aboutsummaryrefslogtreecommitdiff
path: root/backend/handlers/mod.go
diff options
context:
space:
mode:
authorArda Serdar Pektezol <1669855+pektezol@users.noreply.github.com>2024-10-31 22:06:00 +0300
committerArda Serdar Pektezol <1669855+pektezol@users.noreply.github.com>2024-10-31 22:06:00 +0300
commit4210c9b38f9053f6720a6bebaadefd24c542eaa9 (patch)
tree5b0061e23cf91291ed9e5f387766148d45103591 /backend/handlers/mod.go
parentchore: change repo name to lphub (diff)
downloadlphub-4210c9b38f9053f6720a6bebaadefd24c542eaa9.tar.gz
lphub-4210c9b38f9053f6720a6bebaadefd24c542eaa9.tar.bz2
lphub-4210c9b38f9053f6720a6bebaadefd24c542eaa9.zip
backend: better auth check, audit logging
Diffstat (limited to 'backend/handlers/mod.go')
-rw-r--r--backend/handlers/mod.go36
1 files changed, 0 insertions, 36 deletions
diff --git a/backend/handlers/mod.go b/backend/handlers/mod.go
index 4fdc78a..66e1437 100644
--- a/backend/handlers/mod.go
+++ b/backend/handlers/mod.go
@@ -1,7 +1,6 @@
1package handlers 1package handlers
2 2
3import ( 3import (
4 "fmt"
5 "net/http" 4 "net/http"
6 "strconv" 5 "strconv"
7 "time" 6 "time"
@@ -49,12 +48,6 @@ type EditMapImageRequest struct {
49// @Success 200 {object} models.Response{data=CreateMapSummaryRequest} 48// @Success 200 {object} models.Response{data=CreateMapSummaryRequest}
50// @Router /maps/{mapid}/summary [post] 49// @Router /maps/{mapid}/summary [post]
51func CreateMapSummary(c *gin.Context) { 50func CreateMapSummary(c *gin.Context) {
52 // Check if user exists
53 user, exists := c.Get("user")
54 if !exists {
55 c.JSON(http.StatusOK, models.ErrorResponse("User not logged in."))
56 return
57 }
58 mod, exists := c.Get("mod") 51 mod, exists := c.Get("mod")
59 if !exists || !mod.(bool) { 52 if !exists || !mod.(bool) {
60 c.JSON(http.StatusOK, models.ErrorResponse("Insufficient permissions.")) 53 c.JSON(http.StatusOK, models.ErrorResponse("Insufficient permissions."))
@@ -69,7 +62,6 @@ func CreateMapSummary(c *gin.Context) {
69 } 62 }
70 var request CreateMapSummaryRequest 63 var request CreateMapSummaryRequest
71 if err := c.BindJSON(&request); err != nil { 64 if err := c.BindJSON(&request); err != nil {
72 CreateLog(user.(models.User).SteamID, LogTypeMod, LogDescriptionMapSummaryCreateFail, fmt.Sprintf("BIND: %s", err.Error()))
73 c.JSON(http.StatusOK, models.ErrorResponse(err.Error())) 65 c.JSON(http.StatusOK, models.ErrorResponse(err.Error()))
74 return 66 return
75 } 67 }
@@ -85,7 +77,6 @@ func CreateMapSummary(c *gin.Context) {
85 sql := `SELECT m.id FROM maps m WHERE m.id = $1` 77 sql := `SELECT m.id FROM maps m WHERE m.id = $1`
86 err = database.DB.QueryRow(sql, mapID).Scan(&checkMapID) 78 err = database.DB.QueryRow(sql, mapID).Scan(&checkMapID)
87 if err != nil { 79 if err != nil {
88 CreateLog(user.(models.User).SteamID, LogTypeMod, LogDescriptionMapSummaryCreateFail, fmt.Sprintf("SELECT#maps: %s", err.Error()))
89 c.JSON(http.StatusOK, models.ErrorResponse(err.Error())) 80 c.JSON(http.StatusOK, models.ErrorResponse(err.Error()))
90 return 81 return
91 } 82 }
@@ -98,7 +89,6 @@ func CreateMapSummary(c *gin.Context) {
98 VALUES ($1,$2,$3,$4,$5,$6,$7)` 89 VALUES ($1,$2,$3,$4,$5,$6,$7)`
99 _, err = tx.Exec(sql, mapID, request.CategoryID, request.UserName, *request.ScoreCount, request.Description, request.Showcase, request.RecordDate) 90 _, err = tx.Exec(sql, mapID, request.CategoryID, request.UserName, *request.ScoreCount, request.Description, request.Showcase, request.RecordDate)
100 if err != nil { 91 if err != nil {
101 CreateLog(user.(models.User).SteamID, LogTypeMod, LogDescriptionMapSummaryCreateFail, fmt.Sprintf("INSERT#map_history: %s", err.Error()))
102 c.JSON(http.StatusOK, models.ErrorResponse(err.Error())) 92 c.JSON(http.StatusOK, models.ErrorResponse(err.Error()))
103 return 93 return
104 } 94 }
@@ -106,7 +96,6 @@ func CreateMapSummary(c *gin.Context) {
106 c.JSON(http.StatusOK, models.ErrorResponse(err.Error())) 96 c.JSON(http.StatusOK, models.ErrorResponse(err.Error()))
107 return 97 return
108 } 98 }
109 CreateLog(user.(models.User).SteamID, LogTypeMod, LogDescriptionMapSummaryCreateSuccess, fmt.Sprintf("MapID: %d | CategoryID: %d | ScoreCount: %d", mapID, request.CategoryID, *request.ScoreCount))
110 c.JSON(http.StatusOK, models.Response{ 99 c.JSON(http.StatusOK, models.Response{
111 Success: true, 100 Success: true,
112 Message: "Successfully created map summary.", 101 Message: "Successfully created map summary.",
@@ -125,12 +114,6 @@ func CreateMapSummary(c *gin.Context) {
125// @Success 200 {object} models.Response{data=EditMapSummaryRequest} 114// @Success 200 {object} models.Response{data=EditMapSummaryRequest}
126// @Router /maps/{mapid}/summary [put] 115// @Router /maps/{mapid}/summary [put]
127func EditMapSummary(c *gin.Context) { 116func EditMapSummary(c *gin.Context) {
128 // Check if user exists
129 user, exists := c.Get("user")
130 if !exists {
131 c.JSON(http.StatusOK, models.ErrorResponse("User not logged in."))
132 return
133 }
134 mod, exists := c.Get("mod") 117 mod, exists := c.Get("mod")
135 if !exists || !mod.(bool) { 118 if !exists || !mod.(bool) {
136 c.JSON(http.StatusOK, models.ErrorResponse("Insufficient permissions.")) 119 c.JSON(http.StatusOK, models.ErrorResponse("Insufficient permissions."))
@@ -146,7 +129,6 @@ func EditMapSummary(c *gin.Context) {
146 } 129 }
147 var request EditMapSummaryRequest 130 var request EditMapSummaryRequest
148 if err := c.BindJSON(&request); err != nil { 131 if err := c.BindJSON(&request); err != nil {
149 CreateLog(user.(models.User).SteamID, LogTypeMod, LogDescriptionMapSummaryEditFail, fmt.Sprintf("BIND: %s", err.Error()))
150 c.JSON(http.StatusOK, models.ErrorResponse(err.Error())) 132 c.JSON(http.StatusOK, models.ErrorResponse(err.Error()))
151 return 133 return
152 } 134 }
@@ -161,7 +143,6 @@ func EditMapSummary(c *gin.Context) {
161 sql := `UPDATE map_history SET user_name = $2, score_count = $3, record_date = $4, description = $5, showcase = $6 WHERE id = $1` 143 sql := `UPDATE map_history SET user_name = $2, score_count = $3, record_date = $4, description = $5, showcase = $6 WHERE id = $1`
162 _, err = tx.Exec(sql, request.RouteID, request.UserName, *request.ScoreCount, request.RecordDate, request.Description, request.Showcase) 144 _, err = tx.Exec(sql, request.RouteID, request.UserName, *request.ScoreCount, request.RecordDate, request.Description, request.Showcase)
163 if err != nil { 145 if err != nil {
164 CreateLog(user.(models.User).SteamID, LogTypeMod, LogDescriptionMapSummaryEditFail, fmt.Sprintf("(HistoryID: %d) UPDATE#map_history: %s", request.RouteID, err.Error()))
165 c.JSON(http.StatusOK, models.ErrorResponse(err.Error())) 146 c.JSON(http.StatusOK, models.ErrorResponse(err.Error()))
166 return 147 return
167 } 148 }
@@ -187,12 +168,6 @@ func EditMapSummary(c *gin.Context) {
187// @Success 200 {object} models.Response{data=DeleteMapSummaryRequest} 168// @Success 200 {object} models.Response{data=DeleteMapSummaryRequest}
188// @Router /maps/{mapid}/summary [delete] 169// @Router /maps/{mapid}/summary [delete]
189func DeleteMapSummary(c *gin.Context) { 170func DeleteMapSummary(c *gin.Context) {
190 // Check if user exists
191 user, exists := c.Get("user")
192 if !exists {
193 c.JSON(http.StatusOK, models.ErrorResponse("User not logged in."))
194 return
195 }
196 mod, exists := c.Get("mod") 171 mod, exists := c.Get("mod")
197 if !exists || !mod.(bool) { 172 if !exists || !mod.(bool) {
198 c.JSON(http.StatusOK, models.ErrorResponse("Insufficient permissions.")) 173 c.JSON(http.StatusOK, models.ErrorResponse("Insufficient permissions."))
@@ -208,7 +183,6 @@ func DeleteMapSummary(c *gin.Context) {
208 } 183 }
209 var request DeleteMapSummaryRequest 184 var request DeleteMapSummaryRequest
210 if err := c.BindJSON(&request); err != nil { 185 if err := c.BindJSON(&request); err != nil {
211 CreateLog(user.(models.User).SteamID, LogTypeMod, LogDescriptionMapSummaryEditFail, fmt.Sprintf("(RouteID: %d) BIND: %s", request.RouteID, err.Error()))
212 c.JSON(http.StatusOK, models.ErrorResponse(err.Error())) 186 c.JSON(http.StatusOK, models.ErrorResponse(err.Error()))
213 return 187 return
214 } 188 }
@@ -223,7 +197,6 @@ func DeleteMapSummary(c *gin.Context) {
223 sql := `DELETE FROM map_history mh WHERE mh.id = $1` 197 sql := `DELETE FROM map_history mh WHERE mh.id = $1`
224 _, err = tx.Exec(sql, request.RouteID) 198 _, err = tx.Exec(sql, request.RouteID)
225 if err != nil { 199 if err != nil {
226 CreateLog(user.(models.User).SteamID, LogTypeMod, LogDescriptionMapSummaryDeleteFail, fmt.Sprintf("(HistoryID: %d) DELETE#map_history: %s", request.RouteID, err.Error()))
227 c.JSON(http.StatusOK, models.ErrorResponse(err.Error())) 200 c.JSON(http.StatusOK, models.ErrorResponse(err.Error()))
228 return 201 return
229 } 202 }
@@ -249,12 +222,6 @@ func DeleteMapSummary(c *gin.Context) {
249// @Success 200 {object} models.Response{data=EditMapImageRequest} 222// @Success 200 {object} models.Response{data=EditMapImageRequest}
250// @Router /maps/{mapid}/image [put] 223// @Router /maps/{mapid}/image [put]
251func EditMapImage(c *gin.Context) { 224func EditMapImage(c *gin.Context) {
252 // Check if user exists
253 user, exists := c.Get("user")
254 if !exists {
255 c.JSON(http.StatusOK, models.ErrorResponse("User not logged in."))
256 return
257 }
258 mod, exists := c.Get("mod") 225 mod, exists := c.Get("mod")
259 if !exists || !mod.(bool) { 226 if !exists || !mod.(bool) {
260 c.JSON(http.StatusOK, models.ErrorResponse("Insufficient permissions.")) 227 c.JSON(http.StatusOK, models.ErrorResponse("Insufficient permissions."))
@@ -269,7 +236,6 @@ func EditMapImage(c *gin.Context) {
269 } 236 }
270 var request EditMapImageRequest 237 var request EditMapImageRequest
271 if err := c.BindJSON(&request); err != nil { 238 if err := c.BindJSON(&request); err != nil {
272 CreateLog(user.(models.User).SteamID, LogTypeMod, LogDescriptionMapSummaryEditImageFail, fmt.Sprintf("BIND: %s", err.Error()))
273 c.JSON(http.StatusOK, models.ErrorResponse(err.Error())) 239 c.JSON(http.StatusOK, models.ErrorResponse(err.Error()))
274 return 240 return
275 } 241 }
@@ -277,11 +243,9 @@ func EditMapImage(c *gin.Context) {
277 sql := `UPDATE maps SET image = $2 WHERE id = $1` 243 sql := `UPDATE maps SET image = $2 WHERE id = $1`
278 _, err = database.DB.Exec(sql, mapID, request.Image) 244 _, err = database.DB.Exec(sql, mapID, request.Image)
279 if err != nil { 245 if err != nil {
280 CreateLog(user.(models.User).SteamID, LogTypeMod, LogDescriptionMapSummaryEditImageFail, fmt.Sprintf("UPDATE#maps: %s", err.Error()))
281 c.JSON(http.StatusOK, models.ErrorResponse(err.Error())) 246 c.JSON(http.StatusOK, models.ErrorResponse(err.Error()))
282 return 247 return
283 } 248 }
284 CreateLog(user.(models.User).SteamID, LogTypeMod, LogDescriptionMapSummaryEditImageSuccess)
285 c.JSON(http.StatusOK, models.Response{ 249 c.JSON(http.StatusOK, models.Response{
286 Success: true, 250 Success: true,
287 Message: "Successfully updated map image.", 251 Message: "Successfully updated map image.",
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-08 21:25:51 +0000