nixcn/cms-server
1
0
Fork 1
Code Pull Requests Activity

Enforce security to checkin api
All checks were successful
Client CMS Check Build (NixCN CMS) TeamCity build finished
Details
Backend Check Build (NixCN CMS) TeamCity build finished
Details

Browse Source 
Signed-off-by: Asai Neko <sugar@sne.moe>
This commit is contained in:
Asai Neko
2026-02-05 18:00:24 +08:00
parent 8566334f59
commit f1d47a53d3
1 changed files with 56 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
api/event/checkin.go
View File

@@ -25,8 +25,34 @@ import (
// @Security ApiKeyAuth // @Security ApiKeyAuth
// @Router /event/checkin [get] // @Router /event/checkin [get]
func (self *EventHandler) Checkin(c *gin.Context) { func (self *EventHandler) Checkin(c *gin.Context) {
userIdOrig, _ := c.Get("user_id") userIdOrig, ok := c.Get("user_id")
userId, _ := uuid.Parse(userIdOrig.(string)) if !ok {
errorCode := new(exception.Builder).
SetStatus(exception.StatusUser).
SetService(exception.ServiceUser).
SetEndpoint(exception.EndpointUserServiceInfo).
SetType(exception.TypeCommon).
SetOriginal(exception.CommonErrorMissingUserId).
Throw(c).
String()
utils.HttpResponse(c, 403, errorCode)
return
}
userId, err := uuid.Parse(userIdOrig.(string))
if err != nil {
errorCode := new(exception.Builder).
SetStatus(exception.StatusServer).
SetService(exception.ServiceUser).
SetEndpoint(exception.EndpointUserServiceInfo).
SetType(exception.TypeCommon).
SetOriginal(exception.CommonErrorUuidParseFailed).
SetError(err).
Throw(c).
String()
utils.HttpResponse(c, 500, errorCode)
return
}
eventIdOrig := c.Query("event_id") eventIdOrig := c.Query("event_id")
eventId, err := uuid.Parse(eventIdOrig) eventId, err := uuid.Parse(eventIdOrig)
@@ -99,8 +125,34 @@ func (self *EventHandler) CheckinSubmit(c *gin.Context) {
// @Security ApiKeyAuth // @Security ApiKeyAuth
// @Router /event/checkin/query [get] // @Router /event/checkin/query [get]
func (self *EventHandler) CheckinQuery(c *gin.Context) { func (self *EventHandler) CheckinQuery(c *gin.Context) {
userIdOrig, _ := c.Get("user_id") userIdOrig, ok := c.Get("user_id")
userId, _ := uuid.Parse(userIdOrig.(string)) if !ok {
errorCode := new(exception.Builder).
SetStatus(exception.StatusUser).
SetService(exception.ServiceUser).
SetEndpoint(exception.EndpointUserServiceInfo).
SetType(exception.TypeCommon).
SetOriginal(exception.CommonErrorMissingUserId).
Throw(c).
String()
utils.HttpResponse(c, 403, errorCode)
return
}
userId, err := uuid.Parse(userIdOrig.(string))
if err != nil {
errorCode := new(exception.Builder).
SetStatus(exception.StatusServer).
SetService(exception.ServiceUser).
SetEndpoint(exception.EndpointUserServiceInfo).
SetType(exception.TypeCommon).
SetOriginal(exception.CommonErrorUuidParseFailed).
SetError(err).
Throw(c).
String()
utils.HttpResponse(c, 500, errorCode)
return
}
eventIdOrig := c.Query("event_id") eventIdOrig := c.Query("event_id")
eventId, err := uuid.Parse(eventIdOrig) eventId, err := uuid.Parse(eventIdOrig)