2 files changed, 105 insertions, 0 deletions
diff --git a/backend/api/auth.go b/backend/api/auth.go
new file mode 100644
index 0000000..91ef80c
--- /dev/null
+++ b/backend/api/auth.go
@@ -0,0 +1,65 @@
+package api
+import (
+        "fmt"
+        "os"
+        "time"
+        "github.com/gin-gonic/gin"
+        "github.com/golang-jwt/jwt/v4"
+        "github.com/pektezol/leastportalshub/backend/database"
+        "github.com/pektezol/leastportalshub/backend/models"
+)
+func CheckAuth(c *gin.Context) {
+        tokenString := c.GetHeader("Authorization")
+        // Validate token
+        token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+                if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+                        return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+                }
+                return []byte(os.Getenv("SECRET_KEY")), nil
+        })
+        if token == nil {
+                c.Next()
+                return
+        }
+        if err != nil {
+                c.Next()
+                return
+        }
+        if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
+                // Check exp
+                if float64(time.Now().Unix()) > claims["exp"].(float64) {
+                        c.Next()
+                        return
+                }
+                // Get user from DB
+                var user models.User
+                database.DB.QueryRow(`SELECT u.steam_id, u.user_name, u.avatar_link, u.country_code, u.created_at, u.updated_at FROM users u WHERE steam_id = $1`, claims["sub"]).Scan(
+                        &user.SteamID, &user.UserName, &user.AvatarLink,
+                        &user.CountryCode, &user.CreatedAt, &user.UpdatedAt)
+                if user.SteamID == "" {
+                        c.Next()
+                        return
+                }
+                // Get user titles from DB
+                var moderator bool
+                user.Titles = []models.Title{}
+                rows, _ := database.DB.Query(`SELECT t.title_name, t.title_color FROM titles t INNER JOIN user_titles ut ON t.id=ut.title_id WHERE ut.user_id = $1`, user.SteamID)
+                for rows.Next() {
+                        var title models.Title
+                        rows.Scan(&title.Name, &title.Color)
+                        if title.Name == "Moderator" {
+                                moderator = true
+                        }
+                        user.Titles = append(user.Titles, title)
+                }
+                c.Set("user", user)
+                c.Set("mod", moderator)
+                c.Next()
+        } else {
+                c.Next()
+                return
+        }
+}
diff --git a/backend/api/routes.go b/backend/api/routes.go
new file mode 100644
index 0000000..4dd8660
--- /dev/null
+++ b/backend/api/routes.go
@@ -0,0 +1,40 @@
+package api
+import (
+        "github.com/gin-gonic/gin"
+        "github.com/pektezol/leastportalshub/backend/handlers"
+        swaggerfiles "github.com/swaggo/files"
+        ginSwagger "github.com/swaggo/gin-swagger"
+)
+func InitRoutes(router *gin.Engine) {
+        api := router.Group("/api")
+        {
+                v1 := api.Group("/v1")
+                v1.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerfiles.Handler))
+                v1.GET("/", func(c *gin.Context) {
+                        c.File("docs/index.html")
+                })
+                v1.GET("/token", handlers.GetCookie)
+                v1.DELETE("/token", handlers.DeleteCookie)
+                v1.GET("/home", CheckAuth, handlers.Home)
+                v1.GET("/login", handlers.Login)
+                v1.GET("/profile", CheckAuth, handlers.Profile)
+                v1.PUT("/profile", CheckAuth, handlers.UpdateCountryCode)
+                v1.POST("/profile", CheckAuth, handlers.UpdateUser)
+                v1.GET("/users/:id", CheckAuth, handlers.FetchUser)
+                v1.GET("/demos", handlers.DownloadDemoWithID)
+                v1.GET("/maps/:id/summary", handlers.FetchMapSummary)
+                v1.POST("/maps/:id/summary", CheckAuth, handlers.CreateMapSummary)
+                v1.PUT("/maps/:id/summary", CheckAuth, handlers.EditMapSummary)
+                v1.DELETE("/maps/:id/summary", CheckAuth, handlers.DeleteMapSummary)
+                v1.PUT("/maps/:id/image", CheckAuth, handlers.EditMapImage)
+                v1.GET("/maps/:id/leaderboards", handlers.FetchMapLeaderboards)
+                v1.POST("/maps/:id/record", CheckAuth, handlers.CreateRecordWithDemo)
+                v1.GET("/rankings", handlers.Rankings)
+                v1.GET("/search", handlers.SearchWithQuery)
+                v1.GET("/games", handlers.FetchGames)
+                v1.GET("/games/:id", handlers.FetchChapters)
+                v1.GET("/chapters/:id", handlers.FetchChapterMaps)
+        }
+}

diff --git a/backend/api/auth.go b/backend/api/auth.go new file mode 100644 index 0000000..91ef80c --- /dev/null +++ b/backend/api/auth.go
@@ -0,0 +1,65 @@
	1	package api
	2
	3	import (
	4	"fmt"
	5	"os"
	6	"time"
	7
	8	"github.com/gin-gonic/gin"
	9	"github.com/golang-jwt/jwt/v4"
	10	"github.com/pektezol/leastportalshub/backend/database"
	11	"github.com/pektezol/leastportalshub/backend/models"
	12	)
	13
	14	func CheckAuth(c *gin.Context) {
	15	tokenString := c.GetHeader("Authorization")
	16	// Validate token
	17	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
	18	if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
	19	return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
	20	}
	21	return []byte(os.Getenv("SECRET_KEY")), nil
	22	})
	23	if token == nil {
	24	c.Next()
	25	return
	26	}
	27	if err != nil {
	28	c.Next()
	29	return
	30	}
	31	if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
	32	// Check exp
	33	if float64(time.Now().Unix()) > claims["exp"].(float64) {
	34	c.Next()
	35	return
	36	}
	37	// Get user from DB
	38	var user models.User
	39	database.DB.QueryRow(`SELECT u.steam_id, u.user_name, u.avatar_link, u.country_code, u.created_at, u.updated_at FROM users u WHERE steam_id = $1`, claims["sub"]).Scan(
	40	&user.SteamID, &user.UserName, &user.AvatarLink,
	41	&user.CountryCode, &user.CreatedAt, &user.UpdatedAt)
	42	if user.SteamID == "" {
	43	c.Next()
	44	return
	45	}
	46	// Get user titles from DB
	47	var moderator bool
	48	user.Titles = []models.Title{}
	49	rows, _ := database.DB.Query(`SELECT t.title_name, t.title_color FROM titles t INNER JOIN user_titles ut ON t.id=ut.title_id WHERE ut.user_id = $1`, user.SteamID)
	50	for rows.Next() {
	51	var title models.Title
	52	rows.Scan(&title.Name, &title.Color)
	53	if title.Name == "Moderator" {
	54	moderator = true
	55	}
	56	user.Titles = append(user.Titles, title)
	57	}
	58	c.Set("user", user)
	59	c.Set("mod", moderator)
	60	c.Next()
	61	} else {
	62	c.Next()
	63	return
	64	}
	65	}


diff --git a/backend/api/routes.go b/backend/api/routes.go new file mode 100644 index 0000000..4dd8660 --- /dev/null +++ b/backend/api/routes.go
@@ -0,0 +1,40 @@
	1	package api
	2
	3	import (
	4	"github.com/gin-gonic/gin"
	5	"github.com/pektezol/leastportalshub/backend/handlers"
	6	swaggerfiles "github.com/swaggo/files"
	7	ginSwagger "github.com/swaggo/gin-swagger"
	8	)
	9
	10	func InitRoutes(router *gin.Engine) {
	11	api := router.Group("/api")
	12	{
	13	v1 := api.Group("/v1")
	14	v1.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerfiles.Handler))
	15	v1.GET("/", func(c *gin.Context) {
	16	c.File("docs/index.html")
	17	})
	18	v1.GET("/token", handlers.GetCookie)
	19	v1.DELETE("/token", handlers.DeleteCookie)
	20	v1.GET("/home", CheckAuth, handlers.Home)
	21	v1.GET("/login", handlers.Login)
	22	v1.GET("/profile", CheckAuth, handlers.Profile)
	23	v1.PUT("/profile", CheckAuth, handlers.UpdateCountryCode)
	24	v1.POST("/profile", CheckAuth, handlers.UpdateUser)
	25	v1.GET("/users/:id", CheckAuth, handlers.FetchUser)
	26	v1.GET("/demos", handlers.DownloadDemoWithID)
	27	v1.GET("/maps/:id/summary", handlers.FetchMapSummary)
	28	v1.POST("/maps/:id/summary", CheckAuth, handlers.CreateMapSummary)
	29	v1.PUT("/maps/:id/summary", CheckAuth, handlers.EditMapSummary)
	30	v1.DELETE("/maps/:id/summary", CheckAuth, handlers.DeleteMapSummary)
	31	v1.PUT("/maps/:id/image", CheckAuth, handlers.EditMapImage)
	32	v1.GET("/maps/:id/leaderboards", handlers.FetchMapLeaderboards)
	33	v1.POST("/maps/:id/record", CheckAuth, handlers.CreateRecordWithDemo)
	34	v1.GET("/rankings", handlers.Rankings)
	35	v1.GET("/search", handlers.SearchWithQuery)
	36	v1.GET("/games", handlers.FetchGames)
	37	v1.GET("/games/:id", handlers.FetchChapters)
	38	v1.GET("/chapters/:id", handlers.FetchChapterMaps)
	39	}
	40	}