-
Notifications
You must be signed in to change notification settings - Fork 0
/
ginterface.go
143 lines (127 loc) · 4.23 KB
/
ginterface.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
package ginterface
import (
"fmt"
"encoding/json"
"io/ioutil"
"github.com/gin-gonic/gin"
"github.com/ECHibiki/Community-Banners-2.0/controllers"
"github.com/ECHibiki/Community-Banners-2.0/bannerdb"
"github.com/ECHibiki/Community-Banners-2.0/bannerjwt"
)
type GinSettings struct{
Domain string
RejectCreation bool
ReleaseMode string
}
var gin_engine *gin.Engine
var gin_settings GinSettings
func Init(port string){
fmt.Println("\nGin Interface initialization...")
setting_json_bytes, err := ioutil.ReadFile("./settings/gin-settings.json")
if err != nil{
panic(err)
}
json.Unmarshal(setting_json_bytes, &gin_settings)
// NGINX handles statics such as .html, .js, .css and image media
gin.SetMode(gin_settings.ReleaseMode)
gin_engine = gin.Default()
gin_engine.SetTrustedProxies([]string{"127.0.0.1"})
gin_engine.Use(JWTDecodeMiddleware())
{
gin_engine.GET("/banner", controllers.GenerateAdPage)
gin_engine.GET("/req", controllers.RedirectSiteRequest)
public_group := gin_engine.Group("/api/")
{
public_group.GET("banner", controllers.GenerateAdJSON)
public_group.GET("all", controllers.GetLimitedInfo)
if gin_settings.RejectCreation{
public_group.POST("create", controllers.RejectUserCreation)
} else{
public_group.POST("create", controllers.CreateNewUser)
}
public_group.POST("login", controllers.LoginUser(gin_settings.Domain))
}
logged_group := public_group.Group("user/")
logged_group.Use(AuthenticationMiddleware())
logged_group.Use(BannedMiddleware())
{
logged_group.GET("details", controllers.AccessInfo)
logged_group.POST("details", controllers.CreateBanner)
logged_group.POST("removal", controllers.RemoveBanner)
logged_group.POST("token", controllers.TestToken(gin_settings.Domain))
mod_group := logged_group.Group("mod/")
mod_group.Use(ModeratorMiddleware())
{
mod_group.GET("all", controllers.GetAllBanners)
mod_group.POST("ban", controllers.BanUser)
mod_group.POST("purge", controllers.DeleteAll)
mod_group.POST("individual", controllers.DeleteIndividual)
}
}
}
gin_engine.Run(port)
fmt.Println("...Gin Interface initialized")
}
/* middleware */
// return function instead of handling directly to potentially pass in command line arguments on initialization
func JWTDecodeMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
// VALIDATE JWT
token_string, _ := c.Cookie("freeadstoken")
name, is_donor, is_mod, err := bannerjwt.IsAuth(token_string)
c.Set("name", name)
c.Set("is_donor", is_donor)
c.Set("is_mod", is_mod)
c.Set("valid_jwt", err == nil)
c.Next()
}
}
func AuthenticationMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
// VALIDATE JWT
valid := c.MustGet("valid_jwt").(bool)
if !valid{
// ABORT IF INVALID
c.JSON(401 , gin.H{"error": "You are not logged in"})
c.Abort()
}
c.Next()
}
}
func BannedMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
name := c.MustGet("name")
var query_params []interface{}
query_params = append( query_params, name)
banned_rows , err := bannerdb.Query("SELECT * FROM bans WHERE fk_name=? AND hardban=1" , query_params)
if err != nil{
// ABORT IF INVALID
c.JSON(500 , gin.H{"error": "Ban Search Error"})
c.Abort()
}
if len(banned_rows) != 0{
c.SetCookie("freeadstoken", "", -1, "/", gin_settings.Domain, true, true)
c.JSON(401, gin.H{"error": "You've been banned..."})
c.Abort()
}
c.Next()
}
}
func ModeratorMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
name := c.MustGet("name")
var query_params []interface{}
query_params = append( query_params, name)
mod_rows, err := bannerdb.Query("SELECT * FROM mods WHERE fk_name=?" , query_params)
if err != nil{
// ABORT IF INVALID
c.JSON(500 , gin.H{"error": "Mod Search Error"})
c.Abort()
}
if len(mod_rows) == 0{
c.JSON(401, gin.H{"error": "You are not a moderator"})
c.Abort()
}
c.Next()
}
}