scopes logic and it worked for me

Browse Source
This commit is contained in:
James Tombleson 2024-04-04 15:30:22 -07:00
parent 8a43c166a8
commit 9bc36bae7f
1 changed files with 34 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
api/handlers/v1/auth.go
View File

@ -90,6 +90,12 @@ func (h *Handler) AuthLogin(c echo.Context) error {
} }
func (h *Handler) validateAdminToken(c echo.Context, password string) error { func (h *Handler) validateAdminToken(c echo.Context, password string) error {
// if the admin token is blank, then the admin wanted this disabled.
// this will fail right away and not progress.
if h.Config.AdminToken == "" {
return h.InternalServerErrorResponse(c, ErrUserNotFound)
}
if h.Config.AdminToken != password { if h.Config.AdminToken != password {
return h.ReturnUnauthorizedResponse(c, ErrUserNotFound) return h.ReturnUnauthorizedResponse(c, ErrUserNotFound)
} }
@ -102,7 +108,7 @@ func (h *Handler) validateAdminToken(c echo.Context, password string) error {
return c.JSON(http.StatusOK, token) return c.JSON(http.StatusOK, token)
} }
func (h *Handler) AddScope(c echo.Context) error { func (h *Handler) AddScopes(c echo.Context) error {
token, err := h.getJwtToken(c) token, err := h.getJwtToken(c)
if err != nil { if err != nil {
return h.ReturnUnauthorizedResponse(c, err.Error()) return h.ReturnUnauthorizedResponse(c, err.Error())
@ -113,7 +119,7 @@ func (h *Handler) AddScope(c echo.Context) error {
return h.ReturnUnauthorizedResponse(c, err.Error()) return h.ReturnUnauthorizedResponse(c, err.Error())
} }
request := domain.AddScopeRequest{} request := domain.UpdateScopesRequest{}
err = (&echo.DefaultBinder{}).BindBody(c, &request) err = (&echo.DefaultBinder{}).BindBody(c, &request)
if err != nil { if err != nil {
return c.JSON(http.StatusBadRequest, domain.ErrorResponse{ return c.JSON(http.StatusBadRequest, domain.ErrorResponse{
@ -132,10 +138,33 @@ func (h *Handler) AddScope(c echo.Context) error {
}) })
} }
func (h *Handler) RemoveScope(c echo.Context) error { func (h *Handler) RemoveScopes(c echo.Context) error {
token, err := h.getJwtToken(c)
if err != nil {
return h.ReturnUnauthorizedResponse(c, err.Error())
}
err = token.IsValid(domain.ScopeAll)
if err != nil {
return h.ReturnUnauthorizedResponse(c, err.Error())
}
request := domain.UpdateScopesRequest{}
err = (&echo.DefaultBinder{}).BindBody(c, &request)
if err != nil {
return c.JSON(http.StatusBadRequest, domain.ErrorResponse{
Success: false,
Message: err.Error(),
})
}
err = h.UserService.RemoveScopes(request.Username, request.Scopes)
if err != nil {
return h.InternalServerErrorResponse(c, err.Error())
}
return c.JSON(http.StatusOK, domain.ErrorResponse{ return c.JSON(http.StatusOK, domain.ErrorResponse{
Success: false, Success: true,
Message: "Not Implemented",
}) })
} }