louis/oktopus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): create users with different privileges

Browse Source
This commit is contained in:
Leandro Antônio Farias Machado 2023-06-16 11:28:33 -03:00
parent 57ebbc7c45
commit 8e57b87378
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
backend/services/controller/internal/api/api.go
View File

@ -26,6 +26,11 @@ type Api struct {
QMutex *sync.Mutex QMutex *sync.Mutex
} }
const (
NormalUser = iota
AdminUser
)
func NewApi(port string, db db.Database, b mtp.Broker, msgQueue map[string](chan usp_msg.Msg), m *sync.Mutex) Api { func NewApi(port string, db db.Database, b mtp.Broker, msgQueue map[string](chan usp_msg.Msg), m *sync.Mutex) Api {
return Api{ return Api{
Port: port, Port: port,
@ -40,7 +45,10 @@ func StartApi(a Api) {
r := mux.NewRouter() r := mux.NewRouter()
authentication := r.PathPrefix("/api/auth").Subrouter() authentication := r.PathPrefix("/api/auth").Subrouter()
authentication.HandleFunc("/login", a.generateToken).Methods("PUT") authentication.HandleFunc("/login", a.generateToken).Methods("PUT")
//authentication.HandleFunc("/register", a.registerUser).Methods("POST") authentication.HandleFunc("/register", a.registerUser).Methods("POST")
// Keep the line above commented to avoid people get unintended admin privileges.
// Uncomment it only once for you to get admin privileges and create new users.
// authentication.HandleFunc("/admin/register", a.registerAdminUser).Methods("POST")
iot := r.PathPrefix("/api/device").Subrouter() iot := r.PathPrefix("/api/device").Subrouter()
iot.HandleFunc("", a.retrieveDevices).Methods("GET") iot.HandleFunc("", a.retrieveDevices).Methods("GET")
iot.HandleFunc("/{sn}/get", a.deviceGetMsg).Methods("PUT") iot.HandleFunc("/{sn}/get", a.deviceGetMsg).Methods("PUT")
@ -331,6 +339,47 @@ func (a *Api) deviceExists(sn string, w http.ResponseWriter) {
} }
func (a *Api) registerUser(w http.ResponseWriter, r *http.Request) { func (a *Api) registerUser(w http.ResponseWriter, r *http.Request) {
tokenString := r.Header.Get("Authorization")
if tokenString == "" {
w.WriteHeader(http.StatusUnauthorized)
return
}
email, err := auth.ValidateToken(tokenString)
if err != nil {
w.WriteHeader(http.StatusUnauthorized)
return
}
//Check if user which is requesting creation has the necessary privileges
rUser, err := a.Db.FindUser(email)
if rUser.Level != AdminUser {
w.WriteHeader(http.StatusForbidden)
return
}
var user db.User
err = json.NewDecoder(r.Body).Decode(&user)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
return
}
user.Level = NormalUser
if err := user.HashPassword(user.Password); err != nil {
w.WriteHeader(http.StatusInternalServerError)
return
}
if err := a.Db.RegisterUser(user); err != nil {
w.WriteHeader(http.StatusInternalServerError)
return
}
}
func (a *Api) registerAdminUser(w http.ResponseWriter, r *http.Request) {
var user db.User var user db.User
err := json.NewDecoder(r.Body).Decode(&user) err := json.NewDecoder(r.Body).Decode(&user)
if err != nil { if err != nil {
@ -338,6 +387,8 @@ func (a *Api) registerUser(w http.ResponseWriter, r *http.Request) {
return return
} }
user.Level = AdminUser
if err := user.HashPassword(user.Password); err != nil { if err := user.HashPassword(user.Password); err != nil {
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusInternalServerError)
return return

1
backend/services/controller/internal/db/user.go
View File

@ -11,6 +11,7 @@ type User struct {
Email string `json:"email"` Email string `json:"email"`
Name string `json:"name"` Name string `json:"name"`
Password string `json:"password"` Password string `json:"password"`
Level int `json:"level"`
} }
func (d *Database) RegisterUser(user User) error { func (d *Database) RegisterUser(user User) error {