From a309de962a3362f6dffdfacebda7c9a8b00795aa Mon Sep 17 00:00:00 2001
From: Yege1893 <yannick.ege@web.de>
Date: Sat, 1 Jul 2023 14:47:04 +0200
Subject: [PATCH] admin check added

---
 src/highlanderticketing/handler/match.go | 42 +++++++++++++++---------
 src/highlanderticketing/handler/oauth.go | 38 +++++++++++++++++++++
 src/highlanderticketing/handler/order.go | 10 ++++++
 src/highlanderticketing/service/oauth.go |  1 +
 src/highlanderticketing/service/user.go  | 16 +++++++++
 5 files changed, 92 insertions(+), 15 deletions(-)

diff --git a/src/highlanderticketing/handler/match.go b/src/highlanderticketing/handler/match.go
index 7930ec7..8dd6953 100644
--- a/src/highlanderticketing/handler/match.go
+++ b/src/highlanderticketing/handler/match.go
@@ -12,25 +12,17 @@ import (
 
 func CreateMatch(w http.ResponseWriter, r *http.Request) {
 	var match *model.Match
-	token, err := getBearerToken(r)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusBadRequest)
-		return
-	}
-	valid, err := service.ValidateGoogleAccessToken(token)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-	if valid != true {
+	if err := CheckAccessToken(w, r, true); err != nil {
+		log.Errorf("Eror checking AccessToken: %v", err)
 		http.Error(w, err.Error(), http.StatusUnauthorized)
 		return
 	}
-	match, err1 := getMatch(r)
-	if err1 != nil {
-		http.Error(w, err1.Error(), http.StatusBadRequest)
+	match, err := getMatch(r)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
+
 	if err := service.CreateMatch(match); err != nil {
 		log.Errorf("Error calling service CreateMatch: %v", err)
 		http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -56,6 +48,11 @@ func CreateMatch(w http.ResponseWriter, r *http.Request) {
 }
 */
 func UpdateMatch(w http.ResponseWriter, r *http.Request) {
+	if err := CheckAccessToken(w, r, true); err != nil {
+		log.Errorf("Eror checking AccessToken: %v", err)
+		http.Error(w, err.Error(), http.StatusUnauthorized)
+		return
+	}
 	id, err := getID(r)
 	if err != nil {
 		log.Errorf("Please parse in ID at the url %v", err)
@@ -77,6 +74,11 @@ func UpdateMatch(w http.ResponseWriter, r *http.Request) {
 }
 
 func GetAllMatches(w http.ResponseWriter, r *http.Request) {
+	if err := CheckAccessToken(w, r, false); err != nil {
+		log.Errorf("Eror checking AccessToken: %v", err)
+		http.Error(w, err.Error(), http.StatusUnauthorized)
+		return
+	}
 	matches, err := service.GetAllMatches()
 	if err != nil {
 		log.Errorf("Error calling service GetAllMatches: %v", err)
@@ -87,6 +89,11 @@ func GetAllMatches(w http.ResponseWriter, r *http.Request) {
 }
 
 func GetMatchByID(w http.ResponseWriter, r *http.Request) {
+	if err := CheckAccessToken(w, r, false); err != nil {
+		log.Errorf("Eror checking AccessToken: %v", err)
+		http.Error(w, err.Error(), http.StatusUnauthorized)
+		return
+	}
 	id, err := getID(r)
 	if err != nil {
 		log.Errorf("Please parse in ID at the url %v", err)
@@ -101,6 +108,11 @@ func GetMatchByID(w http.ResponseWriter, r *http.Request) {
 }
 
 func DeleteMatch(w http.ResponseWriter, r *http.Request) {
+	if err := CheckAccessToken(w, r, true); err != nil {
+		log.Errorf("Eror checking AccessToken: %v", err)
+		http.Error(w, err.Error(), http.StatusUnauthorized)
+		return
+	}
 	id, err := getID(r)
 	if err != nil {
 		log.Errorf("Please parse in ID at the url %v", err)
@@ -121,7 +133,7 @@ func DeleteMatch(w http.ResponseWriter, r *http.Request) {
 	sendJson(w, result{Success: "OK"})
 }
 
-// nur intern mit admin
+// nur intern
 func DeleteAllMatches(w http.ResponseWriter, r *http.Request) {
 	err := service.DeleteAllMatches()
 	if err != nil {
diff --git a/src/highlanderticketing/handler/oauth.go b/src/highlanderticketing/handler/oauth.go
index d78a4ef..4865490 100644
--- a/src/highlanderticketing/handler/oauth.go
+++ b/src/highlanderticketing/handler/oauth.go
@@ -2,6 +2,7 @@ package handler
 
 import (
 	"context"
+	"fmt"
 	"net/http"
 
 	log "github.com/sirupsen/logrus"
@@ -29,3 +30,40 @@ func HandleCallback(w http.ResponseWriter, r *http.Request) {
 	service.Register(token.AccessToken)
 	sendJson(w, token.AccessToken)
 }
+
+func CheckAccessToken(w http.ResponseWriter, r *http.Request, needAdmin bool) error {
+	token, err := getBearerToken(r)
+	if err != nil {
+		return err
+	}
+	valid, err := service.ValidateGoogleAccessToken(token)
+	if err != nil {
+		return err
+	}
+	if valid != true {
+		return nil
+	}
+	if needAdmin {
+		err := checkAdmin(token)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func checkAdmin(token string) error {
+	userExternal, err := service.GetUserInfo(token)
+	if err != nil {
+		return err
+	}
+	user, err := service.GetUserByEmail(userExternal.Email)
+	if err != nil {
+		return err
+	}
+	if user.IsAdmin {
+		return nil
+	} else {
+		return fmt.Errorf("User has not Adminrights")
+	}
+}
diff --git a/src/highlanderticketing/handler/order.go b/src/highlanderticketing/handler/order.go
index dc6cd1f..6e0519e 100644
--- a/src/highlanderticketing/handler/order.go
+++ b/src/highlanderticketing/handler/order.go
@@ -10,6 +10,11 @@ import (
 )
 
 func AddMatchOrder(w http.ResponseWriter, r *http.Request) {
+	if err := CheckAccessToken(w, r, false); err != nil {
+		log.Errorf("Eror checking AccessToken: %v", err)
+		http.Error(w, err.Error(), http.StatusUnauthorized)
+		return
+	}
 	id, err := getID(r)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
@@ -30,6 +35,11 @@ func AddMatchOrder(w http.ResponseWriter, r *http.Request) {
 
 }
 func AddTravelOrder(w http.ResponseWriter, r *http.Request) {
+	if err := CheckAccessToken(w, r, false); err != nil {
+		log.Errorf("Eror checking AccessToken: %v", err)
+		http.Error(w, err.Error(), http.StatusUnauthorized)
+		return
+	}
 	id, err := getID(r)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
diff --git a/src/highlanderticketing/service/oauth.go b/src/highlanderticketing/service/oauth.go
index e21c605..6bec726 100644
--- a/src/highlanderticketing/service/oauth.go
+++ b/src/highlanderticketing/service/oauth.go
@@ -40,6 +40,7 @@ func ValidateGoogleAccessToken(accessToken string) (bool, error) {
 	if tokenInfo.Error != "" {
 		return false, fmt.Errorf("Fehler bei der ÃœberprÃ¼fung des Tokens: %s", tokenInfo.Error)
 	}
+	//fmt.Println(tokenInfo.ExpiresIn)
 
 	if tokenInfo.ExpiresIn > 0 {
 		return true, nil
diff --git a/src/highlanderticketing/service/user.go b/src/highlanderticketing/service/user.go
index c9af7c2..25fd0be 100644
--- a/src/highlanderticketing/service/user.go
+++ b/src/highlanderticketing/service/user.go
@@ -147,6 +147,22 @@ func GetUserByID(userID primitive.ObjectID) (*model.User, error) {
 	}
 	return &result, nil
 }
+func GetUserByEmail(email string) (*model.User, error) {
+	result := model.User{}
+	filter := bson.D{primitive.E{Key: "email", Value: email}}
+
+	client, err := db.GetMongoClient()
+	if err != nil {
+		return &result, err
+	}
+	collection := client.Database(db.DB).Collection(db.USERS)
+
+	err = collection.FindOne(context.TODO(), filter).Decode(&result)
+	if err != nil {
+		return &result, err
+	}
+	return &result, nil
+}
 
 func DeleteUser(UserID primitive.ObjectID) error {
 	filter := bson.D{primitive.E{Key: "_id", Value: UserID}}
-- 
GitLab