Skip to content

Commit

Permalink
pulled from branch
Browse files Browse the repository at this point in the history
  • Loading branch information
@elraphty
elraphty committed Apr 21, 2024
1 parent 4b76994 commit 9ccc1d7
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 16 deletions.
16 changes: 16 additions & 0 deletions auth/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,22 @@ func ConnectionCodeContext(next http.Handler) http.Handler {
})
}

// CypressContext allows testing for cypress
func CypressContext(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
token := r.Header.Get("token")

if IsFreePass() {
ctx := context.WithValue(r.Context(), ContextKey, token)
next.ServeHTTP(w, r.WithContext(ctx))
} else {
fmt.Println("Endpoint is for testing only : test endpoint")
http.Error(w, http.StatusText(401), 401)
return
}
})
}

func AdminCheck(pubkey string) bool {
for _, val := range config.SuperAdmins {
if val == pubkey {
Expand Down
17 changes: 2 additions & 15 deletions handlers/people.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,14 +132,6 @@ func (ph *peopleHandler) UpsertLogin(w http.ResponseWriter, r *http.Request) {

pubKeyFromAuth := person.OwnerPubKey

if pubKeyFromAuth != person.OwnerPubKey {
fmt.Println(pubKeyFromAuth)
fmt.Println(person.OwnerPubKey)
fmt.Println("mismatched pubkey")
w.WriteHeader(http.StatusUnauthorized)
return
}

existing := ph.db.GetPersonByPubkey(pubKeyFromAuth)
if existing.ID == 0 {
if person.ID != 0 {
Expand All @@ -153,11 +145,8 @@ func (ph *peopleHandler) UpsertLogin(w http.ResponseWriter, r *http.Request) {
person.Uuid = xid.New().String()

} else { // editing! needs ID
if person.ID == 0 {
person.ID = existing.ID
}
if person.ID != existing.ID { // can't edit someone else's
fmt.Println("can't edit someone else")
if person.ID != 0 && person.ID != existing.ID { // can't edit someone else's
fmt.Println("cant edit someone else")
w.WriteHeader(http.StatusUnauthorized)
return
}
Expand Down Expand Up @@ -193,11 +182,9 @@ func (ph *peopleHandler) UpsertLogin(w http.ResponseWriter, r *http.Request) {
}

responseData["jwt"] = tokenString
//responseData["user"] = p

w.WriteHeader(http.StatusOK)
w.Write([]byte(tokenString))
//json.NewEncoder(w).Encode(responseData)
}

func PersonIsAdmin(pk string) bool {
Expand Down
3 changes: 2 additions & 1 deletion routes/person.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ func PersonRoutes() chi.Router {
})

r.Group(func(r chi.Router) {
r.Post("/upsertlogin", peopleHandler.UpsertLogin)
r.Use(auth.CypressContext)
r.Post("/test", peopleHandler.UpsertLogin)
})

r.Group(func(r chi.Router) {
Expand Down

0 comments on commit 9ccc1d7

Please sign in to comment.