opencourse.world / ocw-server
The server for Open Course World
fork atom
ocw-server / api / api.go
at main 75 lines 1.7 kB view raw
1package api 2 3import ( 4 "fmt" 5 "net/http" 6 "smm2_gameserver/config" 7 "smm2_gameserver/nex/datastore" 8 "smm2_gameserver/orm" 9 10 "github.com/gorilla/mux" 11 "gorm.io/gorm" 12) 13 14var jwtSecret []byte 15var db *gorm.DB 16var cfg *config.Config 17var router *mux.Router 18 19func GetUser(id int64) (orm.User, error) { 20 var user orm.User 21 result := db.Preload("Role").First(&user, "id = ?", id) 22 if result.Error != nil { 23 return user, result.Error 24 } 25 return user, nil 26} 27 28var eulaBypassPaths = map[string]bool{ 29 "/api/accept_eula": true, 30 "/api/auth/refresh": true, 31 "/api/user": true, 32 "/mm2": true, 33} 34 35func Secure(path string, handler func(http.ResponseWriter, *http.Request, orm.User)) *mux.Route { 36 return router.Handle(path, jwtMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 37 user, err := GetUser(getUserId(r)) 38 if err != nil { 39 reportError(w, r, err) 40 return 41 } 42 if !eulaBypassPaths[path] { 43 if !dataView.EulaAccepted(datastore.Pid(user.ID)) { 44 fmt.Println("EULA not accepted", user.ID) 45 w.WriteHeader(http.StatusForbidden) 46 return 47 } 48 } 49 handler(w, r, user) 50 }))) 51} 52 53func InsecureOpt(path string, handler func(http.ResponseWriter, *http.Request, *orm.User)) *mux.Route { 54 return router.Handle(path, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 55 newReq, err := readAuthHeaders(r) 56 57 if err != nil { 58 handler(w, r, nil) 59 return 60 } 61 62 user, err := GetUser(getUserId(newReq)) 63 64 if err != nil { 65 handler(w, r, nil) 66 return 67 } 68 69 handler(w, r, &user) 70 })) 71} 72 73func Insecure(path string, handler func(http.ResponseWriter, *http.Request)) *mux.Route { 74 return router.Handle(path, http.HandlerFunc(handler)) 75}