fix: /v1/account access; allow st_* polling

metakgp · Jun 30, 2024 · 25ee529 · 25ee529
1 parent 07a22bb
commit 25ee529
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 5 deletions.
diff --git a/backend/main.go b/backend/main.go
@@ -128,7 +128,15 @@ func register(res http.ResponseWriter, req *http.Request) {
 	// Provide read-only access for kgp-* channels to the user
 	queryGenAccess := fmt.Sprintf(`INSERT INTO user_access VALUES("%s", "kgp-%%", 1, 0, "")`, userId)
 	if _, err = db.Exec(queryGenAccess); err != nil {
-		fmt.Println("Granting Access Error: ", err.Error())
+		fmt.Println("Granting Access Error (kgp-*): ", err.Error())
+		http.Error(res, "Internal Server Error (DB: Access Grant)", http.StatusInternalServerError)
+		return
+	}
+
+	// Provide read-only access for kgp-* channels to the user
+	queryGenAccess = fmt.Sprintf(`INSERT INTO user_access VALUES("%s", "st_%%", 1, 0, "")`, userId)
+	if _, err = db.Exec(queryGenAccess); err != nil {
+		fmt.Println("Granting Access Error (st_*): ", err.Error())
 		http.Error(res, "Internal Server Error (DB: Access Grant)", http.StatusInternalServerError)
 		return
 	}

diff --git a/metaploy/naarad.metaploy.conf b/metaploy/naarad.metaploy.conf
@@ -20,22 +20,35 @@ server {
         add_header Content-Type application/json;
     }
 
-    # Enables us to allow user registration only via 
-    # our custon signup logic, which ultimately renders the 
+    # Enables us to allow user registration only via
+    # our custon signup logic, which ultimately renders the
     # SignUp button on the webapp useless
     location = /v1/account {
+        set $test O;
         valid_referers https://naarad-signup.metakgp.org;
         if ($invalid_referer) {
-            return 401;
+            set $test A;
         }
+        if ($request_method = POST) {
+            set $test "${test}B";
+        }
+        if ($test = AB) {
+            return 403;
+        }
+
+        proxy_pass http://naarad;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Original-URI $request_uri;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }
 
     # Permanently move the /signup endpoint to our custom signup url
     location /signup {
         return 301 https://naarad-signup.metakgp.org;
     }
 
-    # All the endpoints other then described above are 
+    # All the endpoints other then described above are
     # protected via heimdall
     location / {
         auth_request /auth;