package main import ( "errors" "fmt" "io/ioutil" "net/http" "os" "github.com/gin-gonic/gin" cvdata "github.com/jesusperez/cvdata" ) func user_has_role(usr *User, c *gin.Context, rtenv *RouteEnv, role string) (*User,bool) { var user *User var okusr bool if usr == nil { idusr := rtenv.AuthMiddleware.IdentityHandler(c) user, okusr = idusr.(*User) if !okusr || len(user.UserName) == 0 { return nil,false } } else { user = usr } hasRole := false _, okmdl := rtenv.Users.Accounts[user.UserName] if ! okmdl { return nil,false } if rtenv.Cfg.UseAuthz { hasRole,_ = rtenv.Enforcer.HasRoleForUser(user.UserName, role) } else { hasRole = true // TODO fix this if no Cfg.UseAuthz } return user,hasRole } func get_page_handle(c *gin.Context, rtenv *RouteEnv) { tkn := "" id := c.Params.ByName(rtenv.Cfg.Routes["page"].Param) role := rtenv.Cfg.AdminRole hasRole := false mdlUsr, okmdl := rtenv.MdlsUsrs[id] if okmdl { if rtenv.Cfg.UseAuthz { hasRole,_ = rtenv.Enforcer.HasRoleForUser(mdlUsr.User, role) } logRoute(c,rtenv,"page",fmt.Sprintf("get /page/%s", id),fmt.Sprintf("get %s (%s %v) %s",mdlUsr.User,role,hasRole,tkn)) if rtenv.Cfg.UseJWT { c.HTML(http.StatusOK, "welcome", gin.H{ "title": fmt.Sprintf("Main website %s for %s (%v)",id,mdlUsr.User,hasRole), "token": tkn, }) } else { c.HTML(http.StatusOK, "welcome", gin.H{ "title": fmt.Sprintf("Main website %s for %s (%v)",id,mdlUsr.User,hasRole), }) } } else { logRoute(c,rtenv,"page",fmt.Sprintf("get /page/%s", id),fmt.Sprintf("get %s (%s %v) %s",mdlUsr.User,role,hasRole,tkn)) c.HTML(http.StatusOK, "welcome", gin.H{ "title": fmt.Sprintf("Main website public"), }) } } func get_data_handle(c *gin.Context, rtenv *RouteEnv) { // fmt.Printf("context: %+v\n", c) target := c.Params.ByName(rtenv.Cfg.Routes["data"].Param) if target == "-" { target = "main" } logRoute(c,rtenv,"data",fmt.Sprintf("get %s",target), fmt.Sprintf("get %s",target)) path := fmt.Sprintf("%s/%s.json",rtenv.Cfg.DataDistPath,target) _, err := os.Open(path) if rtenv.Cfg.UseDist && errors.Is(err, os.ErrNotExist) { path = fmt.Sprintf("%s/%s",rtenv.Cfg.DataPath,target) fmt.Printf("YAML path: %+v\n", path) data,error := cvdata.LoadCVData(path, rtenv.Cfg,rtenv.Cfg.UseRepoOnReq) if error != nil { logRoute(c,rtenv,"data",fmt.Sprintf("Error yaml %s",target), fmt.Sprintf("Err %v",error)) c.JSON(http.StatusNotAcceptable, gin.H{"error": "Error reading file"}) } else { logRoute(c,rtenv,"data",fmt.Sprintf("OK yaml %s",target), fmt.Sprintf("OK %s",target)) c.JSON(http.StatusOK, data) } } else { data, error := ioutil.ReadFile(path) if error != nil { logRoute(c,rtenv,"data",fmt.Sprintf("Error json %s",target), fmt.Sprintf("Err %v",error)) c.JSON(http.StatusNotAcceptable, gin.H{"error": "Error reading file"}) } else { logRoute(c,rtenv,"data",fmt.Sprintf("OK json %s",target), fmt.Sprintf("OK %s",target)) c.Data(http.StatusOK, "application/json", data) //c.Data(http.StatusOK, "application/json", []byte(fmt.Sprintf("{\"models\": %s, \"data\": %s}",datamodels,data))) } } } func post_data_handle(c *gin.Context, rtenv *RouteEnv) { var cvpost cvdata.CVPostData role := rtenv.Cfg.AdminRole err := c.BindJSON(&cvpost) if err != nil { fmt.Printf("err: %+v\n", err) c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to save info"}) return } if cvpost.U == "" || len(cvpost.Data) == 0 { c.JSON(http.StatusNotAcceptable, gin.H{"info": "error info"}) return } // roles,_ := enforcer.GetRolesForUser(user) hasRole,_ := rtenv.Enforcer.HasRoleForUser(cvpost.U, role) fmt.Printf("%s (%s) %+v\n",cvpost.U, role, hasRole) if !hasRole { c.JSON(http.StatusUnauthorized, gin.H{"error": "Authentication failed"}) return } keys,res := cvpost.Data.Write(rtenv.Cfg) if res != nil { logRoute(c,rtenv,"post_data",fmt.Sprintf("Error post %s: %s",cvpost.U,keys), fmt.Sprintf("error: %+v",res)) c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to save info"}) return } if rtenv.Cfg.GenDist { errModel := createRootModels(rtenv.Cfg) if errModel != nil { fmt.Printf("Error createRootModels: %v\n",errModel) } } logRoute(c,rtenv,"post_data",fmt.Sprintf("post %s: %s",cvpost.U,keys), fmt.Sprintf("post %s: %s",cvpost.U,keys)) c.JSON(http.StatusOK, gin.H{"status": "ok"}) // c.IndentedJSON(http.StatusCreated, cvdata) }