From 9ccc1d7ac8cdc266b69500bf012dbb18f7058cbd Mon Sep 17 00:00:00 2001
From: elraphty <elraphtyofficial@gmail.com>
Date: Sun, 21 Apr 2024 22:22:05 +0100
Subject: [PATCH] pulled from branch

---
 auth/auth.go       | 16 ++++++++++++++++
 handlers/people.go | 17 ++---------------
 routes/person.go   |  3 ++-
 3 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/auth/auth.go b/auth/auth.go
index cd4db11e8..8bfa5345f 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -167,6 +167,22 @@ func ConnectionCodeContext(next http.Handler) http.Handler {
 	})
 }
 
+// CypressContext allows testing for cypress
+func CypressContext(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		token := r.Header.Get("token")
+
+		if IsFreePass() {
+			ctx := context.WithValue(r.Context(), ContextKey, token)
+			next.ServeHTTP(w, r.WithContext(ctx))
+		} else {
+			fmt.Println("Endpoint is for testing only : test endpoint")
+			http.Error(w, http.StatusText(401), 401)
+			return
+		}
+	})
+}
+
 func AdminCheck(pubkey string) bool {
 	for _, val := range config.SuperAdmins {
 		if val == pubkey {
diff --git a/handlers/people.go b/handlers/people.go
index 7f42fdc36..19d11cac4 100644
--- a/handlers/people.go
+++ b/handlers/people.go
@@ -132,14 +132,6 @@ func (ph *peopleHandler) UpsertLogin(w http.ResponseWriter, r *http.Request) {
 
 	pubKeyFromAuth := person.OwnerPubKey
 
-	if pubKeyFromAuth != person.OwnerPubKey {
-		fmt.Println(pubKeyFromAuth)
-		fmt.Println(person.OwnerPubKey)
-		fmt.Println("mismatched pubkey")
-		w.WriteHeader(http.StatusUnauthorized)
-		return
-	}
-
 	existing := ph.db.GetPersonByPubkey(pubKeyFromAuth)
 	if existing.ID == 0 {
 		if person.ID != 0 {
@@ -153,11 +145,8 @@ func (ph *peopleHandler) UpsertLogin(w http.ResponseWriter, r *http.Request) {
 		person.Uuid = xid.New().String()
 
 	} else { // editing! needs ID
-		if person.ID == 0 {
-			person.ID = existing.ID
-		}
-		if person.ID != existing.ID { // can't edit someone else's
-			fmt.Println("can't edit someone else")
+		if person.ID != 0 && person.ID != existing.ID { // can't edit someone else's
+			fmt.Println("cant edit someone else")
 			w.WriteHeader(http.StatusUnauthorized)
 			return
 		}
@@ -193,11 +182,9 @@ func (ph *peopleHandler) UpsertLogin(w http.ResponseWriter, r *http.Request) {
 	}
 
 	responseData["jwt"] = tokenString
-	//responseData["user"] = p
 
 	w.WriteHeader(http.StatusOK)
 	w.Write([]byte(tokenString))
-	//json.NewEncoder(w).Encode(responseData)
 }
 
 func PersonIsAdmin(pk string) bool {
diff --git a/routes/person.go b/routes/person.go
index 3202cb8b1..4b9a15ec3 100644
--- a/routes/person.go
+++ b/routes/person.go
@@ -19,7 +19,8 @@ func PersonRoutes() chi.Router {
 	})
 
 	r.Group(func(r chi.Router) {
-		r.Post("/upsertlogin", peopleHandler.UpsertLogin)
+		r.Use(auth.CypressContext)
+		r.Post("/test", peopleHandler.UpsertLogin)
 	})
 
 	r.Group(func(r chi.Router) {