diff --git a/api/api.go b/api/api.go index 3b1ac1d..683cd4b 100644 --- a/api/api.go +++ b/api/api.go @@ -5,7 +5,9 @@ import ( "crypto/rand" "encoding/base32" "flag" + "log" "net/http" + "os" jwt "github.com/dgrijalva/jwt-go" "github.com/jinzhu/gorm" @@ -206,6 +208,26 @@ func basicRoutes(router *chi.Mux) { }) } +func initDevGetter(router chi.Router) { + env := os.Getenv("POPCUBE_API_ENV") + if env == "prod" || env == "test" || env == "beta" || env == "alpha" || env == "production" { + return + } + log.Print("<><><><><><><> Using DEV routes <><><><><><><> \n") + router.Route("/devgetters", func(r chi.Router) { + r.Get("/avatar", getAllAvatar) + r.Get("/channel", getAllChannel) + r.Get("/emoji", getAllEmoji) + r.Get("/folder", getAllFolder) + r.Get("/member", getAllMember) + r.Get("/message", getAllMessage) + r.Get("/organisation", getAllOrganisation) + r.Get("/parameter", getAllParameter) + r.Get("/role", getAllRole) + r.Get("/user", getAllUser) + }) +} + // loginMiddleware login funcion providing user && jwt auth token func loginMiddleware(w http.ResponseWriter, r *http.Request) { var data struct { @@ -291,7 +313,7 @@ func StartAPI(hostname string, port string, DbConnectionInfo *configs.DbConnecti initParameterRoute(router) initRoleRoute(router) initUserRoute(router) - + initDevGetter(router) // Passing -routes to the program will generate docs for the above // router definition. See the `routes.json` file in this folder for // the output. diff --git a/api/user_route.go b/api/user_route.go index e08191d..6d1a3f0 100644 --- a/api/user_route.go +++ b/api/user_route.go @@ -244,12 +244,15 @@ func userContext(next http.Handler) http.Handler { }) } -func canManageUser(place string, token *jwt.Token) bool { +func canManageUser(place string, self bool, currentUser string, token *jwt.Token) bool { store := datastores.Store() db := dbStore.db userName := token.Claims.(jwt.MapClaims)["name"].(string) user := store.User().GetByUserName(userName, db) userRights := store.Role().GetByID(user.IDRole, db) + if self && currentUser == userName { + return true + } if place == "organisation" || place == "global" { haveGlobalManageRight, ok := token.Claims.(jwt.MapClaims)["canManageUser"].(bool) log.Print(haveGlobalManageRight) @@ -384,7 +387,9 @@ func newUser(w http.ResponseWriter, r *http.Request) { OmitID interface{} `json:"id,omitempty"` } store := datastores.Store() - if !canManageUser("global", r.Context().Value(jwtTokenKey).(*jwt.Token)) { + token := r.Context().Value(jwtTokenKey).(*jwt.Token) + if !canManageUser("global", false, "", token) { + res := error401 res.Message = "You don't have the right to manage user." render.JSON(w, error401.StatusCode, error401) @@ -421,8 +426,8 @@ func inviteUser(w http.ResponseWriter, r *http.Request) { organisation := store.Organisation().Get(db) response := inviteOk{} request := r.Body - - if !canManageUser("global", r.Context().Value(jwtTokenKey).(*jwt.Token)) { + token := r.Context().Value(jwtTokenKey).(*jwt.Token) + if !canManageUser("global", false, "", token) { res := error401 res.Message = "You don't have the right to manage user." render.JSON(w, error401.StatusCode, error401) @@ -461,8 +466,7 @@ func updateUser(w http.ResponseWriter, r *http.Request) { err := chiRender.Bind(request, &data) user := r.Context().Value(oldUserKey).(models.User) token := r.Context().Value(jwtTokenKey).(*jwt.Token) - self := token.Claims.(jwt.MapClaims)["user"].(string) == user.Username - if !self && !canManageUser("global", token) { + if !canManageUser("global", true, user.Username, token) { res := error401 res.Message = "You don't have the right to manage user." render.JSON(w, error401.StatusCode, error401) @@ -488,8 +492,7 @@ func deleteUser(w http.ResponseWriter, r *http.Request) { user := r.Context().Value(oldUserKey).(models.User) store := datastores.Store() token := r.Context().Value(jwtTokenKey).(*jwt.Token) - self := token.Claims.(jwt.MapClaims)["user"].(string) == user.Username - if !self && !canManageUser("global", token) { + if !canManageUser("global", true, user.Username, token) { res := error401 res.Message = "You don't have the right to manage user." render.JSON(w, error401.StatusCode, error401) diff --git a/scripts/init.sql b/scripts/init.sql index 7783e11..13abe2a 100644 --- a/scripts/init.sql +++ b/scripts/init.sql @@ -147,13 +147,6 @@ CREATE TABLE IF NOT EXISTS `popcube_test`.`members` ( ENGINE = InnoDB COMMENT = 'Store information about member of organisation.'; -CREATE UNIQUE INDEX `User_UNIQUE` ON `popcube_test`.`members` (`idUser` ASC); - -CREATE UNIQUE INDEX `Role_UNIQUE` ON `popcube_test`.`members` (`idRole` ASC); - -CREATE UNIQUE INDEX `channel_UNIQUE` ON `popcube_test`.`members` (`idChannel` ASC); - - -- ----------------------------------------------------- -- Table `popcube_test`.`messages` -- ----------------------------------------------------- diff --git a/scripts/init_values.sql b/scripts/init_values.sql index 1abb245..aac6042 100644 --- a/scripts/init_values.sql +++ b/scripts/init_values.sql @@ -6,7 +6,116 @@ INSERT INTO roles (roleName, canUsePrivate, canModerate, canArchive, canInvite, VALUES ("admin", true, true, true, true, true, true); INSERT INTO roles (roleName, canUsePrivate, canModerate, canArchive, canInvite, canManage, canManageUser) -VALUES ("standart", true, true, true, false, false, false); +VALUES ("standard", true, true, true, false, false, false); INSERT INTO roles (roleName, canUsePrivate, canModerate, canArchive, canInvite, canManage, canManageUser) -VALUES ("guest", false, false, false, false, false, false); \ No newline at end of file +VALUES ("guest", false, false, false, false, false, false); + +-- CHANNEL INITIALISATION ------------------------------------------------------------------------ +INSERT INTO channels (webId, channelName, type, lastUpdate, private, avatar, description, subject) +VALUES ("generaltextchannel", "general", "text", 1, false, "defaultAvatar", "Speak on general subjects", "General"); + +INSERT INTO channels (webId, channelName, type, lastUpdate, private, avatar,description) +VALUES ("randomtextchannel", "random", "text", 1, false, "defaultAvatar","Speak about any thing"); + +INSERT INTO channels (webId, channelName, type, lastUpdate, private, avatar) +VALUES ("generalvocchannel", "general - voc", "audio", 1, false, "defaultAvatar"); + +INSERT INTO channels (webId, channelName, type, lastUpdate, private, avatar) +VALUES ("randomvocchannel", "random - voc", "audio", 1, false, "defaultAvatar"); + +INSERT INTO channels (webId, channelName, type, lastUpdate, private, avatar) +VALUES ("generalvidchannel", "general - vid", "video", 1, false, "defaultAvatar"); + +INSERT INTO channels (webId, channelName, type, lastUpdate, private, avatar) +VALUES ("randomvidchannel", "random - vid", "video", 1, false, "defaultAvatar"); + +-- PARMETER INITIALISATION ------------------------------------------------------------------------ +INSERT INTO parameters (local, timeZone) +VALUES ("en_EN", "UTC-1"); + +-- UNCOMMENT THE FOLLOWINGS FOR LOCAL DEV TEST --------------------------------------------------- + +-- USER INITIALISATION <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> +INSERT INTO users (webId, userName, email, lastUpdate, password, idRole, avatar, nickName, firstName, lastName) +VALUES ("TestUserOwner", "devowner", "devowner@popcube.xyz", 1105154015461, "$2a$10$IU8oU9dseYZytHcr54VXj.H9tX78hS2xUuPrzMeVN6rFG7k89i6EW", 1, "user/owned.svg", "owner", "owner", "dev"); + + +INSERT INTO users (webId, userName, email, lastUpdate, password, idRole, avatar, nickName, firstName, lastName) +VALUES ("TestUserAdmin", "devadmin", "devadmin@popcube.xyz", 1105154015461, "$2a$10$IU8oU9dseYZytHcr54VXj.H9tX78hS2xUuPrzMeVN6rFG7k89i6EW", 2, "user/avatar.svg", "admin", "admin", "dev"); + +INSERT INTO users (webId, userName, email, lastUpdate, password, idRole, avatar, nickName, firstName, lastName) +VALUES ("TestUserStandard", "devstandard", "devstandard@popcube.xyz", 1105154015461, "$2a$10$IU8oU9dseYZytHcr54VXj.H9tX78hS2xUuPrzMeVN6rFG7k89i6EW", 3, "user/avatar.svg", "standard", "standard", "dev"); + +INSERT INTO users (webId, userName, email, lastUpdate, password, idRole, avatar, nickName, firstName, lastName) +VALUES ("TestUserGuest", "devguest", "devguest@popcube.xyz", 1105154015461, "$2a$10$IU8oU9dseYZytHcr54VXj.H9tX78hS2xUuPrzMeVN6rFG7k89i6EW", 4, "user/avatar.svg", "guest", "guest", "dev"); + +-- ORGANISATION INITIALISATION <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> +INSERT INTO organisations (dockerStack, organisationName, description, avatar, domain) +VALUES (1, "Popcube Dev", "Test for popcube", "popcube.svg", "popcubedev.popbcube.xyz"); + +-- MEMBERS INITITIALISATION <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> +INSERT INTO members (idUser, idChannel) +VALUES (1, 1); +INSERT INTO members (idUser, idChannel) +VALUES (2, 1); +INSERT INTO members (idUser, idChannel) +VALUES (3, 1); +INSERT INTO members (idUser, idChannel) +VALUES (4, 1); + +INSERT INTO members (idUser, idChannel) +VALUES (1, 2); +INSERT INTO members (idUser, idChannel) +VALUES (2, 2); +INSERT INTO members (idUser, idChannel) +VALUES (3, 2); +INSERT INTO members (idUser, idChannel) +VALUES (4, 2); + +INSERT INTO members (idUser, idChannel) +VALUES (1, 3); +INSERT INTO members (idUser, idChannel, idRole) +VALUES (2, 3,3); +INSERT INTO members (idUser, idChannel) +VALUES (3, 3); +INSERT INTO members (idUser, idChannel) +VALUES (4, 3); + +INSERT INTO members (idUser, idChannel) +VALUES (1, 4); +INSERT INTO members (idUser, idChannel) +VALUES (2, 4); +INSERT INTO members (idUser, idChannel, idRole) +VALUES (3, 4, 2); +INSERT INTO members (idUser, idChannel) +VALUES (4, 4); + +-- MESSAGE INITIALISATION <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> +INSERT INTO messages (idUser, idChannel, date, content) +VALUES (1, 1, 10210541, "Test message."); +INSERT INTO messages (idUser, idChannel, date, content) +VALUES (1, 1, 10210542, ""); +INSERT INTO messages (idUser, idChannel, date, content) +VALUES (1, 1, 10210543, "Test message with folder."); + +-- FOLDER INITIALISATION <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> +INSERT INTO folders (idMessage, type, link, name) +VALUES (2, "txt", "folders/text.txt", "text"); + +INSERT INTO folders (idMessage) +VALUES (3); + +-- EMOJIS INITIALISATION <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> +INSERT INTO emojis (name, shortcut, link) +VALUE ("troll face", ":troll:", "emojis/troll.svg"); + +INSERT INTO emojis (name, shortcut, link) +VALUE ("love", "<3", "emojis/love.svg"); + +-- AVATARS INITIALISATION <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> +INSERT INTO avatars (name, link) +VALUE ("troll face", "emojis/troll.svg"); + +INSERT INTO avatars (name, link) +VALUE ("Strawberrie", "emojis/straw.svg"); \ No newline at end of file