Massive rework has been started

2024-11-15 01:04:48 +03:00 · 2024-11-15 01:04:48 +03:00 · 01da5ec2ee
commit 01da5ec2ee
parent 8f12afae7e
16 changed files with 263 additions and 58 deletions
--- a/enshi_back/ABAC/globalRules/authorizedRule.go
+++ b/enshi_back/ABAC/globalRules/authorizedRule.go
@ -0,0 +1,24 @@
+package globalrules
+
+import (
+	"enshi/auth"
+	"enshi/global"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+func AuthorizedRule(c *gin.Context) (bool, error) {
+	tokenFromCookies := c.Request.CookiesNamed("auth_cookie")[0].Value
+	cookieClimes, err := auth.ValidateToken(tokenFromCookies)
+	if err != nil {
+		c.IndentedJSON(http.StatusUnauthorized, gin.H{"error auth": err.Error()})
+		c.Abort()
+		return false, err
+	} else {
+		c.Set(global.ContextUserId, cookieClimes["id"])
+		c.Set(global.ContextTokenData, cookieClimes)
+	}
+
+	return true, nil
+}
--- a/enshi_back/ABAC/postsPolicies/postPolicy.go
+++ b/enshi_back/ABAC/postsPolicies/postPolicy.go
@ -0,0 +1,50 @@
+package postspolicies
+
+import (
+	postRules "enshi/ABAC/postsPolicies/postRules"
+
+	"github.com/gin-gonic/gin"
+)
+
+const (
+	DELETE_POST = "delete_post"
+	UPDATE_POST = "update_post"
+	CREATE_POST = "create_post"
+	GET_POST    = "get_post"
+)
+
+func checkRule(
+	c *gin.Context,
+	ruleChecker func(*gin.Context) (bool, error),
+) (bool, error) {
+	IsAllowed, err := ruleChecker(c)
+	if err != nil {
+		return false, err
+	}
+
+	return IsAllowed, nil
+}
+
+func PostsPolicies(c *gin.Context) (bool, error) {
+	target, exists := c.Get("target")
+	if !exists {
+		return false, nil
+	}
+
+	switch target {
+	case DELETE_POST:
+		return checkRule(c, postRules.DeleteRule)
+
+	case UPDATE_POST:
+		return checkRule(c, postRules.PostUpdateRule)
+
+	case GET_POST:
+		return checkRule(c, postRules.PostReadRule)
+
+	case CREATE_POST:
+		return checkRule(c, postRules.PostCreateRule)
+
+	}
+
+	return false, nil
+}
--- a/enshi_back/ABAC/postsPolicies/postRules/createRule.go
+++ b/enshi_back/ABAC/postsPolicies/postRules/createRule.go
@ -0,0 +1,10 @@
+package postRules
+
+import (
+	"github.com/gin-gonic/gin"
+)
+
+// Only owner of the post can change it
+func PostCreateRule(c *gin.Context) (bool, error) {
+	return true, nil
+}
--- a/enshi_back/ABAC/postsPolicies/postRules/deleteRule.go
+++ b/enshi_back/ABAC/postsPolicies/postRules/deleteRule.go
@ -0,0 +1,22 @@
+package postRules
+
+import (
+	"enshi/middleware/checkRole"
+
+	"github.com/gin-gonic/gin"
+)
+
+// Only owner or admin can delete post
+func DeleteRule(c *gin.Context) (bool, error) {
+	isOwner, err := checkRole.IsOwnerOfThePost(c)
+	if err != nil {
+		return false, err
+	}
+
+	isAdmin, err := checkRole.IsAdmin(c)
+	if err != nil {
+		return false, err
+	}
+
+	return isAdmin || isOwner, err
+}
--- a/enshi_back/ABAC/postsPolicies/postRules/readRule.go
+++ b/enshi_back/ABAC/postsPolicies/postRules/readRule.go
@ -0,0 +1,10 @@
+package postRules
+
+import (
+	"github.com/gin-gonic/gin"
+)
+
+// Only owner of the post can change it
+func PostReadRule(c *gin.Context) (bool, error) {
+	return true, nil
+}
--- a/enshi_back/ABAC/postsPolicies/postRules/updateRule.go
+++ b/enshi_back/ABAC/postsPolicies/postRules/updateRule.go
@ -0,0 +1,17 @@
+package postRules
+
+import (
+	"enshi/middleware/checkRole"
+
+	"github.com/gin-gonic/gin"
+)
+
+// Only owner of the post can change it
+func PostUpdateRule(c *gin.Context) (bool, error) {
+	isOwner, err := checkRole.IsOwnerOfThePost(c)
+	if err != nil {
+		return false, err
+	}
+
+	return isOwner, nil
+}
--- a/enshi_back/middleware/adminMiddleware.go
+++ b/enshi_back/middleware/adminMiddleware.go
@ -3,7 +3,6 @@ package middleware
 import (
 	rest_api_stuff "enshi/REST_API_stuff"
 	"enshi/middleware/checkRole"
-	"enshi/middleware/getters"
 	"fmt"

 	"github.com/gin-gonic/gin"
@ -12,14 +11,7 @@ import (
 func AdminMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {

-		userId, err := getters.GetUserIdFromContext(c)
-
-		if err != nil || userId == 0 {
-			rest_api_stuff.BadRequestAnswer(c, err)
-			c.Abort()
-		}
-
-		isAdmin, err := checkRole.IsAdmin(userId)
+		isAdmin, err := checkRole.IsAdmin(c)

 		if err != nil {
 			rest_api_stuff.BadRequestAnswer(c, err)
--- a/enshi_back/middleware/checkRole/isAdmin.go
+++ b/enshi_back/middleware/checkRole/isAdmin.go
@ -4,9 +4,18 @@ import (
 	"context"
 	db_repo "enshi/db/go_queries"
 	"enshi/db_connection"
+	"enshi/middleware/getters"
+
+	"github.com/gin-gonic/gin"
 )

-func IsAdmin(userId int64) (bool, error) {
+func IsAdmin(c *gin.Context) (bool, error) {
+	userId, err := getters.GetUserIdFromContext(c)
+
+	if err != nil {
+		return false, err
+	}
+
 	user, err :=
 		db_repo.New(db_connection.Dbx).
 			GetUserById(context.Background(), userId)
--- a/enshi_back/middleware/checkRole/isOwnerOfThePost.go
+++ b/enshi_back/middleware/checkRole/isOwnerOfThePost.go
@ -4,9 +4,24 @@ import (
 	"context"
 	db_repo "enshi/db/go_queries"
 	"enshi/db_connection"
+	"enshi/middleware/getters"
+
+	"github.com/gin-gonic/gin"
 )

-func IsOwnerOfThePost(userId int64, postId int64) (bool, error) {
+func IsOwnerOfThePost(c *gin.Context) (bool, error) {
+	postId, err := getters.GetInt64Param(c, "post-id")
+
+	if err != nil {
+		return false, err
+	}
+
+	userId, err := getters.GetUserIdFromContext(c)
+
+	if err != nil {
+		return false, err
+	}
+
 	post, err :=
 		db_repo.New(db_connection.Dbx).
 			GetPostsByPostId(context.Background(), postId)
--- a/enshi_back/middleware/getters/getIntParam.go
+++ b/enshi_back/middleware/getters/getIntParam.go
@ -0,0 +1,17 @@
+package getters
+
+import (
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+)
+
+func GetInt64Param(c *gin.Context, paramName string) (int64, error) {
+	int64ParamValue, err := strconv.ParseInt(c.Param(paramName), 10, 64)
+
+	if err != nil {
+		return -1, err
+	}
+
+	return int64ParamValue, nil
+}
--- a/enshi_back/middleware/postsMiddleware.go
+++ b/enshi_back/middleware/postsMiddleware.go
@ -0,0 +1,41 @@
+package middleware
+
+import (
+	postspolicies "enshi/ABAC/postsPolicies"
+	rest_api_stuff "enshi/REST_API_stuff"
+	"fmt"
+
+	"github.com/gin-gonic/gin"
+)
+
+func PostsMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+
+		switch c.Request.Method {
+		case "DELETE":
+			c.Set("target", postspolicies.DELETE_POST)
+		case "PUT":
+			c.Set("target", postspolicies.UPDATE_POST)
+		case "POST":
+			c.Set("target", postspolicies.CREATE_POST)
+		case "GET":
+			c.Set("target", postspolicies.GET_POST)
+		}
+
+		isAllowed, err := postspolicies.PostsPolicies(c)
+
+		if err != nil {
+			rest_api_stuff.InternalErrorAnswer(c, err)
+			c.Abort()
+			return
+		}
+
+		if !isAllowed {
+			rest_api_stuff.UnauthorizedAnswer(c, fmt.Errorf("you have no permission"))
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}
--- a/enshi_back/routes/changeUserProfile.go
+++ b/enshi_back/routes/changeUserProfile.go
@ -1,17 +0,0 @@
-package routes
-
-import (
-	rest_api_stuff "enshi/REST_API_stuff"
-	db_repo "enshi/db/go_queries"
-
-	"github.com/gin-gonic/gin"
-)
-
-func ChangeUserProfile(c *gin.Context) {
-	var userProfileParams db_repo.UpdateProfileByUserIdParams
-
-	if err := c.BindJSON(&userProfileParams); err != nil {
-		rest_api_stuff.BadRequestAnswer(c, err)
-	}
-
-}
--- a/enshi_back/routes/postsRoutes/deletePost.go
+++ b/enshi_back/routes/postsRoutes/deletePost.go
@ -7,16 +7,15 @@ import (
 	"enshi/db_connection"
 	"enshi/middleware/getters"
 	"fmt"
+	"strconv"

 	"github.com/gin-gonic/gin"
 )

 func DeletePost(c *gin.Context) {
-	var deletePostId struct {
-		PostId int64 `json:"post_id"`
-	}
+	postId, err := strconv.ParseInt(c.Param("post-id"), 10, 64)

-	if err := c.BindJSON(&deletePostId); err != nil {
+	if err != nil {
 		rest_api_stuff.BadRequestAnswer(c, err)
 		return
 	}
@ -28,7 +27,7 @@ func DeletePost(c *gin.Context) {
 	}

 	query := db_repo.New(db_connection.Dbx)
-	post, err := query.GetPostsByPostId(context.Background(), deletePostId.PostId)
+	post, err := query.GetPostsByPostId(context.Background(), postId)
 	if err != nil {
 		rest_api_stuff.InternalErrorAnswer(c, err)
 		return
@ -41,7 +40,7 @@ func DeletePost(c *gin.Context) {

 	// TODO: Add block of code, so admin could delete anything

-	err = query.DeletePostByPostId(context.Background(), deletePostId.PostId)
+	err = query.DeletePostByPostId(context.Background(), postId)
 	if err != nil {
 		rest_api_stuff.InternalErrorAnswer(c, err)
 		return
--- a/enshi_back/routes/postsRoutes/getPost.go
+++ b/enshi_back/routes/postsRoutes/getPost.go
@ -5,24 +5,23 @@ import (
 	rest_api_stuff "enshi/REST_API_stuff"
 	db_repo "enshi/db/go_queries"
 	"enshi/db_connection"
+	"enshi/middleware/getters"
 	"net/http"

 	"github.com/gin-gonic/gin"
 )

 func GetPost(c *gin.Context) {
-	var postParams struct {
-		PostId int64 `json:"post_id"`
-	}
+	postId, err := getters.GetInt64Param(c, "post-id")

-	if err := c.BindJSON(&postParams); err != nil {
+	if err != nil {
 		rest_api_stuff.BadRequestAnswer(c, err)
 		return
 	}

 	postData, err :=
 		db_repo.New(db_connection.Dbx).
-			GetPostsByPostId(context.Background(), postParams.PostId)
+			GetPostsByPostId(context.Background(), postId)

 	if err != nil {
 		rest_api_stuff.InternalErrorAnswer(c, err)
--- a/enshi_back/routes/postsRoutes/updatePost.go
+++ b/enshi_back/routes/postsRoutes/updatePost.go
@ -5,9 +5,7 @@ import (
 	rest_api_stuff "enshi/REST_API_stuff"
 	db_repo "enshi/db/go_queries"
 	"enshi/db_connection"
-	"enshi/middleware/checkRole"
 	"enshi/middleware/getters"
-	"fmt"

 	"github.com/gin-gonic/gin"
 )
@ -20,20 +18,20 @@ func UpdatePost(c *gin.Context) {
 		return
 	}

-	userId, err := getters.GetUserIdFromContext(c)
+	_, err := getters.GetUserIdFromContext(c)

 	if err != nil {
 		rest_api_stuff.InternalErrorAnswer(c, err)
 		return
 	}

-	if isOwner, _ := checkRole.IsOwnerOfThePost(
-		userId,
-		UpdatedPostParams.PostID,
-	); !isOwner {
-		rest_api_stuff.UnauthorizedAnswer(c, fmt.Errorf("you are now allowed to change this"))
-		return
-	}
+	// if isOwner, _ := checkRole.IsOwnerOfThePost(
+	// 	userId,
+	// 	UpdatedPostParams.PostID,
+	// ); !isOwner {
+	// 	rest_api_stuff.UnauthorizedAnswer(c, fmt.Errorf("you are now allowed to change this"))
+	// 	return
+	// }

 	_, err = db_repo.New(
 		db_connection.Dbx,
--- a/enshi_back/utils/routesSetup.go
+++ b/enshi_back/utils/routesSetup.go
@ -2,7 +2,6 @@ package utils

 import (
 	"enshi/middleware"
-	"enshi/routes"
 	"enshi/routes/authRoutes"
 	"enshi/routes/postsRoutes"
 	"enshi/routes/userProfileRoutes"
@ -29,20 +28,40 @@ func SetupRotes(g *gin.Engine) error {

 	freeGroup.GET("getCookie", testCookie)

-	freeGroup.POST("login", authRoutes.Login)
-	freeGroup.POST("registerUser", authRoutes.RegisterUser)
-	freeGroup.GET("getPost", postsRoutes.GetPost)
+	freeGroup.POST(
+		"login",
+		authRoutes.Login,
+	)
+	freeGroup.POST(
+		"users",
+		authRoutes.RegisterUser,
+	)
+	freeGroup.GET(
+		"posts/:post-id",
+		postsRoutes.GetPost,
+	)

 	// Auth group routes
 	authGroup := g.Group("/")
 	authGroup.Use(middleware.AuthMiddleware())

-	authGroup.POST("updatePost", postsRoutes.UpdatePost)
-	authGroup.POST("createPost", postsRoutes.CreatePost)
-	authGroup.POST("changeUserProfile", routes.ChangeUserProfile)
-	authGroup.POST("updateProfile", userProfileRoutes.UpdateUserProfile)
+	authGroup.PUT(
+		"posts/:post-id",
+		postsRoutes.UpdatePost,
+	)
+	authGroup.POST(
+		"posts",
+		postsRoutes.CreatePost,
+	)
+	authGroup.DELETE(
+		"posts/:post-id",
+		postsRoutes.DeletePost,
+	)

-	authGroup.DELETE("deletePost", postsRoutes.DeletePost)
+	authGroup.PUT(
+		"user-profiles",
+		userProfileRoutes.UpdateUserProfile,
+	)

 	// Admin group routes
 	adminGroup := authGroup.Group("/admin/")