From ac7aa8c6e95023def1eba7615d8a42ad52271500 Mon Sep 17 00:00:00 2001 From: Vidhu Kant Sharma Date: Sun, 29 Jan 2023 20:11:09 +0530 Subject: checking password before editing/deleting user --- user/router.go | 87 +++------------------------------------------------------- 1 file changed, 4 insertions(+), 83 deletions(-) (limited to 'user/router.go') diff --git a/user/router.go b/user/router.go index 6e84185..ad9b4df 100644 --- a/user/router.go +++ b/user/router.go @@ -19,94 +19,15 @@ package user import ( "github.com/MikunoNaka/OpenBills-server/util" - "errors" "github.com/gin-gonic/gin" - "go.mongodb.org/mongo-driver/bson/primitive" - "go.mongodb.org/mongo-driver/mongo" - "log" - "net/http" ) - func Routes(route *gin.Engine) { u := route.Group("/user") { - u.GET("/", util.Authorize(), func(ctx *gin.Context) { - hex := ctx.MustGet("userId").(string) - id, err := primitive.ObjectIDFromHex(hex) - if err != nil { - ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - log.Printf("ERROR: Failed to modify user, Error parsing ID: %v\n", err.Error()) - return - } - - user, err := getUser(id) - if err != nil { - log.Printf("ERROR: Failed to read user %d info from DB: %v\n", id, err.Error()) - if errors.Is(err, mongo.ErrNoDocuments) { - ctx.AbortWithStatusJSON(http.StatusNotFound, gin.H{"error": err.Error()}) - } else { - ctx.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) - } - } - - ctx.JSON(http.StatusOK, user) - }) - - u.POST("/new", validateMiddleware(), func(ctx *gin.Context) { - u := ctx.MustGet("user").(User) - // TODO: maybe add an invite code for some instances - - _, err := saveUser(u) - if err != nil { - log.Printf("ERROR: Failed to add new user %v to DB: %v\n", u, err.Error()) - ctx.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": "could not login"}) - } - - log.Printf("Successfully saved new user to DB: %s", u.UserName) - ctx.JSON(http.StatusOK, nil) - }) - - u.PUT("/:userId", func(ctx *gin.Context) { - id := ctx.Param("userId") - objectId, err := primitive.ObjectIDFromHex(id) - if err != nil { - ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - log.Printf("ERROR: Failed to modify user, Error parsing ID: %v\n", err.Error()) - return - } - - var u User - ctx.BindJSON(&u) - err = modifyUser(objectId, u) - if err != nil { - ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) - log.Printf("ERROR: Failed to modify user %v: %v\n", objectId, err.Error()) - return - } - - log.Printf("Modified user %v to %v.\n", objectId, u) - ctx.JSON(http.StatusOK, nil) - }) - - u.DELETE("/:userId", func(ctx *gin.Context) { - id := ctx.Param("userId") - objectId, err := primitive.ObjectIDFromHex(id) - if err != nil { - ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - log.Printf("ERROR: Failed to delete user, Error parsing ID: %v\n", err.Error()) - return - } - - err = deleteUser(objectId) - if err != nil { - ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) - log.Printf("ERROR: Failed to delete user %v: %v\n", objectId, err.Error()) - return - } - - log.Printf("Deleted user %v from database.\n", objectId ) - ctx.JSON(http.StatusOK, nil) - }) + u.GET("/", util.Authorize(), getSelf) + u.POST("/new", validateMiddleware(), save) + u.PUT("/:userId", checkPassword(), modify) + u.DELETE("/:userId", checkPassword(), remove) } } -- cgit v1.2.3