diff options
| author | Elizabeth <elizabeth@simponic.xyz> | 2024-04-03 16:22:19 -0600 |
|---|---|---|
| committer | Elizabeth <elizabeth@simponic.xyz> | 2024-04-03 16:22:19 -0600 |
| commit | e398cf05402c010d594cea4e2dea307ca1a36dbe (patch) | |
| tree | 57a878b408a2066275fefb8058a43ec44d9bd223 /api | |
| parent | b74a955dcb8cc1d5d2599a1b096510a60e55e7d7 (diff) | |
| download | hatecomputers.club-e398cf05402c010d594cea4e2dea307ca1a36dbe.tar.gz hatecomputers.club-e398cf05402c010d594cea4e2dea307ca1a36dbe.zip | |
checkpoint to save work; had to get on the bus
Diffstat (limited to 'api')
| -rw-r--r-- | api/auth_test.go | 37 | ||||
| -rw-r--r-- | api/dns.go | 17 | ||||
| -rw-r--r-- | api/dns_test.go | 56 | ||||
| -rw-r--r-- | api/serve.go | 4 |
4 files changed, 103 insertions, 11 deletions
diff --git a/api/auth_test.go b/api/auth_test.go new file mode 100644 index 0000000..45ca12e --- /dev/null +++ b/api/auth_test.go @@ -0,0 +1,37 @@ +package api_test + +import ( + "database/sql" + "os" + "testing" + + "git.hatecomputers.club/hatecomputers/hatecomputers.club/api" + "git.hatecomputers.club/hatecomputers/hatecomputers.club/args" + "git.hatecomputers.club/hatecomputers/hatecomputers.club/database" + "git.hatecomputers.club/hatecomputers/hatecomputers.club/utils" +) + +func setup() (*sql.DB, *api.RequestContext, func()) { + randomDb := utils.RandomId() + + testDb := database.MakeConn(&randomDb) + database.Migrate(testDb) + + context := &api.RequestContext{ + DBConn: testDb, + Args: &args.Arguments{}, + TemplateData: &(map[string]interface{}{}), + } + + return testDb, context, func() { + testDb.Close() + os.Remove(randomDb) + } +} + +/* +todo: test api key creation ++ api key attached to user ++ user session is unique ++ goLogin goes to page in cookie +*/ @@ -15,23 +15,18 @@ import ( const MAX_USER_RECORDS = 65 -type FormError struct { - Errors []string -} +var USER_OWNED_INTERNAL_FMT_DOMAINS = []string{"%s", "%s.endpoints"} -func userCanFuckWithDNSRecord(dbConn *sql.DB, user *database.User, record *database.DNSRecord) bool { +func userCanFuckWithDNSRecord(dbConn *sql.DB, user *database.User, record *database.DNSRecord, ownedInternalDomainFormats []string) bool { ownedByUser := (user.ID == record.UserID) if !ownedByUser { return false } if !record.Internal { - userOwnedDomains := []string{ - fmt.Sprintf("%s", user.Username), - fmt.Sprintf("%s.endpoints", user.Username), - } + for _, format := range ownedInternalDomainFormats { + domain := fmt.Sprintf(format, user.Username) - for _, domain := range userOwnedDomains { isInSubDomain := strings.HasSuffix(record.Name, "."+domain) if domain == record.Name || isInSubDomain { return true @@ -106,7 +101,7 @@ func CreateDNSRecordContinuation(dnsAdapter external_dns.ExternalDNSAdapter) fun Internal: internal, } - if !userCanFuckWithDNSRecord(context.DBConn, context.User, dnsRecord) { + if !userCanFuckWithDNSRecord(context.DBConn, context.User, dnsRecord, USER_OWNED_INTERNAL_FMT_DOMAINS) { formErrors.Errors = append(formErrors.Errors, "'name' must end with "+context.User.Username+" or you must be a domain owner for internal domains") } @@ -155,7 +150,7 @@ func DeleteDNSRecordContinuation(dnsAdapter external_dns.ExternalDNSAdapter) fun return failure(context, req, resp) } - if !userCanFuckWithDNSRecord(context.DBConn, context.User, record) { + if !userCanFuckWithDNSRecord(context.DBConn, context.User, record, USER_OWNED_INTERNAL_FMT_DOMAINS) { resp.WriteHeader(http.StatusUnauthorized) return failure(context, req, resp) } diff --git a/api/dns_test.go b/api/dns_test.go new file mode 100644 index 0000000..59dd85b --- /dev/null +++ b/api/dns_test.go @@ -0,0 +1,56 @@ +package api_test + +import ( + "database/sql" + "net/http" + "net/http/httptest" + "os" + "testing" + + "git.hatecomputers.club/hatecomputers/hatecomputers.club/api" + "git.hatecomputers.club/hatecomputers/hatecomputers.club/args" + "git.hatecomputers.club/hatecomputers/hatecomputers.club/database" + "git.hatecomputers.club/hatecomputers/hatecomputers.club/utils" +) + +func setup() (*sql.DB, *api.RequestContext, func()) { + randomDb := utils.RandomId() + + testDb := database.MakeConn(&randomDb) + database.Migrate(testDb) + + context := &api.RequestContext{ + DBConn: testDb, + Args: &args.Arguments{}, + TemplateData: &(map[string]interface{}{}), + } + + return testDb, context, func() { + testDb.Close() + os.Remove(randomDb) + } +} + +func TestThatOwnerCanPutRecordInDomain(t *testing.T) { + db, context, cleanup := setup() + defer cleanup() + + testUser := &database.User{ + ID: "test", + Username: "test", + } + + records, err := database.GetUserDNSRecords(db, context.User.ID) + if err != nil { + t.Fatal(err) + } + if len(records) > 0 { + t.Errorf("expected no records, got records") + } + + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + api.PutDNSRecordContinuation(context, r, w)(api.IdContinuation, api.IdContinuation) + })) + defer ts.Close() + +} diff --git a/api/serve.go b/api/serve.go index 9547ee0..1536f65 100644 --- a/api/serve.go +++ b/api/serve.go @@ -24,6 +24,10 @@ type RequestContext struct { User *database.User } +type FormError struct { + Errors []string +} + type Continuation func(*RequestContext, *http.Request, http.ResponseWriter) ContinuationChain type ContinuationChain func(Continuation, Continuation) ContinuationChain |