diff --git a/enshi_back/db/go_queries/posts_queries.sql.go b/enshi_back/db/go_queries/posts_queries.sql.go index ba88faa..2090708 100644 --- a/enshi_back/db/go_queries/posts_queries.sql.go +++ b/enshi_back/db/go_queries/posts_queries.sql.go @@ -148,14 +148,13 @@ func (q *Queries) GetPostsByUserId(ctx context.Context, userID int64) ([]Post, e const updatePostByPostId = `-- name: UpdatePostByPostId :one UPDATE public.posts -SET blog_id=$1, user_id=$2, title=$3, "content"=$4, updated_at=CURRENT_TIMESTAMP -WHERE post_id = $5 +SET blog_id=$1, title=$2, "content"=$3, updated_at=CURRENT_TIMESTAMP +WHERE post_id = $4 RETURNING post_id, blog_id, user_id, title, content, created_at, updated_at ` type UpdatePostByPostIdParams struct { BlogID pgtype.Int8 `json:"blog_id"` - UserID int64 `json:"user_id"` Title pgtype.Text `json:"title"` Content pgtype.Text `json:"content"` PostID int64 `json:"post_id"` @@ -164,7 +163,6 @@ type UpdatePostByPostIdParams struct { func (q *Queries) UpdatePostByPostId(ctx context.Context, arg UpdatePostByPostIdParams) (Post, error) { row := q.db.QueryRow(ctx, updatePostByPostId, arg.BlogID, - arg.UserID, arg.Title, arg.Content, arg.PostID, diff --git a/enshi_back/db/queries/posts_queries.sql b/enshi_back/db/queries/posts_queries.sql index c8e5545..718e005 100644 --- a/enshi_back/db/queries/posts_queries.sql +++ b/enshi_back/db/queries/posts_queries.sql @@ -21,8 +21,8 @@ RETURNING *; -- name: UpdatePostByPostId :one UPDATE public.posts -SET blog_id=$1, user_id=$2, title=$3, "content"=$4, updated_at=CURRENT_TIMESTAMP -WHERE post_id = $5 +SET blog_id=$1, title=$2, "content"=$3, updated_at=CURRENT_TIMESTAMP +WHERE post_id = $4 RETURNING *; -- name: DeletePostByPostId :exec diff --git a/enshi_back/middleware/adminMiddleware.go b/enshi_back/middleware/adminMiddleware.go index 49a1165..3d35800 100644 --- a/enshi_back/middleware/adminMiddleware.go +++ b/enshi_back/middleware/adminMiddleware.go @@ -1,10 +1,8 @@ package middleware import ( - "context" rest_api_stuff "enshi/REST_API_stuff" - db_repo "enshi/db/go_queries" - "enshi/db_connection" + "enshi/middleware/checkRole" "enshi/middleware/getters" "fmt" @@ -21,16 +19,14 @@ func AdminMiddleware() gin.HandlerFunc { c.Abort() } - user, err := - db_repo.New(db_connection.Dbx). - GetUserById(context.Background(), userId) + isAdmin, err := checkRole.IsAdmin(userId) - if err != nil || user.UserID == 0 { + if err != nil { rest_api_stuff.BadRequestAnswer(c, err) c.Abort() } - if !user.IsAdmin { + if !isAdmin { rest_api_stuff.UnauthorizedAnswer(c, fmt.Errorf("not allowed")) c.Abort() } diff --git a/enshi_back/middleware/checkRole/isAdmin.go b/enshi_back/middleware/checkRole/isAdmin.go new file mode 100644 index 0000000..93a356e --- /dev/null +++ b/enshi_back/middleware/checkRole/isAdmin.go @@ -0,0 +1,23 @@ +package checkRole + +import ( + "context" + db_repo "enshi/db/go_queries" + "enshi/db_connection" +) + +func IsAdmin(userId int64) (bool, error) { + user, err := + db_repo.New(db_connection.Dbx). + GetUserById(context.Background(), userId) + + if err != nil || user.UserID == 0 { + return false, err + } + + if !user.IsAdmin { + return false, nil + } + + return true, nil +} diff --git a/enshi_back/middleware/checkRole/isOwner.go b/enshi_back/middleware/checkRole/isOwner.go new file mode 100644 index 0000000..5f046e9 --- /dev/null +++ b/enshi_back/middleware/checkRole/isOwner.go @@ -0,0 +1,23 @@ +package checkRole + +import ( + "context" + db_repo "enshi/db/go_queries" + "enshi/db_connection" +) + +func IsOwnerOfThePost(userId int64, postId int64) (bool, error) { + post, err := + db_repo.New(db_connection.Dbx). + GetPostsByPostId(context.Background(), postId) + + if err != nil { + return false, err + } + + if post.UserID != userId { + return false, nil + } + + return true, nil +} diff --git a/enshi_back/middleware/getters/claims.go b/enshi_back/middleware/getters/claims.go index 371650d..19d170d 100644 --- a/enshi_back/middleware/getters/claims.go +++ b/enshi_back/middleware/getters/claims.go @@ -30,13 +30,8 @@ func GetClaimsFromContext(c *gin.Context) (auth.UserInfoJWT, error) { UserInfo.Id = parsedUserId UserInfo.Username = claims.(jwt.MapClaims)["username"].(string) - isAdmin, err := strconv.ParseBool(claims.(jwt.MapClaims)["isAdmin"].(string)) - if err != nil { - UserInfo.IsAdmin = false - fmt.Println(global.RedColor + "isAdmin prop corrupted" + global.ResetColor) - } else { - UserInfo.IsAdmin = isAdmin - } + isAdmin := claims.(jwt.MapClaims)["isAdmin"].(bool) + UserInfo.IsAdmin = isAdmin return UserInfo, nil diff --git a/enshi_back/routes/postsRoutes/deletePost.go b/enshi_back/routes/postsRoutes/deletePost.go index 0ac4395..52c6e1b 100644 --- a/enshi_back/routes/postsRoutes/deletePost.go +++ b/enshi_back/routes/postsRoutes/deletePost.go @@ -13,7 +13,7 @@ import ( func DeletePost(c *gin.Context) { var deletePostId struct { - PostId int64 + PostId int64 `json:"post_id"` } if err := c.BindJSON(&deletePostId); err != nil { diff --git a/enshi_back/routes/postsRoutes/getPost.go b/enshi_back/routes/postsRoutes/getPost.go index ab661a6..2f9e8b2 100644 --- a/enshi_back/routes/postsRoutes/getPost.go +++ b/enshi_back/routes/postsRoutes/getPost.go @@ -12,7 +12,7 @@ import ( func GetPost(c *gin.Context) { var postParams struct { - PostId int64 + PostId int64 `json:"post_id"` } if err := c.BindJSON(&postParams); err != nil { diff --git a/enshi_back/routes/postsRoutes/updatePost.go b/enshi_back/routes/postsRoutes/updatePost.go new file mode 100644 index 0000000..d1cfd45 --- /dev/null +++ b/enshi_back/routes/postsRoutes/updatePost.go @@ -0,0 +1,51 @@ +package postsRoutes + +import ( + "context" + rest_api_stuff "enshi/REST_API_stuff" + db_repo "enshi/db/go_queries" + "enshi/db_connection" + "enshi/middleware/checkRole" + "enshi/middleware/getters" + "fmt" + + "github.com/gin-gonic/gin" +) + +func UpdatePost(c *gin.Context) { + var UpdatedPostParams db_repo.UpdatePostByPostIdParams + + if err := c.BindJSON(&UpdatedPostParams); err != nil { + rest_api_stuff.BadRequestAnswer(c, err) + return + } + + userId, err := getters.GetUserIdFromContext(c) + + if err != nil { + rest_api_stuff.InternalErrorAnswer(c, err) + return + } + + if isOwner, _ := checkRole.IsOwnerOfThePost( + userId, + UpdatedPostParams.PostID, + ); !isOwner { + rest_api_stuff.UnauthorizedAnswer(c, fmt.Errorf("you are now allowed to change this")) + return + } + + _, err = db_repo.New( + db_connection.Dbx, + ).UpdatePostByPostId( + context.Background(), + UpdatedPostParams, + ) + + if err != nil { + rest_api_stuff.InternalErrorAnswer(c, err) + return + } + + rest_api_stuff.OkAnswer(c, "post has been updated") +} diff --git a/enshi_back/routes/userProfileRoutes/updateUserProfile.go b/enshi_back/routes/userProfileRoutes/updateUserProfile.go new file mode 100644 index 0000000..fe792e9 --- /dev/null +++ b/enshi_back/routes/userProfileRoutes/updateUserProfile.go @@ -0,0 +1,38 @@ +package userProfileRoutes + +import ( + "context" + rest_api_stuff "enshi/REST_API_stuff" + db_repo "enshi/db/go_queries" + "enshi/db_connection" + "enshi/middleware/getters" + + "github.com/gin-gonic/gin" +) + +func UpdateUserProfile(c *gin.Context) { + var newProfile db_repo.UpdateProfileByUserIdParams + + if err := c.BindJSON(&newProfile); err != nil { + rest_api_stuff.BadRequestAnswer(c, err) + return + } + + userId, err := getters.GetUserIdFromContext(c) + if err != nil { + rest_api_stuff.InternalErrorAnswer(c, err) + return + } + + newProfile.UserID = userId + + if _, err := db_repo.New(db_connection.Dbx).UpdateProfileByUserId( + context.Background(), + newProfile, + ); err != nil { + rest_api_stuff.InternalErrorAnswer(c, err) + return + } + + rest_api_stuff.OkAnswer(c, "profile was updated") +} diff --git a/enshi_back/utils/routesSetup.go b/enshi_back/utils/routesSetup.go index 556dedd..832273e 100644 --- a/enshi_back/utils/routesSetup.go +++ b/enshi_back/utils/routesSetup.go @@ -5,6 +5,7 @@ import ( "enshi/routes" "enshi/routes/authRoutes" "enshi/routes/postsRoutes" + "enshi/routes/userProfileRoutes" "net/http" "strings" @@ -30,17 +31,20 @@ func SetupRotes(g *gin.Engine) error { freeGroup.POST("login", authRoutes.Login) freeGroup.POST("registerUser", authRoutes.RegisterUser) + freeGroup.GET("getPost", postsRoutes.GetPost) // Auth group routes authGroup := g.Group("/") authGroup.Use(middleware.AuthMiddleware()) - authGroup.GET("getPost", postsRoutes.GetPost) - + authGroup.POST("updatePost", postsRoutes.UpdatePost) authGroup.POST("createPost", postsRoutes.CreatePost) - authGroup.POST("deletePost", postsRoutes.DeletePost) authGroup.POST("changeUserProfile", routes.ChangeUserProfile) + authGroup.POST("updateProfile", userProfileRoutes.UpdateUserProfile) + authGroup.DELETE("deletePost", postsRoutes.DeletePost) + + // Admin group routes adminGroup := authGroup.Group("/admin/") adminGroup.Use(middleware.AdminMiddleware())