diff --git a/auth/auth.go b/auth/auth.go index dd7adc5d9..829cec274 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -98,7 +98,6 @@ func PubKeyContextSuperAdmin(next http.Handler) http.Handler { } isJwt := strings.Contains(token, ".") && !strings.HasPrefix(token, ".") - if isJwt { claims, err := DecodeJwt(token) @@ -115,7 +114,7 @@ func PubKeyContextSuperAdmin(next http.Handler) http.Handler { } pubkey := fmt.Sprintf("%v", claims["pubkey"]) - if !AdminCheck(pubkey) { + if !IsFreePass() && !AdminCheck(pubkey) { fmt.Println("Not a super admin") http.Error(w, http.StatusText(401), 401) return @@ -135,8 +134,8 @@ func PubKeyContextSuperAdmin(next http.Handler) http.Handler { return } - if !AdminCheck(pubkey) { - fmt.Println("Not a super admin") + if !IsFreePass() && !AdminCheck(pubkey) { + fmt.Println("Not a super admin : auth") http.Error(w, http.StatusText(401), 401) return } @@ -156,6 +155,13 @@ func AdminCheck(pubkey string) bool { return false } +func IsFreePass() bool { + if len(config.SuperAdmins) == 1 && config.SuperAdmins[0] == config.AdminDevFreePass { + return true + } + return false +} + // VerifyTribeUUID takes base64 uuid and returns hex pubkey func VerifyTribeUUID(uuid string, checkTimestamp bool) (string, error) { diff --git a/config/config.go b/config/config.go index 8fd1a3799..c68e7797e 100644 --- a/config/config.go +++ b/config/config.go @@ -31,6 +31,8 @@ var BudgetInvoiceList = "BUDGETINVOICELIST" var S3BucketName string var S3FolderName string var S3Url string +var AdminCheck string +var AdminDevFreePass = "FREE_PASS" var S3Client *s3.S3 @@ -47,6 +49,8 @@ func InitConfig() { S3BucketName = os.Getenv("S3_BUCKET_NAME") S3FolderName = os.Getenv("S3_FOLDER_NAME") S3Url = os.Getenv("S3_URL") + AdminCheck = os.Getenv("ADMIN_CHECK") + // Add to super admins SuperAdmins = StripSuperAdmins(AdminStrings) diff --git a/db/db.go b/db/db.go index a71466fae..3a380cab7 100644 --- a/db/db.go +++ b/db/db.go @@ -712,11 +712,11 @@ func (db database) GetBountyById(id string) ([]Bounty, error) { return ms, err } -func (db database) GetNextBountyByCreated(r *http.Request) ([]Bounty, error) { +func (db database) GetNextBountyByCreated(r *http.Request) (uint, error) { created := chi.URLParam(r, "created") keys := r.URL.Query() _, _, _, _, search := utils.GetPaginationParams(r) - ms := []Bounty{} + var bountyId uint open := keys.Get("Open") assingned := keys.Get("Assigned") @@ -764,20 +764,20 @@ func (db database) GetNextBountyByCreated(r *http.Request) ([]Bounty, error) { } } - query := `SELECT * FROM public.bounty WHERE created > '` + created + `' AND show = true` + query := `SELECT id FROM public.bounty WHERE created > '` + created + `' AND show = true` orderQuery := "ORDER BY created ASC LIMIT 1" allQuery := query + " " + searchQuery + " " + statusQuery + " " + languageQuery + " " + orderQuery - err := db.db.Raw(allQuery).Find(&ms).Error - return ms, err + err := db.db.Raw(allQuery).Find(&bountyId).Error + return bountyId, err } -func (db database) GetPreviousBountyByCreated(r *http.Request) ([]Bounty, error) { +func (db database) GetPreviousBountyByCreated(r *http.Request) (uint, error) { created := chi.URLParam(r, "created") keys := r.URL.Query() + var bountyId uint _, _, _, _, search := utils.GetPaginationParams(r) - ms := []Bounty{} open := keys.Get("Open") assingned := keys.Get("Assigned") @@ -825,21 +825,21 @@ func (db database) GetPreviousBountyByCreated(r *http.Request) ([]Bounty, error) } } - query := `SELECT * FROM public.bounty WHERE created < '` + created + `' AND show = true` + query := `SELECT id FROM public.bounty WHERE created < '` + created + `' AND show = true` orderQuery := "ORDER BY created DESC LIMIT 1" allQuery := query + " " + searchQuery + " " + statusQuery + " " + languageQuery + " " + orderQuery - err := db.db.Raw(allQuery).Find(&ms).Error - return ms, err + err := db.db.Raw(allQuery).Find(&bountyId).Error + return bountyId, err } -func (db database) GetNextOrganizationBountyByCreated(r *http.Request) ([]Bounty, error) { +func (db database) GetNextOrganizationBountyByCreated(r *http.Request) (uint, error) { created := chi.URLParam(r, "created") uuid := chi.URLParam(r, "uuid") keys := r.URL.Query() _, _, _, _, search := utils.GetPaginationParams(r) - ms := []Bounty{} + var bountyId uint open := keys.Get("Open") assingned := keys.Get("Assigned") @@ -887,21 +887,21 @@ func (db database) GetNextOrganizationBountyByCreated(r *http.Request) ([]Bounty } } - query := `SELECT * FROM public.bounty WHERE org_uuid = '` + uuid + `' AND created > '` + created + `' AND show = true` + query := `SELECT id FROM public.bounty WHERE org_uuid = '` + uuid + `' AND created > '` + created + `' AND show = true` orderQuery := "ORDER BY created ASC LIMIT 1" allQuery := query + " " + searchQuery + " " + statusQuery + " " + languageQuery + " " + orderQuery - err := db.db.Raw(allQuery).Find(&ms).Error - return ms, err + err := db.db.Raw(allQuery).Find(&bountyId).Error + return bountyId, err } -func (db database) GetPreviousOrganizationBountyByCreated(r *http.Request) ([]Bounty, error) { +func (db database) GetPreviousOrganizationBountyByCreated(r *http.Request) (uint, error) { created := chi.URLParam(r, "created") uuid := chi.URLParam(r, "uuid") keys := r.URL.Query() _, _, _, _, search := utils.GetPaginationParams(r) - ms := []Bounty{} + var bountyId uint open := keys.Get("Open") assingned := keys.Get("Assigned") @@ -949,13 +949,13 @@ func (db database) GetPreviousOrganizationBountyByCreated(r *http.Request) ([]Bo } } - query := `SELECT * FROM public.bounty WHERE org_uuid = '` + uuid + `' AND created < '` + created + `' AND show = true` + query := `SELECT id FROM public.bounty WHERE org_uuid = '` + uuid + `' AND created < '` + created + `' AND show = true` orderQuery := "ORDER BY created DESC LIMIT 1" allQuery := query + " " + searchQuery + " " + statusQuery + " " + languageQuery + " " + orderQuery - err := db.db.Raw(allQuery).Find(&ms).Error - return ms, err + err := db.db.Raw(allQuery).Find(&bountyId).Error + return bountyId, err } func (db database) GetBountyIndexById(id string) int64 { diff --git a/db/interface.go b/db/interface.go index 9074de96b..acdfc6c70 100644 --- a/db/interface.go +++ b/db/interface.go @@ -35,10 +35,10 @@ type Database interface { GetAssignedBounties(r *http.Request) ([]Bounty, error) GetCreatedBounties(r *http.Request) ([]Bounty, error) GetBountyById(id string) ([]Bounty, error) - GetNextBountyByCreated(r *http.Request) ([]Bounty, error) - GetPreviousBountyByCreated(r *http.Request) ([]Bounty, error) - GetNextOrganizationBountyByCreated(r *http.Request) ([]Bounty, error) - GetPreviousOrganizationBountyByCreated(r *http.Request) ([]Bounty, error) + GetNextBountyByCreated(r *http.Request) (uint, error) + GetPreviousBountyByCreated(r *http.Request) (uint, error) + GetNextOrganizationBountyByCreated(r *http.Request) (uint, error) + GetPreviousOrganizationBountyByCreated(r *http.Request) (uint, error) GetBountyIndexById(id string) int64 GetBountyDataByCreated(created string) ([]Bounty, error) AddBounty(b Bounty) (Bounty, error) diff --git a/handlers/auth.go b/handlers/auth.go index 3ff38e709..f80cd4dfa 100644 --- a/handlers/auth.go +++ b/handlers/auth.go @@ -36,8 +36,8 @@ func GetIsAdmin(w http.ResponseWriter, r *http.Request) { pubKeyFromAuth, _ := ctx.Value(auth.ContextKey).(string) isAdmin := auth.AdminCheck(pubKeyFromAuth) - if !isAdmin { - fmt.Println("Not a super admin") + if !auth.IsFreePass() && !isAdmin { + fmt.Println("Not a super admin: handler") http.Error(w, http.StatusText(401), 401) return } else { diff --git a/handlers/bounty.go b/handlers/bounty.go index 3104cf9ba..3019313fb 100644 --- a/handlers/bounty.go +++ b/handlers/bounty.go @@ -60,9 +60,8 @@ func GetNextBountyByCreated(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusBadRequest) fmt.Println("Error", err) } else { - var bountyResponse []db.BountyResponse = GenerateBountyResponse(bounties) w.WriteHeader(http.StatusOK) - json.NewEncoder(w).Encode(bountyResponse) + json.NewEncoder(w).Encode(bounties) } } @@ -72,9 +71,8 @@ func GetPreviousBountyByCreated(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusBadRequest) fmt.Println("Error", err) } else { - var bountyResponse []db.BountyResponse = GenerateBountyResponse(bounties) w.WriteHeader(http.StatusOK) - json.NewEncoder(w).Encode(bountyResponse) + json.NewEncoder(w).Encode(bounties) } } @@ -84,9 +82,8 @@ func GetOrganizationNextBountyByCreated(w http.ResponseWriter, r *http.Request) w.WriteHeader(http.StatusBadRequest) fmt.Println("Error", err) } else { - var bountyResponse []db.BountyResponse = GenerateBountyResponse(bounties) w.WriteHeader(http.StatusOK) - json.NewEncoder(w).Encode(bountyResponse) + json.NewEncoder(w).Encode(bounties) } } @@ -96,9 +93,8 @@ func GetOrganizationPreviousBountyByCreated(w http.ResponseWriter, r *http.Reque w.WriteHeader(http.StatusBadRequest) fmt.Println("Error", err) } else { - var bountyResponse []db.BountyResponse = GenerateBountyResponse(bounties) w.WriteHeader(http.StatusOK) - json.NewEncoder(w).Encode(bountyResponse) + json.NewEncoder(w).Encode(bounties) } } diff --git a/mocks/Database.go b/mocks/Database.go index f95c967fe..4fa56f85a 100644 --- a/mocks/Database.go +++ b/mocks/Database.go @@ -3008,24 +3008,22 @@ func (_c *Database_GetLnUser_Call) RunAndReturn(run func(string) int64) *Databas } // GetNextBountyByCreated provides a mock function with given fields: r -func (_m *Database) GetNextBountyByCreated(r *http.Request) ([]db.Bounty, error) { +func (_m *Database) GetNextBountyByCreated(r *http.Request) (uint, error) { ret := _m.Called(r) if len(ret) == 0 { panic("no return value specified for GetNextBountyByCreated") } - var r0 []db.Bounty + var r0 uint var r1 error - if rf, ok := ret.Get(0).(func(*http.Request) ([]db.Bounty, error)); ok { + if rf, ok := ret.Get(0).(func(*http.Request) (uint, error)); ok { return rf(r) } - if rf, ok := ret.Get(0).(func(*http.Request) []db.Bounty); ok { + if rf, ok := ret.Get(0).(func(*http.Request) uint); ok { r0 = rf(r) } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).([]db.Bounty) - } + r0 = ret.Get(0).(uint) } if rf, ok := ret.Get(1).(func(*http.Request) error); ok { @@ -3055,35 +3053,33 @@ func (_c *Database_GetNextBountyByCreated_Call) Run(run func(r *http.Request)) * return _c } -func (_c *Database_GetNextBountyByCreated_Call) Return(_a0 []db.Bounty, _a1 error) *Database_GetNextBountyByCreated_Call { +func (_c *Database_GetNextBountyByCreated_Call) Return(_a0 uint, _a1 error) *Database_GetNextBountyByCreated_Call { _c.Call.Return(_a0, _a1) return _c } -func (_c *Database_GetNextBountyByCreated_Call) RunAndReturn(run func(*http.Request) ([]db.Bounty, error)) *Database_GetNextBountyByCreated_Call { +func (_c *Database_GetNextBountyByCreated_Call) RunAndReturn(run func(*http.Request) (uint, error)) *Database_GetNextBountyByCreated_Call { _c.Call.Return(run) return _c } // GetNextOrganizationBountyByCreated provides a mock function with given fields: r -func (_m *Database) GetNextOrganizationBountyByCreated(r *http.Request) ([]db.Bounty, error) { +func (_m *Database) GetNextOrganizationBountyByCreated(r *http.Request) (uint, error) { ret := _m.Called(r) if len(ret) == 0 { panic("no return value specified for GetNextOrganizationBountyByCreated") } - var r0 []db.Bounty + var r0 uint var r1 error - if rf, ok := ret.Get(0).(func(*http.Request) ([]db.Bounty, error)); ok { + if rf, ok := ret.Get(0).(func(*http.Request) (uint, error)); ok { return rf(r) } - if rf, ok := ret.Get(0).(func(*http.Request) []db.Bounty); ok { + if rf, ok := ret.Get(0).(func(*http.Request) uint); ok { r0 = rf(r) } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).([]db.Bounty) - } + r0 = ret.Get(0).(uint) } if rf, ok := ret.Get(1).(func(*http.Request) error); ok { @@ -3113,12 +3109,12 @@ func (_c *Database_GetNextOrganizationBountyByCreated_Call) Run(run func(r *http return _c } -func (_c *Database_GetNextOrganizationBountyByCreated_Call) Return(_a0 []db.Bounty, _a1 error) *Database_GetNextOrganizationBountyByCreated_Call { +func (_c *Database_GetNextOrganizationBountyByCreated_Call) Return(_a0 uint, _a1 error) *Database_GetNextOrganizationBountyByCreated_Call { _c.Call.Return(_a0, _a1) return _c } -func (_c *Database_GetNextOrganizationBountyByCreated_Call) RunAndReturn(run func(*http.Request) ([]db.Bounty, error)) *Database_GetNextOrganizationBountyByCreated_Call { +func (_c *Database_GetNextOrganizationBountyByCreated_Call) RunAndReturn(run func(*http.Request) (uint, error)) *Database_GetNextOrganizationBountyByCreated_Call { _c.Call.Return(run) return _c } @@ -4221,24 +4217,22 @@ func (_c *Database_GetPersonByUuid_Call) RunAndReturn(run func(string) db.Person } // GetPreviousBountyByCreated provides a mock function with given fields: r -func (_m *Database) GetPreviousBountyByCreated(r *http.Request) ([]db.Bounty, error) { +func (_m *Database) GetPreviousBountyByCreated(r *http.Request) (uint, error) { ret := _m.Called(r) if len(ret) == 0 { panic("no return value specified for GetPreviousBountyByCreated") } - var r0 []db.Bounty + var r0 uint var r1 error - if rf, ok := ret.Get(0).(func(*http.Request) ([]db.Bounty, error)); ok { + if rf, ok := ret.Get(0).(func(*http.Request) (uint, error)); ok { return rf(r) } - if rf, ok := ret.Get(0).(func(*http.Request) []db.Bounty); ok { + if rf, ok := ret.Get(0).(func(*http.Request) uint); ok { r0 = rf(r) } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).([]db.Bounty) - } + r0 = ret.Get(0).(uint) } if rf, ok := ret.Get(1).(func(*http.Request) error); ok { @@ -4268,35 +4262,33 @@ func (_c *Database_GetPreviousBountyByCreated_Call) Run(run func(r *http.Request return _c } -func (_c *Database_GetPreviousBountyByCreated_Call) Return(_a0 []db.Bounty, _a1 error) *Database_GetPreviousBountyByCreated_Call { +func (_c *Database_GetPreviousBountyByCreated_Call) Return(_a0 uint, _a1 error) *Database_GetPreviousBountyByCreated_Call { _c.Call.Return(_a0, _a1) return _c } -func (_c *Database_GetPreviousBountyByCreated_Call) RunAndReturn(run func(*http.Request) ([]db.Bounty, error)) *Database_GetPreviousBountyByCreated_Call { +func (_c *Database_GetPreviousBountyByCreated_Call) RunAndReturn(run func(*http.Request) (uint, error)) *Database_GetPreviousBountyByCreated_Call { _c.Call.Return(run) return _c } // GetPreviousOrganizationBountyByCreated provides a mock function with given fields: r -func (_m *Database) GetPreviousOrganizationBountyByCreated(r *http.Request) ([]db.Bounty, error) { +func (_m *Database) GetPreviousOrganizationBountyByCreated(r *http.Request) (uint, error) { ret := _m.Called(r) if len(ret) == 0 { panic("no return value specified for GetPreviousOrganizationBountyByCreated") } - var r0 []db.Bounty + var r0 uint var r1 error - if rf, ok := ret.Get(0).(func(*http.Request) ([]db.Bounty, error)); ok { + if rf, ok := ret.Get(0).(func(*http.Request) (uint, error)); ok { return rf(r) } - if rf, ok := ret.Get(0).(func(*http.Request) []db.Bounty); ok { + if rf, ok := ret.Get(0).(func(*http.Request) uint); ok { r0 = rf(r) } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).([]db.Bounty) - } + r0 = ret.Get(0).(uint) } if rf, ok := ret.Get(1).(func(*http.Request) error); ok { @@ -4326,12 +4318,12 @@ func (_c *Database_GetPreviousOrganizationBountyByCreated_Call) Run(run func(r * return _c } -func (_c *Database_GetPreviousOrganizationBountyByCreated_Call) Return(_a0 []db.Bounty, _a1 error) *Database_GetPreviousOrganizationBountyByCreated_Call { +func (_c *Database_GetPreviousOrganizationBountyByCreated_Call) Return(_a0 uint, _a1 error) *Database_GetPreviousOrganizationBountyByCreated_Call { _c.Call.Return(_a0, _a1) return _c } -func (_c *Database_GetPreviousOrganizationBountyByCreated_Call) RunAndReturn(run func(*http.Request) ([]db.Bounty, error)) *Database_GetPreviousOrganizationBountyByCreated_Call { +func (_c *Database_GetPreviousOrganizationBountyByCreated_Call) RunAndReturn(run func(*http.Request) (uint, error)) *Database_GetPreviousOrganizationBountyByCreated_Call { _c.Call.Return(run) return _c } diff --git a/routes/metrics.go b/routes/metrics.go index d93956e33..de354043f 100644 --- a/routes/metrics.go +++ b/routes/metrics.go @@ -12,7 +12,7 @@ func MetricsRoutes() chi.Router { mh := handlers.NewMetricHandler(db.DB) r.Group(func(r chi.Router) { // Todo: change auth to superadmin context - r.Use(auth.PubKeyContext) + r.Use(auth.PubKeyContextSuperAdmin) r.Post("/payment", handlers.PaymentMetrics) r.Post("/people", handlers.PeopleMetrics)