Added list user method
This commit is contained in:
parent
dbc3886706
commit
772ed316cb
|
@ -15,23 +15,23 @@ type UserLogin struct {
|
||||||
|
|
||||||
// User holds information about an user
|
// User holds information about an user
|
||||||
type User struct {
|
type User struct {
|
||||||
ID int64 `xorm:"int(11) autoincr not null unique pk"`
|
ID int64 `xorm:"int(11) autoincr not null unique pk" json:"id"`
|
||||||
Name string `xorm:"varchar(250)"`
|
Name string `xorm:"varchar(250)" json:"name"`
|
||||||
Username string `xorm:"varchar(250) not null unique"`
|
Username string `xorm:"varchar(250) not null unique" json:"username"`
|
||||||
Password string `xorm:"varchar(250) not null"`
|
Password string `xorm:"varchar(250) not null" json:"password"`
|
||||||
Email string `xorm:"varchar(250)"`
|
Email string `xorm:"varchar(250)" json:"email"`
|
||||||
IsAdmin bool `xorm:"tinyint(1) not null"`
|
IsAdmin bool `xorm:"tinyint(1) not null" json:"isAdmin"`
|
||||||
Created int64 `xorm:"created"`
|
Created int64 `xorm:"created" json:"created"`
|
||||||
Updated int64 `xorm:"updated"`
|
Updated int64 `xorm:"updated" json:"updated"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// UserLog logs user actions
|
// UserLog logs user actions
|
||||||
type UserLog struct {
|
type UserLog struct {
|
||||||
ID int64 `xorm:"int(11) autoincr not null unique pk"`
|
ID int64 `xorm:"int(11) autoincr not null unique pk" json:"id"`
|
||||||
UserID int64 `xorm:"int(11)"`
|
UserID int64 `xorm:"int(11)" json:"userID"`
|
||||||
Log string `xorm:"varchar(250)"`
|
Log string `xorm:"varchar(250)" json:"log"`
|
||||||
ItemID int64 `xorm:"int(11)"`
|
ItemID int64 `xorm:"int(11)" json:"itemID"`
|
||||||
Time int64 `xorm:"created"`
|
Time int64 `xorm:"created" json:"time"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// TableName returns the table name for users
|
// TableName returns the table name for users
|
||||||
|
@ -51,46 +51,6 @@ func GetUser(user User) (userOut User, exists bool, err error) {
|
||||||
return userOut, exists, err
|
return userOut, exists, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateUser creates a new user and inserts it into the database
|
|
||||||
func CreateUser(user User) (newUser User, err error) {
|
|
||||||
|
|
||||||
newUser = user
|
|
||||||
|
|
||||||
// Check if we have all needed informations
|
|
||||||
if newUser.Password == "" || newUser.Username == "" {
|
|
||||||
return User{}, fmt.Errorf("you need to specify at least a username and a password")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check if the user already existst
|
|
||||||
_, exists, err := GetUser(User{Name: newUser.Name})
|
|
||||||
if err != nil {
|
|
||||||
return User{}, err
|
|
||||||
}
|
|
||||||
if exists {
|
|
||||||
return User{}, fmt.Errorf("this username is already taken. Please use another")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Hash the password
|
|
||||||
newUser.Password, err = hashPassword(user.Password)
|
|
||||||
if err != nil {
|
|
||||||
return User{}, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Insert it
|
|
||||||
_, err = x.Insert(newUser)
|
|
||||||
if err != nil {
|
|
||||||
return User{}, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return newUser, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// HashPassword hashes a password
|
|
||||||
func hashPassword(password string) (string, error) {
|
|
||||||
bytes, err := bcrypt.GenerateFromPassword([]byte(password), 14)
|
|
||||||
return string(bytes), err
|
|
||||||
}
|
|
||||||
|
|
||||||
// CheckUserCredentials checks user credentials
|
// CheckUserCredentials checks user credentials
|
||||||
func CheckUserCredentials(u *UserLogin) (User, error) {
|
func CheckUserCredentials(u *UserLogin) (User, error) {
|
||||||
|
|
||||||
|
@ -149,3 +109,19 @@ func LogAction(action string, itemID int64, c echo.Context) (err error) {
|
||||||
|
|
||||||
return logAction(action, user, itemID)
|
return logAction(action, user, itemID)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IsAdmin checks based on it's JWT token if the user is admin
|
||||||
|
func IsAdmin(c echo.Context) bool {
|
||||||
|
|
||||||
|
// Get the users JWT token
|
||||||
|
jwtinf := c.Get("user").(*jwt.Token)
|
||||||
|
claims := jwtinf.Claims.(jwt.MapClaims)
|
||||||
|
|
||||||
|
// And check if he is admin
|
||||||
|
if claims["admin"].(bool) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
// Send him to nirvarna if not
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
|
@ -15,8 +15,19 @@ func TestCreateUser(t *testing.T) {
|
||||||
Username: "testuu",
|
Username: "testuu",
|
||||||
Password: "1234",
|
Password: "1234",
|
||||||
Email: "noone@example.com",
|
Email: "noone@example.com",
|
||||||
|
IsAdmin: true,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Delete every preexisting user to have a fresh start
|
||||||
|
/* allusers, err := ListUsers("")
|
||||||
|
for _, user := range allusers {
|
||||||
|
// Delete it
|
||||||
|
assert.Equal(t, dummyuser.Name, user.Name)
|
||||||
|
assert.Equal(t, dummyuser.Username, user.Username)
|
||||||
|
assert.Equal(t, dummyuser.Email, user.Email)
|
||||||
|
assert.Equal(t, dummyuser.IsAdmin, user.IsAdmin)
|
||||||
|
}*/
|
||||||
|
|
||||||
// Create a new user
|
// Create a new user
|
||||||
createdUser, err := CreateUser(dummyuser)
|
createdUser, err := CreateUser(dummyuser)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
@ -45,4 +56,8 @@ func TestCreateUser(t *testing.T) {
|
||||||
user, err := CheckUserCredentials(&UserLogin{"testuu", "1234"})
|
user, err := CheckUserCredentials(&UserLogin{"testuu", "1234"})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Equal(t, dummyuser.Name, user.Name)
|
assert.Equal(t, dummyuser.Name, user.Name)
|
||||||
|
|
||||||
|
// List one user
|
||||||
|
|
||||||
|
// Delete it
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
package models
|
||||||
|
|
||||||
|
// ListUsers returns a list with all users, filtered by an optional searchstring
|
||||||
|
func ListUsers(searchterm string) (users []User, err error) {
|
||||||
|
|
||||||
|
if searchterm == "" {
|
||||||
|
err = x.Find(&users)
|
||||||
|
} else {
|
||||||
|
err = x.
|
||||||
|
Where("username LIKE ?", "%"+searchterm+"%").
|
||||||
|
Or("name LIKE ?", "%"+searchterm+"%").
|
||||||
|
Find(&users)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Obfuscate the password. Selecting everything except the password didn't work.
|
||||||
|
for i := range users {
|
||||||
|
users[i].Password = ""
|
||||||
|
}
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
return []User{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return users, nil
|
||||||
|
}
|
|
@ -0,0 +1,27 @@
|
||||||
|
package v1
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/labstack/echo"
|
||||||
|
"git.mowie.cc/konrad/Library/models"
|
||||||
|
)
|
||||||
|
|
||||||
|
func UsersList(c echo.Context) error {
|
||||||
|
|
||||||
|
// Check if the user is admin
|
||||||
|
if !models.IsAdmin(c) {
|
||||||
|
return echo.ErrUnauthorized
|
||||||
|
}
|
||||||
|
|
||||||
|
// Prepare the searchterm
|
||||||
|
search := c.QueryParam("s")
|
||||||
|
|
||||||
|
list, err := models.ListUsers(search)
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
return c.JSON(http.StatusInternalServerError, models.Message{"Error getting users."})
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.JSON(http.StatusOK, list)
|
||||||
|
}
|
|
@ -33,6 +33,7 @@ func Login(c echo.Context) error {
|
||||||
claims["username"] = user.Username
|
claims["username"] = user.Username
|
||||||
claims["email"] = user.Email
|
claims["email"] = user.Email
|
||||||
claims["id"] = user.ID
|
claims["id"] = user.ID
|
||||||
|
claims["admin"] = user.IsAdmin
|
||||||
claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
|
claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
|
||||||
|
|
||||||
avatar := md5.Sum([]byte(user.Email))
|
avatar := md5.Sum([]byte(user.Email))
|
||||||
|
|
|
@ -106,6 +106,10 @@ func RegisterRoutes(e *echo.Echo) {
|
||||||
a.DELETE("/items/:id", apiv1.ItemDelete)
|
a.DELETE("/items/:id", apiv1.ItemDelete)
|
||||||
a.POST("/items/:id", apiv1.ItemAddOrUpdate)
|
a.POST("/items/:id", apiv1.ItemAddOrUpdate)
|
||||||
|
|
||||||
|
// ====== Admin Routes ======
|
||||||
|
|
||||||
|
a.GET("/users", apiv1.UsersList)
|
||||||
|
|
||||||
// Manage Users
|
// Manage Users
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -141,9 +145,10 @@ func RegisterRoutes(e *echo.Echo) {
|
||||||
|
|
||||||
GET /settings - |Nutzereinstellungen (Passwort, name etc)
|
GET /settings - |Nutzereinstellungen (Passwort, name etc)
|
||||||
POST /settings - |Nutzereinstellungen (Passwort, name etc)
|
POST /settings - |Nutzereinstellungen (Passwort, name etc)
|
||||||
GET /user - Nutzer anzeigen
|
GET /user - |Nutzer anzeigen --> Auch nur admin
|
||||||
PUT /user - |neue Nutzer anlegen
|
PUT /user - |neue Nutzer anlegen --> Nur admin
|
||||||
DELETE /user/:id - |nutzer löschen
|
DELETE /user/:id - |nutzer löschen --> Nur admins (sich selber löschen sollte nicht möglich sein)
|
||||||
POST /user/:id - |nutzer bearbeiten
|
POST /user/:id - |nutzer bearbeiten --> Sollte entweder Admin oder der Nutzer selbst sein
|
||||||
|
|
||||||
*/
|
*/
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue