dont apply mw

2025-04-23 16:16:05 +03:00 · 2025-04-23 16:16:05 +03:00 · bff28a1109
commit bff28a1109
parent d9fa14cee7
3 changed files with 36 additions and 33 deletions
--- a/internal/app/app.go
+++ b/internal/app/app.go
@ -149,7 +149,6 @@ func Run(ctx context.Context, cfg initialize.Config, build Build) error {
 		Controllers: []http.Controller{controllers.HttpControllers.Account, controllers.HttpControllers.Telegram, controllers.HttpControllers.Result,
 			controllers.HttpControllers.Question, controllers.HttpControllers.Quiz, controllers.HttpControllers.Statistic},
 		Hlogger: loggerHlog,
-		Dal:     dalS.PgDAL,
 	})

 	go func() {
--- a/internal/middleware/check_ownership/mw.go
+++ b/internal/middleware/check_ownership/mw.go
@ -5,6 +5,7 @@ import (
 	"gitea.pena/SQuiz/common/dal"
 	"gitea.pena/SQuiz/common/middleware"
 	"github.com/gofiber/fiber/v2"
+	"regexp"
 	"strconv"
 )

@ -67,11 +68,8 @@ func (o *OwnerShip) CheckResult(ctx *fiber.Ctx) (bool, error) {
 		return false, fiber.NewError(fiber.StatusUnauthorized, "account id is required")
 	}

-	resultIDStr := ctx.Params("resultID")
-	if resultIDStr == "" {
-		return false, fiber.NewError(fiber.StatusBadRequest, "invalid resultID")
-	}
-	resultID, err := strconv.ParseUint(resultIDStr, 10, 64)
+	// todo интересная штука заметил что параметры на этапе промежуточного по не существует, оч сильно усложняет надо будет обдумать
+	resultID, err := strconv.ParseUint(ctx.Params("resultID"), 10, 64)
 	if err != nil {
 		return false, fiber.NewError(fiber.StatusBadRequest, "invalid result ID format")
 	}
@ -115,26 +113,28 @@ func (o *OwnerShip) CheckStatistic(ctx *fiber.Ctx) (bool, error) {
 	return true, nil
 }

-var pathCheckMap = map[string]func(*OwnerShip, *fiber.Ctx) (bool, error){
-	"POST /question/create":   (*OwnerShip).CheckQuiz,     // quiz_id
-	"POST /question/getList":  (*OwnerShip).CheckQuiz,     // quiz_id
-	"PATCH /question/edit":    (*OwnerShip).CheckQuestion, // id
-	"POST /question/copy":     (*OwnerShip).CheckQuiz,     // quiz_id
-	"POST /question/history":  (*OwnerShip).CheckQuestion, // id
-	"DELETE /question/delete": (*OwnerShip).CheckQuestion, // id
+var pathCheckMap = map[*regexp.Regexp]func(*OwnerShip, *fiber.Ctx) (bool, error){
+	regexp.MustCompile(`^POST /question/create$`):   (*OwnerShip).CheckQuiz,     // quiz_id
+	regexp.MustCompile(`^POST /question/getList$`):  (*OwnerShip).CheckQuiz,     // quiz_id
+	regexp.MustCompile(`^PATCH /question/edit$`):    (*OwnerShip).CheckQuestion, // id
+	regexp.MustCompile(`^POST /question/copy$`):     (*OwnerShip).CheckQuiz,     // quiz_id
+	regexp.MustCompile(`^POST /question/history$`):  (*OwnerShip).CheckQuestion, // id
+	regexp.MustCompile(`^DELETE /question/delete$`): (*OwnerShip).CheckQuestion, // id

-	"GET /result/:resultID":            (*OwnerShip).CheckResult, // resultID в роуте (id ответа)
-	"POST /results/getResults/:quizID": (*OwnerShip).CheckQuiz,   // quizID в роуте
-	"POST /results/:quizID/export":     (*OwnerShip).CheckQuiz,   // quizID в роуте
+	//regexp.MustCompile(`^GET /result/\d+$`): (*OwnerShip).CheckResult, // resultID в роуте (id ответа)
+	// todo POST /results/getResults/16675
+	regexp.MustCompile(`^POST /results/getResults/\d+$`): (*OwnerShip).CheckQuiz, // quizID в роуте
+	// todo POST /results/16675/export
+	regexp.MustCompile(`^POST /results/\d+/export$`): (*OwnerShip).CheckQuiz, // quizID в роуте

-	// todo обсудить с Мишей
-	"POST /statistic/:quizID/devices":   (*OwnerShip).CheckStatistic,
-	"POST /statistic/:quizID/general":   (*OwnerShip).CheckStatistic,
-	"POST /statistic/:quizID/questions": (*OwnerShip).CheckStatistic,
+	// todo все роутф статистики клиентские
+	regexp.MustCompile(`^POST /statistic/\d+/devices$`):   (*OwnerShip).CheckStatistic,
+	regexp.MustCompile(`^POST /statistic/\d+/general$`):   (*OwnerShip).CheckStatistic,
+	regexp.MustCompile(`^POST /statistic/\d+/questions$`): (*OwnerShip).CheckStatistic,

 	// пока не в приоритете todo
-	"DELETE /account/account/leadtarget/:id": (*OwnerShip).CheckLeadTarget,
-	"PUT /account/account/leadtarget":        (*OwnerShip).CheckLeadTarget,
+	regexp.MustCompile(`^DELETE /account/account/leadtarget/\d+$`): (*OwnerShip).CheckLeadTarget,
+	regexp.MustCompile(`^PUT /account/account/leadtarget$`):        (*OwnerShip).CheckLeadTarget,
 }

 // todo подключить проверить
@ -142,13 +142,21 @@ func OwnerShipMiddleware(o *OwnerShip) fiber.Handler {
 	return func(c *fiber.Ctx) error {
 		methodPath := fmt.Sprintf("%s %s", c.Method(), c.Path())

-		if f, ok := pathCheckMap[methodPath]; ok {
-			ok, err := f(o, c)
-			if err != nil {
-				return err
-			}
-			if !ok {
-				return fiber.NewError(fiber.StatusForbidden, "access denied")
+		fmt.Println(methodPath)
+
+		fmt.Println(c.Params("resultID"))
+
+		for re, f := range pathCheckMap {
+			if re.MatchString(methodPath) {
+				ok, err := f(o, c)
+				if err != nil {
+					return err
+				}
+				if !ok {
+					return fiber.NewError(fiber.StatusForbidden, "access denied")
+				}
+
+				break
 			}
 		}

--- a/internal/server/http/http_server.go
+++ b/internal/server/http/http_server.go
@ -5,9 +5,7 @@ import (
 	"fmt"
 	"gitea.pena/PenaSide/common/log_mw"
 	"gitea.pena/PenaSide/hlog"
-	"gitea.pena/SQuiz/common/dal"
 	"gitea.pena/SQuiz/common/middleware"
-	"gitea.pena/SQuiz/core/internal/middleware/check_ownership"
 	"github.com/gofiber/fiber/v2"
 	"go.uber.org/zap"
 )
@ -16,7 +14,6 @@ type ServerConfig struct {
 	Logger      *zap.Logger
 	Controllers []Controller
 	Hlogger     hlog.Logger
-	Dal         *dal.DAL
 }

 type Server struct {
@ -28,7 +25,6 @@ type Server struct {
 func NewServer(config ServerConfig) *Server {
 	app := fiber.New()
 	app.Use(middleware.JWTAuth())
-	app.Use(check_ownership.OwnerShipMiddleware(check_ownership.NewOwnerShip(config.Dal)))
 	app.Use(log_mw.ContextLogger(config.Hlogger))
 	//app.Get("/liveness", healthchecks.Liveness)
 	//app.Get("/readiness", healthchecks.Readiness(&workerErr)) //todo parametrized readiness. should discuss ready reason