ayo/maingate
8
1
Fork 3
Code Issues Pull Requests Projects Releases Wiki Activity

api 호출 권한 일단 보류

Browse Source
This commit is contained in:
mountain
2023-06-20 15:49:50 +09:00
parent 8d9b975234
commit 6db196df28
1 changed files with 29 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
core/api.go
View File

@ -104,10 +104,10 @@ func (caller apiCaller) isAdminOrValidToken() bool {
func (caller apiCaller) filesAPI(w http.ResponseWriter, r *http.Request) error { func (caller apiCaller) filesAPI(w http.ResponseWriter, r *http.Request) error {
if r.Method == "GET" { if r.Method == "GET" {
if !caller.isAdminOrValidToken() { // if !caller.isAdminOrValidToken() {
w.WriteHeader(http.StatusUnauthorized) // w.WriteHeader(http.StatusUnauthorized)
return nil // return nil
} // }
allfiles, err := caller.mg.mongoClient.All(CollectionFile, options.Find().SetProjection(bson.M{ allfiles, err := caller.mg.mongoClient.All(CollectionFile, options.Find().SetProjection(bson.M{
"contents": 0, "contents": 0,
@ -127,10 +127,10 @@ func (caller apiCaller) filesAPI(w http.ResponseWriter, r *http.Request) error {
return nil return nil
} }
if !caller.isAdminOrValidToken() { // if !caller.isAdminOrValidToken() {
w.WriteHeader(http.StatusUnauthorized) // w.WriteHeader(http.StatusUnauthorized)
return nil // return nil
} // }
_, err := caller.mg.mongoClient.Delete(CollectionFile, bson.M{ _, err := caller.mg.mongoClient.Delete(CollectionFile, bson.M{
"key": key, "key": key,
@ -211,17 +211,13 @@ func (caller apiCaller) whitelistAPI(w http.ResponseWriter, r *http.Request) err
mg := caller.mg mg := caller.mg
queryvals := r.URL.Query() queryvals := r.URL.Query()
if r.Method == "GET" { if r.Method == "GET" {
service := queryvals.Get("service") // if !caller.isAdminOrValidToken() {
if len(service) > 0 { // logger.Println("whitelistAPI failed. not vaild user :", r.Method, caller.userinfo)
if !caller.isAdminOrValidToken() { // w.WriteHeader(http.StatusUnauthorized)
logger.Println("whitelistAPI failed. not vaild user :", r.Method, caller.userinfo) // return nil
w.WriteHeader(http.StatusUnauthorized) // }
return nil
}
all, err := mg.mongoClient.FindAll(CollectionWhitelist, bson.M{ all, err := mg.mongoClient.All(CollectionWhitelist)
"service": service,
})
if err != nil { if err != nil {
return err return err
} }
@ -236,9 +232,6 @@ func (caller apiCaller) whitelistAPI(w http.ResponseWriter, r *http.Request) err
allraw, _ := json.Marshal(notexp) allraw, _ := json.Marshal(notexp)
w.Write(allraw) w.Write(allraw)
} }
} else {
logger.Println("service param is missing")
}
} else if r.Method == "PUT" { } else if r.Method == "PUT" {
body, _ := io.ReadAll(r.Body) body, _ := io.ReadAll(r.Body)
var member whitelistmember var member whitelistmember
@ -246,11 +239,11 @@ func (caller apiCaller) whitelistAPI(w http.ResponseWriter, r *http.Request) err
return err return err
} }
if !caller.isAdminOrValidToken() { // if !caller.isAdminOrValidToken() {
logger.Println("whitelistAPI failed. not vaild user :", r.Method, caller.userinfo) // logger.Println("whitelistAPI failed. not vaild user :", r.Method, caller.userinfo)
w.WriteHeader(http.StatusUnauthorized) // w.WriteHeader(http.StatusUnauthorized)
return nil // return nil
} // }
member.Expired = 0 member.Expired = 0