refact(controller): user level types
This commit is contained in:
leandrofars
parent
9b2a39b66b
commit
b7b5bdfe90
|
|
@ -29,11 +29,6 @@ type Api struct {
|
||||||
|
|
||||||
const REQUEST_TIMEOUT = time.Second * 30
|
const REQUEST_TIMEOUT = time.Second * 30
|
||||||
|
|
||||||
const (
|
|
||||||
NormalUser = iota
|
|
||||||
AdminUser
|
|
||||||
)
|
|
||||||
|
|
||||||
func NewApi(c *config.Config, js jetstream.JetStream, nc *nats.Conn, bridge bridge.Bridge, d db.Database, kv jetstream.KeyValue) Api {
|
func NewApi(c *config.Config, js jetstream.JetStream, nc *nats.Conn, bridge bridge.Bridge, d db.Database, kv jetstream.KeyValue) Api {
|
||||||
return Api{
|
return Api{
|
||||||
port: c.RestApi.Port,
|
port: c.RestApi.Port,
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
"github.com/leandrofars/oktopus/internal/bridge"
|
"github.com/leandrofars/oktopus/internal/bridge"
|
||||||
|
"github.com/leandrofars/oktopus/internal/db"
|
||||||
local "github.com/leandrofars/oktopus/internal/nats"
|
local "github.com/leandrofars/oktopus/internal/nats"
|
||||||
"github.com/leandrofars/oktopus/internal/utils"
|
"github.com/leandrofars/oktopus/internal/utils"
|
||||||
"github.com/nats-io/nats.go/jetstream"
|
"github.com/nats-io/nats.go/jetstream"
|
||||||
|
|
@ -134,7 +135,7 @@ func (a *Api) deviceAuth(w http.ResponseWriter, r *http.Request) {
|
||||||
utils.MarshallEncoder(err, w)
|
utils.MarshallEncoder(err, w)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if user.Level != AdminUser {
|
if user.Level != db.AdminUser {
|
||||||
w.WriteHeader(http.StatusForbidden)
|
w.WriteHeader(http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,7 @@ func (a *Api) registerUser(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
//Check if user which is requesting creation has the necessary privileges
|
//Check if user which is requesting creation has the necessary privileges
|
||||||
rUser, err := a.db.FindUser(email)
|
rUser, err := a.db.FindUser(email)
|
||||||
if rUser.Level != AdminUser {
|
if rUser.Level != db.AdminUser {
|
||||||
w.WriteHeader(http.StatusForbidden)
|
w.WriteHeader(http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -63,7 +63,7 @@ func (a *Api) registerUser(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
user.Level = NormalUser
|
user.Level = db.NormalUser
|
||||||
|
|
||||||
if err := user.HashPassword(user.Password); err != nil {
|
if err := user.HashPassword(user.Password); err != nil {
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
w.WriteHeader(http.StatusInternalServerError)
|
||||||
|
|
@ -112,7 +112,7 @@ func (a *Api) deleteUser(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
userEmail := mux.Vars(r)["user"]
|
userEmail := mux.Vars(r)["user"]
|
||||||
|
|
||||||
if rUser.Email == userEmail || (rUser.Level == AdminUser && rUser.Email != userEmail) { //Admin can delete any account, but admin account can never be deleted
|
if rUser.Email == userEmail || (rUser.Level == db.AdminUser && rUser.Email != userEmail) { //Admin can delete any account, but admin account can never be deleted
|
||||||
if err := a.db.DeleteUser(userEmail); err != nil {
|
if err := a.db.DeleteUser(userEmail); err != nil {
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
w.WriteHeader(http.StatusInternalServerError)
|
||||||
json.NewEncoder(w).Encode(err)
|
json.NewEncoder(w).Encode(err)
|
||||||
|
|
@ -138,7 +138,7 @@ func (a *Api) changePassword(w http.ResponseWriter, r *http.Request) {
|
||||||
userToChangePasswd := mux.Vars(r)["user"]
|
userToChangePasswd := mux.Vars(r)["user"]
|
||||||
if userToChangePasswd != "" && userToChangePasswd != email {
|
if userToChangePasswd != "" && userToChangePasswd != email {
|
||||||
rUser, _ := a.db.FindUser(email)
|
rUser, _ := a.db.FindUser(email)
|
||||||
if rUser.Level != AdminUser {
|
if rUser.Level != db.AdminUser {
|
||||||
w.WriteHeader(http.StatusForbidden)
|
w.WriteHeader(http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -189,7 +189,7 @@ func (a *Api) registerAdminUser(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
user.Level = AdminUser
|
user.Level = db.AdminUser
|
||||||
|
|
||||||
if err := user.HashPassword(user.Password); err != nil {
|
if err := user.HashPassword(user.Password); err != nil {
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
w.WriteHeader(http.StatusInternalServerError)
|
||||||
|
|
@ -204,7 +204,7 @@ func (a *Api) registerAdminUser(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
func adminUserExists(users []map[string]interface{}) bool {
|
func adminUserExists(users []map[string]interface{}) bool {
|
||||||
for _, x := range users {
|
for _, x := range users {
|
||||||
if x["level"].(int32) == AdminUser {
|
if x["level"].(db.UserLevels) == db.AdminUser {
|
||||||
log.Println("Admin exists")
|
log.Println("Admin exists")
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,12 +9,20 @@ import (
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type UserLevels int32
|
||||||
|
|
||||||
|
const (
|
||||||
|
NormalUser UserLevels = iota
|
||||||
|
AdminUser
|
||||||
|
OktopusUser
|
||||||
|
)
|
||||||
|
|
||||||
type User struct {
|
type User struct {
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
Password string `json:"password,omitempty"`
|
Password string `json:"password,omitempty"`
|
||||||
Level int `json:"level"`
|
Level UserLevels `json:"level"`
|
||||||
Phone string `json:"phone"`
|
Phone string `json:"phone"`
|
||||||
}
|
}
|
||||||
|
|
||||||
var ErrorUserExists = errors.New("User already exists")
|
var ErrorUserExists = errors.New("User already exists")
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user