Showing
3 changed files
with
100 additions
and
1 deletions
api/endpoints/allowlist.go
0 → 100644
| 1 | +package endpoints | ||
| 2 | + | ||
| 3 | +import ( | ||
| 4 | + "classroom/functions" | ||
| 5 | + "encoding/json" | ||
| 6 | + "fmt" | ||
| 7 | + "io/ioutil" | ||
| 8 | + "net/http" | ||
| 9 | + "strings" | ||
| 10 | + | ||
| 11 | + "github.com/julienschmidt/httprouter" | ||
| 12 | +) | ||
| 13 | + | ||
| 14 | +// POST /timetables/<file_id>/<sheet_id>/allow | ||
| 15 | +func (e *Endpoints) AllowlistPost(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { | ||
| 16 | + // Get user email | ||
| 17 | + var email string | ||
| 18 | + if _email, ok := r.Header["X-User-Email"]; ok { | ||
| 19 | + email = _email[0] | ||
| 20 | + } else { | ||
| 21 | + functions.ResponseError(w, 401, "X-User-Email 헤더를 보내세요.") | ||
| 22 | + return | ||
| 23 | + } | ||
| 24 | + | ||
| 25 | + // Get Path Parameters | ||
| 26 | + fileID := ps.ByName("file_id") | ||
| 27 | + sheetID := ps.ByName("sheet_id") | ||
| 28 | + | ||
| 29 | + // Check Permission | ||
| 30 | + var _count, _isSuper int64 | ||
| 31 | + timetable := fmt.Sprintf("%s,%s", fileID, sheetID) | ||
| 32 | + row := e.DB.QueryRow(` | ||
| 33 | + SELECT count(timetable_id) | ||
| 34 | + FROM allowlist | ||
| 35 | + WHERE timetable_id=?; | ||
| 36 | + `, timetable) | ||
| 37 | + if err := row.Scan(&_count); err == nil { | ||
| 38 | + if _count <= 0 { | ||
| 39 | + functions.ResponseError(w, 404, "존재하지 않는 timetable.") | ||
| 40 | + return | ||
| 41 | + } | ||
| 42 | + } | ||
| 43 | + | ||
| 44 | + row = e.DB.QueryRow(` | ||
| 45 | + SELECT count(a.timetable_id), u.is_super | ||
| 46 | + FROM allowlist AS a, users AS u | ||
| 47 | + WHERE a.user_id=u.id | ||
| 48 | + AND a.timetable_id=? | ||
| 49 | + AND u.email=?; | ||
| 50 | + `, timetable, email) | ||
| 51 | + if err := row.Scan(&_count, &_isSuper); err == nil { | ||
| 52 | + if _count <= 0 { | ||
| 53 | + functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.") | ||
| 54 | + return | ||
| 55 | + } | ||
| 56 | + if _isSuper != 1 { | ||
| 57 | + functions.ResponseError(w, 403, "관리자만 접근할 수 있는 기능입니다.") | ||
| 58 | + return | ||
| 59 | + } | ||
| 60 | + } | ||
| 61 | + | ||
| 62 | + // Parse Request Data | ||
| 63 | + type reqDataStruct struct { | ||
| 64 | + Email *string `json:"email"` | ||
| 65 | + } | ||
| 66 | + var reqData reqDataStruct | ||
| 67 | + if strings.Contains(r.Header.Get("Content-Type"), "application/json") { | ||
| 68 | + body, err := ioutil.ReadAll(r.Body) | ||
| 69 | + if err != nil { | ||
| 70 | + functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error()) | ||
| 71 | + return | ||
| 72 | + } | ||
| 73 | + json.Unmarshal(body, &reqData) | ||
| 74 | + } else { | ||
| 75 | + functions.ResponseError(w, 400, "JSON 형식만 가능합니다.") | ||
| 76 | + return | ||
| 77 | + } | ||
| 78 | + if reqData.Email == nil { | ||
| 79 | + functions.ResponseError(w, 400, "파라미터를 전부 보내주세요.") | ||
| 80 | + return | ||
| 81 | + } | ||
| 82 | + | ||
| 83 | + // Querying | ||
| 84 | + _, err := e.DB.Exec(` | ||
| 85 | + INSERT INTO allowlist | ||
| 86 | + VALUES (?, ( | ||
| 87 | + SELECT id FROM users WHERE email=? | ||
| 88 | + )); | ||
| 89 | + `, timetable, *(reqData.Email)) | ||
| 90 | + if err != nil { | ||
| 91 | + functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error()) | ||
| 92 | + return | ||
| 93 | + } | ||
| 94 | + | ||
| 95 | + functions.ResponseOK(w, "success", nil) | ||
| 96 | +} |
| ... | @@ -70,7 +70,8 @@ func (e *Endpoints) ReservationPost(w http.ResponseWriter, r *http.Request, ps h | ... | @@ -70,7 +70,8 @@ func (e *Endpoints) ReservationPost(w http.ResponseWriter, r *http.Request, ps h |
| 70 | if strings.Contains(r.Header.Get("Content-Type"), "application/json") { | 70 | if strings.Contains(r.Header.Get("Content-Type"), "application/json") { |
| 71 | body, err := ioutil.ReadAll(r.Body) | 71 | body, err := ioutil.ReadAll(r.Body) |
| 72 | if err != nil { | 72 | if err != nil { |
| 73 | - functions.ResponseError(w, 500, err.Error()) | 73 | + functions.ResponseError(w, 500, "예기치 못한 에러 : "+err.Error()) |
| 74 | + return | ||
| 74 | } | 75 | } |
| 75 | json.Unmarshal(body, &reqData) | 76 | json.Unmarshal(body, &reqData) |
| 76 | } else { | 77 | } else { | ... | ... |
| ... | @@ -63,6 +63,7 @@ func main() { | ... | @@ -63,6 +63,7 @@ func main() { |
| 63 | router.GET("/api", ep.IndexGet) | 63 | router.GET("/api", ep.IndexGet) |
| 64 | router.POST("/api/users", ep.UsersPost) | 64 | router.POST("/api/users", ep.UsersPost) |
| 65 | router.GET("/api/timetables/:file_id/:sheet_id/cell", ep.CellGet) | 65 | router.GET("/api/timetables/:file_id/:sheet_id/cell", ep.CellGet) |
| 66 | + router.POST("/api/timetables/:file_id/:sheet_id/allow", ep.AllowlistPost) | ||
| 66 | router.POST("/api/timetables/:file_id/:sheet_id/reservation", ep.ReservationPost) | 67 | router.POST("/api/timetables/:file_id/:sheet_id/reservation", ep.ReservationPost) |
| 67 | router.DELETE("/api/timetables/:file_id/:sheet_id/reservation/:reservation_id", ep.ReservationDelete) | 68 | router.DELETE("/api/timetables/:file_id/:sheet_id/reservation/:reservation_id", ep.ReservationDelete) |
| 68 | 69 | ||
| ... | @@ -73,6 +74,7 @@ func main() { | ... | @@ -73,6 +74,7 @@ func main() { |
| 73 | hs := make(HostSwitch) | 74 | hs := make(HostSwitch) |
| 74 | hostname := fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port) | 75 | hostname := fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port) |
| 75 | hs[hostname] = handler | 76 | hs[hostname] = handler |
| 77 | + hs["localhost:8000"] = handler | ||
| 76 | 78 | ||
| 77 | // Start Server in Local Mode | 79 | // Start Server in Local Mode |
| 78 | log.Println("[Local Mode] Starting HTTP API Server on port", portStr) | 80 | log.Println("[Local Mode] Starting HTTP API Server on port", portStr) | ... | ... |
-
Please register or login to post a comment