Added support to fetch info on a single account

This commit is contained in:
Lilleman auf Larv 2021-01-04 16:29:58 +01:00
parent 7e90c8b66d
commit 91bb5b1d15
2 changed files with 48 additions and 3 deletions

View File

@ -2,7 +2,6 @@ package handlers
import (
"github.com/gofiber/fiber/v2"
log "github.com/sirupsen/logrus"
)
// Hello handler
@ -12,6 +11,18 @@ func (h Handlers) Hello(c *fiber.Ctx) error {
// AccountGet handler
func (h Handlers) AccountGet(c *fiber.Ctx) error {
log.WithFields(log.Fields{"accountID": c.Params("accountID")}).Debug("GETing account")
return c.SendString("Account ffs")
accountID := c.Params("accountID")
// logContext := log.WithFields(log.Fields{"accountID": accountID})
authErr := h.RequireAdminRoleOrAccountID(c, accountID)
if authErr != nil {
return c.Status(403).JSON([]ResJSONError{{Error: authErr.Error()}})
}
account, accountErr := h.Db.AccountGet(accountID, "")
if accountErr != nil {
return c.Status(500).JSON([]ResJSONError{{Error: accountErr.Error()}})
}
return c.JSON(account)
}

View File

@ -113,3 +113,37 @@ func (h Handlers) RequireAdminRole(c *fiber.Ctx) error {
return errors.New("No \"admin\" role found on account")
}
// RequireAdminRoleOrAccountID returns nil if no error is found
func (h Handlers) RequireAdminRoleOrAccountID(c *fiber.Ctx, accountID string) error {
headers := h.parseHeaders(c)
if headers["Authorization"] == "" {
return errors.New("Authorization header is missing")
}
claims, claimsErr := h.parseJWT(headers["Authorization"])
if claimsErr != nil {
return claimsErr
}
if claims.AccountID == accountID {
return nil
}
if claims.AccountFields == nil {
return errors.New("AccountID does not match and account have no fields at all")
}
if claims.AccountFields["role"] == nil {
return errors.New("AccountID does not match and account have no field named \"role\"")
}
for _, role := range claims.AccountFields["role"] {
if role == "admin" {
return nil
}
}
return errors.New("AccountID does not match and no \"admin\" role found on account")
}