diff --git a/src/highlanderticketing/handler/match.go b/src/highlanderticketing/handler/match.go
index 7930ec7a0b3d4066f2b5a9206c45a90f7bb586f3..8dd6953a0d3a6dcf03fe4a1fd0388d154d98570a 100644
--- a/src/highlanderticketing/handler/match.go
+++ b/src/highlanderticketing/handler/match.go
@@ -12,25 +12,17 @@ import (
func CreateMatch(w http.ResponseWriter, r *http.Request) {
var match *model.Match
- token, err := getBearerToken(r)
- if err != nil {
- http.Error(w, err.Error(), http.StatusBadRequest)
- return
- }
- valid, err := service.ValidateGoogleAccessToken(token)
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- if valid != true {
+ if err := CheckAccessToken(w, r, true); err != nil {
+ log.Errorf("Eror checking AccessToken: %v", err)
http.Error(w, err.Error(), http.StatusUnauthorized)
return
}
- match, err1 := getMatch(r)
- if err1 != nil {
- http.Error(w, err1.Error(), http.StatusBadRequest)
+ match, err := getMatch(r)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusBadRequest)
return
}
+
if err := service.CreateMatch(match); err != nil {
log.Errorf("Error calling service CreateMatch: %v", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -56,6 +48,11 @@ func CreateMatch(w http.ResponseWriter, r *http.Request) {
}
*/
func UpdateMatch(w http.ResponseWriter, r *http.Request) {
+ if err := CheckAccessToken(w, r, true); err != nil {
+ log.Errorf("Eror checking AccessToken: %v", err)
+ http.Error(w, err.Error(), http.StatusUnauthorized)
+ return
+ }
id, err := getID(r)
if err != nil {
log.Errorf("Please parse in ID at the url %v", err)
@@ -77,6 +74,11 @@ func UpdateMatch(w http.ResponseWriter, r *http.Request) {
}
func GetAllMatches(w http.ResponseWriter, r *http.Request) {
+ if err := CheckAccessToken(w, r, false); err != nil {
+ log.Errorf("Eror checking AccessToken: %v", err)
+ http.Error(w, err.Error(), http.StatusUnauthorized)
+ return
+ }
matches, err := service.GetAllMatches()
if err != nil {
log.Errorf("Error calling service GetAllMatches: %v", err)
@@ -87,6 +89,11 @@ func GetAllMatches(w http.ResponseWriter, r *http.Request) {
}
func GetMatchByID(w http.ResponseWriter, r *http.Request) {
+ if err := CheckAccessToken(w, r, false); err != nil {
+ log.Errorf("Eror checking AccessToken: %v", err)
+ http.Error(w, err.Error(), http.StatusUnauthorized)
+ return
+ }
id, err := getID(r)
if err != nil {
log.Errorf("Please parse in ID at the url %v", err)
@@ -101,6 +108,11 @@ func GetMatchByID(w http.ResponseWriter, r *http.Request) {
}
func DeleteMatch(w http.ResponseWriter, r *http.Request) {
+ if err := CheckAccessToken(w, r, true); err != nil {
+ log.Errorf("Eror checking AccessToken: %v", err)
+ http.Error(w, err.Error(), http.StatusUnauthorized)
+ return
+ }
id, err := getID(r)
if err != nil {
log.Errorf("Please parse in ID at the url %v", err)
@@ -121,7 +133,7 @@ func DeleteMatch(w http.ResponseWriter, r *http.Request) {
sendJson(w, result{Success: "OK"})
}
-// nur intern mit admin
+// nur intern
func DeleteAllMatches(w http.ResponseWriter, r *http.Request) {
err := service.DeleteAllMatches()
if err != nil {
diff --git a/src/highlanderticketing/handler/oauth.go b/src/highlanderticketing/handler/oauth.go
index d78a4efe38d0225464c09e582a9e94174ed81318..4865490eafa1286292fd50bb9a9cae9ee88760c5 100644
--- a/src/highlanderticketing/handler/oauth.go
+++ b/src/highlanderticketing/handler/oauth.go
@@ -2,6 +2,7 @@ package handler
import (
"context"
+ "fmt"
"net/http"
log "github.com/sirupsen/logrus"
@@ -29,3 +30,40 @@ func HandleCallback(w http.ResponseWriter, r *http.Request) {
service.Register(token.AccessToken)
sendJson(w, token.AccessToken)
}
+
+func CheckAccessToken(w http.ResponseWriter, r *http.Request, needAdmin bool) error {
+ token, err := getBearerToken(r)
+ if err != nil {
+ return err
+ }
+ valid, err := service.ValidateGoogleAccessToken(token)
+ if err != nil {
+ return err
+ }
+ if valid != true {
+ return nil
+ }
+ if needAdmin {
+ err := checkAdmin(token)
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func checkAdmin(token string) error {
+ userExternal, err := service.GetUserInfo(token)
+ if err != nil {
+ return err
+ }
+ user, err := service.GetUserByEmail(userExternal.Email)
+ if err != nil {
+ return err
+ }
+ if user.IsAdmin {
+ return nil
+ } else {
+ return fmt.Errorf("User has not Adminrights")
+ }
+}
diff --git a/src/highlanderticketing/handler/order.go b/src/highlanderticketing/handler/order.go
index dc6cd1fb5543b473aa02743fb1f4d3d1e6fd3ac2..6e0519e5ccda72ae1ff50706e956e131628f3307 100644
--- a/src/highlanderticketing/handler/order.go
+++ b/src/highlanderticketing/handler/order.go
@@ -10,6 +10,11 @@ import (
)
func AddMatchOrder(w http.ResponseWriter, r *http.Request) {
+ if err := CheckAccessToken(w, r, false); err != nil {
+ log.Errorf("Eror checking AccessToken: %v", err)
+ http.Error(w, err.Error(), http.StatusUnauthorized)
+ return
+ }
id, err := getID(r)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
@@ -30,6 +35,11 @@ func AddMatchOrder(w http.ResponseWriter, r *http.Request) {
}
func AddTravelOrder(w http.ResponseWriter, r *http.Request) {
+ if err := CheckAccessToken(w, r, false); err != nil {
+ log.Errorf("Eror checking AccessToken: %v", err)
+ http.Error(w, err.Error(), http.StatusUnauthorized)
+ return
+ }
id, err := getID(r)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
diff --git a/src/highlanderticketing/service/oauth.go b/src/highlanderticketing/service/oauth.go
index e21c6050fbb6f63a30637963083585500373e705..6bec726142460be521e24d29a06c119d738e0212 100644
--- a/src/highlanderticketing/service/oauth.go
+++ b/src/highlanderticketing/service/oauth.go
@@ -40,6 +40,7 @@ func ValidateGoogleAccessToken(accessToken string) (bool, error) {
if tokenInfo.Error != "" {
return false, fmt.Errorf("Fehler bei der Überprüfung des Tokens: %s", tokenInfo.Error)
}
+ //fmt.Println(tokenInfo.ExpiresIn)
if tokenInfo.ExpiresIn > 0 {
return true, nil
diff --git a/src/highlanderticketing/service/user.go b/src/highlanderticketing/service/user.go
index c9af7c2b042cae94eccad1b1ab64dd6d8d8d5cdb..25fd0be8d6cfac9c36f025ebef53bc96c32060bb 100644
--- a/src/highlanderticketing/service/user.go
+++ b/src/highlanderticketing/service/user.go
@@ -147,6 +147,22 @@ func GetUserByID(userID primitive.ObjectID) (*model.User, error) {
}
return &result, nil
}
+func GetUserByEmail(email string) (*model.User, error) {
+ result := model.User{}
+ filter := bson.D{primitive.E{Key: "email", Value: email}}
+
+ client, err := db.GetMongoClient()
+ if err != nil {
+ return &result, err
+ }
+ collection := client.Database(db.DB).Collection(db.USERS)
+
+ err = collection.FindOne(context.TODO(), filter).Decode(&result)
+ if err != nil {
+ return &result, err
+ }
+ return &result, nil
+}
func DeleteUser(UserID primitive.ObjectID) error {
filter := bson.D{primitive.E{Key: "_id", Value: UserID}}