forked from Alex13658/SchoolServer
/
check-permission.go
100 lines (96 loc) · 3.86 KB
/
check-permission.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
// check-permission
package restapi
import (
"encoding/json"
"net/http"
"strings"
)
// permissionCheckRequest используется в CheckPermissionHandler
type permissionCheckRequest struct {
Login string `json:"login"`
ID int `json:"id"`
}
// permissionCheckResponse используется в CheckPermissionHandler
type permissionCheckResponse struct {
Permission bool `json:"permission"`
}
// CheckPermissionHandler проверяет, есть ли разрешение на работу с школой
func (rest *RestAPI) CheckPermissionHandler(respwr http.ResponseWriter, req *http.Request) {
rest.logger.Info("REST: CheckPermissionHandler called", "IP", req.RemoteAddr)
// Проверка метода запроса
if req.Method != "POST" {
rest.logger.Info("REST: Wrong method", "Method", req.Method, "IP", req.RemoteAddr)
respwr.WriteHeader(http.StatusMethodNotAllowed)
return
}
// Чтение json'a
var rReq permissionCheckRequest
decoder := json.NewDecoder(req.Body)
err := decoder.Decode(&rReq)
if err != nil {
rest.logger.Info("REST: Malformed request data", "Error", err.Error(), "IP", req.RemoteAddr)
respwr.WriteHeader(http.StatusBadRequest)
status, err := respwr.Write(rest.Errors.MalformedData)
if err != nil {
rest.logger.Error("REST: Error occured when sending response", "Error", err, "Status", status, "IP", req.RemoteAddr)
} else {
rest.logger.Info("REST: Successfully sent response", "IP", req.RemoteAddr)
}
return
}
// Распечатаем запрос от клиента
rest.logger.Info("REST: Request data", "Data", rReq, "IP", req.RemoteAddr)
// Проверим разрешение у школы
perm, err := rest.Db.GetSchoolPermission(rReq.ID)
if err != nil {
if strings.Contains(err.Error(), "record not found") {
// Школа не найдена
rest.logger.Info("REST: Invalid school id specified", "Id", rReq.ID, "IP", req.RemoteAddr)
respwr.WriteHeader(http.StatusBadRequest)
status, err := respwr.Write(rest.Errors.InvalidData)
if err != nil {
rest.logger.Error("REST: Error occured when sending response", "Error", err, "Status", status, "IP", req.RemoteAddr)
} else {
rest.logger.Info("REST: Successfully sent response", "IP", req.RemoteAddr)
}
} else {
// Другая ошибка
rest.logger.Error("REST: Error occured when getting school permission from db", "Error", err, "Id", rReq.ID, "IP", req.RemoteAddr)
respwr.WriteHeader(http.StatusInternalServerError)
}
return
}
if !perm {
// Если у школы нет разрешения, проверить разрешение пользователя
userPerm, err := rest.Db.GetUserPermission(rReq.Login, rReq.ID)
if err != nil {
if strings.Contains(err.Error(), "record not found") {
// Пользователь новый: вернем true, чтобы он мог залогиниться и
// купить подписку
perm = true
} else {
// Другая ошибка
rest.logger.Error("REST: Error occured when getting user permission from db", "Error", err, "Login", rReq.Login, "IP", req.RemoteAddr)
respwr.WriteHeader(http.StatusInternalServerError)
return
}
} else {
perm = userPerm
}
}
// Закодировать ответ в JSON
resp := permissionCheckResponse{perm}
bytes, err := json.Marshal(resp)
if err != nil {
rest.logger.Error("REST: Error occured when marshalling response", "Error", err, "Response", resp, "IP", req.RemoteAddr)
respwr.WriteHeader(http.StatusInternalServerError)
return
}
// Отправить ответ клиенту
status, err := respwr.Write(bytes)
if err != nil {
rest.logger.Error("REST: Error occured when sending response", "Error", err, "Response", resp, "Status", status, "IP", req.RemoteAddr)
} else {
rest.logger.Info("REST: Successfully sent response", "Response", resp, "IP", req.RemoteAddr)
}
}