Jared
2 年前
共有 7 个文件被更改,包括 42 次插入 和 19 次删除
合并视图
Diff 选项
-
+4 -1endpoints/closerewardfund.go
-
+22 -10endpoints/createqueue.go
-
+1 -1endpoints/createrewardfund.go
-
+3 -2endpoints/escalateprivileges.go
-
+3 -2endpoints/getusers.go
-
+2 -2endpoints/register.go
-
+7 -1utils/submission.go
+ 4
- 1
endpoints/closerewardfund.go
查看文件
| @@ -31,9 +31,12 @@ func CloseRewardFund(w http.ResponseWriter, r *http.Request) { | |||||
| var fund RewardFund | var fund RewardFund | ||||
| var modified int64 | var modified int64 | ||||
| if claims.Privileges <= AdminPlus && req.Close { | |||||
| if claims != nil && claims.Privileges <= AdminPlus && req.Close { | |||||
| Db.Table("reward_funds").Find(&fund, req.ID) | Db.Table("reward_funds").Find(&fund, req.ID) | ||||
| modified = Db.Delete(&fund).RowsAffected | modified = Db.Delete(&fund).RowsAffected | ||||
| } else { | |||||
| w.WriteHeader(403) | |||||
| return | |||||
| } | } | ||||
| var resp SuccessResponse | var resp SuccessResponse | ||||
+ 22
- 10
endpoints/createqueue.go
查看文件
| @@ -4,6 +4,7 @@ import ( | |||||
| "encoding/json" | "encoding/json" | ||||
| "net/http" | "net/http" | ||||
| "github.com/imosed/signet/auth" | |||||
| . "github.com/imosed/signet/data" | . "github.com/imosed/signet/data" | ||||
| "github.com/rs/zerolog/log" | "github.com/rs/zerolog/log" | ||||
| ) | ) | ||||
| @@ -24,21 +25,32 @@ func CreateQueue(w http.ResponseWriter, r *http.Request) { | |||||
| return | return | ||||
| } | } | ||||
| var specificQueue Queue | |||||
| Db.Table("queues").First(&specificQueue, "name = ?", req.Name) | |||||
| var claims *auth.Claims | |||||
| claims, err = auth.GetUserClaims(r) | |||||
| if err != nil { | |||||
| log.Error().Err(err).Msg("Could not determine if user is authenticated") | |||||
| return | |||||
| } | |||||
| var resp CreateQueueResponse | var resp CreateQueueResponse | ||||
| if claims != nil && claims.Privileges <= Admin { | |||||
| var specificQueue Queue | |||||
| Db.Table("queues").First(&specificQueue, "name = ?", req.Name) | |||||
| if specificQueue.ID != 0 { | |||||
| resp.ID = specificQueue.ID | |||||
| } else { | |||||
| queue := Queue{ | |||||
| Name: req.Name, | |||||
| } | |||||
| if specificQueue.ID != 0 { | |||||
| resp.ID = specificQueue.ID | |||||
| } else { | |||||
| queue := Queue{ | |||||
| Name: req.Name, | |||||
| } | |||||
| Db.Create(&queue) | |||||
| Db.Create(&queue) | |||||
| resp.ID = queue.ID | |||||
| resp.ID = queue.ID | |||||
| } | |||||
| } else { | |||||
| w.WriteHeader(403) | |||||
| return | |||||
| } | } | ||||
| err = json.NewEncoder(w).Encode(resp) | err = json.NewEncoder(w).Encode(resp) | ||||
+ 1
- 1
endpoints/createrewardfund.go
查看文件
| @@ -85,7 +85,7 @@ func CreateRewardFund(resp http.ResponseWriter, req *http.Request) { | |||||
| return | return | ||||
| } | } | ||||
| if claims.Privileges <= Admin { | |||||
| if claims != nil && claims.Privileges <= Admin { | |||||
| Db.Create(&rewardFund) | Db.Create(&rewardFund) | ||||
| Db.Create(&joinRecord) | Db.Create(&joinRecord) | ||||
+ 3
- 2
endpoints/escalateprivileges.go
查看文件
| @@ -28,7 +28,7 @@ func ChangePrivileges(w http.ResponseWriter, r *http.Request) { | |||||
| var claims *auth.Claims | var claims *auth.Claims | ||||
| claims, err = auth.GetUserClaims(r) | claims, err = auth.GetUserClaims(r) | ||||
| if claims.Privileges < 2 { | |||||
| if claims != nil && claims.Privileges <= AdminPlus { | |||||
| Db.Table("users").Where("id = ?", req.UserID).Find(&user) | Db.Table("users").Where("id = ?", req.UserID).Find(&user) | ||||
| if req.Privileges == SuperUser { | if req.Privileges == SuperUser { | ||||
| resp.Success = false | resp.Success = false | ||||
| @@ -44,7 +44,8 @@ func ChangePrivileges(w http.ResponseWriter, r *http.Request) { | |||||
| Db.Save(user) | Db.Save(user) | ||||
| resp.Success = true | resp.Success = true | ||||
| } else { | } else { | ||||
| resp.Success = false | |||||
| w.WriteHeader(403) | |||||
| return | |||||
| } | } | ||||
| err = json.NewEncoder(w).Encode(resp) | err = json.NewEncoder(w).Encode(resp) | ||||
+ 3
- 2
endpoints/getusers.go
查看文件
| @@ -15,12 +15,13 @@ type GetUsersResponse struct { | |||||
| func GetUsers(w http.ResponseWriter, r *http.Request) { | func GetUsers(w http.ResponseWriter, r *http.Request) { | ||||
| claims, err := auth.GetUserClaims(r) | claims, err := auth.GetUserClaims(r) | ||||
| if claims.Privileges > AdminPlus { | |||||
| if claims == nil || (claims != nil && claims.Privileges > AdminPlus) { | |||||
| w.WriteHeader(403) | |||||
| return | return | ||||
| } | } | ||||
| var users []User | var users []User | ||||
| Db.Table("users").Where("privileges >= ?", claims.Privileges).Scan(&users) | |||||
| Db.Table("users").Where("privileges >= ?", claims.Privileges).Order("id").Scan(&users) | |||||
| var resp GetUsersResponse | var resp GetUsersResponse | ||||
| resp.Users = users | resp.Users = users | ||||
+ 2
- 2
endpoints/register.go
查看文件
| @@ -154,7 +154,7 @@ func Register(w http.ResponseWriter, r *http.Request) { | |||||
| return | return | ||||
| } | } | ||||
| if noUsersRegistered() || claims.Privileges <= AdminPlus { | |||||
| if noUsersRegistered() || (claims != nil && claims.Privileges <= AdminPlus) { | |||||
| hash, err := GetHashedPassword(req.Password) | hash, err := GetHashedPassword(req.Password) | ||||
| if err != nil { | if err != nil { | ||||
| log.Error().Err(err).Msg("Could not generate hash for registration") | log.Error().Err(err).Msg("Could not generate hash for registration") | ||||
| @@ -176,7 +176,7 @@ func Register(w http.ResponseWriter, r *http.Request) { | |||||
| if err != nil { | if err != nil { | ||||
| log.Error().Err(err).Msg("Could not deliver unsuccessful account creation response") | log.Error().Err(err).Msg("Could not deliver unsuccessful account creation response") | ||||
| } | } | ||||
| } else if claims.Privileges > SuperUser { | |||||
| } else if claims != nil && claims.Privileges > SuperUser { | |||||
| w.WriteHeader(403) | w.WriteHeader(403) | ||||
| } | } | ||||
| } | } | ||||
+ 7
- 1
utils/submission.go
查看文件
| @@ -2,6 +2,7 @@ package utils | |||||
| import ( | import ( | ||||
| "fmt" | "fmt" | ||||
| "math" | |||||
| "github.com/imosed/signet/client" | "github.com/imosed/signet/client" | ||||
| . "github.com/imosed/signet/data" | . "github.com/imosed/signet/data" | ||||
| @@ -14,6 +15,11 @@ import ( | |||||
| "gorm.io/gorm/clause" | "gorm.io/gorm/clause" | ||||
| ) | ) | ||||
| func getFraction(price float64) xdr.Price { | |||||
| factor := math.Pow(10, 8) | |||||
| return xdr.Price{N: xdr.Int32(price * factor), D: xdr.Int32(factor)} | |||||
| } | |||||
| func SubmitGroupFund(fundID uint) (bool, error) { | func SubmitGroupFund(fundID uint) (bool, error) { | ||||
| var fund RewardFund | var fund RewardFund | ||||
| Db.Preload(clause.Associations).Find(&fund, fundID) | Db.Preload(clause.Associations).Find(&fund, fundID) | ||||
| @@ -63,7 +69,7 @@ func SubmitGroupFund(fundID uint) (bool, error) { | |||||
| Issuer: fund.IssuerWallet, | Issuer: fund.IssuerWallet, | ||||
| }, | }, | ||||
| Amount: fmt.Sprintf("%f", submissionAmount), | Amount: fmt.Sprintf("%f", submissionAmount), | ||||
| Price: xdr.Price{N: 1, D: xdr.Int32(fund.Price)}, | |||||
| Price: getFraction(fund.Price), | |||||
| OfferID: 0, | OfferID: 0, | ||||
| SourceAccount: fund.FundWallet, | SourceAccount: fund.FundWallet, | ||||
| }, | }, | ||||