From 4dfd4cd529a8cbe9c251a4a9b68ed02a17ac8f1d Mon Sep 17 00:00:00 2001
From: Asai Neko <sugar@sne.moe>
Date: Fri, 2 Jan 2026 13:00:02 +0800
Subject: [PATCH] Modify auth middleware

Signed-off-by: Asai Neko <sugar@sne.moe>
---
 middleware/jwt.go        |  8 ++++++-
 service/auth/magic.go    |  4 +---
 service/event/handler.go |  2 +-
 service/event/info.go    | 12 +++--------
 service/user/checkin.go  | 46 +++++++++++-----------------------------
 service/user/handler.go  |  2 +-
 service/user/info.go     | 12 +++--------
 service/user/list.go     | 16 ++++----------
 service/user/query.go    |  6 ++----
 service/user/update.go   | 22 ++++++-------------
 10 files changed, 41 insertions(+), 89 deletions(-)

diff --git a/middleware/jwt.go b/middleware/jwt.go
index 3b7bd1d..4a3801c 100644
--- a/middleware/jwt.go
+++ b/middleware/jwt.go
@@ -6,7 +6,7 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
-func JWTAuth() gin.HandlerFunc {
+func JWTAuth(required bool) gin.HandlerFunc {
 
 	return func(c *gin.Context) {
 		auth := c.GetHeader("Authorization")
@@ -18,6 +18,12 @@ func JWTAuth() gin.HandlerFunc {
 			return
 		}
 
+		if required == true {
+			c.JSON(401, gin.H{"status": "unauthorized"})
+			c.Next()
+			return
+		}
+
 		if uid == "" {
 			c.Set("user_id", "")
 			c.Next()
diff --git a/service/auth/magic.go b/service/auth/magic.go
index 17c8943..e95787b 100644
--- a/service/auth/magic.go
+++ b/service/auth/magic.go
@@ -112,9 +112,7 @@ func VerifyMagicLink(c *gin.Context) {
 	}
 	accessToken, refreshToken, err := JwtTool.IssueTokens(user.UserId)
 	if err != nil {
-		c.JSON(500, gin.H{
-			"status": "error generating tokens",
-		})
+		c.JSON(500, gin.H{"status": "error generating tokens"})
 		return
 	}
 
diff --git a/service/event/handler.go b/service/event/handler.go
index 993bbc6..57e45e2 100644
--- a/service/event/handler.go
+++ b/service/event/handler.go
@@ -7,6 +7,6 @@ import (
 )
 
 func Handler(r *gin.RouterGroup) {
-	r.Use(middleware.JWTAuth())
+	r.Use(middleware.JWTAuth(true))
 	r.GET("/info", Info)
 }
diff --git a/service/event/info.go b/service/event/info.go
index 3ee8d23..b9ede68 100644
--- a/service/event/info.go
+++ b/service/event/info.go
@@ -11,26 +11,20 @@ func Info(c *gin.Context) {
 	eventData := new(data.Event)
 	eventIdOrig, ok := c.GetQuery("event_id")
 	if !ok {
-		c.JSON(400, gin.H{
-			"status": "undefinded event id",
-		})
+		c.JSON(400, gin.H{"status": "undefinded event id"})
 		return
 	}
 
 	// Parse event id
 	eventId, err := uuid.Parse(eventIdOrig)
 	if err != nil {
-		c.JSON(500, gin.H{
-			"status": "error parsing string to uuid",
-		})
+		c.JSON(500, gin.H{"status": "error parsing string to uuid"})
 		return
 	}
 
 	event, err := eventData.GetEventById(eventId)
 	if err != nil {
-		c.JSON(404, gin.H{
-			"status": "event id not found",
-		})
+		c.JSON(404, gin.H{"status": "event id not found"})
 		return
 	}
 
diff --git a/service/user/checkin.go b/service/user/checkin.go
index f9c8dfa..73025b2 100644
--- a/service/user/checkin.go
+++ b/service/user/checkin.go
@@ -11,69 +11,51 @@ func Checkin(c *gin.Context) {
 	data := new(data.Attendance)
 	userIdOrig, ok := c.Get("user_id")
 	if !ok {
-		c.JSON(401, gin.H{
-			"status": "unauthorized",
-		})
+		c.JSON(403, gin.H{"status": "userid error"})
 		return
 	}
 	userId, err := uuid.Parse(userIdOrig.(string))
 	if err != nil {
-		c.JSON(500, gin.H{
-			"status": "failed to parse uuid",
-		})
+		c.JSON(500, gin.H{"status": "failed to parse uuid"})
 	}
 
 	// Get event id from query
 	eventIdOrig, ok := c.GetQuery("event_id")
 	if !ok {
-		c.JSON(400, gin.H{
-			"status": "undefinded event id",
-		})
+		c.JSON(400, gin.H{"status": "undefinded event id"})
 		return
 	}
 
 	// Parse event id to uuid
 	eventId, err := uuid.Parse(eventIdOrig)
 	if err != nil {
-		c.JSON(500, gin.H{
-			"status": "error parsing string to uuid",
-		})
+		c.JSON(500, gin.H{"status": "error parsing string to uuid"})
 		return
 	}
 	data.UserId = userId
 	code, err := data.GenCheckinCode(eventId)
 	if err != nil {
-		c.JSON(500, gin.H{
-			"status": "error generating code",
-		})
+		c.JSON(500, gin.H{"status": "error generating code"})
 		return
 	}
 
-	c.JSON(200, gin.H{
-		"checkin_code": code,
-	})
+	c.JSON(200, gin.H{"checkin_code": code})
 }
 
 func CheckinSubmit(c *gin.Context) {
 	userIdOrig, ok := c.Get("user_id")
-	if !ok {
-		c.JSON(403, gin.H{
-			"status": "unauthorized",
-		})
+	if userIdOrig.(string) == "" || !ok {
+		c.JSON(401, gin.H{"status": "unauthorized"})
 	}
 	userId, err := uuid.Parse(userIdOrig.(string))
 	if err != nil {
-		c.JSON(500, gin.H{
-			"status": "failed to parse uuid",
-		})
+		c.JSON(500, gin.H{"status": "failed to parse uuid"})
 	}
 
 	userData := new(data.User)
 	userData.GetByUserId(userId)
 	if userData.PermissionLevel <= 20 {
-		c.JSON(403, gin.H{
-			"status": "access denied",
-		})
+		c.JSON(403, gin.H{"status": "access denied"})
 		return
 	}
 
@@ -85,13 +67,9 @@ func CheckinSubmit(c *gin.Context) {
 	attendanceData := new(data.Attendance)
 	err = attendanceData.VerifyCheckinCode(req.ChekinCode)
 	if err != nil {
-		c.JSON(400, gin.H{
-			"status": "error verify checkin code",
-		})
+		c.JSON(400, gin.H{"status": "error verify checkin code"})
 		return
 	}
 
-	c.JSON(200, gin.H{
-		"status": "success",
-	})
+	c.JSON(200, gin.H{"status": "success"})
 }
diff --git a/service/user/handler.go b/service/user/handler.go
index 3711f1e..1af4338 100644
--- a/service/user/handler.go
+++ b/service/user/handler.go
@@ -7,7 +7,7 @@ import (
 )
 
 func Handler(r *gin.RouterGroup) {
-	r.Use(middleware.JWTAuth())
+	r.Use(middleware.JWTAuth(true))
 	r.GET("/info", Info)
 	r.GET("/checkin", Checkin)
 	r.POST("/checkin/submit", CheckinSubmit)
diff --git a/service/user/info.go b/service/user/info.go
index 068f796..eb38f71 100644
--- a/service/user/info.go
+++ b/service/user/info.go
@@ -11,24 +11,18 @@ func Info(c *gin.Context) {
 	userData := new(data.User)
 	userIdOrig, ok := c.Get("user_id")
 	if !ok {
-		c.JSON(404, gin.H{
-			"status": "user not found",
-		})
+		c.JSON(403, gin.H{"status": "userid error"})
 		return
 	}
 	userId, err := uuid.Parse(userIdOrig.(string))
 	if err != nil {
-		c.JSON(500, gin.H{
-			"status": "failed to parse uuid",
-		})
+		c.JSON(500, gin.H{"status": "failed to parse uuid"})
 	}
 
 	// Get user from database
 	user, err := userData.GetByUserId(userId)
 	if err != nil {
-		c.JSON(404, gin.H{
-			"status": "user not found",
-		})
+		c.JSON(404, gin.H{"status": "user not found"})
 		return
 	}
 
diff --git a/service/user/list.go b/service/user/list.go
index 2f3f206..33dadfa 100644
--- a/service/user/list.go
+++ b/service/user/list.go
@@ -17,34 +17,26 @@ func List(c *gin.Context) {
 	}
 	offset, ok := c.GetQuery("offset")
 	if !ok {
-		c.JSON(400, gin.H{
-			"status": "offset not found",
-		})
+		c.JSON(400, gin.H{"status": "offset not found"})
 		return
 	}
 
 	// Parse string to int64
 	limitNum, err := strconv.ParseInt(limit, 10, 64)
 	if err != nil {
-		c.JSON(400, gin.H{
-			"status": "parse string to int error",
-		})
+		c.JSON(400, gin.H{"status": "parse string to int error"})
 		return
 	}
 	offsetNum, err := strconv.ParseInt(offset, 10, 64)
 	if err != nil {
-		c.JSON(400, gin.H{
-			"status": "parse string to int error",
-		})
+		c.JSON(400, gin.H{"status": "parse string to int error"})
 		return
 	}
 
 	// Get user list from search engine
 	list, err := data.FastListUsers(limitNum, offsetNum)
 	if err != nil {
-		c.JSON(500, gin.H{
-			"status": "failed list users from meilisearch",
-		})
+		c.JSON(500, gin.H{"status": "failed list users from meilisearch"})
 	}
 	c.JSON(200, list)
 }
diff --git a/service/user/query.go b/service/user/query.go
index b01eaaf..f7787bc 100644
--- a/service/user/query.go
+++ b/service/user/query.go
@@ -10,7 +10,7 @@ import (
 func Query(c *gin.Context) {
 	userIdOrig, ok := c.Get("user_id")
 	if !ok {
-		c.JSON(400, gin.H{"status": "could not found user_id"})
+		c.JSON(403, gin.H{"status": "userid error"})
 		return
 	}
 	userId, err := uuid.Parse(userIdOrig.(string))
@@ -44,7 +44,5 @@ func Query(c *gin.Context) {
 		return
 	}
 
-	c.JSON(200, gin.H{
-		"checkin_at": attendance.CheckinAt,
-	})
+	c.JSON(200, gin.H{"checkin_at": attendance.CheckinAt})
 }
diff --git a/service/user/update.go b/service/user/update.go
index fe395db..ca842f0 100644
--- a/service/user/update.go
+++ b/service/user/update.go
@@ -8,33 +8,27 @@ import (
 )
 
 func Update(c *gin.Context) {
-	var ReqInfo data.User
-	c.BindJSON(&ReqInfo)
-
 	// New user model
 	user := new(data.User)
 	userIdOrig, ok := c.Get("user_id")
 	if !ok {
-		c.JSON(403, gin.H{
-			"status": "can not found user id",
-		})
+		c.JSON(403, gin.H{"status": "userid error"})
 		return
 	}
 	userId, err := uuid.Parse(userIdOrig.(string))
 	if err != nil {
-		c.JSON(500, gin.H{
-			"status": "failed to parse uuid",
-		})
+		c.JSON(500, gin.H{"status": "failed to parse uuid"})
 	}
 
+	var ReqInfo data.User
+	c.BindJSON(&ReqInfo)
+
 	// Get user info
 	user.GetByUserId(userId)
 
 	// Reject permission 0 user
 	if user.PermissionLevel == 0 {
-		c.JSON(403, gin.H{
-			"status": "premission denied",
-		})
+		c.JSON(403, gin.H{"status": "premission denied"})
 		return
 	}
 
@@ -46,7 +40,5 @@ func Update(c *gin.Context) {
 	// Update user info
 	user.UpdateByUserID(userId)
 
-	c.JSON(200, gin.H{
-		"status": "success",
-	})
+	c.JSON(200, gin.H{"status": "success"})
 }