diff --git a/core/api.go b/core/api.go index 4b8a349..c46890a 100644 --- a/core/api.go +++ b/core/api.go @@ -74,40 +74,8 @@ func (fd *FileDocumentDesc) Save() error { return err } -func (caller apiCaller) isAdmin() bool { - if *devflag { - return true - } - - v, ok := caller.userinfo["email"] - if !ok { - logger.Println("isVaidUser failed. email is missing :", caller.userinfo) - return false - } - - email := v.(string) - if _, ok := caller.globalAdmins[email]; ok { - return true - } - - return caller.mg.service().isAdmin(email) -} - -func (caller apiCaller) isAdminOrValidToken() bool { - if caller.isAdmin() { - return true - } - - return caller.mg.service().isValidToken(caller.apiToken) -} - func (caller apiCaller) filesAPI(w http.ResponseWriter, r *http.Request) error { if r.Method == "GET" { - // if !caller.isAdminOrValidToken() { - // w.WriteHeader(http.StatusUnauthorized) - // return nil - // } - allfiles, err := caller.mg.mongoClient.All(CollectionFile, options.Find().SetProjection(bson.M{ "contents": 0, }).SetReturnKey(false)) @@ -126,11 +94,6 @@ func (caller apiCaller) filesAPI(w http.ResponseWriter, r *http.Request) error { return nil } - // if !caller.isAdminOrValidToken() { - // w.WriteHeader(http.StatusUnauthorized) - // return nil - // } - _, err := caller.mg.mongoClient.Delete(CollectionFile, bson.M{ "key": key, }) @@ -208,7 +171,6 @@ func (caller apiCaller) uploadAPI(w http.ResponseWriter, r *http.Request) error func (caller apiCaller) whitelistAPI(w http.ResponseWriter, r *http.Request) error { mg := caller.mg - queryvals := r.URL.Query() if r.Method == "GET" { // if !caller.isAdminOrValidToken() { // logger.Println("whitelistAPI failed. not vaild user :", r.Method, caller.userinfo) @@ -256,7 +218,7 @@ func (caller apiCaller) whitelistAPI(w http.ResponseWriter, r *http.Request) err return err } } else if r.Method == "DELETE" { - id := queryvals.Get("id") + id := r.FormValue("id") if len(id) == 0 { return errors.New("id param is missing") } diff --git a/core/maingate.go b/core/maingate.go index 52ccc8a..f92977a 100644 --- a/core/maingate.go +++ b/core/maingate.go @@ -429,7 +429,7 @@ func (mg *Maingate) prepare(context context.Context) (err error) { return nil } -func whitelistKey(email string) string { +func whitelistKey(email string, platform string) string { if strings.HasPrefix(email, "*@") { // 도메인 전체 허용 return email[2:] diff --git a/core/service.go b/core/service.go index c78ca0e..0175f37 100644 --- a/core/service.go +++ b/core/service.go @@ -27,8 +27,6 @@ type blockinfo struct { Reason string `bson:"reason" json:"reason"` } -type whitelistMemberTag = string - type whitelistmember struct { Email string `bson:"email" json:"email"` Platform string `bson:"platform" json:"platform"` @@ -53,7 +51,7 @@ type usertokeninfo struct { func (wl *whitelist) init(total []whitelistmember) { all := make(map[string]*whitelistmember) for _, member := range total { - all[whitelistKey(member.Email)] = &member + all[whitelistKey(member.Email, member.Platform)] = &member } atomic.StorePointer(&wl.emailptr, unsafe.Pointer(&all)) } @@ -66,11 +64,11 @@ func addToUnsafePointer(to *unsafe.Pointer, m *whitelistmember) { for k, v := range *src { next[k] = v } - next[whitelistKey(m.Email)] = m + next[whitelistKey(m.Email, m.Platform)] = m atomic.StorePointer(to, unsafe.Pointer(&next)) } -func removeFromUnsafePointer(from *unsafe.Pointer, email string) { +func removeFromUnsafePointer(from *unsafe.Pointer, email string, platform string) { ptr := atomic.LoadPointer(from) src := (*map[string]*whitelistmember)(ptr) @@ -78,7 +76,7 @@ func removeFromUnsafePointer(from *unsafe.Pointer, email string) { for k, v := range *src { next[k] = v } - delete(next, whitelistKey(email)) + delete(next, whitelistKey(email, platform)) atomic.StorePointer(from, unsafe.Pointer(&next)) } @@ -86,18 +84,16 @@ func (wl *whitelist) add(m *whitelistmember) { addToUnsafePointer(&wl.emailptr, m) } -func (wl *whitelist) remove(email string) { - removeFromUnsafePointer(&wl.emailptr, email) +func (wl *whitelist) remove(email string, platform string) { + removeFromUnsafePointer(&wl.emailptr, email, platform) } func (wl *whitelist) isMember(email string, platform string) bool { ptr := atomic.LoadPointer(&wl.emailptr) src := *(*map[string]*whitelistmember)(ptr) - if member, exists := src[whitelistKey(email)]; exists { - return member.Platform == platform - } - return false + _, exists := src[whitelistKey(email, platform)] + return exists } type DivisionStateName string @@ -559,18 +555,6 @@ func (sh *serviceDescription) linkinfo(w http.ResponseWriter, r *http.Request) { } -func (sh *serviceDescription) isAdmin(email string) bool { - ptr := atomic.LoadPointer(&sh.admins) - admins := *(*[]string)(ptr) - - for _, a := range admins { - if a == email { - return true - } - } - return false -} - func (sh *serviceDescription) authorize(w http.ResponseWriter, r *http.Request) { defer func() { s := recover() diff --git a/core/watch.go b/core/watch.go index 3e6c30e..14c4529 100644 --- a/core/watch.go +++ b/core/watch.go @@ -112,7 +112,7 @@ func (mg *Maingate) watchWhitelistCollection(parentctx context.Context) { case "update": if data.Member.Expired != 0 { logger.Println("whitelist member is removed :", *data.Member) - mg.service().wl.remove(data.Member.Email) + mg.service().wl.remove(data.Member.Email, data.Member.Platform) } else { logger.Println("whitelist member is updated :", *data.Member) mg.service().wl.add(data.Member)