nixcn/nixcn-cms
1
0
Fork 1
Code Pull Requests Activity

Modify auth middleware
All checks were successful
Build Backend (NixCN CMS) TeamCity build finished
Details
Build Frontend (NixCN CMS) TeamCity build finished
Details

Browse Source 
Signed-off-by: Asai Neko <sugar@sne.moe>
This commit is contained in:
Asai Neko
2026-01-02 13:00:02 +08:00
parent bd8eecbc7d
commit 4dfd4cd529
10 changed files with 41 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
middleware/jwt.go
View File

@@ -6,7 +6,7 @@ import (
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
) )
func JWTAuth() gin.HandlerFunc { func JWTAuth(required bool) gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
auth := c.GetHeader("Authorization") auth := c.GetHeader("Authorization")
@@ -18,6 +18,12 @@ func JWTAuth() gin.HandlerFunc {
return return
} }
if required == true {
c.JSON(401, gin.H{"status": "unauthorized"})
c.Next()
return
}
if uid == "" { if uid == "" {
c.Set("user_id", "") c.Set("user_id", "")
c.Next() c.Next()

4
service/auth/magic.go
View File

@@ -112,9 +112,7 @@ func VerifyMagicLink(c *gin.Context) {
} }
accessToken, refreshToken, err := JwtTool.IssueTokens(user.UserId) accessToken, refreshToken, err := JwtTool.IssueTokens(user.UserId)
if err != nil { if err != nil {
c.JSON(500, gin.H{ c.JSON(500, gin.H{"status": "error generating tokens"})
"status": "error generating tokens",
})
return return
} }

2
service/event/handler.go
View File

@@ -7,6 +7,6 @@ import (
) )
func Handler(r *gin.RouterGroup) { func Handler(r *gin.RouterGroup) {
r.Use(middleware.JWTAuth()) r.Use(middleware.JWTAuth(true))
r.GET("/info", Info) r.GET("/info", Info)
} }

12
service/event/info.go
View File

@@ -11,26 +11,20 @@ func Info(c *gin.Context) {
eventData := new(data.Event) eventData := new(data.Event)
eventIdOrig, ok := c.GetQuery("event_id") eventIdOrig, ok := c.GetQuery("event_id")
if !ok { if !ok {
c.JSON(400, gin.H{ c.JSON(400, gin.H{"status": "undefinded event id"})
"status": "undefinded event id",
})
return return
} }
// Parse event id // Parse event id
eventId, err := uuid.Parse(eventIdOrig) eventId, err := uuid.Parse(eventIdOrig)
if err != nil { if err != nil {
c.JSON(500, gin.H{ c.JSON(500, gin.H{"status": "error parsing string to uuid"})
"status": "error parsing string to uuid",
})
return return
} }
event, err := eventData.GetEventById(eventId) event, err := eventData.GetEventById(eventId)
if err != nil { if err != nil {
c.JSON(404, gin.H{ c.JSON(404, gin.H{"status": "event id not found"})
"status": "event id not found",
})
return return
} }

46
service/user/checkin.go
View File

@@ -11,69 +11,51 @@ func Checkin(c *gin.Context) {
data := new(data.Attendance) data := new(data.Attendance)
userIdOrig, ok := c.Get("user_id") userIdOrig, ok := c.Get("user_id")
if !ok { if !ok {
c.JSON(401, gin.H{ c.JSON(403, gin.H{"status": "userid error"})
"status": "unauthorized",
})
return return
} }
userId, err := uuid.Parse(userIdOrig.(string)) userId, err := uuid.Parse(userIdOrig.(string))
if err != nil { if err != nil {
c.JSON(500, gin.H{ c.JSON(500, gin.H{"status": "failed to parse uuid"})
"status": "failed to parse uuid",
})
} }
// Get event id from query // Get event id from query
eventIdOrig, ok := c.GetQuery("event_id") eventIdOrig, ok := c.GetQuery("event_id")
if !ok { if !ok {
c.JSON(400, gin.H{ c.JSON(400, gin.H{"status": "undefinded event id"})
"status": "undefinded event id",
})
return return
} }
// Parse event id to uuid // Parse event id to uuid
eventId, err := uuid.Parse(eventIdOrig) eventId, err := uuid.Parse(eventIdOrig)
if err != nil { if err != nil {
c.JSON(500, gin.H{ c.JSON(500, gin.H{"status": "error parsing string to uuid"})
"status": "error parsing string to uuid",
})
return return
} }
data.UserId = userId data.UserId = userId
code, err := data.GenCheckinCode(eventId) code, err := data.GenCheckinCode(eventId)
if err != nil { if err != nil {
c.JSON(500, gin.H{ c.JSON(500, gin.H{"status": "error generating code"})
"status": "error generating code",
})
return return
} }
c.JSON(200, gin.H{ c.JSON(200, gin.H{"checkin_code": code})
"checkin_code": code,
})
} }
func CheckinSubmit(c *gin.Context) { func CheckinSubmit(c *gin.Context) {
userIdOrig, ok := c.Get("user_id") userIdOrig, ok := c.Get("user_id")
if !ok { if userIdOrig.(string) == "" || !ok {
c.JSON(403, gin.H{ c.JSON(401, gin.H{"status": "unauthorized"})
"status": "unauthorized",
})
} }
userId, err := uuid.Parse(userIdOrig.(string)) userId, err := uuid.Parse(userIdOrig.(string))
if err != nil { if err != nil {
c.JSON(500, gin.H{ c.JSON(500, gin.H{"status": "failed to parse uuid"})
"status": "failed to parse uuid",
})
} }
userData := new(data.User) userData := new(data.User)
userData.GetByUserId(userId) userData.GetByUserId(userId)
if userData.PermissionLevel <= 20 { if userData.PermissionLevel <= 20 {
c.JSON(403, gin.H{ c.JSON(403, gin.H{"status": "access denied"})
"status": "access denied",
})
return return
} }
@@ -85,13 +67,9 @@ func CheckinSubmit(c *gin.Context) {
attendanceData := new(data.Attendance) attendanceData := new(data.Attendance)
err = attendanceData.VerifyCheckinCode(req.ChekinCode) err = attendanceData.VerifyCheckinCode(req.ChekinCode)
if err != nil { if err != nil {
c.JSON(400, gin.H{ c.JSON(400, gin.H{"status": "error verify checkin code"})
"status": "error verify checkin code",
})
return return
} }
c.JSON(200, gin.H{ c.JSON(200, gin.H{"status": "success"})
"status": "success",
})
} }

2
service/user/handler.go
View File

@@ -7,7 +7,7 @@ import (
) )
func Handler(r *gin.RouterGroup) { func Handler(r *gin.RouterGroup) {
r.Use(middleware.JWTAuth()) r.Use(middleware.JWTAuth(true))
r.GET("/info", Info) r.GET("/info", Info)
r.GET("/checkin", Checkin) r.GET("/checkin", Checkin)
r.POST("/checkin/submit", CheckinSubmit) r.POST("/checkin/submit", CheckinSubmit)

12
service/user/info.go
View File

@@ -11,24 +11,18 @@ func Info(c *gin.Context) {
userData := new(data.User) userData := new(data.User)
userIdOrig, ok := c.Get("user_id") userIdOrig, ok := c.Get("user_id")
if !ok { if !ok {
c.JSON(404, gin.H{ c.JSON(403, gin.H{"status": "userid error"})
"status": "user not found",
})
return return
} }
userId, err := uuid.Parse(userIdOrig.(string)) userId, err := uuid.Parse(userIdOrig.(string))
if err != nil { if err != nil {
c.JSON(500, gin.H{ c.JSON(500, gin.H{"status": "failed to parse uuid"})
"status": "failed to parse uuid",
})
} }
// Get user from database // Get user from database
user, err := userData.GetByUserId(userId) user, err := userData.GetByUserId(userId)
if err != nil { if err != nil {
c.JSON(404, gin.H{ c.JSON(404, gin.H{"status": "user not found"})
"status": "user not found",
})
return return
} }

16
service/user/list.go
View File

@@ -17,34 +17,26 @@ func List(c *gin.Context) {
} }
offset, ok := c.GetQuery("offset") offset, ok := c.GetQuery("offset")
if !ok { if !ok {
c.JSON(400, gin.H{ c.JSON(400, gin.H{"status": "offset not found"})
"status": "offset not found",
})
return return
} }
// Parse string to int64 // Parse string to int64
limitNum, err := strconv.ParseInt(limit, 10, 64) limitNum, err := strconv.ParseInt(limit, 10, 64)
if err != nil { if err != nil {
c.JSON(400, gin.H{ c.JSON(400, gin.H{"status": "parse string to int error"})
"status": "parse string to int error",
})
return return
} }
offsetNum, err := strconv.ParseInt(offset, 10, 64) offsetNum, err := strconv.ParseInt(offset, 10, 64)
if err != nil { if err != nil {
c.JSON(400, gin.H{ c.JSON(400, gin.H{"status": "parse string to int error"})
"status": "parse string to int error",
})
return return
} }
// Get user list from search engine // Get user list from search engine
list, err := data.FastListUsers(limitNum, offsetNum) list, err := data.FastListUsers(limitNum, offsetNum)
if err != nil { if err != nil {
c.JSON(500, gin.H{ c.JSON(500, gin.H{"status": "failed list users from meilisearch"})
"status": "failed list users from meilisearch",
})
} }
c.JSON(200, list) c.JSON(200, list)
} }

6
service/user/query.go
View File

@@ -10,7 +10,7 @@ import (
func Query(c *gin.Context) { func Query(c *gin.Context) {
userIdOrig, ok := c.Get("user_id") userIdOrig, ok := c.Get("user_id")
if !ok { if !ok {
c.JSON(400, gin.H{"status": "could not found user_id"}) c.JSON(403, gin.H{"status": "userid error"})
return return
} }
userId, err := uuid.Parse(userIdOrig.(string)) userId, err := uuid.Parse(userIdOrig.(string))
@@ -44,7 +44,5 @@ func Query(c *gin.Context) {
return return
} }
c.JSON(200, gin.H{ c.JSON(200, gin.H{"checkin_at": attendance.CheckinAt})
"checkin_at": attendance.CheckinAt,
})
} }

22
service/user/update.go
View File

@@ -8,33 +8,27 @@ import (
) )
func Update(c *gin.Context) { func Update(c *gin.Context) {
var ReqInfo data.User
c.BindJSON(&ReqInfo)
// New user model // New user model
user := new(data.User) user := new(data.User)
userIdOrig, ok := c.Get("user_id") userIdOrig, ok := c.Get("user_id")
if !ok { if !ok {
c.JSON(403, gin.H{ c.JSON(403, gin.H{"status": "userid error"})
"status": "can not found user id",
})
return return
} }
userId, err := uuid.Parse(userIdOrig.(string)) userId, err := uuid.Parse(userIdOrig.(string))
if err != nil { if err != nil {
c.JSON(500, gin.H{ c.JSON(500, gin.H{"status": "failed to parse uuid"})
"status": "failed to parse uuid",
})
} }
var ReqInfo data.User
c.BindJSON(&ReqInfo)
// Get user info // Get user info
user.GetByUserId(userId) user.GetByUserId(userId)
// Reject permission 0 user // Reject permission 0 user
if user.PermissionLevel == 0 { if user.PermissionLevel == 0 {
c.JSON(403, gin.H{ c.JSON(403, gin.H{"status": "premission denied"})
"status": "premission denied",
})
return return
} }
@@ -46,7 +40,5 @@ func Update(c *gin.Context) {
// Update user info // Update user info
user.UpdateByUserID(userId) user.UpdateByUserID(userId)
c.JSON(200, gin.H{ c.JSON(200, gin.H{"status": "success"})
"status": "success",
})
} }