From bff28a1109573d52076463bc42ccffb19107e92c Mon Sep 17 00:00:00 2001 From: Pasha Date: Wed, 23 Apr 2025 16:16:05 +0300 Subject: [PATCH] dont apply mw --- internal/app/app.go | 1 - internal/middleware/check_ownership/mw.go | 64 +++++++++++++---------- internal/server/http/http_server.go | 4 -- 3 files changed, 36 insertions(+), 33 deletions(-) diff --git a/internal/app/app.go b/internal/app/app.go index 8d4b906..ed4f786 100644 --- a/internal/app/app.go +++ b/internal/app/app.go @@ -149,7 +149,6 @@ func Run(ctx context.Context, cfg initialize.Config, build Build) error { Controllers: []http.Controller{controllers.HttpControllers.Account, controllers.HttpControllers.Telegram, controllers.HttpControllers.Result, controllers.HttpControllers.Question, controllers.HttpControllers.Quiz, controllers.HttpControllers.Statistic}, Hlogger: loggerHlog, - Dal: dalS.PgDAL, }) go func() { diff --git a/internal/middleware/check_ownership/mw.go b/internal/middleware/check_ownership/mw.go index bcb17ce..d44f97b 100644 --- a/internal/middleware/check_ownership/mw.go +++ b/internal/middleware/check_ownership/mw.go @@ -5,6 +5,7 @@ import ( "gitea.pena/SQuiz/common/dal" "gitea.pena/SQuiz/common/middleware" "github.com/gofiber/fiber/v2" + "regexp" "strconv" ) @@ -67,11 +68,8 @@ func (o *OwnerShip) CheckResult(ctx *fiber.Ctx) (bool, error) { return false, fiber.NewError(fiber.StatusUnauthorized, "account id is required") } - resultIDStr := ctx.Params("resultID") - if resultIDStr == "" { - return false, fiber.NewError(fiber.StatusBadRequest, "invalid resultID") - } - resultID, err := strconv.ParseUint(resultIDStr, 10, 64) + // todo интересная штука заметил что параметры на этапе промежуточного по не существует, оч сильно усложняет надо будет обдумать + resultID, err := strconv.ParseUint(ctx.Params("resultID"), 10, 64) if err != nil { return false, fiber.NewError(fiber.StatusBadRequest, "invalid result ID format") } @@ -115,26 +113,28 @@ func (o *OwnerShip) CheckStatistic(ctx *fiber.Ctx) (bool, error) { return true, nil } -var pathCheckMap = map[string]func(*OwnerShip, *fiber.Ctx) (bool, error){ - "POST /question/create": (*OwnerShip).CheckQuiz, // quiz_id - "POST /question/getList": (*OwnerShip).CheckQuiz, // quiz_id - "PATCH /question/edit": (*OwnerShip).CheckQuestion, // id - "POST /question/copy": (*OwnerShip).CheckQuiz, // quiz_id - "POST /question/history": (*OwnerShip).CheckQuestion, // id - "DELETE /question/delete": (*OwnerShip).CheckQuestion, // id +var pathCheckMap = map[*regexp.Regexp]func(*OwnerShip, *fiber.Ctx) (bool, error){ + regexp.MustCompile(`^POST /question/create$`): (*OwnerShip).CheckQuiz, // quiz_id + regexp.MustCompile(`^POST /question/getList$`): (*OwnerShip).CheckQuiz, // quiz_id + regexp.MustCompile(`^PATCH /question/edit$`): (*OwnerShip).CheckQuestion, // id + regexp.MustCompile(`^POST /question/copy$`): (*OwnerShip).CheckQuiz, // quiz_id + regexp.MustCompile(`^POST /question/history$`): (*OwnerShip).CheckQuestion, // id + regexp.MustCompile(`^DELETE /question/delete$`): (*OwnerShip).CheckQuestion, // id - "GET /result/:resultID": (*OwnerShip).CheckResult, // resultID в роуте (id ответа) - "POST /results/getResults/:quizID": (*OwnerShip).CheckQuiz, // quizID в роуте - "POST /results/:quizID/export": (*OwnerShip).CheckQuiz, // quizID в роуте + //regexp.MustCompile(`^GET /result/\d+$`): (*OwnerShip).CheckResult, // resultID в роуте (id ответа) + // todo POST /results/getResults/16675 + regexp.MustCompile(`^POST /results/getResults/\d+$`): (*OwnerShip).CheckQuiz, // quizID в роуте + // todo POST /results/16675/export + regexp.MustCompile(`^POST /results/\d+/export$`): (*OwnerShip).CheckQuiz, // quizID в роуте - // todo обсудить с Мишей - "POST /statistic/:quizID/devices": (*OwnerShip).CheckStatistic, - "POST /statistic/:quizID/general": (*OwnerShip).CheckStatistic, - "POST /statistic/:quizID/questions": (*OwnerShip).CheckStatistic, + // todo все роутф статистики клиентские + regexp.MustCompile(`^POST /statistic/\d+/devices$`): (*OwnerShip).CheckStatistic, + regexp.MustCompile(`^POST /statistic/\d+/general$`): (*OwnerShip).CheckStatistic, + regexp.MustCompile(`^POST /statistic/\d+/questions$`): (*OwnerShip).CheckStatistic, // пока не в приоритете todo - "DELETE /account/account/leadtarget/:id": (*OwnerShip).CheckLeadTarget, - "PUT /account/account/leadtarget": (*OwnerShip).CheckLeadTarget, + regexp.MustCompile(`^DELETE /account/account/leadtarget/\d+$`): (*OwnerShip).CheckLeadTarget, + regexp.MustCompile(`^PUT /account/account/leadtarget$`): (*OwnerShip).CheckLeadTarget, } // todo подключить проверить @@ -142,13 +142,21 @@ func OwnerShipMiddleware(o *OwnerShip) fiber.Handler { return func(c *fiber.Ctx) error { methodPath := fmt.Sprintf("%s %s", c.Method(), c.Path()) - if f, ok := pathCheckMap[methodPath]; ok { - ok, err := f(o, c) - if err != nil { - return err - } - if !ok { - return fiber.NewError(fiber.StatusForbidden, "access denied") + fmt.Println(methodPath) + + fmt.Println(c.Params("resultID")) + + for re, f := range pathCheckMap { + if re.MatchString(methodPath) { + ok, err := f(o, c) + if err != nil { + return err + } + if !ok { + return fiber.NewError(fiber.StatusForbidden, "access denied") + } + + break } } diff --git a/internal/server/http/http_server.go b/internal/server/http/http_server.go index b6c90a6..121c9b1 100644 --- a/internal/server/http/http_server.go +++ b/internal/server/http/http_server.go @@ -5,9 +5,7 @@ import ( "fmt" "gitea.pena/PenaSide/common/log_mw" "gitea.pena/PenaSide/hlog" - "gitea.pena/SQuiz/common/dal" "gitea.pena/SQuiz/common/middleware" - "gitea.pena/SQuiz/core/internal/middleware/check_ownership" "github.com/gofiber/fiber/v2" "go.uber.org/zap" ) @@ -16,7 +14,6 @@ type ServerConfig struct { Logger *zap.Logger Controllers []Controller Hlogger hlog.Logger - Dal *dal.DAL } type Server struct { @@ -28,7 +25,6 @@ type Server struct { func NewServer(config ServerConfig) *Server { app := fiber.New() app.Use(middleware.JWTAuth()) - app.Use(check_ownership.OwnerShipMiddleware(check_ownership.NewOwnerShip(config.Dal))) app.Use(log_mw.ContextLogger(config.Hlogger)) //app.Get("/liveness", healthchecks.Liveness) //app.Get("/readiness", healthchecks.Readiness(&workerErr)) //todo parametrized readiness. should discuss ready reason