diff --git a/cmd/api/external/main.go b/cmd/api/external/main.go index 28eb95b..917f369 100644 --- a/cmd/api/external/main.go +++ b/cmd/api/external/main.go @@ -11,7 +11,7 @@ import ( "github.com/VATUSA/primary-api/pkg/oauth" "github.com/VATUSA/primary-api/pkg/storage" "github.com/joho/godotenv" - "log" + log "github.com/sirupsen/logrus" "net/http" ) diff --git a/cmd/api/external/main_tls.go b/cmd/api/external/main_tls.go deleted file mode 100644 index 2c2978d..0000000 --- a/cmd/api/external/main_tls.go +++ /dev/null @@ -1,23 +0,0 @@ -package main - -//func main() { -// _ = godotenv.Load(".env") -// config.Cfg = config.New() -// -// oauth.OAuthConfig = oauth.Initialize(config.Cfg) -// -// bucket, err := storage.NewS3Client(config.Cfg.S3) -// if err != nil { -// panic(err) -// } -// -// storage.PublicBucket = bucket -// database.DB = database.Connect(config.Cfg.Database) -// cookie.CookieStore = cookie.New(config.Cfg) -// models.AutoMigrate() -// logger.Setup() -// -// r := gochi.New(config.Cfg) -// external.Router(r, config.Cfg) -// log.Fatalf("Err starting http server: %s", http.ListenAndServeTLS(fmt.Sprintf(":%s", config.Cfg.API.Port), "./api.vatusa.local.crt", "./api.vatusa.local.key", r)) -//} diff --git a/external/docs/docs.go b/external/docs/docs.go index c0c0cf7..635c0c3 100644 --- a/external/docs/docs.go +++ b/external/docs/docs.go @@ -4740,6 +4740,13 @@ const docTemplate = `{ } } } + }, + "securityDefinitions": { + "ApiKeyAuth": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" + } } }` diff --git a/external/docs/swagger.json b/external/docs/swagger.json index 561c2bc..67e50e5 100644 --- a/external/docs/swagger.json +++ b/external/docs/swagger.json @@ -4733,5 +4733,12 @@ } } } + }, + "securityDefinitions": { + "ApiKeyAuth": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" + } } } \ No newline at end of file diff --git a/external/docs/swagger.yaml b/external/docs/swagger.yaml index d0dbdf5..5cef583 100644 --- a/external/docs/swagger.yaml +++ b/external/docs/swagger.yaml @@ -3228,4 +3228,9 @@ paths: summary: Update a user flag tags: - user-flag +securityDefinitions: + ApiKeyAuth: + in: header + name: x-api-key + type: apiKey swagger: "2.0" diff --git a/external/router.go b/external/router.go index 674dda5..fd01164 100644 --- a/external/router.go +++ b/external/router.go @@ -25,6 +25,10 @@ import ( // @BasePath /v3 +// @securityDefinitions.apikey ApiKeyAuth +// @in header +// @name x-api-key + func Router(r chi.Router, cfg *config.Config) { v3.Router(r, cfg) diff --git a/external/v3/user/login.go b/external/v3/user/login.go index 604495d..4afaa96 100644 --- a/external/v3/user/login.go +++ b/external/v3/user/login.go @@ -12,6 +12,7 @@ import ( "github.com/VATUSA/primary-api/pkg/utils" vatsim_api "github.com/VATUSA/primary-api/pkg/vatsim/api" gonanoid "github.com/matoous/go-nanoid" + log "github.com/sirupsen/logrus" "golang.org/x/oauth2" "io" "net/http" @@ -54,12 +55,14 @@ func GetLogin(w http.ResponseWriter, r *http.Request) { func GetLoginCallback(w http.ResponseWriter, r *http.Request) { sessionCookie, err := r.Cookie("session") if err != nil { + log.WithError(err).Error("Error getting session cookie.") utils.Render(w, r, utils.ErrForbidden) return } session := make(map[string]string) if err := cookie.CookieStore.Decode("session", sessionCookie.Value, &session); err != nil { + log.WithError(err).Error("Error decoding session cookie.") utils.Render(w, r, utils.ErrForbidden) return } @@ -71,7 +74,7 @@ func GetLoginCallback(w http.ResponseWriter, r *http.Request) { token, err := exchangeToken(r.Context(), oauth.OAuthConfig, r.URL.Query().Get("code")) if err != nil { - fmt.Printf("Error: %s\n", err) + log.WithError(err).Error("Error exchanging tokens with VATSIM.") utils.Render(w, r, utils.ErrInternalServer) return } @@ -110,8 +113,6 @@ func GetLoginCallback(w http.ResponseWriter, r *http.Request) { } if resp.StatusCode >= 299 { - fmt.Println("Error Code:", resp.StatusCode) - fmt.Println("Error Body:", string(body)) utils.Render(w, r, utils.ErrInternalServer) return } diff --git a/external/v3/user/router.go b/external/v3/user/router.go index 552d484..aab12a6 100644 --- a/external/v3/user/router.go +++ b/external/v3/user/router.go @@ -20,6 +20,7 @@ import ( func Router(r chi.Router) { r.With(middleware.NotGuest).Get("/logout", GetLogout) + r.Get("/login", GetLogin) r.Get("/login/callback", GetLoginCallback) diff --git a/pkg/go-chi/middleware/auth/user.go b/pkg/go-chi/middleware/auth/user.go index eae6903..87f2e19 100644 --- a/pkg/go-chi/middleware/auth/user.go +++ b/pkg/go-chi/middleware/auth/user.go @@ -12,6 +12,11 @@ func CanViewUser(next http.Handler) http.Handler { credentials := GetCredentials(r) if credentials.User != nil { + if targetUser.CID == credentials.User.CID { + next.ServeHTTP(w, r) + return + } + if utils.IsVATUSAStaff(credentials.User) { next.ServeHTTP(w, r) return diff --git a/pkg/go-chi/setup.go b/pkg/go-chi/setup.go index aba52b0..9ef7da4 100644 --- a/pkg/go-chi/setup.go +++ b/pkg/go-chi/setup.go @@ -15,6 +15,7 @@ func New(cfg *config.Config) *chi.Mux { r.Use(middleware.Recoverer) r.Use(middleware.RealIP) + r.Use(middleware.Logger) r.Use(render.SetContentType(render.ContentTypeJSON))